Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

17.4R3-S2: Software Release Notification for JUNOS Software Version 17.4R3-S2

0

0

Article ID: TSB17813 TECHNICAL_BULLETINS Last Updated: 29 Jun 2020Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, Network Agent
Alert Description:
Alert Description
Junos Software Service Release version 17.4R3-S2 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 17.4R3-S2 is now available.

17.4R3-S2 - List of Fixed issues
PR Number Synopsis Category: Software build tools (packaging, makefiles, et. al.)
1417345 The JSU package installation may fail
Product-Group=junos
In a specific scenario, the JSU (Junos OS selective upgrade) package installation on a router which has JET (Juniper Extension Toolkit) package installed may fail due to "Operation not permitted" error. This issue does not impact service and traffic.
PR Number Synopsis Category: DOT1X
1462479 EX-4600-EX-4300: Mac entry missing in Ethernet-Switching table for Mac-radius client in server fail scenario when tagged is sent for 2 client
Product-Group=junos
In a server-fail scenario, when tagged traffic is sent for the first client, MAC learning happens for both data and voice. But for the second client on the same interface, learning happens only for voice. This is because the VLAN is already added for an interface due to first client authentication process.
PR Number Synopsis Category: EX4300 PFE
1491348 The traffic destined to VRRP VIP might be dropped after the IRB interface is disabled on the initial VRRP master
Product-Group=junos
On the EX4300 virtual-chassis scenario, the traffic destined to the VRRP Virtual IP Address (VIP) might be dropped on the Virtual-Chassis if the VRRP IRB interface is disabled on the initial VRRP master. For details, please refer to the following topology and problem description.
PR Number Synopsis Category: Hardware Escalation
1426910 Drift messages in ACX2200, which is a PTP hybrid (PTP + Synchronous Ethernet) device.
Product-Group=junos
On ACX2200 configured with PTP+SyncE , slave devices might get impacted due to high PDVs. This is observed through drift messages in the router.
PR Number Synopsis Category: QFX Multichassis Link Aggregrate
1488681 MC-LAG consistency check fails if multiple IRB units are configured with same VRRP group
Product-Group=junos
Multichassis Link Aggregation Group (MC-LAG) configuration consistency check fails if the same VRRP group identifier is used for multiple IRB units configuration on the local and remote MC-LAG peers. The fix of this PR corrects the defect and makes the MC-LAG consistency check pass as expected.
PR Number Synopsis Category: QFX Access control list
1499918 Traffic drop might be observed after modifying FBF firewall filter
Product-Group=junos
On QFX5K platforms, after making changes in filter-based forwarding (FBF) firewall filter that is configured with multiple terms or different routing instances, traffic drop might be observed.
PR Number Synopsis Category: QFX PFE L2
1467466 Few MAC addresses might be missing from MAC table in software on QFX5k platform.
Product-Group=junos
On QFX5k platform, if Packet Forwarding Engine process is restarted manually or device reboot occurs, some MAC address(es) might not be seen on software MAC table but MAC address will be present in hardware table.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1432023 The fxpc core might be seen during the reboot of device on QFX5100/EX4600 switches
Product-Group=junos
On QFX5100/EX4600 switches due to Bad Chip ID, an fxpc core can be seen during the device reboot. This is due to a transient error related to a chip where vendor tries to get the chip ID and it results in improper info.
1485612 FPC may go to "NotPrsnt" state after upgrading with non-tvp image in VC/VCF setup
Product-Group=junos
On EX4600/QFX5100 platform, there are two types of PIC (Physical Interface Card). The first one is PIC with the integrated PHY capability (called PHYLESS). The second one is PIC with an external PHY capability (called PHY). If VCPs (Virtual Chassis Port) are configured on external PHY capability PIC(s), the FPC(s) might go to "NotPrsnt" state after upgrading with non-tvp image in VC/VCF setup. The affected FPC(s) cannot be used to forwarding traffic.
1487707 CPU port queue gets full due to excessive pause frames being received on interfaces, this causes control packets from the CPU to all ports to be dropped
Product-Group=junos
On QFX5000 platforms (QFX5100/QFX5110/QFX5120/QFX5200/QFX5210) with point-to-point multi-link scenario, when the switch ingress buffer saturation happens, all interfaces on multi-link stop sending traffic at the same time.
PR Number Synopsis Category: Accounting Profile
1458143 A problem with statistics on some interfaces of a router may be observed after FPC or PIC reboot
Product-Group=junos
In some rare scenarios upon FPC or PIC reboot, the pfed (packet forwarding engine daemon) database may not get updated with the correct location_id for some physical interfaces (IFDs), then a problem with statistics on some interfaces of a router may be observed. If this issue happens in the subscriber management environment, and depending on the radius server configuration, it may cause the subscribers to get disconnected by the radius server because of the radius server can not receive the proper statistics update for the subscribers from the pfed.
PR Number Synopsis Category: ACX Interfaces IFD, IFL, vlans, and BRCM init
1284590 On ACX5000, MacDrainTimeOut and bcm_port_update failed: Internal error.
Product-Group=junos
On ACX5K, the buffer is corrupted on port x(*/*/x) and error message MACDRAINTIMEOUT and dcbcm_check_stuck_buffers are observed, which could eventually lead to port x (*/*/x) flapping. Traffic on ACX5048/ACX5096 may get dropped on egress interface with below errors. When below error is seen, traffic is stuck in the egress queue and never got sent out
PR Number Synopsis Category: MPC Fusion SW
1463859 The MPC2E-NG/MPC3E-NG card with specific MIC might crash after a high rate of interface flaps
Product-Group=junos
If any MIC of type MIC-3D-2XGE-XFP / MIC-3D-4XGE-XFP / MIC-3D-20GE-SFP-E / MIC-3D-20GE-SFP-EH / MIC-MACSEC-20GE is installed in MPC2E-NG/MPC3E-NG card, the Microkernel (uKern) might hog for CPU on Packet Forwarding Engine (PFE) when there is a high rate of interface flaps (~30/40 flaps per second). This will eventually trigger the MPC2E-NG/MPC3E-NG card crash with an NGMPC core file. Normally the excessive interface flapping won't happen frequently in the real-world and it may be caused due to the external environment. This fix will reduce the impact and prevent the uKern hog when having such conditions. The fix for this issue causes a regression as documented in TSB17782 and PR1508794 which affects interfaces with "WAN-PHY" framing.
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1470603 The BFD client session might flap when removing BFD configuration from the peer end (from other vendor) of the BFD session
Product-Group=junos
Currently, when a BFD packet with session state set to "AdminDown" is received by Juniper Device, the Juniper device will check both the session state and the diagnostic code in the packet. If the session state is "AdminDown" and the diagnostic code is 7 (which means "diag AdminDown"), the BFD session will be set to "Down" and the BFD client (i.e. the service which is protected by BFD) will be notified with "AdminDown" and the BFD client session will not flap. But if the BFD packet with session state set to "AdminDown" along with diagnostic code other than 7 is received, the BFD client will be notified with "Down" and the BFD client session will flap.
PR Number Synopsis Category: Border Gateway Protocol
1403186 All the BGP session flap after RE switchover
Product-Group=junos
With GRES and NSR enabled, if executing RE switchover, BGP session might flap in some scenario. When Junos version have the fix of PR-1440694, BGP session always flap after doing RE switchover.
1414021 The rpd gets stuck in a loop while doing the multipath calculation which leads to the high CPU usage
Product-Group=junos
In BGP with the indirect next-hop scenario, if uRPF is enabled, and then enable BGP multipath, a background job loop might be formed and the CPU utilization of rpd process might be stuck at 100%.
1437837 The rpd process crash might be observed if leaking multi-pathed BGP routes from routing-instance to another routing table
Product-Group=junos
This issue applies to Junos platforms with BGP multipath configured under a routing-instance and a RIB group is deployed to leak routes from that routing-instance to another routing table. "rpd" may restarts unexpectedly when performing multipath calculation operations for the secondary routes - (such as, removing the rib-groups/bouncing BGP neighbor under routing-instance.) The secondary routes refer to the second RIB in a RIB (Routing Information Base) group.
1472671 The rpd process might crash with BGP multipath and damping configured
Product-Group=junos
On all Junos platforms running with Border Gateway Protocol (BGP), if both BGP multipath and BGP damping are configured, it might happen that, when the active route, for example r1, is withdrawn but it is not really deleted due to damping, then BGP might be unable to find its original gateway when the route r1 is relearned and becomes the best route again. It will lead to the rpd process crash.
