Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles18.4R3-S4: Software Release Notification for JUNOS Software Version 18.4R3-S4
Junos Software service Release version 18.4R3-S4 is now available.
18.4R3-S4 - List of Fixed issues| PR Number | Synopsis | Category: DOT1X |
|---|---|---|
| 1512724 | DOT1XD_AUTH_SESSION_DELETED event is not triggered with single supplicant mode Product-Group=junos |
When a 802.1X session terminates, an event denoting the same was not logged in single supplicant mode. As fix, a new event "DOT1XD_USR_SESSION_DISCONNECTED" is logged consistently whenever a session terminates irrespective of supplicant mode. "DOT1XD_AUTH_SESSION_DELETED" events still get generated too but only for multiple and single-secure supplicant modes (as per design). |
| PR Number | Synopsis | Category: EX4300 Platform |
| 1405262 | EX4300 : Alarm with removal of PEM (Power supply) Product-Group=junos |
EX4300 : When PEM (Power supply) is removed, Alarm was not generated. With this fix, Alarm will be generated and ALM LED will be illuminated with yellow. |
| PR Number | Synopsis | Category: MX10008/16 Platform |
| 1420571 | "show chassis power" output status doesn't seem right and there are also similar error messages in the syslog after turn off / on power feed Product-Group=junos |
After changing the power feed(s), either turn off or turn on, show chassis power outputs do not match real condition and there are also incorrect Syslog information recorded. |
| 1420571 | "show chassis power" output status doesn't seem right and there are also similar error messages in the syslog after turn off / on power feed Product-Group=junosvae |
After changing the power feed(s), either turn off or turn on, show chassis power outputs do not match real condition and there are also incorrect Syslog information recorded. |
| PR Number | Synopsis | Category: QFX PFE CoS |
| 1510365 | Traffic might be forwarded to wrong queue when fixed classifier is used Product-Group=junos |
If L2 access or vlan bridge IFL is created after fixed classifier is applied, the traffic matching the fixed classifier might be forwarded in unexpected queue, it might cause congestion unexpectedly hence there is traffic impact. |
| 1510365 | Traffic might be forwarded to wrong queue when fixed classifier is used Product-Group=junosvae |
If L2 access or vlan bridge IFL is created after fixed classifier is applied, the traffic matching the fixed classifier might be forwarded in unexpected queue, it might cause congestion unexpectedly hence there is traffic impact. |
| PR Number | Synopsis | Category: Border Gateway Protocol |
| 1396344 | Processing a large scale as-path regex will cause the flap of the route protocols Product-Group=junos |
When 'as-path-group' is configured under BGP, if a configuration with a large scale as-path regex is committed, the route protocols flap might be seen. |
| PR Number | Synopsis | Category: BBE Remote Access Server |
| 1489339 | The authd logs events might not be sent to syslog host when destination-override is used Product-Group=junos |
On MX Series platforms, when destination-override is used(root@user# set system tracing destination-override syslog host ), the user access events are not sent to the external syslog server. |
| PR Number | Synopsis | Category: dhcpd daemon |
| 1471161 | DHCP relay with forward-only might fail to send OFFER messages when DHCP client is terminated on logical tunnel interface Product-Group=junos |
On all Junos platforms, when DHCP relay is configured with forward-only, and DHCP client is terminated on logical tunnel interface that multiple IFLs under this lt- interface have a same VLAN, DHCP relay might fail to send OFFER messages. |
| PR Number | Synopsis | Category: Express PFE L2 fwding Features |
| 1352805 | QFX10000 platform drops Aruba wireless AP heartbeat packets Product-Group=junos |
QFX10000 platform drops the Aruba wireless access point (AP) heartbeat packets. As a result, the Aruba wireless AP cannot work. |
| 1442587 | The PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb Product-Group=junos |
Path MTU Discovery (PMTUD) is a standardized technique for determining the maximum transmission unit (MTU) size on the network path between two IP hosts, usually with the goal of avoiding IP fragmentation. On QFX10K platforms, the PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb. The corresponding ICMP Fragmentation Needed packet to the sender might be dropped silently, then PMTUD fails. This issue has service impact. |
| PR Number | Synopsis | Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip |
| 1401396 | The rpd might crash when condition-manager policy is configured for routing table and the same routing table is repeatedly deleted then re-added Product-Group=junos |
