Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

19.1R3-S2: Software Release Notification for JUNOS Software Version 19.1R3-S2

0

0

Article ID: TSB17821 TECHNICAL_BULLETINS Last Updated: 13 Jul 2020Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 19.1R3-S2 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 19.1R3-S2 is now available.

19.1R3-S2 - List of Fixed issues

PR Number Synopsis Category: DOT1X
1462479 EX-4600-EX-4300: Mac entry missing in Ethernet-Switching table for Mac-radius client in server fail scenario when tagged is sent for 2 client
Product-Group=junos
In a server-fail scenario, when tagged traffic is sent for the first client, MAC learning happens for both data and voice. But for the second client on the same interface, learning happens only for voice. This is because the VLAN is already added for an interface due to first client authentication process.
1504818 Authentication failure might occur on captive-portal
Product-Group=junos
On EX/MX/QFX/SRX platforms in case of captive-portal without dot1x stanza, when receiving the filter from the RADIUS for captive-portal user might lead to authentication failure for that user. This issue is seen only in the captive-portal configuration with RADIUS filter when dot1x stanza is not present.
1512724 DOT1XD_AUTH_SESSION_DELETED event is not triggered with single supplicant mode
Product-Group=junos
When a 802.1X session terminates, an event denoting the same was not logged in single supplicant mode. As fix, a new event "DOT1XD_USR_SESSION_DISCONNECTED" is logged consistently whenever a session terminates irrespective of supplicant mode. "DOT1XD_AUTH_SESSION_DELETED" events still get generated too but only for multiple and single-secure supplicant modes (as per design).
PR Number Synopsis Category: NFX LTE Software
1507165 The NFX platform might fail to work after jdm image upgrade to the version 18.4 or higher
Product-Group=junosvae
On NFX platforms with knob "lte-wan" enabled, the NFX device might fail to work after upgrading the jdm image to the version 18.4 or higher. The reason for this issue is that since 18.4, LTE-VM is changed to LTE, whereas jdmd still uses LTE-VM to try to update LTE parameters when "lte-wan" is configured for some Virtualization Network Function(VNF) VM, that will cause the update to fail and all VNF VMs running on it might not work properly.
PR Number Synopsis Category: QFX Access control list
1499918 Traffic drop might be observed after modifying FBF firewall filter
Product-Group=junos
On QFX5K platforms, after making changes in filter-based forwarding (FBF) firewall filter that is configured with multiple terms or different routing instances, traffic drop might be observed.
PR Number Synopsis Category: QFX PFE CoS
1510365 Traffic might be forwarded to wrong queue when fixed classifier is used
Product-Group=junos
If L2 access or vlan bridge IFL is created after fixed classifier is applied, the traffic matching the fixed classifier might be forwarded in unexpected queue, it might cause congestion unexpectedly hence there is traffic impact.
1510365 Traffic might be forwarded to wrong queue when fixed classifier is used
Product-Group=junosvae
If L2 access or vlan bridge IFL is created after fixed classifier is applied, the traffic matching the fixed classifier might be forwarded in unexpected queue, it might cause congestion unexpectedly hence there is traffic impact.
PR Number Synopsis Category: QFX PFE L2
1441186 MAC learning might not work correctly on QFX5120
Product-Group=junosvae
On QFX5120, after deleting and reapplying configuration multiple times, MAC learning might not work correctly. It is a rare issue.
1469149 EX4650/QFX5120: QinQ: The third VLAN tag is not pushed onto the stack and SWAP is being done instead
Product-Group=junos
On EX4650/QFX5120 platforms, if frames with two VLAN tags are received into the interface with 'input-vlan-map push', the SWAP will be done instead of the PUSH.
1469149 EX4650/QFX5120: QinQ: The third VLAN tag is not pushed onto the stack and SWAP is being done instead
Product-Group=junosvae
On EX4650/QFX5120 platforms, if frames with two VLAN tags are received into the interface with 'input-vlan-map push', the SWAP will be done instead of the PUSH.
PR Number Synopsis Category: Accounting Profile
1509467 DT_BNG: Use of UTC timestamp in flat-file-accounting files when profile configured
Product-Group=junos
JUNOS accounting options add a timestamp in file names when pushing files to server. Before this fix the timestamp was based on local time / timezone. With this fix the timestamp in filename is UTC.
PR Number Synopsis Category: BBE state synchronization issues
1466118 The bbe-smgd process core dumps on backup routing engine
Product-Group=junos
On MX platform, bbe-smgd process core dumps on backup routing engine
PR Number Synopsis Category: Border Gateway Protocol
1497721 Junos OS: Receipt of certain genuine BGP packets from any BGP Speaker causes RPD to crash. (CVE-2020-1640)
Product-Group=junos
An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon allows an attacker to crash RPD thereby causing a Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11024 for more information.
