Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles19.2R1-S5: Software Release Notification for JUNOS Software Version 19.2R1-S5
Junos Software service Release version 19.2R1-S5 is now available.
19.2R1-S5 - List of Fixed issues| PR Number | Synopsis | Category: EX2300/3400 PFE |
|---|---|---|
| 1525373 | "Drops" and "Dropped packets" counters in the output by "show interface extensive" are double counting. Product-Group=junos |
"show interface ..." command shows wrong values for the "Drops" and "Drop Packet" counters. The actual value is half of the display values. |
| PR Number | Synopsis | Category: common or misc area for SRX product |
| 1490181 | SRX1500 and SRX4K devices might boot up with rescue configuration after a power outage occurs Product-Group=junos |
After a power outage occurs, SRX1500 and SRX4K devices might load rescue configuration in order to boot up successfully. |
| PR Number | Synopsis | Category: Bi Directional Forwarding Detection (BFD) |
| 1448649 | Junos OS BFD sessions with authentication might flap after a certain period of time Product-Group=junos |
In the scenario where BFD session authentication is configured, after a certain period of time, BFD sessions flaps may be seen, this will cause the neighbor to be down. |
| PR Number | Synopsis | Category: Border Gateway Protocol |
| 1481641 | Junos OS and Junos OS Evolved: RPD crash due to specific BGP UPDATE packets (CVE-2020-1644) Product-Group=junos |
On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt of a specific BGP UPDATE packet causes an internal counter to be incremented incorrectly, which over time can lead to the routing protocols process (RPD) crash and restart. Please refer to https://kb.juniper.net/JSA11032 for more information. |
| 1482209 | BGP multi-pathed traffic might not fully load-balanced for a while after adding a new path for load sharing Product-Group=junos |
On all Junos platforms with the BGP-ECMP (Equal Cost Multi-Path) scenario, if adding a new path for load sharing, the traffic might not fully load-balanced for a while. The worst-case scenario is much traffic moving to the new path and lead to a link oversubscription. |
| 1487893 | If a manually configured rib-group or automatically generated rib-group (through family inet labeled-unicast resolve-vpn) is used to copy inet.0 (IP routing table) routes to inet.3 (MPLS routing table), the process rpd might continuously generate soft core files after protocols bgp path-selection always-compare-med is configured. Product-Group=junos |
If a manually configured rib-group or automatically generated rib-group (through family inet labeled-unicast resolve-vpn) is used to copy inet.0 (IP routing table) routes to inet.3 (MPLS routing table), the process rpd might continuously generate soft core files after protocols bgp path-selection always-compare-med is configured. |
| 1497721 | Junos OS: Receipt of certain genuine BGP packets from any BGP Speaker causes RPD to crash. (CVE-2020-1640) Product-Group=junos |
An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon allows an attacker to crash RPD thereby causing a Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11024 for more information. |
| PR Number | Synopsis | Category: MPC5/6E pfe microcode software |
| 1453575 | The FPC might crash due to the memory corruption in JNH pool Product-Group=junos |
On all Trio-based platforms, after the restart of the fabric plane, the FPC might crash due to memory corruption in the JNH pool. |
| 1478392 | MPCs might stop when there is bulk route update failure in a corner case. Product-Group=junos |
On all MPCs and certain MICs, if there are events like interface flaps, the routes learned over that interface might get retracted and deleted by the routing protocols. Because of this issue, when bulk route update failure happens, either some next hops are unable to be reached or certain next hops are still reachable incorrectly, and the line card might crash in a corner case. It is a rare timing issue. |
| PR Number | Synopsis | Category: MX Platform SW - Power Management |
| 1501108 | MX2020/MX2010 might continuously log "pem_tiny_power_remaining:" in chassisd log Product-Group=junos |
