Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles16.1R7-S8: Software Release Notification for JUNOS Software Version 16.1R7-S8
Junos Software service Release version 16.1R7-S8 is now available. JUNOS software version 16.1R7 reaches end of engineering (EOE) on 2020-07-28 and end of support (EOS) on 2021-01-28
| PR Number | Synopsis | Category: QFX PFE CoS |
|---|---|---|
| 1510365 | Traffic might be forwarded to wrong queue when fixed classifier is used Product-Group=junos |
If L2 access or vlan bridge IFL is created after fixed classifier is applied, the traffic matching the fixed classifier might be forwarded in unexpected queue, it might cause congestion unexpectedly hence there is traffic impact. |
| PR Number | Synopsis | Category: Border Gateway Protocol |
| 1497721 | Junos OS: Receipt of certain genuine BGP packets from any BGP Speaker causes RPD to crash. (CVE-2020-1640) Product-Group=junos |
An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon allows an attacker to crash RPD thereby causing a Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11024 for more information. |
| PR Number | Synopsis | Category: BBE Remote Access Server |
| 1502274 | The LTS is incorrectly sending the access-request with the Tunnel-Assignment-ID which is not compliant with RFC 2868 Product-Group=junos |
In LTS (L2TP Tunnel Switch) scenario when the MX sending the access-request to the RADIUS (Remote Access Dial-In User Service) for the LTS client, it incorrectly includes the Tunnel-Assignment-ID which is not compliant with RFC 2868. It results in the RADIUS reject the access-request and the LTS client authentification fails. |
| PR Number | Synopsis | Category: MX Platform SW - Environment Monitoring |
| 1395539 | The minor alarm of "Bottom Fan Tray Pred Fail" might be wrongly raised when the fan speed is at high speed on MX960 Product-Group=junos |
On the MX960 a check of the "actual" fan speed is compared to the "set" fan speed. If the difference between the actual fan speed and the set fan speed is greater than 20% the system uses this to predict that the fan might be about to fail. When the fans are set to run in high speed mode, some deviation from the set fan speed is expected to occur with the fans and it is expected to sometimes see a deviation greater than 20%. Going forward this 20% tolerance check will be disabled while running in high speed mode. |
| PR Number | Synopsis | Category: PTX Chassis Manager |
| 1380056 | Remove the chassisd alarms for FPCs exceeding 90 percent of power budget and exeeding 100 percent of power budget Product-Group=junos |
Starting in Junos OS Release with this change, PTX Series Routers do not raise a chassis alarm in the following events; instead, it registers a system log. |
| PR Number | Synopsis | Category: Tracking sw issues related to Channelized 4xOC3/1xOC-12 Mic |
| 1396538 | MPC card/AFEB/TFEB with Channalized OC MIC might crash with core dump Product-Group=junos |
On MX Series platforms, if channelized OC MIC (such as 1xCOC12/4xCOC3 CH-CE) is used, the MPC card/AFEB/TFEB (Forwarding Engine Board) might crash with core files generated. This is not easily reproducible. The traffic through the MIC would be impacted. |
| 1420983 | The FPC CPU might be hogged if channelized interfaces are configured Product-Group=junos |
On MX Series platform, with 1xCOC12 or 4XCOC3 used, if channelized interfaces are configured, FPC CPU overuse might be seen. |
| PR Number | Synopsis | Category: OpenSSL and related subsystems |
| 1479780 | OpenSSL Security Advisory [20 Dec 2019] Product-Group=junos |
The ?OpenSSL project has published a security advisory for a vulnerability resolved in the OpenSSL library on December 20, 2019. Refer to https://kb.juniper.net/JSA11025 for more information. |
| PR Number | Synopsis | Category: Device Configuration Daemon |
| 1350192 | The link-degrade-monitor configuration might cause the commit sync failure on backup RE Product-Group=junos |
On Junos platform along with redundant Routing Engine, if both link-degrade-monitor and any other configurations are configured on a port, commit synchronize might fail on the backup RE. If this occurs, the configuration might be lost after switchover and thus it might cause traffic loss. |
| PR Number | Synopsis | Category: Express PFE CoS Features |
| 1347805 | QFX10000 platforms might encounter a chassis alarm indicating "FPC 0 Major Errors - PE Error code: 0x2100ba". Product-Group=junos |
QFX10000 platforms may encounter a chassis alarm indicating "FPC 0 Major Errors - PE Error code: 0x2100ba". This error is incorrectly categorized as 'Major' and it can be safely ignored unless it is encountered with high frequency. Future Junos releases will recategorize this message to "Info" severity. |
| PR Number | Synopsis | Category: Express PFE Services including JTI, TOE, HostPath, Jflow |
| 1431498 | IPFIX Flow timestamp is not matching with NTP synchronized system time Product-Group=junos |
The timestamp reported for packet arrival in NetFlow records will report inaccurate time due to the synchronization issue with NTP. |
| PR Number | Synopsis | Category: PTX Express ASIC Fabric Software |
| 1283553 | The PTX SPMB might crash after the FPC replacement followed by a SIB restart Product-Group=junos |
Due to a bug in microkernel of Switch Processor Mezzanine Board (SPMB) in PTX Control Board, the SPMB might crash after the FPC replacement followed by a Switch Interface Board (SIB) restart. The crash could cause all SIBs restart, which in turn could result in outage or traffic black hole. |
| PR Number | Synopsis | Category: Kernel software for AE/AS/Container |
| 1474300 | A newly added LAG member interface might forward traffic even though its micro BFD session is down Product-Group=junos |
On all Junos platforms, if a static Link Aggregate Group (LAG) is configured, and Bidirectional Forwarding Detection (BFD) is enabled on the LAG which is also called as micro BFD, a newly added member link might start to forward traffic immediately when the configuration change commits even though its micro BFD session is still down, for example, add a new member interface only on single end, and the remote member interface is disabled or not added. Therefore, traffic loss might be seen due to this issue. |
| PR Number | Synopsis | Category: jdhcpd daemon |
| 1432162 | The jdhcpd memory leak might happen on MX5, MX10, MX40, MX80, and MX104 when testing DHCP subscribers log-in/out. Product-Group=junos |
On MX5/MX10/MX40/MX80/MX104 Series platforms with DHCP server configuration for DHCP subscribers, the jdhcpd memory leak might happen and the memory increase by 15MB which depends on the number of subscribers when testing the DHCP subscribers log-in/out. |
