Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles19.1R3-S2: Software Release Notification for JUNOS Software Version 19.1R3-S2
Junos Software service Release version 19.1R3-S2 is now available.
| PR Number | Synopsis | Category: DOT1X |
|---|---|---|
| 1462479 | EX-4600-EX-4300: Mac entry missing in Ethernet-Switching table for Mac-radius client in server fail scenario when tagged is sent for 2 client Product-Group=junos |
In a server-fail scenario, when tagged traffic is sent for the first client, MAC learning happens for both data and voice. But for the second client on the same interface, learning happens only for voice. This is because the VLAN is already added for an interface due to first client authentication process. |
| 1504818 | Authentication failure might occur on captive-portal Product-Group=junos |
On EX/MX/QFX/SRX platforms in case of captive-portal without dot1x stanza, when receiving the filter from the RADIUS for captive-portal user might lead to authentication failure for that user. This issue is seen only in the captive-portal configuration with RADIUS filter when dot1x stanza is not present. |
| 1512724 | DOT1XD_AUTH_SESSION_DELETED event is not triggered with single supplicant mode Product-Group=junos |
When a 802.1X session terminates, an event denoting the same was not logged in single supplicant mode. As fix, a new event "DOT1XD_USR_SESSION_DISCONNECTED" is logged consistently whenever a session terminates irrespective of supplicant mode. "DOT1XD_AUTH_SESSION_DELETED" events still get generated too but only for multiple and single-secure supplicant modes (as per design). |
| PR Number | Synopsis | Category: NFX LTE Software |
| 1507165 | The NFX platform might fail to work after jdm image upgrade to the version 18.4 or higher Product-Group=junosvae |
On NFX platforms with knob "lte-wan" enabled, the NFX device might fail to work after upgrading the jdm image to the version 18.4 or higher. The reason for this issue is that since 18.4, LTE-VM is changed to LTE, whereas jdmd still uses LTE-VM to try to update LTE parameters when "lte-wan" is configured for some Virtualization Network Function(VNF) VM, that will cause the update to fail and all VNF VMs running on it might not work properly. |
| PR Number | Synopsis | Category: QFX Access control list |
| 1499918 | Traffic drop might be observed after modifying FBF firewall filter Product-Group=junos |
On QFX5K platforms, after making changes in filter-based forwarding (FBF) firewall filter that is configured with multiple terms or different routing instances, traffic drop might be observed. |
| PR Number | Synopsis | Category: QFX PFE CoS |
| 1510365 | Traffic might be forwarded to wrong queue when fixed classifier is used Product-Group=junos |
If L2 access or vlan bridge IFL is created after fixed classifier is applied, the traffic matching the fixed classifier might be forwarded in unexpected queue, it might cause congestion unexpectedly hence there is traffic impact. |
| 1510365 | Traffic might be forwarded to wrong queue when fixed classifier is used Product-Group=junosvae |
If L2 access or vlan bridge IFL is created after fixed classifier is applied, the traffic matching the fixed classifier might be forwarded in unexpected queue, it might cause congestion unexpectedly hence there is traffic impact. |
| PR Number | Synopsis | Category: QFX PFE L2 |
| 1441186 | MAC learning might not work correctly on QFX5120 Product-Group=junosvae |
On QFX5120, after deleting and reapplying configuration multiple times, MAC learning might not work correctly. It is a rare issue. |
| 1469149 | EX4650/QFX5120: QinQ: The third VLAN tag is not pushed onto the stack and SWAP is being done instead Product-Group=junos |
On EX4650/QFX5120 platforms, if frames with two VLAN tags are received into the interface with 'input-vlan-map push', the SWAP will be done instead of the PUSH. |
| 1469149 | EX4650/QFX5120: QinQ: The third VLAN tag is not pushed onto the stack and SWAP is being done instead Product-Group=junosvae |
On EX4650/QFX5120 platforms, if frames with two VLAN tags are received into the interface with 'input-vlan-map push', the SWAP will be done instead of the PUSH. |
| PR Number | Synopsis | Category: Accounting Profile |
| 1509467 | DT_BNG: Use of UTC timestamp in flat-file-accounting files when profile configured Product-Group=junos |
JUNOS accounting options add a timestamp in file names when pushing files to server. Before this fix the timestamp was based on local time / timezone. With this fix the timestamp in filename is UTC. |
| PR Number | Synopsis | Category: BBE state synchronization issues |
| 1466118 | The bbe-smgd process core dumps on backup routing engine Product-Group=junos |
On MX platform, bbe-smgd process core dumps on backup routing engine |
| PR Number | Synopsis | Category: Border Gateway Protocol |
| 1497721 | Junos OS: Receipt of certain genuine BGP packets from any BGP Speaker causes RPD to crash. (CVE-2020-1640) Product-Group=junos |
An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon allows an attacker to crash RPD thereby causing a Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11024 for more information. |
| 1499977 | The rpd may crash if the import policy is changed to accept more routes that exceed the teardown function threshold Product-Group=junos |
On all platforms with BGP max-acceptance prefix limit (accepted-prefix-limit with teardown action) configured, the rpd crashes may occur when a policy change causes the number of routes being imported cross the configured threshold value and teardown action is being performed by the router. |
