Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

18.2R3-S6: Software Release Notification for JUNOS Software Version 18.2R3-S6

0

0

Article ID: TSB17873 TECHNICAL_BULLETINS Last Updated: 07 Oct 2020Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 18.2R3-S6 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 18.2R3-S6 is now available.

Warning: With VPLS/Bridge-Domain environment, an MX/EX9200 Series router with Trio-based MPCs running software version 18.2R3-S6. The MPCs may experience NH memory leak in the PFEs when using integrated routing and bridging (IRB) interface participating in the VPLS/Bridge-domain instance.

18.2R3-S6 - List of Fixed issues
PR Number Synopsis Category: EX4300 PFE
1456879 The traffic for some VLANs might not be forwarded when vlan-id-list is configured
Product-Group=junos
On EX4300 Series switches, if the vlan-id-list is used on one interface, the traffic for some VLANs under the vlan-id-list might not be forwarded.
1493212 IPv6 neighbor solicitation packets might be dropped in a transit device.
Product-Group=junos
In EX4300 platform with a Layer 2 scenario, IPv6 neighbor solicitation (NS) packets transiting an EX switch might be dropped if there is a firewall filter matching "next-header icmpv6" then "policer xxx with discard action" configured under a loopback interface. That will cause the IPv6 communication going through the EX switch to fail (IPv4 works fine).
PR Number Synopsis Category: EX2300/3400 CP
1482709 EX2300 -- SNMP Traps are not generated when MAC addresses limit threshold is reached
Product-Group=junos
On EX2300, with mac-limit and drop-and-log action configured,when the limit threshold is reached, a syslog message is triggered but no SNMP trap is generated.
1494712 Authentication session might be terminated if PEAP request is retransmitted by authenticator
Product-Group=junos
On all Junos platforms with 802.1X (dot1x) enabled, if Protected Extensible Authentication Protocol (PEAP) request is not replied by supplicant in default time interval, it could cause the authenticator to retransmit PEAP proposal method message with new Extensible Authentication Protocol (EAP) ID. The new EAP ID is different from EAP ID sent by authentication server. As a result, mismatching EAP ID issue could terminate authentication session. In the end, supplicant cannot access network. Please consider increasing 'supplicant-timeout' to prevent this issue from happening.
PR Number Synopsis Category: EX2300/3400 PFE
1427075 VC split after network topology changed
Product-Group=junos
In Virtual Chassis scenario, when the interfaces flaps or VLAN configuration is changed frequently, the network topology will be changed accordingly, then CPU utilization will be dramatically increased to very high within a short time, which might cause the failure of essential communications between VC master and members. When the failure happens, FPC will automatically restart. As a result, VC is split and traffic is lost.
1511073 LLDP might not work when PVLAN is configured on EX/QFX VC
Product-Group=junos
On EX/QFX virtual-chassis setup, when LLDP is configured along with the PVLAN and the interface is connected to the backup/linecard member port, LLDP might not work on the other end of VC.
1525373 "Drops" and "Dropped packets" counters in the output by "show interface extensive" are double counting.
Product-Group=junos
"show interface ..." command shows wrong values for the "Drops" and "Drop Packet" counters. The actual value is half of the display values.
PR Number Synopsis Category: QFX Access control list
1521763 Firewall "sample" configuration gives the warning as unsupported on QFX10002-36q and will not work.
Product-Group=junos
On QFX10002-36q, when inline-jflow is configured, the IPv4 firewall filter with 'sample' action gives a waring "unsupported platform" and will not work. On the other hand, the IPv6 firewall filter with 'sample' action will still work as expected.
PR Number Synopsis Category: QFX PFE L2
1521324 MAC address in hardware table may become out of sync between Master and member in Virtual Chassis after MAC flap
Product-Group=junos
When MAC address moves over the member in Virtual Chassis, the MAC address's learning port in Internal Hardware MAC table may be out of sync between Master and member and this may lead to misforwarding. This will be an extremely rare occurrence. If the issue happens, you can issue "clear ethernet-switching table " command to restore the communication.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1528490 The fxpc crash might be observed if VXLAN interface flaps on QFX5K
Product-Group=junos
On QFX5K platforms, if VXLAN enabled interfaces flap excessively in short period of time, PFE might crash.
