Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

16.1R7-S8: Software Release Notification for JUNOS Software Version 16.1R7-S8

0

0

Article ID: TSB17820 TECHNICAL_BULLETINS Last Updated: 13 Jul 2020Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, T, TX, PTX, MX, QFX5100, VMX, VRR, Network Agent
Alert Description:
Junos Software Service Release version 16.1R7-S8 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 16.1R7-S8 is now available. JUNOS software version 16.1R7 reaches end of engineering (EOE) on 2020-07-28 and end of support (EOS) on 2021-01-28

16.1R7-S8 - List of Fixed issues

PR Number Synopsis Category: QFX PFE CoS
1510365 Traffic might be forwarded to wrong queue when fixed classifier is used
Product-Group=junos
If L2 access or vlan bridge IFL is created after fixed classifier is applied, the traffic matching the fixed classifier might be forwarded in unexpected queue, it might cause congestion unexpectedly hence there is traffic impact.
PR Number Synopsis Category: Border Gateway Protocol
1497721 Junos OS: Receipt of certain genuine BGP packets from any BGP Speaker causes RPD to crash. (CVE-2020-1640)
Product-Group=junos
An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon allows an attacker to crash RPD thereby causing a Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11024 for more information.
PR Number Synopsis Category: BBE Remote Access Server
1502274 The LTS is incorrectly sending the access-request with the Tunnel-Assignment-ID which is not compliant with RFC 2868
Product-Group=junos
In LTS (L2TP Tunnel Switch) scenario when the MX sending the access-request to the RADIUS (Remote Access Dial-In User Service) for the LTS client, it incorrectly includes the Tunnel-Assignment-ID which is not compliant with RFC 2868. It results in the RADIUS reject the access-request and the LTS client authentification fails.
PR Number Synopsis Category: MX Platform SW - Environment Monitoring
1395539 The minor alarm of "Bottom Fan Tray Pred Fail" might be wrongly raised when the fan speed is at high speed on MX960
Product-Group=junos
On the MX960 a check of the "actual" fan speed is compared to the "set" fan speed. If the difference between the actual fan speed and the set fan speed is greater than 20% the system uses this to predict that the fan might be about to fail. When the fans are set to run in high speed mode, some deviation from the set fan speed is expected to occur with the fans and it is expected to sometimes see a deviation greater than 20%. Going forward this 20% tolerance check will be disabled while running in high speed mode.
PR Number Synopsis Category: PTX Chassis Manager
1380056 Remove the chassisd alarms for FPCs exceeding 90 percent of power budget and exeeding 100 percent of power budget
Product-Group=junos
Starting in Junos OS Release with this change, PTX Series Routers do not raise a chassis alarm in the following events; instead, it registers a system log.
PR Number Synopsis Category: Tracking sw issues related to Channelized 4xOC3/1xOC-12 Mic
1396538 MPC card/AFEB/TFEB with Channalized OC MIC might crash with core dump
Product-Group=junos
On MX Series platforms, if channelized OC MIC (such as 1xCOC12/4xCOC3 CH-CE) is used, the MPC card/AFEB/TFEB (Forwarding Engine Board) might crash with core files generated. This is not easily reproducible. The traffic through the MIC would be impacted.
1420983 The FPC CPU might be hogged if channelized interfaces are configured
Product-Group=junos
On MX Series platform, with 1xCOC12 or 4XCOC3 used, if channelized interfaces are configured, FPC CPU overuse might be seen.
PR Number Synopsis Category: OpenSSL and related subsystems
1479780 OpenSSL Security Advisory [20 Dec 2019]
Product-Group=junos
The ?OpenSSL project has published a security advisory for a vulnerability resolved in the OpenSSL library on December 20, 2019. Refer to https://kb.juniper.net/JSA11025 for more information.
PR Number Synopsis Category: Device Configuration Daemon
1350192 The link-degrade-monitor configuration might cause the commit sync failure on backup RE
Product-Group=junos
On Junos platform along with redundant Routing Engine, if both link-degrade-monitor and any other configurations are configured on a port, commit synchronize might fail on the backup RE. If this occurs, the configuration might be lost after switchover and thus it might cause traffic loss.
PR Number Synopsis Category: Express PFE CoS Features
1347805 QFX10000 platforms might encounter a chassis alarm indicating "FPC 0 Major Errors - PE Error code: 0x2100ba".
Product-Group=junos
QFX10000 platforms may encounter a chassis alarm indicating "FPC 0 Major Errors - PE Error code: 0x2100ba". This error is incorrectly categorized as 'Major' and it can be safely ignored unless it is encountered with high frequency. Future Junos releases will recategorize this message to "Info" severity.
PR Number Synopsis Category: Express PFE Services including JTI, TOE, HostPath, Jflow
1431498 IPFIX Flow timestamp is not matching with NTP synchronized system time
Product-Group=junos
The timestamp reported for packet arrival in NetFlow records will report inaccurate time due to the synchronization issue with NTP.
PR Number Synopsis Category: PTX Express ASIC Fabric Software
1283553 The PTX SPMB might crash after the FPC replacement followed by a SIB restart
Product-Group=junos
Due to a bug in microkernel of Switch Processor Mezzanine Board (SPMB) in PTX Control Board, the SPMB might crash after the FPC replacement followed by a Switch Interface Board (SIB) restart. The crash could cause all SIBs restart, which in turn could result in outage or traffic black hole.
PR Number Synopsis Category: Kernel software for AE/AS/Container
1474300 A newly added LAG member interface might forward traffic even though its micro BFD session is down
Product-Group=junos
On all Junos platforms, if a static Link Aggregate Group (LAG) is configured, and Bidirectional Forwarding Detection (BFD) is enabled on the LAG which is also called as micro BFD, a newly added member link might start to forward traffic immediately when the configuration change commits even though its micro BFD session is still down, for example, add a new member interface only on single end, and the remote member interface is disabled or not added. Therefore, traffic loss might be seen due to this issue.
PR Number Synopsis Category: jdhcpd daemon
1432162 The jdhcpd memory leak might happen on MX5, MX10, MX40, MX80, and MX104 when testing DHCP subscribers log-in/out.