| PR Number | Synopsis | Category: MPC5/6E pfe microcode software |
| 1453575 | The FPC might crash due to the Memory corruption in JNH pool Product-Group=junos |
On all Junos platforms, after the restart of the fabric plane, memory corruption might be there in the JNH pool which could lead to the crash of FPC. |
| PR Number | Synopsis | Category: Tracking sw issues related to Channelized 4xOC3/1xOC-12 Mic |
| 1396538 | MPC card/AFEB/TFEB with Channalized OC MIC might crash with core dump Product-Group=junos |
On MX Series platforms, if channelized OC MIC (such as 1xCOC12/4xCOC3 CH-CE) is used, the MPC card/AFEB/TFEB (Forwarding Engine Board) might crash with core files generated. This is not easily reproducible. The traffic through the MIC would be impacted. |
| PR Number | Synopsis | Category: Class of Service |
| 1500250 | MX with linecards using MPC1-Q/MPC2-Q might report memory errors Product-Group=junos |
MPC1-Q/MPC2-Q parity error might be detected within "QDR/RLD and Internal Memory" and invoking major alarm. The default action for major alarm is disable-pfe with JunOS version 17.3 or higher. Enhancements has been added to auto-correct parity errors within the static memory area and record the repair attempt. If repairing threshold is reached, Major Alarm is triggered. |
| PR Number | Synopsis | Category: Device Configuration Daemon |
| 1337069 | Restarting chassisd with GRES disabled might cause FPC to restart and some demux interfaces deletion Product-Group=junos |
On MX-Series JSM (Junos subscriber management) environment, when GRES (Graceful Routing Engine Switchover) is disabled, restarting chassisd might cause FPC to restart and some demux interfaces to be deleted. |
| PR Number | Synopsis | Category: DNX L2 related features |
| 1517074 | L2ALD crash is seen during stability test with traffic on scaled set-up. Product-Group=junos |
The L2ALD process on an ACX platform may restart unexpectedly during interface flaps. |
| PR Number | Synopsis | Category: JUNOS Dynamic Profile Configuration Infrastructure |
| 1468414 | IPv6 dynamic subscribers might be unable to access on Junos 18.2R3 and onwards releases Product-Group=junos |
On MX platforms with enhanced subscriber management feature enabled, if there are IPv6 dynamic subscriber access services deployed, the subscriber might fail to login due to the validation error for the dynamic variables "junos-framed-route-ipv6-cost" and "junos-framed-route-ipv6-distance". The v6-cost and v6-distance parameters are not mandatory before Junos 18.2R3 but become mandatory later, and the default value for them are just empty strings which will cause validation failure. |
| PR Number | Synopsis | Category: EVPN control plane issues |
| 1485377 | The ARP entry is gone from kernel after adding and deleting the virtual-gateway-address Product-Group=junos |
On MX/QFX10002/QFX10008/QFX10016 devices within an EVPN-MPLS active-active multi-homing mode, when adding and deleting the virtual-gateway-address, the ARP entry to CE might disappear from the kernel. |
| 1506343 | Configuring the knob "proxy-macip-advertisement" for EVPN-MPLS leads to functionality breakage Product-Group=junos |
In EVPN-MPLS scenario, with "proxy-macip-advertisement" enabled on irb, we see ARP for remote CE on local PE fails and forwarding-table entry always remains in hold state. The "proxy-macip-advertisement" enable the proxy advertisement feature on a device that can function as a Layer 3 gateway. With this feature enabled, the Layer 3 gateway advertises the MAC and IP routes (MAC+IP type 2 routes) on behalf of Layer 2 VXLAN gateways. |
| PR Number | Synopsis | Category: EVPN Layer-2 Forwarding |
| 1498023 | The l2ald memory leak may be observed in any EVPN scenario Product-Group=junos |
In any EVPN scenario (for example, active-active multi-homing mode, active-standby multi-homing mode, EVPN-VXLAN, or EVPN-MPLS), the l2ald memory might slowly come up when the local CE device or core face interfaces continuously flap. If the memory of l2ald is exhausted, it causes the l2ald to crash. |
| 1503657 | The MAC address of the LT interface might not be installed in the EVPN database Product-Group=junos |
In EVPN-VXLAN (Ethernet Virtual Private Network - Virtual Extensible LAN) scenario if the LT (Logical Tunnel) interface is under the bridge-domain of the EVPN-VXLAN instance, the MAC address of the LT interface might not be installed in the EVPN database. Thus no type-2 EVPN route is generated for the LT interface which results in unnecessary flooding and replication by the remote EVPN peer in the network. |
| PR Number | Synopsis | Category: Express PFE L2 fwding Features |
| 1442587 | The PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb Product-Group=junos |
Path MTU Discovery (PMTUD) is a standardized technique for determining the maximum transmission unit (MTU) size on the network path between two IP hosts, usually with the goal of avoiding IP fragmentation. On QFX10K platforms, the PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb. The corresponding ICMP Fragmentation Needed packet to the sender might be dropped silently, then PMTUD fails. This issue has service impact. |
| PR Number | Synopsis | Category: Enhanced Broadband Edge support for firewall |
| 1421541 | FPC crash may be observed after GRES when committing changes in firewall filter with "next term" statements in subscriber scenario Product-Group=junos |
