Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles18.3R3-S3: Software Release Notification for JUNOS Software Version 18.3R3-S3
Warning: With VPLS/Bridge-Domain environment, an MX/EX9200 Series router with Trio-based MPCs running software version 18.3R3-S3. The MPCs may experience NH memory leak in the PFEs when using integrated routing and bridging (IRB) interface participating in the VPLS/Bridge-domain instance.
Junos Software service Release version 18.3R3-S3 is now available.
| PR Number | Synopsis | Category: DOT1X |
|---|---|---|
| 1504818 | Authentication failure might occur on captive-portal Product-Group=junos |
On EX/MX/QFX/SRX platforms in case of captive-portal without dot1x stanza, when receiving the filter from the RADIUS for captive-portal user might lead to authentication failure for that user. This issue is seen only in the captive-portal configuration with RADIUS filter when dot1x stanza is not present. |
| PR Number | Synopsis | Category: EX4300 Platform |
| 1502726 | Traffic loss might be seen with framing errors or runts if MACsec is configured on EX4300 Product-Group=junos |
On EX4300 platform with Media Access Control Security (MACsec) configured, if there is high traffic flowing through the MACsec enabled link, increasing framing errors or runts statistics might be seen in the output of "show interfaces extensive <>" for the affected interface. Traffic loss might also happen due to this issue. |
| PR Number | Synopsis | Category: QFX Access control list |
| 1499918 | Traffic drop might be observed after modifying FBF firewall filter Product-Group=junos |
On QFX5K platforms, after making changes in filter-based forwarding (FBF) firewall filter that is configured with multiple terms or different routing instances, traffic drop might be observed. |
| PR Number | Synopsis | Category: QFX PFE CoS |
| 1510365 | Traffic might be forwarded to wrong queue when fixed classifier is used Product-Group=junos |
If L2 access or vlan bridge IFL is created after fixed classifier is applied, the traffic matching the fixed classifier might be forwarded in unexpected queue, it might cause congestion unexpectedly hence there is traffic impact. |
| 1510365 | Traffic might be forwarded to wrong queue when fixed classifier is used Product-Group=junosvae |
If L2 access or vlan bridge IFL is created after fixed classifier is applied, the traffic matching the fixed classifier might be forwarded in unexpected queue, it might cause congestion unexpectedly hence there is traffic impact. |
| PR Number | Synopsis | Category: QFX PFE L2 |
| 1474142 | Traffic might be affected if composite next hop is enabled Product-Group=junos |
On QFX5000 and EX4600 platforms with composite next hop enabled, traffic loss would occur when deleting leaked routes with composite next hop. |
| PR Number | Synopsis | Category: Border Gateway Protocol |
| 1396344 | Processing a large scale as-path regex will cause the flap of the route protocols Product-Group=junos |
When 'as-path-group' is configured under BGP, if a configuration with a large scale as-path regex is committed, the route protocols flap might be seen. |
| 1499977 | The rpd may crash if the import policy is changed to accept more routes that exceed the teardown function threshold Product-Group=junos |
On all platforms with BGP max-acceptance prefix limit (accepted-prefix-limit with teardown action) configured, the rpd crashes may occur when a policy change causes the number of routes being imported cross the configured threshold value and teardown action is being performed by the router. |
| PR Number | Synopsis | Category: MX Platform SW - UI management |
| 1498538 | SNMP polling does not show correct PSM jnxOperatingState when one of the PSM Inputs failed Product-Group=junos |
SNMP polling does not show correct PSM jnxOperatingState when one of the PSM Inputs failed or not exists |
| PR Number | Synopsis | Category: EVPN Layer-2 Forwarding |
| 1503657 | The MAC address of the LT interface might not be installed in the EVPN database Product-Group=junos |
In EVPN-VXLAN (Ethernet Virtual Private Network - Virtual Extensible LAN) scenario if the LT (Logical Tunnel) interface is under the bridge-domain of the EVPN-VXLAN instance, the MAC address of the LT interface might not be installed in the EVPN database. Thus no type-2 EVPN route is generated for the LT interface which results in unnecessary flooding and replication by the remote EVPN peer in the network. |