Product-Group=junos
On MX5/MX10/MX40/MX80/MX104 Series platforms with DHCP server configuration for DHCP subscribers, the jdhcpd memory leak might happen and the memory increase by 15MB which depends on the number of subscribers when testing the DHCP subscribers log-in/out.
PR Number Synopsis Category: Security platform jweb support
1499280 Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services
Product-Group=junos
Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services (CVE-2020-1631). Refer to https://kb.juniper.net/JSA11021 for more information.
PR Number Synopsis Category: Layer 2 Circuit issues
1498040 The l2circuit neighbor might be stuck in RD state at one end of MG-LAG peer
Product-Group=junos
In MC-LAG scenario, if the l2circuit is configured with primary-neighbor/backup-neighbor over the MC-LAG link and the l2ckt (l2ciruits control daemon for pseudowire) session of the primary-neighbor/backup-neighbor is flapped continuously (such as clear neighbor ldp and ospf etc), one of the remote neighbors may be stuck in RD (the remote pseudowire neighbor is down) state due to race condition between VC (virtual circuit) state update timer and L2ckt intf state change timer. Then, that pseudowire might be down, the traffic might be impacted if the RD pseudowire is not up.
PR Number Synopsis Category: Label Distribution Protocol
1436119 Traffic loss might be seen after LDP session flaps rapidly
Product-Group=junos
On MX/PTX platforms under BGP scenario with LDP is enabled, if the knob "ecmp-fast-reroute"/"protect core" is configured, after the LDP session rapidly flaps and converges without any label change, traffic loss might be seen.
PR Number Synopsis Category: Bugs related to ethernet interface on MX platform
1367224 I2C error logs are seen when configuring wavelength on tunable SFP+.
Product-Group=junos
I2C error logs are seen when configuring wavelength on tunable SFP+
PR Number Synopsis Category: MX104 Software - Chassis Daemon
1279339 On MX104 platform with GRES enabled, the chassis network-services might not get set as "Enhanced-IP"
Product-Group=junos
On MX104 platform with graceful routing engine switchover (GRES) enabled. The chassis network-services might not get set as "Enhanced-IP" though it is specifically configured. "Disable GRES, then config enhanced-ip" is a workaround for this issue.
PR Number Synopsis Category: Kernel Composite Next Hop (composite / l3vpn) Infrastructure
1287956 Not following the guideline of rebooting entire chassis after changing chassis network-services configuration can cause vmcore and crash of FPCs/routing-engines on chassis.
Product-Group=junos
When configuration at hierarchy [edit chassis network-services] is changed a reboot of chassis is needed to avoid any unexpected behavior. One such behaviour is an assest condition due to issues in nexthop allocation leading to vmcore and reboot of FPCs/REs on the chassis. This PR introduces changes to handle such assert conditions gracefully and to avoid FPC/RE crash. The guideline of rebooting the entire chassis when configuration change is made is still valid.
PR Number Synopsis Category: "ifstate" infrastructure
1486161 Kernel core might be seen if deleting an ifstate
Product-Group=junos
On all Junos platforms, some operations such as configuration change may cause state information to change and eventually cause the ifstate to be deleted. In a very rare case, deleting an ifstate (kernel state) might cause kernel core and RE (Routing Engine) restart. There is no specific trigger, this issue is reported by the configuration change.
PR Number Synopsis Category: Kernel MPLS / Tag / P2MP Infrastructure
1493053 Backup RE might crash unexpectedly due to a rare timing issue
Product-Group=junos
The backup Routing Engine might crash unexpectedly due to a rare timing issue during a route churn in the network.
PR Number Synopsis Category: TCP/UDP transport layer
1449664 FPC might reboot with vmcore due to memory leak
Product-Group=junos
On all Junos platforms, if the device is up for a long period (e.g. several weeks or months), there might be a slow memory leak happening in some error scenarios where an application tries to send some data on a stale TCP socket (e.g. short-lived TCP connections used by the mgd process), and this issue might lead to FPC reboot with vmcore files.
PR Number Synopsis Category: OSPF routing protocol
1385014 RPD crash when executing specific "show ospf interface" commands from the CLI with OSPF authentication configured (CVE-2020-1643)
Product-Group=junos
Execution of the "show ospf interface extensive" or "show ospf interface detail" CLI commands on a Juniper Networks device running Junos OS may cause the routing protocols process (RPD) to crash and restart if OSPF interface authentication is configured, leading to a Denial of Service (DoS). By continuously executing the same CLI commands, a local attacker can repeatedly crash the RPD process causing a sustained Denial of Service. Refer to https://kb.juniper.net/JSA11030 for more information.
PR Number Synopsis Category: PE based L3 software
1251154 An FPC major alarm might be seen with error messages "DLU: ilp memory cache error" and "DLU: ilp prot1 detected_imem_even error"
Product-Group=junos
On PTX platforms with FPC3, PTX1000 with build-in chassis and QFX10000 platforms, a Flexible PIC Concentrator (FPC) major alarm might be seen if the system detects parity error, and the error messages "DLU: ilp memory cache error" and "DLU: ilp prot1 detected_imem_even error" might appear. The alarm might be cleared without intervention. This error may also be accompanied by traffic loss.
PR Number Synopsis Category: Path computation client daemon
1472825 Manually configured ERO on NS controller lost when PCEP session bounced
Product-Group=junos
On all Junos platform with Path Computation Element Protocol (PCEP) enabled, if PCEP session bounced druing Routing Engine (RE) switchover on a LSP ingress router, unexpacted delete message might be sent from Path Computation Client (PCC) to Path Computation Element (PCE) with North Star (NS) controller. In the end, manually configured explicit route object (ERO) for RSVP-TE based label switched path (LSP) on NS controller will be lost. However, traffic go through ERO set on NS controller is still normal.
