Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles18.4R2-S5: Software Release Notification for JUNOS Software Version 18.4R2-S5
WARNING: We are investigating a report that the Routing Protocol Daemon may restart unexpectedly when upgrade to software version 18.4r2-S5.
Preliminary investigation points to the area of "set policy-options rtf-prefix-list ..." configuration stanza. This issue is being tracked by PR1538172
If you are using "set policy-option rtf-prefix-list", please do not upgrade to Junos version 18.4R2-S5 until further notice.
| PR Number | Synopsis | Category: DOT1X |
|---|---|---|
| 1512724 | The DOT1XD_AUTH_SESSION_DELETED event is not triggered with a single supplicant mode. Product-Group=junos |
On all Junos platforms, with 802.1X (Dot1X) authentication enabled, Junos event 'DOT1XD_AUTH_SESSION_DELETED' might not be triggered when 802.1X authentication session is removed. Because of this issue, functions and features identified by script might not execute. In the end, if configuration related functions or features is contained in the script, inappropriate configuration might cause network issue. |
| PR Number | Synopsis | Category: EX4300 PFE |
| 1436642 | The FPC/pfex crash may be observed due to DMA buffer leaking Product-Group=junos |
On EX2300/EX3400/EX4300/EX4600 platforms, DMA buffer leaking may be hit once the next-hop of received traffics is not resolved and eventually to cause an FPC/pfex crash if the DMA buffer runs exhaustion. |
| 1493212 | IPv6 neighbor solicitation packets might be dropped in a transit device. Product-Group=junos |
In EX4300 platform with a Layer 2 scenario, IPv6 neighbor solicitation (NS) packets transiting an EX switch might be dropped if there is a firewall filter matching "next-header icmpv6" then "policer xxx with discard action" configured under a loopback interface. That will cause the IPv6 communication going through the EX switch to fail (IPv4 works fine). |
| PR Number | Synopsis | Category: EX4300 Platform |
| 1405262 | EX4300 : Alarm with removal of PEM (Power supply) Product-Group=junos |
EX4300 : When PEM (Power supply) is removed, Alarm was not generated. With this fix, Alarm will be generated and ALM LED will be illuminated with yellow. |
| PR Number | Synopsis | Category: Marvell based EX PFE L2 |
| 1452738 | The l2ald and eventd are hogging 100% after issuing "clear ethernet-switching table" command Product-Group=junos |
The l2ald and eventd processes are hogging 100% after "clear ethernet-switching table" command is issued and also the continuous syslog errors "l2ald[18605]: L2ALD_IPC_MESSAGE_INVALID: Invalid message received (message type 0, subtype 0): null message" are observed. |
| PR Number | Synopsis | Category: EX2300/3400 PFE |
| 1427391 | The fxpc/PFE might crash on EX2300/EX3400 platforms Product-Group=junos |
In rare case, the fxpc/PFE might crash if the traffic between RE and PFE gets stuck in PFE. |
| 1434646 | Packet drop might be seen if native VLAN is configured along with flexible VLAN tagging Product-Group=junos |
When the native VLAN is configured along with the flexible VLAN tagging on a L3 subinterface, untagged packets might be dropped on that L3 subinterface. |
| 1462155 | The fxpc crashes due to PFEMAN_RT thread and BCM linkscan thread get into a deadlock Product-Group=junos |
In certain conditions, PFEMAN_RT thread and BCM linkscan thread get into a deadlock causing watchdog timeout. |
| 1525373 | "Drops" and "Dropped packets" counters in the output by "show interface extensive" are double counting. Product-Group=junos |
"show interface ..." command shows wrong values for the "Drops" and "Drop Packet" counters. The actual value is half of the display values. |
| PR Number | Synopsis | Category: EX2300/3400 platform |
| 1442134 | EX3400 FAN alarm (Fan X not spinning) appears and disappears repeatedly after removed the fantray (Absent). Product-Group=junos |
EX3400 FAN alarm (Fan X not spinning) appears and disappears repeatedly after removed the fantray (Absent). |
| 1444903 | "/var/host/motd does not exist" message is flooded every 5 sec in chassisd logs Product-Group=junos |
"/var/host/motd does not exist" message is flooded every 5 sec in chassisd logs since EX2300/EX3400 does not support a backup partition. |
| PR Number | Synopsis | Category: NFX Layer 3 Features Software |
| 1437824 | "LIBCOS_COS_TVP_FC_INFO_NOT_FOUND: Forwarding-class information not specified" messages seen while committing configurations Product-Group=junos |
"LIBCOS_COS_TVP_FC_INFO_NOT_FOUND: Forwarding-class information not specified" messages might be seen while committing CoS configurations on PTX/MX/NFX |
| PR Number | Synopsis | Category: QFX Multichassis Link Aggregrate |
| 1459201 | The MC-LAG configuration-consistency ICL-config might fail after committing some changes Product-Group=junos |
When adding VLANs to an MC-LAG interface, the configuration-consistency ICL-config might fail after committing the changes. Resulting in a failure to add VLANs and a disabled MC-LAG interface. |
| PR Number | Synopsis | Category: QFX Access control list |
| 1514570 | Scale of filters with egress-to-ingress command is enabled. Product-Group=junos |
With the 'egress-to-ingress' knob enabled, the filter installation fails if the number of filter entries configured is more than 1K. |
| PR Number | Synopsis | Category: QFX PFE CoS |
| 1510365 | Traffic might be forwarded to the wrong queue when a fixed classifier is used. Product-Group=junos |
If L2 access or vlan bridge IFL is created after fixed classifier is applied, the traffic matching the fixed classifier might be forwarded in unexpected queue, it might cause congestion unexpectedly hence there is traffic impact. |
| PR Number | Synopsis | Category: QFX PFE L2 |
| 1481031 | Connectivity is broken through LAG due to members configured with hold-time and force-up Product-Group=junos |
Connectivity through link aggregation group bundle could break after there is a flap event on the physical ports when one physical member interface is configured with hold-time and the other member interface is having LACP force-up feature configured. |
| PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
| 1355607 | Some storm control error logs might be seen on QFX-series platforms Product-Group=junos |
On QFX Series platforms, in a corner scenario with a Virtual Chassis setup, if storm control configuration is enabled on interfaces and multicast traffic ingresses on the interfaces, some storm control error logs might be observed on these interfaces. It is only seen in one customer setup and not reproducible in a local setup. Also, it is just a logging issue and has no traffic impact. |
| 1487707 | CPU port queue gets full due to excessive pause frames being received on interfaces, this causes control packets from the CPU to all ports to be dropped Product-Group=junos |
On QFX5000 platforms (QFX5100/QFX5110/QFX5120/QFX5200/QFX5210) with point-to-point multi-link scenario, when the switch ingress buffer saturation happens, all interfaces on multi-link stop sending traffic at the same time. |
| PR Number | Synopsis | Category: Accounting Profile |
| 1458143 | In some rare scenarios upon FPC or PIC reboot, the Packet Forwarding Engine daemon database might not get updated with the correct location_id for some physical interfaces, then a problem with statistics on some interfaces of a router might be observed. Product-Group=junos |
In some rare scenarios upon FPC or PIC reboot, the pfed (packet forwarding engine daemon) database may not get updated with the correct location_id for some physical interfaces (IFDs), then a problem with statistics on some interfaces of a router may be observed. If this issue happens in the subscriber management environment, and depending on the radius server configuration, it may cause the subscribers to get disconnected by the radius server because of the radius server can not receive the proper statistics update for the subscribers from the pfed. |