FPC crash may be observed after GRES when committing changes in subscriber firewall filter with "next term" statements in subscriber scenario. Another effect of this issue could be firewall filter misprogramming, e.g. lost firewall filter terms after GRES |
| PR Number | Synopsis | Category: JSR Infrastructure |
| 1505864 | SRX5k fails to upgrade to some Junos versions directly from 15.1X49 with "ERROR: unsupported h/w" Product-Group=junos |
On SRX5000 series, when upgrading Junos from a 15.1X49 release to specific higher Junos releases, the installation will fail with the message "ERROR: unsupported h/w". Affected target releases are Junos 18.4R3-S2 and 18.4R3-S3. |
| PR Number | Synopsis | Category: User Firewall related issues |
| 1499090 | Don't use capital characters for source-identity when using "show security match-policies" cmd. Product-Group=junos |
When using "show security match-policies" cmd to match a policy with source-identity configured, only the non-capital source-identity name can be matched by policy. |
| PR Number | Synopsis | Category: Layer 2 Circuit issues |
| 1512834 | The rpd might crash when deleting l2circuit configuration in a specific sequence Product-Group=junos |
If l2circuit local-switching is enabled with connection-protection, the rpd could crash in the following configuration change sequence. 1. First, delete the logical interface (IFL) used by a l2circuit and commit the change. 2. Then, delete the corresponding l2circuit configuration. The rpd could crash after committing the change. |
| PR Number | Synopsis | Category: Layer 2 Control Module |
| 1505710 | The l2cpd crash might be seen if adding/deleting ERP config and then restart l2cpd Product-Group=junos |
Core files are generated if you add or delete ERP configuration multiple times and restarted l2cpd or rebooted the box. If this issue is happened, l2cpd does not recover again and generates core file continuously. |
| PR Number | Synopsis | Category: Layer2 forwarding on EX/NTF/PTX/QFX |
| 1497209 | ARP might not get refreshed after timeout on QFX10002-60C acting as EVPN-VXLAN gateway Product-Group=junos |
On QFX10002-60C platform, when IRB is enabled with EVPN-VXLAN. It does not send out ARP request if underlying interface is AE(Aggregated Ethernet Interfaces). |
| 1498863 | Traffic loss could be seen in certain conditions under Multi-homes PE scenario Product-Group=junos |
On QFX10002/QFX10008/QFX10016 devices with Multi-homes PE deployment environment, the Inter and Intra VNI/VRF traffic is dropped between CEs when one of the ESI links is disabled. |
| 1512802 | [MX] l2ald memory leak upon addition/deletion of vxlan routing-instances and interfaces Product-Group=junos |
On MX series platforms, l2ald (layer 2 address learning daemon) memory leaks upon addition/deletion of vxlan routing-instances and interfaces. |
| PR Number | Synopsis | Category: Label Distribution Protocol |
| 1509578 | Activating/Deactivating LDP-sync under OSPF might cause LDP neighborship to go down and stay down Product-Group=junos |
When container-label-switched-path is configured with ldp-tunneling, LDP targeted adjacency may go down and stay down after configuration not related to container-label-switched-path is modified. |
| PR Number | Synopsis | Category: Multiprotocol Label Switching |
| 1467278 | The rpd might crash in PCEP for the RSVP-TE scenario Product-Group=junos |
In PCEP (Path Computation Element Protocol) with RSVP Traffic Engineered LSP (TE LSP) scenario, the two LSPs with the same TE LSP name might be shared between Path Computation Element (PCE) and Path Computation Client (PCC) in some rare cases. Then, if the configuration of LSP is delegated from CLI and externally controlled by PCC at the same time, the rpd might be crashed. |
| PR Number | Synopsis | Category: Multicast Routing |
| 1399457 | Unexpectedly high packet loss might be observed after an uplink failure when the MoFRR feature is used in a scaled environment Product-Group=junos |
When the MoFRR feature is used in a scaled environment (in terms of number of routes and NHs), the actual convergence of multicast traffic might reach hundreds of milliseconds due to sub-optimal handling of MoFRR forwarding states on the PFE level. |
| PR Number | Synopsis | Category: Bugs related to ethernet interface on MX platform |
| 1493699 | One port on MIC-3D-2XGE-XFP flapping might cause the other port on the same MIC to flap Product-Group=junos |
Due to the code change in PR 1463859, one port on MIC-3D-2XGE-XFP flapping might cause the other port on the same MIC to flap. |
| PR Number | Synopsis | Category: vMX Platform Infrastructure related issue tracking |
| 1491662 | VFP VM becomes unresponsive following reboot of vMX Product-Group=junos |
In the XL710/X710 network interface cards (NIC) is used with the performance mode vMX scenario, the NIC driver is loaded to figure out NIC speed-related information on every restart or reboot of vMX. If the virtual forwarding plane (VFP) VM is continuously restarted, the NIC driver might be loaded repeatedly, it might cause the memory corruption which might lead VFP VM to become unstable, after that, the traffic loss might happen on VFP VM. |
| PR Number | Synopsis | Category: PTX10K Routing Engine |
| 1503169 | On a dual RE GRES/NSR enabled PTX10008/PTX10016 router, a few TCP-based application sessions like BGP/LDP might flap upon RE mastership switch Product-Group=junosvae |