On MX2020/MX2010, the "pem_tiny_power_remaining" message might be continuously logged in chassisd log. |
| PR Number | Synopsis | Category: QFX Control Plane VXLAN |
| 1441047 | The specific source ports of UDP packet are dropped on EVPN or VXLAN setup. Product-Group=junos |
On QFX5120 EVPN/VXLAN scenario, in a rare condition, the specific source-ports of UDP packets (41070 or 52870) are wrongly hitting wrong internal VXLAN implicit filter (system level and unable to configure), causing these two kinds of UDP packet loss/service degradation on UDP service. |
| PR Number | Synopsis | Category: Express PFE FW Features |
| 1420057 | On the PTX5000 line of routers, the show filter index < number> counter vty command displays values as zero at 28-02-HOSTBOUND_NDP_DISCARD_TERM. The counter does not increase for the NDP packets. The issue is only with the show filter index command, which is a debug tool in vty. This issue has no impact on the NDP functionality for the user traffic. Product-Group=junos |
VTY command "show filter index < number> counter" showes values as zero at 28-02-HOSTBOUND_NDP_DISCARD_TERM on PTX5000 platform. Basically, the counter does not increase for NDP packets. The issue is only with "show filter index", which is a debug tool in VTY. This issue has no impact on NDP functionality for user traffic. There are no issues with NDP functionality and DDOS for NDP is also working, |
| PR Number | Synopsis | Category: Express ASIC interface |
| 1511492 | Unable to bring the ports up when plugging the optic QSFP-100GBASE-LR4-T2 (740-061409) to PTX3000 or PTX5000 Product-Group=junos |
When plugging the optic QSFP-100GBASE-LR4-T2 (740-061409) to PTX3000 or PTX5000, the device displays a log message of "unsupported optic" and the interface will not be up. |
| PR Number | Synopsis | Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip |
| 1472643 | Performing back-to-back rpd restarts might cause rpd to crash Product-Group=junos |
On all Junos OS platforms, after performing back-to-back rpd restarts, rpd might crash. The rpd core may be observed after a timeout of 10 minutes. |
| PR Number | Synopsis | Category: Fast Ethernet interfaces |
| 1436327 | The control logical interface is not created along with physical interface by default on MX/EX/SRX Product-Group=junos |
The control logical interface (IFL unit is 16386) is not created along with physical interface (ge/xe/et) by default on MX/EX/SRX if IFL is not configured explicitly. This could lead the protocol (e.g. LLDP) using the control logical interface not working. |
| PR Number | Synopsis | Category: ISIS routing protocol |
| 1452956 | SPRING-LDP interoperability issues are observed with colocated SRMS+SR-client+LDP-stitching Product-Group=junos |
In SR to LDP interworking scenario, where SR domain is in Level 1 of IS-IS, Segment Routing Mapping Server (SR-MS) in Level 1/Level 2, and LDP domain in Level 2, if disable SR function under L2 of IS-IS on SR-MS, then all the L2 and L1 SR routes might be deleted on SR-MS (L1 SR routes should be kept), which might cause traffic loss. |
| 1463650 | IS-IS IPv6 multi-topology routes might flap every time when there is an unrelated commit under protocol stanza Product-Group=junos |
With multi-topology enabled in ISIS globally hierarchy level, if some ISIS interfaces don't have IPv6 address, all ISIS IPv6 routes flap when committing any change under protocol stanza (e.g. 'protocol pim traceoption'). |
| PR Number | Synopsis | Category: JSR Infrastructure |
| 1479156 | The vSRX may restart unexpectedly Product-Group=junos |
The srxpfe process generates core files when a socket-open error occurs during the initialization phase. Self-healing takes place when the srxpfe reboots and starts processing traffic. |
| PR Number | Synopsis | Category: Label Distribution Protocol |
| 1471191 | The rpd process might crash during shutdown Product-Group=junos |
The rpd shutdown process such as clean up of scale configuration and rolling it back with LDP configured might cause rpd to crash. The rpd shutdown rarely happens during normal operation. It is widely used for testing purpose. The rpd crash may result in traffic loss. |
| PR Number | Synopsis | Category: Jflow and sflow on MX |