PR Number Synopsis Category: PTX5KBroadway based PFE IPv4, IPv6 software
1479789 Multicast routes add/delete events might cause adjacency and LSPs to go down
Product-Group=junos
In PTX5000 platform with (FPC2-PTX-P1A | FPC-PTX-P1A), or PTX3000 with FPC-SFF-PTX-P1-A, with PIM/MVPN scenario, The adjacency relationships of routing protocols and LSPs might go down if add/delete some multicast routes (which can be achieved by flapping interface or protocol) ). It is because that though the routes are deleted, its counter for statistic will not be removed from Junos resulting in memory block for counter exhaustion. And due to the exhaustion, any protocols that are sharing the same memory scope might fail to allocate its own counter, which eventually causes protocol adjacency and LSPs to go down. [TSB17747]
PR Number Synopsis Category: Periodic Packet Management Daemon
1448670 The connection between ppmd (RE) and ppman (FPC) might get lost due to session timeout
Product-Group=junos
Under certain circumstances such as JUNOS VM freeze at the Routing Engine, ppmd to ppman connection might be closed if the session timeout is greater than 3 seconds in either direction. This might lead to flapping of distributed ppm protocol adjacency such as lacp/mBFD.
PR Number Synopsis Category: SNMP Infrastructure (snmpd, mib2d)
1364001 SNMP process crashes during polling CFM stats
Product-Group=junos
During polling Ethernet Connectivity Fault Management protocols stats SNMP process may crash
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1405917 The FPC crash might be observed in MS-MPC HA environment
Product-Group=junos
On MX Series platform with MS-MPC card used, in race condition, if the MS-MPC is used on HA (High Availability) scenario ( the 'set interfaces ms-x/x/x redundancy-options redundancy-peer/redundancy-local' knob and GRES is configured), the FPC might crash due to the bus error (segmentation fault). The reason is that two CPUs simultaneously access the same session-extension memory in the session structure, one for writing, the other for reading. A reading CPU gets an incorrect value and uses that as the memory address. This causes the bus error (segmentation fault).
1489942 Prolonged flow-control might happen on MX platforms with MS-MPC/MS-MIC
Product-Group=junos
On MX platforms with MS-MPC/MS-MIC, if there are lots of self-generated packets like TCP-tickle and UDP-logging, there might be data congestion on the data path due to no throttling functionality for such types of packets. When the data path is blocked, prolonged flow-control might happen with the service interfaces being brought down and the PIC reboot. At the same time, the mspmand core file will be generated if dump-on-flow-control is enabled.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1423500 Configuration commit might fail when the file system gets into full state
Product-Group=junos
On all platforms running Junos OS, when the file system gets into full state and there is not enough spare disk space, it might get into a problematic system condition in some corner case while a configuration commit is being performed. After that, if consecutive commits are still done in such a problematic status, commit-check failure logs might be seen eventually. Due to this issue, some processes might be not running even if the configuration is present.
 

16.1R7-S8 - List of Known issues

PR Number Synopsis Category: ESWD
1192520 GARPs being sent from the switch once in 10 minutes
Product-Group=junos
GARPs were being sent whenever there is a mac (fdb) operation (add or delete). This is now updated to send GARP when interface is UP & l3 interface attached to the vlan.
1287184 The EX ESWD memory might leak upon interface flapping with STP configured and configured with NSB (Non-Stop Bridging)
Product-Group=junos
When EX Series (applicable platforms: EX2200, EX3300, EX4200, EX4500, EX4550, EX6200, EX8200, and XRE200) is configured with STP and NSB (non-stop bridging), the interface flapping ( link up/down events) might cause eswd memory leak.
PR Number Synopsis Category: EX4300 Platform
1368940 Junos OS: EX and QFX Series: Console port authentication bypass vulnerability (CVE-2020-1618)
Product-Group=junos
On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. Refer to https://kb.juniper.net/JSA11001 for more information.
PR Number Synopsis Category: QFX PFE CoS
1510365 Traffic might be forwarded to wrong queue when fixed classifier is used
Product-Group=junosvae
If L2 access or vlan bridge IFL is created after fixed classifier is applied, the traffic matching the fixed classifier might be forwarded in unexpected queue, it might cause congestion unexpectedly hence there is traffic impact.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1443507 IPv6 connectivity between MC-LAG peers might fail when multiple IRB interfaces are present
Product-Group=junos
On all Junos platforms which are enabled with MultiChassis Link Aggregation Group (MC-LAG), if there are multiple Integrated Routing and Bridging (IRB) interfaces present, and the Inter Chassis Link (ICL) is also connected over an IRB interface, when both MC-LAG peers have not learnt link-local addresses and IPv6 ping is firstly initiated from the remote peer, the Neighbor Solicitation (NS) packet might take ICL path and couldn't get answered properly.
PR Number Synopsis Category: "agentd" software daemon
1248813 "telemetry_start_polling_fd: evSelectFD failed, errno: 9" messages are continuously seen in the log
Product-Group=junos
The error messages "Telemetry_start_polling_fd: evSelectFD failed, errno: 9" are continuously seen in logs. These are cosmetic logs and harmless. As a workaround, configure "set system processes SDN-Telemetry disable" and "deactivate groups junos-defaults routing-options enable-sensors" if telemetry is indeed not needed/configured to prevent the issue of error logs.
PR Number Synopsis Category: MPC Fusion SW
1454595 The 100G Interfaces may not come up again after going down on MPC3E-NG
Product-Group=junos
On MPC3E-NG cards with 100G interface in use, if the interface detects Loss of Lock (LOL) on the link without Loss of Signal (LOS), the interface will go down and may not come up again after the link is recovered.
PR Number Synopsis Category: MX Layer 2 Forwarding Module
1451959 Junos OS: MX Series: Crafted packets traversing a Broadband Network Gateway (BNG) configured with IPv6 NDP proxy could lead to Denial of Service (CVE-2020-1633)
Product-Group=junos
Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos OS 17.4, crafted NDPv6 packets could transit a Junos device configured as a Broadband Network Gateway (BNG) and reach the EVPN leaf node, causing a stale MAC address entry. This could cause legitimate traffic to be discarded, leading to a Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11012 for more information.
