Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

18.4R2-S5: Software Release Notification for JUNOS Software Version 18.4R2-S5

0

0

Article ID: TSB17851 TECHNICAL_BULLETINS Last Updated: 11 Sep 2020Version: 3.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 18.4R2-S5 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

WARNING: We are investigating a report that the Routing Protocol Daemon may restart unexpectedly when upgrade to software version 18.4r2-S5.
Preliminary investigation points to the area of "set policy-options rtf-prefix-list ..." configuration stanza. This issue is being tracked by PR1538172
If you are using "set policy-option rtf-prefix-list", please do not upgrade to Junos version 18.4R2-S5 until further notice.
 

Junos Software service Release version 18.4R2-S5 is now available.

18.4R2-S5 - List of Fixed issues
PR Number Synopsis Category: DOT1X
1512724 The DOT1XD_AUTH_SESSION_DELETED event is not triggered with a single supplicant mode.
Product-Group=junos
On all Junos platforms, with 802.1X (Dot1X) authentication enabled, Junos event 'DOT1XD_AUTH_SESSION_DELETED' might not be triggered when 802.1X authentication session is removed. Because of this issue, functions and features identified by script might not execute. In the end, if configuration related functions or features is contained in the script, inappropriate configuration might cause network issue.
PR Number Synopsis Category: EX4300 PFE
1436642 The FPC/pfex crash may be observed due to DMA buffer leaking
Product-Group=junos
On EX2300/EX3400/EX4300/EX4600 platforms, DMA buffer leaking may be hit once the next-hop of received traffics is not resolved and eventually to cause an FPC/pfex crash if the DMA buffer runs exhaustion.
1493212 IPv6 neighbor solicitation packets might be dropped in a transit device.
Product-Group=junos
In EX4300 platform with a Layer 2 scenario, IPv6 neighbor solicitation (NS) packets transiting an EX switch might be dropped if there is a firewall filter matching "next-header icmpv6" then "policer xxx with discard action" configured under a loopback interface. That will cause the IPv6 communication going through the EX switch to fail (IPv4 works fine).
PR Number Synopsis Category: EX4300 Platform
1405262 EX4300 : Alarm with removal of PEM (Power supply)
Product-Group=junos
EX4300 : When PEM (Power supply) is removed, Alarm was not generated. With this fix, Alarm will be generated and ALM LED will be illuminated with yellow.
PR Number Synopsis Category: Marvell based EX PFE L2
1452738 The l2ald and eventd are hogging 100% after issuing "clear ethernet-switching table" command
Product-Group=junos
The l2ald and eventd processes are hogging 100% after "clear ethernet-switching table" command is issued and also the continuous syslog errors "l2ald[18605]: L2ALD_IPC_MESSAGE_INVALID: Invalid message received (message type 0, subtype 0): null message" are observed.
PR Number Synopsis Category: EX2300/3400 PFE
1427391 The fxpc/PFE might crash on EX2300/EX3400 platforms
Product-Group=junos
In rare case, the fxpc/PFE might crash if the traffic between RE and PFE gets stuck in PFE.
1434646 Packet drop might be seen if native VLAN is configured along with flexible VLAN tagging
Product-Group=junos
When the native VLAN is configured along with the flexible VLAN tagging on a L3 subinterface, untagged packets might be dropped on that L3 subinterface.
1462155 The fxpc crashes due to PFEMAN_RT thread and BCM linkscan thread get into a deadlock
Product-Group=junos
In certain conditions, PFEMAN_RT thread and BCM linkscan thread get into a deadlock causing watchdog timeout.
1525373 "Drops" and "Dropped packets" counters in the output by "show interface extensive" are double counting.
Product-Group=junos
"show interface ..." command shows wrong values for the "Drops" and "Drop Packet" counters. The actual value is half of the display values.
PR Number Synopsis Category: EX2300/3400 platform
1442134 EX3400 FAN alarm (Fan X not spinning) appears and disappears repeatedly after removed the fantray (Absent).
Product-Group=junos
EX3400 FAN alarm (Fan X not spinning) appears and disappears repeatedly after removed the fantray (Absent).
1444903 "/var/host/motd does not exist" message is flooded every 5 sec in chassisd logs
Product-Group=junos
"/var/host/motd does not exist" message is flooded every 5 sec in chassisd logs since EX2300/EX3400 does not support a backup partition.
PR Number Synopsis Category: NFX Layer 3 Features Software
1437824 "LIBCOS_COS_TVP_FC_INFO_NOT_FOUND: Forwarding-class information not specified" messages seen while committing configurations
Product-Group=junos
"LIBCOS_COS_TVP_FC_INFO_NOT_FOUND: Forwarding-class information not specified" messages might be seen while committing CoS configurations on PTX/MX/NFX
PR Number Synopsis Category: QFX Multichassis Link Aggregrate
1459201 The MC-LAG configuration-consistency ICL-config might fail after committing some changes
Product-Group=junos
When adding VLANs to an MC-LAG interface, the configuration-consistency ICL-config might fail after committing the changes. Resulting in a failure to add VLANs and a disabled MC-LAG interface.
PR Number Synopsis Category: QFX Access control list
1514570 Scale of filters with egress-to-ingress command is enabled.
Product-Group=junos
With the 'egress-to-ingress' knob enabled, the filter installation fails if the number of filter entries configured is more than 1K.
PR Number Synopsis Category: QFX PFE CoS
1510365 Traffic might be forwarded to the wrong queue when a fixed classifier is used.
Product-Group=junos
If L2 access or vlan bridge IFL is created after fixed classifier is applied, the traffic matching the fixed classifier might be forwarded in unexpected queue, it might cause congestion unexpectedly hence there is traffic impact.
PR Number Synopsis Category: QFX PFE L2
1481031 Connectivity is broken through LAG due to members configured with hold-time and force-up
Product-Group=junos
Connectivity through link aggregation group bundle could break after there is a flap event on the physical ports when one physical member interface is configured with hold-time and the other member interface is having LACP force-up feature configured.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1355607 Some storm control error logs might be seen on QFX-series platforms
Product-Group=junos
On QFX Series platforms, in a corner scenario with a Virtual Chassis setup, if storm control configuration is enabled on interfaces and multicast traffic ingresses on the interfaces, some storm control error logs might be observed on these interfaces. It is only seen in one customer setup and not reproducible in a local setup. Also, it is just a logging issue and has no traffic impact.
1487707 CPU port queue gets full due to excessive pause frames being received on interfaces, this causes control packets from the CPU to all ports to be dropped
Product-Group=junos
On QFX5000 platforms (QFX5100/QFX5110/QFX5120/QFX5200/QFX5210) with point-to-point multi-link scenario, when the switch ingress buffer saturation happens, all interfaces on multi-link stop sending traffic at the same time.
PR Number Synopsis Category: Accounting Profile
1458143 In some rare scenarios upon FPC or PIC reboot, the Packet Forwarding Engine daemon database might not get updated with the correct location_id for some physical interfaces, then a problem with statistics on some interfaces of a router might be observed.