| 1487876 | Incorrect 'frame length' of 132 bytes might be captured in packet header Product-Group=junos |
On all MX/PTX5k/EX platforms with Trio based line cards, if a packet is send with more than 128 bytes it will always show incorrect "Frame length" of 132 bytes in raw packet header of sflow collector captured data. |
| PR Number | Synopsis | Category: DNS filtering on MX. |
| 1474056 | Junos OS: MX Series: Services card might restart when DNS filtering is enabled (CVE-2020-1645) Product-Group=junos |
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart. Refer to https://kb.juniper.net/JSA11028 for more information. |
| PR Number | Synopsis | Category: MX10K platform |
| 1471372 | Sudden FPC shutdown due to hardware failure or ungraceful removal of line card causes major alarms on unrelated remote FPCs Product-Group=junos |
On the MX10008/MX10016 platforms, If the FPC line card gets offline due to power failure or FPC Line card is removed from the chassis without prior offline of the card, other FPC line cards in the system will report fabric failures and fabric self-ping failures. The fabric self-ping failure will invoke disable-pfe action. Once PFE is disabled due to disable-pfe action, the line card needs to get restarted to recover. This issue will cause traffic loss. |
| PR Number | Synopsis | Category: Neo Interface |
| 1453433 | Interfaces shutdown by 'disable-pfe' action might not be up using MIC offline/online command Product-Group=junos |
On MX Series devices, MPC wedge might cause disable-pfe action. The disable-pfe action shuts down interfaces to avoid traffic being silently dropped. MIC bouncing (offline/online) operation brings WAN interfaces up, causing traffic to be dropped or silently discarded. Restoring the Packet Forwarding Engine entity upon disable-pfe action needs MPC restart. |
| PR Number | Synopsis | Category: OS IPv4/ARP/ICMPv4 |
| 1468183 | Junos OS: Kernel crash (vmcore) or FPC crash due to mbuf leak (CVE-2020-1653) Product-Group=junos |
On Juniper Networks Junos OS devices, a stream of TCP packets sent to the Routing Engine (RE) may cause mbuf leak which can lead to Flexible PIC Concentrator (FPC) crash or the system to crash and restart (vmcore). Refer to https://kb.juniper.net/JSA11040 for more information. |
| 1511833 | The kernel may crash causing the router or the RE to reboot if making virtual IP related change Product-Group=junos |
On all Junos platforms with VRRP enabled, if delete and add any configuration which involves the virtual IP in the same commit, the kernel might crash. When this happens, the system or the RE will reboot. |
| PR Number | Synopsis | Category: FreeBSD Kernel Infrastructure |
| 1505864 | The installation fails when upgrading from legacy Junos to specific BSDx based Junos Product-Group=junos |
The installation might fail when upgrading from legacy Junos (before Junos 15.1) to higher BSDx based Junos releases (Junos 15.1 and after). |
| 1518898 | The kernel might crash if a file/directory is accessed for the first time and is not created locally Product-Group=junos |
On the Junos with Virtual Filesystem (VirtFS), if a file/directory is accessed for the first time and is not created locally, the kernel might crash and generate a vmcore file. Junos might reboot due to this issue. |
| PR Number | Synopsis | Category: "ifstate" infrastructure |
| 1486161 | Kernel core might be seen if deleting an ifstate Product-Group=junos |
On all Junos platforms, some operations such as configuration change might cause the state information to change and eventually cause the ifstate to be deleted. In a very rare case, deleting an ifstate (kernel state) might cause kernel core and Routing Engine restart. There is no specific trigger. This issue is reported by the configuration change. |
| PR Number | Synopsis | Category: TCP/UDP transport layer |
| 1437257 | The BGP session might flap after Routing Engine switchover is done simultaneously on both boxes of BGP peer in scaled BGP session setup. Product-Group=junos |
On all Junos platforms with GRES enabled, if BGP is configured with NSR and MD5 authentication in logical-systems, the BGP sessions might flap after performing Routing-Engine switchover simultaneously on both end of BGP peers. |