PR Number Synopsis Category: BBE state synchronization issues
1466118 The bbe-smgd process core dumps on backup routing engine
Product-Group=junos
On MX platform, bbe-smgd process core dumps on backup routing engine
PR Number Synopsis Category: Border Gateway Protocol
600308 JUNOS BGP Established state is not shown in "show bgp summary" if only master routing instance is present
Product-Group=junos
When only the default routing-instance is present, the command "show bgp summary" does not show the BGP ESTABLISH state. If the BGP state is not an ESTABLISHED state, then it shows the state as design (that is, Active, Idle, Connect). If there is a routing-instance configured (apart from master routing-instance inet.0), the BGP ESTABLISH state is shown properly. The issue happens for IPv4 BGP sessions only; on IPv6 all the BGP states are seen as default.
1403186 All the BGP session flap after RE switchover
Product-Group=junos
With GRES and NSR enabled, if executing RE switchover, BGP session might flap in some scenario. When Junos version have the fix of PR-1440694, BGP session always flap after doing RE switchover.
1432100 The "dead" next-hop might stay in the forwarding table in a BGP-LU scenario after the primary interface recovers
Product-Group=junos
In BGP Labeled Unicast (BGP-LU) scenario, if the device works as penultimate hop and receives BGP-LU routes with indirect next-hop from an egress router, after the operational next-hop interface corresponding to those labeled routes flaps, a "dead" next-hop type (discard action is performed for this type) may be set for the related clone routes (s=0) and still there even the next-hop interface is operational again.
1481641 JSA11032 Junos OS and Junos OS Evolved: RPD crash due to specific BGP UPDATE packets (CVE-2020-1644)
Product-Group=junos
On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt of a specific BGP UPDATE packet causes an internal counter to be incremented incorrectly, which over time can lead to the routing protocols process (RPD) crash and restart. Please refer to https://kb.juniper.net/JSA11032 for more information.
PR Number Synopsis Category: BBE Remote Access Server
1323829 IP addresses are assigned discontinuously from the linked IP pools
Product-Group=junos
When Address-Assignment Pool Linking is configured, the IP addresses assignment may allocate IP addresses from later pools before the earlier pool is depleted. This is caused by the mechanism change for the IP assignment from the introduced release.
1402012 The authd crash might be seen due to a memory corruption issue
Product-Group=junos
In subscriber scenario, the authd might crash multi-times due to a memory corruption issue.
PR Number Synopsis Category: MPC5/6E pfe microcode software
1298161 FPC ppe_img_ucode_redistribute Failed to evict needed instr to GUMEM error reported randomly
Product-Group=junos
In some MX Series deployments running Junos OS, random syslog messages are observed for FPC cards: "fpcx ppe_img_ucode_redistribute Failed to evict needed instr to GUMEM - xxx left". These messages are not an issue and might not have a service impact. These messages will addressed as INFO level messages. On a Packet Forwarding Engine, there are dedicated UMEM and shared GUMEM memory blocks. This informational message indicates some evicting events between UMEN and GUMEN and can be safely ignored.
1303489 MPC Major alarm, with logs: XQCHIP(46):XQ-chip[0]: DROP protect_regs error (status=0x8)
Product-Group=junos
In some scenarios with MPC, Major alarm and following messages are generated. this Major error is triggered due to parity error, and the impacted queue might drop packets,This might impact the forwarding, to recover MPC card need to be rebooted messages log: fpcx XQCHIP(46):XQ-chip[0]: DROP protect_regs error (status=0x8) alarmd[3158]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC x Major Errors Major alarm set, FPC x Major Errors fpcx XQCHIP(46):XQ-chip[0]: DROP protect_regs error (status=0x8) cli> show chassis alarms 1 alarms currently active Alarm time Class Description 2019-01-25 15:18:03 UTC Major FPC x Major Errors
1380566 FPC Errors might be seen in subscriber scenario
Product-Group=junos
In subscriber scenario, if the"service-accounting-deferred" is configured on dynamic-profile, and there is multicast to a large number of destinations on the same physical port, the FPC Errors might be seen.
PR Number Synopsis Category: Enhanced Broadband Edge support for cos
1407480 FPC may crash shortly after XQ chip memory read failure
Product-Group=junos
In a rare scenario XQ based FPC may reset shortly after it encounters XQ chip memory read failure.
PR Number Synopsis Category: JUNOS Dynamic Profile Configuration Infrastructure
1258744 The device control process (dcd) crashes during the ATM-related configuration commit.
Product-Group=junos
In a subscriber service environment, the device control process (dcd) might restart unexpectedly during commit process after changes to ATM interface configuration.
PR Number Synopsis Category: Ethernet OAM (LFM)
1347250 Junos OS: MX Series: PFE on the line card may crash due to memory leak. (CVE-2020-1651)
Product-Group=junos
When eth-oam is deactivated with scale PM config (under hardware-assited-pm-mode), the FPC can become unstable and can lead to FPC core. Memory leak might also happen on receiving CFM LLM packets without CFM being configured. Refer to https://kb.juniper.net/JSA11038 for more information.
PR Number Synopsis Category: Express PFE FW Features
1372944 Junos OS: PTX1000 and PTX10000 Series, QFX10000 Series using non-AFT architectures: A specific genuine packet inspected by sFlow will cause a reboot. (CVE-2020-1617)
Product-Group=junos
An improper initialization of memory in the packet forwarding architecture in Juniper Networks Junos OS non-AFI/AFT platforms which may lead to a Denial of Service (DoS) vulnerability being exploited when a genuine packet is received and inspected by non-AFT/AFI sFlow and when the device is also configured with firewall policers. Refer to https://kb.juniper.net/JSA11000 for more information.
1380917 FPC might crash on PTX or QFX10000 after lo0 filter change
Product-Group=junos
On PTX or QFX10000 platform with vmhost based FPC (i.e. PTX-FPC3, PTX1000), FPC crash might be seen after changing filter under lo0.
PR Number Synopsis Category: MX Inline Jflow
1362887 The inline J-Flow sampling configuration might cause FPC crash on MX Series platforms.
Product-Group=junos
On MX-series platforms, if the inline-jflow "nexthop-learning" knob is configured, when the sampling removes one next-hop, the FPC might crash. It is not easily reproducible and it is a rare issue.