Product-Group=junos
In some rare scenarios upon FPC or PIC reboot, the pfed (packet forwarding engine daemon) database may not get updated with the correct location_id for some physical interfaces (IFDs), then a problem with statistics on some interfaces of a router may be observed. If this issue happens in the subscriber management environment, and depending on the radius server configuration, it may cause the subscribers to get disconnected by the radius server because of the radius server can not receive the proper statistics update for the subscribers from the pfed.
PR Number Synopsis Category: PFE Fusion software
1408947 Junos Fusion Enterprise: Observed Error jnh_dot1br_ktree_entry_create(1098): Entry Already Exists . Observing duplicate ECID values for cluster/extended ports on member ports of same cluster.
Product-Group=junosvae
When using EX9200 as the Aggregate Device (AD), you may see this error - "jnh_dot1br_ktree_entry_create(1098): Entry Already Exists" continuously. This caused by EX2300 Sattilite Devices (SDs) are having duplicate ECID values for the cluster/extended ports across members of same cluster devices
PR Number Synopsis Category: Border Gateway Protocol
1396344 Processing a large scale as-path regex causes the flapping of the route protocols.
Product-Group=junos
When 'as-path-group' is configured under BGP, if a configuration with a large scale as-path regex is committed, the route protocols flap might be seen.
1494005 The rpd process generates core file at rt_nh_resolve_add_gen in ../../../../../../../../src/junos/usr.sbin/rpd/lib/rt/rt_resolve_ind.c: with the evpn-dhcp configurations.
Product-Group=junos
In BGP with INH (indirect next-hop) scenario, if using the knob "no-labeled-bgp" to disabled the chained composite next-hops for labeled BGP, the INH might not be created for the transit traffic route when devices handling transit traffic in the network. To create the INH again, it need to re-enable the chained composite next-hops for labeled BGP by removing the knob "no-labeled-bgp" or adding the knob "labeled-bgp", but the rpd resolver might not resolve the INH information as normal since the resolver is not getting ready, it might cause RDP crashed. Then, the routing protocol might be impacted.
1497721 Junos OS: Receipt of certain genuine BGP packets from any BGP Speaker causes RPD to crash. (CVE-2020-1640)
Product-Group=junos
An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon allows an attacker to crash RPD thereby causing a Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11024 for more information.
PR Number Synopsis Category: L2NG Access Security feature
1451688 DHCP Snooping static binding not take effect after deleting and re-adding the entries
Product-Group=junos
From Junos OS release 14.1X53-D15/15.1R1 and above, due to a software defect, DHCP Snooping static binding may not take effect after deleting and re-adding the entries with commit. As a workaround, we can use "commit full" after the configuration changes.
PR Number Synopsis Category: QFX Access Control related
1439200 The dot1x might not work when captive-port is also configured on the interface on backup/non-master FPC
Product-Group=junos
On EX2300/EX3400/EX4300MP-VC platforms, if the dot1x and captive-port are enabled on the interface on backup/non-master FPC, the dot1x might not be able to work.
PR Number Synopsis Category: QFX xSTP Control Plane related
1500783 On the EX4300, EX3400, and EX2300 Virtual Chassis with NSB and xSTP enabled, continuous traffic loss might be observed while performing GRES.
Product-Group=junos
On EX4300/EX3400/EX2300 Virtual-Chassis with NSB and xSTP enabled, the continuous traffic loss might be observed while doing GRES.
PR Number Synopsis Category: OpenSSH and related subsystems
1454177 The SSH login might fail if a user account exists in both the local database and RADIUS/TACACS+.
Product-Group=junos
SSH login from an automation tool to the Junos device might not be successful if the username is configured both as a local user and on remote RADIUS/TACACS server, and using authentication method 'password'.
PR Number Synopsis Category: Device Configuration Daemon
1444131 When the logical interface is associated to a routing instance inside, an LR is removed from the routing instance and the logical interface is not added to the default routing instance.
Product-Group=junos
When all routing instances configured under a logical-systems are deleted, the IFLs associated to those routing instances are deleted from respective RI but are not getting added to default routing instance this is unexpected behavior. This behavior is seen due to bug in cleanup of routing instances.
PR Number Synopsis Category: dhcpd daemon
1471161 DHCP relay with forward-only fails to send OFFER when the client is terminated on the lt-0/0/0.2 logical tunnel interface.
Product-Group=junos
On all Junos platforms, when DHCP relay is configured with forward-only, and DHCP client is terminated on logical tunnel interface that multiple IFLs under this lt- interface have a same VLAN, DHCP relay might fail to send OFFER messages.
PR Number Synopsis Category: EVPN control plane issues
1461795 EVPN-VXLAN core isolation is not working when the system is rebooted or the routing is restarted.
Product-Group=junos
In an EVPN-VXLAN core isolation scenario, the server is multihomed to the leaf devices through LACP interfaces. If graceful restart is enabled, when you reboot the system or restart routing on the leaf device, the core isolation does not work. If you reboot the system, the issue results in the leaf device silently dropping the traffic sent from the server during the time window between LACP coming up and BGP coming up. If you restart routing, there might be no traffic drop because of the graceful restart.
1482790 The ESI of IRB interfaces does not update after autonomous-system number change if the interface is down.
Product-Group=junos
On EX, QFX and MX platforms, Ethernet Segment Identifier (ESI) of IRB interfaces does not update after autonomous-system number change when IRB interface is in DOWN state.
1485377 On the MX, QFX10002, QFX10008, and QFX10016 devices within an EVPN-MPLS active-active multi-homing mode, when adding and deleting the virtual-gateway-address, the ARP entry to CE might disappear from the kernel.
Product-Group=junos
On MX/QFX10002/QFX10008/QFX10016 devices within an EVPN-MPLS active-active multi-homing mode, when adding and deleting the virtual-gateway-address, the ARP entry to CE might disappear from the kernel.
1506343 Configuring the knob "proxy-macip-advertisement" for EVPN-MPLS leads to functionality breakage
Product-Group=junos
In EVPN-MPLS scenario, with "proxy-macip-advertisement" enabled on IRB, ARP for remote CE on local PE fails might be seen and forwarding-table entry always remains in hold state. The "proxy-macip-advertisement" enable the proxy advertisement feature on a device that can function as a Layer 3 gateway. With this feature enabled, the Layer 3 gateway advertises the MAC and IP routes (MAC+IP type 2 routes) on behalf of Layer 2 VXLAN gateways.
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1498023 The l2ald memory leakage might be observed in any EVPN scenario.
Product-Group=junos
In any EVPN scenario (for example, active-active multi-homing mode, active-standby multi-homing mode, EVPN-VXLAN, or EVPN-MPLS), the l2ald memory might slowly come up when the local CE device or core face interfaces continuously flap. If the memory of l2ald is exhausted, it causes the l2ald to crash.
1520078 Unable to create a new VTEP interface
Product-Group=junos
In all platforms with VXLAN Static VTEP tunnels scenario (including Static VXLAN without EVPN), after RE switchover or restart of l2-learning, if create a new VTEP interface, the interface may not work.
