Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

18.2R3-S5: Software Release Notification for JUNOS Software Version 18.2R3-S5

0

0

Article ID: TSB17815 TECHNICAL_BULLETINS Last Updated: 26 Jul 2021Version: 5.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, NFX, PTX, QFX, SRX, vSRX, and vMX
Alert Description:
Junos Software Service Release version 18.2R3-S5 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Warning: With VPLS/Bridge-Domain environment, an MX/EX9200 Series router with Trio-based MPCs running software version 18.2R3-S5. The MPCs may experience NH memory leaks in the PFEs when using the integrated routing and bridging (IRB) interface participating in the VPLS/Bridge-domain instance.
Junos Software service

Release version 18.2R3-S5 is now available.

18.2R3-S5 - List of Fixed issues

PR Number Synopsis Category: DOT1X
1504818 On the EX2300-48MP switch, client does not receive the captive-portal success page by downloading the ACL parameter, because the authentication failed.
Product-Group=junos
On EX/MX/QFX/SRX platforms in case of captive-portal without dot1x stanza, when receiving the filter from the RADIUS for captive-portal user might lead to authentication failure for that user. This issue is seen only in the captive-portal configuration with RADIUS filter when dot1x stanza is not present.
PR Number Synopsis Category: EX4300 Platform
1502726 On the EX4300 device, traffic loss might be seen with framing errors or runts if MACsec is configured.
Product-Group=junos
On EX4300 platform with Media Access Control Security (MACsec) configured, if there is high traffic flowing through the MACsec enabled link, increasing framing errors or runts statistics might be seen in the output of "show interfaces extensive <>" for the affected interface. Traffic loss might also happen due to this issue.
PR Number Synopsis Category: Marvell based EX PFE L3
1493121 The fxpc process might crash when configuring scaled configuration with 4093 VLANs.
Product-Group=junos
On EX2300 and EX3400 platforms, the fxpc might crash when configuring scaled configuration with 4093 VLANs (Virtual Local Area Networks). Traffic loss is expected to be seen during the fxpc crash.
PR Number Synopsis Category: EX2300/3400 PFE
1497523 The fxpc process might crash when renumbering the primary member ID value of the EX2300 or EX3400 Virtual Chassis.
Product-Group=junos
In EX2300/EX3400 VC (Virtual Chassis) scenario, when renumbering the master member id to a new id value, sometimes there is a fxpc crash on another VC member. Traffic loss might be seen during the fxpc crash and restart.
PR Number Synopsis Category: QFX Access control list
1499918 Traffic drop might be observed after modifying the FBF firewall filter.
Product-Group=junos
On the QFX5100 and QFX5200 lines of switches, after making changes in filter-based forwarding (FBF) firewall filter that is configured with multiple terms or different routing instances, traffic drop might be observed.
PR Number Synopsis Category: QFX PFE CoS
1510365 Traffic might be forwarded to the incorrect queue when a fixed classifier is used.
Product-Group=junos
If L2 access or vlan bridge IFL is created after fixed classifier is applied, the traffic matching the fixed classifier might be forwarded in unexpected queue, it might cause congestion unexpectedly hence there is traffic impact.
PR Number Synopsis Category: QFX PFE L2
1474142 Traffic might get affected if the composite next-hop is enabled.
Product-Group=junos
On QFX5000 and EX4600 platforms with composite next hop enabled, traffic loss would occur when deleting leaked routes with composite next hop.
1491669 Junos OS: EX and QFX5K Series: Storm Control does not work as expected when Redundant Trunk Group is configured (CVE-2021-0203)
Product-Group=junos
On Juniper Networks EX and QFX5K Series platforms configured with Redundant Trunk Group (RTG), Storm Control profile applied on the RTG interface might not take affect when it reaches the threshold condition. Refer to https://kb.juniper.net/JSA11093 for more information.
1499422 The fpc goes down when 100-Gigabit Ethernet link comes up on the QFX5110-48S switch.
Product-Group=junos
On the QFX5110-48S device running on Junos 19.3R2-S2, 18.2R3-S3 or 18.2R3-S4, the FPC will go down when the 100G link comes up on the network port. This leads to FPC up and down every 90 seconds. During the problem state running CLI "show chassis fpc detail" will not yield any output for upto 90sec. user@device> show chassis fpc detail. <-------- Empty Once FPC state transition back to online state, the 100G transceivers gets detected and fpc flap is seen again. This behavior is seen continuously as long as 100G transceivers remain connected to the QFX device in question. If 100G interfaces gets disabled from CLI or physically removed from the QFX switch, the FPC flap will no longer be seen. Note: This issue is not applicable when 100G-QSFP is used as a VCP port on QFX5110-48S.
