Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

18.1R3-S11: Software Release Notification for JUNOS Software Version 18.1R3-S11

0

0

Article ID: TSB17872 TECHNICAL_BULLETINS Last Updated: 05 Oct 2020Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 18.1R3-S11 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 18.1R3-S11 is now available.

18.1R3-S11 - List of Fixed issues
PR Number Synopsis Category: EX4300 PFE
1388324 ICMPV6 packets are not classified with static or multifield forwarding-class mapping.
Product-Group=junos
ICMPv6 packets are hitting the dynamic ingress filter with higher priority, thus never reaching an MF or static classifier.
1456879 The traffic for some VLANs might not be forwarded when vlan-id-list is configured
Product-Group=junos
On EX4300 Series switches, if the vlan-id-list is used on one interface, the traffic for some VLANs under the vlan-id-list might not be forwarded.
1493212 IPv6 neighbor solicitation packets might be dropped in a transit device.
Product-Group=junos
In EX4300 platform with a Layer 2 scenario, IPv6 neighbor solicitation (NS) packets transiting an EX switch might be dropped if there is a firewall filter matching "next-header icmpv6" then "policer xxx with discard action" configured under a loopback interface. That will cause the IPv6 communication going through the EX switch to fail (IPv4 works fine).
PR Number Synopsis Category: EX2300/3400 PFE
1427075 VC split after network topology changed
Product-Group=junos
In Virtual Chassis scenario, when the interfaces flaps or VLAN configuration is changed frequently, the network topology will be changed accordingly, then CPU utilization will be dramatically increased to very high within a short time, which might cause the failure of essential communications between VC master and members. When the failure happens, FPC will automatically restart. As a result, VC is split and traffic is lost.
1497523 The fxpc might crash when renumbering the master member id value of the EX2300/EX3400 VC
Product-Group=junos
In EX2300/EX3400 VC (Virtual Chassis) scenario, when renumbering the master member id to a new id value, sometimes there is a fxpc crash on another VC member. Traffic loss might be seen during the fxpc crash and restart.
1525373 "Drops" and "Dropped packets" counters in the output by "show interface extensive" are double counting.
Product-Group=junos
"show interface ..." command shows wrong values for the "Drops" and "Drop Packet" counters. The actual value is half of the display values.
PR Number Synopsis Category: HW Board, FPGA, CPLD issues
1407095 QFX10002 showing error fpc0 prds_ptc_clear_all_pulse_and_samples: prds_ptc_clear_all_pulse_and_samples PE 4 PTC 2: after clearing sample, sample still valid 1
Product-Group=junos
The error we are seeing is for the ptc (Precision time counter ).On some QFX10002, the PTC Sync SW algorithm does not always run at the expected time; this algorithm keeps the PE chip time counters up to date, which is used for the IEEE 1588 PTP feature. On some hardware, there are error logs sent to the console, even though the algorithm is actually running correctly. Not all QFX10002 exhibit this behavior.The impact of the bug is that there are too many error logs that are not useful, which flood the console or message logs This only applies to the QFX10002.
PR Number Synopsis Category: QFX Access control list
1499918 Traffic drop might be observed after modifying the FBF firewall filter.
Product-Group=junos
On the QFX5100 and QFX5200 lines of switches, after making changes in filter-based forwarding (FBF) firewall filter that is configured with multiple terms or different routing instances, traffic drop might be observed.
1521763 Firewall "sample" configuration gives the warning as unsupported on QFX10002-36q and will not work.
Product-Group=junos
On QFX10002-36q, when inline-jflow is configured, the IPv4 firewall filter with 'sample' action gives a waring "unsupported platform" and will not work. On the other hand, the IPv6 firewall filter with 'sample' action will still work as expected.
PR Number Synopsis Category: QFX PFE CoS
1510365 Traffic might be forwarded to the wrong queue when a fixed classifier is used.
Product-Group=junos
If L2 access or vlan bridge IFL is created after fixed classifier is applied, the traffic matching the fixed classifier might be forwarded in unexpected queue, it might cause congestion unexpectedly hence there is traffic impact.
PR Number Synopsis Category: QFX PFE L2
1474142 Traffic might get affected if the composite next-hop is enabled.
Product-Group=junos
On QFX5000 and EX4600 platforms with composite next hop enabled, traffic loss would occur when deleting leaked routes with composite next hop.
1521324 MAC address in hardware table may become out of sync between Master and member in Virtual Chassis after MAC flap
Product-Group=junos
When MAC address moves over the member in Virtual Chassis, the MAC address's learning port in Internal Hardware MAC table may be out of sync between Master and member and this may lead to misforwarding. This will be an extremely rare occurrence. If the issue happens, you can issue "clear ethernet-switching table " command to restore the communication.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1528490 The fxpc crash might be observed if VXLAN interface flaps on QFX5K
Product-Group=junos
On QFX5K platforms, if VXLAN enabled interfaces flap excessively in short period of time, PFE might crash.
PR Number Synopsis Category: CoS support on ACX
1493518 On the ACX5048 or ACX5096 line of routers, the LACP control packets might get dropped due to high CPU utilization.
Product-Group=junos
On ACX5048/ACX5096 platforms, when one of the child links in AE goes down brings entire AE down due to high CPU.LACP control packets might get dropped as the port is blocked for a temporary period.