1482551 The rpd might be crashed after BGP peer flapping
Product-Group=junos
On all Junos platforms, with BGP long-lived graceful restart (LLGR) or BGP route dampening configuration, The rpd might be cored after BGP peer flapping. This is a day-1 issue.
1487893 The process rpd may generate soft cores after "always-compare-med" is configured for BGP path-selection
Product-Group=junos
When the RPD process receiving a BGP route which is exported from inet.0 to inet.3. If this route is subjected to "set protocols bgp path-selection always-compare-med", then the RPD process may generate core files with "soft assertion"
PR Number Synopsis Category: BBE Remote Access Server
1479697 The CoA request may not be processed if it includes "proxy-state" attribute
Product-Group=junos
In a subscriber management environment, the CoA requests (such as deactivating/activating subscribers) sent from Radius server will fail if the "proxy-state" attribute is present. This attribute is still unsupported but will now be ignored if it's present in CoA requests.
PR Number Synopsis Category: MPC5/6E pfe microcode software
1464820 MPC5E/6E might crash due to internal thread hogging the CPU
Product-Group=junos
PR 1382182 (which is fixed in 16.2R3 17.1R3 17.3R3-S3 17.3R4 17.4R2-S3 17.4R3 18.1R3-S2 18.1R4 18.2R2 18.2X75-D40 18.3R2 18.4R1 19.1R1) introduced an improper code which could cause an internal thread to hog the CPU and eventually result in the MPC crash. It is a timing issue and affects MPC5E/6E.
PR Number Synopsis Category: MX Platform SW - FRU Management
1463169 The RE switchover may not be triggered when the master CB clock failure
Product-Group=junos
On the specific Junos platforms, the RE switchover may not be triggered when the master CB clock failure is detected. The master CB with faulty clock can't operate normally and this issue may cause fabric plane failure.
PR Number Synopsis Category: QFX xSTP Control Plane related
1443489 The port role might be incorrect in STP after changing the STP configuration
Product-Group=junos
In STP (Spanning Tree Protocol) scenario, the BPDU (Bridge Protocol Data Units) might not be flooded after changing the STP configuration (e.g. change the port priority). The issue results in the STP port role is incorrect in the adjacent switches and traffic loss might be seen.
PR Number Synopsis Category: OpenSSH and related subsystems
1454177 SSH login might fail if a user account exists in both local database and RADIUS/TACACS+.
Product-Group=junos
SSH login from an automation tool to the Junos device might not be successful if the username is configured both as a local user and on remote RADIUS/TACACS server, and using authentication method 'password'.
PR Number Synopsis Category: EVPN control plane issues
1399371 When committing a configuration for a VLAN adding to an EVPN instance and an AE interface respectively the newly added VLAN interface count might be zero (0) in that bridge domain
Product-Group=junos
On all MX-Series platforms with EVPN supported, when committing a configuration for a VLAN adding to an EVPN instance and an AE interface respectively the newly added VLAN interface count might be zero (0) in that bridge domain and causes all the traffic in that VLAN to be blocked. However, if the two configurations are committed all together in one time, the interface count will be the correct number right after the committing.
1467309 The rpd might crash after changing EVPN related configuration
Product-Group=junos
In EVPN scenario without encapsulation type specified (the default EVPN encapsulation type is set to MPLS), if "vlan-id none" and "vni " is configured in EVPN instance, the rpd might crash after changing EVPN related configuration (such as set the encapsulation as vxlan or delete label-allocation scheme).
1490953 The rpd core might be seen when doing RE switchover after disabling BGP protocol globally
Product-Group=junos
On EVPN scenario with BGP and routing-instance configured, if BGP protocol is disabled globally and then doing RE switchover, multiple rpd core might be seen. And the rpd does not run on new master RE. Hence it would affect the traffic and service.
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1498023 The l2ald memory leak may be observed in any EVPN scenario
Product-Group=junos
In any EVPN scenario (for example, active-active multi-homing mode, active-standby multi-homing mode, EVPN-VXLAN, or EVPN-MPLS), the l2ald memory might slowly come up when the local CE device or core face interfaces continuously flap. If the memory of l2ald is exhausted, it causes the l2ald to crash.
PR Number Synopsis Category: Issues related to EX MACsec
1469663 Traffic loss might be seen with framing errors or runts if MACsec is configured on EX4600/QFX5100 platforms
Product-Group=junos
On EX4600/QFX5100 platforms with MACsec configured, if traffic flows through the MACsec-enabled link, increase in framing errors or runts statistics might be seen in the "show interfaces extensive <>" command for the affected interface. Traffic loss might also happen due to this issue.
PR Number Synopsis Category: Express PFE FW Features
1491575 BFD sessions start to flap when the firewall filter in the loopback0 is changed
Product-Group=junos
On PTX/QFX10000 Series platforms with large filter configuration (for example, one filter has more than 500 terms or one term has more than 500 filters) scenario, during the change operation of loopback0 filter, the BFD sessions start to flap.
PR Number Synopsis Category: Express PFE Services including JTI, TOE, HostPath, Jflow
1429419 Inline Jflow might cause PECHIP Major error
Product-Group=junosvae
If Internet Protocol Flow Information Export (IPFIX) configured on a device with LC1104/LC1105 line card fitted, that might trigger major/Fatal ASIC errors and the PFEs are getting shut down.
PR Number Synopsis Category: SRX1500 platform software
1488203 CPU board inlet increases after OS upgrade from Junos OS Release 15.1X49 to Junos OS Release 18.x.
Product-Group=junosvae
On SRX1500, the temperature value of CPU Board Inlet increases after OS upgrade from 15.1X49 release to OS 18.x Although this is just the display issue it may cause false temperature alerts from CPU Board Inlet.
PR Number Synopsis Category: Kernel software for AE/AS/Container
1474300 A newly added LAG member interface might forward traffic even though its micro BFD session is down
Product-Group=junos
On all Junos platforms, if a static Link Aggregate Group (LAG) is configured, and Bidirectional Forwarding Detection (BFD) is enabled on the LAG which is also called as micro BFD, a newly added member link might start to forward traffic immediately when the configuration change commits even though its micro BFD session is still down, for example, add a new member interface only on single end, and the remote member interface is disabled or not added. Therefore, traffic loss might be seen due to this issue.
PR Number Synopsis Category: Adresses ALG issues found in JSF
1483834 FTPS traffic might get dropped on SRX Series or MX Series platforms if FTP ALG is used.
Product-Group=junos
On SRX Series or MX Series platforms with FTP ALG enabled, if there are more than one FTPS connection between a pair of FTP client and server, the closure of one connection might cause other connections between that pair of FTP client and server to be affected, hence there might be traffic impact. It is a rare timing issue.
PR Number Synopsis Category: Security platform jweb support
1499280 Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services
Product-Group=junos
Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services (CVE-2020-1631). Refer to https://kb.juniper.net/JSA11021 for more information.
PR Number Synopsis Category: Key Management Daemon
1477181 The kmd might crash due to the incorrect IKE SA establishment after the remote peer's NAT mapping address has been changed
Product-Group=junos
On MX platforms with MS-MPC/MS-MIC, after the IPsec VPN tunnel is up, if the NATTed remote peer's IP address has been changed (e.g. NAT pool changed on peer), IKE SA might establish with an incorrect gateway, and kmd might crash frequently during this IKE SA IP migration.
PR Number Synopsis Category: Layer 2 Circuit issues
1498040 The l2circuit neighbor might be stuck in RD state at one end of MG-LAG peer
Product-Group=junos
In MC-LAG scenario, if the l2circuit is configured with primary-neighbor/backup-neighbor over the MC-LAG link and the l2ckt (l2ciruits control daemon for pseudowire) session of the primary-neighbor/backup-neighbor is flapped continuously (such as clear neighbor ldp and ospf etc), one of the remote neighbors may be stuck in RD (the remote pseudowire neighbor is down) state due to race condition between VC (virtual circuit) state update timer and L2ckt intf state change timer. Then, that pseudowire might be down, the traffic might be impacted if the RD pseudowire is not up.
PR Number Synopsis Category: Layer 2 Control Module
1469635 Memory leak on l2cpd process might lead to l2cpd crash
Product-Group=junos
On all Junos platforms with l2cpd (Layer-2 control protocols) daemon, committing configuration changes which are processed by l2cpd (e.g., flexible-vlan-tagging, stacked-vlan-tagging, vlan-tagging, family ethernet-switching) might cause marginally memory leak. Committing the l2cpd processed configuration changes in a successive manner might cause the memory resource exhaustion (Some operations have the same effect as the committing action, e.g., bouncing a vlan-tagged interface in a successive way). Eventually, it could result in the l2cpd process crash.