1521199 The l2ad process might crash when EVPN-DCI session is teared down by MP-BGP-EVPN peer
Product-Group=junos
On EVPN-VXLAN scenario, when EVPN-DCI session is teared down by MP-BGP-EVPN peer, the l2ald process might crash with a core file generated in all VTEPs. It might cause total EVPN-VXLAN fabric bring down and entire network impact.
PR Number Synopsis Category: Sflow on qfx10k/ptx series PRs for defect & enhancement req
1475082 The sFlow could not work correctly if the received traffic goes out of more than one interface.
Product-Group=junos
On QFX10K platforms, if the traffic which is received from AE bundle go out of more than one interface, the sflow might work incorrectly.
PR Number Synopsis Category: Express PFE CoS Features
1509220 Traffic might be affected on QFX10002/QFX10008/QFX10016 platform
Product-Group=junos
On QFX10002/QFX10008/QFX10016, on the interfaces which map to h/w stream 0, if enhanced transmission selection (ETS), which in JunOS implementation is Hierarchical port scheduling configurations, change while high rate traffic is flowing, the chip might be wedged, thus no traffic flow is seen. Hierarchical port scheduling is the Junos OS implementation of enhanced transmission selection (ETS), as described in IEEE 802.1Qaz.
PR Number Synopsis Category: Express PFE Services including JTI, TOE, HostPath, Jflow
1431498 IPFIX Flow timestamp is not matching with NTP synchronized system time
Product-Group=junos
The timestamp reported for packet arrival in NetFlow records will report inaccurate time due to the synchronization issue with NTP.
PR Number Synopsis Category: Express PFE L2 fwding Features
1352805 On the QFX10000 line of switches, the Aruba wireless access point (AP) heartbeat packets get dropped. As a result, the Aruba wireless AP cannot work.
Product-Group=junos
QFX10000 platform drops the Aruba wireless access point (AP) heartbeat packets. As a result, the Aruba wireless AP cannot work.
1427994 The dcpfe process might crash and restart in MC-LAG scenario when the ARP/NDP next-hop is changed
Product-Group=junos
On QFX10002/QFX10008/QFX10016 Series platforms with enhanced MC-LAG scenario, the dcpfe process might crash and restart if the ARP/NDP next-hop is changed.
1442587 The PMTUD might not work for both IPv4 and IPv6 if the ingress Layer 3 interface is an IRB.
Product-Group=junos
Path MTU Discovery (PMTUD) is a standardized technique for determining the maximum transmission unit (MTU) size on the network path between two IP hosts, usually with the goal of avoiding IP fragmentation. On QFX10K platforms, the PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb. The corresponding ICMP Fragmentation Needed packet to the sender might be dropped silently, then PMTUD fails. This issue has service impact.
1444100 When a line-card is rebooted, the MC-LAG may not get programmed after the line-card comes back online
Product-Group=junos
On QFX10002/QFX10008/QFX10016 series platforms with enhanced convergence is configured in an MC-LAG scenario, if a line-card that has MC-LAG links is rebooted, the MC-LAG may not function correctly after the line-card comes back up. The impact is that it might not block the BUM traffic received on the interchassis link (ICL) and might cause the MAC movement and packet loss on the downstream devices.
PR Number Synopsis Category: Express PFE L3 Multicast
1344395 When powering off an individual FPC the other FPC PFE might go offline too
Product-Group=junos
On all QFX10000 Series platforms, when powering off an individual FPC through issuing "set chassis fpc X power off" in Junos OS CLI, the other FPC PFE might go offline.
PR Number Synopsis Category: SRX1500 platform software
1438445 The flowd process stops and generates core files.
Product-Group=junos
On vSRX, SRX100, SRX110, SRX210, SRX220, SRX240, SRX300, SRX320, SRX340, SRX345, SRX550, SRX650, and SRX1500 devices, and the SRX4000 line of devices, in a rare condition, the flowd process goes into a dead loop and then stops. This might cause traffic loss.
1458323 When you try to reset the system configuration on an SRX1500 device using the reset config button, it does not work properly.
Product-Group=junosvae
When resetting system configuration on SRX1500 using the reset config button, it does not work as designed. In the new release it will work as designed.
1488203 CPU board inlet increases after OS upgrade from Junos OS Release 15.1X49 to Junos OS Release 18.x.
Product-Group=junosvae
On SRX1500, the temperature value of CPU Board Inlet increases after OS upgrade from 15.1X49 release to OS 18.x Although this is just the display issue it may cause false temperature alerts from CPU Board Inlet.
PR Number Synopsis Category: PTX Express ASIC interface
1486181 The L2VPN might flap and CE facing interface cannot restore TX optical laser power even if the L2VPN is up status under asynchronous-notification
Product-Group=junos
The Layer 2 VPN (L2VPN) on PTX with asynchronous-notification might keep flapping when the link is going up between PE and CE. After L2VPN flap, the interfaces which are set "asynchronous-notification" might show "- Inf dBm" laser output power even the L2VPN is up status.
PR Number Synopsis Category: Kernel software for AE/AS/Container
1441772 On a PTX Series or QFX Series device, the aggregated Ethernet outgoing traffic might be dropped after making changes to the aggregated Ethernet interface configuration.
Product-Group=junos
On PE-chip based PTX/QFX platforms (including PTX1K/3K/5K/10K series, QFX10K series), if CoS IEEE-802.1 rewrite rule is configured and bound to the AE interface, traffic going out the AE interface might get dropped after changes are made to AE, due to nexthop install failure on ingress PFEs.
1474300 A new aggregated Ethernet member interface for a static LAG bundle is installed in the FIB even though the micro- BFD session is down.
Product-Group=junos
On all Junos platforms, if a static Link Aggregate Group (LAG) is configured, and Bidirectional Forwarding Detection (BFD) is enabled on the LAG which is also called as micro BFD, a newly added member link might start to forward traffic immediately when the configuration change commits even though its micro BFD session is still down, for example, add a new member interface only on single end, and the remote member interface is disabled or not added. Therefore, traffic loss might be seen due to this issue.
PR Number Synopsis Category: jdhcpd daemon
1447323 On MX10008 or MX10016 platforms, the dhcp-relay command might not work.
Product-Group=junosvae
On MX10008/MX10016 platforms, if the dhcp-relay knob is enabled under the forwarding-option hierachy, either in default or non-default routing-instance, the Dynamic Host Configuration Protocol (DHCP) relay feature might not work as expected. Due to this issue, all the DHCP discovery packets couldn't be relayed.
PR Number Synopsis Category: Adresses NAT/NATLIB issues found in JSF
1471932 The flowd and srxpfe process might stop when traffic is processed by both ALGs and NAT.
Product-Group=junos
The flowd or srxpfe process might stop when traffic is processed by both ALGs and NAT.
PR Number Synopsis Category: Flow Module
1465286 SRX Series: Double free vulnerability can lead to DoS or remote code execution due to the processing of a specific HTTP message when ICAP redirect service is enabled (CVE-2020-1647)
Product-Group=junos
On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, a double free vulnerability can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) due to processing of a specific HTTP message. Refer to https://kb.juniper.net/JSA11034 for more information.