PR Number Synopsis Category: JUNOS kernel/ukernel changes for ACX
1509402 PFE crash might be seen and the FPC may remain down on ACX710 platform
Product-Group=junos
On ACX710 platform, after the PTP(Precision Time Protocol) configuration is removed and the router is rebooted, the PFE might crash and the FPC remains down if PTP traffic is still coming into the router. This issue might also happen when SyncE is configured. This causes the router to crash and not come up.
PR Number Synopsis Category: BBE interface related issues
1498024 Subscribers may be disconnected after one of the AE participating FPCs comes online in a Junos node slicing scenario
Product-Group=junos
On MX Series platforms with node slicing setup, if subscriber services and targeted distribution feature are enabled on an aggregated Ethernet interface, and the FPC where one of the aggregated Ethernet member port is located comes online, subscribers that are already online might be disconnected.
PR Number Synopsis Category: QFX Access Control related
1515972 "dot1x" memory leak
Product-Group=junos
Memory leak is seen in 'dot1xd' daemon when no 'dot1x' is configured. Memory leak is seen for the allocation while creating socket from 'dot1xd' daemon to 'authd' daemon. If 'authd' is not running , 'dot1xd' daemon tries to connect to 'authd' periodically and every time it was allocating memory for string "/var/run/authd_control" for socket creation. The memory does not free in this scenario and we see memory leak for string "/var/run/authd_control". There will be no service impact to other services/daemons other than dot1x.
PR Number Synopsis Category: QFX Control Plane VXLAN
1501117 The l2ald process might crash in a rare condition under EVPN-VxLAN scenario
Product-Group=junos
On all Junos platforms with EVPN-VxLAN multihoming scenario, if incorrect MAC move happens within the same ESI (Ethernet Segment Identifiers) bridge-domain, the l2ald process might crash. This is a rare timing issue.
PR Number Synopsis Category: QFX xSTP Control Plane related
1500783 On the EX4300, EX3400, and EX2300 Virtual Chassis with NSB and xSTP enabled, continuous traffic loss might be observed while performing GRES
Product-Group=junos
On EX4300/EX3400/EX2300 Virtual-Chassis with NSB and xSTP enabled, the continuous traffic loss might be observed while doing GRES.
PR Number Synopsis Category: Firewall Filter
1511041 Traffic might be dropped though not exceeding the configured bandwidth under policer
Product-Group=junos
If a bandwidth-percent-based policer is applied on an aggregated Ethernet bundle without the "shared-bandwidth-policer" configuration statement, traffic will hit the policer even if the traffic is not exceeding the configured bandwidth. As a workaround, configure the "shared-bandwidth-policer" configuration statement under the policer.
PR Number Synopsis Category: EVPN control plane issues
1485377 On the MX, QFX10002, QFX10008, and QFX10016 devices within an EVPN-MPLS active-active multi-homing mode, when adding and deleting the virtual-gateway-address, the ARP entry to CE might disappear from the kernel.
Product-Group=junos
On MX/QFX10002/QFX10008/QFX10016 devices within an EVPN-MPLS active-active multi-homing mode, when adding and deleting the virtual-gateway-address, the ARP entry to CE might disappear from the kernel.
1506343 Configuring the knob "proxy-macip-advertisement" for EVPN-MPLS leads to functionality breakage
Product-Group=junos
In EVPN-MPLS scenario, with "proxy-macip-advertisement" enabled on IRB, ARP for remote CE on local PE fails might be seen and forwarding-table entry always remains in hold state. The "proxy-macip-advertisement" enable the proxy advertisement feature on a device that can function as a Layer 3 gateway. With this feature enabled, the Layer 3 gateway advertises the MAC and IP routes (MAC+IP type 2 routes) on behalf of Layer 2 VXLAN gateways.
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1520078 Unable to create a new VTEP interface
Product-Group=junos
In all platforms with VXLAN Static VTEP tunnels scenario (including Static VXLAN without EVPN), after RE switchover or restart of l2-learning, if create a new VTEP interface, the interface may not work.
PR Number Synopsis Category: Express PFE CoS Features
1531095 JDI-Reg:Switching-Regression-COS: Packet loss is seen while validating the policer after restarting chassis control
Product-Group=junos
Check with Development team on this
PR Number Synopsis Category: Express PFE L2 fwding Features
1442587 The PMTUD might not work for both IPv4 and IPv6 if the ingress Layer 3 interface is an IRB.
Product-Group=junos
Path MTU Discovery (PMTUD) is a standardized technique for determining the maximum transmission unit (MTU) size on the network path between two IP hosts, usually with the goal of avoiding IP fragmentation. On QFX10K platforms, the PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb. The corresponding ICMP Fragmentation Needed packet to the sender might be dropped silently, then PMTUD fails. This issue has service impact.
1522852 PRDS_SLU_SAL:jprds_slu_sal_update_lrncnt(),1379: jprds_slu_sal_update_lrncnt call failed" syslog errors messages might been which specific steps while clearing and loading again scaled configuration on QFX10002/QFX10008/QFX10016
Product-Group=junos
In scaled setup with scaled vlans and traffic flowing through all vlans. If current configuration is cleared and loaded again using below steps: load override rollback 1 commit Then base config is loaded, all leaned macs are aged out and the mac entries are marked as invalid. Ageing thread scans and finds SMAC ref bit transition for cleared mac entries and gets added to stale mac sw table. In scaled setup, considering 2k macs learned over a port, not all macs cleared at one Hw trigger, it happens in a batch of 256 entries in a mac table at a time as per qfx10k design and in the mean time, it is expected that IFBD on which macs were learned is deleted. This is the reason, Lport+IFL mapping is not found while clearing such macs and throws error.