PR Number Synopsis Category: CoS support on ACX
1493518 On the ACX5048 or ACX5096 line of routers, the LACP control packets might get dropped due to high CPU utilization.
Product-Group=junos
On ACX5048/ACX5096 platforms, when one of the child links in AE goes down brings entire AE down due to high CPU.LACP control packets might get dropped as the port is blocked for a temporary period.
PR Number Synopsis Category: JUNOS kernel/ukernel changes for ACX
1509402 PFE crash might be seen and the FPC may remain down on ACX710 platform
Product-Group=junos
On ACX710 platform, after the PTP(Precision Time Protocol) configuration is removed and the router is rebooted, the PFE might crash and the FPC remains down if PTP traffic is still coming into the router. This issue might also happen when SyncE is configured. This causes the router to crash and not come up.
PR Number Synopsis Category: BBE interface related issues
1498024 Subscribers may be disconnected after one of the AE participating FPCs comes online in a Junos node slicing scenario
Product-Group=junos
On MX Series platforms with node slicing setup, if subscriber services and targeted distribution feature are enabled on an aggregated Ethernet interface, and the FPC where one of the aggregated Ethernet member port is located comes online, subscribers that are already online might be disconnected.
PR Number Synopsis Category: BBE multicast related issues
1536149 Multicast traffic may be sent out through unexpected interfaces on MX platforms with distributed IGMP enabled
Product-Group=junos
On MX platforms with enabled subscriber services, if distributed IGMP is enabled on subscriber dynamic interfaces and there are static interfaces are configured on the same fpc, and fpc is reloaded or interfaces flapped, then multicast may get enabled on static interface and the multicast traffic may be sent out through unexpected interface.
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1522261 BFD with authentication for BGP flaps after NG-RE switchover
Product-Group=junos
On the devices with NG-RE (Next Generation Routing Engine) and SCBE2 (Enhanced Switch Control Board), when BFD authentication for BGP is enabled, the BFD may flap after the NG-RE switchover. The switchover should be GRES or NSR switchover. After the flap, the device could be self recovery.
PR Number Synopsis Category: Border Gateway Protocol
1442291 The rpd process might crash in an inter-AS option B Layer 3 VPN scenario if CNHs are used.
Product-Group=junos
In inter-AS option B L3VPN scenario with chained composite next hops (CNHs) used, on autonomous system boundary router (ASBR), if the configuration family mpls on the ASBR to ASBR interface is missing, the rpd might crash when there is AS loop of the received inter-AS option B L3VPN routes. It is a timing issue.
PR Number Synopsis Category: MPC5/6E pfe microcode software
1459698 After the DRD auto recovery, the traffic blackholing upon interface flaps.
Product-Group=junos
An interface stops forwarding traffic when MX software triggers a "DRD reorder timeout recovery" event follows by an interface flap on the same XMCHIP. When the logic is triggered, you will see a "cmtfpc_xmchip_drd_reorder_id_timeout_callback" message in the PFE syslog messages. This issue affects XM based MPCs (3E 4E 5E 6E 2E-NG 3E-NG).
PR Number Synopsis Category: QFX Access Control related
1515972 "dot1x" memory leak
Product-Group=junos
Memory leak is seen in 'dot1xd' daemon when no 'dot1x' is configured. Memory leak is seen for the allocation while creating socket from 'dot1xd' daemon to 'authd' daemon. If 'authd' is not running , 'dot1xd' daemon tries to connect to 'authd' periodically and every time it was allocating memory for string "/var/run/authd_control" for socket creation. The memory does not free in this scenario and we see memory leak for string "/var/run/authd_control". There will be no service impact to other services/daemons other than dot1x.