| PR Number | Synopsis | Category: Express PFE L2 fwding Features |
| 1442587 | The PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb Product-Group=junos |
Path MTU Discovery (PMTUD) is a standardized technique for determining the maximum transmission unit (MTU) size on the network path between two IP hosts, usually with the goal of avoiding IP fragmentation. On QFX10K platforms, the PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb. The corresponding ICMP Fragmentation Needed packet to the sender might be dropped silently, then PMTUD fails. This issue has service impact. |
| PR Number | Synopsis | Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip |
| 1472643 | Performing back-to-back rpd restarts might cause rpd to crash Product-Group=junos |
On all Junos platforms, after performing back-to-back rpd restarts, rpd might crash. The rpd core may be observed after a timeout of 10 mins. |
| PR Number | Synopsis | Category: Adresses ALG issues found in JSF |
| 1462984 | The H323 call with NAT64 cannot be established on the SRX5000 line of devices. Product-Group=junos |
On SRX5000 platforms, the H323 call with NAT enabled cannot be established when the H323 GK (Gatekeeper) works in direct mode. |
| PR Number | Synopsis | Category: JSR Infrastructure |
| 1505864 | SRX5k fails to upgrade to some Junos versions directly from 15.1X49 with "ERROR: unsupported h/w" Product-Group=junos |
On SRX5000 series, when upgrading Junos from a 15.1X49 release to specific higher Junos releases, the installation will fail with the message "ERROR: unsupported h/w". Affected target releases are Junos 18.4R3-S2 and 18.4R3-S3. |
| PR Number | Synopsis | Category: User Firewall related issues |
| 1499090 | Don't use capital characters for source-identity when using "show security match-policies" cmd. Product-Group=junos |
When using "show security match-policies" cmd to match a policy with source-identity configured, only the non-capital source-identity name can be matched by policy. |
| PR Number | Synopsis | Category: Layer 2 Circuit issues |
| 1512834 | The rpd might crash when deleting l2circuit configuration in a specific sequence Product-Group=junos |
If l2circuit local-switching is enabled with connection-protection, the rpd could crash in the following configuration change sequence. 1. First, delete the logical interface (IFL) used by a l2circuit and commit the change. 2. Then, delete the corresponding l2circuit configuration. The rpd could crash after committing the change. |
| PR Number | Synopsis | Category: Layer 2 Control Module |
| 1505710 | The l2cpd crash might be seen if adding/deleting ERP config and then restart l2cpd Product-Group=junos |
Core files are generated if you add or delete ERP configuration multiple times and restarted l2cpd or rebooted the box. If this issue is happened, l2cpd does not recover again and generates core file continuously. |
| PR Number | Synopsis | Category: Layer2 forwarding on EX/NTF/PTX/QFX |
| 1512802 | [MX] l2ald memory leak upon addition/deletion of vxlan routing-instances and interfaces Product-Group=junos |
On MX series platforms, l2ald (layer 2 address learning daemon) memory leaks upon addition/deletion of vxlan routing-instances and interfaces. |
| PR Number | Synopsis | Category: Path computation client daemon |
| 1472825 | Manually configured ERO on NS controller lost when PCEP session bounced Product-Group=junos |
On all Junos platform with Path Computation Element Protocol (PCEP) enabled, if PCEP session bounced druing Routing Engine (RE) switchover on a LSP ingress router, unexpacted delete message might be sent from Path Computation Client (PCC) to Path Computation Element (PCE) with North Star (NS) controller. In the end, manually configured explicit route object (ERO) for RSVP-TE based label switched path (LSP) on NS controller will be lost. However, traffic go through ERO set on NS controller is still normal. |
| PR Number | Synopsis | Category: PTP related issues. |
| 1451950 | FPC core may be seen after changing the configuration of PTP or Synchronous Ethernet. Product-Group=junos |