PR Number Synopsis Category: Kernel software for AE/AS/Container
1346949 After an FPC becomes online or child interface added to ae bundle in config, traffic loss might be experienced for around 30 seconds till LACP reaches operational state. If child link stays detached in LACP, traffic loss will continue.
Product-Group=junos
On the Trio-based platform with "enhanced-ip" enabled which is enabled by default on MX80, MX104, MX 2010, MX2020, and MX10003, if the aggregate interface is initialized before the child interface is marked as part of the aggregate after FPC becomes online or child interface added to ae bundle in config, the traffic goes out from the ae interface might lose for around 30 seconds till LACP reaches operational state. If child link stays detached in LACP, traffic loss will continue.
1425211 Interface with FEC disabled might flap after Routing Engine mastership switchover.
Product-Group=junos
By default, RS-FEC (Reed-Solomon Forward Error Correction) is enabled for 100G SR4/PSM4 optics and disabled for 100G LR4 optics. The "set interfaces xx gigether-options fec" knob was introduced in Junos OS Release 16.1R1, it can be used to override the default behavior and explicitly enable/disable FEC for a 100G interface. In GRES scenario, when a 100G interface with SR4/PSM4 optics (e.g. QSFP-100GBASE-SR4/QSFP-100G-PSM4) is a member of an AE interface, and FEC is disabled on AE (knob "gigether-options fec none" is configured), the interface might flap during RE mastership switchover. After that, the interface will come up itself and this issue will recover automatically.
1440033 Traffic loss is observed on newly added interfaces in AE on "MX and EX platforms"
Product-Group=junos
On MX and EX series devices that support the "enhanced-ip" feature and when the new interface is added to aggregated ethernet (ae), output traffic is observed as 0 on the existing member links. This is being observed due to software issues as wrong weights are being set for existing child interfaces in the AE bundle.
PR Number Synopsis Category: jpppd daemon
1350563 Spontaneous jpppd core dump on the backup RE in longevity test at ../../../../../../src/junos/usr.sbin/jpppd/pppMain.cc:400
Product-Group=junos
In L2TP scenario when MX router functions as LTS (L2TP Tunnel Switch), there is a memory leak in jpppd process running on the backup RE, which will eventually lead to jpppd core dump due to out of memory condition. There is no functional impact as it happens on the backup RE.
PR Number Synopsis Category: Flow Module
1465286 SRX Series: Double free vulnerability can lead to DoS or remote code execution due to the processing of a specific HTTP message when ICAP redirect service is enabled (CVE-2020-1647)
Product-Group=junos
On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, a double free vulnerability can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) due to processing of a specific HTTP message. Refer to https://kb.juniper.net/JSA11034 for more information.
1465944 Junos OS: High-End SRX Series: Multicast traffic might cause all FPCs to reset. (CVE-2020-1634)
Product-Group=junos
On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core. Refer to https://kb.juniper.net/JSA11014 for more information.
PR Number Synopsis Category: JSR Infrastructure
1505864 SRX5k fails to upgrade to some Junos versions directly from 15.1X49 with "ERROR: unsupported h/w"
Product-Group=junos
On SRX5000 series, when upgrading Junos from a 15.1X49 release to specific higher Junos releases, the installation will fail with the message "ERROR: unsupported h/w". Affected target releases are Junos 18.4R3-S2 and 18.4R3-S3.
PR Number Synopsis Category: JSR Application Services
1460035 Junos OS: SRX Series: processing a malformed HTTP message when ICAP redirect service is enabled may can lead to flowd process crash or remote code execution (CVE-2020-1654)
Product-Group=junos
On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, processing a malformed HTTP message can lead to a Denial of Service (DoS) or Remote Code Execution (RCE). Refer to https://kb.juniper.net/JSA11031 for more information.
PR Number Synopsis Category: Layer 2 Circuit issues
1512834 The rpd might crash when deleting l2circuit configuration in a specific sequence
Product-Group=junos
If l2circuit local-switching is enabled with connection-protection, the rpd could crash in the following configuration change sequence. 1. First, delete the logical interface (IFL) used by a l2circuit and commit the change. 2. Then, delete the corresponding l2circuit configuration. The rpd could crash after committing the change.
PR Number Synopsis Category: pfe issues on m-series that do not have a specific category
1338581 Packet and byte count associated with an MPLS Unicast next-hop can be double-counted on the output physical interface upon the next-hop removal
Product-Group=junos
When an MPLS Unicast next-hop gets removed (e.g. due to a network convergence event), the statistics associated with that next-hop can be erroneously added to the output statistics of the respective physical interface, causing false abrupt increments in output packet and byte count. Logical interface statistics and CoS queues' counters are not affected by this problem and still provide accurate data.
PR Number Synopsis Category: Application specific PRs (cos/snmp/time-sync/routing/BRAS)
1255542 MX-VC: suboptimal Aggregate Ethernet Load Balancing when an Aggregate Ethernet bundle is part of an ECMP path.
Product-Group=junos
Load balancing is uneven across Aggregated Ethernet (AE) member links when the AE bundle is part of an equal cost multipath (ECMP). The AE member links need to span Virtual Chassis members.
PR Number Synopsis Category: Platform issues specific to MS-MPC (XLP)
1141266 "Mounting 128.0.x.x :/var/tmp/pics on /var/re: mount_nfs failed/timed out" are seen on message log file.
Product-Group=junos
Unending "mount request denied from 128.0.x.x for /var/tmp/pics" messages are seen on the message log file. Service pic can not upload coredump to routing-engine in the event of any crashes of service pic. It overwhelms the Hard Disk with these error messages. This would occur only with Service PIC being installed on one of the slots.
PR Number Synopsis Category: Multiprotocol Label Switching
1467278 The rpd might crash in PCEP for the RSVP-TE scenario
Product-Group=junos
In PCEP (Path Computation Element Protocol) with RSVP Traffic Engineered LSP (TE LSP) scenario, the two LSPs with the same TE LSP name might be shared between Path Computation Element (PCE) and Path Computation Client (PCC) in some rare cases. Then, if the configuration of LSP is delegated from CLI and externally controlled by PCC at the same time, the rpd might be crashed.