PR Number Synopsis Category: Firewall Filter
1511041 Traffic might be dropped though not exceeding the configured bandwidth under policer
Product-Group=junos
If a bandwidth-percent-based policer is applied on an aggregated Ethernet bundle without the "shared-bandwidth-policer" configuration statement, traffic will hit the policer even if the traffic is not exceeding the configured bandwidth. As a workaround, configure the "shared-bandwidth-policer" configuration statement under the policer.
PR Number Synopsis Category: Covers Application classification workflows apart from custo
1500938 The srxpfe or flowd process might crash due to memory corruption within JDPI.
Product-Group=junos
On SRX/MX platforms, if there are any services (e.g. AppID, IDP, APBR and so on) running based on Juniper Deep Packet Inspection (JDPI), when the work load is reaching heavy level, for example, above 50% of max connection per second for Layer 7 security policy, or 30% for IDP, the srxpfe/flowd process might crash due to memory corruption caused by this issue.
1516969 The flowd/srxpfe process might crash when SSL proxy and AppSecure process traffic simultaneously
Product-Group=junos
On all SRX Platforms, the flowd/srxpfe process might crash when SSL proxy and AppSecure/IDP process traffic simultaneously.
PR Number Synopsis Category: mgd, ddl, odl infra issues
1458345 Commit fails and mustd process might crash on commit
Product-Group=junos
mustd process, which is responsible for configuration constraint checks, might crash on commit leading to commit failure: ---> USER@ROUTER# commit and-quit re0: error: Child /usr/sbin/mustd dumped core (0x8b) error: Failed to open /var/run/db/enable-process.data+ file error: commit failed: daemon file propagation failed [edit] USER@ROUTER> show system core-dumps .. -rw------- 1 root wheel 7411164 Aug 11 12:33 /var/tmp/mustd.core.0.gz .. --->
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1520078 Unable to create a new VTEP interface
Product-Group=junos
In all platforms with VXLAN Static VTEP tunnels scenario (including Static VXLAN without EVPN), after RE switchover or restart of l2-learning, if create a new VTEP interface, the interface may not work.
PR Number Synopsis Category: Express PFE CoS Features
1531095 JDI-Reg:Switching-Regression-COS: Packet loss is seen while validating the policer after restarting chassis control
Product-Group=junos
Check with Development team on this
PR Number Synopsis Category: Express PFE L2 fwding Features
1427994 The dcpfe process might crash and restart in MC-LAG scenario when the ARP/NDP next-hop is changed
Product-Group=junos
On QFX10002/QFX10008/QFX10016 Series platforms with enhanced MC-LAG scenario, the dcpfe process might crash and restart if the ARP/NDP next-hop is changed.
1442587 The PMTUD might not work for both IPv4 and IPv6 if the ingress Layer 3 interface is an IRB.
Product-Group=junos
Path MTU Discovery (PMTUD) is a standardized technique for determining the maximum transmission unit (MTU) size on the network path between two IP hosts, usually with the goal of avoiding IP fragmentation. On QFX10K platforms, the PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb. The corresponding ICMP Fragmentation Needed packet to the sender might be dropped silently, then PMTUD fails. This issue has service impact.
1522852 PRDS_SLU_SAL:jprds_slu_sal_update_lrncnt(),1379: jprds_slu_sal_update_lrncnt call failed" syslog errors messages might been which specific steps while clearing and loading again scaled configuration on QFX10002/QFX10008/QFX10016
Product-Group=junos
In scaled setup with scaled vlans and traffic flowing through all vlans. If current configuration is cleared and loaded again using below steps: load override rollback 1 commit Then base config is loaded, all leaned macs are aged out and the mac entries are marked as invalid. Ageing thread scans and finds SMAC ref bit transition for cleared mac entries and gets added to stale mac sw table. In scaled setup, considering 2k macs learned over a port, not all macs cleared at one Hw trigger, it happens in a batch of 256 entries in a mac table at a time as per qfx10k design and in the mean time, it is expected that IFBD on which macs were learned is deleted. This is the reason, Lport+IFL mapping is not found while clearing such macs and throws error.
PR Number Synopsis Category: IDP attack detection in the subscriber qmodules
1497340 The IDP attack detection might not work in a specific situation.
Product-Group=junos
If the total number of applications (predefined as well as the custom applications configured) crosses 4096, attack detection might fail.