| PR Number | Synopsis | Category: PFE Fusion software |
| 1408947 | Junos Fusion Enterprise: Observed Error jnh_dot1br_ktree_entry_create(1098): Entry Already Exists . Observing duplicate ECID values for cluster/extended ports on member ports of same cluster. Product-Group=junosvae |
When using EX9200 as the Aggregate Device (AD), you may see this error - "jnh_dot1br_ktree_entry_create(1098): Entry Already Exists" continuously. This caused by EX2300 Sattilite Devices (SDs) are having duplicate ECID values for the cluster/extended ports across members of same cluster devices |
| PR Number | Synopsis | Category: Border Gateway Protocol |
| 1396344 | Processing a large scale as-path regex causes the flapping of the route protocols. Product-Group=junos |
When 'as-path-group' is configured under BGP, if a configuration with a large scale as-path regex is committed, the route protocols flap might be seen. |
| 1494005 | The rpd process generates core file at rt_nh_resolve_add_gen in ../../../../../../../../src/junos/usr.sbin/rpd/lib/rt/rt_resolve_ind.c: with the evpn-dhcp configurations. Product-Group=junos |
In BGP with INH (indirect next-hop) scenario, if using the knob "no-labeled-bgp" to disabled the chained composite next-hops for labeled BGP, the INH might not be created for the transit traffic route when devices handling transit traffic in the network. To create the INH again, it need to re-enable the chained composite next-hops for labeled BGP by removing the knob "no-labeled-bgp" or adding the knob "labeled-bgp", but the rpd resolver might not resolve the INH information as normal since the resolver is not getting ready, it might cause RDP crashed. Then, the routing protocol might be impacted. |
| 1497721 | Junos OS: Receipt of certain genuine BGP packets from any BGP Speaker causes RPD to crash. (CVE-2020-1640) Product-Group=junos |
An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon allows an attacker to crash RPD thereby causing a Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11024 for more information. |
| PR Number | Synopsis | Category: L2NG Access Security feature |
| 1451688 | DHCP Snooping static binding not take effect after deleting and re-adding the entries Product-Group=junos |
From Junos OS release 14.1X53-D15/15.1R1 and above, due to a software defect, DHCP Snooping static binding may not take effect after deleting and re-adding the entries with commit. As a workaround, we can use "commit full" after the configuration changes. |
| PR Number | Synopsis | Category: QFX Access Control related |
| 1439200 | The dot1x might not work when captive-port is also configured on the interface on backup/non-master FPC Product-Group=junos |
On EX2300/EX3400/EX4300MP-VC platforms, if the dot1x and captive-port are enabled on the interface on backup/non-master FPC, the dot1x might not be able to work. |
| PR Number | Synopsis | Category: QFX xSTP Control Plane related |
| 1500783 | On the EX4300, EX3400, and EX2300 Virtual Chassis with NSB and xSTP enabled, continuous traffic loss might be observed while performing GRES. Product-Group=junos |
On EX4300/EX3400/EX2300 Virtual-Chassis with NSB and xSTP enabled, the continuous traffic loss might be observed while doing GRES. |
| PR Number | Synopsis | Category: OpenSSH and related subsystems |
| 1454177 | The SSH login might fail if a user account exists in both the local database and RADIUS/TACACS+. Product-Group=junos |
SSH login from an automation tool to the Junos device might not be successful if the username is configured both as a local user and on remote RADIUS/TACACS server, and using authentication method 'password'. |
| PR Number | Synopsis | Category: Device Configuration Daemon |
| 1444131 | When the logical interface is associated to a routing instance inside, an LR is removed from the routing instance and the logical interface is not added to the default routing instance. Product-Group=junos |
When all routing instances configured under a logical-systems are deleted, the IFLs associated to those routing instances are deleted from respective RI but are not getting added to default routing instance this is unexpected behavior. This behavior is seen due to bug in cleanup of routing instances. |
| PR Number | Synopsis | Category: dhcpd daemon |
| 1471161 | DHCP relay with forward-only fails to send OFFER when the client is terminated on the lt-0/0/0.2 logical tunnel interface. Product-Group=junos |
On all Junos platforms, when DHCP relay is configured with forward-only, and DHCP client is terminated on logical tunnel interface that multiple IFLs under this lt- interface have a same VLAN, DHCP relay might fail to send OFFER messages. |
| PR Number | Synopsis | Category: EVPN control plane issues |
| 1461795 | EVPN-VXLAN core isolation is not working when the system is rebooted or the routing is restarted. Product-Group=junos |
In an EVPN-VXLAN core isolation scenario, the server is multihomed to the leaf devices through LACP interfaces. If graceful restart is enabled, when you reboot the system or restart routing on the leaf device, the core isolation does not work. If you reboot the system, the issue results in the leaf device silently dropping the traffic sent from the server during the time window between LACP coming up and BGP coming up. If you restart routing, there might be no traffic drop because of the graceful restart. |
| 1482790 | The ESI of IRB interfaces does not update after autonomous-system number change if the interface is down. Product-Group=junos |
On EX, QFX and MX platforms, Ethernet Segment Identifier (ESI) of IRB interfaces does not update after autonomous-system number change when IRB interface is in DOWN state. |
| 1485377 | On the MX, QFX10002, QFX10008, and QFX10016 devices within an EVPN-MPLS active-active multi-homing mode, when adding and deleting the virtual-gateway-address, the ARP entry to CE might disappear from the kernel. Product-Group=junos |
On MX/QFX10002/QFX10008/QFX10016 devices within an EVPN-MPLS active-active multi-homing mode, when adding and deleting the virtual-gateway-address, the ARP entry to CE might disappear from the kernel. |
| 1506343 | Configuring the knob "proxy-macip-advertisement" for EVPN-MPLS leads to functionality breakage Product-Group=junos |
In EVPN-MPLS scenario, with "proxy-macip-advertisement" enabled on IRB, ARP for remote CE on local PE fails might be seen and forwarding-table entry always remains in hold state. The "proxy-macip-advertisement" enable the proxy advertisement feature on a device that can function as a Layer 3 gateway. With this feature enabled, the Layer 3 gateway advertises the MAC and IP routes (MAC+IP type 2 routes) on behalf of Layer 2 VXLAN gateways. |
| PR Number | Synopsis | Category: EVPN Layer-2 Forwarding |
| 1498023 | The l2ald memory leakage might be observed in any EVPN scenario. Product-Group=junos |
In any EVPN scenario (for example, active-active multi-homing mode, active-standby multi-homing mode, EVPN-VXLAN, or EVPN-MPLS), the l2ald memory might slowly come up when the local CE device or core face interfaces continuously flap. If the memory of l2ald is exhausted, it causes the l2ald to crash. |
| 1520078 | Unable to create a new VTEP interface Product-Group=junos |
In all platforms with VXLAN Static VTEP tunnels scenario (including Static VXLAN without EVPN), after RE switchover or restart of l2-learning, if create a new VTEP interface, the interface may not work. |
| 1521199 | The l2ad process might crash when EVPN-DCI session is teared down by MP-BGP-EVPN peer Product-Group=junos |
On EVPN-VXLAN scenario, when EVPN-DCI session is teared down by MP-BGP-EVPN peer, the l2ald process might crash with a core file generated in all VTEPs. It might cause total EVPN-VXLAN fabric bring down and entire network impact. |
| PR Number | Synopsis | Category: Sflow on qfx10k/ptx series PRs for defect & enhancement req |
| 1475082 | The sFlow could not work correctly if the received traffic goes out of more than one interface. Product-Group=junos |