PR Number Synopsis Category: Express PFE MPLS Features
1515092 The routes update might fail upon the HMC memory issue and traffic impact might be seen.
Product-Group=junos
On PTX Series and QFX Series devices, in rare cases, HMC memory error might cause routes update failure and traffic impact on the Packet Forwarding Engine.
PR Number Synopsis Category: IDP attack detection in the subscriber qmodules
1497340 The IDP attack detection might not work in a specific situation.
Product-Group=junos
If the total number of applications (predefined as well as the custom applications configured) crosses 4096, attack detection might fail.
PR Number Synopsis Category: Integrated Routing & Bridging (IRB) module
1453025 The IRB traffic might get drop after mastership switchover
Product-Group=junos
In the Virtual-Chassis scenario with mac-persistence-timer enabled, the IRB traffic might get drop after master switchover.
PR Number Synopsis Category: ISIS routing protocol
1482983 The output of CLI command of 'show isis interface detail' might be incorrect if 'wide-metrics-only' is enabled for IS-IS and the ASCII representation of the metric in decimal is more than 6 characters long
Product-Group=junos
If 'wide-metrics-only' is enabled for any IS-IS level and a metric configured on the IS-IS enabled interface for that level has ASCII representation in decimal more than 6 characters long, this interface's metric for that level will be merged with 'priority' field value in the output of 'show isis interface detail'.
PR Number Synopsis Category: Adresses ALG issues found in JSF
1475031 SIP messages that need to be fragmented might be dropped by the SIP ALG.
Product-Group=junos
When SIP ALG is using, after payload changed by ALG, some SIP messages size maybe bigger than outgoing interface's MTU and need to be fragmented, that SIP messages might be dropped by SIP ALG.
PR Number Synopsis Category: JSR Infrastructure
1479156 The vSRX may restart unexpectedly
Product-Group=junos
The srxpfe process generates core files when a socket-open error occurs during the initialization phase. Self-healing takes place when the srxpfe reboots and starts processing traffic.
PR Number Synopsis Category: jsscd daemon
1511745 Static subscribers are logged out after creating a unit under demux0 interface
Product-Group=junos
In MX platforms with static subscriber scenario, the existing static subscribers associated to a demux0 interface might be forced to log out after creating another unit under demux0 interface.
PR Number Synopsis Category: Layer 2 Circuit issues
1512834 The rpd might crash when deleting l2circuit configuration in a specific sequence
Product-Group=junos
If l2circuit local-switching is enabled with connection-protection, the rpd could crash in the following configuration change sequence. 1. First, delete the logical interface (IFL) used by a l2circuit and commit the change. 2. Then, delete the corresponding l2circuit configuration. The rpd could crash after committing the change.
PR Number Synopsis Category: Layer 2 Control Module
1350652 ERPv1_EX: On Ex3400 VC setup ERP node sessions stuck at pending state, with additional/removal of GRES config.
Product-Group=junos
ERP filters are not getting installed with NSB configuration in place with NSB configured l2cpd will be running on the backup RE as well. This l2cpd running on backup RE connects to DFWD running on master RE. This connection is causing the issue here as the filter installation posted over tcp socket by l2cpd master RE to DFWD on master RE is not getting processed. With NSB unconfigured no issues are observed.Code changes done to disable l2cpd filter init on the backup RE to fix the issue. Note : As a part of switchover (master change) could see the l2cpd_filter_init is happening on the new master.See logs below. When master becomes standby could see l2cpd_filter_shutdown is happening which removes the connection between l2cpd and dfwd. Apr 6 08:06:53.005235 JTASK_TASK_REINIT: Reinitializing Apr 6 08:06:53.013342 task_module_var_inits: initializing Kernel family init Apr 6 08:06:53.013351 task_module_var_inits: initializing RT Instance family init Apr 6 08:06:53.013359 task_module_var_inits: initializing TELEMETRY Apr 6 08:06:53.013366 task_module_var_inits: initializing PPM Apr 6 08:06:53.013379 task_module_var_inits: initializing L2CPD-FILTER Apr 6 08:06:53.013389 task_module_var_inits: initializing ERP
1463251 Configure any combination of VLANs and interfaces under VSTP/MSTP may cause VSTP/MSTP related configuration can not be committed
Product-Group=junos
On the EX platform, VSTP/MSTP related configuration might not be committed successfully if configure any combination of VLANs and interfaces under VSTP/MSTP to hit the maximum scale of 5219.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1498863 Inter and Intra VNI or VRF traffics are dropped between the CE devices when the interfaces connected between the TOR and multi-homes PE devices are disabled.
Product-Group=junos
On QFX10002/QFX10008/QFX10016 devices with Multi-homes PE deployment environment, the Inter and Intra VNI/VRF traffic is dropped between CEs when one of the ESI links is disabled.
1512802 Memory leak on l2ald might be seen when adding/deleting the routing-instances/bridge-domains configuration
Product-Group=junos
Memory leak on l2ald might be seen when adding/deleting the routing-instances/bridge-domains configuration.
