Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles18.1R3-S11: Software Release Notification for JUNOS Software Version 18.1R3-S11
Junos Software service Release version 18.1R3-S11 is now available.
18.1R3-S11 - List of Fixed issues| PR Number | Synopsis | Category: EX4300 PFE |
|---|---|---|
| 1388324 | ICMPV6 packets are not classified with static or multifield forwarding-class mapping. Product-Group=junos |
ICMPv6 packets are hitting the dynamic ingress filter with higher priority, thus never reaching an MF or static classifier. |
| 1456879 | The traffic for some VLANs might not be forwarded when vlan-id-list is configured Product-Group=junos |
On EX4300 Series switches, if the vlan-id-list is used on one interface, the traffic for some VLANs under the vlan-id-list might not be forwarded. |
| 1493212 | IPv6 neighbor solicitation packets might be dropped in a transit device. Product-Group=junos |
In EX4300 platform with a Layer 2 scenario, IPv6 neighbor solicitation (NS) packets transiting an EX switch might be dropped if there is a firewall filter matching "next-header icmpv6" then "policer xxx with discard action" configured under a loopback interface. That will cause the IPv6 communication going through the EX switch to fail (IPv4 works fine). |
| PR Number | Synopsis | Category: EX2300/3400 PFE |
| 1427075 | VC split after network topology changed Product-Group=junos |
In Virtual Chassis scenario, when the interfaces flaps or VLAN configuration is changed frequently, the network topology will be changed accordingly, then CPU utilization will be dramatically increased to very high within a short time, which might cause the failure of essential communications between VC master and members. When the failure happens, FPC will automatically restart. As a result, VC is split and traffic is lost. |
| 1497523 | The fxpc might crash when renumbering the master member id value of the EX2300/EX3400 VC Product-Group=junos |
In EX2300/EX3400 VC (Virtual Chassis) scenario, when renumbering the master member id to a new id value, sometimes there is a fxpc crash on another VC member. Traffic loss might be seen during the fxpc crash and restart. |
| 1525373 | "Drops" and "Dropped packets" counters in the output by "show interface extensive" are double counting. Product-Group=junos |
"show interface ..." command shows wrong values for the "Drops" and "Drop Packet" counters. The actual value is half of the display values. |
| PR Number | Synopsis | Category: HW Board, FPGA, CPLD issues |
| 1407095 | QFX10002 showing error fpc0 prds_ptc_clear_all_pulse_and_samples: prds_ptc_clear_all_pulse_and_samples PE 4 PTC 2: after clearing sample, sample still valid 1 Product-Group=junos |
The error we are seeing is for the ptc (Precision time counter ).On some QFX10002, the PTC Sync SW algorithm does not always run at the expected time; this algorithm keeps the PE chip time counters up to date, which is used for the IEEE 1588 PTP feature. On some hardware, there are error logs sent to the console, even though the algorithm is actually running correctly. Not all QFX10002 exhibit this behavior.The impact of the bug is that there are too many error logs that are not useful, which flood the console or message logs This only applies to the QFX10002. |
| PR Number | Synopsis | Category: QFX Access control list |
| 1499918 | Traffic drop might be observed after modifying the FBF firewall filter. Product-Group=junos |
On the QFX5100 and QFX5200 lines of switches, after making changes in filter-based forwarding (FBF) firewall filter that is configured with multiple terms or different routing instances, traffic drop might be observed. |
| 1521763 | Firewall "sample" configuration gives the warning as unsupported on QFX10002-36q and will not work. Product-Group=junos |
On QFX10002-36q, when inline-jflow is configured, the IPv4 firewall filter with 'sample' action gives a waring "unsupported platform" and will not work. On the other hand, the IPv6 firewall filter with 'sample' action will still work as expected. |
| PR Number | Synopsis | Category: QFX PFE CoS |
| 1510365 | Traffic might be forwarded to the wrong queue when a fixed classifier is used. Product-Group=junos |
If L2 access or vlan bridge IFL is created after fixed classifier is applied, the traffic matching the fixed classifier might be forwarded in unexpected queue, it might cause congestion unexpectedly hence there is traffic impact. |
| PR Number | Synopsis | Category: QFX PFE L2 |
| 1474142 | Traffic might get affected if the composite next-hop is enabled. Product-Group=junos |
On QFX5000 and EX4600 platforms with composite next hop enabled, traffic loss would occur when deleting leaked routes with composite next hop. |
| 1521324 | MAC address in hardware table may become out of sync between Master and member in Virtual Chassis after MAC flap Product-Group=junos |
When MAC address moves over the member in Virtual Chassis, the MAC address's learning port in Internal Hardware MAC table may be out of sync between Master and member and this may lead to misforwarding. This will be an extremely rare occurrence. If the issue happens, you can issue "clear ethernet-switching table " command to restore the communication. |
| PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
| 1528490 | The fxpc crash might be observed if VXLAN interface flaps on QFX5K Product-Group=junos |
On QFX5K platforms, if VXLAN enabled interfaces flap excessively in short period of time, PFE might crash. |
| PR Number | Synopsis | Category: CoS support on ACX |
| 1493518 | On the ACX5048 or ACX5096 line of routers, the LACP control packets might get dropped due to high CPU utilization. Product-Group=junos |
On ACX5048/ACX5096 platforms, when one of the child links in AE goes down brings entire AE down due to high CPU.LACP control packets might get dropped as the port is blocked for a temporary period. |
| PR Number | Synopsis | Category: JUNOS kernel/ukernel changes for ACX |