The rpd might crash and restart when condition-manager policy is configured for routing table and the same routing table is repeatedly deleted then re-added. The issue is not fixed in 19.2R1, and it is fixed in 17.4R2-S8-J1 17.4R2-S9 18.2X75-D33 19.2R2 19.2R2-EVO 19.3R1 19.3R1-EVO 19.4R1. |
| PR Number | Synopsis | Category: Optical Transport Interface |
| 1475777 | The interface on MIC3-100G-DWDM might be going down after performing an interface flap Product-Group=junos |
On MX with MIC3-100G-DWDM installed, after performing an interface flap, the interface on 100G DWDM MIC might be going down. |
| PR Number | Synopsis | Category: User Firewall related issues |
| 1499090 | Don't use capital characters for source-identity when using "show security match-policies" cmd. Product-Group=junos |
When using "show security match-policies" cmd to match a policy with source-identity configured, only the non-capital source-identity name can be matched by policy. |
| PR Number | Synopsis | Category: Layer 2 Circuit issues |
| 1512834 | The rpd might crash when deleting l2circuit configuration in a specific sequence Product-Group=junos |
If l2circuit local-switching is enabled with connection-protection, the rpd could crash in the following configuration change sequence. 1. First, delete the logical interface (IFL) used by a l2circuit and commit the change. 2. Then, delete the corresponding l2circuit configuration. The rpd could crash after committing the change. |
| PR Number | Synopsis | Category: Layer 2 Control Module |
| 1505710 | The l2cpd crash might be seen if adding/deleting ERP config and then restart l2cpd Product-Group=junos |
Core files are generated if you add or delete ERP configuration multiple times and restarted l2cpd or rebooted the box. If this issue is happened, l2cpd does not recover again and generates core file continuously. |
| PR Number | Synopsis | Category: Layer2 forwarding on EX/NTF/PTX/QFX |
| 1512802 | [MX] l2ald memory leak upon addition/deletion of vxlan routing-instances and interfaces Product-Group=junos |
On MX series platforms, l2ald (layer 2 address learning daemon) memory leaks upon addition/deletion of vxlan routing-instances and interfaces. |
| PR Number | Synopsis | Category: Label Distribution Protocol |
| 1509578 | Activating/Deactivating LDP-sync under OSPF might cause LDP neighborship to go down and stay down Product-Group=junos |
When container-label-switched-path is configured with ldp-tunneling, LDP targeted adjacency may go down and stay down after configuration not related to container-label-switched-path is modified. |
| PR Number | Synopsis | Category: PTP related issues. |
| 1421811 | PTP might not work on MX104 if phy-timestamping is enabled Product-Group=junos |
On MX104 platform with any 2-port license installed on 10G interfaces and phy-timestamping enabled in PTP, PTP might not work. |
| 1477192 | QFX10002-36Q/72Q: Continous Error logs on the device: prds_ptc_wait_adoption_status: PECHIP[1] PTC[1]: timeout on getting adoption valid bit[8] asserted Product-Group=junosvae |
Specific PTP error logs seen on QFX10002-36Q/72Q switch even though there is no PTP configuration on the device. Errors keeps on occurring every 2 to 4 minutes. Error logs could still appear even after Hard reboot. |
| PR Number | Synopsis | Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous) |
| 1387098 | Traffic loss may be observed due to switch modular failure on CB Product-Group=junos |
On QFX10008/QFX10016/PTX10008/PTX100016 platforms, traffic loss might be observed because of switch modular failure on the Control Board (CB). This failure further causes all SIBs to be marked as faulty and causes FPCs to restart until Routing Engine switchover occurs. |
| PR Number | Synopsis | Category: QFX L2 PFE |
| 1497993 | Traffic might get dropped if AE member interface is deleted/added or a SFP of the AE member interface is unplugged/plugged Product-Group=junos |
On QFX5K/EX46xx platforms, if STP is configured on vlan but the AE interface which is part of that vlan is not configured with STP, after an AE member interface is deleted or a SFP of the AE member interface is unplugged, and when the deleted AE member interface is added back or the unplugged SFP is plugged again, traffic via that AE interface might get dropped. LACP and LLDP traffic are not affected by this issue. |
| 1504354 | LLDP is not acquired when native-vlan-id and tagged vlan id are the same on a port Product-Group=junos |
LLDP packets are not acquired when native-vlan configured is same as tagged vlan-id. |
| PR Number | Synopsis | Category: Resource Reservation Protocol |
| 1434522 | Traffic loss might happen if p2mp with NSR enabled Product-Group=junos |