| PR Number | Synopsis | Category: Security platform jweb support |
| 1499280 | Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services Product-Group=junos |
Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services (CVE-2020-1631). Refer to https://kb.juniper.net/JSA11021 for more information. |
| PR Number | Synopsis | Category: Layer 2 Circuit issues |
| 1498040 | The l2circuit neighbor might be stuck in RD state at one end of MG-LAG peer Product-Group=junos |
In MC-LAG scenario, if the l2circuit is configured with primary-neighbor/backup-neighbor over the MC-LAG link and the l2ckt (l2ciruits control daemon for pseudowire) session of the primary-neighbor/backup-neighbor is flapped continuously (such as clear neighbor ldp and ospf etc), one of the remote neighbors may be stuck in RD (the remote pseudowire neighbor is down) state due to race condition between VC (virtual circuit) state update timer and L2ckt intf state change timer. Then, that pseudowire might be down, the traffic might be impacted if the RD pseudowire is not up. |
| PR Number | Synopsis | Category: Label Distribution Protocol |
| 1436119 | Traffic loss might be seen after LDP session flaps rapidly Product-Group=junos |
On MX/PTX platforms under BGP scenario with LDP is enabled, if the knob "ecmp-fast-reroute"/"protect core" is configured, after the LDP session rapidly flaps and converges without any label change, traffic loss might be seen. |
| PR Number | Synopsis | Category: Bugs related to ethernet interface on MX platform |
| 1367224 | I2C error logs are seen when configuring wavelength on tunable SFP+. Product-Group=junos |
I2C error logs are seen when configuring wavelength on tunable SFP+ |
| PR Number | Synopsis | Category: MX104 Software - Chassis Daemon |
| 1279339 | On MX104 platform with GRES enabled, the chassis network-services might not get set as "Enhanced-IP" Product-Group=junos |
On MX104 platform with graceful routing engine switchover (GRES) enabled. The chassis network-services might not get set as "Enhanced-IP" though it is specifically configured. "Disable GRES, then config enhanced-ip" is a workaround for this issue. |
| PR Number | Synopsis | Category: Kernel Composite Next Hop (composite / l3vpn) Infrastructure |
| 1287956 | Not following the guideline of rebooting entire chassis after changing chassis network-services configuration can cause vmcore and crash of FPCs/routing-engines on chassis. Product-Group=junos |
When configuration at hierarchy [edit chassis network-services] is changed a reboot of chassis is needed to avoid any unexpected behavior. One such behaviour is an assest condition due to issues in nexthop allocation leading to vmcore and reboot of FPCs/REs on the chassis. This PR introduces changes to handle such assert conditions gracefully and to avoid FPC/RE crash. The guideline of rebooting the entire chassis when configuration change is made is still valid. |
| PR Number | Synopsis | Category: "ifstate" infrastructure |
| 1486161 | Kernel core might be seen if deleting an ifstate Product-Group=junos |
On all Junos platforms, some operations such as configuration change may cause state information to change and eventually cause the ifstate to be deleted. In a very rare case, deleting an ifstate (kernel state) might cause kernel core and RE (Routing Engine) restart. There is no specific trigger, this issue is reported by the configuration change. |
| PR Number | Synopsis | Category: Kernel MPLS / Tag / P2MP Infrastructure |
| 1493053 | Backup RE might crash unexpectedly due to a rare timing issue Product-Group=junos |
The backup Routing Engine might crash unexpectedly due to a rare timing issue during a route churn in the network. |
| PR Number | Synopsis | Category: TCP/UDP transport layer |
| 1449664 | FPC might reboot with vmcore due to memory leak Product-Group=junos |
On all Junos platforms, if the device is up for a long period (e.g. several weeks or months), there might be a slow memory leak happening in some error scenarios where an application tries to send some data on a stale TCP socket (e.g. short-lived TCP connections used by the mgd process), and this issue might lead to FPC reboot with vmcore files. |
| PR Number | Synopsis | Category: OSPF routing protocol |
| 1385014 | RPD crash when executing specific "show ospf interface" commands from the CLI with OSPF authentication configured (CVE-2020-1643) Product-Group=junos |
Execution of the "show ospf interface extensive" or "show ospf interface detail" CLI commands on a Juniper Networks device running Junos OS may cause the routing protocols process (RPD) to crash and restart if OSPF interface authentication is configured, leading to a Denial of Service (DoS). By continuously executing the same CLI commands, a local attacker can repeatedly crash the RPD process causing a sustained Denial of Service. Refer to https://kb.juniper.net/JSA11030 for more information. |
| PR Number | Synopsis | Category: PE based L3 software |
| 1251154 | An FPC major alarm might be seen with error messages "DLU: ilp memory cache error" and "DLU: ilp prot1 detected_imem_even error" Product-Group=junos |
On PTX platforms with FPC3, PTX1000 with build-in chassis and QFX10000 platforms, a Flexible PIC Concentrator (FPC) major alarm might be seen if the system detects parity error, and the error messages "DLU: ilp memory cache error" and "DLU: ilp prot1 detected_imem_even error" might appear. The alarm might be cleared without intervention. This error may also be accompanied by traffic loss. |
| PR Number | Synopsis | Category: Path computation client daemon |
| 1472825 | Manually configured ERO on NS controller lost when PCEP session bounced Product-Group=junos |
On all Junos platform with Path Computation Element Protocol (PCEP) enabled, if PCEP session bounced druing Routing Engine (RE) switchover on a LSP ingress router, unexpacted delete message might be sent from Path Computation Client (PCC) to Path Computation Element (PCE) with North Star (NS) controller. In the end, manually configured explicit route object (ERO) for RSVP-TE based label switched path (LSP) on NS controller will be lost. However, traffic go through ERO set on NS controller is still normal. |
| PR Number | Synopsis | Category: PTX5KBroadway based PFE IPv4, IPv6 software |
| 1479789 | Multicast routes add/delete events might cause adjacency and LSPs to go down Product-Group=junos |
In PTX5000 platform with (FPC2-PTX-P1A | FPC-PTX-P1A), or PTX3000 with FPC-SFF-PTX-P1-A, with PIM/MVPN scenario, The adjacency relationships of routing protocols and LSPs might go down if add/delete some multicast routes (which can be achieved by flapping interface or protocol) ). It is because that though the routes are deleted, its counter for statistic will not be removed from Junos resulting in memory block for counter exhaustion. And due to the exhaustion, any protocols that are sharing the same memory scope might fail to allocate its own counter, which eventually causes protocol adjacency and LSPs to go down. [TSB17747] |