| 1509402 | PFE crash might be seen and the FPC may remain down on ACX710 platform Product-Group=junos |
On ACX710 platform, after the PTP(Precision Time Protocol) configuration is removed and the router is rebooted, the PFE might crash and the FPC remains down if PTP traffic is still coming into the router. This issue might also happen when SyncE is configured. This causes the router to crash and not come up. |
| PR Number | Synopsis | Category: BBE interface related issues |
| 1498024 | Subscribers may be disconnected after one of the AE participating FPCs comes online in a Junos node slicing scenario Product-Group=junos |
On MX Series platforms with node slicing setup, if subscriber services and targeted distribution feature are enabled on an aggregated Ethernet interface, and the FPC where one of the aggregated Ethernet member port is located comes online, subscribers that are already online might be disconnected. |
| PR Number | Synopsis | Category: QFX Access Control related |
| 1515972 | "dot1x" memory leak Product-Group=junos |
Memory leak is seen in 'dot1xd' daemon when no 'dot1x' is configured. Memory leak is seen for the allocation while creating socket from 'dot1xd' daemon to 'authd' daemon. If 'authd' is not running , 'dot1xd' daemon tries to connect to 'authd' periodically and every time it was allocating memory for string "/var/run/authd_control" for socket creation. The memory does not free in this scenario and we see memory leak for string "/var/run/authd_control". There will be no service impact to other services/daemons other than dot1x. |
| PR Number | Synopsis | Category: QFX Control Plane VXLAN |
| 1501117 | The l2ald process might crash in a rare condition under EVPN-VxLAN scenario Product-Group=junos |
On all Junos platforms with EVPN-VxLAN multihoming scenario, if incorrect MAC move happens within the same ESI (Ethernet Segment Identifiers) bridge-domain, the l2ald process might crash. This is a rare timing issue. |
| PR Number | Synopsis | Category: QFX xSTP Control Plane related |
| 1500783 | On the EX4300, EX3400, and EX2300 Virtual Chassis with NSB and xSTP enabled, continuous traffic loss might be observed while performing GRES Product-Group=junos |
On EX4300/EX3400/EX2300 Virtual-Chassis with NSB and xSTP enabled, the continuous traffic loss might be observed while doing GRES. |
| PR Number | Synopsis | Category: Firewall Filter |
| 1511041 | Traffic might be dropped though not exceeding the configured bandwidth under policer Product-Group=junos |
If a bandwidth-percent-based policer is applied on an aggregated Ethernet bundle without the "shared-bandwidth-policer" configuration statement, traffic will hit the policer even if the traffic is not exceeding the configured bandwidth. As a workaround, configure the "shared-bandwidth-policer" configuration statement under the policer. |
| PR Number | Synopsis | Category: EVPN control plane issues |
| 1485377 | On the MX, QFX10002, QFX10008, and QFX10016 devices within an EVPN-MPLS active-active multi-homing mode, when adding and deleting the virtual-gateway-address, the ARP entry to CE might disappear from the kernel. Product-Group=junos |
On MX/QFX10002/QFX10008/QFX10016 devices within an EVPN-MPLS active-active multi-homing mode, when adding and deleting the virtual-gateway-address, the ARP entry to CE might disappear from the kernel. |
| 1506343 | Configuring the knob "proxy-macip-advertisement" for EVPN-MPLS leads to functionality breakage Product-Group=junos |
In EVPN-MPLS scenario, with "proxy-macip-advertisement" enabled on IRB, ARP for remote CE on local PE fails might be seen and forwarding-table entry always remains in hold state. The "proxy-macip-advertisement" enable the proxy advertisement feature on a device that can function as a Layer 3 gateway. With this feature enabled, the Layer 3 gateway advertises the MAC and IP routes (MAC+IP type 2 routes) on behalf of Layer 2 VXLAN gateways. |
| PR Number | Synopsis | Category: EVPN Layer-2 Forwarding |
| 1520078 | Unable to create a new VTEP interface Product-Group=junos |
In all platforms with VXLAN Static VTEP tunnels scenario (including Static VXLAN without EVPN), after RE switchover or restart of l2-learning, if create a new VTEP interface, the interface may not work. |
| PR Number | Synopsis | Category: Express PFE CoS Features |
| 1531095 | JDI-Reg:Switching-Regression-COS: Packet loss is seen while validating the policer after restarting chassis control Product-Group=junos |
Check with Development team on this |
| PR Number | Synopsis | Category: Express PFE L2 fwding Features |
| 1442587 | The PMTUD might not work for both IPv4 and IPv6 if the ingress Layer 3 interface is an IRB. Product-Group=junos |
Path MTU Discovery (PMTUD) is a standardized technique for determining the maximum transmission unit (MTU) size on the network path between two IP hosts, usually with the goal of avoiding IP fragmentation. On QFX10K platforms, the PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb. The corresponding ICMP Fragmentation Needed packet to the sender might be dropped silently, then PMTUD fails. This issue has service impact. |
| 1522852 | PRDS_SLU_SAL:jprds_slu_sal_update_lrncnt(),1379: jprds_slu_sal_update_lrncnt call failed" syslog errors messages might been which specific steps while clearing and loading again scaled configuration on QFX10002/QFX10008/QFX10016 Product-Group=junos |
In scaled setup with scaled vlans and traffic flowing through all vlans. If current configuration is cleared and loaded again using below steps: load override rollback 1 commit Then base config is loaded, all leaned macs are aged out and the mac entries are marked as invalid. Ageing thread scans and finds SMAC ref bit transition for cleared mac entries and gets added to stale mac sw table. In scaled setup, considering 2k macs learned over a port, not all macs cleared at one Hw trigger, it happens in a batch of 256 entries in a mac table at a time as per qfx10k design and in the mean time, it is expected that IFBD on which macs were learned is deleted. This is the reason, Lport+IFL mapping is not found while clearing such macs and throws error. |