On QFX10K platforms, if the traffic which is received from AE bundle go out of more than one interface, the sflow might work incorrectly. |
| PR Number | Synopsis | Category: Express PFE CoS Features |
| 1509220 | Traffic might be affected on QFX10002/QFX10008/QFX10016 platform Product-Group=junos |
On QFX10002/QFX10008/QFX10016, on the interfaces which map to h/w stream 0, if enhanced transmission selection (ETS), which in JunOS implementation is Hierarchical port scheduling configurations, change while high rate traffic is flowing, the chip might be wedged, thus no traffic flow is seen. Hierarchical port scheduling is the Junos OS implementation of enhanced transmission selection (ETS), as described in IEEE 802.1Qaz. |
| PR Number | Synopsis | Category: Express PFE Services including JTI, TOE, HostPath, Jflow |
| 1431498 | IPFIX Flow timestamp is not matching with NTP synchronized system time Product-Group=junos |
The timestamp reported for packet arrival in NetFlow records will report inaccurate time due to the synchronization issue with NTP. |
| PR Number | Synopsis | Category: Express PFE L2 fwding Features |
| 1352805 | On the QFX10000 line of switches, the Aruba wireless access point (AP) heartbeat packets get dropped. As a result, the Aruba wireless AP cannot work. Product-Group=junos |
QFX10000 platform drops the Aruba wireless access point (AP) heartbeat packets. As a result, the Aruba wireless AP cannot work. |
| 1427994 | The dcpfe process might crash and restart in MC-LAG scenario when the ARP/NDP next-hop is changed Product-Group=junos |
On QFX10002/QFX10008/QFX10016 Series platforms with enhanced MC-LAG scenario, the dcpfe process might crash and restart if the ARP/NDP next-hop is changed. |
| 1442587 | The PMTUD might not work for both IPv4 and IPv6 if the ingress Layer 3 interface is an IRB. Product-Group=junos |
Path MTU Discovery (PMTUD) is a standardized technique for determining the maximum transmission unit (MTU) size on the network path between two IP hosts, usually with the goal of avoiding IP fragmentation. On QFX10K platforms, the PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb. The corresponding ICMP Fragmentation Needed packet to the sender might be dropped silently, then PMTUD fails. This issue has service impact. |
| 1444100 | When a line-card is rebooted, the MC-LAG may not get programmed after the line-card comes back online Product-Group=junos |
On QFX10002/QFX10008/QFX10016 series platforms with enhanced convergence is configured in an MC-LAG scenario, if a line-card that has MC-LAG links is rebooted, the MC-LAG may not function correctly after the line-card comes back up. The impact is that it might not block the BUM traffic received on the interchassis link (ICL) and might cause the MAC movement and packet loss on the downstream devices. |
| PR Number | Synopsis | Category: Express PFE L3 Multicast |
| 1344395 | When powering off an individual FPC the other FPC PFE might go offline too Product-Group=junos |
On all QFX10000 Series platforms, when powering off an individual FPC through issuing "set chassis fpc X power off" in Junos OS CLI, the other FPC PFE might go offline. |
| PR Number | Synopsis | Category: SRX1500 platform software |
| 1438445 | The flowd process stops and generates core files. Product-Group=junos |
On vSRX, SRX100, SRX110, SRX210, SRX220, SRX240, SRX300, SRX320, SRX340, SRX345, SRX550, SRX650, and SRX1500 devices, and the SRX4000 line of devices, in a rare condition, the flowd process goes into a dead loop and then stops. This might cause traffic loss. |
| 1458323 | When you try to reset the system configuration on an SRX1500 device using the reset config button, it does not work properly. Product-Group=junosvae |
When resetting system configuration on SRX1500 using the reset config button, it does not work as designed. In the new release it will work as designed. |
| 1488203 | CPU board inlet increases after OS upgrade from Junos OS Release 15.1X49 to Junos OS Release 18.x. Product-Group=junosvae |
On SRX1500, the temperature value of CPU Board Inlet increases after OS upgrade from 15.1X49 release to OS 18.x Although this is just the display issue it may cause false temperature alerts from CPU Board Inlet. |
| PR Number | Synopsis | Category: PTX Express ASIC interface |
| 1486181 | The L2VPN might flap and CE facing interface cannot restore TX optical laser power even if the L2VPN is up status under asynchronous-notification Product-Group=junos |
The Layer 2 VPN (L2VPN) on PTX with asynchronous-notification might keep flapping when the link is going up between PE and CE. After L2VPN flap, the interfaces which are set "asynchronous-notification" might show "- Inf dBm" laser output power even the L2VPN is up status. |
| PR Number | Synopsis | Category: Kernel software for AE/AS/Container |
| 1441772 | On a PTX Series or QFX Series device, the aggregated Ethernet outgoing traffic might be dropped after making changes to the aggregated Ethernet interface configuration. Product-Group=junos |
On PE-chip based PTX/QFX platforms (including PTX1K/3K/5K/10K series, QFX10K series), if CoS IEEE-802.1 rewrite rule is configured and bound to the AE interface, traffic going out the AE interface might get dropped after changes are made to AE, due to nexthop install failure on ingress PFEs. |
| 1474300 | A new aggregated Ethernet member interface for a static LAG bundle is installed in the FIB even though the micro- BFD session is down. Product-Group=junos |
On all Junos platforms, if a static Link Aggregate Group (LAG) is configured, and Bidirectional Forwarding Detection (BFD) is enabled on the LAG which is also called as micro BFD, a newly added member link might start to forward traffic immediately when the configuration change commits even though its micro BFD session is still down, for example, add a new member interface only on single end, and the remote member interface is disabled or not added. Therefore, traffic loss might be seen due to this issue. |
| PR Number | Synopsis | Category: jdhcpd daemon |
| 1447323 | On MX10008 or MX10016 platforms, the dhcp-relay command might not work. Product-Group=junosvae |
On MX10008/MX10016 platforms, if the dhcp-relay knob is enabled under the forwarding-option hierachy, either in default or non-default routing-instance, the Dynamic Host Configuration Protocol (DHCP) relay feature might not work as expected. Due to this issue, all the DHCP discovery packets couldn't be relayed. |
| PR Number | Synopsis | Category: Adresses NAT/NATLIB issues found in JSF |
| 1471932 | The flowd and srxpfe process might stop when traffic is processed by both ALGs and NAT. Product-Group=junos |
The flowd or srxpfe process might stop when traffic is processed by both ALGs and NAT. |
| PR Number | Synopsis | Category: Flow Module |
| 1465286 | SRX Series: Double free vulnerability can lead to DoS or remote code execution due to the processing of a specific HTTP message when ICAP redirect service is enabled (CVE-2020-1647) Product-Group=junos |
On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, a double free vulnerability can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) due to processing of a specific HTTP message. Refer to https://kb.juniper.net/JSA11034 for more information. |
| 1469123 | The flowd/srxpfe process might crash if the tunnel information related show command is issued during the tunnel deleting process Product-Group=junos |
On SRX platforms, if a tunnel (e.g. IPsec, GRE, IPIP, etc..) has been established, the flowd/srxpfe process might crash if the tunnel information related show command is issued during the tunnel deleting process. Temporary traffic interruption might be seen during the flowd/srxpfe process crash. |
| PR Number | Synopsis | Category: Firewall Policy |
| 1419983 | The NSD process might stop due to a memory corruption issue. Product-Group=junos |