| PR Number | Synopsis | Category: vMX Platform Infrastructure related issue tracking |
| 1491662 | VFP VM becomes unresponsive following reboot of vMX Product-Group=junos |
In the XL710/X710 network interface cards (NIC) is used with the performance mode vMX scenario, the NIC driver is loaded to figure out NIC speed-related information on every restart or reboot of vMX. If the virtual forwarding plane (VFP) VM is continuously restarted, the NIC driver might be loaded repeatedly, it might cause the memory corruption which might lead VFP VM to become unstable, after that, the traffic loss might happen on VFP VM. |
| 1493805 | Viewing a large file from vFPC console may hog the console. Product-Group=junos |
Viewing a large file from vFPC console using "cat" application may hog the console. |
| PR Number | Synopsis | Category: QFX L2 PFE |
| 1510329 | ARP replies might be flooded through the EVPN-VXLAN network as unknown unicast ARP reply. Product-Group=junos |
The QFX5100/5110/5120/5200 platforms configured as EVPN-VxLAN leaf, the leaf will send periodic ARP requests to connected hosts to refresh the mac-ip entry when proxy-arp and suppression are enabled. These ARP replies are being processed by the leaf, however, they are also being flooded further through the EVPN-VxLAN network as unknown unicast ARP reply. This issue may decrease the bandwidth efficiency of the core network. |
| PR Number | Synopsis | Category: KRT Queue issues within RPD |
| 1501817 | Traffic might get dropped or discarded in the fast-reroute scenario Product-Group=junos |
In the platform using INH (indirect next hop, such as Unilist) as route next hop type for multiple paths scenario (such as BGP PIC or ECMP), the session fast-reroute might be enabled in Packet Forwarding Engines (PFEs). When the version-id of session-id of INH is above 256, the PFE might not respond to session update, which might cause the session-id permanently to be stuck with the weight of 65535 in PFE. It might lead PFE to have a different view of Unilist against load-balance selectors. Then either the BGP PIC or the ECMP-FRR might not work properly and traffic might be dropped or silently discarded. |
| PR Number | Synopsis | Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP) |
| 1453811 | Delay in freeing processed defragment buffers lead to prolonged flow control and might crash. Product-Group=junos |
On Juniper Networks Junos MX Series with service card configured, receipt of a stream of specific packets may crash the MS-PIC component on MS-MIC or MS-MPC. Refer to https://kb.juniper.net/JSA11037 for more information. |
| PR Number | Synopsis | Category: Trio pfe l3 forwarding issues |
| 1478279 | FPC memory leak might occur after executing the show pfe route command Product-Group=junos |
On all Junos platforms, if the command "show pfe route " is executed to dump the Packet Forwarding Engine (PFE) routes, and then the routes get deleted by some events, for example, Virtual Routing and Forwarding (VRF) configuration removal or Border Gateway Protocol (BGP) flap, the FPC memory leak might happen due to this issue. In large scaled scenario, the memory leak will increase by large amount which might be easier to cause FPC crash. |
| PR Number | Synopsis | Category: PTX/QFX10002/8/16 specific software components |
| 1452604 | PLL errors might be seen after FPC reboots or restarts Product-Group=junos |
On MX10008/MX10016 platforms, when FPC reboot or restart by any means, PLL_CMERROR_MPC_LMK04906_WAN_LD and PLL_CMERROR_MPC_LMK04906_WAN_LOS errors might be seen shortly after the FPC comes back online. |
| 1492996 | The PIC number great than 4 will be missing from SNMP table entPhysicalTable Product-Group=junos |
Currently the maximum number of PICs is set to 4 in code for SNMP table entPhysicalTable. So, if the PIC number is great than 4 on some platform like JNP10K-LC2101 on MX10008, the PIC number great than 4 will be missing. This could cause SNMP table entPhysicalTable not matching with the PICs shown at "show chassis hardware". |
| PR Number | Synopsis | Category: Windsurf chassis software |
| 1504867 | Fan speed might toggle between full and normal on MX960 with Enhanced FRU Product-Group=junos |