In a rare case on a dual RE GRES/NSR enabled PTX10008/PTX10016 router, a few TCP-based application sessions like BGP/LDP might flap upon RE mastership switch or upon applications (protocols) session bounce at a backup RE. Once those sessions flap, they will be re-established automatically. Due to this issue, the TCP sessions re-connection will impact the repsective routing protocol sessions and therefore could impact the traffic. This is a timing issue; the more TCP-based application sessions the router has established prior the switchover, the higher chances to hit the issue. Usually when the issue happens, only a few TCP sessions are getting affected and not all of them. |
| PR Number | Synopsis | Category: Interface related issues. Port up/down, stats, CMLC , serdes |
| 1462748 | QFX5100 interface output counter is double counted for self-generated traffic Product-Group=junos |
On QFX5100 device, interface output counter is double counted for self-generated traffic |
| 1475851 | ULC-30Q28 FPC major error after system boot up or fpc restart Product-Group=junos |
FPC is reporting Major Error because of SHUTDOWN ERI failure during BIST with repair on HMC having FW version >= 0x9c. BIST with repair is incorporated during boot up, so this Major Error will be reported during boot up having FW>=0x9c on HMC. During debugging, its found that this ERI is getting issued even before the HMC was brought up which is resulting into this Error. So added bringup steps for HMC before the BIST procedure starts as done for vale-ptx. |
| PR Number | Synopsis | Category: QFX Control Plane Kernel related |
| 1421250 | A vmcore is seen on QFX VC Product-Group=junos |
On QFX Series Virtual Chassis during shutdown, if an interrupt is received, the system gets into this state and vmcore is observed. |
| 1421250 | A vmcore is seen on QFX VC Product-Group=junosvae |
On QFX Series Virtual Chassis during shutdown, if an interrupt is received, the system gets into this state and vmcore is observed. |
| PR Number | Synopsis | Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous) |
| 1423201 | SFP-LX10 stay down until disable auto-negotiate Product-Group=junosvae |
SFP-LX10 stay down until disable auto-negotiate. |
| PR Number | Synopsis | Category: QFX platform optics related issues |
| 1497947 | lcmd core seen on QFX5210064C Product-Group=junosvae |
The LCMD process is the Linux Chassis Management Management Daemon. Due to a bug in the I2C handling in the daemon, a core dump may be seen. There is no specific user-visible trigger for the core dump and you may see several erroneous alarms when the core dump occurs. These should clear after the daemon automatically restarts |
| PR Number | Synopsis | Category: QFX access control list |
| 1487679 | QFX5100: If more than one UDF filter/term is configured, then only the first filter/term will be programmed in H/w. This is due to SDK 6.5.16 upgrade. Product-Group=junos |
QFX5100: In case of even offsets, if more than one UDF filter/term is configured, then only the first filter/term will be programmed in H/w. In case of odd offset, the first offset itself won't be programmed. This is due to SDK 6.5.16 upgrade. |
| PR Number | Synopsis | Category: QFX L2 PFE |
| 1485854 | The dcpfe core might be seen with non-oversubscribed mode Product-Group=junosvae |
On QFX5110-32q, when a user navigates to non-oversubscribed mode, dcpfe does not come up. This issue is seen due to upgrade of SDK to 6.5.16.(junos 18.4R2-S4, 19.R3 and 19.4R1). Default mode of operation has no issues. |
| 1497993 | Traffic might get dropped if AE member interface is deleted/added or a SFP of the AE member interface is unplugged/plugged Product-Group=junos |
On QFX5K/EX46xx platforms, if STP is configured on vlan but the AE interface which is part of that vlan is not configured with STP, after an AE member interface is deleted or a SFP of the AE member interface is unplugged, and when the deleted AE member interface is added back or the unplugged SFP is plugged again, traffic via that AE interface might get dropped. LACP and LLDP traffic are not affected by this issue. |
| 1504354 | LLDP neighborship might be unable to set up on QFX5000 platforms Product-Group=junos |
On QFX5000 platforms running with Link Layer Discovery Protocol (LLDP) configured, if the interface has both native-vlan-id and vlan-id configured, and the native-vlan-id and vlan-id have the same value, LLDP neighborship might be unable to setup on that particular interface due to this issue. |
| PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
| 1462519 | "show forwarding-options enhanced-hash-key" is not working for QFX10K Platform Product-Group=junos |
"show forwarding-options enhanced-hash-key" is not supported for QFX10K Platform in 19.3R1 release |
| PR Number | Synopsis | Category: QFX VC Infrastructure |
| 1486002 | The 10G VCP ports will not be active on QFX51XX and EX46XX VC scenario Product-Group=junos |
On QFX51XX and EX46XX platforms, 10G VCP ports will not be active, VC/VCF could not form correctly. |
| PR Number | Synopsis | Category: KRT Queue issues within RPD |
| 1501817 | Traffic blackhole might be seen in fast-reroute scenario Product-Group=junos |
From Junos release 17.2R1-S8 the session fast-reroute is enabled by default in PFE (Packet Forwarding Engines). In the platform using unilist (one kind of indirect next-hop) as route next hop type for multiple paths scenario (such as BGP PIC or ECMP), if BGP PIC or ECMP-FRR is used, In case of that the version-id of session-id of indirect next-hop (INH) is above 256, PFE might not respond to session update and hence it might cause the session-id permanently to be stuck with the weight of 65535 in PFE. It might lead PFE to have a different view of UNILIST against load-balance selectors. Then, the BGP PIC and the ECMP-FRR might not work properly, the traffic blackhole might be seen. |