The NSD process might stop due to a memory corruption issue. As a result, security-related configurations cannot be committed on SRX Series device and core files are generated. |
| 1453852 | Security policies cannot be synchronized between the Routing Engine and the Packet Forwarding Engine on SRX Series devices. Product-Group=junos |
On all SRX platforms, in a very rare condition, security policies do not be synchronized between RE and PFE. This issue might cause traffic loss. |
| 1458639 | The NSD process might get stuck and cause problems. Product-Group=junos |
On all SRXs that have policy counter configured, there is a potential risk where the network-security daemon (NSD) on the RE could not communicate with its PFE counterpart (NSD-PFE) after either a HA failover, control link down, or PFE restart. At that point, it could no longer respond to network-security related commands and will not be able to complete coldsync for a newly joined node in HA environment. |
| PR Number | Synopsis | Category: IPSEC/IKE VPN |
| 1439338 | IKE SA does not get cleared and is showing very long lifetime Product-Group=junos |
In situations where SRX is the responder and the remote peer is initiator, we can see IKE SA on the SRX with very long lifetime. This happens if the peer suddenly changes IP address and starts a new negotiation |
| PR Number | Synopsis | Category: Security platform jweb support |
| 1499280 | Junos OS: Security vulnerability in J-Web and web-based (HTTP/HTTPS) services Product-Group=junos |
Junos OS: Security vulnerability in J-Web and web-based (HTTP/HTTPS) services (CVE-2020-1631). Refer to https://kb.juniper.net/JSA11021 for more information. |
| PR Number | Synopsis | Category: Issues related to Jflow Jvision Sensors |
| 1477445 | Sampling process might crash when the MPLS or MPLS over the UDP traffic is sampled. Product-Group=junos |
When inline-jflow is configured for sampling MPLS traffic, multi-svcs process running on the FPC may crash (which will lead to FPC crash and restart) due to MPLS resend flow referencing to an unavailable memory location. |
| PR Number | Synopsis | Category: PFE infra to support jvision |
| 1468435 | Optics measurements might not be streamed for interfaces of a PIC over JTI. Product-Group=junos |
When tunnel-services are configured on a PIC, the optics measurements that subscribed via gRPC might not be streamed. |
| PR Number | Synopsis | Category: Layer 2 Control Module |
| 1464553 | The LLDP packets might get discarded. Product-Group=junos |
On all Junos platforms, the LLDP packet received from any other vendor might get discarded. The issue is seen when there are two location-id in the same packet and the Junos device considers the LLDP packet as duplicate and discards it. This might result in the PoE phone not coming up or neighborship information not getting exchanged. |
| 1505710 | The l2cpd crash might be seen if the ERP configuration is added or removed, and l2cpd is restarted. Product-Group=junos |
Core files are generated if you add or delete ERP configuration multiple times and restarted l2cpd or rebooted the box. If this issue is happened, l2cpd does not recover again and generates core file continuously. |
| PR Number | Synopsis | Category: Layer2 forwarding on EX/NTF/PTX/QFX |
| 1498863 | Inter and Intra VNI or VRF traffics are dropped between the CE devices when the interfaces connected between the TOR and multi-homes PE devices are disabled. Product-Group=junos |
On QFX10002/QFX10008/QFX10016 devices with Multi-homes PE deployment environment, the Inter and Intra VNI/VRF traffic is dropped between CEs when one of the ESI links is disabled. |
| 1505976 | VRRPv6 might not work in EVPN scenario Product-Group=junos |
In EVPN scenario with VRRPv6 used, the ethernet source mac address might be used for IPv6 mac-ip binding when the NA is sent from VRRPv6 master, as this unexpected behavior is triggered on regular intervals, it causes the entries to keep refreshing in EVPN database because NS from VRRPv6 master changes the mac-ip binding. Hence it has traffic impact. |
| 1512802 | Memory leak on l2ald might be seen when adding/deleting the routing-instances/bridge-domains configuration Product-Group=junos |
Memory leak on l2ald might be seen when adding/deleting the routing-instances/bridge-domains configuration. |
| PR Number | Synopsis | Category: Label Distribution Protocol |
| 1479249 | RPD crashs on the backup Routing Engine when LDP tries to create LDP p2mp tunnel upon receiving corrupted data from the master Routing Engine. Product-Group=junos |
RPD crash on the backup RE when LDP tried to create LDP p2mp tunnel upon receiving corrupted data from the master RE. |
| PR Number | Synopsis | Category: Multiprotocol Label Switching |
| 1517018 | The rpd might crash after upgrading Junos software release from pre 18.1 to 18.1 onwards Product-Group=junos |
On all Junos platforms, the rpd might continuously crash after upgrading Junos software release from pre 18.1 to 18.1 onwards while graceful-restart and RSVP/static LSP are configured. This is because there is a change in the data structure written to the restart db file from 18.1 onwards. So, when rpd comes up and tries to read the restart db file written by pre 18.1 release image, the rpd might crash. |
| PR Number | Synopsis | Category: Multicast Routing |
| 1468737 | The mcsnoopd crash might be seen if one of the BD/VLANs is configured as a part of EVPN and has static or dynamic multicast router interfaces. Product-Group=junos |
In all Junos platforms where EVPN SMET is supported, the mcsnoopd process might crash if a snooping enabled BD/VLAN which has mrouter port(s) is configured as part of EVPN as extended VLAN/VNI. |
| PR Number | Synopsis | Category: DNS filtering on MX. |
| 1474056 | Junos OS: MX Series: Services card might restart when DNS filtering is enabled (CVE-2020-1645) Product-Group=junos |
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart. Refer to https://kb.juniper.net/JSA11028 for more information. |
| PR Number | Synopsis | Category: MX104 Software - Chassis Daemon |
| 1453893 | FPC/PFE crash may happen with ATM MIC installed in the FPC Product-Group=junos |
FPC crash on MX240 and MX2020 routers or Packet Forwarding Engine crash on MX104 routers might happen when the MIC-3D-8OC3-2OC12-ATM is installed and ATM interface is configured. |
| PR Number | Synopsis | Category: MX10K platform |
| 1415671 | After the MPC JNP10K-LC2101 chassis is powered on, a voltage of 1345 mV?1348mV is read for about 20 seconds, which gets stabilized to 1493mV. During this period, the FPC x Voltage Tolerance Exceeded major alarm is raised. Product-Group=junos |
After powering on the MPC "JNP10K-LC2101"chassis we are reading the voltage 1345 mV-1348mV for about ~20 sec and then its getting stabilized to the 1493mV, during this period we are reporting the "FPC x Voltage Tolerance Exceeded" Major alarm |
| 1451011 | JNP10000-LC2101 FPC generates Voltage Tolerance Exceeded major alarm for EACHIP 2V5 sensors. Product-Group=junosvae |
On a JNP10K-LC2101 line card, the MAJOR Alarm with "FPC Voltage Tolerance Exceeded" message may be logged and cleared. This is a software issue. There is no need to replace the FPC. |
| PR Number | Synopsis | Category: OS IPv4/ARP/ICMPv4 |
| 1437302 | The next-hop MAC address in the output of the show route forwarding-table command might be incorrect. Product-Group=junos |
Cosmetic problem cli display of wrong next hop mac address in show route forwarding table command. |
| PR Number | Synopsis | Category: FreeBSD Kernel Infrastructure |
| 1450093 | EX4300 : CLI config "on-disk-failure" is not supported Product-Group=junos |
On an EX4300 switch, the CLI configuration "set chassis routing-engine on-disk-failure disk-failure-action (reboot | halt)" is not supported. |
| 1456668 | Certain EX-series platforms might generate vmcore by panic and reboot Product-Group=junos |