PR Number Synopsis Category: Port-based link layer security services and protocols that a
1475089 MACsec traffic over L2circuit might not work on QFX10K/PTX10K/PTX1K platforms after upgrading from Junos 15.1 to higher versions
Product-Group=junos
After upgrading from Junos 15.1 to higher versions (before Junos 19.3), MACsec ethertype might not be programmed as known ethertype on QFX10K/PTX10K/PTX1K platforms, so when those platforms are configured as L2circuit tunnel termination, the inner payload (MACsec packets) could not be detected properly and outgoing packets are corrupted.
PR Number Synopsis Category: mc-ae interface
1447693 The l2ald might fail to update composite NH
Product-Group=junos
This is a timing issue where the l2ald receive underlay NH from rpd as part of LSI IFF ADD (VPLS core NH) and creates flood NH. Due to a flap at local IFL or core (VPLS etc.), the l2ald receives multiple LSI IFF Add and Delete in some order. In some sequence where rpd delete underlay NH from Kernel Forwarding table but the l2ald still create flood NH with this underlay NH, because IFF delete is yet to be received at the l2ald, so l2ald might fail to update Composite NH. This is generic L2 issue and can happen without mc-ae.
PR Number Synopsis Category: Multiprotocol Label Switching
1467278 The rpd might crash in PCEP for the RSVP-TE scenario
Product-Group=junos
In PCEP (Path Computation Element Protocol) with RSVP Traffic Engineered LSP (TE LSP) scenario, the two LSPs with the same TE LSP name might be shared between Path Computation Element (PCE) and Path Computation Client (PCC) in some rare cases. Then, if the configuration of LSP is delegated from CLI and externally controlled by PCC at the same time, the rpd might be crashed.
1497641 The rpd might crash when SNMP polling is done using OID "jnxMplsTeP2mpTunnelDestTable"
Product-Group=junos
In a very rare P2MP with SNMP scenario, if the OID "jnxMplsTeP2mpTunnelDestTable" is polled by SNMP, the rpd (Routing Protocol Daemon) might crash since the relevant value is empty on the device and SNMP can not walk it at that time.
PR Number Synopsis Category: Bugs related to ethernet interface on MX platform
1493699 One port on MIC-3D-2XGE-XFP flapping might cause the other port on the same MIC to flap
Product-Group=junos
Due to the code change in PR 1463859, one port on MIC-3D-2XGE-XFP flapping might cause the other port on the same MIC to flap.
PR Number Synopsis Category: Neo Interface
1453433 Interfaces shutdown by 'disable-pfe' action might not be up using MIC offline/online command
Product-Group=junos
On MX platform, MPC wedge might cause 'disable-pfe' action. The 'disable-pfe' action will shutdown interfaces to avoid traffic blackholing. MIC bouncing (offline/online) operation will bring WAN interfaces up causing traffic blackholing. Restoring the PFE entity upon disable-pfe action needs MPC restart.
PR Number Synopsis Category: Kernel Composite Next Hop (composite / l3vpn) Infrastructure
1287956 Not following the guideline of rebooting entire chassis after changing chassis network-services configuration can cause vmcore and crash of FPCs/routing-engines on chassis.
Product-Group=junos
When configuration at hierarchy [edit chassis network-services] is changed a reboot of chassis is needed to avoid any unexpected behavior. One such behaviour is an assest condition due to issues in nexthop allocation leading to vmcore and reboot of FPCs/REs on the chassis. This PR introduces changes to handle such assert conditions gracefully and to avoid FPC/RE crash. The guideline of rebooting the entire chassis when configuration change is made is still valid.
PR Number Synopsis Category: "ifstate" infrastructure
1486161 Kernel core might be seen if deleting an ifstate
Product-Group=junos
On all Junos platforms, some operations such as configuration change may cause state information to change and eventually cause the ifstate to be deleted. In a very rare case, deleting an ifstate (kernel state) might cause kernel core and RE (Routing Engine) restart. There is no specific trigger, this issue is reported by the configuration change.
PR Number Synopsis Category: Kernel MPLS / Tag / P2MP Infrastructure
1493053 Backup RE might crash unexpectedly due to a rare timing issue
Product-Group=junos
The backup Routing Engine might crash unexpectedly due to a rare timing issue during a route churn in the network.
1493431 BGP session might keep flapping between two directly connected BGP peers because of the wrong TCP MSS (maximum segment size) in use.
Product-Group=junos
In case the two directly connected BGP peers are established over a one-hop LSP, if the IP layer's MTU is smaller than the MPLS layer's MTU and the BGP packets from the host have the DF bit set, the BGP session might keep flapping because of the wrong TCP MSS in use.
PR Number Synopsis Category: JUNOS Network App Infrastructure (for ping, traceroute, etc)
1484689 Show system buffer command display's all zero in the MX104 chassis and it looks like cosmetic issue as there is no service impact reported
Product-Group=junos
Corrected the odl tags and buffer data handling while xmlizing the output.
PR Number Synopsis Category: Path computation client daemon
1472825 Manually configured ERO on NS controller lost when PCEP session bounced
Product-Group=junos
On all Junos platform with Path Computation Element Protocol (PCEP) enabled, if PCEP session bounced druing Routing Engine (RE) switchover on a LSP ingress router, unexpacted delete message might be sent from Path Computation Client (PCC) to Path Computation Element (PCE) with North Star (NS) controller. In the end, manually configured explicit route object (ERO) for RSVP-TE based label switched path (LSP) on NS controller will be lost. However, traffic go through ERO set on NS controller is still normal.
PR Number Synopsis Category: PTX5KBroadway based PFE IPv4, IPv6 software
1479789 Multicast routes add/delete events might cause adjacency and LSPs to go down
Product-Group=junos
In PTX5000 platform with (FPC2-PTX-P1A | FPC-PTX-P1A), or PTX3000 with FPC-SFF-PTX-P1-A, with PIM/MVPN scenario, The adjacency relationships of routing protocols and LSPs might go down if add/delete some multicast routes (which can be achieved by flapping interface or protocol) ). It is because that though the routes are deleted, its counter for statistic will not be removed from Junos resulting in memory block for counter exhaustion. And due to the exhaustion, any protocols that are sharing the same memory scope might fail to allocate its own counter, which eventually causes protocol adjacency and LSPs to go down. [TSB17747]
PR Number Synopsis Category: Protocol Independant Multicast
1487636 The rpd might crash when perform GRES with MSDP configured
Product-Group=junos
On all Junos platforms, when execute Graceful Routing Engine Switchover (GRES) with Multicast Source Discovery Protocol (MSDP) enabled, rpd might crash on new master Routing Engine (RE). The issue could be automatically recovered after rpd successful self-restart. This is a timing and regression issue.
PR Number Synopsis Category: PTP related issues.
1421811 PTP might not work on MX104 if phy-timestamping is enabled
Product-Group=junos
On MX104 platform with any 2-port license installed on 10G interfaces and phy-timestamping enabled in PTP, PTP might not work.
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1465302 The physical interface of AE (Aggregated Ethernet) might take time to come up after disable/enable
Product-Group=junos
On Junos platforms, the physical interface of AE might come up after a long delay (4 mins) if there are millions of bgp routes learnt on the device. This delay is happening because PFE Manager thread is busy processing the routing updates from RE. These routing updates are the result of AE interface going down at the first step of disabling the interface.
PR Number Synopsis Category: QFX Control Plane Kernel related
1421250 A vmcore is seen on QFX VC
Product-Group=junosvae
On QFX Series Virtual Chassis during shutdown, if an interrupt is received, the system gets into this state and vmcore is observed.
1421250 A vmcore is seen on QFX VC
Product-Group=junos
On QFX Series Virtual Chassis during shutdown, if an interrupt is received, the system gets into this state and vmcore is observed.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1449977 FPC does not restart immediately after rebooting the system. That might cause packet loss
Product-Group=junosvae
On QFX10008 and QFX100016 switches, the traffic drop occurs after rebooting the system due to the time delay in rebooting the FPC.