PR Number Synopsis Category: JUNOS kernel/ukernel changes for ACX
1506938 The PIC slot might shut down in less than 240 seconds due to the over temperature start time being handled incorrectly
Product-Group=junos
On ACX1000/2000/4000 platforms, if the temperature in a PIC reaches above over the temperature threshold, the timer is started and the over-temperature start time is stored. If this condition persists for 240 seconds, the PIC slot would be shut down. If the temperature drops before 240 seconds, the timer is stopped and the over-temperature start time is made to zero. But in some cases, when the temperature drops before 240 seconds, the over-temperature start time is not made to zero but stored. In this case, if the same PIC reaches above over the temperature threshold again, the PIC might be shut down before 240 seconds as the 240 seconds delay are not calculated from this event but from the last.
PR Number Synopsis Category: common or misc area for SRX product
1490181 The SRX1500 device and the SRX4000 line of devices might boot up with the rescue configuration after a power outage.
Product-Group=junos
After a power outage occurs, SRX1500 and SRX4K devices might load rescue configuration in order to boot up successfully.
PR Number Synopsis Category: Border Gateway Protocol
1396344 Processing a large scale as-path regex causes the flapping of the route protocols
Product-Group=junos
When 'as-path-group' is configured under BGP, if a configuration with a large scale as-path regex is committed, the route protocols flap might be seen.
1482551 The rpd might be crashed after BGP peer flap.
Product-Group=junos
On all Junos platforms, with BGP long-lived graceful restart (LLGR) or BGP route dampening configuration, The rpd might be cored after BGP peer flapping. This is a day-1 issue.
PR Number Synopsis Category: MX Platform SW - UI management
1460657 The chassisd might crash
Product-Group=junos
On Junos OS platforms with NG-RE architecture, if receiving invalid host packets (such as, zero byte size), chassisd crash might be seen. As chassisd restarts after the core and it causes the FPCs and SCBs/SIBs reinitialize, traffic impact might be seen.
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1498023 The l2ald memory leakage might be observed in any EVPN scenario.
Product-Group=junos
In any EVPN scenario (for example, active-active multi-homing mode, active-standby multi-homing mode, EVPN-VXLAN, or EVPN-MPLS), the l2ald memory might slowly come up when the local CE device or core face interfaces continuously flap. If the memory of l2ald is exhausted, it causes the l2ald to crash.
1503657 The MAC address of the LT interface might not be installed in the EVPN database.
Product-Group=junos
In EVPN-VXLAN (Ethernet Virtual Private Network - Virtual Extensible LAN) scenario if the LT (Logical Tunnel) interface is under the bridge-domain of the EVPN-VXLAN instance, the MAC address of the LT interface might not be installed in the EVPN database. Thus no type-2 EVPN route is generated for the LT interface which results in unnecessary flooding and replication by the remote EVPN peer in the network.
PR Number Synopsis Category: Express PFE L2 fwding Features
1486614 Junos OS: QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016: In EVPN-VXLAN scenarios receipt of specific genuine packets by an adjacent attacker will cause a kernel memory leak in FPC. (CVE-2021-0272)
Product-Group=junos
A kernel memory leak in QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016 devices Flexible PIC Concentrators (FPCs) on Juniper Networks Junos OS allows an attacker to send genuine packets destined to the device to cause a Denial of Service (DoS) to the device. Please refer https://kb.juniper.net/JSA11163 for more information.
PR Number Synopsis Category: SRX4100/SRX4200 platform software
1490291 On SRX4100 and SRX4200 devices with chassis cluster in transparent mode, when a failover occurs for RG1, the interface on the new secondary node is getting flapped as expected to let the switch update its MAC address table.
Product-Group=junos
On SRX4100/4200 cluster in transparent mode, when a failover occurs for redundancy-group 1, the interface on the new secondary node is getting flapped as expected to let the switch update its mac address table. However this interface flap is not displayed at the interface status under 'Last flapped'.
1502462 IP monitoring on SRX4100 and SRX4200 device might fail in the rare event that a chassis internal connection between Routing Engine and Packet Forwarding Engine is temporarily down after RG0 failover.
Product-Group=junos
IP monitoring on SRX4100 and SRX4200 device might fail in the rare event that a chassis internal connection between RE and PFE is temporarily down after RG0 failover.
PR Number Synopsis Category: MX Inline Jflow
1500179 Inline Jflow might report incorrect value for some fields in flow records after enabling next-hop learning and route churn occurs.
Product-Group=junos
When inline flow monitoring (inline JFlow) along with nexthop-learning enabled is configured on Trio-based line card, the Sampling Route Record Module (i.e. sampler-rr or SRR thread) on PFE ukernel might miss some next-hops updates due to a race condition if route churn happens under large-scale next-hops scenario (e.g. >50K next-hops) and the route churn results in multiple next-hops adding/changing/deleting operations. So, JFlow might report wrong value for some fields in flow records for traffic forwarded using these next-hops missed in SRR.