PR Number Synopsis Category: Internet Group Management Protocol
1520059 Packet loss might be observed while verifying traffic from access to core network for IPv4/IPv6 interfaces
Product-Group=junos
On EX2300-48T/EX2300-48P/EX2300-48MP, packet loss may be seen when L3 IPv4/IPv6 interface and route related configurations with IPv4/IPv6 unicast stream are configured. This issue might cause traffic drop. This issue happens if two different NH(Next Hop) IDs are programmed in the Hardware for same route but only one entry is maintained in the software.This issue is specific to 48 port EX2300 platforms and will not occur on other 12/24 ports EX2300, such as EX2300-24T, EX2300-24P, EX2300-24MP.
PR Number Synopsis Category: Integrated Routing & Bridging (IRB) module
1453025 The IRB traffic might get drop after mastership switchover
Product-Group=junos
In the Virtual-Chassis scenario with mac-persistence-timer enabled, the IRB traffic might get drop after master switchover.
PR Number Synopsis Category: Adresses ALG issues found in JSF
1475031 SIP messages that need to be fragmented might be dropped by the SIP ALG.
Product-Group=junos
When SIP ALG is using, after payload changed by ALG, some SIP messages size maybe bigger than outgoing interface's MTU and need to be fragmented, that SIP messages might be dropped by SIP ALG.
PR Number Synopsis Category: JSR Infrastructure
1479156 The vSRX may restart unexpectedly
Product-Group=junos
The srxpfe process generates core files when a socket-open error occurs during the initialization phase. Self-healing takes place when the srxpfe reboots and starts processing traffic.
PR Number Synopsis Category: IPSEC/IKE VPN
1446962 The IPSec VPN tunnel might not come up after restarting ike daemon
Product-Group=junos
On the SRX platforms, the IPSec VPN tunnel might not come up after restarting ike daemon if the dynamic hostname (ike-id) is configured with empty string.
PR Number Synopsis Category: jsscd daemon
1511745 Static subscribers are logged out after creating a unit under demux0 interface
Product-Group=junos
In MX platforms with static subscriber scenario, the existing static subscribers associated to a demux0 interface might be forced to log out after creating another unit under demux0 interface.
PR Number Synopsis Category: Layer 2 Circuit issues
1512834 The rpd might crash when deleting l2circuit configuration in a specific sequence
Product-Group=junos
If l2circuit local-switching is enabled with connection-protection, the rpd could crash in the following configuration change sequence. 1. First, delete the logical interface (IFL) used by a l2circuit and commit the change. 2. Then, delete the corresponding l2circuit configuration. The rpd could crash after committing the change.
PR Number Synopsis Category: Layer 2 Control Module
1463251 Configure any combination of VLANs and interfaces under VSTP/MSTP may cause VSTP/MSTP related configuration can not be committed
Product-Group=junos
On the EX platform, VSTP/MSTP related configuration might not be committed successfully if configure any combination of VLANs and interfaces under VSTP/MSTP to hit the maximum scale of 5219.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1512802 Memory leak on l2ald might be seen when adding/deleting the routing-instances/bridge-domains configuration
Product-Group=junos
Memory leak on l2ald might be seen when adding/deleting the routing-instances/bridge-domains configuration.
PR Number Synopsis Category: Multiprotocol Label Switching
1517018 The rpd might crash after upgrading Junos software release from pre 18.1 to 18.1 onwards
Product-Group=junos
On all Junos platforms, the rpd might continuously crash after upgrading Junos software release from pre 18.1 to 18.1 onwards while graceful-restart and RSVP/static LSP are configured. This is because there is a change in the data structure written to the restart db file from 18.1 onwards. So, when rpd comes up and tries to read the restart db file written by pre 18.1 release image, the rpd might crash.
PR Number Synopsis Category: Jflow and sflow on MX
1487876 Incorrect 'frame length' of 132 bytes might be captured in packet header
Product-Group=junos
On all MX/PTX5k/EX platforms with Trio based line cards, if a packet is send with more than 128 bytes it will always show incorrect "Frame length" of 132 bytes in raw packet header of sflow collector captured data.