Certain EX-series platforms might generate vmcore by panic and gets reset. This is a rare case since it occurs only when JFE (Junos FreeBSD Extension) statistic- too_long_complete is incremented. user@host> show system core-dumps no-forwarding -rw-r--r-- 1 root wheel 283194368 DDMMYYY /var/crash/vmcore.direct |
| 1483644 | On the EX2300 and EX3400 switches, kernel might generate core file when deactivating daemon. Product-Group=junos |
On EX2300/EX3400 platforms, kernel core might be seen intermittently if deactivating the daemon using the wired-memory (Wired-Memory that is not eligible to be swapped and is usually used for Routing Engine memory structures or memory physically locked by a process). |
| 1505864 | The installation fails when upgrading from legacy Junos to specific BSDx based Junos Product-Group=junos |
The installation might fail when upgrading from legacy Junos (before Junos 15.1) to higher BSDx based Junos releases (Junos 15.1 and after). |
| PR Number | Synopsis | Category: "ifstate" infrastructure |
| 1486161 | Kernel core might be seen if deleting an ifstate Product-Group=junos |
On all Junos platforms, some operations such as configuration change might cause the state information to change and eventually cause the ifstate to be deleted. In a very rare case, deleting an ifstate (kernel state) might cause kernel core and Routing Engine restart. There is no specific trigger. This issue is reported by the configuration change. |
| PR Number | Synopsis | Category: IPv6/ND/ICMPv6 issues |
| 1455893 | Device chooses incorrect source address for locally originated IPv6 packets in routing-instance when destination address is reachable through static route with next-table command. Product-Group=junos |
The source address for IPv6 packets is calculated incorrectly if the destination IPv6 address covered by a static route with the "next-table" configuration option. |
| PR Number | Synopsis | Category: JUNOS Network App Infrastructure (for ping, traceroute, etc) |
| 1493824 | Traceroute monitor with MTR version v.69 shows a false 10 percent loss. Product-Group=junos |
Traceroute monitor is a wrapper to a popular tool called mtr. The version that is deployed on JunOS has a bug when used to produce a report (aka summary on JunOS). The last packet always shows a loss when there isn't. See here: https://bugs.launchpad.net/ubuntu/+source/mtr/+bug/966065 |
| PR Number | Synopsis | Category: Interface related issues. Port up/down, stats, CMLC , serdes |
| 1465302 | The physical interface of aggregated Ethernet might take time to come up after disabling or enabling the interface Product-Group=junos |
On Junos platforms, the physical interface of AE might come up after a long delay (4 mins) if there are millions of bgp routes learnt on the device. This delay is happening because PFE Manager thread is busy processing the routing updates from RE. These routing updates are the result of AE interface going down at the first step of disabling the interface. |
| PR Number | Synopsis | Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous) |
| 1387098 | Traffic loss may be observed due to switch modular failure on CB Product-Group=junos |
On QFX10008/QFX10016/PTX10008/PTX100016 platforms, traffic loss might be observed because of switch modular failure on the Control Board (CB). This failure further causes all SIBs to be marked as faulty and causes FPCs to restart until Routing Engine switchover occurs. |
| PR Number | Synopsis | Category: QFX platform optics related issues |
| 1458363 | Intermittent LAG interface flaps might be seen on QFX platforms Product-Group=junos |
On QFX platforms with Link Aggregation Group (LAG) interface, if periodic "SFP diagnostic" is configured with short interval (e.g. test sfp periodic diagnostic-interval 3), the LAG interfaces might have intermittent flaps and therefore bring service impact due to this issue. |
| 1504630 | "Media type" in show interface command is displayed as "Fiber" for SFP-10G-T Product-Group=junos |
On QFX series, "Media type" in show interface command is displayed as "Fiber" for SFP-10G-T |
| PR Number | Synopsis | Category: QFX access control list |
| 1487679 | QFX5100: If more than one UDF filter/term is configured, then only the first filter/term will be programmed in H/w. This is due to SDK 6.5.16 upgrade. Product-Group=junos |
QFX5100: In case of even offsets, if more than one UDF filter/term is configured, then only the first filter/term will be programmed in H/w. In case of odd offset, the first offset itself won't be programmed. This is due to SDK 6.5.16 upgrade. |
| PR Number | Synopsis | Category: QFX PFE Class of Services |
| 1468033 | Ingress drops must be included at the CLI command from the interface statistics and added to the InDiscards. Product-Group=junos |
In QFX5000 platforms, as Ingress buffer drops (InDiscards) field is not presented the output of "show interfaces extensive x-x/x/x". This change added ingress buffer drops counters. |
| 1472771 | On the EX4600 device, DSCP marking might not work as expected if the fixed classifiers are applied to interfaces. Product-Group=junos |
On QFX5000/EX4600 platforms, if the interfaces are configured with the fixed classifiers, when some specific configuration changes are committed, for example, the same forwarding-class is applied to two different interfaces at the same time, and then the forwarding-class for one of the interfaces is changed and committed to a different value, the Differentiated Services code point (DSCP) marking might not be able to work as expected since both physical interfaces are still having the same forwarding-class mapped in the hardware table due to this issue. |
| PR Number | Synopsis | Category: Filters |
| 1455177 | A firewall filter might not be able to be applied in a particular VC/VCF member as TCAM space running out Product-Group=junos |
On QFX51/EX4300/EX4600 VC/VCF scenario with Vxlan used, when configuring a firewall filter and commit, the firewall filter might not be able to be applied in a particular VC/VCF member for TCAM space running out. |
| 1462594 | On the QFX5000 line of switches, the fxpc process might generate a core file when you change MTU in a VXLAN scenario with firewall filters applied. Product-Group=junos |
On the QFX5K VC/VCF platform with firewall filters applied on VXLAN enabled interface, the fxpc process might crash when changing MTU for the interface. |
| PR Number | Synopsis | Category: QFX L2 PFE |
| 1460885 | On the QFX5000 line of switches, the accept-source-mac feature with VXLAN does not work. Product-Group=junos |
The accept-source-mac feature with vxlan is not working on QFX5K platforms. |
| 1485854 | The dcpfe process might generate core file with the non-oversubscribed mode after SDK upgrade. Product-Group=junosvae |
On QFX5110-32q, when a user navigates to non-oversubscribed mode, dcpfe does not come up. This issue is seen due to upgrade of SDK to 6.5.16.(junos 18.4R2-S4, 19.R3 and 19.4R1). Default mode of operation has no issues. |
| 1504354 | LLDP is not acquired when native-vlan-id and tagged VLAN-ID are the same on a port. Product-Group=junos |
On QFX5000 platforms running with Link Layer Discovery Protocol (LLDP) configured, if the interface has both native-vlan-id and vlan-id configured, and the native-vlan-id and vlan-id have the same value, LLDP neighborship might be unable to setup on that particular interface due to this issue. |
| 1510329 | ARP replies might be flooded through the EVPN-VXLAN network as unknown unicast ARP reply. Product-Group=junos |
The QFX5100/5110/5120/5200 platforms configured as EVPN-VxLAN leaf, the leaf will send periodic ARP requests to connected hosts to refresh the mac-ip entry when proxy-arp and suppression are enabled. These ARP replies are being processed by the leaf, however, they are also being flooded further through the EVPN-VxLAN network as unknown unicast ARP reply. This issue may decrease the bandwidth efficiency of the core network. |
| PR Number | Synopsis | Category: QFX EVPN / VxLAN |