| PR Number | Synopsis | Category: multicast source distribution protocol |
| 1485206 | There might be rpd memory leak in a certain looped MSDP scenario Product-Group=junos |
On all Junos platforms running in the Multicast Source Discovery Protocol (MSDP) scenario, if there are multiple overlapping mesh groups existing in the topology, for example, node A and B belong to mesh group M, node A and D belong to mesh group N, while node B and D belong to a different mesh group O, the Source Active (SA) messages sent from node A might get continously looped due to this issue. This might lead to the rpd memory leak and 100% CPU utilization. |
| 1517910 | The rpd process might crash if there is a huge number of SA messages in MSDP scenario Product-Group=junos |
On all Junos platforms running with Multicast Source Discovery Protocol (MSDP) configured, if there is a huge number of source-active (SA) messages present in the network (e.g. around 20,000 or more), the rpd process might crash due to this issue. |
| PR Number | Synopsis | Category: Resource Reservation Protocol |
| 1505834 | The rpd process might crash with RSVP configured in a rare timing case Product-Group=junos |
On all Junos platforms running with the Resource Reservation Protocol (RSVP) configured, when some socket error happens, RSVP might be unable to send message, however the counter for sent messages has already been increased due to the software design defect. The wrong counter might lead to the rpd process crash. It's a rare timing issue and it might be more likely to happen in a scaled scenario. |
| PR Number | Synopsis | Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP) |
| 1258970 | mspmand[190]: msvcs_session_send: Plugin id 3 not present in the svc chain for session Product-Group=junos |
The cosmetic error "mspmand[190]: msvcs_session_send: Plugin id 3 not present in the svc chain for session" is observed in the output. Please open a JTAC case to confirm. |
| PR Number | Synopsis | Category: SFW, CGNAT on MS-MIC/MS-MPC (XLP) |
| 1496211 | The B4 might not able to establish the softwire with AFTR Product-Group=junos |
In dual-stack lite (DS-Lite) scenario, if the DS-Lite softwire-initiator (such as B4) and the Address Family Transition Router (AFTR, it acted as softwire-concentrator) is deployed with service-set included multiple softwire-rules, the wrong rule-id might be chosen for the traffic including either normal data packet or Port Control Protocol (PCP) mapping requested from the basic bridging broadband (B4) subscribers. It might cause the failures on the allocation of subscribers and choice of softwire sessions, then the subscribers behind the B4 are unable to establish a softwire (an IPv4-over-IPv6 tunnel) to AFTR. |
| PR Number | Synopsis | Category: MX10003/MX204 MPC defects tracking |
| 1491970 | User configured MTU might be ignored after the ISSU upgrade using "request vmhost software in-service-upgrade" Product-Group=junos |
User configured MTU might be ignored after the ISSU upgrade using "request vmhost software in-service-upgrade" if MTU is configured more than 9192. |
| PR Number | Synopsis | Category: Trio pfe bridging, learning, stp, oam, irb software |
| 1488251 | MAC learning under bridge-domain stops after MC-LAG interface flap Product-Group=junos |
MAC learning under bridge-domain over MC-LAG interface stops after MC-LAG interface flap |
| 1513509 | During route table object fetch failure, FPC may crash Product-Group=junos |
Due to rare timing issue, the FPC might crash because of route table object fetch failure in EVPN multihoming scenario. |
| PR Number | Synopsis | Category: Configuration mgmt, ffp, load-action, commit processing |
| 1391668 | Commit error might be observed after adding additional sites to existing group and routing-instance configuration Product-Group=junos |
If the statement "persist-groups-inheritance" is configured, when trying to add additional sites to an existing group and routing-instance configuration, error might be observed and it leads to fail to commit after issuing "commit check". |
| 1410322 | The configuration database might not be unlocked automatically if the related user session is disconnected during the commit operation in progress Product-Group=junos |
Configuration database remains locked after stopping the SSH session. |
| 1468119 | Daemons might not be started if "commit" is executed after "commit check" Product-Group=junos |
in Junos OS Release 16.2R1 and later, if "commit" is executed after "commit check", the daemon (for example, dhcpd and sampled) might not get started even after the related configuration is successfully committed. |
| PR Number | Synopsis | Category: Ephemeral Database |
| 1497575 | Outbound SSH connection flap or memory leak issue might be observed during pushing configuration to Ephemeral DB with high rate Product-Group=junos |
When the netconf session is established over outbound ssh, the hight rate of pushing configuration to Ephemeral DB might result in Outbound SSH connection flap or memory leak issue. |
| PR Number | Synopsis | Category: UI Infrastructure - mgd, DAX API, DDL/ODL |
| 1423500 | Configuration commit might fail when the file system gets into full state Product-Group=junos |
On all platforms running Junos OS, when the file system gets into full state and there is not enough spare disk space, it might get into a problematic system condition in some corner case while a configuration commit is being performed. After that, if consecutive commits are still done in such a problematic status, commit-check failure logs might be seen eventually. Due to this issue, some processes might be not running even if the configuration is present. |