PR Number Synopsis Category: Multiprotocol Label Switching
1517018 The rpd might crash after upgrading Junos software release from pre 18.1 to 18.1 onwards
Product-Group=junos
On all Junos platforms, the rpd might continuously crash after upgrading Junos software release from pre 18.1 to 18.1 onwards while graceful-restart and RSVP/static LSP are configured. This is because there is a change in the data structure written to the restart db file from 18.1 onwards. So, when rpd comes up and tries to read the restart db file written by pre 18.1 release image, the rpd might crash.
PR Number Synopsis Category: Jflow and sflow on MX
1487876 Incorrect 'frame length' of 132 bytes might be captured in packet header
Product-Group=junos
On all MX/PTX5k/EX platforms with Trio based line cards, if a packet is send with more than 128 bytes it will always show incorrect "Frame length" of 132 bytes in raw packet header of sflow collector captured data.
PR Number Synopsis Category: IDS features available on MS-MPC/MIC
1527236 After applying ids-rules to service-set, high session rate is observed even without any DDos traffic
Product-Group=junos
On MX platforms with MS-MIC/MS-PIC, if applying IDS filter and reaching high CPU state, the session rate stay high even without any DDos traffic which may lead to dropping of new session requests.
PR Number Synopsis Category: Bugs related to ethernet interface on MX platform
1435221 MicroBFD 3x100ms flap is seen upon inserting a QSFP in another port.
Product-Group=junos
Micro BFD/LFMD sessions with timer configured with less than 3x500ms (such as 3x100ms) might flap when a QSFP transceiver is inserted into another port.
PR Number Synopsis Category: Track Mt Rainier SPMB platform software issues
1460992 Hardware failure in CB2-PTX causes traffic interruption.
Product-Group=junos
In PTX 3000/5000 platforms with CB2-PTX (Control Board), there is an existence of an errata on a clock signal component manufactured by a third-party supplier, which might cause the Switch Processor Mezzanine Board (SPMB) and Switch Interface Boards (SIBs) failure, eventually, traffic will be interrupted.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1450093 EX4300 : CLI config "on-disk-failure" is not supported
Product-Group=junos
On an EX4300 switch, the CLI configuration "set chassis routing-engine on-disk-failure disk-failure-action (reboot | halt)" is not supported.
1505864 The installation fails when upgrading from legacy Junos to specific BSDx based Junos
Product-Group=junos
The installation might fail when upgrading from legacy Junos (before Junos 15.1) to higher BSDx based Junos releases (Junos 15.1 and after).
1518898 The kernel might crash if a file/directory is accessed for the first time and is not created locally
Product-Group=junos
On the Junos with Virtual Filesystem (VirtFS), if a file/directory is accessed for the first time and is not created locally, the kernel might crash and generate a vmcore file. Junos might reboot due to this issue.
PR Number Synopsis Category: Kernel Stats Infrastructure
1462986 Slow response from SNMP might be observed after upgrading to Junos OS Release 19.2R1 and later.
Product-Group=junos
Slow response introduced with PR/1411303 fix, is getting resolved with this PR.
PR Number Synopsis Category: Used for tracking OVSDB software issues and features
1518807 The vgd core might get generated when OVSDB server resarts
Product-Group=junos
On all Junos platforms that support OVSDB (Open vSwitch database), the vgd core might get generated when the OVSDB server is restarted. The vgd daemon restart after the core might cause traffic impact. This issue happens when OVSDB server is disconnected and the device (switch/router) sends some updates events to server.
PR Number Synopsis Category: Protocol Independant Multicast
1487636 The rpd might crash when perform GRES with MSDP configured
Product-Group=junos
On all Junos platforms, when execute Graceful Routing Engine Switchover (GRES) with Multicast Source Discovery Protocol (MSDP) enabled, rpd might crash on new master Routing Engine (RE). The issue could be automatically recovered after rpd successful self-restart. This is a timing and regression issue.
PR Number Synopsis Category: PTP related issues.
1451950 RMPC core files are found after the configuration changes are done on the network for PTP or clock synchronization.
Product-Group=junos
On the ACX/MX/QFX platform with PTP (Precision Time Protocol)/SyncE (Synchronous Ethernet) enabled, if configuration changes for the PTP/SyncE are combined with multiple events, the FPC core might be seen.
1458581 The FPC X major errors alarm might be raised after committing the PTP configuration change.
Product-Group=junos
On MX router with MPC5/MPC6/MPC7/MPC8/MPC9/MPC10 installed environment, after committing the PTP configuration change, the "FPC X major errors" alarm may be raised. This issue may cause interface flap and traffic loss.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1507044 The archival function may fail in certain conditions
Product-Group=junos
If the archival function is enabled with the statement "routing-instance" and transfer mode is set as SFTP/SCP for archive-sites, it may not work and fail to transfer the files.
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1462748 On the QFX5100 switches, the interface output counter is double counted for self-generated traffic.
Product-Group=junos
On QFX5100 device, interface output counter is double counted for self-generated traffic
1475851 FPC major error is observed after system boots up or FPC restarts.
Product-Group=junos
FPC is reporting Major Error because of SHUTDOWN ERI failure during BIST with repair on HMC having FW version >= 0x9c. BIST with repair is incorporated during boot up, so this Major Error will be reported during boot up having FW>=0x9c on HMC. During debugging, its found that this ERI is getting issued even before the HMC was brought up which is resulting into this Error. So added bringup steps for HMC before the BIST procedure starts as done for vale-ptx.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1454527 On the QFX5000 line of switches, the dcpfe process crashes due to the usage of data that is not null getting terminated.