| PR Number | Synopsis | Category: Express PFE MPLS Features |
| 1515092 | The routes update might fail upon the HMC memory issue and traffic impact might be seen. Product-Group=junos |
On PTX Series and QFX Series devices, in rare cases, HMC memory error might cause routes update failure and traffic impact on the Packet Forwarding Engine. |
| PR Number | Synopsis | Category: IDP attack detection in the subscriber qmodules |
| 1497340 | The IDP attack detection might not work in a specific situation. Product-Group=junos |
If the total number of applications (predefined as well as the custom applications configured) crosses 4096, attack detection might fail. |
| PR Number | Synopsis | Category: Integrated Routing & Bridging (IRB) module |
| 1453025 | The IRB traffic might get drop after mastership switchover Product-Group=junos |
In the Virtual-Chassis scenario with mac-persistence-timer enabled, the IRB traffic might get drop after master switchover. |
| PR Number | Synopsis | Category: ISIS routing protocol |
| 1482983 | The output of CLI command of 'show isis interface detail' might be incorrect if 'wide-metrics-only' is enabled for IS-IS and the ASCII representation of the metric in decimal is more than 6 characters long Product-Group=junos |
If 'wide-metrics-only' is enabled for any IS-IS level and a metric configured on the IS-IS enabled interface for that level has ASCII representation in decimal more than 6 characters long, this interface's metric for that level will be merged with 'priority' field value in the output of 'show isis interface detail'. |
| PR Number | Synopsis | Category: Adresses ALG issues found in JSF |
| 1475031 | SIP messages that need to be fragmented might be dropped by the SIP ALG. Product-Group=junos |
When SIP ALG is using, after payload changed by ALG, some SIP messages size maybe bigger than outgoing interface's MTU and need to be fragmented, that SIP messages might be dropped by SIP ALG. |
| PR Number | Synopsis | Category: JSR Infrastructure |
| 1479156 | The vSRX may restart unexpectedly Product-Group=junos |
The srxpfe process generates core files when a socket-open error occurs during the initialization phase. Self-healing takes place when the srxpfe reboots and starts processing traffic. |
| PR Number | Synopsis | Category: jsscd daemon |
| 1511745 | Static subscribers are logged out after creating a unit under demux0 interface Product-Group=junos |
In MX platforms with static subscriber scenario, the existing static subscribers associated to a demux0 interface might be forced to log out after creating another unit under demux0 interface. |
| PR Number | Synopsis | Category: Layer 2 Circuit issues |
| 1512834 | The rpd might crash when deleting l2circuit configuration in a specific sequence Product-Group=junos |
If l2circuit local-switching is enabled with connection-protection, the rpd could crash in the following configuration change sequence. 1. First, delete the logical interface (IFL) used by a l2circuit and commit the change. 2. Then, delete the corresponding l2circuit configuration. The rpd could crash after committing the change. |
| PR Number | Synopsis | Category: Layer 2 Control Module |
| 1350652 | ERPv1_EX: On Ex3400 VC setup ERP node sessions stuck at pending state, with additional/removal of GRES config. Product-Group=junos |
ERP filters are not getting installed with NSB configuration in place with NSB configured l2cpd will be running on the backup RE as well. This l2cpd running on backup RE connects to DFWD running on master RE. This connection is causing the issue here as the filter installation posted over tcp socket by l2cpd master RE to DFWD on master RE is not getting processed. With NSB unconfigured no issues are observed.Code changes done to disable l2cpd filter init on the backup RE to fix the issue. Note : As a part of switchover (master change) could see the l2cpd_filter_init is happening on the new master.See logs below. When master becomes standby could see l2cpd_filter_shutdown is happening which removes the connection between l2cpd and dfwd. Apr 6 08:06:53.005235 JTASK_TASK_REINIT: Reinitializing Apr 6 08:06:53.013342 task_module_var_inits: initializing Kernel family init Apr 6 08:06:53.013351 task_module_var_inits: initializing RT Instance family init Apr 6 08:06:53.013359 task_module_var_inits: initializing TELEMETRY Apr 6 08:06:53.013366 task_module_var_inits: initializing PPM Apr 6 08:06:53.013379 task_module_var_inits: initializing L2CPD-FILTER Apr 6 08:06:53.013389 task_module_var_inits: initializing ERP |
| 1463251 | Configure any combination of VLANs and interfaces under VSTP/MSTP may cause VSTP/MSTP related configuration can not be committed Product-Group=junos |
On the EX platform, VSTP/MSTP related configuration might not be committed successfully if configure any combination of VLANs and interfaces under VSTP/MSTP to hit the maximum scale of 5219. |
| PR Number | Synopsis | Category: Layer2 forwarding on EX/NTF/PTX/QFX |
| 1498863 | Inter and Intra VNI or VRF traffics are dropped between the CE devices when the interfaces connected between the TOR and multi-homes PE devices are disabled. Product-Group=junos |
On QFX10002/QFX10008/QFX10016 devices with Multi-homes PE deployment environment, the Inter and Intra VNI/VRF traffic is dropped between CEs when one of the ESI links is disabled. |
| 1512802 | Memory leak on l2ald might be seen when adding/deleting the routing-instances/bridge-domains configuration Product-Group=junos |
Memory leak on l2ald might be seen when adding/deleting the routing-instances/bridge-domains configuration. |
| PR Number | Synopsis | Category: Multiprotocol Label Switching |
| 1517018 | The rpd might crash after upgrading Junos software release from pre 18.1 to 18.1 onwards Product-Group=junos |