On MX960 platforms with MPC5E, Enhanced FRU is having the same threshold setting for higher and lower temperatures which might cause fan speed to toggle between higher and normal speed. |
| PR Number | Synopsis | Category: ZT pfe l3 forwarding issues |
| 1474160 | An MPC11 crash might occur on the MX2000 platform using multi dimensional advanced scale configuration that has inline keep alive sessions Product-Group=junos |
On an MX2k platform, in a rare scenario, after loading a complex multiple dimensional configuration with scaled Inline KA sessions, an MPC11 crash might occur due to transient condition of change and add of Inline Keep alive sessions. |
| PR Number | Synopsis | Category: Marvell based EX PFE L3 |
|---|---|---|
| 1462106 | Error messages related to soft reset of port due to queue buffers being stuck could be seen on EX-4600-EX-4300 VC Product-Group=junos |
Error messages related to soft reset of port due to queue buffers being stuck could be seen on EX-4600-EX-4300 VC |
| PR Number | Synopsis | Category: MPC Fusion SW |
| 1508794 | A Regression issue introduced by PR1463859 causing WAN-PHY interface continuously flaps with default hold-time down of 0 Product-Group=junos |
PR1463859 introduces a software defect that causes a 10GE interface to flap continuously when configuring with the WAN-PHY framing with the default "hold-down" timer (0). Once upgrading a router to an affected software release, the interface may flap continuously. This is not applicable to an interface with the default framing - LAN-PHY. |
| PR Number | Synopsis | Category: PFE Fusion software |
| 1408947 | Junos Fusion Enterprise: Observed Error jnh_dot1br_ktree_entry_create(1098): Entry Already Exists . Observing duplicate ECID values for cluster/extended ports on member ports of same cluster. Product-Group=junosvae |
When using EX9200 as the Aggregate Device (AD), you may see this error - "jnh_dot1br_ktree_entry_create(1098): Entry Already Exists" continuously. This caused by EX2300 Sattilite Devices (SDs) are having duplicate ECID values for the cluster/extended ports across members of same cluster devices |
| PR Number | Synopsis | Category: Firewall Filter |
| 1524836 | Firewall family inet filter enhanced-mode is not committing on MPC7E 100G port Product-Group=junos |
Once the enhanced-mode is enabled for the 100G ports, the system was not committing the change, and with this fix the issue is fixed and now working as expected. |
| PR Number | Synopsis | Category: Interface Information Display |
| 1435416 | The output of "show interfaces <>" command for AFT card might be different from legacy card Product-Group=junos |
Due to the fix of PR 1410464 (fixed on 19.1R2 19.2R1 19.3R1), output of below commands is changed on Advanced Forwarding Toolkit (AFT) cards. On legacy cards output remains the same. "show interfaces <> statistics" will display the input and output packets rate instead of input and output packets count. Below commands show the rate for Traffic statistics (total traffic) instead of Transit statistics. show interfaces <> statistics detail show interface <> extensive |
| 1448090 | The ifinfo daemon might crash on the execution of the show interface extensive command. Product-Group=junos |
On Junos devices, the CLI session might freeze and ifinfo daemon crashes on the execution of "show interface extensive" command. This issue is caused when the forwarding-class name is truncated due to its larger length and this truncated string is passed to the ifinfo. |
| PR Number | Synopsis | Category: IPSEC/IKE VPN |
| 1517262 | The flowd might crash in IPsec VPN scenario Product-Group=junos |
On SRX platforms with IPsec VPN configured, the flowd might crash during the IPsec VPN rekey window. The traffic/service might be impacted if hitting this issue. |
| PR Number | Synopsis | Category: Trio pfe l3 forwarding issues |
| 1461593 | \More number of output packets are seen than expected when the ping function is performed. Product-Group=junos |
During host ping with gr- tunnel endpoint lt- interface termination, gr- interface input and lt- interface output counters come as (host path + transit counter). |
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search