Product-Group=junosvae
The dcpfe crash is due to usage of data which is not NULL terminated on QFX5K.
1508611 The fxpc may crash and restart with a fxpc core file created while installing image through ZTP
Product-Group=junos
On QFX5100/EX4600 Series platforms, the fxpc may crash sometimes while installing an image through ZTP.
PR Number Synopsis Category: QFX platform optics related issues
1497947 On the QFX5210064C switches, the lcmd process generates a core file.
Product-Group=junosvae
The LCMD process is the Linux Chassis Management Management Daemon. Due to a bug in the I2C handling in the daemon, a core dump may be seen. There is no specific user-visible trigger for the core dump and you may see several erroneous alarms when the core dump occurs. These should clear after the daemon automatically restarts
PR Number Synopsis Category: QFX PFE Class of Services
1430173 The CoS rewrite rules applied under an aggregated Ethernet interface might not take effect after NSSU.
Product-Group=junos
On QFX 5K platform, Class of Service (CoS) rewrite rules applied under an Aggregated Ethernet (AE) interface might not take effect after Non-Stop Software Upgrade (NSSU). In the end, packets could not enter into correct queues for sending.
1472771 On the EX4600 device, DSCP marking might not work as expected if the fixed classifiers are applied to interfaces.
Product-Group=junos
On QFX5000/EX4600 platforms, if the interfaces are configured with the fixed classifiers, when some specific configuration changes are committed, for example, the same forwarding-class is applied to two different interfaces at the same time, and then the forwarding-class for one of the interfaces is changed and committed to a different value, the Differentiated Services code point (DSCP) marking might not be able to work as expected since both physical interfaces are still having the same forwarding-class mapped in the hardware table due to this issue.
PR Number Synopsis Category: Filters
1514710 In VXLAN configuration, the firewall filters may not be loaded into the TCAM with the message "DFWE ERROR DFW: Cannot program filter .. " due to TCAM overflow after upgrading to 18.1R3-S1,18.2R1 and later
Product-Group=junos
From 18.1R3-S1 and 18.2R1, we introduced the IPACL VXLAN filters in place of regular IPACL for the vxlan vlans. In regular IPACL, we just qualify the physical port on which the filter is installed and hence, much less entries are required as compared to the earlier introduced IPACL_VXLAN. Whereas in case of IPACL_VXLAN, we qualify based on the logical port and hence, we need to install the filter entries for all the vxlan vlans that physical port (on which filter is applied) is a part of, requiring much larger number of entries. Thus this caused TCAM overflow after upgrading. We qualified based on the logical port which is calculated from the IFL and the vlan configured on the IFL. The fix is to integrate the place of IPACL VxLAN for the L2 filtering on VxLAN ports into the regular IPACL filters and to add IFD level support unless VLAN name/ID clarification rule is used in the firewall filter.
PR Number Synopsis Category: QFX L2 PFE
1497993 Traffic might get dropped if the aggregated Ethernet member interface is deleted or added, or a SFP of the aggregated Ethernet member interface is unplugged or plugged
Product-Group=junos
On QFX5K/EX46xx platforms, if STP is configured on vlan but the AE interface which is part of that vlan is not configured with STP, after an AE member interface is deleted or a SFP of the AE member interface is unplugged, and when the deleted AE member interface is added back or the unplugged SFP is plugged again, traffic via that AE interface might get dropped. LACP and LLDP traffic are not affected by this issue.
1504354 LLDP is not acquired when native-vlan-id and tagged VLAN-ID are the same on a port.
Product-Group=junos
On QFX5000 platforms running with Link Layer Discovery Protocol (LLDP) configured, if the interface has both native-vlan-id and vlan-id configured, and the native-vlan-id and vlan-id have the same value, LLDP neighborship might be unable to setup on that particular interface due to this issue.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1458206 Dual Tag Q-in-Q not working with EVPN-VXLAN
Product-Group=junos
In EVPN-VXLAN with retaining S-VLAN Tags and C-VLAN tags scenario, both S-VLAN and C-VLAN tags are treated as the data of a packet when it is transported. when a dual-tagged ARP packet arrives at ingress PE, the device could only recognize either untagged ARP packet or single tag ARP packet, and if it is not, the device will assume that it is not an ARP packet. Since ARP resolution fails, all subsequent communication will not happen.
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1421566 Some LDP routes in VRF cannot be resolved over the inet.3 table
Product-Group=junos
Any route that is added to the rib will be resolved over predefined tables, and the resolution tables for a given protocol are fixed. LDP routes added to foo.mpls.0, the resolution table is not initialized due to this NULL access happen to lead to the core.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1482400 The vmcore crash sometimes along with mspmand crash might happen on MS-MPC/MS-MIC if large-scale traffic flows are processed by it
Product-Group=junos
With NAT/Stateful-firewall/TCP tickle (enable by default) configured on MS-MPC/MS-MIC, the vmcore crash sometimes along with mspmand crash might happen if large-scale traffic flows (e.g. million flows) are processed by it.