1499977 The rpd may crash if the import policy is changed to accept more routes that exceed the teardown function threshold
Product-Group=junos
On all platforms with BGP max-acceptance prefix limit (accepted-prefix-limit with teardown action) configured, the rpd crashes may occur when a policy change causes the number of routes being imported cross the configured threshold value and teardown action is being performed by the router.
PR Number Synopsis Category: MPC5/6E pfe microcode software
1453575 The FPC might crash due to the Memory corruption in JNH pool
Product-Group=junos
On all Junos platforms, after the restart of the fabric plane, memory corruption might be there in the JNH pool which could lead to the crash of FPC.
PR Number Synopsis Category: Tracking sw issues related to Channelized 4xOC3/1xOC-12 Mic
1396538 MPC card/AFEB/TFEB with Channalized OC MIC might crash with core dump
Product-Group=junos
On MX Series platforms, if channelized OC MIC (such as 1xCOC12/4xCOC3 CH-CE) is used, the MPC card/AFEB/TFEB (Forwarding Engine Board) might crash with core files generated. This is not easily reproducible. The traffic through the MIC would be impacted.
PR Number Synopsis Category: Class of Service
1500250 MX with linecards using MPC1-Q/MPC2-Q might report memory errors
Product-Group=junos
MPC1-Q/MPC2-Q parity error might be detected within "QDR/RLD and Internal Memory" and invoking major alarm. The default action for major alarm is disable-pfe with JunOS version 17.3 or higher. Enhancements has been added to auto-correct parity errors within the static memory area and record the repair attempt. If repairing threshold is reached, Major Alarm is triggered.
PR Number Synopsis Category: Device Configuration Daemon
1337069 Restarting chassisd with GRES disabled might cause FPC to restart and some demux interfaces deletion
Product-Group=junos
On MX-Series JSM (Junos subscriber management) environment, when GRES (Graceful Routing Engine Switchover) is disabled, restarting chassisd might cause FPC to restart and some demux interfaces to be deleted.
PR Number Synopsis Category: DNX L2 related features
1517074 L2ALD crash is seen during stability test with traffic on scaled set-up.
Product-Group=junos
The L2ALD process on an ACX platform may restart unexpectedly during interface flaps.
PR Number Synopsis Category: JUNOS Dynamic Profile Configuration Infrastructure
1468414 IPv6 dynamic subscribers might be unable to access on Junos 18.2R3 and onwards releases
Product-Group=junos
On MX platforms with enhanced subscriber management feature enabled, if there are IPv6 dynamic subscriber access services deployed, the subscriber might fail to login due to the validation error for the dynamic variables "junos-framed-route-ipv6-cost" and "junos-framed-route-ipv6-distance". The v6-cost and v6-distance parameters are not mandatory before Junos 18.2R3 but become mandatory later, and the default value for them are just empty strings which will cause validation failure.
PR Number Synopsis Category: EVPN control plane issues
1485377 The ARP entry is gone from kernel after adding and deleting the virtual-gateway-address
Product-Group=junos
On MX/QFX10002/QFX10008/QFX10016 devices within an EVPN-MPLS active-active multi-homing mode, when adding and deleting the virtual-gateway-address, the ARP entry to CE might disappear from the kernel.
1506343 Configuring the knob "proxy-macip-advertisement" for EVPN-MPLS leads to functionality breakage
Product-Group=junos
In EVPN-MPLS scenario, with "proxy-macip-advertisement" enabled on irb, we see ARP for remote CE on local PE fails and forwarding-table entry always remains in hold state. The "proxy-macip-advertisement" enable the proxy advertisement feature on a device that can function as a Layer 3 gateway. With this feature enabled, the Layer 3 gateway advertises the MAC and IP routes (MAC+IP type 2 routes) on behalf of Layer 2 VXLAN gateways.
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1498023 The l2ald memory leak may be observed in any EVPN scenario
Product-Group=junos
In any EVPN scenario (for example, active-active multi-homing mode, active-standby multi-homing mode, EVPN-VXLAN, or EVPN-MPLS), the l2ald memory might slowly come up when the local CE device or core face interfaces continuously flap. If the memory of l2ald is exhausted, it causes the l2ald to crash.
1503657 The MAC address of the LT interface might not be installed in the EVPN database
Product-Group=junos
In EVPN-VXLAN (Ethernet Virtual Private Network - Virtual Extensible LAN) scenario if the LT (Logical Tunnel) interface is under the bridge-domain of the EVPN-VXLAN instance, the MAC address of the LT interface might not be installed in the EVPN database. Thus no type-2 EVPN route is generated for the LT interface which results in unnecessary flooding and replication by the remote EVPN peer in the network.
PR Number Synopsis Category: Express PFE L2 fwding Features
1442587 The PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb
Product-Group=junos
Path MTU Discovery (PMTUD) is a standardized technique for determining the maximum transmission unit (MTU) size on the network path between two IP hosts, usually with the goal of avoiding IP fragmentation. On QFX10K platforms, the PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb. The corresponding ICMP Fragmentation Needed packet to the sender might be dropped silently, then PMTUD fails. This issue has service impact.