PR Number Synopsis Category: Multi Protocol Label Switch OAM
1328058 JSA10877 2018-10 Security Bulletin: Junos OS: RPD daemon crashes upon receipt of specific MPLS packet (CVE-2018-0043)
Product-Group=junos
The RPD daemon crashes upon receipt of specific MPLS packet (CVE-2018-0043); Refer to https://kb.juniper.net/JSA10877 for more information.
1399484 The rpd process might crash when executing "traceroute mpls bgp"
Product-Group=junos
When traceroute is performed to a remote host for an MPLS LSP using the command "traceroute mpls bgp", in very rare cases, it is possible that mplsoam daemon is holding the stale BGP instance handle in the query to the rpd process to get the information for the Forwarding Equivalence Class (FEC). Hence rpd crash might occur because of the invalid instance and cause traffic impact till rpd comes back up.
PR Number Synopsis Category: DNS filtering on MX.
1474056 Junos OS: MX Series: Services card might restart when DNS filtering is enabled (CVE-2020-1645)
Product-Group=junos
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart. Refer to https://kb.juniper.net/JSA11028 for more information.
PR Number Synopsis Category: Bugs related to ethernet interface on MX platform
1259757 "HEAP: Free at interrupt level /Free interrupt violation!" syslog messages might be seen when interface is down
Product-Group=junos
If an interface installed with tri-rate SFP-T on MIC-3D-20GE-SFP-E/EH is configured as auto-negotiation, "HEAP: Free at interrupt level /Free interrupt violation!" syslog messages might be seen when the interface is down. There is no impact for the syslog messages.
PR Number Synopsis Category: MX104 Software - Kernel
1223979 In MX104 platform: CPU hog or busy state will end up with sporadic I2C access error message and false alarms
Product-Group=junos
In MX104, when RE CPU usage is going high, sporadic I2C error message would be shown up. Since the situation would be temporary, the I2C access may success in next polling and there would be no impact.
PR Number Synopsis Category: Track Mt Rainier RE platform software issues
1220061 The routers equipped with NG-REs might raise memory size mismatch alarm after upgrade
Product-Group=junos
MX or PTX series routers equipped with NG-REs might raise memory mismatch alarm which is cosmetic.
1408480 The alarm 'Mismatch in total memory detected' is observed after issuing "request reboot vmhost routing-engine both".
Product-Group=junos
Alarm 'Mismatch in total memory detected' is observed after reboot vmhost both.
PR Number Synopsis Category: OS IPv4/ARP/ICMPv4
1345720 The rpd might crash when doing Routing Engine switchover with NSR and logical-system configurations.
Product-Group=junos
When doing RE switchover with NSR (nonstop-routing) and logical-system configurations, rpd core might happen. This issue is platform independent. And it would cause traffic or service impact.
1468183 Junos OS: Kernel crash (vmcore) or FPC crash due to mbuf leak (CVE-2020-1653)
Product-Group=junos
On Juniper Networks Junos OS devices, a stream of TCP packets sent to the Routing Engine (RE) may cause mbuf leak which can lead to Flexible PIC Concentrator (FPC) crash or the system to crash and restart (vmcore). Refer to https://kb.juniper.net/JSA11040 for more information.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1168322 Junos OS: SRX Branch Series and vSRX Series: Multiple vulnerabilities in ISC BIND named. (CVE-2016-1285, CVE-2016-1286)
Product-Group=junos
ISC BIND software included with Junos OS on SRX Branch Series and vSRX devices has been upgraded to resolve multiple vulnerabilities. These issues are only applicable to SRX Branch Series and vSRX Series with DNS Proxy server enabled. Refer to https://kb.juniper.net/JSA10994 for more information.
PR Number Synopsis Category: "ifstate" infrastructure
1379657 Protocol adjacency might flap and FPC might reboot if jlock hog happens
Product-Group=junos
On all platforms and in scaling scenario, if doing some operations which causes jlock hog, the protocols adjacency might flap and all the FPCs might reboot.
PR Number Synopsis Category: PFE Peer Infra
1209308 Protocol may flap
Product-Group=junos
In some rare scenarios, TCP keepalive may timeout on the local sockets between the master Routing Engine and the FPCs. The problem caused by a delay in packet processing on em0 interface, or delay in processing keepalive packets during network instability events. The results are protocol flap events.
PR Number Synopsis Category: TCP/UDP transport layer
1394370 The command "commit synchronize" might fail because several internal connections are stuck
Product-Group=junos
Command "commit synchronize" might fail due to kernel TCP socket stuck, the stuck can also result in login failure to the Backup RE from Master RE or to an FPC.
PR Number Synopsis Category: Path computation client daemon
1442598 Few Path Computation Element Protocol (PCEP) logs are marked as ERROR even though they are not. Now severity of those logs are corrected as INFO.
Product-Group=junos
1. Connection with rpd established! 2. Switched to master mode 3. received SIGHUP, handle configuration 4. Switched to slave 5. PCCD mastership is: %d 6. Delegation retry timedout: LSP id: %d with PCE: %s 7. Connection with pce %s (%s:%u) successful 8. Connection to pce %s (%s:%u) failed 9. PCCD received message '%s' from libpcep 10. PCClose received from PCE. Switching to new main PCE 11. No protocol trace configuration found 12. Could not get pce-group id from pce
PR Number Synopsis Category: PTX5KBroadway based PFE IPv4, IPv6 software
1254415 PTX FPC is reporting TQCHIP : Fatal error pqt_min_free_cnt is zero
Product-Group=junos
PTX Series platforms with the FPC-PTX-P1-A or FPC2-PTX-P1A line card might encounter a single event upset (SEU) event that can cause a linked-list corruption of the TQCHIP. The following syslog message is reported: Jan 9 08:16:47.295 router fpc0 TQCHIP1: Fatal error pqt_min_free_cnt is zero Jan 9 08:16:47.295 router fpc0 CMSNG: Fatal ASIC error, chip TQ Jan 9 08:16:47.295 router fpc0 TQ Chip::FATAL ERROR!! from PQT free count is zero jan 9 08:16:47.380 router alarmd[2427]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 Jan 9 08:16:47.380 router craftd[2051]: Fatal alarm set, FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 Junos OS Chassis Management Error handling does detect such condition, and raises an alarm and performs the disable-pfe action for the affected PFE entity. To recover this PFE entity, a restart of the FPC is needed. Soft errors are transient or non-recurring. FPCs experiencing such SEU events do not have any permanent damage. Contact your Juniper support representative if the issue is seen after a FPC restart.