On all Junos platforms, the rpd might continuously crash after upgrading Junos software release from pre 18.1 to 18.1 onwards while graceful-restart and RSVP/static LSP are configured. This is because there is a change in the data structure written to the restart db file from 18.1 onwards. So, when rpd comes up and tries to read the restart db file written by pre 18.1 release image, the rpd might crash. |
| PR Number | Synopsis | Category: Jflow and sflow on MX |
| 1487876 | Incorrect 'frame length' of 132 bytes might be captured in packet header Product-Group=junos |
On all MX/PTX5k/EX platforms with Trio based line cards, if a packet is send with more than 128 bytes it will always show incorrect "Frame length" of 132 bytes in raw packet header of sflow collector captured data. |
| PR Number | Synopsis | Category: IDS features available on MS-MPC/MIC |
| 1527236 | After applying ids-rules to service-set, high session rate is observed even without any DDos traffic Product-Group=junos |
On MX platforms with MS-MIC/MS-PIC, if applying IDS filter and reaching high CPU state, the session rate stay high even without any DDos traffic which may lead to dropping of new session requests. |
| PR Number | Synopsis | Category: Bugs related to ethernet interface on MX platform |
| 1435221 | MicroBFD 3x100ms flap is seen upon inserting a QSFP in another port. Product-Group=junos |
Micro BFD/LFMD sessions with timer configured with less than 3x500ms (such as 3x100ms) might flap when a QSFP transceiver is inserted into another port. |
| PR Number | Synopsis | Category: Track Mt Rainier SPMB platform software issues |
| 1460992 | Hardware failure in CB2-PTX causes traffic interruption. Product-Group=junos |
In PTX 3000/5000 platforms with CB2-PTX (Control Board), there is an existence of an errata on a clock signal component manufactured by a third-party supplier, which might cause the Switch Processor Mezzanine Board (SPMB) and Switch Interface Boards (SIBs) failure, eventually, traffic will be interrupted. |
| PR Number | Synopsis | Category: FreeBSD Kernel Infrastructure |
| 1450093 | EX4300 : CLI config "on-disk-failure" is not supported Product-Group=junos |
On an EX4300 switch, the CLI configuration "set chassis routing-engine on-disk-failure disk-failure-action (reboot | halt)" is not supported. |
| 1505864 | The installation fails when upgrading from legacy Junos to specific BSDx based Junos Product-Group=junos |
The installation might fail when upgrading from legacy Junos (before Junos 15.1) to higher BSDx based Junos releases (Junos 15.1 and after). |
| 1518898 | The kernel might crash if a file/directory is accessed for the first time and is not created locally Product-Group=junos |
On the Junos with Virtual Filesystem (VirtFS), if a file/directory is accessed for the first time and is not created locally, the kernel might crash and generate a vmcore file. Junos might reboot due to this issue. |
| PR Number | Synopsis | Category: Kernel Stats Infrastructure |
| 1462986 | Slow response from SNMP might be observed after upgrading to Junos OS Release 19.2R1 and later. Product-Group=junos |
Slow response introduced with PR/1411303 fix, is getting resolved with this PR. |
| PR Number | Synopsis | Category: Used for tracking OVSDB software issues and features |
| 1518807 | The vgd core might get generated when OVSDB server resarts Product-Group=junos |
On all Junos platforms that support OVSDB (Open vSwitch database), the vgd core might get generated when the OVSDB server is restarted. The vgd daemon restart after the core might cause traffic impact. This issue happens when OVSDB server is disconnected and the device (switch/router) sends some updates events to server. |
| PR Number | Synopsis | Category: Protocol Independant Multicast |
| 1487636 | The rpd might crash when perform GRES with MSDP configured Product-Group=junos |
On all Junos platforms, when execute Graceful Routing Engine Switchover (GRES) with Multicast Source Discovery Protocol (MSDP) enabled, rpd might crash on new master Routing Engine (RE). The issue could be automatically recovered after rpd successful self-restart. This is a timing and regression issue. |
| PR Number | Synopsis | Category: PTP related issues. |
| 1451950 | RMPC core files are found after the configuration changes are done on the network for PTP or clock synchronization. Product-Group=junos |
On the ACX/MX/QFX platform with PTP (Precision Time Protocol)/SyncE (Synchronous Ethernet) enabled, if configuration changes for the PTP/SyncE are combined with multiple events, the FPC core might be seen. |
| 1458581 | The FPC X major errors alarm might be raised after committing the PTP configuration change. Product-Group=junos |
On MX router with MPC5/MPC6/MPC7/MPC8/MPC9/MPC10 installed environment, after committing the PTP configuration change, the "FPC X major errors" alarm may be raised. This issue may cause interface flap and traffic loss. |
| PR Number | Synopsis | Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI |
| 1507044 | The archival function may fail in certain conditions Product-Group=junos |
If the archival function is enabled with the statement "routing-instance" and transfer mode is set as SFTP/SCP for archive-sites, it may not work and fail to transfer the files. |
| PR Number | Synopsis | Category: Interface related issues. Port up/down, stats, CMLC , serdes |
| 1462748 | On the QFX5100 switches, the interface output counter is double counted for self-generated traffic. Product-Group=junos |
On QFX5100 device, interface output counter is double counted for self-generated traffic |
| 1475851 | FPC major error is observed after system boots up or FPC restarts. Product-Group=junos |
FPC is reporting Major Error because of SHUTDOWN ERI failure during BIST with repair on HMC having FW version >= 0x9c. BIST with repair is incorporated during boot up, so this Major Error will be reported during boot up having FW>=0x9c on HMC. During debugging, its found that this ERI is getting issued even before the HMC was brought up which is resulting into this Error. So added bringup steps for HMC before the BIST procedure starts as done for vale-ptx. |