PR Number Synopsis Category: Enhanced Broadband Edge support for firewall
1421541 FPC crash may be observed after GRES when committing changes in firewall filter with "next term" statements in subscriber scenario
Product-Group=junos
FPC crash may be observed after GRES when committing changes in subscriber firewall filter with "next term" statements in subscriber scenario. Another effect of this issue could be firewall filter misprogramming, e.g. lost firewall filter terms after GRES
PR Number Synopsis Category: JSR Infrastructure
1505864 SRX5k fails to upgrade to some Junos versions directly from 15.1X49 with "ERROR: unsupported h/w"
Product-Group=junos
On SRX5000 series, when upgrading Junos from a 15.1X49 release to specific higher Junos releases, the installation will fail with the message "ERROR: unsupported h/w". Affected target releases are Junos 18.4R3-S2 and 18.4R3-S3.
PR Number Synopsis Category: User Firewall related issues
1499090 Don't use capital characters for source-identity when using "show security match-policies" cmd.
Product-Group=junos
When using "show security match-policies" cmd to match a policy with source-identity configured, only the non-capital source-identity name can be matched by policy.
PR Number Synopsis Category: Layer 2 Circuit issues
1512834 The rpd might crash when deleting l2circuit configuration in a specific sequence
Product-Group=junos
If l2circuit local-switching is enabled with connection-protection, the rpd could crash in the following configuration change sequence. 1. First, delete the logical interface (IFL) used by a l2circuit and commit the change. 2. Then, delete the corresponding l2circuit configuration. The rpd could crash after committing the change.
PR Number Synopsis Category: Layer 2 Control Module
1505710 The l2cpd crash might be seen if adding/deleting ERP config and then restart l2cpd
Product-Group=junos
Core files are generated if you add or delete ERP configuration multiple times and restarted l2cpd or rebooted the box. If this issue is happened, l2cpd does not recover again and generates core file continuously.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1497209 ARP might not get refreshed after timeout on QFX10002-60C acting as EVPN-VXLAN gateway
Product-Group=junos
On QFX10002-60C platform, when IRB is enabled with EVPN-VXLAN. It does not send out ARP request if underlying interface is AE(Aggregated Ethernet Interfaces).
1498863 Traffic loss could be seen in certain conditions under Multi-homes PE scenario
Product-Group=junos
On QFX10002/QFX10008/QFX10016 devices with Multi-homes PE deployment environment, the Inter and Intra VNI/VRF traffic is dropped between CEs when one of the ESI links is disabled.
1512802 [MX] l2ald memory leak upon addition/deletion of vxlan routing-instances and interfaces
Product-Group=junos
On MX series platforms, l2ald (layer 2 address learning daemon) memory leaks upon addition/deletion of vxlan routing-instances and interfaces.
PR Number Synopsis Category: Label Distribution Protocol
1509578 Activating/Deactivating LDP-sync under OSPF might cause LDP neighborship to go down and stay down
Product-Group=junos
When container-label-switched-path is configured with ldp-tunneling, LDP targeted adjacency may go down and stay down after configuration not related to container-label-switched-path is modified.
PR Number Synopsis Category: Multiprotocol Label Switching
1467278 The rpd might crash in PCEP for the RSVP-TE scenario
Product-Group=junos
In PCEP (Path Computation Element Protocol) with RSVP Traffic Engineered LSP (TE LSP) scenario, the two LSPs with the same TE LSP name might be shared between Path Computation Element (PCE) and Path Computation Client (PCC) in some rare cases. Then, if the configuration of LSP is delegated from CLI and externally controlled by PCC at the same time, the rpd might be crashed.
PR Number Synopsis Category: Multicast Routing
1399457 Unexpectedly high packet loss might be observed after an uplink failure when the MoFRR feature is used in a scaled environment
Product-Group=junos
When the MoFRR feature is used in a scaled environment (in terms of number of routes and NHs), the actual convergence of multicast traffic might reach hundreds of milliseconds due to sub-optimal handling of MoFRR forwarding states on the PFE level.
PR Number Synopsis Category: Bugs related to ethernet interface on MX platform
1493699 One port on MIC-3D-2XGE-XFP flapping might cause the other port on the same MIC to flap
Product-Group=junos
Due to the code change in PR 1463859, one port on MIC-3D-2XGE-XFP flapping might cause the other port on the same MIC to flap.
PR Number Synopsis Category: vMX Platform Infrastructure related issue tracking
1491662 VFP VM becomes unresponsive following reboot of vMX
Product-Group=junos
In the XL710/X710 network interface cards (NIC) is used with the performance mode vMX scenario, the NIC driver is loaded to figure out NIC speed-related information on every restart or reboot of vMX. If the virtual forwarding plane (VFP) VM is continuously restarted, the NIC driver might be loaded repeatedly, it might cause the memory corruption which might lead VFP VM to become unstable, after that, the traffic loss might happen on VFP VM.