PR Number Synopsis Category: jdhcpd daemon
1431201 The jdhcpd_era log files constantly consume 121M of space out of 170M, resulting into file system full and traffic impact
Product-Group=junos
On EX platforms with service dhcp enabled, the jdhcpd_era log files constantly consume 121M of space out of 170M, resulting into file system full and traffic impact. Memory usage of /var/log/ will reach 100%.
1512765 The jdhcpd process crash when processing a specific DHCPDv6 packet in DHCPv6 relay configuration (CVE-2020-1672).
Product-Group=junos
On Juniper Networks Junos OS devices configured with DHCPv6 relay enabled, receipt of a specific DHCPv6 packet might crash the jdhcpd daemon. Refer to https://kb.juniper.net/JSA11069 for more information.
PR Number Synopsis Category: Application aware Quality-of-Service
1486905 Junos OS: SRX1500, vSRX, SRX4K, NFX150: Denial of service vulnerability executing local CLI command (CVE-2020-1682)
Product-Group=junos
An input validation vulnerability exists in Juniper Networks Junos OS, allowing an attacker to crash the srxpfe process, causing a Denial of Service (DoS) through the use of specific maintenance commands. Refer to https://kb.juniper.net/JSA11079 for more information.
PR Number Synopsis Category: User Firewall related issues
1499090 Don't use capital characters for source-identity when using the show security match-policies command.
Product-Group=junos
When using "show security match-policies" cmd to match a policy with source-identity configured, only the non-capital source-identity name can be matched by policy.
PR Number Synopsis Category: Security platform jweb support
1483607 The httpd process may run with high CPU utilization when J-Web is enabled.
Product-Group=junos
The httpd process (running version 3) may run with high CPU utilization due to processing multiple back-end calls in parallel (for example, keeping the dashboard open for a long time).
1493385 Junos OS: Reflected Cross-site Scripting vulnerability in J-Web and web based (HTTP/HTTPS) services (CVE-2020-1673)
Product-Group=junos
Insufficient Cross-Site Scripting (XSS) protection in Juniper Networks J-Web and web based (HTTP/HTTPS) services allows an unauthenticated attacker to hijack the target user's HTTP/HTTPS session and perform administrative actions on the Junos device as the targeted user. Refer to https://kb.juniper.net/JSA11070 for more information.
1503557 Junos OS: SRX Series: Denial of Service in J-Web upon receipt of a crafted HTTP packet (CVE-2021-0227)
Product-Group=junos
An improper restriction of operations within the bounds of a memory buffer vulnerability in Juniper Networks Junos OS J-Web on SRX Series devices allows an attacker to cause Denial of Service (DoS) by sending certain crafted HTTP packets. Refer to https://kb.juniper.net/JSA11122 for more information.
1503569 Junos OS: J-Web has an Improper Neutralization of CRLF Sequences in its HTTP Headers which allows an attacker to carry out multiple types of attacks. (CVE-2021-0268)
Product-Group=junos
An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness in J-web of Juniper Networks Junos OS leads to buffer overflows, segment faults, or other impacts, which allows an attacker to modify the integrity of the device and exfiltration information from the device without authentication. Refer to https://kb.juniper.net/JSA11159 for more information.
PR Number Synopsis Category: PFE infra to support jvision
1507864 The na-grpcd will crash in case of incomplete sensor data exported from PFE
Product-Group=junos
Due to invalid data exported from PFE, the network agent damon (na-grpcd) will crash while parsing the payload. This will disrupt telemetry for all the connected collectors.
PR Number Synopsis Category: lacp protocol
1496857 Removing and re-enabling the knob "force-up" might cause traffic loss sometimes
Product-Group=junos
In all Junos platforms with LACP and knob "force-up" enabled scenario, traffic loss might be seen if the knob "force-up", which is enabled on a member link of AE interface, is removed and then re-applied to this link. Then the actual states of the Actor (local member link interface of an LACP ) and the Partner (peer member link interface of an LACP) in the periodic transmission process are not updated when negotiating with its peer.
PR Number Synopsis Category: Port-based link layer security services and protocols that a
1503010 The replay protection window size is wrongly set if replay-protect for MACsec is enabled with replay-window-size value set to zero
Product-Group=junos
If replay-protect for MACsec is enabled with replay-window-size value set to zero, the size of the replay protection window is wrongly set to max window size.
PR Number Synopsis Category: mc-ae interface
1486919 Traffic might get dropped because next-hop points to ICL even though the local MC-LAG is up.
Product-Group=junos
In active-active MC-LAG scenario, when the local MC-LAG is down on a Junos device, the MAC of local MC-LAG client device is expected to be learnt from ICL. If there is configuration change or l2-learning daemon reboot, the next-hop for the MAC might point to ICL even the local MC-LAG is up again. Traffic might get dropped due to this issue.