PR Number Synopsis Category: Protocol Independant Multicast
1155778 The rpd process on the backup Routing Engine might crash because of a memory leak with the PIM configuration.
Product-Group=junos
For devices populated with master and backup Routing Engines (RE) and configured for nonstop active routing (NSR) and Protocol Independent Multicast (PIM) configuration, the routing protocol process (rpd) might crash on the backup Routing Engine due to a memory leak. This leak occurs when the backup Routing Engine handling mirror updates about PIM received from the master Routing Engine deletes information about a PIM session from its database. But because of a software defect, a leak of 2 memory blocks (8 or 16 bytes) might occur for every PIM leave. If the memory is exhausted, the rpd may crash on the backup Routing Engine. There is no impact seen on the master Routing Engine when the rpd crashes on the backup Routing Engine. Use the "show system processes extensive" command to check the memory.
PR Number Synopsis Category: vMX Platform Infrastructure related issue tracking
1328119 Minor alarm "LCM Peer Connection un-stable" is observed on MX150 after the chassisd process startup or restart
Product-Group=junos
On the MX150 platform, there will be a minor alarm "LCM Peer Connection un-stable" reported after the chassisd process startup or restart. It does not impact service and can be ignored.
1344858 Junos OS: vMX: Default credentials supplied in configuration (CVE-2020-1615)
Product-Group=junos
The factory configuration for vMX installations, as shipped, includes default credentials for the root account. Without proper modification of these default credentials by the administrator, an attacker could exploit these credentials and access the vMX instance without authorization. Refer to https://kb.juniper.net/JSA10998 for more information.
PR Number Synopsis Category: Periodic Packet Management Daemon
1003991 FPC packet buffer memory leak due to continuous delegated BFD session flapping
Product-Group=junos
 
PR Number Synopsis Category: Routing Information Protocol
1508814 The rpd crash might occur due to RIP updates being sent on an interface in down state
Product-Group=junos
When RIP with p2mp (point-to-multiple) is configured on an interface in down state, in a very corner case, routing daemon might crash while sending RIP updates to an interface which is already down.
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1276044 Routing Protocol Daemon(RPD) might crash with core-dump if forwarding-table export policy with 'install-nexthop' is configured
Product-Group=junos
Routing Protocol Daemon(RPD) might crash with core-dump if forwarding-table export policy with 'install-nexthop' is configured and that LSP is not available
1370174 The rpd might crash after Routing Engine switchover is performed or the rpd is restarted if interface-based dynamic GRE tunnel is configured.
Product-Group=junos
With interface-based Dynamic GRE Tunnel configured, there might be 2 next-hops for a single dynamic GRE tunnel when a new route is resolved over the dynamic tunnel after RE switchover is performed or the rpd is restarted. Subsequent withdrawal of the routes over that tunnel or master Routing Engine restarting will cause the rpd crash. This issue is introduced in PR 1202926 (which is fixed in 15.1F7 16.1R4 16.2R1-S6 16.2R1-S6-J1 16.2R2 17.1R2-S7 17.1R2-S8 17.1R3 17.2R1).
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1457955 Aggregate route with BGP contributing routes may flap in some scenarios as expected
Product-Group=junos
Aggregate route with BGP contributing routes may flap in some scenarios as expected The reasons is, by default, aggregate route carries some BGP attributes like AS-PATH, originator, cluster. Aggregate route inherit those attributes from active contributing routes. If one or few contributing route add/delete/change happens, while other contributing routes are still stable, aggregate route may refresh since its attributes got changed. If this aggregate route is exported into BGP, a BGP update will be sent to downstream router with updated attributes, causing a service impact Reference page: https://www.juniper.net/documentation/en_US/junos/topics/concept/policy-aggregate-routes.html
1466161 Memory consumption increased causing memory pressure and high CPU utilization in MX5/10/40/80 platform after upgrade to Junos 16.1 or later
Product-Group=junos
MX5/10/40/80 platform may suffer from memory pressure and high CPU utilization after upgrading to Junos to 16.1 or later. A similar issue may also be seen on other platforms having routing-engines with 2 gigabytes of memory or less.
PR Number Synopsis Category: jflow/monitoring services
1284918 The sampled route reflector process (srrd) might crash in the large routes churn situation.
Product-Group=junos
When the FPCs are busy in high churn scenarios, because the srrd thread in the Packet Forwarding Engine has low priority, CPR resources are insufficient to process the messages sent by srrd process. Due to this, the queue for these busy FPCs are piling in srrd and eventually leading to crash. Refer to the description for the details.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1415119 Only 40 MS-PICs (10 MS-MPC cards) can be in the ACTIVE state even if more than 10 MS-MPC cards are inserted in the MX2020 chassis
Product-Group=junos
On MX2020 platform, at most 40 MS-PICs (10 MS-MPC cards) can be in the ACTIVE state even if more than 10 MS-MPC cards are inserted in the MX2020 chassis.
1453811 Junos OS: MX Series: Denial of Service vulnerability in MS-PIC component on MS-MIC or MS-MPC (CVE-2020-1650)
Product-Group=junos
On Juniper Networks Junos MX Series with service card configured, receipt of a stream of specific packets may crash the MS-PIC component on MS-MIC or MS-MPC. Refer to https://kb.juniper.net/JSA11037 for more information.
PR Number Synopsis Category: SFW, CGNAT on MS-MIC/MS-MPC (XLP)
1335956 The MAC_STUCK might be seen on MS-MPC or MS-MIC
Product-Group=junos
In an MS-MPC or MS-MIC in ALG scenario, the MAC_STUCK message might be observed and traffic might be dropped.