PR Number Synopsis Category: PTX10K Routing Engine
1503169 On a dual RE GRES/NSR enabled PTX10008/PTX10016 router, a few TCP-based application sessions like BGP/LDP might flap upon RE mastership switch
Product-Group=junosvae
In a rare case on a dual RE GRES/NSR enabled PTX10008/PTX10016 router, a few TCP-based application sessions like BGP/LDP might flap upon RE mastership switch or upon applications (protocols) session bounce at a backup RE. Once those sessions flap, they will be re-established automatically. Due to this issue, the TCP sessions re-connection will impact the repsective routing protocol sessions and therefore could impact the traffic. This is a timing issue; the more TCP-based application sessions the router has established prior the switchover, the higher chances to hit the issue. Usually when the issue happens, only a few TCP sessions are getting affected and not all of them.
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1462748 QFX5100 interface output counter is double counted for self-generated traffic
Product-Group=junos
On QFX5100 device, interface output counter is double counted for self-generated traffic
1475851 ULC-30Q28 FPC major error after system boot up or fpc restart
Product-Group=junos
FPC is reporting Major Error because of SHUTDOWN ERI failure during BIST with repair on HMC having FW version >= 0x9c. BIST with repair is incorporated during boot up, so this Major Error will be reported during boot up having FW>=0x9c on HMC. During debugging, its found that this ERI is getting issued even before the HMC was brought up which is resulting into this Error. So added bringup steps for HMC before the BIST procedure starts as done for vale-ptx.
PR Number Synopsis Category: QFX Control Plane Kernel related
1421250 A vmcore is seen on QFX VC
Product-Group=junos
On QFX Series Virtual Chassis during shutdown, if an interrupt is received, the system gets into this state and vmcore is observed.
1421250 A vmcore is seen on QFX VC
Product-Group=junosvae
On QFX Series Virtual Chassis during shutdown, if an interrupt is received, the system gets into this state and vmcore is observed.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1423201 SFP-LX10 stay down until disable auto-negotiate
Product-Group=junosvae
SFP-LX10 stay down until disable auto-negotiate.
PR Number Synopsis Category: QFX platform optics related issues
1497947 lcmd core seen on QFX5210064C
Product-Group=junosvae
The LCMD process is the Linux Chassis Management Management Daemon. Due to a bug in the I2C handling in the daemon, a core dump may be seen. There is no specific user-visible trigger for the core dump and you may see several erroneous alarms when the core dump occurs. These should clear after the daemon automatically restarts
PR Number Synopsis Category: QFX access control list
1487679 QFX5100: If more than one UDF filter/term is configured, then only the first filter/term will be programmed in H/w. This is due to SDK 6.5.16 upgrade.
Product-Group=junos
QFX5100: In case of even offsets, if more than one UDF filter/term is configured, then only the first filter/term will be programmed in H/w. In case of odd offset, the first offset itself won't be programmed. This is due to SDK 6.5.16 upgrade.
PR Number Synopsis Category: QFX L2 PFE
1485854 The dcpfe core might be seen with non-oversubscribed mode
Product-Group=junosvae
On QFX5110-32q, when a user navigates to non-oversubscribed mode, dcpfe does not come up. This issue is seen due to upgrade of SDK to 6.5.16.(junos 18.4R2-S4, 19.R3 and 19.4R1). Default mode of operation has no issues.
1497993 Traffic might get dropped if AE member interface is deleted/added or a SFP of the AE member interface is unplugged/plugged
Product-Group=junos
On QFX5K/EX46xx platforms, if STP is configured on vlan but the AE interface which is part of that vlan is not configured with STP, after an AE member interface is deleted or a SFP of the AE member interface is unplugged, and when the deleted AE member interface is added back or the unplugged SFP is plugged again, traffic via that AE interface might get dropped. LACP and LLDP traffic are not affected by this issue.
1504354 LLDP neighborship might be unable to set up on QFX5000 platforms
Product-Group=junos
On QFX5000 platforms running with Link Layer Discovery Protocol (LLDP) configured, if the interface has both native-vlan-id and vlan-id configured, and the native-vlan-id and vlan-id have the same value, LLDP neighborship might be unable to setup on that particular interface due to this issue.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1462519 "show forwarding-options enhanced-hash-key" is not working for QFX10K Platform
Product-Group=junos
"show forwarding-options enhanced-hash-key" is not supported for QFX10K Platform in 19.3R1 release
PR Number Synopsis Category: QFX VC Infrastructure
1486002 The 10G VCP ports will not be active on QFX51XX and EX46XX VC scenario
Product-Group=junos
On QFX51XX and EX46XX platforms, 10G VCP ports will not be active, VC/VCF could not form correctly.