PR Number Synopsis Category: QFX PFE Class of Services
1453512 The classifier configuration doesn't get applied to the interface in an EVPN/VXLAN environment
Product-Group=junos
On QFX5100/QFX5110/QFX5120/QFX5200/QFX5210 Series platforms with an EVPN/VXLAN scenario, the classifier might not be applied to the interface successfully and all traffic flows in the best-effort queue.
1472771 DSCP marking might not work as expected if the fixed classifiers are applied to interfaces on QFX5000/EX4600 platforms
Product-Group=junos
On QFX5000/EX4600 platforms, if the interfaces are configured with the fixed classifiers, when some specific configuration changes are committed, for example, the same forwarding-class is applied to two different interfaces at the same time, and then the forwarding-class for one of the interfaces is changed and committed to a different value, the Differentiated Services code point (DSCP) marking might not be able to work as expected since both physical interfaces are still having the same forwarding-class mapped in the hardware table due to this issue.
PR Number Synopsis Category: QFX MPLS PFE
1474935 L2circuit might fail to communicate via VLAN 2 on QFX5K platforms
Product-Group=junos
On QFX5K platforms acting as L2circuit PE (tunnel terminating node), if VLAN 2 is used for L2circuit communication with CE node, the VLAN 2 packets might be dropped on PE.
PR Number Synopsis Category: QFX EVPN / VxLAN
1463939 JDI-RCT : QFX 5100 VC/VCF : Observing Error BRCM-VIRTUAL,brcm_vxlan_walk_svp(),6916:Failed to find L2-iff for ifl: while cleanup Evpan-VxLAN configs with Mini-PDT base configurations
Product-Group=junos
On QFX5100, Error BRCM-VIRTUAL,brcm_vxlan_walk_svp(),6916:Failed to find L2-iff for ifl: may come while cleanup Evpn-VxLAN configs. These are harmless messages.
PR Number Synopsis Category: Routing Information Protocol
1485009 The rpd crashes if the same neighbor is set in different RIP groups
Product-Group=junos
If the same neighbor is configured under different RIP groups, the commit check fails to capture this invalid configuration and commit can be done successfully. However the rpd will crash.
PR Number Synopsis Category: rosen-6 and rosen-7 mvpn bugs
1405887 The CLI command "show pim mdt data-mdt-limit instance " with family option might cause CPU usage of rpd high
Product-Group=junos
In draft-rosen MVPN scenario with data-mdt, if performing the CLI command "show pim mdt data-mdt-limit instance ", The output might go in loop and the rpd process might use high CPU.
PR Number Synopsis Category: KRT Queue issues within RPD
1501817 Traffic blackhole might be seen in fast-reroute scenario
Product-Group=junos
From Junos release 17.2R1-S8 the session fast-reroute is enabled by default in PFE (Packet Forwarding Engines). In the platform using unilist (one kind of indirect next-hop) as route next hop type for multiple paths scenario (such as BGP PIC or ECMP), if BGP PIC or ECMP-FRR is used, In case of that the version-id of session-id of indirect next-hop (INH) is above 256, PFE might not respond to session update and hence it might cause the session-id permanently to be stuck with the weight of 65535 in PFE. It might lead PFE to have a different view of UNILIST against load-balance selectors. Then, the BGP PIC and the ECMP-FRR might not work properly, the traffic blackhole might be seen.
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1406070 The rpd might crash or duplicated routes might be seen if doing configuration change with BGP multipath and flapping routes
Product-Group=junos
On all platforms, if doing configuration change (with BGP multipath) and flapping the IGP/LDP/RSVP routes simultaneously, the rpd crash or duplicated routes might be seen.
PR Number Synopsis Category: RPD policy options
1450123 The rib-group might not process the exported route correctly
Product-Group=junos
The rib-group with a policy that matches route next-hop can fail to add the route to the secondary routing table when matched route next-hop is changed to another one and then referred back again after some time. This issue has traffic impact as the exported route will lose in the secondary routing table.
PR Number Synopsis Category: Resource Reservation Protocol
1445994 Traffic blackhole likely if two consecutive PLRs along the LSP perform local repair simultaneously under certain mis-configured conditions
Product-Group=junos
In RSVP environment with link or node protection deployed, if two consecutive PLRs (point of local repair) along the LSP perform local repair simultaneously and if backup LSP signaling between the downstream PLR & MP (merge point) pair fails due to any reason, then the backup LSP signaling between the upstream PLR & MP pair also does not succeed. Then due to a software defect the upstream PLR does not correctly clean up the LSP state and continues to send traffic into the backup LSP, resulting in traffic blackhole at the downstream PLR.
1471281 The rpd crash might be seen after doing some commit operations which could affect RSVP ingress routes
Product-Group=junos
On all platforms with BGP PIC configured, if doing some commit operations where RSVP ingress routes are affected, the rpd crash might be seen.
1490163 High CPU utilization for rpd might be seen if RSVP is implemented
Product-Group=junos
On all Junos platforms, when Multiprotocol Label Switching (MPLS) is configured with Resource Reservation Protocol (RSVP) as signaling layer, CPU utilization for rpd might be high (more than 20%) if the MPLS ingress route has more than 32 equal-cost multipath (ECMP) next-hops. As a result, performance of the device might be affected.
PR Number Synopsis Category: jflow/monitoring services
1439630 Sampling might return incorrect ASN for BGP traffic
Product-Group=junos
In a BGP scenario with sampling enabled, incorrect ASN (autonomous system number) might be returned for the traffic originated from an internal prefix. This is because some AS paths and routes don't hold the latest information in the message buffers that srrd (sampling route-record daemon) uses to send to the clients.
PR Number Synopsis Category: IPSEC functionality on M/MX/T ser
1456749 All the IPsec tunnels might be cleared when the clear command is executed for only one IPsec tunnel with specified service-set name
Product-Group=junos
On M/MX platforms running in IP security Virtual Private Network (IPsec VPN) scenario, when the command "clear services ipsec-vpn ike security-associations service-set " is executed for only one IPsec tunnel with the specified service-set name, all the other IPsec tunnels might be cleared as well due to this issue.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1464020 The mspmand might crash when stateful firewall and RPC ALG used on MX platforms with MS-MIC/MS-MPC
Product-Group=junos
On MX platforms with MS-MIC/MS-MPC, when stateful firewall is configured with "application junos-dce-rpc-portmap" and RPC ALG is enabled (both Sun RPC and MS-RPC), the mspmand might crash continuously (about every 15 or 20 minutes).
PR Number Synopsis Category: MS-MPC Logging on MX
1478972 TCP-log sessions might be in Established state but no logs get sent out to the syslog server
Product-Group=junos
When TCP-based syslog is configured under the service-set, the Services PICs will establish the TCP sessions with syslog server. When the networks between the syslog server and the MX/SRX are not stable, TCP retransmit may not work properly and cause the TCP sessions to hang. When issuing "show services tcp-log connections", the TCP sessions are still shown in "Established" state, however, no syslog messages are sent to the syslog server.
PR Number Synopsis Category: MX10003/MX204 Platform SW - Chassisd s/w defects
1436832 The device may not be reachable after a downgrade from some releases
Product-Group=junos
The master routing-engine on an MX10003 may hang during a reboot after a software upgrade or downgrade. The back-up roting-engine does not subject to the same software issue.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1451559 The host generated packets might be dropped in the EVPN/VXLAN scenario
Product-Group=junos
The host generated packets might be dropped in the EVPN/VXLAN scenario due to hitting the "reject route" policy in PFE.
1491091 MAC malformation might happen in a rare scenario under MX-VC setup
Product-Group=junos
On MX-VC setup, if traffic is going through a VCP (virtual chassis port) port and forwarding to an egress port to the destination, while the traffic is handled entirely by the same PFE, MAC malformation might happen.
PR Number Synopsis Category: Trio pfe multicast software
1478981 The convergence time for MVPN fast upstream failover might be more than 50ms
Product-Group=junos
On MX platforms which act as Next Generation Mulicast Virtual Private Network (NG-MVPN) Provider Edge (PE) routers, if the hot-root-standby and sender-based-rpf features are configured to enable MVPN fast upstream failover, once the primary multicast flow rate falls below the configured "mvpn hot-root-standby min-rate rate" threshold, the egress PE router is supposed to take switchover action from the primary flows to the backup ones, and the covergence time should be within 50 milliseconds. Due to this issue, the covergence time might be more than 50ms and reach up to several seconds (e.g. 2~3s) in a highly scaled scenario (e.g. the number of the multicast groups undergoing the switchover simultaneously is greater than 250 groups). This will result in more traffic loss than expected.