1489942 Prolonged flow-control might happen on MX platforms with MS-MPC/MS-MIC
Product-Group=junos
On MX platforms with MS-MPC/MS-MIC, if there are lots of self-generated packets like TCP-tickle and UDP-logging, there might be data congestion on the data path due to no throttling functionality for such types of packets. When the data path is blocked, prolonged flow-control might happen with the service interfaces being brought down and the PIC reboot. At the same time, the mspmand core file will be generated if dump-on-flow-control is enabled.
PR Number Synopsis Category: MX10003/MX204 MPC defects tracking
1426349 Interfaces may come to down after device reboots
Product-Group=junos
On MX204/SRX4600/EX9251 platform, interfaces with the parameter "speed 1g" configured may come to down after device reboots, this is a timing issue and reproduced after about 50 reboots in the test.
PR Number Synopsis Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1401808 FPC core files due to a corner case scenario (race condition between RPF, IP flow).
Product-Group=junos
In a subscriber management deployment where the Reverse-Path-Forwarding (RPF) check and MAC check is enabled, a race condition might cause software failure and resulted in a Flexible PIC Concentrator (FPC) to restart.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1513509 During route table object fetch failure, FPC may crash
Product-Group=junos
Due to rare timing issue, the FPC might crash because of route table object fetch failure in EVPN multihoming scenario.
PR Number Synopsis Category: Configuration mgmt, ffp, load-action, commit processing
1468119 On Junos OS Release from 16.2R1 onwards, if commit is executed after commit check, the daemon (for example, dhcpd and sampled) might not get started even after the related configuration is successfully committed
Product-Group=junos
On Junos OS Release from 16.2R1 onwards, if commit is executed after commit check, the daemon (for example, dhcpd and sampled) might not get started even after the related configuration is successfully committed.
PR Number Synopsis Category: VSRX platform software
1412441 vSRX may crash because of stack corruption.
Product-Group=junos
If larger data types are written into smaller data types, the neighbor stack pointers are overwritten, thereby corrupting the data types. Accessing the address generates a core file, and the vSRX instance stops functioning.
 

18.1R3-S11 - List of Known issues
PR Number Synopsis Category: Marvell based EX PFE ACL
1434927 The FPC crashes with pfem generating core file might be seen if large-scale number of firewall filters are configured.
Product-Group=junos
On EX Series switches, If you are configuring a large-scale number of firewall filters on some interfaces, the FPC might crash and generate core files.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1481987 Multicast traffic loss could be seen in certain conditions while enabling IGMP snooping under EVPN-VXLAN ERB scenario
Product-Group=junos
On QFX5110 & QFX5120 platform, which is running as Layer 3 VxLAN gateway, if "igmp-snooping" is enabled in partial but not for all bridge-domains, multicast traffic loss could be observed in non-igmp snooping bridge-domains.
PR Number Synopsis Category: ACX PFE
1407098 High CPU utilization of the fxpc process might be observed with the class-of-service changes on interfaces.
Product-Group=junos
On ACX5048/ACX5096 platforms, when applying COS configurations (schedulers related) on interfaces, the CPU utilization on fxpc process might be seen. And it might affect service.
PR Number Synopsis Category: Border Gateway Protocol
1403186 All the BGP session flap after RE switchover
Product-Group=junos
With GRES and NSR enabled, if executing RE switchover, BGP session might flap in some scenario. When Junos version have the fix of PR-1440694, BGP session always flap after doing RE switchover.
1494005 The rpd process generates core file at rt_nh_resolve_add_gen in ../../../../../../../../src/junos/usr.sbin/rpd/lib/rt/rt_resolve_ind.c: with the evpn-dhcp configurations.
Product-Group=junos
In BGP with INH (indirect next-hop) scenario, if using the knob "no-labeled-bgp" to disabled the chained composite next-hops for labeled BGP, the INH might not be created for the transit traffic route when devices handling transit traffic in the network. To create the INH again, it need to re-enable the chained composite next-hops for labeled BGP by removing the knob "no-labeled-bgp" or adding the knob "labeled-bgp", but the rpd resolver might not resolve the INH information as normal since the resolver is not getting ready, it might cause RDP crashed. Then, the routing protocol might be impacted.
PR Number Synopsis Category: BBE Remote Access Server
1402653 The subscriber might need to take retry for login
Product-Group=junos
On all Junos platforms running in subscriber scenario with address pool configured, if the address pool has high usage so that only few addresses are free to allocate, when there are subscribers logout and login, the released address by one subscriber might get re-used and allocated to the other subscriber very soon. Due to this issue, syslog error messages might be seen, and the affected subscriber might need to take retry for login.
PR Number Synopsis Category: PTX Chassis Manager
1439929 FPC reboot may be observed in the events of jlock hog more than 5s
Product-Group=junos
On PTX1000 platform, in case of a jlock hog lasts for more than 5 seconds, FPC reboot might be seen.
PR Number Synopsis Category: Firewall Filter
1524836 The commit may fail if configure a filter enabled with enhanced-mode to et- interface
Product-Group=junos
On the MX platforms, if a filter enabled with the enhanced-mode is configured for the 100G ports, all the configurations either related to the et interface or not, could not be committed any more due to a configuration validation issue.