| PR Number | Synopsis | Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous) |
| 1454527 | On the QFX5000 line of switches, the dcpfe process crashes due to the usage of data that is not null getting terminated. Product-Group=junosvae |
The dcpfe crash is due to usage of data which is not NULL terminated on QFX5K. |
| 1508611 | The fxpc may crash and restart with a fxpc core file created while installing image through ZTP Product-Group=junos |
On QFX5100/EX4600 Series platforms, the fxpc may crash sometimes while installing an image through ZTP. |
| PR Number | Synopsis | Category: QFX platform optics related issues |
| 1497947 | On the QFX5210064C switches, the lcmd process generates a core file. Product-Group=junosvae |
The LCMD process is the Linux Chassis Management Management Daemon. Due to a bug in the I2C handling in the daemon, a core dump may be seen. There is no specific user-visible trigger for the core dump and you may see several erroneous alarms when the core dump occurs. These should clear after the daemon automatically restarts |
| PR Number | Synopsis | Category: QFX PFE Class of Services |
| 1430173 | The CoS rewrite rules applied under an aggregated Ethernet interface might not take effect after NSSU. Product-Group=junos |
On QFX 5K platform, Class of Service (CoS) rewrite rules applied under an Aggregated Ethernet (AE) interface might not take effect after Non-Stop Software Upgrade (NSSU). In the end, packets could not enter into correct queues for sending. |
| 1472771 | On the EX4600 device, DSCP marking might not work as expected if the fixed classifiers are applied to interfaces. Product-Group=junos |
On QFX5000/EX4600 platforms, if the interfaces are configured with the fixed classifiers, when some specific configuration changes are committed, for example, the same forwarding-class is applied to two different interfaces at the same time, and then the forwarding-class for one of the interfaces is changed and committed to a different value, the Differentiated Services code point (DSCP) marking might not be able to work as expected since both physical interfaces are still having the same forwarding-class mapped in the hardware table due to this issue. |
| PR Number | Synopsis | Category: Filters |
| 1514710 | In VXLAN configuration, the firewall filters may not be loaded into the TCAM with the message "DFWE ERROR DFW: Cannot program filter .. " due to TCAM overflow after upgrading to 18.1R3-S1,18.2R1 and later Product-Group=junos |
From 18.1R3-S1 and 18.2R1, we introduced the IPACL VXLAN filters in place of regular IPACL for the vxlan vlans. In regular IPACL, we just qualify the physical port on which the filter is installed and hence, much less entries are required as compared to the earlier introduced IPACL_VXLAN. Whereas in case of IPACL_VXLAN, we qualify based on the logical port and hence, we need to install the filter entries for all the vxlan vlans that physical port (on which filter is applied) is a part of, requiring much larger number of entries. Thus this caused TCAM overflow after upgrading. We qualified based on the logical port which is calculated from the IFL and the vlan configured on the IFL. The fix is to integrate the place of IPACL VxLAN for the L2 filtering on VxLAN ports into the regular IPACL filters and to add IFD level support unless VLAN name/ID clarification rule is used in the firewall filter. |
| PR Number | Synopsis | Category: QFX L2 PFE |
| 1497993 | Traffic might get dropped if the aggregated Ethernet member interface is deleted or added, or a SFP of the aggregated Ethernet member interface is unplugged or plugged Product-Group=junos |
On QFX5K/EX46xx platforms, if STP is configured on vlan but the AE interface which is part of that vlan is not configured with STP, after an AE member interface is deleted or a SFP of the AE member interface is unplugged, and when the deleted AE member interface is added back or the unplugged SFP is plugged again, traffic via that AE interface might get dropped. LACP and LLDP traffic are not affected by this issue. |
| 1504354 | LLDP is not acquired when native-vlan-id and tagged VLAN-ID are the same on a port. Product-Group=junos |
On QFX5000 platforms running with Link Layer Discovery Protocol (LLDP) configured, if the interface has both native-vlan-id and vlan-id configured, and the native-vlan-id and vlan-id have the same value, LLDP neighborship might be unable to setup on that particular interface due to this issue. |
| PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
| 1458206 | Dual Tag Q-in-Q not working with EVPN-VXLAN Product-Group=junos |
In EVPN-VXLAN with retaining S-VLAN Tags and C-VLAN tags scenario, both S-VLAN and C-VLAN tags are treated as the data of a packet when it is transported. when a dual-tagged ARP packet arrives at ingress PE, the device could only recognize either untagged ARP packet or single tag ARP packet, and if it is not, the device will assume that it is not an ARP packet. Since ARP resolution fails, all subsequent communication will not happen. |
| PR Number | Synopsis | Category: RPD route tables, resolver, routing instances, static routes |
| 1421566 | Some LDP routes in VRF cannot be resolved over the inet.3 table Product-Group=junos |
Any route that is added to the rib will be resolved over predefined tables, and the resolution tables for a given protocol are fixed. LDP routes added to foo.mpls.0, the resolution table is not initialized due to this NULL access happen to lead to the core. |
| PR Number | Synopsis | Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP) |
| 1482400 | The vmcore crash sometimes along with mspmand crash might happen on MS-MPC/MS-MIC if large-scale traffic flows are processed by it Product-Group=junos |