In p2mp with NSR scenario, when the switchover happens, the traffic might be lost due to the correct forwarding states is not synchronized to old Backup RE. |
| 1505834 | The rpd process might crash with RSVP configured in a rare timing case Product-Group=junos |
On all Junos platforms running with the Resource Reservation Protocol (RSVP) configured, when some socket error happens, RSVP might be unable to send message, however the counter for sent messages has already been increased due to the software design defect. The wrong counter might lead to the rpd process crash. It's a rare timing issue and it might be more likely to happen in a scaled scenario. |
| PR Number | Synopsis | Category: SNMP Infrastructure (snmpd, mib2d) |
| 1473288 | SNMP trap coldStart agent-address becomes 0.0.0.0. Product-Group=junos |
Agent-address on snmp trap coldStart might not be expected as configured. |
| PR Number | Synopsis | Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP) |
| 1489942 | Prolonged flow-control might happen on MX platforms with MS-MPC/MS-MIC Product-Group=junos |
On MX platforms with MS-MPC/MS-MIC, if there are lots of self-generated packets like TCP-tickle and UDP-logging, there might be data congestion on the data path due to no throttling functionality for such types of packets. When the data path is blocked, prolonged flow-control might happen with the service interfaces being brought down and the PIC reboot. At the same time, the mspmand core file will be generated if dump-on-flow-control is enabled. |
| PR Number | Synopsis | Category: SFW, CGNAT on MS-MIC/MS-MPC (XLP) |
| 1496211 | The B4 might not able to establish the softwire with AFTR Product-Group=junos |
In dual-stack lite (DS-Lite) scenario, if the DS-Lite softwire-initiator (such as B4) and the Address Family Transition Router (AFTR, it acted as softwire-concentrator) is deployed with service-set included multiple softwire-rules, the wrong rule-id might be chosen for the traffic including either normal data packet or Port Control Protocol (PCP) mapping requested from the basic bridging broadband (B4) subscribers. It might cause the failures on the allocation of subscribers and choice of softwire sessions, then the subscribers behind the B4 are unable to establish a softwire (an IPv4-over-IPv6 tunnel) to AFTR. |
| PR Number | Synopsis | Category: Trio pfe bridging, learning, stp, oam, irb software |
| 1503947 | MPCs may crash when there is a change on routes learnt on IRB interface configured in VPLS/EVPN instances Product-Group=junos |
On MX platforms, when an IRB interface is configured in VPLS/EVPN instances, MPCs might crash if the routes learnt on the IRB interface change. |
| PR Number | Synopsis | Category: V44 Aggregation Device Platforms |
| 1490101 | The extended ports on cluster EX4300s always show half-duplex from the Aggregate Device Product-Group=junos |
In Fusion environment, if the satellite device is a cluster EX4300, the Aggregate Device may show the extended ports on the cluster EX4300 working in "Half-Duplex" mode, even though the ports are actually working in "Full-Duplex" mode. |
| PR Number | Synopsis | Category: Junos Upgrade |
| 1505864 | SRX5k fails to upgrade to some Junos versions directly from 15.1X49 with "ERROR: unsupported h/w" Product-Group=junos |
On SRX5000 series, when upgrading Junos from a 15.1X49 release to specific higher Junos releases, the installation will fail with the message "ERROR: unsupported h/w". Affected target releases are Junos 18.4R3-S2 and 18.4R3-S3. |
| PR Number | Synopsis | Category: PFE L2 |
|---|---|---|
| 1480132 | On QFX5100, fxpc CPU utilization is increased after Broadcom SDK upgrade to 6.5.x from 5.3.x Product-Group=junos |
On QFX5100 switches, FXPC CPU utilization is increased due to high number of active ports after third-party (Broadcom ) SDK upgrade to 6.5.x from 5.3.x. |
| PR Number | Synopsis | Category: All issues related to L3 data-plane/forwarding |
| 1481987 | Multicast traffic loss could be seen in certain conditions while enabling IGMP snooping under EVPN-VXLAN ERB scenario Product-Group=junos |
On QFX5110 & QFX5120 platform, which is running as Layer 3 VxLAN gateway, if "igmp-snooping" is enabled in partial but not for all bridge-domains, multicast traffic loss could be observed in non-igmp snooping bridge-domains. |
| PR Number | Synopsis | Category: Miscellaneous PFE on ACX 500,1k,2k,4k,5k series |
| 1407098 | High CPU utilization of fxpc process may be observed with class-of-service changes on interfaces Product-Group=junos |
On ACX5048/ACX5096 platforms, when applying COS configurations (schedulers related) on interfaces, the CPU utilization on fxpc process might be seen. And it might affect service. |