PR Number Synopsis Category: Multiprotocol Label Switching
1467278 The rpd might crash in PCEP for the RSVP-TE scenario.
Product-Group=junos
In PCEP (Path Computation Element Protocol) with RSVP Traffic Engineered LSP (TE LSP) scenario, the two LSPs with the same TE LSP name might be shared between Path Computation Element (PCE) and Path Computation Client (PCC) in some rare cases. Then, if the configuration of LSP is delegated from CLI and externally controlled by PCC at the same time, the rpd might be crashed.
PR Number Synopsis Category: Fabric Manager for MX
1498069 "FI: Reorder cell timeout - Stream xx, Count 1" messages may be seen intermittently after replacing the line card like MPC3 that use ADC (Adapter Card) with MPC8 or MPC9
Product-Group=junos
On MX2008/2010/2020 platforms with SFB2 and potentially with SFB3, if an MPC (e.g. MPC1E/2E/3E/5E/7E) which use ADC is replaced with MPC8/9, intermittent messages like "FI: Reorder cell timeout - Stream xx, Count 1" may be seen. In this case, traffic loss might be seen if fairly heavy traffic through the MPC8 card.
PR Number Synopsis Category: Bugs related to ethernet interface on MX platform
1493699 One port on MIC-3D-2XGE-XFP flapping might cause the other port on the same MIC to flap
Product-Group=junos
Due to the code change in PR 1463859, one port on MIC-3D-2XGE-XFP flapping might cause the other port on the same MIC to flap.
PR Number Synopsis Category: MX104 Software - Chassis Daemon
1453893 FPC/PFE crash may happen with ATM MIC installed in the FPC.
Product-Group=junos
FPC crash on MX240 and MX2020 routers or Packet Forwarding Engine crash on MX104 routers might happen when the MIC-3D-8OC3-2OC12-ATM is installed and ATM interface is configured.
PR Number Synopsis Category: OS IPv4/ARP/ICMPv4
1468183 Junos OS: Kernel crash (vmcore) or FPC crash due to mbuf leak (CVE-2020-1653)
Product-Group=junos
On Juniper Networks Junos OS devices, a stream of TCP packets sent to the Routing Engine (RE) may cause mbuf leak which can lead to Flexible PIC Concentrator (FPC) crash or the system to crash and restart (vmcore). Refer to https://kb.juniper.net/JSA11040 for more information.
PR Number Synopsis Category: Kernel Composite Next Hop (composite / l3vpn) Infrastructure
1287956 Not following the guideline of rebooting entire chassis after changing chassis network-services configuration can cause vmcore and crash of FPCs/routing-engines on chassis.
Product-Group=junos
When configuration at hierarchy [edit chassis network-services] is changed a reboot of chassis is needed to avoid any unexpected behavior. One such behaviour is an assert condition due to issues in nexthop allocation leading to vmcore and reboot of FPCs/REs on the chassis. This PR introduces changes to handle such assert conditions gracefully and to avoid FPC/RE crash. The guideline of rebooting the entire chassis when configuration change is made is still valid.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1450093 EX4300 : CLI config "on-disk-failure" is not supported
Product-Group=junos
On an EX4300 switch, the CLI configuration "set chassis routing-engine on-disk-failure disk-failure-action (reboot | halt)" is not supported.
1495307 The ps crash might be seen after executing 'request system snapshot recovery routing-engine both' command
Product-Group=junos
Multiple ps (process status) utility crash might be observed after executing 'request system snapshot recovery routing-engine both' command on platforms running 17.4 or higher releases.
1505864 The installation fails when upgrading from legacy Junos OS to specific BSDx-based Junos OS.
Product-Group=junos
The installation might fail when upgrading from legacy Junos (before Junos 15.1) to higher BSDx based Junos releases (Junos 15.1 and after).
PR Number Synopsis Category: "ifstate" infrastructure
1439906 On all Junos OS VM based platforms, FPC might reboot if jlock hog occurs.
Product-Group=junos
On a JUNOS VM using TSC clocking from the host system, "jlock hog" messages may be seen. This may lead to FPCs reboot.
PR Number Synopsis Category: IPv6/ND/ICMPv6 issues
1477824 Junos OS: Kernel panic upon receipt of specific TCPv6 packet on management interface (CVE-2021-0258)
Product-Group=junos
A vulnerability in the forwarding of transit TCPv6 packets received on the Ethernet management interface of Juniper Networks Junos OS allows an attacker to trigger a kernel panic, leading to a Denial of Service (DoS). Please refer to https://kb.juniper.net/JSA11149 for more information.
PR Number Synopsis Category: JUNOS Network App Infrastructure (for ping, traceroute, etc)
1502386 Arbitrary code execution vulnerability in telnet server (CVE-2020-10188).
Product-Group=junos
A vulnerability in the telnetd Telnet server allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. Refer to https://kb.juniper.net/JSA11057 for more information.