With NAT/Stateful-firewall/TCP tickle (enable by default) configured on MS-MPC/MS-MIC, the vmcore crash sometimes along with mspmand crash might happen if large-scale traffic flows (e.g. million flows) are processed by it. |
| 1489942 | Prolonged flow-control might happen on MX platforms with MS-MPC/MS-MIC Product-Group=junos |
On MX platforms with MS-MPC/MS-MIC, if there are lots of self-generated packets like TCP-tickle and UDP-logging, there might be data congestion on the data path due to no throttling functionality for such types of packets. When the data path is blocked, prolonged flow-control might happen with the service interfaces being brought down and the PIC reboot. At the same time, the mspmand core file will be generated if dump-on-flow-control is enabled. |
| PR Number | Synopsis | Category: MX10003/MX204 MPC defects tracking |
| 1426349 | Interfaces may come to down after device reboots Product-Group=junos |
On MX204/SRX4600/EX9251 platform, interfaces with the parameter "speed 1g" configured may come to down after device reboots, this is a timing issue and reproduced after about 50 reboots in the test. |
| PR Number | Synopsis | Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch |
| 1401808 | FPC core files due to a corner case scenario (race condition between RPF, IP flow). Product-Group=junos |
In a subscriber management deployment where the Reverse-Path-Forwarding (RPF) check and MAC check is enabled, a race condition might cause software failure and resulted in a Flexible PIC Concentrator (FPC) to restart. |
| PR Number | Synopsis | Category: Trio pfe bridging, learning, stp, oam, irb software |
| 1513509 | During route table object fetch failure, FPC may crash Product-Group=junos |
Due to rare timing issue, the FPC might crash because of route table object fetch failure in EVPN multihoming scenario. |
| PR Number | Synopsis | Category: Configuration mgmt, ffp, load-action, commit processing |
| 1468119 | On Junos OS Release from 16.2R1 onwards, if commit is executed after commit check, the daemon (for example, dhcpd and sampled) might not get started even after the related configuration is successfully committed Product-Group=junos |
On Junos OS Release from 16.2R1 onwards, if commit is executed after commit check, the daemon (for example, dhcpd and sampled) might not get started even after the related configuration is successfully committed. |
| PR Number | Synopsis | Category: VSRX platform software |
| 1412441 | vSRX may crash because of stack corruption. Product-Group=junos |
If larger data types are written into smaller data types, the neighbor stack pointers are overwritten, thereby corrupting the data types. Accessing the address generates a core file, and the vSRX instance stops functioning. |
| PR Number | Synopsis | Category: Marvell based EX PFE ACL |
|---|---|---|
| 1434927 | The FPC crashes with pfem generating core file might be seen if large-scale number of firewall filters are configured. Product-Group=junos |
On EX Series switches, If you are configuring a large-scale number of firewall filters on some interfaces, the FPC might crash and generate core files. |
| PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
| 1481987 | Multicast traffic loss could be seen in certain conditions while enabling IGMP snooping under EVPN-VXLAN ERB scenario Product-Group=junos |
On QFX5110 & QFX5120 platform, which is running as Layer 3 VxLAN gateway, if "igmp-snooping" is enabled in partial but not for all bridge-domains, multicast traffic loss could be observed in non-igmp snooping bridge-domains. |
| PR Number | Synopsis | Category: ACX PFE |
| 1407098 | High CPU utilization of the fxpc process might be observed with the class-of-service changes on interfaces. Product-Group=junos |
On ACX5048/ACX5096 platforms, when applying COS configurations (schedulers related) on interfaces, the CPU utilization on fxpc process might be seen. And it might affect service. |
| PR Number | Synopsis | Category: Border Gateway Protocol |
| 1403186 | All the BGP session flap after RE switchover Product-Group=junos |
With GRES and NSR enabled, if executing RE switchover, BGP session might flap in some scenario. When Junos version have the fix of PR-1440694, BGP session always flap after doing RE switchover. |
| 1494005 | The rpd process generates core file at rt_nh_resolve_add_gen in ../../../../../../../../src/junos/usr.sbin/rpd/lib/rt/rt_resolve_ind.c: with the evpn-dhcp configurations. Product-Group=junos |
In BGP with INH (indirect next-hop) scenario, if using the knob "no-labeled-bgp" to disabled the chained composite next-hops for labeled BGP, the INH might not be created for the transit traffic route when devices handling transit traffic in the network. To create the INH again, it need to re-enable the chained composite next-hops for labeled BGP by removing the knob "no-labeled-bgp" or adding the knob "labeled-bgp", but the rpd resolver might not resolve the INH information as normal since the resolver is not getting ready, it might cause RDP crashed. Then, the routing protocol might be impacted. |
| PR Number | Synopsis | Category: BBE Remote Access Server |
| 1402653 | The subscriber might need to take retry for login Product-Group=junos |
On all Junos platforms running in subscriber scenario with address pool configured, if the address pool has high usage so that only few addresses are free to allocate, when there are subscribers logout and login, the released address by one subscriber might get re-used and allocated to the other subscriber very soon. Due to this issue, syslog error messages might be seen, and the affected subscriber might need to take retry for login. |
| PR Number | Synopsis | Category: PTX Chassis Manager |
| 1439929 | FPC reboot may be observed in the events of jlock hog more than 5s Product-Group=junos |
On PTX1000 platform, in case of a jlock hog lasts for more than 5 seconds, FPC reboot might be seen. |