| PR Number | Synopsis | Category: Periodic Packet Management Daemon |
| 1448670 | The connection between ppmd (RE) and ppman (FPC) might get lost due to session timeout Product-Group=junos |
Under certain circumstances such as JUNOS VM freeze at the Routing Engine, ppmd to ppman connection might be closed if the session timeout is greater than 3 seconds in either direction. This might lead to flapping of distributed ppm protocol adjacency such as lacp/mBFD. |
| PR Number | Synopsis | Category: SNMP Infrastructure (snmpd, mib2d) |
| 1364001 | SNMP process crashes during polling CFM stats Product-Group=junos |
During polling Ethernet Connectivity Fault Management protocols stats SNMP process may crash |
| PR Number | Synopsis | Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP) |
| 1405917 | The FPC crash might be observed in MS-MPC HA environment Product-Group=junos |
On MX Series platform with MS-MPC card used, in race condition, if the MS-MPC is used on HA (High Availability) scenario ( the 'set interfaces ms-x/x/x redundancy-options redundancy-peer/redundancy-local' knob and GRES is configured), the FPC might crash due to the bus error (segmentation fault). The reason is that two CPUs simultaneously access the same session-extension memory in the session structure, one for writing, the other for reading. A reading CPU gets an incorrect value and uses that as the memory address. This causes the bus error (segmentation fault). |
| 1489942 | Prolonged flow-control might happen on MX platforms with MS-MPC/MS-MIC Product-Group=junos |
On MX platforms with MS-MPC/MS-MIC, if there are lots of self-generated packets like TCP-tickle and UDP-logging, there might be data congestion on the data path due to no throttling functionality for such types of packets. When the data path is blocked, prolonged flow-control might happen with the service interfaces being brought down and the PIC reboot. At the same time, the mspmand core file will be generated if dump-on-flow-control is enabled. |
| PR Number | Synopsis | Category: UI Infrastructure - mgd, DAX API, DDL/ODL |
| 1423500 | Configuration commit might fail when the file system gets into full state Product-Group=junos |
On all platforms running Junos OS, when the file system gets into full state and there is not enough spare disk space, it might get into a problematic system condition in some corner case while a configuration commit is being performed. After that, if consecutive commits are still done in such a problematic status, commit-check failure logs might be seen eventually. Due to this issue, some processes might be not running even if the configuration is present. |
| PR Number | Synopsis | Category: ESWD |
|---|---|---|
| 1192520 | GARPs being sent from the switch once in 10 minutes Product-Group=junos |
GARPs were being sent whenever there is a mac (fdb) operation (add or delete). This is now updated to send GARP when interface is UP & l3 interface attached to the vlan. |
| 1287184 | The EX ESWD memory might leak upon interface flapping with STP configured and configured with NSB (Non-Stop Bridging) Product-Group=junos |
When EX Series (applicable platforms: EX2200, EX3300, EX4200, EX4500, EX4550, EX6200, EX8200, and XRE200) is configured with STP and NSB (non-stop bridging), the interface flapping ( link up/down events) might cause eswd memory leak. |
| PR Number | Synopsis | Category: EX4300 Platform |
| 1368940 | Junos OS: EX and QFX Series: Console port authentication bypass vulnerability (CVE-2020-1618) Product-Group=junos |
On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. Refer to https://kb.juniper.net/JSA11001 for more information. |
| PR Number | Synopsis | Category: QFX PFE CoS |
| 1510365 | Traffic might be forwarded to wrong queue when fixed classifier is used Product-Group=junosvae |
If L2 access or vlan bridge IFL is created after fixed classifier is applied, the traffic matching the fixed classifier might be forwarded in unexpected queue, it might cause congestion unexpectedly hence there is traffic impact. |
| PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
| 1443507 | IPv6 connectivity between MC-LAG peers might fail when multiple IRB interfaces are present Product-Group=junos |
On all Junos platforms which are enabled with MultiChassis Link Aggregation Group (MC-LAG), if there are multiple Integrated Routing and Bridging (IRB) interfaces present, and the Inter Chassis Link (ICL) is also connected over an IRB interface, when both MC-LAG peers have not learnt link-local addresses and IPv6 ping is firstly initiated from the remote peer, the Neighbor Solicitation (NS) packet might take ICL path and couldn't get answered properly. |
| PR Number | Synopsis | Category: "agentd" software daemon |
| 1248813 | "telemetry_start_polling_fd: evSelectFD failed, errno: 9" messages are continuously seen in the log Product-Group=junos |
The error messages "Telemetry_start_polling_fd: evSelectFD failed, errno: 9" are continuously seen in logs. These are cosmetic logs and harmless. As a workaround, configure "set system processes SDN-Telemetry disable" and "deactivate groups junos-defaults routing-options enable-sensors" if telemetry is indeed not needed/configured to prevent the issue of error logs. |
| PR Number | Synopsis | Category: MPC Fusion SW |
| 1454595 | The 100G Interfaces may not come up again after going down on MPC3E-NG Product-Group=junos |
On MPC3E-NG cards with 100G interface in use, if the interface detects Loss of Lock (LOL) on the link without Loss of Signal (LOS), the interface will go down and may not come up again after the link is recovered. |
| PR Number | Synopsis | Category: MX Layer 2 Forwarding Module |
| 1451959 | Junos OS: MX Series: Crafted packets traversing a Broadband Network Gateway (BNG) configured with IPv6 NDP proxy could lead to Denial of Service (CVE-2020-1633) Product-Group=junos |
Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos OS 17.4, crafted NDPv6 packets could transit a Junos device configured as a Broadband Network Gateway (BNG) and reach the EVPN leaf node, causing a stale MAC address entry. This could cause legitimate traffic to be discarded, leading to a Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11012 for more information. |
| PR Number | Synopsis | Category: BBE state synchronization issues |
| 1466118 | The bbe-smgd process core dumps on backup routing engine Product-Group=junos |
On MX platform, bbe-smgd process core dumps on backup routing engine |