| PR Number | Synopsis | Category: functionality related to Broadband Remote Access Server |
| 1402653 | The subscribers might need to take login retry in the scenario with high usage of the address pool Product-Group=junos |
On all Junos platforms running in subscriber scenario with address pool configured, if the address pool has high usage so that only few addresses are free to allocate, when there are subscribers logout and login, the released address by one subscriber might get re-used and allocated to the other subscriber very soon. Due to this issue, syslog error messages might be seen, and the affected subscriber might need to take retry for login. |
| PR Number | Synopsis | Category: EVPN control plane issues |
| 1485377 | The ARP entry is gone from kernel after adding and deleting the virtual-gateway-address Product-Group=junos |
On MX/QFX10002/QFX10008/QFX10016 devices within an EVPN-MPLS active-active multi-homing mode, when adding and deleting the virtual-gateway-address, the ARP entry to CE might disappear from the kernel. |
| PR Number | Synopsis | Category: Express PFE L2 fwding Features |
| 1446291 | On QFX10K platforms removing EVPN-VXLAN L3 Gateway on the IRB interface from spine switches might cause black holing of traffic Product-Group=junos |
On QFX10000 platforms, in an EVPN-VXLAN (spine-leaf) scenario, the QFX10000 spine switches are configured with VXLAN Layer 3 gateway (utilizing the virtual gateway) on an IRB interface. If you enable and then subsequently remove the VXLAN Layer 3 gateway on this IRB interface on one or some of these spine switches, traffic drop might be observed. As a workaround, configure all virtual gateways with unique IPv4 or IPv6 MAC address. |
| PR Number | Synopsis | Category: Express pfe Mclag |
| 1464409 | Traffic does not forward across ICL when SFP is not inserted on a MC-LAG link with Enhanced convergence Product-Group=junos |
Traffic does not forward across ICL when SFP is not inserted on a MC-LAG link with Enhanced convergence |
| PR Number | Synopsis | Category: Libjtask and RPD's tasks, scheduler, timers,memory, and slip |
| 1456611 | MPLS Statistics file not rolling over / rotating and keeps on growing indefinitely Product-Group=junos |
With 64-bit RPD running with MPLS statistics configured, the MPLS statistics file is not rotating/rolling over as per the configured file size limit and the logs continue to be written to a single file continuously. user@router1> show configuration protocols mpls statistics { file mpls.statistics size 10m files 10; interval 60; } user@router1> file list /var/log/mpls* detail -rw-r----- 1 root wheel 1146845922 Aug 14 01:34 /var/log/mpls.statistics <<<<< 10MB This issue is specific to 64-bit RPD. To check if RPD is running in 32-bit or 64-bit, use the "show system processes | match rpd" command: The output should contain `/usr/libexec64/rpd' for 64-bit mode and for 32-bit mode, it should contain `/usr/sbin/rpd' |
| PR Number | Synopsis | Category: Firewall Policy |
| 1500938 | The srxpfe/flowd process might crash due to memory corruption within JDPI Product-Group=junos |
On SRX/MX platforms, if there are any services (e.g. AppID, IDP, APBR and so on) running based on Juniper Deep Packet Inspection (JDPI), when the work load is reaching heavy level, for example, above 50% of max connection per second for Layer 7 security policy, or 30% for IDP, the srxpfe/flowd process might crash due to memory corruption caused by this issue. |
| PR Number | Synopsis | Category: Layer 2 Control Module |
| 1473610 | ERP might not come up properly when MSTP and ERP are enabled on the same interface. Product-Group=junos |
When both MSTP and ERP are enabled on the same interface, then ERP does not come up properly. |
| PR Number | Synopsis | Category: l2 forwarding on non atlas platforms |
| 1505976 | VRRPv6 might not work in EVPN scenario Product-Group=junos |
In EVPN scenario with VRRPv6 used, the ethernet source mac address might be used for IPv6 mac-ip binding when the NA is sent from VRRPv6 master, as this unexpected behavior is triggered on regular intervals, it causes the entries to keep refreshing in EVPN database because NS from VRRPv6 master changes the mac-ip binding. Hence it has traffic impact. |
| PR Number | Synopsis | Category: MX104 Software - Chassis Daemon |
| 1453893 | FPC/PFE crash may happen with ATM MIC installed in the FPC Product-Group=junos |
FPC crash on MX240 and MX2020 routers or Packet Forwarding Engine crash on MX104 routers might happen when the MIC-3D-8OC3-2OC12-ATM is installed and ATM interface is configured. |
| PR Number | Synopsis | Category: Kernel-only Base FreeBSD Infrastructure |
| 1450093 | EX4300 : CLI config "on-disk-failure" is not supported Product-Group=junos |