PR Number Synopsis Category: Kernel Tunnel Interface Infrastructure
1457414 On the QFX10000 line of switches, the Packet Forwarding Engine might crash after the Routing Engine switchover.
Product-Group=junos
On QFX10K platforms, the PFE process might crash after routing engine (RE) switchover if the device has GRE(Generic Routing Encapsulation) or p2p interface configuration. The issue is due to the internal tokens allocated for GRE or p2p interfaces on master RE are not sent to backup RE. Since these tokens are not available on backup RE, there will be issues post GRES (Graceful Routing Engine Switchover) as the new master will end up creating same tokens as the old master. These tokens are already received by PFE from old master, the PFE will reject the new tokens and may panic.
PR Number Synopsis Category: Protocol Independant Multicast
1501722 The rpd process might crash in a multicast scenario with BGP configured.
Product-Group=junos
In multicast scenario with BGP configured, when a new BGP link is brought up (such as, after updating specific BGP policies), which changes the RPF neighbor information and this update causes the rpd core to happen. The issue is seen only while updating RPF neighbor information and not seen while building it for the first time.
PR Number Synopsis Category: vMX Platform Infrastructure related issue tracking
1453967 The VMX might work abnormally in a large topology.
Product-Group=junos
In a large topology composed by hundreds VMX platforms, some of the VMX platforms might work abnormally, both VCP and VFP might work very slow or become unresponsive. This issue has service/traffic impact.
PR Number Synopsis Category: PTP related issues.
1421811 PTP might not work on MX104 if phy-timestamping is enabled.
Product-Group=junos
On MX104 platform with any 2-port license installed on 10G interfaces and phy-timestamping enabled in PTP, PTP might not work.
1451950 RMPC core files are found after the configuration changes are done on the network for PTP or clock synchronization.
Product-Group=junos
On the ACX/MX/QFX platform with PTP (Precision Time Protocol)/SyncE (Synchronous Ethernet) enabled, if configuration changes for the PTP/SyncE are combined with multiple events, the FPC core might be seen.
1458581 The FPC X major errors alarm might be raised after committing the PTP configuration change.
Product-Group=junos
On MX router with MPC5/MPC6/MPC7/MPC8/MPC9/MPC10 installed environment, after committing the PTP configuration change, the "FPC X major errors" alarm may be raised. This issue may cause interface flap and traffic loss.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1456742 The laser from the 10G SFP+ interface is still on when the interface is disabled or the device is rebooted
Product-Group=junos
On the QFX5210 platform, the laser is still emitting from 10G SFP+ port even though the interface is disabled or the device is rebooted. It will cause the peer's interface is still up and might impact traffic.
1504856 The DMA failure errors might be seen when the cache is full or flushes
Product-Group=junosvae
If the QFX5K TVP platform virtual chassis experiences cache flush or the cache is full, the DMA failure errors might be seen. It might cause the device not to accept ssh credentials and VC to go into the hang state.
PR Number Synopsis Category: QFX Control Plane Kernel related
1421250 The RIB installation or deletion time consumption is reduced.
Product-Group=junos
On QFX Series Virtual Chassis during shutdown, if an interrupt is received, the system gets into this state and vmcore is observed.
PR Number Synopsis Category: QFX platform optics related issues
1497947 On the QFX5210064C switches, the lcmd process generates a core file.
Product-Group=junosvae
The LCMD process is the Linux Chassis Management Management Daemon. Due to a bug in the I2C handling in the daemon, a core dump may be seen. There is no specific user-visible trigger for the core dump and you may see several erroneous alarms when the core dump occurs. These should clear after the daemon automatically restarts
PR Number Synopsis Category: QFX PFE Class of Services
1472771 On the EX4600 device, DSCP marking might not work as expected if the fixed classifiers are applied to interfaces.
Product-Group=junos
On QFX5000/EX4600 platforms, if the interfaces are configured with the fixed classifiers, when some specific configuration changes are committed, for example, the same forwarding-class is applied to two different interfaces at the same time, and then the forwarding-class for one of the interfaces is changed and committed to a different value, the Differentiated Services code point (DSCP) marking might not be able to work as expected since both physical interfaces are still having the same forwarding-class mapped in the hardware table due to this issue.
PR Number Synopsis Category: QFX L2 PFE
1497993 Traffic might get dropped if the aggregated Ethernet member interface is deleted or added, or a SFP of the aggregated Ethernet member interface is unplugged or plugged.
Product-Group=junos
On QFX5K/EX46xx platforms, if STP is configured on vlan but the AE interface which is part of that vlan is not configured with STP, after an AE member interface is deleted or a SFP of the AE member interface is unplugged, and when the deleted AE member interface is added back or the unplugged SFP is plugged again, traffic via that AE interface might get dropped. LACP and LLDP traffic are not affected by this issue.