| 1455960 | Multiple daemons may crash on committing configuration changes related to groups Product-Group=junos |
When you enable the "persist-groups-inheritance" configuration statement and execute a delete operation to delete the entire configuration, if the user selects no and then later tries to commit the configuration changes related to groups, multiple daemons might crash. |
| 1459839 | Configuration change might not be applied if Ephemeral DB is used Product-Group=junos |
If Ephemeral DB is used, configuration change might not be applied on the device. In case of LDP configuration change, it might cause LDP session down hence affects traffic. |
| PR Number | Synopsis | Category: V44 Aggregation Device Platforms |
| 1490101 | The stats of extended ports on satellite device cluster might show wrong values from the aggregation device Product-Group=junos |
In Junos Fusion with satellite device cluster and single aggregation device (AD) deployment, if a satellite device (SD) in the cluster is not directly connected to the AD, the physical interface (IFD) stats of the extended ports on this SD cannot be shown correctly from AD. It is a display issue and does not affect function. |
| PR Number | Synopsis | Category: ESWD |
|---|---|---|
| 1192520 | GARPs being sent from the switch once in 10 minutes Product-Group=junos |
GARPs were being sent whenever there is a mac (fdb) operation (add or delete). This is now updated to send GARP when interface is UP & l3 interface attached to the vlan. |
| PR Number | Synopsis | Category: EX2300/3400 PFE |
| 1462155 | The fxpc crashes due to PFEMAN_RT thread and BCM linkscan thread get into a deadlock Product-Group=junosvae |
In certain conditions, PFEMAN_RT thread and BCM linkscan thread get into a deadlock causing watchdog timeout. |
| PR Number | Synopsis | Category: NFX Series Platform Software |
| 1504915 | TACACS isn't working on JDM Product-Group=junos |
Login access to JDM via TACACS failed after upgrade to 18.4R3 |
| PR Number | Synopsis | Category: QFX Access control list |
| 1497133 | Firewall filter could not work in certain conditions under VC setup Product-Group=junos |
On EX4650/QFX5120 with Virtual Chassis setup, the firewall filter (egress direction) could not work when traffic goes across VCP (Virtual Chassis Port) link. |
| PR Number | Synopsis | Category: QFX PFE L2 |
| 1455654 | EVPN-VXLAN: New Tenant addition and deletion leading to INTRAVNI traffic drop for few milliseconds. Product-Group=junos |
On QFX5120, during new tenant addition, there may be few transient packet drops (2 - 15 pkts) for couple of random intra-vni traffic streams in a EVPN-VXLAN topology for the existing tenants. The drop is almost negligible and is auto recovered. |
| 1499422 | The FPC will go down when 100G link comes up on the network port of the QFX5110-48S device Product-Group=junos |
On the QFX5110-48S device running on Junos 19.3R2-S2, 18.2R3-S3 or 18.2R3-S4, the FPC will go down when the 100G link comes up on the network port. This leads to FPC up and down every 90 seconds. During the problem state running CLI "show chassis fpc detail" will not yield any output for upto 90sec. user@device> show chassis fpc detail. <-------- Empty Once FPC state transition back to online state, the 100G transceivers gets detected and fpc flap is seen again. This behavior is seen continuously as long as 100G transceivers remain connected to the QFX device in question. If 100G interfaces gets disabled from CLI or physically removed from the QFX switch, the FPC flap will no longer be seen. Note: This issue is not applicable when 100G-QSFP is used as a VCP port on QFX5110-48S. |
| PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
| 1481987 | Multicast traffic loss could be seen in certain conditions while enabling IGMP snooping under EVPN-VXLAN ERB scenario Product-Group=junos |
On QFX5110 & QFX5120 platform, which is running as Layer 3 VxLAN gateway, if "igmp-snooping" is enabled in partial but not for all bridge-domains, multicast traffic loss could be observed in non-igmp snooping bridge-domains. |
| PR Number | Synopsis | Category: Border Gateway Protocol |
| 1403186 | All the BGP session flap after RE switchover Product-Group=junos |
With GRES and NSR enabled, if executing RE switchover, BGP session might flap in some scenario. When Junos version have the fix of PR-1440694, BGP session always flap after doing RE switchover. |
| 1481641 | JSA11032 Junos OS and Junos OS Evolved: RPD crash due to specific BGP UPDATE packets (CVE-2020-1644) Product-Group=junos |
On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt of a specific BGP UPDATE packet causes an internal counter to be incremented incorrectly, which over time can lead to the routing protocols process (RPD) crash and restart. Please refer to https://kb.juniper.net/JSA11032 for more information. |
| 1482551 | The rpd might be crashed after BGP peer flapping. Product-Group=junos |
On all Junos platforms, with BGP long-lived graceful restart (LLGR) or BGP route dampening configuration, The rpd might be cored after BGP peer flapping. This is a day-1 issue. |
| 1508888 | The rpd might crash on backup RE if BGP (standby) received a route from peer which is rejected due to invalid target community Product-Group=junos |