PR Number Synopsis Category: Trio pfe microcode software
1452261 Traffic lost might be seen in case of ethernet frame padding with VLAN
Product-Group=junos
In Ethernet frame padding with VLAN scenario, if the fragment is a need, the VLAN Ethernet Padding is required to minimum frame size when the Ethernet frame length is less than 68 bytes and equal to or greater than 64 bytes. But, if VLAN Ethernet Padding is configured on a vlan-tagging enabled ethernet interface, the fragment might not work correctly on this interface. Then, the MPC error might be seen and the traffic might be lost.
PR Number Synopsis Category: Junos Automation, Commit/Op/Event and SLAX
1436773 The /var/db/scripts directory might be deleted after executing "request system zeroize"
Product-Group=junos
On all platforms which support ZTP (Zero Touch Provisioning), the /var/db/scripts directory might get deleted after executing "request system zeroize", and it won't be recreated automatically.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1464439 The CPU utilization on mgd daemon might be stuck at 100% after the netconf session is interrupted by flapping interface
Product-Group=junos
If a netconf session is initiated over inband connection, the CPU utilization on mgd daemon might be stuck at 100% after the netconf session which is executing an RPC call for some commands gets interrupted by flapping interface. There is no impact observed to control-plane or forwarding-plane, the subsequent netconf session will continue to function.
PR Number Synopsis Category: V44 Satellite Device Infra
1460607 The dpd crash might be observed on satellite devices in junos fusion enterprise
Product-Group=junosvae
In junos fusion dpd might crash on satellite devices running SNOS.
PR Number Synopsis Category: Virtual Router Redundancy Protocol
1454895 The VRRP traffic loss is longer than one second for some backup groups after performing GRES
Product-Group=junos
On all Junos OS platforms, configuring VRRP over the AE interface whose member physical interfaces belong to different PFE (packet forwarding engine), some backup VRRP groups traffic loss are observed longer than one second after performing GRES (graceful Routing Engine switchover). As the expectation is that the outage is subsecond.
 

17.4R3-S2 - List of Known issues
PR Number Synopsis Category: ESWD
1192520 GARPs being sent from the switch once in 10 minutes
Product-Group=junos
GARPs were being sent whenever there is a mac (fdb) operation (add or delete). This is now updated to send GARP when interface is UP & l3 interface attached to the vlan.
PR Number Synopsis Category: QFX Multichassis Link Aggregrate
1454764 ARP reply unicast packets might be flooded to all interfaces in the vlan
Product-Group=junos
Flooding of ARP reply unicast packets is seen as a result of an ARP request sent for the device's VRRP MAC address. The ARP reply, which is flooded in the VLAN by the device, has the correct DMAC of the originator of the ARP request. In other words, the ARP reply is flooded but with the correct unicast DMAC. The ARP reply is not broadcasted. It is independent of MCLAG and VRRP scenario.
PR Number Synopsis Category: QFX PFE CoS
1510365 Traffic might be forwarded to wrong queue when fixed classifier is used
Product-Group=junos
If L2 access or vlan bridge IFL is created after fixed classifier is applied, the traffic matching the fixed classifier might be forwarded in unexpected queue, it might cause congestion unexpectedly hence there is traffic impact.
1510365 Traffic might be forwarded to wrong queue when fixed classifier is used
Product-Group=junosvae
If L2 access or vlan bridge IFL is created after fixed classifier is applied, the traffic matching the fixed classifier might be forwarded in unexpected queue, it might cause congestion unexpectedly hence there is traffic impact.
PR Number Synopsis Category: QFX PFE L2
1289546 U16:after delete and readding of 1k lag interfaces Trafic drops are seen for some time even though all lag interfaces comes up
Product-Group=junos
On QFX10016, after delete and re-adding of 1k lag interfaces, traffic drops could be seen until ARP are refreshed even though all lag interfaces comes up
1362557 dcpfe core-dump in QFX5200
Product-Group=junos
Deadlock is observed between _bcm_esw_linkscan_thread & Juniper thread (pfeman) cause dcpfe process to generate a Coredump
1467763 The fxpc.core might be seen when committing the configuration all together, e.g., after the reboot
Product-Group=junos
On EX2300/3400/4300/4600 and QFX Series switches except for QFX10k, if committing the configuration all together (e.g., after the reboot), the fxpc/PFE core dump might be found. In the Virtual Chassis scenario, the VC members might be splitted because the VC ports might not be created in time.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1443507 IPv6 connectivity between MC-LAG peers might fail when multiple IRB interfaces are present
Product-Group=junos
On all Junos platforms which are enabled with MultiChassis Link Aggregation Group (MC-LAG), if there are multiple Integrated Routing and Bridging (IRB) interfaces present, and the Inter Chassis Link (ICL) is also connected over an IRB interface, when both MC-LAG peers have not learnt link-local addresses and IPv6 ping is firstly initiated from the remote peer, the Neighbor Solicitation (NS) packet might take ICL path and couldn't get answered properly.
PR Number Synopsis Category: Fireall support for ACX
1487934 JDI ACCESS REGRESSION : INTERFACES : BCM SDK UPGRADE : RLI-41209 : Observing Ffeb core @bcm563xx_pkt_tx,bcm563xx_pkt_reinject_l2_packet,bcm563xx_pkt_pfe_input
Product-Group=junos
In Enduro-2 devices (ACX500, ACX4000), FFeb core could happen when heavy traffic of kernel trapped packets is received due to recent SDK upgrade for ACX devices.
PR Number Synopsis Category: ACX Interfaces IFD, IFL, vlans, and BRCM init
1486611 AUTO-CORE-PR : JDI ACCESS REGRESSION : ffeb core found @ rx_higig_info_decode rx_default_parser rx_intr_process_packet
Product-Group=junos
In Enduro-2 devices (ACX500, ACX4000), FFeb core could happen when heavy traffic of kernel trapped packets is received due to recent SDK upgrade for ACX devices. Issue is fixed with a Broadcom CSP patch in SDK-6.5.16. Fix is not-applicable in junos code. PR is now fixed in recent builds of 20.1R2 / 20.2R1 / 20.3DCB /17.4R3-S2.
1486629 AUTO-CORE-PR : JDI ACCESS REGRESSION : ffeb core found @ dcb23_rx_ingport_get rx_intr_process_packet rx_done_packet
Product-Group=junos
In Enduro-2 devices (ACX500, ACX4000), FFeb core could happen when heavy traffic of kernel trapped packets is received due to recent SDK upgrade for ACX devices. Issue is fixed with a Broadcom CSP patch in SDK-6.5.16. Fix is not-applicable in junos code. PR is now fixed in recent builds of 20.1R2 / 20.2R1 / 20.3DCB /17.4R3-S2.
PR Number Synopsis Category: ACX MPLS
1487254 [mpls] [generic] JDI ACCESS REGRESSION : mpls : BCM SDK UPGRADE : RLI-41209 : l2circuit connections are not getting up while verifying vlan rewrite functionality
Product-Group=junos
SDK upgrade issue. L2 Circuits / vpn may not come up on Aggregated ethernet interfaces. Use normal interfaces as core links.
PR Number Synopsis Category: ACX Services feature
1468618 [firewall] [unexpected_traffic_flow] JDI ACCESS REGRESSION : PLATFORM : BCM SDK UPGRADE : RLI-41209 :unable to get shared buffer count as expected
Product-Group=junos
The packets shall not be sent out of the Logical tunnel peer interface in case if it is part of l2ckt pw service due to BCM SDK upgrade.
1487941 [eoam] [eoamtag] JDI-ACX-REGRESSION: BCM SDK UPGRADE : RLI-41209 Transmitted traffic is not receiving as expected
Product-Group=junos
Transmitted traffic is will not be received as expected, as all the packets are egressed out of queue0 due to BCM SDK upgrade.
PR Number Synopsis Category: MPC Fusion SW
1508794 A Regression issue introduced by PR1463859 causing WAN-PHY interface continuously flaps with default hold-time down of 0
Product-Group=junos
PR1463859 introduces a software defect that causes a 10GE interface to flap continuously when configuring with the WAN-PHY framing with the default "hold-down" timer (0). Once upgrading a router to an affected software release, the interface may flap continuously. This is not applicable to an interface with the default framing - LAN-PHY.