1498092 request-pfe-execute CLI takes longer than 5 seconds to get a reply in Junos 18.4 QFX5100
Product-Group=junos
The default wait timeout for PFE commands sent from Junos CLI or its equivalent RPCs is 5 seconds. It takes more than 5 seconds sometimes in QFX5100 running Junos 18.4 which yields without a response. To increase the wait timeout, use the workaround to increase the timeout by the "timeout" option or tag at the end of the command
PR Number Synopsis Category: multicast source distribution protocol
1485206 Rpd memory leak might be seen in a certain looped MSDP scenario.
Product-Group=junos
On all Junos platforms running in the Multicast Source Discovery Protocol (MSDP) scenario, if there are multiple overlapping mesh groups existing in the topology, for example, node A and B belong to mesh group M, node A and D belong to mesh group N, while node B and D belong to a different mesh group O, the Source Active (SA) messages sent from node A might get continously looped due to this issue. This might lead to the rpd memory leak and 100% CPU utilization.
PR Number Synopsis Category: Bug and Review Tracking for Segment routing traffic eng
1513583 Modifying the segment list of the SR LSP might not work.
Product-Group=junos
If "source-packet-routing segment-list" is configured, change in the number of hops might not be able to trigger route change with updated segment list.
PR Number Synopsis Category: platform related PRs on SRX branch platforms
1482075 The flowd process might crash when ae/reth/fab/swfab is used
Product-Group=junos
On SRX300, SRX320, SRX340, SRX345, and SRX550M platforms with ae/reth/fab/swfab interfaces used, the flowd process might crash during system reboot or ae/reth/fab/swfab interfaces modification. This is a rare issue.
PR Number Synopsis Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1496265 Error message "PFEIFD: Could not decode media address with length 0" is generated by Packet Forwarding Engine when subscribers come up over a pseudowire interface.
Product-Group=junos
The error message "PFEIFD: Could not decode media address with length 0" can be observed when subscribers come up over a pseudowire interface, but there is no functional impact.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1501758 MAC learning request throttling mechanism could not work properly in a scale setup
Product-Group=junos
On EX92xx/MX/T/SRX platform with Trio FPCs, if scaling dynamic MAC learning happens (e.g., 10k+ MACs are learned per second), it could result in chipset hogging on FPC. Service on the affected FPC could be impacted due to this defect. The scaling dynamic MAC learning issue more likely happens if there is a loop in the system or high rate MAC learning in a Layer 2 network. The specific FPCs are as follows. EX9200-2C-8XS EX9200-32XS EX9200-40F EX9200-40F-M EX9200-40T MX-BUILTIN-FPC MS-MPC-128G MX-MPC1-3D MX-MPC1-3D-Q MX-MPC1E-3D MX-MPC1E-3D-Q MX-MPC2-3D MX-MPC2-3D-Q MX-MPC2-3D-EQ MX-MPC2E-3D MX-MPC2E-3D-Q MX-MPC2E-3D-EQ MX-MPC2E-3D-P MPC-3D-16XGE-SFPP MPCE-3D-16XGE-SFPP AS-MCC MX-MPC3E-3D MPC4E-3D-32XGE-SFPP MPC4E-3D-2CGE-8XGE T4000-FPC5-3D FPC5-LSR SRX5K-SPC-4-15-320 SRX5K-MPC
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1341610 General Routing Syslog error messages PFEIFD: Could not decode media address with length 0 might be generated by the Packet Forwarding Engine.
Product-Group=junos
The error message "PFEIFD: Could not decode media address with length 0" may be observed shortly after commit, but there is no functional impact.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1465171 Commit script does not apply changes in private mode unless you perform a full commit.
Product-Group=junos
Commit script does not apply changes in private mode unless a commit full is performed.
 

18.2R3-S5 - List of Known issues
PR Number Synopsis Category: ESWD
1192520 GARPs are being sent from the switch once in every 10 minutes.
Product-Group=junos
GARPs were being sent whenever there was a MAC (fdb) operation (add or delete). This is now updated to send GARP when the interface is up and l3 interface attached to the VLAN.
PR Number Synopsis Category: SFI Infra-structure
1485038 The following error message is observed continuously in AD with base configurations: IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) failed.
Product-Group=junos
EX 9251 Summit-B54 : "IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) error message is observed continuously in AD with base configurations.
PR Number Synopsis Category: EX9200 Platform
1448368 On the EX9214 device, the following error message are observed after reboot and MACsec-enabled link flaps: errorlib_set_error_log(): err_id(-1718026239).
Product-Group=junos
On the EX9214 device, if the MACsec-enabled link flaps after reboot, the error "errorlib_set_error_log(): err_id(-1718026239)" is observed.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1481987 Multicast traffic loss might be seen in certain conditions while enabling IGMP snooping under EVPN-VXLAN ERB scenario.
Product-Group=junos
On QFX5110 and QFX5120 platform that is running as a Layer 3 VXLAN gateway, if the "igmp-snooping" statement is enabled in partial but not for all bridge domains, multicast traffic loss could be observed in non-igmp snooping bridge domains.