On the ACX/MX/QFX platform with PTP (Precision Time Protocol)/SyncE (Synchronous Ethernet) enabled, if configuration changes for the PTP/SyncE are combined with multiple events, the FPC core might be seen. |
| 1458581 | The "FPC X major errors" alarm may be raised after committing the PTP configuration change Product-Group=junos |
On MX router with MPC5/MPC6/MPC7/MPC8/MPC9/MPC10 installed environment, after committing the PTP configuration change, the "FPC X major errors" alarm may be raised. This issue may cause interface flap and traffic loss. |
| PR Number | Synopsis | Category: QFX platform optics related issues |
| 1497947 | lcmd core seen on QFX5210064C Product-Group=junosvae |
The LCMD process is the Linux Chassis Management Management Daemon. Due to a bug in the I2C handling in the daemon, a core dump may be seen. There is no specific user-visible trigger for the core dump and you may see several erroneous alarms when the core dump occurs. These should clear after the daemon automatically restarts |
| PR Number | Synopsis | Category: QFX PFE Class of Services |
| 1472771 | DSCP marking might not work as expected if the fixed classifiers are applied to interfaces on QFX5000/EX4600 platforms Product-Group=junos |
On QFX5000/EX4600 platforms, if the interfaces are configured with the fixed classifiers, when some specific configuration changes are committed, for example, the same forwarding-class is applied to two different interfaces at the same time, and then the forwarding-class for one of the interfaces is changed and committed to a different value, the Differentiated Services code point (DSCP) marking might not be able to work as expected since both physical interfaces are still having the same forwarding-class mapped in the hardware table due to this issue. |
| PR Number | Synopsis | Category: QFX L2 PFE |
| 1497993 | Traffic might get dropped if AE member interface is deleted/added or a SFP of the AE member interface is unplugged/plugged Product-Group=junos |
On QFX5K/EX46xx platforms, if STP is configured on vlan but the AE interface which is part of that vlan is not configured with STP, after an AE member interface is deleted or a SFP of the AE member interface is unplugged, and when the deleted AE member interface is added back or the unplugged SFP is plugged again, traffic via that AE interface might get dropped. LACP and LLDP traffic are not affected by this issue. |
| PR Number | Synopsis | Category: Resource Reservation Protocol |
| 1505834 | The rpd process might crash with RSVP configured in a rare timing case Product-Group=junos |
On all Junos platforms running with the Resource Reservation Protocol (RSVP) configured, when some socket error happens, RSVP might be unable to send message, however the counter for sent messages has already been increased due to the software design defect. The wrong counter might lead to the rpd process crash. It's a rare timing issue and it might be more likely to happen in a scaled scenario. |
| PR Number | Synopsis | Category: SFW, CGNAT on MS-MIC/MS-MPC (XLP) |
| 1496211 | The B4 might not able to establish the softwire with AFTR Product-Group=junos |
In dual-stack lite (DS-Lite) scenario, if the DS-Lite softwire-initiator (such as B4) and the Address Family Transition Router (AFTR, it acted as softwire-concentrator) is deployed with service-set included multiple softwire-rules, the wrong rule-id might be chosen for the traffic including either normal data packet or Port Control Protocol (PCP) mapping requested from the basic bridging broadband (B4) subscribers. It might cause the failures on the allocation of subscribers and choice of softwire sessions, then the subscribers behind the B4 are unable to establish a softwire (an IPv4-over-IPv6 tunnel) to AFTR. |
| PR Number | Synopsis | Category: Trio pfe bridging, learning, stp, oam, irb software |
| 1513509 | During route table object fetch failure, FPC may crash Product-Group=junos |
Due to rare timing issue, the FPC might crash because of route table object fetch failure in EVPN multihoming scenario. |
| PR Number | Synopsis | Category: Virtual Router Redundancy Protocol |
| 1506747 | Unexpected dual VRRP backup state might happen after performing two subsequent RE switchovers with 'track priority-hold-time' configured Product-Group=junos |