PR Number Synopsis Category: KRT Queue issues within RPD
1501817 Traffic blackhole might be seen in fast-reroute scenario
Product-Group=junos
From Junos release 17.2R1-S8 the session fast-reroute is enabled by default in PFE (Packet Forwarding Engines). In the platform using unilist (one kind of indirect next-hop) as route next hop type for multiple paths scenario (such as BGP PIC or ECMP), if BGP PIC or ECMP-FRR is used, In case of that the version-id of session-id of indirect next-hop (INH) is above 256, PFE might not respond to session update and hence it might cause the session-id permanently to be stuck with the weight of 65535 in PFE. It might lead PFE to have a different view of UNILIST against load-balance selectors. Then, the BGP PIC and the ECMP-FRR might not work properly, the traffic blackhole might be seen.
PR Number Synopsis Category: multicast source distribution protocol
1485206 There might be rpd memory leak in a certain looped MSDP scenario
Product-Group=junos
On all Junos platforms running in the Multicast Source Discovery Protocol (MSDP) scenario, if there are multiple overlapping mesh groups existing in the topology, for example, node A and B belong to mesh group M, node A and D belong to mesh group N, while node B and D belong to a different mesh group O, the Source Active (SA) messages sent from node A might get continously looped due to this issue. This might lead to the rpd memory leak and 100% CPU utilization.
1517910 The rpd process might crash if there is a huge number of SA messages in MSDP scenario
Product-Group=junos
On all Junos platforms running with Multicast Source Discovery Protocol (MSDP) configured, if there is a huge number of source-active (SA) messages present in the network (e.g. around 20,000 or more), the rpd process might crash due to this issue.
PR Number Synopsis Category: Resource Reservation Protocol
1505834 The rpd process might crash with RSVP configured in a rare timing case
Product-Group=junos
On all Junos platforms running with the Resource Reservation Protocol (RSVP) configured, when some socket error happens, RSVP might be unable to send message, however the counter for sent messages has already been increased due to the software design defect. The wrong counter might lead to the rpd process crash. It's a rare timing issue and it might be more likely to happen in a scaled scenario.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1258970 mspmand[190]: msvcs_session_send: Plugin id 3 not present in the svc chain for session
Product-Group=junos
The cosmetic error "mspmand[190]: msvcs_session_send: Plugin id 3 not present in the svc chain for session" is observed in the output. Please open a JTAC case to confirm.
PR Number Synopsis Category: SFW, CGNAT on MS-MIC/MS-MPC (XLP)
1496211 The B4 might not able to establish the softwire with AFTR
Product-Group=junos
In dual-stack lite (DS-Lite) scenario, if the DS-Lite softwire-initiator (such as B4) and the Address Family Transition Router (AFTR, it acted as softwire-concentrator) is deployed with service-set included multiple softwire-rules, the wrong rule-id might be chosen for the traffic including either normal data packet or Port Control Protocol (PCP) mapping requested from the basic bridging broadband (B4) subscribers. It might cause the failures on the allocation of subscribers and choice of softwire sessions, then the subscribers behind the B4 are unable to establish a softwire (an IPv4-over-IPv6 tunnel) to AFTR.
PR Number Synopsis Category: MX10003/MX204 MPC defects tracking
1491970 User configured MTU might be ignored after the ISSU upgrade using "request vmhost software in-service-upgrade"
Product-Group=junos
User configured MTU might be ignored after the ISSU upgrade using "request vmhost software in-service-upgrade" if MTU is configured more than 9192.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1488251 MAC learning under bridge-domain stops after MC-LAG interface flap
Product-Group=junos
MAC learning under bridge-domain over MC-LAG interface stops after MC-LAG interface flap
1513509 During route table object fetch failure, FPC may crash
Product-Group=junos
Due to rare timing issue, the FPC might crash because of route table object fetch failure in EVPN multihoming scenario.
PR Number Synopsis Category: Configuration mgmt, ffp, load-action, commit processing
1391668 Commit error might be observed after adding additional sites to existing group and routing-instance configuration
Product-Group=junos
If the statement "persist-groups-inheritance" is configured, when trying to add additional sites to an existing group and routing-instance configuration, error might be observed and it leads to fail to commit after issuing "commit check".
1410322 The configuration database might not be unlocked automatically if the related user session is disconnected during the commit operation in progress
Product-Group=junos
Configuration database remains locked after stopping the SSH session.
1468119 Daemons might not be started if "commit" is executed after "commit check"
Product-Group=junos
in Junos OS Release 16.2R1 and later, if "commit" is executed after "commit check", the daemon (for example, dhcpd and sampled) might not get started even after the related configuration is successfully committed.
PR Number Synopsis Category: Ephemeral Database
1497575 Outbound SSH connection flap or memory leak issue might be observed during pushing configuration to Ephemeral DB with high rate
Product-Group=junos
When the netconf session is established over outbound ssh, the hight rate of pushing configuration to Ephemeral DB might result in Outbound SSH connection flap or memory leak issue.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1423500 Configuration commit might fail when the file system gets into full state
Product-Group=junos
On all platforms running Junos OS, when the file system gets into full state and there is not enough spare disk space, it might get into a problematic system condition in some corner case while a configuration commit is being performed. After that, if consecutive commits are still done in such a problematic status, commit-check failure logs might be seen eventually. Due to this issue, some processes might be not running even if the configuration is present.