PR Number Synopsis Category: MPC7, MPC8, MPC9, SFB2, MRATE & 8x100 MICs
1354070 The log of "SMART ATA Error Log Structure error: invalid SMART checksum." might be seen on FPC with WINTEC mSata SSD
Product-Group=junos
The log of "SMART ATA Error Log Structure error: invalid SMART checksum." might be seen on FPC with WINTEC mSata SSD
PR Number Synopsis Category: MPC7/8/9 Interface Issues
1441816 Egress stream flush failure and traffic blackhole might occur
Product-Group=junos
Egress stream flush failure and silent dropping of traffic could occur in a rare occasion for a repeatedly flapping link on MPC7E, MPC8E, MPC9E cards, MX204 and MX10003.
PR Number Synopsis Category: Trio LU, IX, QX, MQ chip drivers, ucode & related SW
1059137 An enhancement for reporting CM-ERRORs when memory parity errors occur within MPC pre-classifier engines
Product-Group=junos
On MX Series routers, parity memory errors might occur in pre-classifier engines within an MPC. Packets are silently discarded because such errors are not reported and hence harder to diagnose. CM errors such as syslog messages and alarms should be raised when parity memory errors occur.
1248858 On MPC 5/6/7/9 with inline services configured memory leak can be observed in services next hop
Product-Group=junos
On MPC 5/6/7 and 9 with inline services configured memory leak can be observed in services next hop when the MPCs services next hop memory block is utilized at the boundary of the allocated memory space.
PR Number Synopsis Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1308000 Enhanced Subscriber Management: Targetting for subscribers terminated in non-default routing-intance is supported from 17.3R2
Product-Group=junos
Enhanced Subscriber Management: For subscribers terminated in routing-instance, targeting will be supported from 17.3R2 onwards. With current code subscribers may come up but traffic towards subscriber may be dropped at MX as it is not support in current release.
1401808 FPC core files due to a corner case scenario (race condition between RPF, IP flow).
Product-Group=junos
In a subscriber management deployment where the Reverse-Path-Forwarding (RPF) check and MAC check is enabled, a race condition might cause software failure and resulted in a Flexible PIC Concentrator (FPC) to restart.
PR Number Synopsis Category: Trio pfe qos software
1382288 One single port with Dual stack subscribers pppoe/dhcpv6 drop all the connections and no subscribers seen now.
Product-Group=junos
One single port with dual stack subscribers pppoe/dhcpv6 drop all the connections and no subscribers are seen.
1418602 FPC log messages: "Q index(xxxxx) is not allocated"
Product-Group=junos
The cause of the messages is a race condition. For each IFL, IFLSET or IFD object, HALP statistics module reads stats values from hardware for the individual queues. HALP stats module is implemented as a separate stats thread and while stats thread is waiting, PFEMAN thread may assign different queues to the IFL/IFLSET/IFD object. After stats thread gets CPU back, before reading HW for the next queue, stats thread needs to validate that queue is still applicable, which fails if we see the message. The messages are harmless and can be ignored.
PR Number Synopsis Category: TRIO Interface based services
1465490 MX Series: PFE crash on MPC7/8/9 upon receipt of small fragments requiring reassembly (CVE-2020-1649)
Product-Group=junos
When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine (PFE) will become disabled upon receipt of small fragments requiring reassembly. Refer to https://kb.juniper.net/JSA11036 for more information.
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1474154 MX Series: PFE crash on MPC7/8/9 upon receipt of large packets requiring fragmentation (CVE-2020-1655)
Product-Group=junos
When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine (PFE) will become disabled upon receipt of large packets requiring fragmentation. Refer to https://kb.juniper.net/JSA11041 for more information.
PR Number Synopsis Category: Authentication, Authorization, Accounting, PAM (RADIUS/tacplus)
1233649 additional fix for timing issue that can cause auditd core
Product-Group=junos
additional fix for timing issue that can cause auditd core, covered several corner cases to prevent core related to PR1191527
1305964 Message "system reaching processes ceiling low watermark" might be seen
Product-Group=junos
When an "auditd" child process is terminated, the process is still having a pid and an entry in the process table. When the number of defunct processes reaches the limit, you will see "jlaunchd" error messages.
PR Number Synopsis Category: Configuration management, ffp, load action
1267433 The commitd process might generate a core file when removal of certain configuration is followed by a commit operation.
Product-Group=junos
Core file is generated by commitd when deletion for a certain configuration is committed. Configuration is properly changed after commit even though core file remains.
PR Number Synopsis Category: PFE on Satellite Device
1360876 The shutdown of the cascade port might lead to the invalidation of the MPC linecard
Product-Group=junos
In Fusion scenario, on the MPC2E/3E NG HQoS or MPC5E 3D Q linecard, if the cascade port is down (e.g., disabled, deactivated), all the interfaces of the linecard might be unusable.
PR Number Synopsis Category: VMHOST platforms software
1349373 FPCs may reboot continuously until the Routing Engine reboot
Product-Group=junos
On a next-generation Routing Engine (NG-RE), a failure of the Hardware Random Number Generator (HWRNG) will leave the system in a state where there is not enough entropy available to operate. Please refer to TSB17734(http://kb.juniper.net/InfoCenter/index?page=content&id=TSB17734) for more details.
PR Number Synopsis Category: Virtual Private LAN Services
1295664 LSI interface might not be created causing remote MACs not being learnt with error log of "RPD_KRT_Q_RETRIES: ifl iff add: Device busy"
Product-Group=junos
With VPLS being configured, after upgrade to 15.1/16.1/17.x releases, in some circumstances VPLS LSI interface are not correctly created, causing remote MACs not being learnt and L2 VPLS outage. The issue is not reproduced and the code change is not a fix but add a instrumentation using a hidden command 'show vpls ipc-history', which should be captured right away when the issue is seen on latest releases. show vpls ipc-history <<<<< show vpls connections show krt queue show route forwarding-table extensive /var/log/messages
 
Modification History:
First publication 2020-07-13
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search