PR Number Synopsis Category: PRs related to channelized E1/T1 mic
1442820 JDI MMX REGRESSIONS:MX104:T1 mode interfaces link protocol is not coming up with cisco-hdlc encapsulation
Product-Group=junos
mode interfaces link protocol is not coming up with cisco-hdlc encapsulation
PR Number Synopsis Category: Class of Service
1329141 CoS is incorrectly applied on the Packet Forwarding Engine, leading to egress traffic drop.
Product-Group=junos
On ACX5K/EX4600/QFX5100 series platforms, in some cases, CoS configuration is not applied appropriately in the Packet Forwarding Engine, leading to unexpected egress traffic drop on some interfaces.
PR Number Synopsis Category: Device Configuration Daemon
1519334 Buffer overflow vulnerability in a device control daemon is observed.
Product-Group=junos
A stack buffer overflow vulnerability in the device control daemon (DCD) on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service (DoS) against the daemon or execute arbitrary code in the system with root privilege. Please refer to https://kb.juniper.net/JSA11061 for more information.
PR Number Synopsis Category: Express ASIC interface
1418425 Traffic loss could be seen for duration of hold-time down timer when flapping an interface with hold-time down timer configured
Product-Group=junos
On PTX with FPC3 installed, traffic loss could be seen for duration of hold-time down timer when flapping an interface with hold-time down timer configured.
PR Number Synopsis Category: jdhcpd daemon
1511782 Receipt of malformed DHCPv6 packets causes jdhcpd to crash (CVE-2020-1671).
Product-Group=junos
On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dump if a malformed DHCPv6 packet is received, resulting with the restart of the daemon. Refer to https://kb.juniper.net/JSA11068 for more information.
PR Number Synopsis Category: Juniper Device Manager User Interface includes cli, mgmt
1452431 Junos OS: NFX Series: Local Command Execution Vulnerability in JDMD Leads to Privilege Escalation (CVE-2021-0253)
Product-Group=junos
NFX Series devices using Juniper Networks Junos OS are susceptible to a local command execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon (JDMD) process. Refer to https://kb.juniper.net/JSA11146 for more information.
PR Number Synopsis Category: jpppd daemon
1488302 MPLS VPN label can point to the discard next hop after a Routing Engine switchover without NSR if the egress interface is pp0.
Product-Group=junos
The traffic (which is destined to the hosts behind static PPPoE subscriber's CPE device) drop is seen due to bad MPLS VPN label (which points to discard next-hop) after RE switchover without NSR. The traffic destined to the CPE device itself is not affected.
PR Number Synopsis Category: Flow Module
1500091 On SRX Series devices, when the GRE or IP-IP tunnel is used, if some interface change events happen (such as, interface flapping), traffic drop might be seen.
Product-Group=junos
On all SRX platforms, when GRE/IPIP tunnel is used, if some interface change events happen (such as, interface flapping), traffic drop might be seen. In detail, when interface flaps, route might be changed, and the GRE/IPIP tunnel may select different egress interfaces which are in different security zones, then the GRE/IPIP tunnel reroute may fail and the packets going into the tunnel may be dropped.
PR Number Synopsis Category: IPSEC/IKE VPN
1473698 The IPSec memory leak might occur when querying the IPSec stats via CLI or SNMP.
Product-Group=junos
On all SRX Series platforms, the IPSec memory leak might happen when the IPSec stats is queried via CLI or SNMP. And 150 Bytes is leaked for each IPsec stats query. As a result, the device might stop passing traffic.
PR Number Synopsis Category: Security platform jweb support
1513887 Junos OS: Denial of Service vulnerability in J-Web and web based (HTTP/HTTPS) services caused by a high number of specific requests (CVE-2021-0261)
Product-Group=junos
A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Captive Portal allows an unauthenticated attacker to cause an extended Denial of Service (DoS) for these services by sending a high number of specific requests. Refer to https://kb.juniper.net/JSA11152 for more information.
1518212 Junos OS: Privilege escalation in J-Web due to arbitrary command and code execution via information disclosure from another user's active session (CVE-2021-0210)
Product-Group=junos
An Information Exposure vulnerability in J-Web of Juniper Networks Junos OS allows an unauthenticated attacker to elevate their privileges over the target system through opportunistic use of an authenticated user's session. Please refer to https://kb.juniper.net/JSA11100 for more information.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1406691 Some interfaces of aggregated Ethernet bundle might go to the Detached state after the bulk configurations change
Product-Group=junos
On QFX5000 platforms with scaled setup of the aggregated Ethernet (ae) bundles and VLANs, if Link Aggregation Control Protocol (LACP) is enabled, and there are scaled configuration changes, for example, delete 4000 VLANS/VXLANs and reapply them again, some interfaces of ae bundle might go to the detached state. Due to this issue, the running routing protocols (for example, LACP and BGP) will go down over the affected ae bundles.