PR Number Synopsis Category: EVPN control plane issues
1394803 The process rpd crash may be observed with EVPN type-3 route churn
Product-Group=junos
In an EVPN scenario, rpd may crash with EVPN type-3 route churn due to a race condition (Incorrect sequence of allocating and freeing memory for processing the updates between BGP and EVPN).
PR Number Synopsis Category: ISIS routing protocol
1463650 IS-IS IPv6 multi-topology routes might flap every time when there is an unrelated commit under protocol stanza
Product-Group=junos
With multi-topology enabled in ISIS globally hierarchy level, if some ISIS interfaces don't have IPv6 address, all ISIS IPv6 routes flap when committing any change under protocol stanza (e.g. 'protocol pim traceoption').
PR Number Synopsis Category: Adresses ALG issues found in JSF
1462984 On the SRX5000 line of devices, the H323 call with NAT64 could not be established.
Product-Group=junos
On SRX5000 platforms, the H323 call with NAT enabled cannot be established when the H323 GK (Gatekeeper) works in direct mode.
PR Number Synopsis Category: IPSEC/IKE VPN
1517262 The flowd might crash in IPsec VPN scenario
Product-Group=junos
On SRX platforms with IPsec VPN configured, the flowd might crash during the IPsec VPN rekey window. The traffic/service might be impacted if hitting this issue.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1505976 VRRPv6 might not work in EVPN scenario
Product-Group=junos
In EVPN scenario with VRRPv6 used, the ethernet source mac address might be used for IPv6 mac-ip binding when the NA is sent from VRRPv6 master, as this unexpected behavior is triggered on regular intervals, it causes the entries to keep refreshing in EVPN database because NS from VRRPv6 master changes the mac-ip binding. Hence it has traffic impact.
PR Number Synopsis Category: Label Distribution Protocol
1538124 The rpd might crash when the LDP route with indirect next-hop is deleted on the AE interface
Product-Group=junos
If the Label Distribution Protocol (LDP) route with indirect next-hop exists (e.g. LDP egress-policy is used to advertise BGP route into LDP), the rpd might crash when the LDP route is deleted from the AE interface.
PR Number Synopsis Category: Multiprotocol Label Switching
1506062 The rpd process might crash when triggering rpd restart or GRES switchover
Product-Group=junos
On all Junos platforms with GR (Graceful Restart) and LSP (Label Switched Path) configured, if the /mfs/var/db/tag_restart.db file is corrupted, the rpd process might crash when triggering rpd restart or GRES (Graceful Routing Engine Switchover) switchover. Traffic loss might be seen during the rpd crash and restart.
PR Number Synopsis Category: Multicast for L3VPNs
1425876 MVPN using PIM dense mode does not prune the OIF when PIM prune is received.
Product-Group=junos
In the MVPN (Multicast Virtual Private Network) scenario, when PIM Dense mode is used, the egress PE might not prune the OIF (outgoing interface) when PIM prune is received.
PR Number Synopsis Category: MX104 Software - Chassis Daemon
1453893 FPC/PFE crash may happen with ATM MIC installed in the FPC
Product-Group=junos
FPC crash on MX240 and MX2020 routers or Packet Forwarding Engine crash on MX104 routers might happen when the MIC-3D-8OC3-2OC12-ATM is installed and ATM interface is configured.
PR Number Synopsis Category: Track Mt Rainier RE platform software issues
1386306 The log message of 'kernel: interrupt storm detected on "irq11:"; throttling interrupt source' might be seen when NG-RE is used
Product-Group=junos
With Next Generation Routing Engine (NG-RE), in some race conditions, the following interrupts messages might be seen on master RE: kernel: interrupt storm detected on "irq11:"; throttling interrupt source
PR Number Synopsis Category: PE based L3 software
1500798 BFD sessions flap after deactivating or activating the aggregated Ethernet interface or executing GRES.
Product-Group=junos
On QFX10008 platforms, if the BFD is configured over an AE interface (member link across multiple FPCs), deactivating/activating the AE interface or executing GRES will cause the BFD sessions to flap.
PR Number Synopsis Category: PTP related issues.
1461031 The PTP function might consume the kernel CPU for a long time.
Product-Group=junos
If the PTP function is configured, the process ppmd may be starved due to the defect that PTP function hog kernel CPU for a long time (>100ms), which can cause the "keep-alive" of the corresponding functions timeout such as ppmd based functions - LFM, BFD.
PR Number Synopsis Category: QFX ISSU Infrastructure
1490799 After ISSU or ISSR, a port using SR4 or LR4 optics might not come up.
Product-Group=junos
On QFX5100/5200 platforms, a port using SR4/LR4 optics might not come up after ISSU (In-Service Software Upgrade)/ISSR (In-Service Software Reboot).
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1317750 Port LEDs do not work on the QFX5100 switch in QFX5110-QFX5100 mixed mode Virtual Chassis.
Product-Group=junosvae
Port LEDs on the QFX5100 do not work. If a device connects to a port on the QFX5100, the port LED stays unlit.
PR Number Synopsis Category: QFX L2 PFE
1515254 On the EX4600 device with VXLAN enabled, the ARP request might get dropped if the storm control is configured.
Product-Group=junos
ARP request get dropped on QFX5000 and EX46xx devices when all of the following condition are met. 1.Storm control is enabled on any of the port. 2.VXLAN is enabled 3.Arp-suppression is enabled.