1469123 The flowd/srxpfe process might crash if the tunnel information related show command is issued during the tunnel deleting process
Product-Group=junos
On SRX platforms, if a tunnel (e.g. IPsec, GRE, IPIP, etc..) has been established, the flowd/srxpfe process might crash if the tunnel information related show command is issued during the tunnel deleting process. Temporary traffic interruption might be seen during the flowd/srxpfe process crash.
PR Number Synopsis Category: Firewall Policy
1419983 The NSD process might stop due to a memory corruption issue.
Product-Group=junos
The NSD process might stop due to a memory corruption issue. As a result, security-related configurations cannot be committed on SRX Series device and core files are generated.
1453852 Security policies cannot be synchronized between the Routing Engine and the Packet Forwarding Engine on SRX Series devices.
Product-Group=junos
On all SRX platforms, in a very rare condition, security policies do not be synchronized between RE and PFE. This issue might cause traffic loss.
1458639 The NSD process might get stuck and cause problems.
Product-Group=junos
On all SRXs that have policy counter configured, there is a potential risk where the network-security daemon (NSD) on the RE could not communicate with its PFE counterpart (NSD-PFE) after either a HA failover, control link down, or PFE restart. At that point, it could no longer respond to network-security related commands and will not be able to complete coldsync for a newly joined node in HA environment.
PR Number Synopsis Category: IPSEC/IKE VPN
1439338 IKE SA does not get cleared and is showing very long lifetime
Product-Group=junos
In situations where SRX is the responder and the remote peer is initiator, we can see IKE SA on the SRX with very long lifetime. This happens if the peer suddenly changes IP address and starts a new negotiation
PR Number Synopsis Category: Security platform jweb support
1499280 Junos OS: Security vulnerability in J-Web and web-based (HTTP/HTTPS) services
Product-Group=junos
Junos OS: Security vulnerability in J-Web and web-based (HTTP/HTTPS) services (CVE-2020-1631). Refer to https://kb.juniper.net/JSA11021 for more information.
PR Number Synopsis Category: Issues related to Jflow Jvision Sensors
1477445 Sampling process might crash when the MPLS or MPLS over the UDP traffic is sampled.
Product-Group=junos
When inline-jflow is configured for sampling MPLS traffic, multi-svcs process running on the FPC may crash (which will lead to FPC crash and restart) due to MPLS resend flow referencing to an unavailable memory location.
PR Number Synopsis Category: PFE infra to support jvision
1468435 Optics measurements might not be streamed for interfaces of a PIC over JTI.
Product-Group=junos
When tunnel-services are configured on a PIC, the optics measurements that subscribed via gRPC might not be streamed.
PR Number Synopsis Category: Layer 2 Control Module
1464553 The LLDP packets might get discarded.
Product-Group=junos
On all Junos platforms, the LLDP packet received from any other vendor might get discarded. The issue is seen when there are two location-id in the same packet and the Junos device considers the LLDP packet as duplicate and discards it. This might result in the PoE phone not coming up or neighborship information not getting exchanged.
1505710 The l2cpd crash might be seen if the ERP configuration is added or removed, and l2cpd is restarted.
Product-Group=junos
Core files are generated if you add or delete ERP configuration multiple times and restarted l2cpd or rebooted the box. If this issue is happened, l2cpd does not recover again and generates core file continuously.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1498863 Inter and Intra VNI or VRF traffics are dropped between the CE devices when the interfaces connected between the TOR and multi-homes PE devices are disabled.
Product-Group=junos
On QFX10002/QFX10008/QFX10016 devices with Multi-homes PE deployment environment, the Inter and Intra VNI/VRF traffic is dropped between CEs when one of the ESI links is disabled.
1505976 VRRPv6 might not work in EVPN scenario
Product-Group=junos
In EVPN scenario with VRRPv6 used, the ethernet source mac address might be used for IPv6 mac-ip binding when the NA is sent from VRRPv6 master, as this unexpected behavior is triggered on regular intervals, it causes the entries to keep refreshing in EVPN database because NS from VRRPv6 master changes the mac-ip binding. Hence it has traffic impact.
1512802 Memory leak on l2ald might be seen when adding/deleting the routing-instances/bridge-domains configuration
Product-Group=junos
Memory leak on l2ald might be seen when adding/deleting the routing-instances/bridge-domains configuration.
PR Number Synopsis Category: Label Distribution Protocol
1479249 RPD crashs on the backup Routing Engine when LDP tries to create LDP p2mp tunnel upon receiving corrupted data from the master Routing Engine.
Product-Group=junos
RPD crash on the backup RE when LDP tried to create LDP p2mp tunnel upon receiving corrupted data from the master RE.
PR Number Synopsis Category: Multiprotocol Label Switching
1517018 The rpd might crash after upgrading Junos software release from pre 18.1 to 18.1 onwards
Product-Group=junos
On all Junos platforms, the rpd might continuously crash after upgrading Junos software release from pre 18.1 to 18.1 onwards while graceful-restart and RSVP/static LSP are configured. This is because there is a change in the data structure written to the restart db file from 18.1 onwards. So, when rpd comes up and tries to read the restart db file written by pre 18.1 release image, the rpd might crash.
PR Number Synopsis Category: Multicast Routing
1468737 The mcsnoopd crash might be seen if one of the BD/VLANs is configured as a part of EVPN and has static or dynamic multicast router interfaces.
Product-Group=junos
In all Junos platforms where EVPN SMET is supported, the mcsnoopd process might crash if a snooping enabled BD/VLAN which has mrouter port(s) is configured as part of EVPN as extended VLAN/VNI.
PR Number Synopsis Category: DNS filtering on MX.
1474056 Junos OS: MX Series: Services card might restart when DNS filtering is enabled (CVE-2020-1645)
Product-Group=junos
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart. Refer to https://kb.juniper.net/JSA11028 for more information.
PR Number Synopsis Category: MX104 Software - Chassis Daemon
1453893 FPC/PFE crash may happen with ATM MIC installed in the FPC
Product-Group=junos
FPC crash on MX240 and MX2020 routers or Packet Forwarding Engine crash on MX104 routers might happen when the MIC-3D-8OC3-2OC12-ATM is installed and ATM interface is configured.
PR Number Synopsis Category: MX10K platform
1415671 After the MPC JNP10K-LC2101 chassis is powered on, a voltage of 1345 mV?1348mV is read for about 20 seconds, which gets stabilized to 1493mV. During this period, the FPC x Voltage Tolerance Exceeded major alarm is raised.
Product-Group=junos
After powering on the MPC "JNP10K-LC2101"chassis we are reading the voltage 1345 mV-1348mV for about ~20 sec and then its getting stabilized to the 1493mV, during this period we are reporting the "FPC x Voltage Tolerance Exceeded" Major alarm
1451011 JNP10000-LC2101 FPC generates Voltage Tolerance Exceeded major alarm for EACHIP 2V5 sensors.
Product-Group=junosvae
On a JNP10K-LC2101 line card, the MAJOR Alarm with "FPC Voltage Tolerance Exceeded" message may be logged and cleared. This is a software issue. There is no need to replace the FPC.