In L3VPN scenario, the rpd(routing protocol process) on backup RE might crash when BGP(standby) received a VPN route from peer which is rejected due to invalid target community and the BGP standby peer synchronization is not complete yet. |
| PR Number | Synopsis | Category: BBE Remote Access Server |
| 1402653 | The subscribers might need to take login retry in the scenario with high usage of the address pool Product-Group=junos |
On all Junos platforms running in subscriber scenario with address pool configured, if the address pool has high usage so that only few addresses are free to allocate, when there are subscribers logout and login, the released address by one subscriber might get re-used and allocated to the other subscriber very soon. Due to this issue, syslog error messages might be seen, and the affected subscriber might need to take retry for login. |
| PR Number | Synopsis | Category: Express PFE L2 fwding Features |
| 1352805 | QFX10000 platform drops Aruba wireless AP heartbeat packets Product-Group=junos |
QFX10000 platform drops the Aruba wireless access point (AP) heartbeat packets. As a result, the Aruba wireless AP cannot work. |
| 1446291 | On QFX10K platforms removing EVPN-VXLAN L3 Gateway on the IRB interface from spine switches might cause black holing of traffic Product-Group=junos |
On QFX10000 platforms, in an EVPN-VXLAN (spine-leaf) scenario, the QFX10000 spine switches are configured with VXLAN Layer 3 gateway (utilizing the virtual gateway) on an IRB interface. If you enable and then subsequently remove the VXLAN Layer 3 gateway on this IRB interface on one or some of these spine switches, traffic drop might be observed. As a workaround, configure all virtual gateways with unique IPv4 or IPv6 MAC address. |
| PR Number | Synopsis | Category: ISIS routing protocol |
| 1463650 | The ISIS IPv6 routes might flap when there is an unrelated commit under protocol stanza Product-Group=junos |
With multi-topology enabled in ISIS globally hierarchy level, if some ISIS interfaces don't have IPv6 address, all ISIS IPv6 routes flap when committing any change under protocol stanza (e.g. 'protocol pim traceoption'). |
| PR Number | Synopsis | Category: jdhcpd daemon |
| 1419437 | The dhcp relay sessions could not be established successfully Product-Group=junos |
If dhcp group configuration is added without any interface, the jdhcpd maybe not aware of the group configuration after the group is applied on an interface. |
| PR Number | Synopsis | Category: jpppd daemon |
| 1488302 | MPLS VPN label can point to discard next-hop after RE switchover without NSR if egress interface is pp0 Product-Group=junos |
After RE switchover without non-stop routing (NSR) on the broadband network gateway (BNG), some VRF routing instances may experience blackholing for traffic destined to the hosts behind static PPPoE subscriber's CPE device. The affected routing instances are configured without 'vrf-table-label' knob and have a static route configured with pp0.xxx interface as a next-hop like: user@router> show configuration routing-instances TEST instance-type vrf; interface pp0.1000; route-distinguisher 65000:1000; vrf-target target:65000:1000; routing-options { static { route 10.0.0.0/24 next-hop pp0.1000; <<<< } } |
| PR Number | Synopsis | Category: Flow Module |
| 1489276 | GRE/IPSec tunnel might not come up when 'set security flow no-local-favor-ecmp' command is configured Product-Group=junos |
On SRX or vSRX clusters, when 'set security flow no-local-favor-ecmp' is configured, GRE/IPSec tunnel might not come up. |
| PR Number | Synopsis | Category: JSR Infrastructure |
| 1479156 | vSRX may restart unexpectedly Product-Group=junos |
The srxpfe process generates core files when a socket-open error occurs during the initialization phase. Self-healing takes place when the srxpfe reboots and starts processing traffic. |
| PR Number | Synopsis | Category: Kernel MX virtual-chassis PRs |
| 1491628 | MS-MIC is down after loading some releases in MX-VC scenario Product-Group=junos |
When loading some releases in MX-VC scenario, reboot of an MS-MIC will be expired which causes MS-MIC down and the service on this card could be impacted. |
| PR Number | Synopsis | Category: Layer 2 Control Module |
| 1473610 | ERP might not come up properly when MSTP and ERP are enabled on the same interface. Product-Group=junos |
When both MSTP and ERP are enabled on the same interface, then ERP does not come up properly. |
| PR Number | Synopsis | Category: Layer2 forwarding on EX/NTF/PTX/QFX |
| 1505976 | VRRPv6 might not work in EVPN scenario Product-Group=junos |
In EVPN scenario with VRRPv6 used, the ethernet source mac address might be used for IPv6 mac-ip binding when the NA is sent from VRRPv6 master, as this unexpected behavior is triggered on regular intervals, it causes the entries to keep refreshing in EVPN database because NS from VRRPv6 master changes the mac-ip binding. Hence it has traffic impact. |
| PR Number | Synopsis | Category: MX104 Software - Chassis Daemon |
| 1453893 | FPC/PFE crash may happen with ATM MIC installed in the FPC Product-Group=junos |
FPC crash on MX240 and MX2020 routers or Packet Forwarding Engine crash on MX104 routers might happen when the MIC-3D-8OC3-2OC12-ATM is installed and ATM interface is configured. |
| PR Number | Synopsis | Category: Kernel Stats Infrastructure |
| 1462986 | Slow response from SNMP might be observed after an upgrade to Junos OS Release 19.2R1 and later. Product-Group=junos |
Slow response introduced with PR/1411303 fix, is getting resolved with this PR. |
| PR Number | Synopsis | Category: PTP related issues. |