On an EX4300 switch, the CLI configuration "set chassis routing-engine on-disk-failure disk-failure-action (reboot | halt)" is not supported. |
| 1510224 | Issuing the CLI command "request system zeroize" or upgrade on EX2300 may cause the console unresponsive Product-Group=junos |
Issuing the CLI command "request system zeroize" or upgrade on EX2300 may cause the console unresponsive. |
| PR Number | Synopsis | Category: Kernel Stats Infrastructure |
| 1462986 | Slow response from SNMP might be observed after an upgrade to Junos OS Release 19.2R1 and later. Product-Group=junos |
Slow response introduced with PR/1411303 fix, is getting resolved with this PR. |
| PR Number | Synopsis | Category: PRs for PTP related issues. |
| 1507782 | CLI knob to configure announce-interval as -3 so that the announce messages rate will be set to 8pps Product-Group=junos |
In PTP environment some vendor devices acting as slave expecting announce messages at an interval of -3 (8pps) from upstream master device. As of today announce message are configurable in range of 0 to 3. To support the above requirement engineering provided a hidden cli knob "set protocol ptp master announce-interval -3". In the networks/design where we have this requirement we can configure the hidden cli otherwise regular cli which is in the range (0 to 3) can be configurable. Both the cli knobs are mutually exclusive, commit error is expected if both are configured. This new change is applicable to ACX platforms only excluding ACX5k. |
| PR Number | Synopsis | Category: QFX ISSU Infrastructure |
| 1490799 | After ISSU/ISSR, a port using SR4/LR4 optics may not come up Product-Group=junos |
On QFX5100/5200 platforms, a port using SR4/LR4 optics might not come up after ISSU (In-Service Software Upgrade)/ISSR (In-Service Software Reboot). |
| PR Number | Synopsis | Category: PFE L2 |
| 1500825 | The ERPS might not work correctly on QFX5k Product-Group=junos |
On QFX5k platforms, Ethernet ring protection switching (ERPS) might not work correctly due to ERPS instance programming failure in hardware which might cause loop in the network. |
| 1515254 | On QFX5000 and EX46xx with VXLAN enabled , ARP request may get dropped if storm control is configured Product-Group=junos |
ARP request get dropped on QFX5000 and EX46xx devices when all of the following condition are met. 1.Storm control is enabled on any of the port. 2.VXLAN is enabled 3.Arp-suppression is enabled. |
| PR Number | Synopsis | Category: Resource Reservation Protocol |
| 1458527 | RSVP interface bandwidth calculation might be incorrect when RSVP subscription percentage is configured under RSVP interface Product-Group=junos |
When setting LSP bandwidth constraint and signaling LSP, the remaining bandwidth can be less than the expected one like in the below example. It is not allowing further reservation through this link. user@device> show rsvp interface RSVP interface: 2 active Active Subscr- Static Available Reserved Highwater Interface State resv iption BW BW BW mark et-0/1/0.0 Up 1 90% 100Gbps 4.99999Gbps 85Gbps 90Gbps <<<<<< So if trying to signal a new LSP with bandwidth 5G through this link it will fail. |
| PR Number | Synopsis | Category: Interface Issues seen on Stout cards (MPC7, MPC8, MPC9) |
| 1513321 | Tunable params wavelength set via the cli configuration is not set on SFP+-10G-T-DWDM-ZR optics when the optics is placecd on MPC7E 3D 40XGE line card. Product-Group=junos |
Tunable params wavelength set via the cli configuration is not set on SFP+-10G-T-DWDM-ZR optics when the optics is placecd on MPC7E 3D 40XGE line card. |
| PR Number | Synopsis | Category: Stout cards (MPC8, MPC9) fabric issues |
| 1395591 | MPC9E throughput degradation after offline SFB2 on MX2008 Product-Group=junos |
On MX2008 routers with MPC9E, in a line rate traffic with a redundant SFB2 scenario, if you offline one redundant SFB2, there might be tail or sometimes WRED drops in MPC9E, resulting in partial traffic loss. Under normal circumstances, the SFBs should be auto-failover if one of them fails, and there should be only a few packets dropped momentarily. |
| PR Number | Synopsis | Category: Issues related to mgd, DAX API, DDL/ODL infrastructure, Juno |
| 991081 | The configuration change on Backup RE cannot be synchronized while deleting inactivated interfaces/routing-instances from master Product-Group=junos |
In the dual Routing Engine scenario, the backup Routing Engine does not sync up the configuration change while deleting an inactivated interface/routing-instances from the master. So after the operation, the inactivated interface/routing-instances still exists on the backup Routing Engine. |
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search