PR Number Synopsis Category: OS IPv4/ARP/ICMPv4
1437302 The next-hop MAC address in the output of the show route forwarding-table command might be incorrect.
Product-Group=junos
Cosmetic problem cli display of wrong next hop mac address in show route forwarding table command.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1450093 EX4300 : CLI config "on-disk-failure" is not supported
Product-Group=junos
On an EX4300 switch, the CLI configuration "set chassis routing-engine on-disk-failure disk-failure-action (reboot | halt)" is not supported.
1456668 Certain EX-series platforms might generate vmcore by panic and reboot
Product-Group=junos
Certain EX-series platforms might generate vmcore by panic and gets reset. This is a rare case since it occurs only when JFE (Junos FreeBSD Extension) statistic- too_long_complete is incremented. user@host> show system core-dumps no-forwarding -rw-r--r-- 1 root wheel 283194368 DDMMYYY /var/crash/vmcore.direct
1483644 On the EX2300 and EX3400 switches, kernel might generate core file when deactivating daemon.
Product-Group=junos
On EX2300/EX3400 platforms, kernel core might be seen intermittently if deactivating the daemon using the wired-memory (Wired-Memory that is not eligible to be swapped and is usually used for Routing Engine memory structures or memory physically locked by a process).
1505864 The installation fails when upgrading from legacy Junos to specific BSDx based Junos
Product-Group=junos
The installation might fail when upgrading from legacy Junos (before Junos 15.1) to higher BSDx based Junos releases (Junos 15.1 and after).
PR Number Synopsis Category: "ifstate" infrastructure
1486161 Kernel core might be seen if deleting an ifstate
Product-Group=junos
On all Junos platforms, some operations such as configuration change might cause the state information to change and eventually cause the ifstate to be deleted. In a very rare case, deleting an ifstate (kernel state) might cause kernel core and Routing Engine restart. There is no specific trigger. This issue is reported by the configuration change.
PR Number Synopsis Category: IPv6/ND/ICMPv6 issues
1455893 Device chooses incorrect source address for locally originated IPv6 packets in routing-instance when destination address is reachable through static route with next-table command.
Product-Group=junos
The source address for IPv6 packets is calculated incorrectly if the destination IPv6 address covered by a static route with the "next-table" configuration option.
PR Number Synopsis Category: JUNOS Network App Infrastructure (for ping, traceroute, etc)
1493824 Traceroute monitor with MTR version v.69 shows a false 10 percent loss.
Product-Group=junos
Traceroute monitor is a wrapper to a popular tool called mtr. The version that is deployed on JunOS has a bug when used to produce a report (aka summary on JunOS). The last packet always shows a loss when there isn't. See here: https://bugs.launchpad.net/ubuntu/+source/mtr/+bug/966065
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1465302 The physical interface of aggregated Ethernet might take time to come up after disabling or enabling the interface
Product-Group=junos
On Junos platforms, the physical interface of AE might come up after a long delay (4 mins) if there are millions of bgp routes learnt on the device. This delay is happening because PFE Manager thread is busy processing the routing updates from RE. These routing updates are the result of AE interface going down at the first step of disabling the interface.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1387098 Traffic loss may be observed due to switch modular failure on CB
Product-Group=junos
On QFX10008/QFX10016/PTX10008/PTX100016 platforms, traffic loss might be observed because of switch modular failure on the Control Board (CB). This failure further causes all SIBs to be marked as faulty and causes FPCs to restart until Routing Engine switchover occurs.
PR Number Synopsis Category: QFX platform optics related issues
1458363 Intermittent LAG interface flaps might be seen on QFX platforms
Product-Group=junos
On QFX platforms with Link Aggregation Group (LAG) interface, if periodic "SFP diagnostic" is configured with short interval (e.g. test sfp periodic diagnostic-interval 3), the LAG interfaces might have intermittent flaps and therefore bring service impact due to this issue.
1504630 "Media type" in show interface command is displayed as "Fiber" for SFP-10G-T
Product-Group=junos
On QFX series, "Media type" in show interface command is displayed as "Fiber" for SFP-10G-T
PR Number Synopsis Category: QFX access control list
1487679 QFX5100: If more than one UDF filter/term is configured, then only the first filter/term will be programmed in H/w. This is due to SDK 6.5.16 upgrade.
Product-Group=junos
QFX5100: In case of even offsets, if more than one UDF filter/term is configured, then only the first filter/term will be programmed in H/w. In case of odd offset, the first offset itself won't be programmed. This is due to SDK 6.5.16 upgrade.
PR Number Synopsis Category: QFX PFE Class of Services
1468033 Ingress drops must be included at the CLI command from the interface statistics and added to the InDiscards.
Product-Group=junos
In QFX5000 platforms, as Ingress buffer drops (InDiscards) field is not presented the output of "show interfaces extensive x-x/x/x". This change added ingress buffer drops counters.
1472771 On the EX4600 device, DSCP marking might not work as expected if the fixed classifiers are applied to interfaces.
Product-Group=junos
On QFX5000/EX4600 platforms, if the interfaces are configured with the fixed classifiers, when some specific configuration changes are committed, for example, the same forwarding-class is applied to two different interfaces at the same time, and then the forwarding-class for one of the interfaces is changed and committed to a different value, the Differentiated Services code point (DSCP) marking might not be able to work as expected since both physical interfaces are still having the same forwarding-class mapped in the hardware table due to this issue.
PR Number Synopsis Category: Filters
1455177 A firewall filter might not be able to be applied in a particular VC/VCF member as TCAM space running out
Product-Group=junos
On QFX51/EX4300/EX4600 VC/VCF scenario with Vxlan used, when configuring a firewall filter and commit, the firewall filter might not be able to be applied in a particular VC/VCF member for TCAM space running out.
1462594 On the QFX5000 line of switches, the fxpc process might generate a core file when you change MTU in a VXLAN scenario with firewall filters applied.
Product-Group=junos
On the QFX5K VC/VCF platform with firewall filters applied on VXLAN enabled interface, the fxpc process might crash when changing MTU for the interface.
PR Number Synopsis Category: QFX L2 PFE
1460885 On the QFX5000 line of switches, the accept-source-mac feature with VXLAN does not work.
Product-Group=junos
The accept-source-mac feature with vxlan is not working on QFX5K platforms.
1485854 The dcpfe process might generate core file with the non-oversubscribed mode after SDK upgrade.
Product-Group=junosvae
On QFX5110-32q, when a user navigates to non-oversubscribed mode, dcpfe does not come up. This issue is seen due to upgrade of SDK to 6.5.16.(junos 18.4R2-S4, 19.R3 and 19.4R1). Default mode of operation has no issues.
1504354 LLDP is not acquired when native-vlan-id and tagged VLAN-ID are the same on a port.
Product-Group=junos
On QFX5000 platforms running with Link Layer Discovery Protocol (LLDP) configured, if the interface has both native-vlan-id and vlan-id configured, and the native-vlan-id and vlan-id have the same value, LLDP neighborship might be unable to setup on that particular interface due to this issue.