| PR Number | Synopsis | Category: Border Gateway Protocol |
| 600308 | JUNOS BGP Established state is not shown in "show bgp summary" if only master routing instance is present Product-Group=junos |
When only the default routing-instance is present, the command "show bgp summary" does not show the BGP ESTABLISH state. If the BGP state is not an ESTABLISHED state, then it shows the state as design (that is, Active, Idle, Connect). If there is a routing-instance configured (apart from master routing-instance inet.0), the BGP ESTABLISH state is shown properly. The issue happens for IPv4 BGP sessions only; on IPv6 all the BGP states are seen as default. |
| 1403186 | All the BGP session flap after RE switchover Product-Group=junos |
With GRES and NSR enabled, if executing RE switchover, BGP session might flap in some scenario. When Junos version have the fix of PR-1440694, BGP session always flap after doing RE switchover. |
| 1432100 | The "dead" next-hop might stay in the forwarding table in a BGP-LU scenario after the primary interface recovers Product-Group=junos |
In BGP Labeled Unicast (BGP-LU) scenario, if the device works as penultimate hop and receives BGP-LU routes with indirect next-hop from an egress router, after the operational next-hop interface corresponding to those labeled routes flaps, a "dead" next-hop type (discard action is performed for this type) may be set for the related clone routes (s=0) and still there even the next-hop interface is operational again. |
| 1481641 | JSA11032 Junos OS and Junos OS Evolved: RPD crash due to specific BGP UPDATE packets (CVE-2020-1644) Product-Group=junos |
On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt of a specific BGP UPDATE packet causes an internal counter to be incremented incorrectly, which over time can lead to the routing protocols process (RPD) crash and restart. Please refer to https://kb.juniper.net/JSA11032 for more information. |
| PR Number | Synopsis | Category: BBE Remote Access Server |
| 1323829 | IP addresses are assigned discontinuously from the linked IP pools Product-Group=junos |
When Address-Assignment Pool Linking is configured, the IP addresses assignment may allocate IP addresses from later pools before the earlier pool is depleted. This is caused by the mechanism change for the IP assignment from the introduced release. |
| 1402012 | The authd crash might be seen due to a memory corruption issue Product-Group=junos |
In subscriber scenario, the authd might crash multi-times due to a memory corruption issue. |
| PR Number | Synopsis | Category: MPC5/6E pfe microcode software |
| 1298161 | FPC ppe_img_ucode_redistribute Failed to evict needed instr to GUMEM error reported randomly Product-Group=junos |
In some MX Series deployments running Junos OS, random syslog messages are observed for FPC cards: "fpcx ppe_img_ucode_redistribute Failed to evict needed instr to GUMEM - xxx left". These messages are not an issue and might not have a service impact. These messages will addressed as INFO level messages. On a Packet Forwarding Engine, there are dedicated UMEM and shared GUMEM memory blocks. This informational message indicates some evicting events between UMEN and GUMEN and can be safely ignored. |
| 1303489 | MPC Major alarm, with logs: XQCHIP(46):XQ-chip[0]: DROP protect_regs error (status=0x8) Product-Group=junos |
In some scenarios with MPC, Major alarm and following messages are generated. this Major error is triggered due to parity error, and the impacted queue might drop packets,This might impact the forwarding, to recover MPC card need to be rebooted messages log: fpcx XQCHIP(46):XQ-chip[0]: DROP protect_regs error (status=0x8) alarmd[3158]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC x Major Errors Major alarm set, FPC x Major Errors fpcx XQCHIP(46):XQ-chip[0]: DROP protect_regs error (status=0x8) cli> show chassis alarms 1 alarms currently active Alarm time Class Description 2019-01-25 15:18:03 UTC Major FPC x Major Errors |
| 1380566 | FPC Errors might be seen in subscriber scenario Product-Group=junos |
In subscriber scenario, if the"service-accounting-deferred" is configured on dynamic-profile, and there is multicast to a large number of destinations on the same physical port, the FPC Errors might be seen. |
| PR Number | Synopsis | Category: Enhanced Broadband Edge support for cos |
| 1407480 | FPC may crash shortly after XQ chip memory read failure Product-Group=junos |
In a rare scenario XQ based FPC may reset shortly after it encounters XQ chip memory read failure. |
| PR Number | Synopsis | Category: JUNOS Dynamic Profile Configuration Infrastructure |
| 1258744 | The device control process (dcd) crashes during the ATM-related configuration commit. Product-Group=junos |
In a subscriber service environment, the device control process (dcd) might restart unexpectedly during commit process after changes to ATM interface configuration. |
| PR Number | Synopsis | Category: Ethernet OAM (LFM) |
| 1347250 | Junos OS: MX Series: PFE on the line card may crash due to memory leak. (CVE-2020-1651) Product-Group=junos |
When eth-oam is deactivated with scale PM config (under hardware-assited-pm-mode), the FPC can become unstable and can lead to FPC core. Memory leak might also happen on receiving CFM LLM packets without CFM being configured. Refer to https://kb.juniper.net/JSA11038 for more information. |
| PR Number | Synopsis | Category: Express PFE FW Features |
| 1372944 | Junos OS: PTX1000 and PTX10000 Series, QFX10000 Series using non-AFT architectures: A specific genuine packet inspected by sFlow will cause a reboot. (CVE-2020-1617) Product-Group=junos |
An improper initialization of memory in the packet forwarding architecture in Juniper Networks Junos OS non-AFI/AFT platforms which may lead to a Denial of Service (DoS) vulnerability being exploited when a genuine packet is received and inspected by non-AFT/AFI sFlow and when the device is also configured with firewall policers. Refer to https://kb.juniper.net/JSA11000 for more information. |
| 1380917 | FPC might crash on PTX or QFX10000 after lo0 filter change Product-Group=junos |
On PTX or QFX10000 platform with vmhost based FPC (i.e. PTX-FPC3, PTX1000), FPC crash might be seen after changing filter under lo0. |
| PR Number | Synopsis | Category: MX Inline Jflow |
| 1362887 | The inline J-Flow sampling configuration might cause FPC crash on MX Series platforms. Product-Group=junos |
On MX-series platforms, if the inline-jflow "nexthop-learning" knob is configured, when the sampling removes one next-hop, the FPC might crash. It is not easily reproducible and it is a rare issue. |
| PR Number | Synopsis | Category: Kernel software for AE/AS/Container |