PR Number Synopsis Category: MX Layer 2 Forwarding Module
1424635 RE kernel crashes may be seen in EVPN scenario when proxy arp is enabled
Product-Group=junos
In EVPN scenario when proxy arp is enabled and the lowest 3 bytes of irb logical interface's address are zero, RE kernel crashes may be seen if IPv6 address is configured on irb logical interface and then got removed.
PR Number Synopsis Category: BBE interface related issues
1440872 The layer2 dynamic VLAN might be missed when an interface is added or removed for an AE interface
Product-Group=junos
On MX-Series platform with dynamic VLAN configuration for subscriber management, if a physical interface is added or removed for an Aggregated Ethernet (AE) interface and if dynamic VLAN is enabled on AE interface, some of the dynamic layer2 interfaces might be deleted from the Packet Forwarding Engine (PFE), but not from bbe-smgd. This will cause the subscriber under the AE interface to be deleted.
PR Number Synopsis Category: Border Gateway Protocol
1396344 Processing a large scale as-path regex will cause the flap of the route protocols
Product-Group=junos
When 'as-path-group' is configured under BGP, if a configuration with a large scale as-path regex is committed, the route protocols flap might be seen.
1414121 QFX5100 : BGP v4/v6 convergence & RIB install/delete time degraded in 19.1R1/19.2R1/19.3R1/19.4R1
Product-Group=junos
BGP IPv4 or IPv6 convergence and RIB install/delete time is degraded in Junos OS Releases 19.1R1, 19.2R1, 19.3R1, and 19.4R1.
1425173 The rpd might crash if no-propagate-ttl is configured in BGP multipath scenario
Product-Group=junos
In BGP multipath scenario with labeled-unicast (LU) enabled, if no-propagate-ttl is configured, the rpd might crash if BGP LU route's ttl action is changed after which it does not match BGP multipath cache.
1432100 The "dead" next-hop might stay in the forwarding table in a BGP-LU scenario after the primary interface recovers
Product-Group=junos
In BGP Labeled Unicast (BGP-LU) scenario, if the device works as penultimate hop and receives BGP-LU routes with indirect next-hop from an egress router, after the operational next-hop interface corresponding to those labeled routes flaps, a "dead" next-hop type (discard action is performed for this type) may be set for the related clone routes (s=0) and still there even the next-hop interface is operational again.
1461602 The rpd scheduler slips might be seen on RPKI route validation enabled BGP peering router in a scaled setup
Product-Group=junos
In scaled BGP environment (e.g. global table ~3M routes or more) when there are a lot of (e.g 10k or more) more specific routes for a certain IPv4 or IPv6 prefix covered by some RV (route validation) record, a change in RV records database might lead to rpd (routing protocol daemon) scheduler slips, which could trigger routing protocol adjacency flap. The same could be triggered by executing "clear validation database" command or shortly after initial session RPKI (resource public key infrastructure) establishment event.
1481589 The rpd process might crash with BGP multipath and route withdraw occasionally
Product-Group=junos
In BGP multipath scenario on all Junos platforms, if original active/best BGP multipath routes got flapped occasionally, some routes, which are changed from best routes to alternative now, are removed from the BGP multipath route list, but its multipath flag are not cleared, due to some temporarily incorrect route reorder in BGP. And when the currently active route got withdrawn for some reason, and the original best routes again become the best routes then rpd might hit an assert and crash.
1501008 bgp neighbor flapped after RE mastership switchover
Product-Group=junos
When device was running Junos version which have the fix of PR1440694, BGP session alway flap after doing RE switchover
PR Number Synopsis Category: MPC5/6E pfe microcode software
1459698 Silent dropping of traffic upon interface flapping after DRD auto-recovery.
Product-Group=junos
An interface stops forwarding traffic when MX software triggers a "DRD reorder timeout recovery" event follows by an interface flap on the same XMCHIP. When the logic is triggered, you will see a "cmtfpc_xmchip_drd_reorder_id_timeout_callback" message in the PFE syslog messages. This issue affects XM based MPCs (3E 4E 5E 6E 2E-NG 3E-NG).
PR Number Synopsis Category: Software defects reported in Chivas NPI
1089955 Some non-fatal interrupts are logged as fatal interrupts on PTX platforms
Product-Group=junos
On PTX platforms, some non-fatal interrupts (for example, CM cache or AQD interrupts) are logged as fatal interrupts. The following log messages will be shown on CM parity interrupt: fpc0 TQCHIP 0: CM parity Fatal interrupt,Interrupt status:0x10 fpc0 CMSNG: Fatal ASIC error, chip TQ fpc0 TQCHIP 0: CM cache parity Fatal interrupt has occurred 181 time(s) in 180010 msecs TQCHIP 0: CM cache parity Fatal interrupt has occurred 181 time(s) in 180005 msecs
PR Number Synopsis Category: Device Configuration Daemon
1457460 Mismatched MTU value causes the RLT interface to flap
Product-Group=junos
In Redundant Logical Tunnel (RLT) with any dynamic protocols that rely on this interface scenario, when performing a "commit full" operation, which might cause the protocol to get flapping if MTU is configured at IFD level of the RLT. Due to the mismatch MTU value calculated by DCD and Kernel that triggers the IFD flapping, and then the protocols flapping.
PR Number Synopsis Category: Firewall Filter
1466698 An output bandwidth-percent policer with logical-bandwidth-policer applied to an AE bundle along with an output-traffic-control-profile has incorrect effective policing rate
Product-Group=junos
On MX platforms, for an AE bundle of at least two members hosted at two different FPCs, if the AE interface is with CoS output-traffic-control-profile of shaping-rate and with the output filter of policer with logical-bandwidth-policer and bandwidth-percent, the AE interface might have incorrect effective output policing rate.
PR Number Synopsis Category: SRX1500 platform software
1335523 On SRX1500 devices, fan speed goes up and down continuously.
Product-Group=junos
SRX1500 fan speed often goes up and down if the environment temperature up to 63 degrees celsius.
PR Number Synopsis Category: PTX Express ASIC interface
1453217 The 100G interface might not come up after flapping on PTX5000
Product-Group=junos
On PTX5000 Router, the 100-Gbps interface might not come up after flapping due to optic reliability issues.
PR Number Synopsis Category: PTX Express ASIC platform
1384435 An enhancement of optimizing the report to the single bit error check
Product-Group=junos
Due to transient hardware condition, single-bit error (SBE) events are corrected and have no operational impact. Reporting of those events had been disabled to prevent alarms and possibly unnecessary hardware replacements. This change applies to all Platforms using Hybrid Memory Controller (HMC).
PR Number Synopsis Category: Kernel software for AE/AS/Container
1423707 Traffic is dropped on aggregated Ethernet member links where LACP is deactivated on remote device
Product-Group=junos
On routers and switches running Junos OS, with Link Aggregation Control Protocol (LACP) enabled, deactivating a remote Aggregate Ethernet (AE) member link makes the local member link move to LACP detached state and cause traffic drops on that member link. The same scenario applied when a new member link is added where the other end of that link is not yet configured with LACP.
1440033 Traffic loss is observed on newly added interfaces in AE on "MX and EX platforms"
Product-Group=junos
On MX and EX series devices that support the "enhanced-ip" feature and when the new interface is added to aggregated ethernet (ae), output traffic is observed as 0 on the existing member links. This is being observed due to software issues as wrong weights are being set for existing child interfaces in the AE bundle.
PR Number Synopsis Category: track re issu control procedure bugs
1256113 Traffic disruption seen when secondary node FPCs come online
Product-Group=junos
On SRX Chassis cluster, Traffic disruption seen on primary node when secondary node FPCs come online
PR Number Synopsis Category: jpppd daemon
1488302 MPLS VPN label can point to discard next-hop after RE switchover without NSR if egress interface is pp0
Product-Group=junos
After RE switchover without non-stop routing (NSR) on the broadband network gateway (BNG), some VRF routing instances may experience blackholing for traffic destined to the hosts behind static PPPoE subscriber's CPE device. The affected routing instances are configured without 'vrf-table-label' knob and have a static route configured with pp0.xxx interface as a next-hop like: user@router> show configuration routing-instances TEST instance-type vrf; interface pp0.1000; route-distinguisher 65000:1000; vrf-target target:65000:1000; routing-options { static { route 10.0.0.0/24 next-hop pp0.1000; <<<< } }
PR Number Synopsis Category: Flow Module
1465944 Junos OS: High-End SRX Series: Multicast traffic might cause all FPCs to reset. (CVE-2020-1634)
Product-Group=junos
On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core. Refer to https://kb.juniper.net/JSA11014 for more information.