1510329 ARP replies might be flooded through the EVPN-VXLAN network as unknown unicast ARP reply.
Product-Group=junos
The QFX5100/5110/5120/5200 platforms configured as EVPN-VxLAN leaf, the leaf will send periodic ARP requests to connected hosts to refresh the mac-ip entry when proxy-arp and suppression are enabled. These ARP replies are being processed by the leaf, however, they are also being flooded further through the EVPN-VxLAN network as unknown unicast ARP reply. This issue may decrease the bandwidth efficiency of the core network.
PR Number Synopsis Category: QFX EVPN / VxLAN
1473464 QFX5K: "global-mac-table-aging-time" behavior with Multi homed EVPN VXLAN ESI
Product-Group=junos
When MAC change notification comes from L2 address learning daemon to PFE, PFE will handle this as MAC addition. That will cause the reset of MAC age timer in all FPC's of VC members in multi homed EVPN VXLAN-ESI cases. As part of MAC change HIT SA (Source Address) bits are wrongly programmed and leads to restart of the MAC age timer. So, MAC was aging in 3rd iteration and leading to this issue.
1499647 Firewall filter might not get applied on QFX5100/5110/EX4600
Product-Group=junos
On QFX5100/5110/EX4600 platforms, the firewall filter might not get applied due to the failure in programming into the TCAM.
1516653 The MAC learning might not work properly after multiple MTU changes on the access port in VxLAN scenario
Product-Group=junosvae
On QFX5120 platform running with Virtual Extensible LAN protocol (VxLAN) scenario, if there are multiple iterations of MTU change on the access port which faces Customer Edge (CE) side, for example, 20 iterations under the scale with around 100 VLAN to VXLAN Network Identifier (VNI) mapping, the MAC learning on the access port might not be able to work properly due to this issue.
PR Number Synopsis Category: QFX VC Infrastructure
1486002 The 10G VCP ports will not be active on QFX51XX and EX46XX VC scenario
Product-Group=junos
On QFX51XX and EX46XX platforms, 10G VCP ports will not be active, VC/VCF could not form correctly.
1497563 Virtual Chassis is not stable with 100-Gigabit Ethernet and 40-Gigabit Ethernet interfaces.
Product-Group=junos
In QFX5110 platform with Virtual Chassis (VC) scenario, VC might not get formed and can cause traffic loss if the 100G VCP ports are deleted and created, or changed from 40G to 100G or vice-versa. For the reason is that Forward Error Correction (FEC) should not be enabled when the physical interface is working as a VCP port.
PR Number Synopsis Category: RPD Interfaces related issues
1498992 The rpd might crash when multiple VRFs with 'IFLs link-protection' are deleted at a single time
Product-Group=junos
On all Junos platforms with large-scale VRF scenario, the rpd might crash when multiple VRFs with 'routing-options interface IFL link-protection' are deleted via a single commit.
PR Number Synopsis Category: KRT Queue issues within RPD
1446320 ,The following rpd core file appears: task_block_verify(task_io_hook_block, hook),jtask_jthr_endpoint_internal_sanity ,jtask_jthr_endpoint_sanity.
Product-Group=junos
When the rpd process is terminated immediately after it has been started, the rpd process might crash due to a race condition.
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1431227 IPv6 aggregate routes are hidden.
Product-Group=junos
IPv6 aggregate routes get hidden in the routing table until the rpd is restarted in some rare situations.
1447595 The rpd crashes and commit fails when trying to commit configuration changes.
Product-Group=junos
When loading configuration changes related to routing instance through RPC (e.g. OpenConfig), if the mgd reads an invalid routing-instance name (e.g. longer than 256 characters or mistaken name) from the configuration file and transfers it to the rpd, rpd crash happens.
PR Number Synopsis Category: SNMP Infrastructure (snmpd, mib2d)
1443675 Snmpd process might generate core files after restarting NSD process by using the restart network-security gracefully command.
Product-Group=junos
Snmpd might generate core after restarting NSD Daemon by "restart network-security gracefully".
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1453811 Delay in freeing processed defragment buffers lead to prolonged flow control and might crash.
Product-Group=junos
On Juniper Networks Junos MX Series with service card configured, receipt of a stream of specific packets may crash the MS-PIC component on MS-MIC or MS-MPC. Refer to https://kb.juniper.net/JSA11037 for more information.
PR Number Synopsis Category: MPC7/8/9 Interface Issues
1441816 Egress stream flush failure and traffic black hole might occur.
Product-Group=junos
Egress stream flush failure and silent dropping of traffic could occur in a rare occasion for a repeatedly flapping link on MPC7E, MPC8E, MPC9E cards, MX204 and MX10003.
PR Number Synopsis Category: Stout cards (MPC8, MPC9) fabric issues
1395591 On an MX2008 platform with MPC9E, in a line-rate traffic with a redundant SFB2 scenario, if there is one offline redundant SFB2, there might be tail drops or sometimes WRED drops in MPC9E. This results in partial traffic loss. Under normal circumstances, the SFBs should automatically fail over if one of them fails and there should be only a few packets dropped momentarily.
Product-Group=junos
On MX2008 routers with MPC9E, in a line rate traffic with a redundant SFB2 scenario, if you offline one redundant SFB2, there might be tail or sometimes WRED drops in MPC9E, resulting in partial traffic loss. Under normal circumstances, the SFBs should be auto-failover if one of them fails, and there should be only a few packets dropped momentarily.
PR Number Synopsis Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1476786 The MX router acting as LNS does not get to program the PFE with l2tp services that causes forwarding issues for the l2tp subscribers.
Product-Group=junos
On the MX platforms working in an enhanced subscriber environment, if the "routing-service" knob is enabled under the dynamic-profile for the LNS subscribers, l2tp services may not be programmed properly in the PFE due to timing, which causes forwarding issue to the affected subscribers.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1494594 Packets get dropped when next hop is IRB over lt interface.
Product-Group=junos
On MX series platforms, when a route's next-hop is an IRB interface with lt- as the underlying L2 interface, it is not getting programmed on PFE, resulting in packet drop.
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1432724 The statistics of the traffic generated by the Routing Engine on the MX platform is incorrect.
Product-Group=junos
Statistics of traffic generated by the Routing Engine on the MX platform might be incorrect. The 'Output bytes' counter is off by 6 bytes per packet for outbound traffic going out of MPC1E/2E/2E-NG/3E/3E-NG/4E/5E/6E interfaces. The same issue is not seen on the TurboTx path with linux based FPCs (e.g. MPC7E/8E/9E and PTX FPC3).
PR Number Synopsis Category: Ephemeral Database
1497575 Outbound SSH connection flaps or leaks memory during push configuration to ephemeral database with high rate.
Product-Group=junos
When the netconf session is established over outbound ssh, the hight rate of pushing configuration to Ephemeral DB might result in Outbound SSH connection flap or memory leak issue.
1508324 Outbound SSH connection flap or memory leak issue might be observed during pushing configuration to ephemeral DB with high rate
Product-Group=junos
When the netconf session is established over outbound ssh, the hight rate of pushing configuration to ephemeral database might result in outbound SSH connection flap or memory leak issue.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1447497 CLI prompt configured as part of [edit system login class] and [edit system login user] is not taking into effect with subsequent login post-commit.