| 1346949 | After an FPC becomes online or child interface added to ae bundle in config, traffic loss might be experienced for around 30 seconds till LACP reaches operational state. If child link stays detached in LACP, traffic loss will continue. Product-Group=junos |
On the Trio-based platform with "enhanced-ip" enabled which is enabled by default on MX80, MX104, MX 2010, MX2020, and MX10003, if the aggregate interface is initialized before the child interface is marked as part of the aggregate after FPC becomes online or child interface added to ae bundle in config, the traffic goes out from the ae interface might lose for around 30 seconds till LACP reaches operational state. If child link stays detached in LACP, traffic loss will continue. |
| 1425211 | Interface with FEC disabled might flap after Routing Engine mastership switchover. Product-Group=junos |
By default, RS-FEC (Reed-Solomon Forward Error Correction) is enabled for 100G SR4/PSM4 optics and disabled for 100G LR4 optics. The "set interfaces xx gigether-options fec" knob was introduced in Junos OS Release 16.1R1, it can be used to override the default behavior and explicitly enable/disable FEC for a 100G interface. In GRES scenario, when a 100G interface with SR4/PSM4 optics (e.g. QSFP-100GBASE-SR4/QSFP-100G-PSM4) is a member of an AE interface, and FEC is disabled on AE (knob "gigether-options fec none" is configured), the interface might flap during RE mastership switchover. After that, the interface will come up itself and this issue will recover automatically. |
| 1440033 | Traffic loss is observed on newly added interfaces in AE on "MX and EX platforms" Product-Group=junos |
On MX and EX series devices that support the "enhanced-ip" feature and when the new interface is added to aggregated ethernet (ae), output traffic is observed as 0 on the existing member links. This is being observed due to software issues as wrong weights are being set for existing child interfaces in the AE bundle. |
| PR Number | Synopsis | Category: jpppd daemon |
| 1350563 | Spontaneous jpppd core dump on the backup RE in longevity test at ../../../../../../src/junos/usr.sbin/jpppd/pppMain.cc:400 Product-Group=junos |
In L2TP scenario when MX router functions as LTS (L2TP Tunnel Switch), there is a memory leak in jpppd process running on the backup RE, which will eventually lead to jpppd core dump due to out of memory condition. There is no functional impact as it happens on the backup RE. |
| PR Number | Synopsis | Category: Flow Module |
| 1465286 | SRX Series: Double free vulnerability can lead to DoS or remote code execution due to the processing of a specific HTTP message when ICAP redirect service is enabled (CVE-2020-1647) Product-Group=junos |
On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, a double free vulnerability can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) due to processing of a specific HTTP message. Refer to https://kb.juniper.net/JSA11034 for more information. |
| 1465944 | Junos OS: High-End SRX Series: Multicast traffic might cause all FPCs to reset. (CVE-2020-1634) Product-Group=junos |
On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core. Refer to https://kb.juniper.net/JSA11014 for more information. |
| PR Number | Synopsis | Category: JSR Infrastructure |
| 1505864 | SRX5k fails to upgrade to some Junos versions directly from 15.1X49 with "ERROR: unsupported h/w" Product-Group=junos |
On SRX5000 series, when upgrading Junos from a 15.1X49 release to specific higher Junos releases, the installation will fail with the message "ERROR: unsupported h/w". Affected target releases are Junos 18.4R3-S2 and 18.4R3-S3. |
| PR Number | Synopsis | Category: JSR Application Services |
| 1460035 | Junos OS: SRX Series: processing a malformed HTTP message when ICAP redirect service is enabled may can lead to flowd process crash or remote code execution (CVE-2020-1654) Product-Group=junos |
On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, processing a malformed HTTP message can lead to a Denial of Service (DoS) or Remote Code Execution (RCE). Refer to https://kb.juniper.net/JSA11031 for more information. |
| PR Number | Synopsis | Category: Layer 2 Circuit issues |
| 1512834 | The rpd might crash when deleting l2circuit configuration in a specific sequence Product-Group=junos |
If l2circuit local-switching is enabled with connection-protection, the rpd could crash in the following configuration change sequence. 1. First, delete the logical interface (IFL) used by a l2circuit and commit the change. 2. Then, delete the corresponding l2circuit configuration. The rpd could crash after committing the change. |
| PR Number | Synopsis | Category: pfe issues on m-series that do not have a specific category |
| 1338581 | Packet and byte count associated with an MPLS Unicast next-hop can be double-counted on the output physical interface upon the next-hop removal Product-Group=junos |
When an MPLS Unicast next-hop gets removed (e.g. due to a network convergence event), the statistics associated with that next-hop can be erroneously added to the output statistics of the respective physical interface, causing false abrupt increments in output packet and byte count. Logical interface statistics and CoS queues' counters are not affected by this problem and still provide accurate data. |
| PR Number | Synopsis | Category: Application specific PRs (cos/snmp/time-sync/routing/BRAS) |
| 1255542 | MX-VC: suboptimal Aggregate Ethernet Load Balancing when an Aggregate Ethernet bundle is part of an ECMP path. Product-Group=junos |
Load balancing is uneven across Aggregated Ethernet (AE) member links when the AE bundle is part of an equal cost multipath (ECMP). The AE member links need to span Virtual Chassis members. |
| PR Number | Synopsis | Category: Platform issues specific to MS-MPC (XLP) |
| 1141266 | "Mounting 128.0.x.x :/var/tmp/pics on /var/re: mount_nfs failed/timed out" are seen on message log file. Product-Group=junos |
Unending "mount request denied from 128.0.x.x for /var/tmp/pics" messages are seen on the message log file. Service pic can not upload coredump to routing-engine in the event of any crashes of service pic. It overwhelms the Hard Disk with these error messages. This would occur only with Service PIC being installed on one of the slots. |
| PR Number | Synopsis | Category: Multiprotocol Label Switching |
| 1467278 | The rpd might crash in PCEP for the RSVP-TE scenario Product-Group=junos |
In PCEP (Path Computation Element Protocol) with RSVP Traffic Engineered LSP (TE LSP) scenario, the two LSPs with the same TE LSP name might be shared between Path Computation Element (PCE) and Path Computation Client (PCC) in some rare cases. Then, if the configuration of LSP is delegated from CLI and externally controlled by PCC at the same time, the rpd might be crashed. |