| PR Number | Synopsis | Category: Firewall Filter |
| 1524836 | The commit may fail if configure a filter enabled with enhanced-mode to et- interface Product-Group=junos |
On the MX platforms, if a filter enabled with the enhanced-mode is configured for the 100G ports, all the configurations either related to the et interface or not, could not be committed any more due to a configuration validation issue. |
| PR Number | Synopsis | Category: EVPN control plane issues |
| 1394803 | The process rpd crash may be observed with EVPN type-3 route churn Product-Group=junos |
In an EVPN scenario, rpd may crash with EVPN type-3 route churn due to a race condition (Incorrect sequence of allocating and freeing memory for processing the updates between BGP and EVPN). |
| PR Number | Synopsis | Category: ISIS routing protocol |
| 1463650 | IS-IS IPv6 multi-topology routes might flap every time when there is an unrelated commit under protocol stanza Product-Group=junos |
With multi-topology enabled in ISIS globally hierarchy level, if some ISIS interfaces don't have IPv6 address, all ISIS IPv6 routes flap when committing any change under protocol stanza (e.g. 'protocol pim traceoption'). |
| PR Number | Synopsis | Category: Adresses ALG issues found in JSF |
| 1462984 | On the SRX5000 line of devices, the H323 call with NAT64 could not be established. Product-Group=junos |
On SRX5000 platforms, the H323 call with NAT enabled cannot be established when the H323 GK (Gatekeeper) works in direct mode. |
| PR Number | Synopsis | Category: IPSEC/IKE VPN |
| 1517262 | The flowd might crash in IPsec VPN scenario Product-Group=junos |
On SRX platforms with IPsec VPN configured, the flowd might crash during the IPsec VPN rekey window. The traffic/service might be impacted if hitting this issue. |
| PR Number | Synopsis | Category: Layer2 forwarding on EX/NTF/PTX/QFX |
| 1505976 | VRRPv6 might not work in EVPN scenario Product-Group=junos |
In EVPN scenario with VRRPv6 used, the ethernet source mac address might be used for IPv6 mac-ip binding when the NA is sent from VRRPv6 master, as this unexpected behavior is triggered on regular intervals, it causes the entries to keep refreshing in EVPN database because NS from VRRPv6 master changes the mac-ip binding. Hence it has traffic impact. |
| PR Number | Synopsis | Category: Label Distribution Protocol |
| 1538124 | The rpd might crash when the LDP route with indirect next-hop is deleted on the AE interface Product-Group=junos |
If the Label Distribution Protocol (LDP) route with indirect next-hop exists (e.g. LDP egress-policy is used to advertise BGP route into LDP), the rpd might crash when the LDP route is deleted from the AE interface. |
| PR Number | Synopsis | Category: Multiprotocol Label Switching |
| 1506062 | The rpd process might crash when triggering rpd restart or GRES switchover Product-Group=junos |
On all Junos platforms with GR (Graceful Restart) and LSP (Label Switched Path) configured, if the /mfs/var/db/tag_restart.db file is corrupted, the rpd process might crash when triggering rpd restart or GRES (Graceful Routing Engine Switchover) switchover. Traffic loss might be seen during the rpd crash and restart. |
| PR Number | Synopsis | Category: Multicast for L3VPNs |
| 1425876 | MVPN using PIM dense mode does not prune the OIF when PIM prune is received. Product-Group=junos |
In the MVPN (Multicast Virtual Private Network) scenario, when PIM Dense mode is used, the egress PE might not prune the OIF (outgoing interface) when PIM prune is received. |
| PR Number | Synopsis | Category: MX104 Software - Chassis Daemon |
| 1453893 | FPC/PFE crash may happen with ATM MIC installed in the FPC Product-Group=junos |
FPC crash on MX240 and MX2020 routers or Packet Forwarding Engine crash on MX104 routers might happen when the MIC-3D-8OC3-2OC12-ATM is installed and ATM interface is configured. |
| PR Number | Synopsis | Category: Track Mt Rainier RE platform software issues |
| 1386306 | The log message of 'kernel: interrupt storm detected on "irq11:"; throttling interrupt source' might be seen when NG-RE is used Product-Group=junos |
With Next Generation Routing Engine (NG-RE), in some race conditions, the following interrupts messages might be seen on master RE: kernel: interrupt storm detected on "irq11:"; throttling interrupt source |
| PR Number | Synopsis | Category: PE based L3 software |
| 1500798 | BFD sessions flap after deactivating or activating the aggregated Ethernet interface or executing GRES. Product-Group=junos |
On QFX10008 platforms, if the BFD is configured over an AE interface (member link across multiple FPCs), deactivating/activating the AE interface or executing GRES will cause the BFD sessions to flap. |
| PR Number | Synopsis | Category: PTP related issues. |
| 1461031 | The PTP function might consume the kernel CPU for a long time. Product-Group=junos |
If the PTP function is configured, the process ppmd may be starved due to the defect that PTP function hog kernel CPU for a long time (>100ms), which can cause the "keep-alive" of the corresponding functions timeout such as ppmd based functions - LFM, BFD. |
| PR Number | Synopsis | Category: QFX ISSU Infrastructure |
| 1490799 | After ISSU or ISSR, a port using SR4 or LR4 optics might not come up. Product-Group=junos |
On QFX5100/5200 platforms, a port using SR4/LR4 optics might not come up after ISSU (In-Service Software Upgrade)/ISSR (In-Service Software Reboot). |
| PR Number | Synopsis | Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous) |
| 1317750 | Port LEDs do not work on the QFX5100 switch in QFX5110-QFX5100 mixed mode Virtual Chassis. Product-Group=junosvae |
Port LEDs on the QFX5100 do not work. If a device connects to a port on the QFX5100, the port LED stays unlit. |
| PR Number | Synopsis | Category: QFX L2 PFE |
| 1515254 | On the EX4600 device with VXLAN enabled, the ARP request might get dropped if the storm control is configured. Product-Group=junos |