Product-Group=junos
CLI prompt configured as part of [edit system login class] and [edit system login user] is not taking into effect with subsequent login post-commit.
1456578 CLI command with invoke-on and display xml rpc results in unexpected multiple RPC commands.
Product-Group=junos
In the previous Junos version, the CLI command combination of "invoke-on" and "display xml rpc" may give incorrect RPC command, because this combination is not supported in Junos. E.g., issuing the command "show version invoke-on all-routing-engines | display xml rpc".
1480348 TFTP installation from loader prompt may not succeed on the EX series devices
Product-Group=junos
On the EX series platforms with 17.1R1 onwards, software installation from loader prompt may not succeed by using TFTP.
 

18.4R2-S5 - List of Known issues
PR Number Synopsis Category: SFI Infra-structure
1485038 The following error message is observed: IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) failed continuously in AD with base configurations.
Product-Group=junos
EX 9251 Summit-B54 : "IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) error message is observed continuously in AD with base configurations.
PR Number Synopsis Category: EX4300 Platform
1429865 EX4300 does not drop FCS frames with CRC error on XE interfaces
Product-Group=junos
If PHY C1|C2 chip is used on EX4300, the FCS frames with CRC error on XE interfaces might not be dropped.
PR Number Synopsis Category: EX driver issues
1515689 The IP communication between directly connected interfaces on EX4600 would fail
Product-Group=junosvae
The IP communication between directly connected interfaces on EX4600 TVP platforms would fail. This issue only might occur in this special scenario and it might have traffic/service impact.
PR Number Synopsis Category: EX2300/3400 CP
1494712 Authentication session might be terminated if PEAP request is retransmitted by authenticator
Product-Group=junos
On all Junos platforms with 802.1X (dot1x) enabled, if Protected Extensible Authentication Protocol (PEAP) request is not replied by supplicant in default time interval, it could cause the authenticator to retransmit PEAP proposal method message with new Extensible Authentication Protocol (EAP) ID. The new EAP ID is different from EAP ID sent by authentication server. As a result, mismatching EAP ID issue could terminate authentication session. In the end, supplicant cannot access network. Please consider increasing 'supplicant-timeout' to prevent this issue from happening.
PR Number Synopsis Category: QFX Access control list
1521763 Firewall "sample" configuration gives the warning as unsupported on QFX10002-36q and will not work.
Product-Group=junos
On QFX10002-36q, when inline-jflow is configured, the IPv4 firewall filter with 'sample' action gives a waring "unsupported platform" and will not work. On the other hand, the IPv6 firewall filter with 'sample' action will still work as expected.
PR Number Synopsis Category: QFX PFE L2
1455654 EVPN-VXLAN: New Tenant addition and deletion leading to INTRAVNI traffic drop for few milliseconds.
Product-Group=junos
On QFX5120, during new tenant addition, there may be few transient packet drops (2 - 15 pkts) for couple of random intra-vni traffic streams in a EVPN-VXLAN topology for the existing tenants. The drop is almost negligible and is auto recovered.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1481987 Multicast traffic loss could be seen in certain conditions while enabling IGMP snooping under EVPN-VXLAN ERB scenario
Product-Group=junos
On QFX5110 & QFX5120 platform, which is running as Layer 3 VxLAN gateway, if "igmp-snooping" is enabled in partial but not for all bridge-domains, multicast traffic loss could be observed in non-igmp snooping bridge-domains.
PR Number Synopsis Category: Accounting Profile
1505409 Subscriber statistics not supported for V44 EP ports configuration
Product-Group=junos
Subscriber statistics not supported for V44 EP ports configuration. When Radius accounting enabled for the subscriber interface, statistics retrieval has issues. Statistics will not be reported and subscriber logout can take 5 minutes. This release is not recommended for configuration with V44 EP ports.
PR Number Synopsis Category: PFE Fusion software
1408947 Junos Fusion Enterprise: Observed Error jnh_dot1br_ktree_entry_create(1098): Entry Already Exists . Observing duplicate ECID values for cluster/extended ports on member ports of same cluster.
Product-Group=junos
When using EX9200 as the Aggregate Device (AD), you may see this error - "jnh_dot1br_ktree_entry_create(1098): Entry Already Exists" continuously. This caused by EX2300 Sattilite Devices (SDs) are having duplicate ECID values for the cluster/extended ports across members of same cluster devices
PR Number Synopsis Category: Border Gateway Protocol
1454677 Junos OS and Junos OS Evolved: Invalid BGP UPDATE sent to peer device may cause BGP session to terminate. (CVE-2020-1632)
Product-Group=junos
In a certain condition, receipt of a specific BGP UPDATE message might cause Juniper Networks Junos OS and Junos OS Evolved devices to advertise an invalid BGP UPDATE message to other peers, causing the other peers to terminate the established BGP session, creating a Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11013 for more information.
1517498 The rpd might crash after deleting and re-adding a BGP neighbor
Product-Group=junos
In BGP scenario on all Junos platforms, after deleting and re-adding a BGP neighbor, the rpd might crash due to a rare timing issue.
PR Number Synopsis Category: EA chip ( MQSS SW issues )
1444963 Routing Engine-generated jumbo frames might get dropped.
Product-Group=junos
RE generated jumbo frames might get dropped due to incorrect MTU setting on the internal switch
PR Number Synopsis Category: EVPN control plane issues
1439537 The RPD process might crash after committing changes
Product-Group=junos
The RPD process might crash after committing changes. This issue might be seen if the following conditions are met: * On EX/QFX switches and applicable for all JUNOS platforms * EVPN is configured Traffic loss may happen due to RPD core.
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1408840 In an Ethernet Virtual Private Network-Virtual Extensible LAN scenario with scaled bridge domains configured (for example, 4000 bridge domains), if the core-facing link on the VXLAN tunnel endpoint (VTEP) comes up (Down >> Up), the traffic received from the customer edge (CE) might be dropped by the VTEP for a period of time before it becomes normal.
Product-Group=junos
In a EVPN-VXLAN scenario with scaled Bridge Domains configured (for example, 4000 Bridge Domains), if the core facing link on the VTEP (VXLAN Tunnel Endpoint) comes up (Down >> Up), the traffic received from the CE (Customer Edge) might be dropped by the VTEP for a period of time before it becomes normal.
PR Number Synopsis Category: Express PFE L3 Features
1409632 Indirect-next-hop pointing to unknown unilist stuck with weight 65535 may occur after a link flap
Product-Group=junos
In the scenario where bgp multipath is enabled, there are multiple ecmp paths to indirect-next-hop, such as multiple lsp or ae, when forwarding chain is unilist_1->indirect-next-hop->unilist_2, any change in unilist_2 active member list will be absorbed by indirect-next-hop in the chain and the change will not be back propagated to top-level unilist_1. If a link flaps it will cause indirect-next-hop pointing to unilist_2 stuck with weight 65535 and further causing traffic blackholing.