PR Number Synopsis Category: IDS features available on MS-MPC/MIC
1527236 After applying ids-rules to service-set, high session rate is observed even without any DDos traffic
Product-Group=junos
On MX platforms with MS-MIC/MS-PIC, if applying IDS filter and reaching high CPU state, the session rate stay high even without any DDos traffic which may lead to dropping of new session requests.
PR Number Synopsis Category: Bugs related to ethernet interface on MX platform
1435221 MicroBFD 3x100ms flap is seen upon inserting a QSFP in another port.
Product-Group=junos
Micro BFD/LFMD sessions with timer configured with less than 3x500ms (such as 3x100ms) might flap when a QSFP transceiver is inserted into another port.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1518898 The kernel might crash if a file/directory is accessed for the first time and is not created locally
Product-Group=junos
On the Junos with Virtual Filesystem (VirtFS), if a file/directory is accessed for the first time and is not created locally, the kernel might crash and generate a vmcore file. Junos might reboot due to this issue.
1537696 Errors seen when dumping vmcore on EX-3400 series
Product-Group=junos
EX3400 and EX2300 hang while trying to generate core files.
PR Number Synopsis Category: "ifstate" infrastructure
1486161 Kernel core might be seen if deleting an ifstate
Product-Group=junos
On all Junos OS platforms, some operations such as configuration change might cause the state information to change and eventually cause the ifstate to be deleted. In a very rare case, deleting an ifstate (kernel state) might cause kernel core and Routing Engine restart. There is no specific trigger. This issue is reported by the configuration change.
PR Number Synopsis Category: Kernel Stats Infrastructure
1462986 Slow response from SNMP might be observed after upgrading to Junos OS Release 19.2R1 and later.
Product-Group=junos
Slow response introduced with PR/1411303 fix, is getting resolved with this PR.
1508442 SNMP poling may return unexpectedly high value of ifHCOutOctets counter for physical interface when any jnxDom OID is processed at the same time
Product-Group=junos
When actual transmitted load is configured for interface as: set interfaces interface-transmit-statistics And ifHCOutOctets OID is polling together with any jnxDom OIDs for the same interface with time interval between pollings equal or less then one second, the resulted value of ifHCOutOctets may be unexpectedly high
1522561 OID ifOutDiscards reports zero and sometimes shows valid value.
Product-Group=junos
OID ifOutDiscards reports zero and sometimes shows valid value. labroot@jtac-ex3400-48t-r2039> show snmp mib get ifOutDiscards.514 | refresh 3 ---(refreshed at 2020-07-10 12:54:07 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:10 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:13 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:16 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:19 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:22 IST)--- ifOutDiscards.514 = 241974 ---(refreshed at 2020-07-10 12:54:25 IST)--- ifOutDiscards.514 = 241974 ---(refreshed at 2020-07-10 12:54:28 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:31 IST)--- ifOutDiscards.514 = 0
PR Number Synopsis Category: Used for tracking OVSDB software issues and features
1518807 The vgd core might get generated when OVSDB server resarts
Product-Group=junos
On all Junos platforms that support OVSDB (Open vSwitch database), the vgd core might get generated when the OVSDB server is restarted. The vgd daemon restart after the core might cause traffic impact. This issue happens when OVSDB server is disconnected and the device (switch/router) sends some updates events to server.
PR Number Synopsis Category: Express Paradise PFE Sflow
1525589 Sampling with the rate limiter command enabled, crosses the sample rate 65535.
Product-Group=junos
'show sflow Interfaces' command displays wrong adaptive-sampling rates for rate limiter configuration. The display usually shows a sampling rate of more than 65535.