1455960 Multiple daemons may crash on committing configuration changes related to groups
Product-Group=junos
When you enable the "persist-groups-inheritance" configuration statement and execute a delete operation to delete the entire configuration, if the user selects no and then later tries to commit the configuration changes related to groups, multiple daemons might crash.
1459839 Configuration change might not be applied if Ephemeral DB is used
Product-Group=junos
If Ephemeral DB is used, configuration change might not be applied on the device. In case of LDP configuration change, it might cause LDP session down hence affects traffic.
PR Number Synopsis Category: V44 Aggregation Device Platforms
1490101 The stats of extended ports on satellite device cluster might show wrong values from the aggregation device
Product-Group=junos
In Junos Fusion with satellite device cluster and single aggregation device (AD) deployment, if a satellite device (SD) in the cluster is not directly connected to the AD, the physical interface (IFD) stats of the extended ports on this SD cannot be shown correctly from AD. It is a display issue and does not affect function.
 

19.1R3-S2 - List of Known issues

PR Number Synopsis Category: ESWD
1192520 GARPs being sent from the switch once in 10 minutes
Product-Group=junos
GARPs were being sent whenever there is a mac (fdb) operation (add or delete). This is now updated to send GARP when interface is UP & l3 interface attached to the vlan.
PR Number Synopsis Category: EX2300/3400 PFE
1462155 The fxpc crashes due to PFEMAN_RT thread and BCM linkscan thread get into a deadlock
Product-Group=junosvae
In certain conditions, PFEMAN_RT thread and BCM linkscan thread get into a deadlock causing watchdog timeout.
PR Number Synopsis Category: NFX Series Platform Software
1504915 TACACS isn't working on JDM
Product-Group=junos
Login access to JDM via TACACS failed after upgrade to 18.4R3
PR Number Synopsis Category: QFX Access control list
1497133 Firewall filter could not work in certain conditions under VC setup
Product-Group=junos
On EX4650/QFX5120 with Virtual Chassis setup, the firewall filter (egress direction) could not work when traffic goes across VCP (Virtual Chassis Port) link.
PR Number Synopsis Category: QFX PFE L2
1455654 EVPN-VXLAN: New Tenant addition and deletion leading to INTRAVNI traffic drop for few milliseconds.
Product-Group=junos
On QFX5120, during new tenant addition, there may be few transient packet drops (2 - 15 pkts) for couple of random intra-vni traffic streams in a EVPN-VXLAN topology for the existing tenants. The drop is almost negligible and is auto recovered.
1499422 The FPC will go down when 100G link comes up on the network port of the QFX5110-48S device
Product-Group=junos
On the QFX5110-48S device running on Junos 19.3R2-S2, 18.2R3-S3 or 18.2R3-S4, the FPC will go down when the 100G link comes up on the network port. This leads to FPC up and down every 90 seconds. During the problem state running CLI "show chassis fpc detail" will not yield any output for upto 90sec. user@device> show chassis fpc detail. <-------- Empty Once FPC state transition back to online state, the 100G transceivers gets detected and fpc flap is seen again. This behavior is seen continuously as long as 100G transceivers remain connected to the QFX device in question. If 100G interfaces gets disabled from CLI or physically removed from the QFX switch, the FPC flap will no longer be seen. Note: This issue is not applicable when 100G-QSFP is used as a VCP port on QFX5110-48S.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1481987 Multicast traffic loss could be seen in certain conditions while enabling IGMP snooping under EVPN-VXLAN ERB scenario
Product-Group=junos
On QFX5110 & QFX5120 platform, which is running as Layer 3 VxLAN gateway, if "igmp-snooping" is enabled in partial but not for all bridge-domains, multicast traffic loss could be observed in non-igmp snooping bridge-domains.
PR Number Synopsis Category: Border Gateway Protocol
1403186 All the BGP session flap after RE switchover
Product-Group=junos
With GRES and NSR enabled, if executing RE switchover, BGP session might flap in some scenario. When Junos version have the fix of PR-1440694, BGP session always flap after doing RE switchover.
1481641 JSA11032 Junos OS and Junos OS Evolved: RPD crash due to specific BGP UPDATE packets (CVE-2020-1644)
Product-Group=junos
On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt of a specific BGP UPDATE packet causes an internal counter to be incremented incorrectly, which over time can lead to the routing protocols process (RPD) crash and restart. Please refer to https://kb.juniper.net/JSA11032 for more information.
1482551 The rpd might be crashed after BGP peer flapping.
Product-Group=junos
On all Junos platforms, with BGP long-lived graceful restart (LLGR) or BGP route dampening configuration, The rpd might be cored after BGP peer flapping. This is a day-1 issue.