1489276 GRE/IPSec tunnel might not come up when 'set security flow no-local-favor-ecmp' command is configured
Product-Group=junos
On SRX or vSRX clusters, when 'set security flow no-local-favor-ecmp' is configured, GRE/IPSec tunnel might not come up.
PR Number Synopsis Category: PFE infra to support jvision
1417366 "System_id" of an old master RE is reported by FPCs even after GRES.
Product-Group=junos
Description: Any time there is a hostname change, that requires to updated in FPC's file: /var/tmp/.system-details.txt and /var/tmp/.fpc-details.txt These files are required for telemetry module. All required infra-codes been changed with respect to FPC, to handle the chassid's master-config change message and update system&fpc details in above files.
1456275 Queue data might be missing from path '/interfaces/interface/state'
Product-Group=junos
On subscribing to '/interfaces/interface/state/' it might get subscribed to '/junos/system/linecard/interface/traffic/' internally, instead of '/junos/system/linecard/interface/queue/' which might impact traffic.
PR Number Synopsis Category: Platform infra to support jvision
1475036 Memory leak leading to MPC10E line card restart
Product-Group=junos
The "sensord" daemon on MPC10E linecards leaks memory at a rapid rate. The memory leak results in total memory exhaustion. Consequentially, all control traffic transiting all PFEs on the MPC10E stalls. Shortly after this stall the MPC10E may restart. If the MPC10E restarts there will be no core dump recorded. The rate of memory leak varies depending on the number of populated optics in the MPC10E and on the number of MPCs installed in the system. Typically the MPC10E will restart in this manner after 15 days of operation. [TSB17705]
PR Number Synopsis Category: Label Distribution Protocol
1428843 The LDP might withdraw a label for an FEC once the IGP route is inactive in inet.0
Product-Group=junos
If LDP is used without using egress-policy, when the route from other routing protocol is preferred over the IGP route in inet.0, e.g. BGP-LU route exported in inet.0, LDP might withdraw the FEC label hence causing LDP traffic to get lost.
PR Number Synopsis Category: Application specific PRs (cos/snmp/time-sync/routing/BRAS)
1255542 MX-VC: suboptimal Aggregate Ethernet Load Balancing when an Aggregate Ethernet bundle is part of an ECMP path.
Product-Group=junos
Load balancing is uneven across Aggregated Ethernet (AE) member links when the AE bundle is part of an equal cost multipath (ECMP). The AE member links need to span Virtual Chassis members.
PR Number Synopsis Category: AgentSmith MPC Platform
1433948 Interfaces on MPC-3D-16XGE-SFPP may go down due to CB0 clock failure
Product-Group=junos
On MX Series platforms, if the clock frequency is slowly changing on CB0 (slow drift), the clock source for MPC-3D-16XGE-SFPP may not be changed to CB1, which will cause interfaces on it to go down and remain in the downstate.
PR Number Synopsis Category: Multiprotocol Label Switching
1282369 The rpd on backup RE might crash when the rpd on master RE restarts
Product-Group=junos
With nonstop active routing (NSR), when the routing protocol process (rpd) restarts on the master Routing Engine, the rpd on the backup Routing Engine might restart.
PR Number Synopsis Category: Multicast for L3VPNs
1460625 The rpd process might crash due to memory leak in "MVPN RPF Src PE" block
Product-Group=junos
In NG-MVPN scenario with multiple multicast sources, the rpd process might crash due to memory leak in "MVPN RPF Src PE" block.
PR Number Synopsis Category: Kernel Composite Next Hop (composite / l3vpn) Infrastructure
1505076 Not following the guideline of rebooting entire chassis after changing chassis network-services configuration can cause vmcore and crash of FPCs/routing-engines on chassis.
Product-Group=junos
When configuration at hierarchy [edit chassis network-services] is changed a reboot of chassis is needed to avoid any unexpected behavior. One such behaviour is an assest condition due to issues in nexthop allocation leading to vmcore and reboot of FPCs/REs on the chassis. This PR introduces changes to handle such assert conditions gracefully and to avoid FPC/RE crash. The guideline of rebooting the entire chassis when configuration change is made is still valid.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1345506 The FPC might fail to boot after toggling back and forth between 15.1 release (any release where 'JUNOS OS runtime' < 20180321) and a later release
Product-Group=junos
After upgrading and downgrading between an older 15.1 release (any release where 'JUNOS OS runtime' < 20180321) without the fix for this PR and a later release that has extra optional platform packages (e.g 16.1), the system running 15.1 gets confused as to the state of such packages and discards them upon the the next upgrade to a later release. Thus, for example, changing Junos version between 16.1 -> 15.1 -> 16.1 may result in some PFE packages missing and therefore may prevent some MPCs from booting.
1463802 The scheduled tasks might not be executed if "cron" daemon goes down without restart automatically
Product-Group=junos
The service utility "cron" runs in the background and regularly checks /etc/crontab for tasks to execute and searches /var/cron/tabs for custom crontab files. These files are used to schedule tasks which "cron" runs at the specified times. "cron" daemon is started during boot. If for some reason, the "cron" process exits, the scheduled tasks will not be executed. "cron" was not restarted automatically and had to be started manually.
PR Number Synopsis Category: TCP/UDP transport layer
1449929 The DF flag BGP packets are dropped over MPLS LSP path
Product-Group=junos
When the mtu-discovery is configured under BGP, the DF (Don't Fragment) flag BGP packets are dropped if they go through the smaller MTU MPLS LSP path. This issue will cause the BGP session flap and the failure of BGP routes update.
PR Number Synopsis Category: PTX Broadway based PFE MPLS-LSPs RSVP VPNs tcc ccc software
1131797 PTX not tunneling certain types of L2 packets into L2circuit connection.
Product-Group=junos
When a PTX Series router is used as a PE router for L2circuit connections, there are certain Layer 2 related protocols like LACP, LLDP , or STP that will not get tunneled in to the L2circuit path by the PTX Series. Instead of tunneling the packets into the L2circuit path, the PTX Series will punt them to the Routing Engine, causing the packets to not reach the other end of the L2circuit. Packets like ARP work fine. The PTX Series chipset performs a classification on the affected L2 packets and sends it to the Routing Engine instead of pushing in through the MPLS tunnel in L2circuit scenarios.
PR Number Synopsis Category: PTX5KBroadway based PFE IPv4, IPv6 software
1254415 PTX FPC is reporting TQCHIP : Fatal error pqt_min_free_cnt is zero
Product-Group=junos
PTX Series platforms with the FPC-PTX-P1-A or FPC2-PTX-P1A line card might encounter a single event upset (SEU) event that can cause a linked-list corruption of the TQCHIP. The following syslog message is reported: Jan 9 08:16:47.295 router fpc0 TQCHIP1: Fatal error pqt_min_free_cnt is zero Jan 9 08:16:47.295 router fpc0 CMSNG: Fatal ASIC error, chip TQ Jan 9 08:16:47.295 router fpc0 TQ Chip::FATAL ERROR!! from PQT free count is zero jan 9 08:16:47.380 router alarmd[2427]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 Jan 9 08:16:47.380 router craftd[2051]: Fatal alarm set, FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 Junos OS Chassis Management Error handling does detect such condition, and raises an alarm and performs the disable-pfe action for the affected PFE entity. To recover this PFE entity, a restart of the FPC is needed. Soft errors are transient or non-recurring. FPCs experiencing such SEU events do not have any permanent damage. Contact your Juniper support representative if the issue is seen after a FPC restart.
PR Number Synopsis Category: PTX10K Routing Engine
1503169 On a dual RE GRES/NSR enabled PTX10008/PTX10016 router, a few TCP-based application sessions like BGP/LDP might flap upon RE mastership switch
Product-Group=junos
In a rare case on a dual RE GRES/NSR enabled PTX10008/PTX10016 router, a few TCP-based application sessions like BGP/LDP might flap upon RE mastership switch or upon applications (protocols) session bounce at a backup RE. Once those sessions flap, they will be re-established automatically. Due to this issue, the TCP sessions re-connection will impact the repsective routing protocol sessions and therefore could impact the traffic. This is a timing issue; the more TCP-based application sessions the router has established prior the switchover, the higher chances to hit the issue. Usually when the issue happens, only a few TCP sessions are getting affected and not all of them.