PR Number Synopsis Category: Issues related to PKI daemon
1525924 Certificate validation might fail when OCSP is used and the OCSP server is dual-stack device
Product-Group=junos
When IPSec and PKI are used on SRX platforms, two VPN peers are using OCSP and the OCSP server is dual-stack device, if revocation check is configured for certificate, the certificate validation might fail and the IPSec tunnel is not established.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1507044 The archival function may fail in certain conditions
Product-Group=junos
If the archival function is enabled with the statement "routing-instance" and transfer mode is set as SFTP/SCP for archive-sites, it may not work and fail to transfer the files.
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1435705 SIB/FPC Link Error alarms might be observed on QFX10K due to a single CRC
Product-Group=junos
On QFX10002/10008/10016 platforms, the "SIB/FPC Link Error" alarms will be observed even though only one CRC (Cyclic Redundancy Check) error is encountered in a poll period.
1462748 On the QFX5100 switches, the interface output counter is double counted for self-generated traffic.
Product-Group=junos
On QFX5100 device, interface output counter is double counted for self-generated traffic
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1454527 On the QFX5000 line of switches, the dcpfe process crashes due to the usage of data that is not null getting terminated.
Product-Group=junosvae
The dcpfe crash is due to usage of data which is not NULL terminated on QFX5K.
1508611 The fxpc may crash and restart with a fxpc core file created while installing image through ZTP
Product-Group=junos
On QFX5100/EX4600 Series platforms, the fxpc may crash sometimes while installing an image through ZTP.
PR Number Synopsis Category: QFX PFE Class of Services
1430173 The CoS rewrite rules applied under an aggregated Ethernet interface might not take effect after NSSU.
Product-Group=junos
On QFX 5K platform, Class of Service (CoS) rewrite rules applied under an Aggregated Ethernet (AE) interface might not take effect after Non-Stop Software Upgrade (NSSU). In the end, packets could not enter into correct queues for sending.
PR Number Synopsis Category: Filters
1514710 In VXLAN configuration, the firewall filters may not be loaded into the TCAM with the message "DFWE ERROR DFW: Cannot program filter .. " due to TCAM overflow after upgrading to 18.1R3-S1,18.2R1 and later
Product-Group=junos
From 18.1R3-S1 and 18.2R1, we introduced the IPACL VXLAN filters in place of regular IPACL for the vxlan vlans. In regular IPACL, we just qualify the physical port on which the filter is installed and hence, much less entries are required as compared to the earlier introduced IPACL_VXLAN. Whereas in case of IPACL_VXLAN, we qualify based on the logical port and hence, we need to install the filter entries for all the vxlan vlans that physical port (on which filter is applied) is a part of, requiring much larger number of entries. Thus this caused TCAM overflow after upgrading. We qualified based on the logical port which is calculated from the IFL and the vlan configured on the IFL. The fix is to integrate the place of IPACL VxLAN for the L2 filtering on VxLAN ports into the regular IPACL filters and to add IFD level support unless VLAN name/ID clarification rule is used in the firewall filter.
PR Number Synopsis Category: QFX L2 PFE
1504354 LLDP is not acquired when native-vlan-id and tagged VLAN-ID are the same on a port.
Product-Group=junos
On QFX5000 platforms running with Link Layer Discovery Protocol (LLDP) configured, if the interface has both native-vlan-id and vlan-id configured, and the native-vlan-id and vlan-id have the same value, LLDP neighborship might be unable to setup on that particular interface due to this issue.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1458206 Dual Tag Q-in-Q not working with EVPN-VXLAN
Product-Group=junos
In EVPN-VXLAN with retaining S-VLAN Tags and C-VLAN tags scenario, both S-VLAN and C-VLAN tags are treated as the data of a packet when it is transported. when a dual-tagged ARP packet arrives at ingress PE, the device could only recognize either untagged ARP packet or single tag ARP packet, and if it is not, the device will assume that it is not an ARP packet. Since ARP resolution fails, all subsequent communication will not happen.
PR Number Synopsis Category: QFX VC Infrastructure
1497563 Virtual Chassis is not stable with 100-Gigabit Ethernet and 40-Gigabit Ethernet interfaces.
Product-Group=junos
In QFX5110 platform with Virtual Chassis (VC) scenario, VC might not get formed and can cause traffic loss if the 100G VCP ports are deleted and created, or changed from 40G to 100G or vice-versa. For the reason is that Forward Error Correction (FEC) should not be enabled when the physical interface is working as a VCP port.