1505976 VRRPv6 might not work in an EVPN scenario.
Product-Group=junos
In an EVPN scenario with VRRPv6 is used, the Ethernet source MAC address might be used for IPv6 mac-ip binding when the NA is sent from VRRPv6 master. AS this unexpected behavior is triggered at regular intervals, it causes the entries to keep refreshing in the EVPN database because NS from VRRPv6 master changes the mac-ip binding. This impacts the traffic.
PR Number Synopsis Category: MX2010 platform software
1388076 On the MX2000 router, the following error message might be observed if the MPC7 line card is offline when the Routing Engine switchover occurs: Failed to get xfchip.
Product-Group=junos
On the MX2000 router, the following error message might be observed if the MPC7 line card is offline when the Routing Engine switchover occurs: Failed to get xfchip.
PR Number Synopsis Category: TCP/UDP transport layer
1394370 The command "commit synchronize" might fail because several internal connections are stuck
Product-Group=junos
Command "commit synchronize" might fail due to kernel TCP socket stuck, the stuck can also result in login failure to the Backup RE from Master RE or to an FPC.
PR Number Synopsis Category: vMX Platform Infrastructure related issue tracking
1423575 Junos OS: vMX and MX150: Denial of Service vulnerability in packet processing (CVE-2020-1627)
Product-Group=junos
A vulnerability in Juniper Networks Junos OS on vMX and MX150 devices may allow an attacker to cause a Denial of Service (DoS) by sending specific packets requiring special processing in microcode that the flow cache can't handle, causing the riot forwarding daemon to crash. By continuously sending the same specific packets, an attacker can repeatedly crash the riot process causing a sustained Denial of Service. Refer to https://kb.juniper.net/JSA11006 for more information.
PR Number Synopsis Category: PTP related issues.
1507782 In the PTP environment, some vendor devices acting as passive peers are expecting to receive announce messages at an interval of -3 (8pps) from the upstream master device.
Product-Group=junos
In the PTP environment some vendor devices acting as passive peers expecting to receive announce messages at an interval of -3 (8pps) from the active peer device. As of today announce messages are configurable in the range of 0 to 3. To support the above requirement engineering provided a hidden cli knob "set protocol ptp master announce-interval -3". In the networks/design where we have this requirement, we can configure the hidden cli otherwise regular cli which is in the range (0 to 3) can be configurable. Both the cli knobs are mutually exclusive, commit error is expected if both are configured. This new change is applicable to ACX platforms only excluding ACX5k.
PR Number Synopsis Category: QFX ISSU Infrastructure
1490799 After ISSU or ISSR, a port using SR4 or LR4 optics might not come up.
Product-Group=junos
On QFX5100/5200 platforms, a port using SR4/LR4 optics might not come up after ISSU (In-Service Software Upgrade)/ISSR (In-Service Software Reboot).
PR Number Synopsis Category: QFX L2 PFE
1500825 On the QFX5000 switches, ERPS might not work correctly.
Product-Group=junos
On QFX5k platforms, Ethernet ring protection switching (ERPS) might not work correctly due to ERPS instance programming failure in hardware which might cause a loop in the network.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1441517 Junos OS: MX Series: MS-MPC/MIC might crash when processing malformed IPv6 packet in NAT64 configuration. (CVE-2020-1680)
Product-Group=junos
On Juniper Networks MX Series with MS-MIC or MS-MPC card configured with NAT64 configuration, receipt of a malformed IPv6 packet may crash the MS-PIC component on MS-MIC or MS-MPC. This issue occurs when a multiservice card is translating the malformed IPv6 packet to IPv4 packet. Refer to https://kb.juniper.net/JSA11077 for more information.
PR Number Synopsis Category: Bug and Review Tracking for Segment routing traffic eng
1505418 S-BFD session might be unable to get up if multiple IP addresses are configured in lo0 interface
Product-Group=junos
On all Junos platforms running in Segment Routing (SR) and Traffic Engineering (TE) scenario, if there are multiple IP addresses configured in lo0 interface, however the least IP address couldn't be used as the Seamless Bidirectional Forwarding Detection (S-BFD) source address, for example, the least IP address is configured as anycast IP and shared by several devices, the S-BFD session might be unable to get up due to this issue.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1513509 During route table object fetch failure, FPC may crash.
Product-Group=junos
Due to rare timing issue, the FPC might crash because of route table object fetch failure in EVPN multihoming scenario.
 

 

Modification History:
2021-04-24 Adding "Known Issue" table back after review. PRs that missed documentation has been added in both tables (there is no change in software, only documentation)
2021-04-16 Removed "KNOWN ISSUE" table due to data inaccuracy
2021-02-03 Update to remove PR1469400 from the "KNOWN ISSUE" - The PR was incorrectly documented as not fixed in this version. However, it was fixed since 18.2R3-S3.
2020-09-18 Update to include a warning about PFE memory leaks when using IRB with VPLS/Bridge-domain
First publication 2020-07-02
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search