1508888 The rpd might crash on backup RE if BGP (standby) received a route from peer which is rejected due to invalid target community
Product-Group=junos
In L3VPN scenario, the rpd(routing protocol process) on backup RE might crash when BGP(standby) received a VPN route from peer which is rejected due to invalid target community and the BGP standby peer synchronization is not complete yet.
PR Number Synopsis Category: BBE Remote Access Server
1402653 The subscribers might need to take login retry in the scenario with high usage of the address pool
Product-Group=junos
On all Junos platforms running in subscriber scenario with address pool configured, if the address pool has high usage so that only few addresses are free to allocate, when there are subscribers logout and login, the released address by one subscriber might get re-used and allocated to the other subscriber very soon. Due to this issue, syslog error messages might be seen, and the affected subscriber might need to take retry for login.
PR Number Synopsis Category: Express PFE L2 fwding Features
1352805 QFX10000 platform drops Aruba wireless AP heartbeat packets
Product-Group=junos
QFX10000 platform drops the Aruba wireless access point (AP) heartbeat packets. As a result, the Aruba wireless AP cannot work.
1446291 On QFX10K platforms removing EVPN-VXLAN L3 Gateway on the IRB interface from spine switches might cause black holing of traffic
Product-Group=junos
On QFX10000 platforms, in an EVPN-VXLAN (spine-leaf) scenario, the QFX10000 spine switches are configured with VXLAN Layer 3 gateway (utilizing the virtual gateway) on an IRB interface. If you enable and then subsequently remove the VXLAN Layer 3 gateway on this IRB interface on one or some of these spine switches, traffic drop might be observed. As a workaround, configure all virtual gateways with unique IPv4 or IPv6 MAC address.
PR Number Synopsis Category: ISIS routing protocol
1463650 The ISIS IPv6 routes might flap when there is an unrelated commit under protocol stanza
Product-Group=junos
With multi-topology enabled in ISIS globally hierarchy level, if some ISIS interfaces don't have IPv6 address, all ISIS IPv6 routes flap when committing any change under protocol stanza (e.g. 'protocol pim traceoption').
PR Number Synopsis Category: jdhcpd daemon
1419437 The dhcp relay sessions could not be established successfully
Product-Group=junos
If dhcp group configuration is added without any interface, the jdhcpd maybe not aware of the group configuration after the group is applied on an interface.
PR Number Synopsis Category: jpppd daemon
1488302 MPLS VPN label can point to discard next-hop after RE switchover without NSR if egress interface is pp0
Product-Group=junos
After RE switchover without non-stop routing (NSR) on the broadband network gateway (BNG), some VRF routing instances may experience blackholing for traffic destined to the hosts behind static PPPoE subscriber's CPE device. The affected routing instances are configured without 'vrf-table-label' knob and have a static route configured with pp0.xxx interface as a next-hop like: user@router> show configuration routing-instances TEST instance-type vrf; interface pp0.1000; route-distinguisher 65000:1000; vrf-target target:65000:1000; routing-options { static { route 10.0.0.0/24 next-hop pp0.1000; <<<< } }
PR Number Synopsis Category: Flow Module
1489276 GRE/IPSec tunnel might not come up when 'set security flow no-local-favor-ecmp' command is configured
Product-Group=junos
On SRX or vSRX clusters, when 'set security flow no-local-favor-ecmp' is configured, GRE/IPSec tunnel might not come up.
PR Number Synopsis Category: JSR Infrastructure
1479156 vSRX may restart unexpectedly
Product-Group=junos
The srxpfe process generates core files when a socket-open error occurs during the initialization phase. Self-healing takes place when the srxpfe reboots and starts processing traffic.
PR Number Synopsis Category: Kernel MX virtual-chassis PRs
1491628 MS-MIC is down after loading some releases in MX-VC scenario
Product-Group=junos
When loading some releases in MX-VC scenario, reboot of an MS-MIC will be expired which causes MS-MIC down and the service on this card could be impacted.
PR Number Synopsis Category: Layer 2 Control Module
1473610 ERP might not come up properly when MSTP and ERP are enabled on the same interface.
Product-Group=junos
When both MSTP and ERP are enabled on the same interface, then ERP does not come up properly.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1505976 VRRPv6 might not work in EVPN scenario
Product-Group=junos
In EVPN scenario with VRRPv6 used, the ethernet source mac address might be used for IPv6 mac-ip binding when the NA is sent from VRRPv6 master, as this unexpected behavior is triggered on regular intervals, it causes the entries to keep refreshing in EVPN database because NS from VRRPv6 master changes the mac-ip binding. Hence it has traffic impact.
PR Number Synopsis Category: MX104 Software - Chassis Daemon
1453893 FPC/PFE crash may happen with ATM MIC installed in the FPC
Product-Group=junos
FPC crash on MX240 and MX2020 routers or Packet Forwarding Engine crash on MX104 routers might happen when the MIC-3D-8OC3-2OC12-ATM is installed and ATM interface is configured.