ARP request get dropped on QFX5000 and EX46xx devices when all of the following condition are met. 1.Storm control is enabled on any of the port. 2.VXLAN is enabled 3.Arp-suppression is enabled. |
| PR Number | Synopsis | Category: QFX VC Infrastructure |
| 1497563 | Virtual Chassis is not stable with 100-Gigabit Ethernet and 40-Gigabit Ethernet interfaces. Product-Group=junos |
In QFX5110 platform with Virtual Chassis (VC) scenario, VC might not get formed and can cause traffic loss if the 100G VCP ports are deleted and created, or changed from 40G to 100G or vice-versa. For the reason is that Forward Error Correction (FEC) should not be enabled when the physical interface is working as a VCP port. |
| PR Number | Synopsis | Category: RPD Next-hop issues including indirect, CNH, and MCNH |
| 1458595 | The rpd process might crash if a BGP route is resolved over the same prefix protocol next hop in an inet.3 table that has both RSVP and LDP routes. Product-Group=junos |
In race condition, if a BGP route is resolved over the same prefix protocol next hop in an inet.3 table that has both RSVP and LDP routes, when the RSVP and LDP routes are flapping (firstly these routes are down and then up), the BGP route will be re-resolved, and then the rpd crash might be seen. |
| PR Number | Synopsis | Category: RPD route tables, resolver, routing instances, static routes |
| 1463112 | RPD memory leak in RT_NEXTHOPS_TEMPLATE Product-Group=junos |
Junos releases having fix of PR1450123 might show RPD memory leak in RT_NEXTHOPS_TEMPLATE |
| PR Number | Synopsis | Category: platform related PRs on SRX branch platforms |
| 1451474 | Traffic forwarding on Q-in-Q port and VLAN tagging is not observed properly on R0. Product-Group=junos |
On SRX-branch platforms, if QinQ and native-vlan-id are configured, priority tagged packets (Priority tagged packets have their VLAN ID set to 0, and their priority code point bits might be configured with a CoS value.) would be dropped. Below is the detail. The newly added configuration "set interface input-native-vlan-push" is not supported by branch SRX. By default, input-native-vlan-push is disabled, which will cause untagged packets ingress from UNI (user-to-network) will not be added with inner tag on egressing out of NNI (network-to-network interface), and the priority only tagged packets ingress from UNI will be stripped of the priority tag when it egresses out of the UNI in the other end. Hence packets drop would be seen. |
| PR Number | Synopsis | Category: MPC7/8/9 Interface Issues |
| 1441816 | Egress stream flush failure and traffic black hole might occur. Product-Group=junos |
Egress stream flush failure and silent dropping of traffic could occur in a rare occasion for a repeatedly flapping link on MPC7E, MPC8E, MPC9E cards, MX204 and MX10003. |
| PR Number | Synopsis | Category: MX10003/MX204 Platform SW - Chassisd s/w defects |
| 1315577 | MX10003 : Despite of having all AC low PEM alarm is raised. Product-Group=junos |
An alarm is raised if mixed AC PEMs are present. This occurs because the criteria for checking whether mixed AC is present was changed. |
| 1423858 | On MX204 Optics "SFP-1GE-FE-E-T" I2C read errors are seen when an SFP-T is inserted into a disabled state port Product-Group=junos |
MX204 supports SFP "SFP-1GE-FE-E-T" from some releases. I2C read errors are seen when an SFP-T is inserted into a disabled state port, configured with "set interface <*> disable" cli command. [M LOG: Err] smic_mx1ru_8xsfpp_mpcs_i2c_read: - SFPP set start_addr failed [M LOG: Err] I2C Failed device: group 0x812 address 0x56 [M LOG: Err] mpcs_i2c_single_io: MPCS(0) ctlr 2 group 2 addr 0x56 prio 1 flags 0x0 failed status 0x1 [M LOG: Err] smic_mx1ru_8xsfpp_mpcs_i2c_read: - SFPP set start_addr failed [M LOG: Err] I2C Failed device: group 0x812 address 0x56 [M LOG: Err] smic_sfpp_ext_phy_get_linkstate: SMIC(0/1) - SFPP ext phy read failed [M LOG: Err] smic_phy_periodic DFE tuning failed for xe-0/1/2 [M LOG: Err] smic_periodic_raw: SMIC(0/1) - Error in PHY periodic function |
| PR Number | Synopsis | Category: Authentication, Authorization, Accounting, PAM (RADIUS/tacplus) |
| 1393839 | The lockout-period might not work for the user being locked out Product-Group=junos |
If 'system login retry-options lockout-period' is configured, the variables related to lockout-period are accessed without getting initialized, which could cause junk values in the variables to be used. The junk values in the variables might cause the lockout-period to not work. The actual behavior depends on what is the junk value. For example, user might not be allowed to login with correct password even after the lockout-period is elapsed, or user still can login during lockout-period. |
| PR Number | Synopsis | Category: UI Infrastructure - mgd, DAX API, DDL/ODL |
| 991081 | The configuration change on Backup RE cannot be synchronized while deleting inactivated interfaces/routing-instances from master Product-Group=junos |
In the dual Routing Engine scenario, the backup Routing Engine does not sync up the configuration change while deleting an inactivated interface/routing-instances from the master. So after the operation, the inactivated interface/routing-instances still exists on the backup Routing Engine. |
| PR Number | Synopsis | Category: Web-Management UI |
| 1513612 | Installing J-Web application package may fail on the EX2300/EX3400 platforms Product-Group=junos |
On the EX2300/EX3400 platforms, J-Web application package may fail to be installed with the affected releases. |
| PR Number | Synopsis | Category: VMHOST platforms software |
| 1446205 | The jfirmware upgrade might fail on certain MX platforms with SCBE3 Product-Group=junos |
On certain MX platforms having RE-S-2X00x6 and Enhanced MX-SCB installed, an error might be observed during the installation of jfirmware upgrade package which causes the installation to fail. |
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search