| 1473464 | QFX5K: "global-mac-table-aging-time" behavior with Multi homed EVPN VXLAN ESI Product-Group=junos |
When MAC change notification comes from L2 address learning daemon to PFE, PFE will handle this as MAC addition. That will cause the reset of MAC age timer in all FPC's of VC members in multi homed EVPN VXLAN-ESI cases. As part of MAC change HIT SA (Source Address) bits are wrongly programmed and leads to restart of the MAC age timer. So, MAC was aging in 3rd iteration and leading to this issue. |
| 1499647 | Firewall filter might not get applied on QFX5100/5110/EX4600 Product-Group=junos |
On QFX5100/5110/EX4600 platforms, the firewall filter might not get applied due to the failure in programming into the TCAM. |
| 1516653 | The MAC learning might not work properly after multiple MTU changes on the access port in VxLAN scenario Product-Group=junosvae |
On QFX5120 platform running with Virtual Extensible LAN protocol (VxLAN) scenario, if there are multiple iterations of MTU change on the access port which faces Customer Edge (CE) side, for example, 20 iterations under the scale with around 100 VLAN to VXLAN Network Identifier (VNI) mapping, the MAC learning on the access port might not be able to work properly due to this issue. |
| PR Number | Synopsis | Category: QFX VC Infrastructure |
| 1486002 | The 10G VCP ports will not be active on QFX51XX and EX46XX VC scenario Product-Group=junos |
On QFX51XX and EX46XX platforms, 10G VCP ports will not be active, VC/VCF could not form correctly. |
| 1497563 | Virtual Chassis is not stable with 100-Gigabit Ethernet and 40-Gigabit Ethernet interfaces. Product-Group=junos |
In QFX5110 platform with Virtual Chassis (VC) scenario, VC might not get formed and can cause traffic loss if the 100G VCP ports are deleted and created, or changed from 40G to 100G or vice-versa. For the reason is that Forward Error Correction (FEC) should not be enabled when the physical interface is working as a VCP port. |
| PR Number | Synopsis | Category: RPD Interfaces related issues |
| 1498992 | The rpd might crash when multiple VRFs with 'IFLs link-protection' are deleted at a single time Product-Group=junos |
On all Junos platforms with large-scale VRF scenario, the rpd might crash when multiple VRFs with 'routing-options interface IFL link-protection' are deleted via a single commit. |
| PR Number | Synopsis | Category: KRT Queue issues within RPD |
| 1446320 | ,The following rpd core file appears: task_block_verify(task_io_hook_block, hook),jtask_jthr_endpoint_internal_sanity ,jtask_jthr_endpoint_sanity. Product-Group=junos |
When the rpd process is terminated immediately after it has been started, the rpd process might crash due to a race condition. |
| PR Number | Synopsis | Category: RPD route tables, resolver, routing instances, static routes |
| 1431227 | IPv6 aggregate routes are hidden. Product-Group=junos |
IPv6 aggregate routes get hidden in the routing table until the rpd is restarted in some rare situations. |
| 1447595 | The rpd crashes and commit fails when trying to commit configuration changes. Product-Group=junos |
When loading configuration changes related to routing instance through RPC (e.g. OpenConfig), if the mgd reads an invalid routing-instance name (e.g. longer than 256 characters or mistaken name) from the configuration file and transfers it to the rpd, rpd crash happens. |
| PR Number | Synopsis | Category: SNMP Infrastructure (snmpd, mib2d) |
| 1443675 | Snmpd process might generate core files after restarting NSD process by using the restart network-security gracefully command. Product-Group=junos |
Snmpd might generate core after restarting NSD Daemon by "restart network-security gracefully". |
| PR Number | Synopsis | Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP) |
| 1453811 | Delay in freeing processed defragment buffers lead to prolonged flow control and might crash. Product-Group=junos |
On Juniper Networks Junos MX Series with service card configured, receipt of a stream of specific packets may crash the MS-PIC component on MS-MIC or MS-MPC. Refer to https://kb.juniper.net/JSA11037 for more information. |
| PR Number | Synopsis | Category: MPC7/8/9 Interface Issues |
| 1441816 | Egress stream flush failure and traffic black hole might occur. Product-Group=junos |
Egress stream flush failure and silent dropping of traffic could occur in a rare occasion for a repeatedly flapping link on MPC7E, MPC8E, MPC9E cards, MX204 and MX10003. |
| PR Number | Synopsis | Category: Stout cards (MPC8, MPC9) fabric issues |
| 1395591 | On an MX2008 platform with MPC9E, in a line-rate traffic with a redundant SFB2 scenario, if there is one offline redundant SFB2, there might be tail drops or sometimes WRED drops in MPC9E. This results in partial traffic loss. Under normal circumstances, the SFBs should automatically fail over if one of them fails and there should be only a few packets dropped momentarily. Product-Group=junos |
On MX2008 routers with MPC9E, in a line rate traffic with a redundant SFB2 scenario, if you offline one redundant SFB2, there might be tail or sometimes WRED drops in MPC9E, resulting in partial traffic loss. Under normal circumstances, the SFBs should be auto-failover if one of them fails, and there should be only a few packets dropped momentarily. |
| PR Number | Synopsis | Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch |
| 1476786 | The MX router acting as LNS does not get to program the PFE with l2tp services that causes forwarding issues for the l2tp subscribers. Product-Group=junos |
On the MX platforms working in an enhanced subscriber environment, if the "routing-service" knob is enabled under the dynamic-profile for the LNS subscribers, l2tp services may not be programmed properly in the PFE due to timing, which causes forwarding issue to the affected subscribers. |
| PR Number | Synopsis | Category: Trio pfe bridging, learning, stp, oam, irb software |
| 1494594 | Packets get dropped when next hop is IRB over lt interface. Product-Group=junos |
On MX series platforms, when a route's next-hop is an IRB interface with lt- as the underlying L2 interface, it is not getting programmed on PFE, resulting in packet drop. |
| PR Number | Synopsis | Category: Trio pfe l3 forwarding issues |
| 1432724 | The statistics of the traffic generated by the Routing Engine on the MX platform is incorrect. Product-Group=junos |
Statistics of traffic generated by the Routing Engine on the MX platform might be incorrect. The 'Output bytes' counter is off by 6 bytes per packet for outbound traffic going out of MPC1E/2E/2E-NG/3E/3E-NG/4E/5E/6E interfaces. The same issue is not seen on the TurboTx path with linux based FPCs (e.g. MPC7E/8E/9E and PTX FPC3). |
| PR Number | Synopsis | Category: Ephemeral Database |
| 1497575 | Outbound SSH connection flaps or leaks memory during push configuration to ephemeral database with high rate. Product-Group=junos |
When the netconf session is established over outbound ssh, the hight rate of pushing configuration to Ephemeral DB might result in Outbound SSH connection flap or memory leak issue. |
| 1508324 | Outbound SSH connection flap or memory leak issue might be observed during pushing configuration to ephemeral DB with high rate Product-Group=junos |
When the netconf session is established over outbound ssh, the hight rate of pushing configuration to ephemeral database might result in outbound SSH connection flap or memory leak issue. |
| PR Number | Synopsis | Category: UI Infrastructure - mgd, DAX API, DDL/ODL |
| 1447497 | CLI prompt configured as part of [edit system login class] and [edit system login user] is not taking into effect with subsequent login post-commit. Product-Group=junos |
CLI prompt configured as part of [edit system login class] and [edit system login user] is not taking into effect with subsequent login post-commit. |
| 1456578 | CLI command with invoke-on and display xml rpc results in unexpected multiple RPC commands. Product-Group=junos |