| PR Number | Synopsis | Category: Multi Protocol Label Switch OAM |
| 1328058 | JSA10877 2018-10 Security Bulletin: Junos OS: RPD daemon crashes upon receipt of specific MPLS packet (CVE-2018-0043) Product-Group=junos |
The RPD daemon crashes upon receipt of specific MPLS packet (CVE-2018-0043); Refer to https://kb.juniper.net/JSA10877 for more information. |
| 1399484 | The rpd process might crash when executing "traceroute mpls bgp" Product-Group=junos |
When traceroute is performed to a remote host for an MPLS LSP using the command "traceroute mpls bgp", in very rare cases, it is possible that mplsoam daemon is holding the stale BGP instance handle in the query to the rpd process to get the information for the Forwarding Equivalence Class (FEC). Hence rpd crash might occur because of the invalid instance and cause traffic impact till rpd comes back up. |
| PR Number | Synopsis | Category: DNS filtering on MX. |
| 1474056 | Junos OS: MX Series: Services card might restart when DNS filtering is enabled (CVE-2020-1645) Product-Group=junos |
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart. Refer to https://kb.juniper.net/JSA11028 for more information. |
| PR Number | Synopsis | Category: Bugs related to ethernet interface on MX platform |
| 1259757 | "HEAP: Free at interrupt level /Free interrupt violation!" syslog messages might be seen when interface is down Product-Group=junos |
If an interface installed with tri-rate SFP-T on MIC-3D-20GE-SFP-E/EH is configured as auto-negotiation, "HEAP: Free at interrupt level /Free interrupt violation!" syslog messages might be seen when the interface is down. There is no impact for the syslog messages. |
| PR Number | Synopsis | Category: MX104 Software - Kernel |
| 1223979 | In MX104 platform: CPU hog or busy state will end up with sporadic I2C access error message and false alarms Product-Group=junos |
In MX104, when RE CPU usage is going high, sporadic I2C error message would be shown up. Since the situation would be temporary, the I2C access may success in next polling and there would be no impact. |
| PR Number | Synopsis | Category: Track Mt Rainier RE platform software issues |
| 1220061 | The routers equipped with NG-REs might raise memory size mismatch alarm after upgrade Product-Group=junos |
MX or PTX series routers equipped with NG-REs might raise memory mismatch alarm which is cosmetic. |
| 1408480 | The alarm 'Mismatch in total memory detected' is observed after issuing "request reboot vmhost routing-engine both". Product-Group=junos |
Alarm 'Mismatch in total memory detected' is observed after reboot vmhost both. |
| PR Number | Synopsis | Category: OS IPv4/ARP/ICMPv4 |
| 1345720 | The rpd might crash when doing Routing Engine switchover with NSR and logical-system configurations. Product-Group=junos |
When doing RE switchover with NSR (nonstop-routing) and logical-system configurations, rpd core might happen. This issue is platform independent. And it would cause traffic or service impact. |
| 1468183 | Junos OS: Kernel crash (vmcore) or FPC crash due to mbuf leak (CVE-2020-1653) Product-Group=junos |
On Juniper Networks Junos OS devices, a stream of TCP packets sent to the Routing Engine (RE) may cause mbuf leak which can lead to Flexible PIC Concentrator (FPC) crash or the system to crash and restart (vmcore). Refer to https://kb.juniper.net/JSA11040 for more information. |
| PR Number | Synopsis | Category: FreeBSD Kernel Infrastructure |
| 1168322 | Junos OS: SRX Branch Series and vSRX Series: Multiple vulnerabilities in ISC BIND named. (CVE-2016-1285, CVE-2016-1286) Product-Group=junos |
ISC BIND software included with Junos OS on SRX Branch Series and vSRX devices has been upgraded to resolve multiple vulnerabilities. These issues are only applicable to SRX Branch Series and vSRX Series with DNS Proxy server enabled. Refer to https://kb.juniper.net/JSA10994 for more information. |
| PR Number | Synopsis | Category: "ifstate" infrastructure |
| 1379657 | Protocol adjacency might flap and FPC might reboot if jlock hog happens Product-Group=junos |
On all platforms and in scaling scenario, if doing some operations which causes jlock hog, the protocols adjacency might flap and all the FPCs might reboot. |
| PR Number | Synopsis | Category: PFE Peer Infra |
| 1209308 | Protocol may flap Product-Group=junos |
In some rare scenarios, TCP keepalive may timeout on the local sockets between the master Routing Engine and the FPCs. The problem caused by a delay in packet processing on em0 interface, or delay in processing keepalive packets during network instability events. The results are protocol flap events. |
| PR Number | Synopsis | Category: TCP/UDP transport layer |
| 1394370 | The command "commit synchronize" might fail because several internal connections are stuck Product-Group=junos |
Command "commit synchronize" might fail due to kernel TCP socket stuck, the stuck can also result in login failure to the Backup RE from Master RE or to an FPC. |
| PR Number | Synopsis | Category: Path computation client daemon |
| 1442598 | Few Path Computation Element Protocol (PCEP) logs are marked as ERROR even though they are not. Now severity of those logs are corrected as INFO. Product-Group=junos |
1. Connection with rpd established! 2. Switched to master mode 3. received SIGHUP, handle configuration 4. Switched to slave 5. PCCD mastership is: %d 6. Delegation retry timedout: LSP id: %d with PCE: %s 7. Connection with pce %s (%s:%u) successful 8. Connection to pce %s (%s:%u) failed 9. PCCD received message '%s' from libpcep 10. PCClose received from PCE. Switching to new main PCE 11. No protocol trace configuration found 12. Could not get pce-group id from pce |
| PR Number | Synopsis | Category: PTX5KBroadway based PFE IPv4, IPv6 software |
| 1254415 | PTX FPC is reporting TQCHIP : Fatal error pqt_min_free_cnt is zero Product-Group=junos |
PTX Series platforms with the FPC-PTX-P1-A or FPC2-PTX-P1A line card might encounter a single event upset (SEU) event that can cause a linked-list corruption of the TQCHIP. The following syslog message is reported: Jan 9 08:16:47.295 router fpc0 TQCHIP1: Fatal error pqt_min_free_cnt is zero Jan 9 08:16:47.295 router fpc0 CMSNG: Fatal ASIC error, chip TQ Jan 9 08:16:47.295 router fpc0 TQ Chip::FATAL ERROR!! from PQT free count is zero jan 9 08:16:47.380 router alarmd[2427]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 Jan 9 08:16:47.380 router craftd[2051]: Fatal alarm set, FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 Junos OS Chassis Management Error handling does detect such condition, and raises an alarm and performs the disable-pfe action for the affected PFE entity. To recover this PFE entity, a restart of the FPC is needed. Soft errors are transient or non-recurring. FPCs experiencing such SEU events do not have any permanent damage. Contact your Juniper support representative if the issue is seen after a FPC restart. |