On all Junos platforms with dual REs installed, if 'track priority-hold-time' and 'track interface' are enabled in the same VRRP groups, after performing the second RE switchover in a shorter time than the group 'track priority-hold-time' configured timer after the first RE switchover, it may cause unexpected dual VRRP backup state followed by VRRP master re-election, and the traffic forwarded over VRRP VIP could be affected during this time. |
| PR Number | Synopsis | Category: EX9200 Platform |
|---|---|---|
| 1448368 | EX9214 : Error "errorlib_set_error_log(): err_id(-1718026239)" are observed after reboot and macsec enabled link flap Product-Group=junos |
On the EX9214 device, if the MACsec-enabled link flaps after reboot, the error "errorlib_set_error_log(): err_id(-1718026239)" is observed. |
| PR Number | Synopsis | Category: EX2300/3400 PFE |
| 1462155 | The fxpc crashes due to PFEMAN_RT thread and BCM linkscan thread get into a deadlock Product-Group=junosvae |
In certain conditions, PFEMAN_RT thread and BCM linkscan thread get into a deadlock causing watchdog timeout. |
| PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
| 1481987 | Multicast traffic loss could be seen in certain conditions while enabling IGMP snooping under EVPN-VXLAN ERB scenario Product-Group=junos |
On QFX5110 & QFX5120 platform, which is running as Layer 3 VxLAN gateway, if "igmp-snooping" is enabled in partial but not for all bridge-domains, multicast traffic loss could be observed in non-igmp snooping bridge-domains. |
| PR Number | Synopsis | Category: ACX PFE |
| 1407098 | High CPU utilization of fxpc process may be observed with class-of-service changes on interfaces Product-Group=junos |
On ACX5048/ACX5096 platforms, when applying COS configurations (schedulers related) on interfaces, the CPU utilization on fxpc process might be seen. And it might affect service. |
| PR Number | Synopsis | Category: "agentd" software daemon |
| 1401817 | The na-grpcd log file is not rotated and keeps growing until Routing Engine is out of disk space. Product-Group=junos |
In JET/Telemetry scenario, the Telemetry log file is not rotated and keep growing until Routing Engine (RE) is out of disk space, this might cause unexpected impact of RE, and eventually lead to RE crash. The fix has now been provided to set max allowable size to 50M and once the file reaches its max size, it will get rotated and compressed. |
| PR Number | Synopsis | Category: BBE Remote Access Server |
| 1402653 | The subscribers might need to take login retry in the scenario with high usage of the address pool Product-Group=junos |
On all Junos platforms running in subscriber scenario with address pool configured, if the address pool has high usage so that only few addresses are free to allocate, when there are subscribers logout and login, the released address by one subscriber might get re-used and allocated to the other subscriber very soon. Due to this issue, syslog error messages might be seen, and the affected subscriber might need to take retry for login. |
| PR Number | Synopsis | Category: EVPN control plane issues |
| 1485377 | The ARP entry is gone from kernel after adding and deleting the virtual-gateway-address Product-Group=junos |
On MX/QFX10002/QFX10008/QFX10016 devices within an EVPN-MPLS active-active multi-homing mode, when adding and deleting the virtual-gateway-address, the ARP entry to CE might disappear from the kernel. |
| PR Number | Synopsis | Category: Flow Module |
| 1489276 | GRE/IPSec tunnel might not come up when 'set security flow no-local-favor-ecmp' command is configured Product-Group=junos |
On SRX or vSRX clusters, when 'set security flow no-local-favor-ecmp' is configured, GRE/IPSec tunnel might not come up. |
| PR Number | Synopsis | Category: Layer 2 Control Module |
| 1473610 | ERP might not come up properly when MSTP and ERP are enabled on the same interface. Product-Group=junos |
When both MSTP and ERP are enabled on the same interface, then ERP does not come up properly. |
| PR Number | Synopsis | Category: Layer2 forwarding on EX/NTF/PTX/QFX |
| 1505976 | VRRPv6 might not work in EVPN scenario Product-Group=junos |