PR Number Synopsis Category: Kernel Stats Infrastructure
1462986 Slow response from SNMP might be observed after an upgrade to Junos OS Release 19.2R1 and later.
Product-Group=junos
Slow response introduced with PR/1411303 fix, is getting resolved with this PR.
PR Number Synopsis Category: PTP related issues.
1507782 CLI knob to configure announce-interval as -3 so that the announce messages rate will be set to 8pps
Product-Group=junos
In PTP environment some vendor devices acting as slave expecting announce messages at an interval of -3 (8pps) from upstream master device. As of today announce message are configurable in range of 0 to 3. To support the above requirement engineering provided a hidden cli knob "set protocol ptp master announce-interval -3". In the networks/design where we have this requirement we can configure the hidden cli otherwise regular cli which is in the range (0 to 3) can be configurable. Both the cli knobs are mutually exclusive, commit error is expected if both are configured. This new change is applicable to ACX platforms only excluding ACX5k.
PR Number Synopsis Category: QFX ISSU Infrastructure
1490799 After ISSU/ISSR, a port using SR4/LR4 optics may not come up
Product-Group=junos
On QFX5100/5200 platforms, a port using SR4/LR4 optics might not come up after ISSU (In-Service Software Upgrade)/ISSR (In-Service Software Reboot).
PR Number Synopsis Category: Filters
1512242 Changing the scaled firewall profiles on the fly is not releasing TCAM resources as expected
Product-Group=junos
On a fully scaled system where all the slices are utilized by different families of CLI filters, if we try to call delete for one family and change for another family with higher number of filter terms which requires expansion of the filter, PFE fails to add the new changed filter as we are getting messages out of sequence i.e. change of filter is called earlier than delete of another filter.
PR Number Synopsis Category: QFX L2 PFE
1515254 On QFX5000 and EX46xx with VXLAN enabled , ARP request may get dropped if storm control is configured
Product-Group=junos
ARP request get dropped on QFX5000 and EX46xx devices when all of the following condition are met. 1.Storm control is enabled on any of the port. 2.VXLAN is enabled 3.Arp-suppression is enabled.
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1242589 In a BGP/MPLS scenario, if the next-hop type of label route is indirect, disabling and enabling the "family mpls" of the next-hop interface might cause the route to go into a dead state
Product-Group=junos
In a BGP or MPLS scenario, if the next-hop type of label route is indirect, then the following changing events about the next-hop interface MPLS family might cause the route to be in DEAD state, and the route will remain dead even when the family MPLS is again activated. The following events occur: Deactivating and activating the interface family mpls Deleting and adding back the interface family mpls Changing maximum labels for the interface Note: When a labelled route is resolved over an interface, that interface must have family mpls configured for the route to be successfully resolved. Otherwise the route does not get resolved.
PR Number Synopsis Category: show route table commands, tracing, and syslog facilities
1421076 RPD crash might occur when changing prefix list address from IPv4 to IPv6
Product-Group=junos
RPD crash might occur when changing a prefix-list address from IPv4 to IPv6 with "replace-pattern"
PR Number Synopsis Category: MPC7/8/9 Interface Issues
1441816 Egress stream flush failure and traffic blackhole might occur
Product-Group=junos
Egress stream flush failure and silent dropping of traffic could occur in a rare occasion for a repeatedly flapping link on MPC7E, MPC8E, MPC9E cards, MX204 and MX10003.
PR Number Synopsis Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1445637 Lawful Intercept on LAC access interface might not work as expected due to MTU check failure
Product-Group=junos
On MX platforms which is configured as Layer 2 Tunneling Protocol Access Client (LAC), if Lawful Intercept (LI) is enabled on LAC access interface, in the corner case that PPPoE packet size is larger than (PPPOE MTU - 32), but smaller than PPPOE MTU, and DF bit is set for inner PPPOE IP header, the LI mirrored packets might get dropped due to MTU check failure.
PR Number Synopsis Category: Trio pfe qos software
1382288 One single port with Dual stack subscribers pppoe/dhcpv6 drop all the connections and no subscribers seen now.
Product-Group=junos
One single port with dual stack subscribers pppoe/dhcpv6 drop all the connections and no subscribers are seen.
PR Number Synopsis Category: Trio pfe stateless firewall software
1409879 FPC crash may be observed with scaled subscribers login attempts
Product-Group=junos
In a subscriber management environment with scaled subscribers login such as 200k PPPoE subscribers, FPC crash may be observed.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1414857 PFE learn counter is negative when enabled interface-mac-limit with packet-action drop.
Product-Group=junos
Under enabled interface-mac-limit with packet-action drop condition and MAC move happens, H/W MAC learn limit counter is getting corrupted resulting in negative value, stopping to learn MAC address.
1503947 MPCs may crash when there is a change on routes learnt on IRB interface configured in VPLS/EVPN instances
Product-Group=junos
On MX platforms, when an IRB interface is configured in VPLS/EVPN instances, MPCs might crash if the routes learnt on the IRB interface chang
Modification History:
First publication 2020-07-13
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search