PR Number Synopsis Category: QFX platform optics related issues
1402127 QSFP-100GBASE-SR4/LR4 might take a long time to come up after disabling interface or reboot
Product-Group=junos
On QFX5110 platform with QSFP-100GBASE-SR4/LR4 port used, after disabling an 100G port and then enable the port again, or reboot the device, there is a long time delay (5-15 minutes) before the ports come up.
PR Number Synopsis Category: QFX PFE Class of Services
1445960 CoS classifier might not work as expected
Product-Group=junos
On QFX5000 Series platforms(except for the QFX5100) in the VxLAN scenario, the traffic is not classified properly on the UNI interface which has multiple VLANs configured.
PR Number Synopsis Category: KRT Queue issues within RPD
1342942 KRT queue might be stuck on changing RD of a routing-instance
Product-Group=junos
Junos platforms do not support 'on the fly RD change' - changing the RD (route distinguisher) of an active routing-instance to another value, which might lead to KRT (kernel routing table) queue to be stuck and hence routing/forwarding impact. This is because of the software design and is a production limitation. However such on the fly RD change can be successfully committed without any type of error message. With fix of this PR, error message will be reported in syslog upon commit.
PR Number Synopsis Category: Resource Reservation Protocol
1458527 RSVP interface bandwidth calculation might be incorrect when RSVP subscription percentage is configured under RSVP interface
Product-Group=junos
When setting LSP bandwidth constraint and signaling LSP, the remaining bandwidth can be less than the expected one like in the below example. It is not allowing further reservation through this link. user@device> show rsvp interface RSVP interface: 2 active Active Subscr- Static Available Reserved Highwater Interface State resv iption BW BW BW mark et-0/1/0.0 Up 1 90% 100Gbps 4.99999Gbps 85Gbps 90Gbps <<<<<< So if trying to signal a new LSP with bandwidth 5G through this link it will fail.
1505834 The rpd process might crash with RSVP configured in a rare timing case
Product-Group=junos
On all Junos platforms running with the Resource Reservation Protocol (RSVP) configured, when some socket error happens, RSVP might be unable to send message, however the counter for sent messages has already been increased due to the software design defect. The wrong counter might lead to the rpd process crash. It's a rare timing issue and it might be more likely to happen in a scaled scenario.
PR Number Synopsis Category: Sangria Platform including chassisd, RE, CB, power managemen
1471178 A PTX5K SIB3 might fail to come up in slot 0 and/or slot 8 when RE1 is master.
Product-Group=junos
A PTX5K SIB3 might fail to come up in slot 0 and/or slot 8 when RE1 is master.
PR Number Synopsis Category: SW PRs for SCBE3 fabric
1491968 FPCs might stay down or restart when swapping MPC7/8/9 with MPC10/11 or vice versa in the same slot
Product-Group=junos
In MX240/MX480/MX960 routers with SCB3E or MX2010/2020 with SFB3 scenario, if MPC7E/8E/9E is swapped with MPC10E/11E each other or vice versa in the same slot, the different encoding mode between two MPCs might cause SCB3E/SFB3 to not change the mode gracefully according to the new MPC type inserted. This causes fabric destination errors which can trigger fabric healing mechanisms and cause system-wide impact due to fabric planes and FPCs getting reset. [TSB17748]
PR Number Synopsis Category: MPC7/8/9 chassis issues
1380183 MQSS errors might cause FPC restart.
Product-Group=junos
On EX9200, MX platform with MPC7E/8E/9E, MX204/MX10003/MX10008/MX10016, a physical interface link flaps continuously might cause MQSS errors which might cause the restart process of FPC for fault handling, and packets drop might be seen during the self-recovery process.
PR Number Synopsis Category: MX10003/MX204 Platform SW - Chassisd s/w defects
1348753 Chassisd memory leak issue on MX10003 and MX204 platform and it would cause eventual chassisd crash and RE switchover.
Product-Group=junos
Chassisd process running on MX10003 and MX204 platform will be leaking memory. Memory leak happens as long as chassisd is working and there is no way to stop leaking. This would cause eventual chassisd crash and RE switchover.
PR Number Synopsis Category: MX10002 Fabric s/w defects
1428854 Fabric drops might be seen on MX10003 platform when two FPCs come online together
Product-Group=junos
On MX10003 platform, when two FPCs come online together, the fabric links between FPCs might not be initialized, all traffic go through the fabric between FPC0 and FPC1 might be dropped.
PR Number Synopsis Category: MX10003/MX204 MPC defects tracking
1474231 QSA adapter Lane 0 port might be also brought down when disabling one of the other lanes
Product-Group=junos
When QSA adapter is installed, the Lane 0 port might be also in down state when disabling one of the other lanes (1, 2 or 3) due to the chan number not entertained. It is not expected behaviour and it might affect service.
PR Number Synopsis Category: MX10002 Platform SW - Platform s/w defects
1332884 Upgrading from 17.3 or 17.4 to 18.1R1 is only possible with no-validate knob on MX10003/MX204.
Product-Group=junos
On MX204/MX10003, due to an unexpected chassisd core, upgrade from 17.3 or 17.4 to 18.1 or higher fails when using validate option. The upgrade is possible with the 'no-validate' knob.
PR Number Synopsis Category: SRX-1RU HA SW defects
1487951 If a cluster id of 16 or multiples of 16 is used, the chassis cluster might not come up.
Product-Group=junos
When using the SRX4600 firewall in a cluster, if a cluster-id of 16 or multiples of 16 is being used, the cluster might not come up.
PR Number Synopsis Category: SRX-1RU platfom related protocol, QoS, filtering features et
1314821 "kern.ipc.nmbclusters limit reached" error seen while excessive logging sent to RE.
Product-Group=junos
"kern.ipc.nmbclusters limit reached" error seen while excessive logging sent to RE also occasionally vm core-dumps resulting device into DB mode. Though stream log is configured but if is routed via Routing engine then it hits the RE memory limit. Routing stream mode through the RE is an incorrect configuration as it negates the purpose of stream mode. The result is that the overwhelmed CPU can either simply make the RE unresponsive, or in worst case scenario it goes to DB and must be rebooted.
PR Number Synopsis Category: Trio pfe qos software
1418602 FPC log messages: "Q index(xxxxx) is not allocated"
Product-Group=junos
The cause of the messages is a race condition. For each IFL, IFLSET or IFD object, HALP statistics module reads stats values from hardware for the individual queues. HALP stats module is implemented as a separate stats thread and while stats thread is waiting, PFEMAN thread may assign different queues to the IFL/IFLSET/IFD object. After stats thread gets CPU back, before reading HW for the next queue, stats thread needs to validate that queue is still applicable, which fails if we see the message. The messages are harmless and can be ignored.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1420626 The unicast traffic to destination reachable over IRB and LSI with two next-hops might be dropped due to PFE mis programming
Product-Group=junos
On MX Series routers with Trio chip set based MPCs, unicast traffic might get dropped when the destination is reachable over an integrated routing and bridging (IRB) interface and a label-switched interface (LSI) with two next hops.
1488251 MAC learning under bridge-domain stops after MC-LAG interface flap
Product-Group=junos
MAC learning under bridge-domain over MC-LAG interface stops after MC-LAG interface flap
PR Number Synopsis Category: Trio pfe microcode software
1409626 LACP DDOS policer is incorrectly triggered by other protocols traffic on all EX92XX/T4000 and MX platforms
Product-Group=junos
DDOS policer for LLDP/MVRP/Provider MVRP/dot1X is incorrectly identified as LACP DDOS violation on EX92xx/T4000 and MX series platforms. Issue can appear whenever there is an overflow of traffic from any of these protocols and triggers DDOS for LACP rather than the actual protocol.
PR Number Synopsis Category: Junos Automation, Commit/Op/Event and SLAX
1501746 Python or Slax script might not be executed
Product-Group=junos
On all Junos platforms, Python or Slax script might not be successfully executed when the script is not present under hard disk path (/config/scripts) of the device combined with knob 'load-scripts-from-flash'. This is a regression issue.
PR Number Synopsis Category: Issues related to Logging/Tracing, errmsg, eventd infrastruc
1346440 The l2ald trace options files might not rolling or compressing consistently
Product-Group=junos
The l2ald trace options files not rolling or compressing consistently when set to "level all" and "flag all" in the l2ald trace options.
PR Number Synopsis Category: web filterig issues
1481290 UTM websense redirect supports IPv6 messages.
Product-Group=junos
Websense-Redirect mode web-filter on SRX start to support IPV6 traffic after this fix
Modification History:
First publication date 2020-06-29
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search