| PR Number | Synopsis | Category: Protocol Independant Multicast |
| 1155778 | The rpd process on the backup Routing Engine might crash because of a memory leak with the PIM configuration. Product-Group=junos |
For devices populated with master and backup Routing Engines (RE) and configured for nonstop active routing (NSR) and Protocol Independent Multicast (PIM) configuration, the routing protocol process (rpd) might crash on the backup Routing Engine due to a memory leak. This leak occurs when the backup Routing Engine handling mirror updates about PIM received from the master Routing Engine deletes information about a PIM session from its database. But because of a software defect, a leak of 2 memory blocks (8 or 16 bytes) might occur for every PIM leave. If the memory is exhausted, the rpd may crash on the backup Routing Engine. There is no impact seen on the master Routing Engine when the rpd crashes on the backup Routing Engine. Use the "show system processes extensive" command to check the memory. |
| PR Number | Synopsis | Category: vMX Platform Infrastructure related issue tracking |
| 1328119 | Minor alarm "LCM Peer Connection un-stable" is observed on MX150 after the chassisd process startup or restart Product-Group=junos |
On the MX150 platform, there will be a minor alarm "LCM Peer Connection un-stable" reported after the chassisd process startup or restart. It does not impact service and can be ignored. |
| 1344858 | Junos OS: vMX: Default credentials supplied in configuration (CVE-2020-1615) Product-Group=junos |
The factory configuration for vMX installations, as shipped, includes default credentials for the root account. Without proper modification of these default credentials by the administrator, an attacker could exploit these credentials and access the vMX instance without authorization. Refer to https://kb.juniper.net/JSA10998 for more information. |
| PR Number | Synopsis | Category: Periodic Packet Management Daemon |
| 1003991 | FPC packet buffer memory leak due to continuous delegated BFD session flapping Product-Group=junos |
|
| PR Number | Synopsis | Category: Routing Information Protocol |
| 1508814 | The rpd crash might occur due to RIP updates being sent on an interface in down state Product-Group=junos |
When RIP with p2mp (point-to-multiple) is configured on an interface in down state, in a very corner case, routing daemon might crash while sending RIP updates to an interface which is already down. |
| PR Number | Synopsis | Category: RPD Next-hop issues including indirect, CNH, and MCNH |
| 1276044 | Routing Protocol Daemon(RPD) might crash with core-dump if forwarding-table export policy with 'install-nexthop' is configured Product-Group=junos |
Routing Protocol Daemon(RPD) might crash with core-dump if forwarding-table export policy with 'install-nexthop' is configured and that LSP is not available |
| 1370174 | The rpd might crash after Routing Engine switchover is performed or the rpd is restarted if interface-based dynamic GRE tunnel is configured. Product-Group=junos |
With interface-based Dynamic GRE Tunnel configured, there might be 2 next-hops for a single dynamic GRE tunnel when a new route is resolved over the dynamic tunnel after RE switchover is performed or the rpd is restarted. Subsequent withdrawal of the routes over that tunnel or master Routing Engine restarting will cause the rpd crash. This issue is introduced in PR 1202926 (which is fixed in 15.1F7 16.1R4 16.2R1-S6 16.2R1-S6-J1 16.2R2 17.1R2-S7 17.1R2-S8 17.1R3 17.2R1). |
| PR Number | Synopsis | Category: RPD route tables, resolver, routing instances, static routes |
| 1457955 | Aggregate route with BGP contributing routes may flap in some scenarios as expected Product-Group=junos |
Aggregate route with BGP contributing routes may flap in some scenarios as expected The reasons is, by default, aggregate route carries some BGP attributes like AS-PATH, originator, cluster. Aggregate route inherit those attributes from active contributing routes. If one or few contributing route add/delete/change happens, while other contributing routes are still stable, aggregate route may refresh since its attributes got changed. If this aggregate route is exported into BGP, a BGP update will be sent to downstream router with updated attributes, causing a service impact Reference page: https://www.juniper.net/documentation/en_US/junos/topics/concept/policy-aggregate-routes.html |
| 1466161 | Memory consumption increased causing memory pressure and high CPU utilization in MX5/10/40/80 platform after upgrade to Junos 16.1 or later Product-Group=junos |
MX5/10/40/80 platform may suffer from memory pressure and high CPU utilization after upgrading to Junos to 16.1 or later. A similar issue may also be seen on other platforms having routing-engines with 2 gigabytes of memory or less. |
| PR Number | Synopsis | Category: jflow/monitoring services |
| 1284918 | The sampled route reflector process (srrd) might crash in the large routes churn situation. Product-Group=junos |
When the FPCs are busy in high churn scenarios, because the srrd thread in the Packet Forwarding Engine has low priority, CPR resources are insufficient to process the messages sent by srrd process. Due to this, the queue for these busy FPCs are piling in srrd and eventually leading to crash. Refer to the description for the details. |
| PR Number | Synopsis | Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP) |
| 1415119 | Only 40 MS-PICs (10 MS-MPC cards) can be in the ACTIVE state even if more than 10 MS-MPC cards are inserted in the MX2020 chassis Product-Group=junos |
On MX2020 platform, at most 40 MS-PICs (10 MS-MPC cards) can be in the ACTIVE state even if more than 10 MS-MPC cards are inserted in the MX2020 chassis. |
| 1453811 | Junos OS: MX Series: Denial of Service vulnerability in MS-PIC component on MS-MIC or MS-MPC (CVE-2020-1650) Product-Group=junos |
On Juniper Networks Junos MX Series with service card configured, receipt of a stream of specific packets may crash the MS-PIC component on MS-MIC or MS-MPC. Refer to https://kb.juniper.net/JSA11037 for more information. |
| PR Number | Synopsis | Category: SFW, CGNAT on MS-MIC/MS-MPC (XLP) |
| 1335956 | The MAC_STUCK might be seen on MS-MPC or MS-MIC Product-Group=junos |
In an MS-MPC or MS-MIC in ALG scenario, the MAC_STUCK message might be observed and traffic might be dropped. |
| PR Number | Synopsis | Category: MPC7, MPC8, MPC9, SFB2, MRATE & 8x100 MICs |