| 1507782 | CLI knob to configure announce-interval as -3 so that the announce messages rate will be set to 8pps Product-Group=junos |
In PTP environment some vendor devices acting as slave expecting announce messages at an interval of -3 (8pps) from upstream master device. As of today announce message are configurable in range of 0 to 3. To support the above requirement engineering provided a hidden cli knob "set protocol ptp master announce-interval -3". In the networks/design where we have this requirement we can configure the hidden cli otherwise regular cli which is in the range (0 to 3) can be configurable. Both the cli knobs are mutually exclusive, commit error is expected if both are configured. This new change is applicable to ACX platforms only excluding ACX5k. |
| PR Number | Synopsis | Category: QFX ISSU Infrastructure |
| 1490799 | After ISSU/ISSR, a port using SR4/LR4 optics may not come up Product-Group=junos |
On QFX5100/5200 platforms, a port using SR4/LR4 optics might not come up after ISSU (In-Service Software Upgrade)/ISSR (In-Service Software Reboot). |
| PR Number | Synopsis | Category: Filters |
| 1512242 | Changing the scaled firewall profiles on the fly is not releasing TCAM resources as expected Product-Group=junos |
On a fully scaled system where all the slices are utilized by different families of CLI filters, if we try to call delete for one family and change for another family with higher number of filter terms which requires expansion of the filter, PFE fails to add the new changed filter as we are getting messages out of sequence i.e. change of filter is called earlier than delete of another filter. |
| PR Number | Synopsis | Category: QFX L2 PFE |
| 1515254 | On QFX5000 and EX46xx with VXLAN enabled , ARP request may get dropped if storm control is configured Product-Group=junos |
ARP request get dropped on QFX5000 and EX46xx devices when all of the following condition are met. 1.Storm control is enabled on any of the port. 2.VXLAN is enabled 3.Arp-suppression is enabled. |
| PR Number | Synopsis | Category: RPD Next-hop issues including indirect, CNH, and MCNH |
| 1242589 | In a BGP/MPLS scenario, if the next-hop type of label route is indirect, disabling and enabling the "family mpls" of the next-hop interface might cause the route to go into a dead state Product-Group=junos |
In a BGP or MPLS scenario, if the next-hop type of label route is indirect, then the following changing events about the next-hop interface MPLS family might cause the route to be in DEAD state, and the route will remain dead even when the family MPLS is again activated. The following events occur: Deactivating and activating the interface family mpls Deleting and adding back the interface family mpls Changing maximum labels for the interface Note: When a labelled route is resolved over an interface, that interface must have family mpls configured for the route to be successfully resolved. Otherwise the route does not get resolved. |
| PR Number | Synopsis | Category: show route table commands, tracing, and syslog facilities |
| 1421076 | RPD crash might occur when changing prefix list address from IPv4 to IPv6 Product-Group=junos |
RPD crash might occur when changing a prefix-list address from IPv4 to IPv6 with "replace-pattern" |
| PR Number | Synopsis | Category: MPC7/8/9 Interface Issues |
| 1441816 | Egress stream flush failure and traffic blackhole might occur Product-Group=junos |
Egress stream flush failure and silent dropping of traffic could occur in a rare occasion for a repeatedly flapping link on MPC7E, MPC8E, MPC9E cards, MX204 and MX10003. |
| PR Number | Synopsis | Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch |
| 1445637 | Lawful Intercept on LAC access interface might not work as expected due to MTU check failure Product-Group=junos |
On MX platforms which is configured as Layer 2 Tunneling Protocol Access Client (LAC), if Lawful Intercept (LI) is enabled on LAC access interface, in the corner case that PPPoE packet size is larger than (PPPOE MTU - 32), but smaller than PPPOE MTU, and DF bit is set for inner PPPOE IP header, the LI mirrored packets might get dropped due to MTU check failure. |
| PR Number | Synopsis | Category: Trio pfe qos software |
| 1382288 | One single port with Dual stack subscribers pppoe/dhcpv6 drop all the connections and no subscribers seen now. Product-Group=junos |
One single port with dual stack subscribers pppoe/dhcpv6 drop all the connections and no subscribers are seen. |
| PR Number | Synopsis | Category: Trio pfe stateless firewall software |
| 1409879 | FPC crash may be observed with scaled subscribers login attempts Product-Group=junos |
In a subscriber management environment with scaled subscribers login such as 200k PPPoE subscribers, FPC crash may be observed. |
| PR Number | Synopsis | Category: Trio pfe bridging, learning, stp, oam, irb software |
| 1414857 | PFE learn counter is negative when enabled interface-mac-limit with packet-action drop. Product-Group=junos |
Under enabled interface-mac-limit with packet-action drop condition and MAC move happens, H/W MAC learn limit counter is getting corrupted resulting in negative value, stopping to learn MAC address. |
| 1503947 | MPCs may crash when there is a change on routes learnt on IRB interface configured in VPLS/EVPN instances Product-Group=junos |
On MX platforms, when an IRB interface is configured in VPLS/EVPN instances, MPCs might crash if the routes learnt on the IRB interface chang |
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search