PR Number Synopsis Category: QFX VC Infrastructure
1497563 Virtual Chassis is not stable with 100-Gigabit Ethernet and 40-Gigabit Ethernet interfaces.
Product-Group=junos
In QFX5110 platform with Virtual Chassis (VC) scenario, VC might not get formed and can cause traffic loss if the 100G VCP ports are deleted and created, or changed from 40G to 100G or vice-versa. For the reason is that Forward Error Correction (FEC) should not be enabled when the physical interface is working as a VCP port.
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1458595 The rpd process might crash if a BGP route is resolved over the same prefix protocol next hop in an inet.3 table that has both RSVP and LDP routes.
Product-Group=junos
In race condition, if a BGP route is resolved over the same prefix protocol next hop in an inet.3 table that has both RSVP and LDP routes, when the RSVP and LDP routes are flapping (firstly these routes are down and then up), the BGP route will be re-resolved, and then the rpd crash might be seen.
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1463112 RPD memory leak in RT_NEXTHOPS_TEMPLATE
Product-Group=junos
Junos releases having fix of PR1450123 might show RPD memory leak in RT_NEXTHOPS_TEMPLATE
PR Number Synopsis Category: platform related PRs on SRX branch platforms
1451474 Traffic forwarding on Q-in-Q port and VLAN tagging is not observed properly on R0.
Product-Group=junos
On SRX-branch platforms, if QinQ and native-vlan-id are configured, priority tagged packets (Priority tagged packets have their VLAN ID set to 0, and their priority code point bits might be configured with a CoS value.) would be dropped. Below is the detail. The newly added configuration "set interface input-native-vlan-push" is not supported by branch SRX. By default, input-native-vlan-push is disabled, which will cause untagged packets ingress from UNI (user-to-network) will not be added with inner tag on egressing out of NNI (network-to-network interface), and the priority only tagged packets ingress from UNI will be stripped of the priority tag when it egresses out of the UNI in the other end. Hence packets drop would be seen.
PR Number Synopsis Category: MPC7/8/9 Interface Issues
1441816 Egress stream flush failure and traffic black hole might occur.
Product-Group=junos
Egress stream flush failure and silent dropping of traffic could occur in a rare occasion for a repeatedly flapping link on MPC7E, MPC8E, MPC9E cards, MX204 and MX10003.
PR Number Synopsis Category: MX10003/MX204 Platform SW - Chassisd s/w defects
1315577 MX10003 : Despite of having all AC low PEM alarm is raised.
Product-Group=junos
An alarm is raised if mixed AC PEMs are present. This occurs because the criteria for checking whether mixed AC is present was changed.
1423858 On MX204 Optics "SFP-1GE-FE-E-T" I2C read errors are seen when an SFP-T is inserted into a disabled state port
Product-Group=junos
MX204 supports SFP "SFP-1GE-FE-E-T" from some releases. I2C read errors are seen when an SFP-T is inserted into a disabled state port, configured with "set interface <*> disable" cli command. [M LOG: Err] smic_mx1ru_8xsfpp_mpcs_i2c_read: - SFPP set start_addr failed [M LOG: Err] I2C Failed device: group 0x812 address 0x56 [M LOG: Err] mpcs_i2c_single_io: MPCS(0) ctlr 2 group 2 addr 0x56 prio 1 flags 0x0 failed status 0x1 [M LOG: Err] smic_mx1ru_8xsfpp_mpcs_i2c_read: - SFPP set start_addr failed [M LOG: Err] I2C Failed device: group 0x812 address 0x56 [M LOG: Err] smic_sfpp_ext_phy_get_linkstate: SMIC(0/1) - SFPP ext phy read failed [M LOG: Err] smic_phy_periodic DFE tuning failed for xe-0/1/2 [M LOG: Err] smic_periodic_raw: SMIC(0/1) - Error in PHY periodic function
PR Number Synopsis Category: Authentication, Authorization, Accounting, PAM (RADIUS/tacplus)
1393839 The lockout-period might not work for the user being locked out
Product-Group=junos
If 'system login retry-options lockout-period' is configured, the variables related to lockout-period are accessed without getting initialized, which could cause junk values in the variables to be used. The junk values in the variables might cause the lockout-period to not work. The actual behavior depends on what is the junk value. For example, user might not be allowed to login with correct password even after the lockout-period is elapsed, or user still can login during lockout-period.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
991081 The configuration change on Backup RE cannot be synchronized while deleting inactivated interfaces/routing-instances from master
Product-Group=junos
In the dual Routing Engine scenario, the backup Routing Engine does not sync up the configuration change while deleting an inactivated interface/routing-instances from the master. So after the operation, the inactivated interface/routing-instances still exists on the backup Routing Engine.
PR Number Synopsis Category: Web-Management UI
1513612 Installing J-Web application package may fail on the EX2300/EX3400 platforms
Product-Group=junos
On the EX2300/EX3400 platforms, J-Web application package may fail to be installed with the affected releases.
PR Number Synopsis Category: VMHOST platforms software
1446205 The jfirmware upgrade might fail on certain MX platforms with SCBE3
Product-Group=junos
On certain MX platforms having RE-S-2X00x6 and Enhanced MX-SCB installed, an error might be observed during the installation of jfirmware upgrade package which causes the installation to fail.
 
Modification History:
First publication 2020-10-05
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search