PR Number Synopsis Category: SRX1500 platform software
1390577 SRX Series devices go into DB mode after USB installation.
Product-Group=junos
On SRX1500 and SRX4K platforms, the device might go into DB mode after USB installation.
PR Number Synopsis Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip
1418192 The rpd core files are seen when you restart the rpd or when the logical system is deactivated.
Product-Group=junos
The rpd process might generate a core file when the user intentionally restarts the rpd or deactivates logical-system.
PR Number Synopsis Category: Kernel software for AE/AS/Container
1355299 Packets destined to RE might be dropped in the kernel when LACP is configured
Product-Group=junos
Packets destined to the master RE (Routing Engine) might be dropped in the kernel due to excessive network traffic on the internal Ethernet interface. This excessive traffic results from LACP (Link Aggregation Control Protocol) reprogramming all the LACP member links periodically at 30 second interval.
PR Number Synopsis Category: Integrated Routing & Bridging (IRB) module
1453025 The IRB traffic might get drop after mastership switchover
Product-Group=junos
In the Virtual-Chassis scenario with mac-persistence-timer enabled, the IRB traffic might get drop after master switchover.
PR Number Synopsis Category: Flow Module
1467654 TCP session might not time out properly upon receiving TCP RESET packet
Product-Group=junos
TCP session cannot time out properly upon receiving the TCP RESET packet, and the session timeout does not change to two seconds.
PR Number Synopsis Category: Firewall Policy
1454907 Traffic might be dropped when policies are changed in SRX Series devices
Product-Group=junos
If a huge number of policies are configured on SRX Series devices and some policies are changed, the traffic that matches the changed policies might be dropped.
1471621 The policy detail does not display the policy statistics counter, even when policy count is enabled.
Product-Group=junos
On SRX Series devices that have a security policy counter deployed, the count option in the security policy might not work. As a result, issuing show security policies <> detail might not print traffic statistics for the security policy.
PR Number Synopsis Category: IPSEC/IKE VPN
1444730 IPsec VPN traffic drop might be seen on SRX Series platforms with NAT-T scenario.
Product-Group=junos
IPsec VPN traffic drop might be seen with NAT-T scenario.
PR Number Synopsis Category: lacp protocol
1463791 In EVPN multi-homed active/active scenario, when LACP is enabled on PE-CE child member links and after recovering from a core-isolation on the PE device, the PE-CE child member links might be stuck in Detached state if LACP sync-reset feature is enabled on the CE device. The child links on the CE device might show the LACP state as Collecting Distributing. However, on the PE devices, the LACP state might be shown as Detached.
Product-Group=junos
In EVPN multi-homed active/active scenario, when LACP is enabled on PE-CE child member links and after recovering from a core-isolation on the PE device, the PE-CE child member links might be stuck in Detached state if LACP sync-reset feature is enabled on the CE device. The child links on the CE device might show the LACP state as Collecting Distributing. However, on the PE devices, the LACP state might be shown as Detached.
1500758 The MC-LAG might become down after disabling and then enabling the force-up.
Product-Group=junos
If the AE (Aggregation Ethernet) interface under the MC-LAG (Multichassis Link Aggregation Groups) is configured with force-up, the MC-LAG might become down after disabling and then enabling the force-up. Traffic goes through the MC-LAG will be dropped when the interface is down.
1505523 AE interface sometimes might not come up after switch is rebooted
Product-Group=junos
In Junos platforms with LACP and knob "minimum-links" enabled scenario, AE interface might not come up after the switch is rebooted or the AE interface is deactivated/activated. This is because the knob "sync-reset" is enabled. ("sync-reset" is enabled by default on QFX and EX platforms, and it only needs to use when the "minimal link" is not supported on one side of an LACP).
PR Number Synopsis Category: OSPF routing protocol
1348031 The route might flap after OSPF neighbor router reboot
Product-Group=junos
After the OSPF neighbor router reboot, the route received from the neighbor router via OSPF might flap during the router recovery. When this occurs, out of order packets and traffic loss might be seen.
PR Number Synopsis Category: PTX10K Routing Engine
1437745 RE switchover does not work as expected while SSD failure occurs
Product-Group=junos
On PTX10008/10016 and QFX10008/10016 platforms with GRES enabled, although failover is configured with the knob "on-disk-failure", the switchover is not triggered immediately while SSD failure occurs on master RE.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1507044 The archival function may fail in certain conditions
Product-Group=junos
If the archival function is enabled with the statement "routing-instance" and transfer mode is set as SFTP/SCP for archive-sites, it may not work and fail to transfer the files.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1454527 On the QFX5000 line of switches, the dcpfe process crashes due to the usage of data that is not null getting terminated.
Product-Group=junosvae
The dcpfe crash is due to usage of data which is not NULL terminated on QFX5K.
PR Number Synopsis Category: QFX L2 PFE
1515254 On the EX4600 device with VXLAN enabled, the ARP request might get dropped if the storm control is configured.
Product-Group=junos
ARP request get dropped on QFX5000 and EX46xx devices when all of the following condition are met. 1.Storm control is enabled on any of the port. 2.VXLAN is enabled 3.Arp-suppression is enabled.
PR Number Synopsis Category: QFX EVPN / VxLAN
1510794 QFX5K : EVPN-VXLAN : EVPN-VXLAN : Multicast traffic loss due to few multicast routes missing in Spine node
Product-Group=junos
In an EVPN-VXLAN scenario, multicast traffic may not reach to Spine to form (S,G) in PIM enabled Spines. Issue might happen due to various triggers including multiple rollback of configs on Spine, interface flap, clear bgp.
PR Number Synopsis Category: QFX VC Infrastructure
1528879 On QFX5100 VC, if traffic engineering is configured then downgrade to 14.1 release from 17.3 or later release may fail.
Product-Group=junos
On QFX5100 VC, if traffic engineering is configured then downgrade to 14.1 release from 17.3 or later release may fail.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1488251 MAC learning under bridge-domain stops after MC-LAG interface flaps.
Product-Group=junos
MAC learning under bridge-domain over MC-LAG interface stops after MC-LAG interface flap
1505465 Traffic loss could be seen in certain conditions under MC-LAG setup
Product-Group=junos
On all Junos platforms with MC-LAG setup, traffic loss might be seen after disabling the ICL (Interchassis Link). This defect could be observed under the following two conditions. Firstly, configuring "force-up" under MC-AE port. Secondly, LACP is not running on downstream of the MC-LAG setup.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1431198 Error might occur when you use a script to load the configuration.
Product-Group=junos
Multiple deletion of a non-existing configuration statement produces errors through RPC load-configuration.
1454387 Timestamp is not shown with count option after changing the match condition for the show <> | mathc <> | count command.
Product-Group=junos
When you edit a command and run the command from CLI command history, the timestamp might not appear.
PR Number Synopsis Category: VNID L2-forwarding on Trio
1517591 no-arp-suppression was required for MAC learning to happen across the EVPN domain on static VTEP
Product-Group=junos
no-arp-suppression was required for MAC learning to happen across the EVPN domain on static VTEP
Modification History:
Update on 2020-09-11 to include a warning about PR1538172
First publication 2020-09-03
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search