In the previous Junos version, the CLI command combination of "invoke-on" and "display xml rpc" may give incorrect RPC command, because this combination is not supported in Junos. E.g., issuing the command "show version invoke-on all-routing-engines | display xml rpc". |
| 1480348 | TFTP installation from loader prompt may not succeed on the EX series devices Product-Group=junos |
On the EX series platforms with 17.1R1 onwards, software installation from loader prompt may not succeed by using TFTP. |
| PR Number | Synopsis | Category: SFI Infra-structure |
|---|---|---|
| 1485038 | The following error message is observed: IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) failed continuously in AD with base configurations. Product-Group=junos |
EX 9251 Summit-B54 : "IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) error message is observed continuously in AD with base configurations. |
| PR Number | Synopsis | Category: EX4300 Platform |
| 1429865 | EX4300 does not drop FCS frames with CRC error on XE interfaces Product-Group=junos |
If PHY C1|C2 chip is used on EX4300, the FCS frames with CRC error on XE interfaces might not be dropped. |
| PR Number | Synopsis | Category: EX driver issues |
| 1515689 | The IP communication between directly connected interfaces on EX4600 would fail Product-Group=junosvae |
The IP communication between directly connected interfaces on EX4600 TVP platforms would fail. This issue only might occur in this special scenario and it might have traffic/service impact. |
| PR Number | Synopsis | Category: EX2300/3400 CP |
| 1494712 | Authentication session might be terminated if PEAP request is retransmitted by authenticator Product-Group=junos |
On all Junos platforms with 802.1X (dot1x) enabled, if Protected Extensible Authentication Protocol (PEAP) request is not replied by supplicant in default time interval, it could cause the authenticator to retransmit PEAP proposal method message with new Extensible Authentication Protocol (EAP) ID. The new EAP ID is different from EAP ID sent by authentication server. As a result, mismatching EAP ID issue could terminate authentication session. In the end, supplicant cannot access network. Please consider increasing 'supplicant-timeout' to prevent this issue from happening. |
| PR Number | Synopsis | Category: QFX Access control list |
| 1521763 | Firewall "sample" configuration gives the warning as unsupported on QFX10002-36q and will not work. Product-Group=junos |
On QFX10002-36q, when inline-jflow is configured, the IPv4 firewall filter with 'sample' action gives a waring "unsupported platform" and will not work. On the other hand, the IPv6 firewall filter with 'sample' action will still work as expected. |
| PR Number | Synopsis | Category: QFX PFE L2 |
| 1455654 | EVPN-VXLAN: New Tenant addition and deletion leading to INTRAVNI traffic drop for few milliseconds. Product-Group=junos |
On QFX5120, during new tenant addition, there may be few transient packet drops (2 - 15 pkts) for couple of random intra-vni traffic streams in a EVPN-VXLAN topology for the existing tenants. The drop is almost negligible and is auto recovered. |
| PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
| 1481987 | Multicast traffic loss could be seen in certain conditions while enabling IGMP snooping under EVPN-VXLAN ERB scenario Product-Group=junos |
On QFX5110 & QFX5120 platform, which is running as Layer 3 VxLAN gateway, if "igmp-snooping" is enabled in partial but not for all bridge-domains, multicast traffic loss could be observed in non-igmp snooping bridge-domains. |
| PR Number | Synopsis | Category: Accounting Profile |
| 1505409 | Subscriber statistics not supported for V44 EP ports configuration Product-Group=junos |
Subscriber statistics not supported for V44 EP ports configuration. When Radius accounting enabled for the subscriber interface, statistics retrieval has issues. Statistics will not be reported and subscriber logout can take 5 minutes. This release is not recommended for configuration with V44 EP ports. |
| PR Number | Synopsis | Category: PFE Fusion software |
| 1408947 | Junos Fusion Enterprise: Observed Error jnh_dot1br_ktree_entry_create(1098): Entry Already Exists . Observing duplicate ECID values for cluster/extended ports on member ports of same cluster. Product-Group=junos |
When using EX9200 as the Aggregate Device (AD), you may see this error - "jnh_dot1br_ktree_entry_create(1098): Entry Already Exists" continuously. This caused by EX2300 Sattilite Devices (SDs) are having duplicate ECID values for the cluster/extended ports across members of same cluster devices |
| PR Number | Synopsis | Category: Border Gateway Protocol |
| 1454677 | Junos OS and Junos OS Evolved: Invalid BGP UPDATE sent to peer device may cause BGP session to terminate. (CVE-2020-1632) Product-Group=junos |
In a certain condition, receipt of a specific BGP UPDATE message might cause Juniper Networks Junos OS and Junos OS Evolved devices to advertise an invalid BGP UPDATE message to other peers, causing the other peers to terminate the established BGP session, creating a Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11013 for more information. |
| 1517498 | The rpd might crash after deleting and re-adding a BGP neighbor Product-Group=junos |
In BGP scenario on all Junos platforms, after deleting and re-adding a BGP neighbor, the rpd might crash due to a rare timing issue. |
| PR Number | Synopsis | Category: EA chip ( MQSS SW issues ) |
| 1444963 | Routing Engine-generated jumbo frames might get dropped. Product-Group=junos |
RE generated jumbo frames might get dropped due to incorrect MTU setting on the internal switch |
| PR Number | Synopsis | Category: EVPN control plane issues |
| 1439537 | The RPD process might crash after committing changes Product-Group=junos |
The RPD process might crash after committing changes. This issue might be seen if the following conditions are met: * On EX/QFX switches and applicable for all JUNOS platforms * EVPN is configured Traffic loss may happen due to RPD core. |
| PR Number | Synopsis | Category: EVPN Layer-2 Forwarding |
| 1408840 | In an Ethernet Virtual Private Network-Virtual Extensible LAN scenario with scaled bridge domains configured (for example, 4000 bridge domains), if the core-facing link on the VXLAN tunnel endpoint (VTEP) comes up (Down >> Up), the traffic received from the customer edge (CE) might be dropped by the VTEP for a period of time before it becomes normal. Product-Group=junos |
In a EVPN-VXLAN scenario with scaled Bridge Domains configured (for example, 4000 Bridge Domains), if the core facing link on the VTEP (VXLAN Tunnel Endpoint) comes up (Down >> Up), the traffic received from the CE (Customer Edge) might be dropped by the VTEP for a period of time before it becomes normal. |
| PR Number | Synopsis | Category: Express PFE L3 Features |
| 1409632 | Indirect-next-hop pointing to unknown unilist stuck with weight 65535 may occur after a link flap Product-Group=junos |
In the scenario where bgp multipath is enabled, there are multiple ecmp paths to indirect-next-hop, such as multiple lsp or ae, when forwarding chain is unilist_1->indirect-next-hop->unilist_2, any change in unilist_2 active member list will be absorbed by indirect-next-hop in the chain and the change will not be back propagated to top-level unilist_1. If a link flaps it will cause indirect-next-hop pointing to unilist_2 stuck with weight 65535 and further causing traffic blackholing. |
| PR Number | Synopsis | Category: SRX1500 platform software |
| 1390577 | SRX Series devices go into DB mode after USB installation. Product-Group=junos |
On SRX1500 and SRX4K platforms, the device might go into DB mode after USB installation. |
| PR Number | Synopsis | Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip |
| 1418192 | The rpd core files are seen when you restart the rpd or when the logical system is deactivated. Product-Group=junos |