| 1354070 | The log of "SMART ATA Error Log Structure error: invalid SMART checksum." might be seen on FPC with WINTEC mSata SSD Product-Group=junos |
The log of "SMART ATA Error Log Structure error: invalid SMART checksum." might be seen on FPC with WINTEC mSata SSD |
| PR Number | Synopsis | Category: MPC7/8/9 Interface Issues |
| 1441816 | Egress stream flush failure and traffic blackhole might occur Product-Group=junos |
Egress stream flush failure and silent dropping of traffic could occur in a rare occasion for a repeatedly flapping link on MPC7E, MPC8E, MPC9E cards, MX204 and MX10003. |
| PR Number | Synopsis | Category: Trio LU, IX, QX, MQ chip drivers, ucode & related SW |
| 1059137 | An enhancement for reporting CM-ERRORs when memory parity errors occur within MPC pre-classifier engines Product-Group=junos |
On MX Series routers, parity memory errors might occur in pre-classifier engines within an MPC. Packets are silently discarded because such errors are not reported and hence harder to diagnose. CM errors such as syslog messages and alarms should be raised when parity memory errors occur. |
| 1248858 | On MPC 5/6/7/9 with inline services configured memory leak can be observed in services next hop Product-Group=junos |
On MPC 5/6/7 and 9 with inline services configured memory leak can be observed in services next hop when the MPCs services next hop memory block is utilized at the boundary of the allocated memory space. |
| PR Number | Synopsis | Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch |
| 1308000 | Enhanced Subscriber Management: Targetting for subscribers terminated in non-default routing-intance is supported from 17.3R2 Product-Group=junos |
Enhanced Subscriber Management: For subscribers terminated in routing-instance, targeting will be supported from 17.3R2 onwards. With current code subscribers may come up but traffic towards subscriber may be dropped at MX as it is not support in current release. |
| 1401808 | FPC core files due to a corner case scenario (race condition between RPF, IP flow). Product-Group=junos |
In a subscriber management deployment where the Reverse-Path-Forwarding (RPF) check and MAC check is enabled, a race condition might cause software failure and resulted in a Flexible PIC Concentrator (FPC) to restart. |
| PR Number | Synopsis | Category: Trio pfe qos software |
| 1382288 | One single port with Dual stack subscribers pppoe/dhcpv6 drop all the connections and no subscribers seen now. Product-Group=junos |
One single port with dual stack subscribers pppoe/dhcpv6 drop all the connections and no subscribers are seen. |
| 1418602 | FPC log messages: "Q index(xxxxx) is not allocated" Product-Group=junos |
The cause of the messages is a race condition. For each IFL, IFLSET or IFD object, HALP statistics module reads stats values from hardware for the individual queues. HALP stats module is implemented as a separate stats thread and while stats thread is waiting, PFEMAN thread may assign different queues to the IFL/IFLSET/IFD object. After stats thread gets CPU back, before reading HW for the next queue, stats thread needs to validate that queue is still applicable, which fails if we see the message. The messages are harmless and can be ignored. |
| PR Number | Synopsis | Category: TRIO Interface based services |
| 1465490 | MX Series: PFE crash on MPC7/8/9 upon receipt of small fragments requiring reassembly (CVE-2020-1649) Product-Group=junos |
When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine (PFE) will become disabled upon receipt of small fragments requiring reassembly. Refer to https://kb.juniper.net/JSA11036 for more information. |
| PR Number | Synopsis | Category: Trio pfe l3 forwarding issues |
| 1474154 | MX Series: PFE crash on MPC7/8/9 upon receipt of large packets requiring fragmentation (CVE-2020-1655) Product-Group=junos |
When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine (PFE) will become disabled upon receipt of large packets requiring fragmentation. Refer to https://kb.juniper.net/JSA11041 for more information. |
| PR Number | Synopsis | Category: Authentication, Authorization, Accounting, PAM (RADIUS/tacplus) |
| 1233649 | additional fix for timing issue that can cause auditd core Product-Group=junos |
additional fix for timing issue that can cause auditd core, covered several corner cases to prevent core related to PR1191527 |
| 1305964 | Message "system reaching processes ceiling low watermark" might be seen Product-Group=junos |
When an "auditd" child process is terminated, the process is still having a pid and an entry in the process table. When the number of defunct processes reaches the limit, you will see "jlaunchd" error messages. |
| PR Number | Synopsis | Category: Configuration management, ffp, load action |
| 1267433 | The commitd process might generate a core file when removal of certain configuration is followed by a commit operation. Product-Group=junos |
Core file is generated by commitd when deletion for a certain configuration is committed. Configuration is properly changed after commit even though core file remains. |
| PR Number | Synopsis | Category: PFE on Satellite Device |
| 1360876 | The shutdown of the cascade port might lead to the invalidation of the MPC linecard Product-Group=junos |
In Fusion scenario, on the MPC2E/3E NG HQoS or MPC5E 3D Q linecard, if the cascade port is down (e.g., disabled, deactivated), all the interfaces of the linecard might be unusable. |
| PR Number | Synopsis | Category: VMHOST platforms software |
| 1349373 | FPCs may reboot continuously until the Routing Engine reboot Product-Group=junos |
On a next-generation Routing Engine (NG-RE), a failure of the Hardware Random Number Generator (HWRNG) will leave the system in a state where there is not enough entropy available to operate. Please refer to TSB17734(http://kb.juniper.net/InfoCenter/index?page=content&id=TSB17734) for more details. |
| PR Number | Synopsis | Category: Virtual Private LAN Services |
| 1295664 | LSI interface might not be created causing remote MACs not being learnt with error log of "RPD_KRT_Q_RETRIES: ifl iff add: Device busy" Product-Group=junos |
With VPLS being configured, after upgrade to 15.1/16.1/17.x releases, in some circumstances VPLS LSI interface are not correctly created, causing remote MACs not being learnt and L2 VPLS outage. The issue is not reproduced and the code change is not a fix but add a instrumentation using a hidden command 'show vpls ipc-history', which should be captured right away when the issue is seen on latest releases. show vpls ipc-history <<<<< show vpls connections show krt queue show route forwarding-table extensive /var/log/messages |
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search