In EVPN scenario with VRRPv6 used, the ethernet source mac address might be used for IPv6 mac-ip binding when the NA is sent from VRRPv6 master, as this unexpected behavior is triggered on regular intervals, it causes the entries to keep refreshing in EVPN database because NS from VRRPv6 master changes the mac-ip binding. Hence it has traffic impact. |
| PR Number | Synopsis | Category: MX104 Software - Chassis Daemon |
| 1453893 | FPC/PFE crash may happen with ATM MIC installed in the FPC Product-Group=junos |
FPC crash on MX240 and MX2020 routers or Packet Forwarding Engine crash on MX104 routers might happen when the MIC-3D-8OC3-2OC12-ATM is installed and ATM interface is configured. |
| PR Number | Synopsis | Category: FreeBSD Kernel Infrastructure |
| 1345506 | The FPC might fail to boot after toggling back and forth between 15.1 release (any release where 'JUNOS OS runtime' < 20180321) and a later release Product-Group=junos |
After upgrading and downgrading between an older 15.1 release (any release where 'JUNOS OS runtime' < 20180321) without the fix for this PR and a later release that has extra optional platform packages (e.g 16.1), the system running 15.1 gets confused as to the state of such packages and discards them upon the the next upgrade to a later release. Thus, for example, changing Junos version between 16.1 -> 15.1 -> 16.1 may result in some PFE packages missing and therefore may prevent some MPCs from booting. |
| PR Number | Synopsis | Category: Kernel Stats Infrastructure |
| 1462986 | Slow response from SNMP might be observed after an upgrade to Junos OS Release 19.2R1 and later. Product-Group=junos |
Slow response introduced with PR/1411303 fix, is getting resolved with this PR. |
| PR Number | Synopsis | Category: PTP related issues. |
| 1507782 | CLI knob to configure announce-interval as -3 so that the announce messages rate will be set to 8pps Product-Group=junos |
In PTP environment some vendor devices acting as slave expecting announce messages at an interval of -3 (8pps) from upstream master device. As of today announce message are configurable in range of 0 to 3. To support the above requirement engineering provided a hidden cli knob "set protocol ptp master announce-interval -3". In the networks/design where we have this requirement we can configure the hidden cli otherwise regular cli which is in the range (0 to 3) can be configurable. Both the cli knobs are mutually exclusive, commit error is expected if both are configured. This new change is applicable to ACX platforms only excluding ACX5k. |
| PR Number | Synopsis | Category: QFX ISSU Infrastructure |
| 1490799 | After ISSU/ISSR, a port using SR4/LR4 optics may not come up Product-Group=junos |
On QFX5100/5200 platforms, a port using SR4/LR4 optics might not come up after ISSU (In-Service Software Upgrade)/ISSR (In-Service Software Reboot). |
| PR Number | Synopsis | Category: QFX L2 PFE |
| 1500825 | The ERPS might not work correctly on QFX5k Product-Group=junos |
On QFX5k platforms, Ethernet ring protection switching (ERPS) might not work correctly due to ERPS instance programming failure in hardware which might cause loop in the network. |
| 1515254 | On QFX5000 and EX46xx with VXLAN enabled , ARP request may get dropped if storm control is configured Product-Group=junos |
ARP request get dropped on QFX5000 and EX46xx devices when all of the following condition are met. 1.Storm control is enabled on any of the port. 2.VXLAN is enabled 3.Arp-suppression is enabled. |
| PR Number | Synopsis | Category: platform related PRs on SRX branch platforms |
| 1450046 | All ingress packets are dropped if the traffic transit network is also the same network for LTE mPIM internal management. Product-Group=junos |
On SRX3xx platforms with the LTE mPIM in use, if the traffic transit network is also the same network for LTE mPIM internal management, all ingress packets are dropped. |
| PR Number | Synopsis | Category: MPC7/8/9 Interface Issues |
| 1441816 | Egress stream flush failure and traffic blackhole might occur Product-Group=junos |
Egress stream flush failure and silent dropping of traffic could occur in a rare occasion for a repeatedly flapping link on MPC7E, MPC8E, MPC9E cards, MX204 and MX10003. |
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search