The rpd process might generate a core file when the user intentionally restarts the rpd or deactivates logical-system. |
| PR Number | Synopsis | Category: Kernel software for AE/AS/Container |
| 1355299 | Packets destined to RE might be dropped in the kernel when LACP is configured Product-Group=junos |
Packets destined to the master RE (Routing Engine) might be dropped in the kernel due to excessive network traffic on the internal Ethernet interface. This excessive traffic results from LACP (Link Aggregation Control Protocol) reprogramming all the LACP member links periodically at 30 second interval. |
| PR Number | Synopsis | Category: Integrated Routing & Bridging (IRB) module |
| 1453025 | The IRB traffic might get drop after mastership switchover Product-Group=junos |
In the Virtual-Chassis scenario with mac-persistence-timer enabled, the IRB traffic might get drop after master switchover. |
| PR Number | Synopsis | Category: Flow Module |
| 1467654 | TCP session might not time out properly upon receiving TCP RESET packet Product-Group=junos |
TCP session cannot time out properly upon receiving the TCP RESET packet, and the session timeout does not change to two seconds. |
| PR Number | Synopsis | Category: Firewall Policy |
| 1454907 | Traffic might be dropped when policies are changed in SRX Series devices Product-Group=junos |
If a huge number of policies are configured on SRX Series devices and some policies are changed, the traffic that matches the changed policies might be dropped. |
| 1471621 | The policy detail does not display the policy statistics counter, even when policy count is enabled. Product-Group=junos |
On SRX Series devices that have a security policy counter deployed, the count option in the security policy might not work. As a result, issuing show security policies <> detail might not print traffic statistics for the security policy. |
| PR Number | Synopsis | Category: IPSEC/IKE VPN |
| 1444730 | IPsec VPN traffic drop might be seen on SRX Series platforms with NAT-T scenario. Product-Group=junos |
IPsec VPN traffic drop might be seen with NAT-T scenario. |
| PR Number | Synopsis | Category: lacp protocol |
| 1463791 | In EVPN multi-homed active/active scenario, when LACP is enabled on PE-CE child member links and after recovering from a core-isolation on the PE device, the PE-CE child member links might be stuck in Detached state if LACP sync-reset feature is enabled on the CE device. The child links on the CE device might show the LACP state as Collecting Distributing. However, on the PE devices, the LACP state might be shown as Detached. Product-Group=junos |
In EVPN multi-homed active/active scenario, when LACP is enabled on PE-CE child member links and after recovering from a core-isolation on the PE device, the PE-CE child member links might be stuck in Detached state if LACP sync-reset feature is enabled on the CE device. The child links on the CE device might show the LACP state as Collecting Distributing. However, on the PE devices, the LACP state might be shown as Detached. |
| 1500758 | The MC-LAG might become down after disabling and then enabling the force-up. Product-Group=junos |
If the AE (Aggregation Ethernet) interface under the MC-LAG (Multichassis Link Aggregation Groups) is configured with force-up, the MC-LAG might become down after disabling and then enabling the force-up. Traffic goes through the MC-LAG will be dropped when the interface is down. |
| 1505523 | AE interface sometimes might not come up after switch is rebooted Product-Group=junos |
In Junos platforms with LACP and knob "minimum-links" enabled scenario, AE interface might not come up after the switch is rebooted or the AE interface is deactivated/activated. This is because the knob "sync-reset" is enabled. ("sync-reset" is enabled by default on QFX and EX platforms, and it only needs to use when the "minimal link" is not supported on one side of an LACP). |
| PR Number | Synopsis | Category: OSPF routing protocol |
| 1348031 | The route might flap after OSPF neighbor router reboot Product-Group=junos |
After the OSPF neighbor router reboot, the route received from the neighbor router via OSPF might flap during the router recovery. When this occurs, out of order packets and traffic loss might be seen. |
| PR Number | Synopsis | Category: PTX10K Routing Engine |
| 1437745 | RE switchover does not work as expected while SSD failure occurs Product-Group=junos |
On PTX10008/10016 and QFX10008/10016 platforms with GRES enabled, although failover is configured with the knob "on-disk-failure", the switchover is not triggered immediately while SSD failure occurs on master RE. |
| PR Number | Synopsis | Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI |
| 1507044 | The archival function may fail in certain conditions Product-Group=junos |
If the archival function is enabled with the statement "routing-instance" and transfer mode is set as SFTP/SCP for archive-sites, it may not work and fail to transfer the files. |
| PR Number | Synopsis | Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous) |
| 1454527 | On the QFX5000 line of switches, the dcpfe process crashes due to the usage of data that is not null getting terminated. Product-Group=junosvae |
The dcpfe crash is due to usage of data which is not NULL terminated on QFX5K. |
| PR Number | Synopsis | Category: QFX L2 PFE |
| 1515254 | On the EX4600 device with VXLAN enabled, the ARP request might get dropped if the storm control is configured. Product-Group=junos |
ARP request get dropped on QFX5000 and EX46xx devices when all of the following condition are met. 1.Storm control is enabled on any of the port. 2.VXLAN is enabled 3.Arp-suppression is enabled. |
| PR Number | Synopsis | Category: QFX EVPN / VxLAN |
| 1510794 | QFX5K : EVPN-VXLAN : EVPN-VXLAN : Multicast traffic loss due to few multicast routes missing in Spine node Product-Group=junos |
In an EVPN-VXLAN scenario, multicast traffic may not reach to Spine to form (S,G) in PIM enabled Spines. Issue might happen due to various triggers including multiple rollback of configs on Spine, interface flap, clear bgp. |
| PR Number | Synopsis | Category: QFX VC Infrastructure |
| 1528879 | On QFX5100 VC, if traffic engineering is configured then downgrade to 14.1 release from 17.3 or later release may fail. Product-Group=junos |
On QFX5100 VC, if traffic engineering is configured then downgrade to 14.1 release from 17.3 or later release may fail. |
| PR Number | Synopsis | Category: Trio pfe bridging, learning, stp, oam, irb software |
| 1488251 | MAC learning under bridge-domain stops after MC-LAG interface flaps. Product-Group=junos |
MAC learning under bridge-domain over MC-LAG interface stops after MC-LAG interface flap |
| 1505465 | Traffic loss could be seen in certain conditions under MC-LAG setup Product-Group=junos |
On all Junos platforms with MC-LAG setup, traffic loss might be seen after disabling the ICL (Interchassis Link). This defect could be observed under the following two conditions. Firstly, configuring "force-up" under MC-AE port. Secondly, LACP is not running on downstream of the MC-LAG setup. |
| PR Number | Synopsis | Category: UI Infrastructure - mgd, DAX API, DDL/ODL |
| 1431198 | Error might occur when you use a script to load the configuration. Product-Group=junos |
Multiple deletion of a non-existing configuration statement produces errors through RPC load-configuration. |
| 1454387 | Timestamp is not shown with count option after changing the match condition for the show <> | mathc <> | count command. Product-Group=junos |
When you edit a command and run the command from CLI command history, the timestamp might not appear. |
| PR Number | Synopsis | Category: VNID L2-forwarding on Trio |
| 1517591 | no-arp-suppression was required for MAC learning to happen across the EVPN domain on static VTEP Product-Group=junos |
no-arp-suppression was required for MAC learning to happen across the EVPN domain on static VTEP |
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search