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1421566 Some LDP routes in VRF cannot be resolved over the inet.3 table
Product-Group=junos
Any route that is added to the rib will be resolved over predefined tables, and the resolution tables for a given protocol are fixed. LDP routes added to foo.mpls.0, the resolution table is not initialized due to this NULL access happen to lead to the core.
1471968 The rpd might stop when both instance-import and instance-export policies contain the as-path-prepend action.
Product-Group=junos
On all platforms running Junos OS, when an internally route leaking between routing instances using instance import and instance export policies and both policies containing as-path-prepend actions, if this as-path is referred to some route, the rpd process might stop a change or delete operation on the route (for example, clearing BGP neighborship, changing BGP or policy configuration, and so on).
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1482400 The vmcore crash sometimes along with mspmand crash might happen on MS-MPC/MS-MIC if large-scale traffic flows are processed by it
Product-Group=junos
With NAT/Stateful-firewall/TCP tickle (enable by default) configured on MS-MPC/MS-MIC, the vmcore crash sometimes along with mspmand crash might happen if large-scale traffic flows (e.g. million flows) are processed by it.
1489942 Prolonged flow-control might happen on MX platforms with MS-MPC/MS-MIC
Product-Group=junos
On MX platforms with MS-MPC/MS-MIC, if there are lots of self-generated packets like TCP-tickle and UDP-logging, there might be data congestion on the data path due to no throttling functionality for such types of packets. When the data path is blocked, prolonged flow-control might happen with the service interfaces being brought down and the PIC reboot. At the same time, the mspmand core file will be generated if dump-on-flow-control is enabled.
PR Number Synopsis Category: SRX Argon module bugs
1450904 The AAMW policy rules for IMAP traffic sometimes might not get applied when traffic passes through SRX Series devices.
Product-Group=junos
AAMW policy rules for IMAP traffic sometimes might not get applied when the IMAP traffic passes through an SRX Series device.
PR Number Synopsis Category: Remote Access VPN issues on SRX
1442145 With NCP remote access solution, in a PathFinder case (for example, where IPsec traffic has to be encapsulated as TCP packets), TCP encapsulation for transit traffic is failing.
Product-Group=junos
With the NCP remote access solution, where IPsec traffic has to be encapsulated as TCP packets, TCP encapsulation for transit traffic is failing.
PR Number Synopsis Category: MX10003/MX204 Platform SW - Chassisd s/w defects
1315577 MX10003 : Despite of having all AC low PEM alarm is raised.
Product-Group=junosvae
An alarm is raised if mixed AC PEMs are present. This occurs because the criteria for checking whether mixed AC is present was changed.
PR Number Synopsis Category: MX10003/MX204 MPC defects tracking
1426349 Interfaces may come to down after device reboots
Product-Group=junos
On MX204/SRX4600/EX9251 platform, interfaces with the parameter "speed 1g" configured may come to down after device reboots, this is a timing issue and reproduced after about 50 reboots in the test.
PR Number Synopsis Category: SRX-1RU platfom related protocol, QoS, filtering features et
1515046 VRRP does not work on the reth interface with a VLAN ID greater than 1023.
Product-Group=junos
When a redundant Ethernet (reth) interface has vlan-tagging configured and is part of a VRRP group, the SRX/vSRX is unable to allocate the VIP to the reth interface if the vlan-id configured is greater than 1023. As a result, VRRP does not work.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1501014 Traffic to VRRP virtual IP/MAC might be dropped when ingress queueing is enabled
Product-Group=junos
On MX platforms with any MPC in enhanced network-service mode, if VRRP is configured on AE interface, after 'set chassis fpc X pic X traffic-manager mode ingress-and-egress' is enabled, traffic sent to virtual IP/MAC might be dropped and the forward traffic will be affected.
1513509 During route table object fetch failure, FPC may crash
Product-Group=junos
Due to rare timing issue, the FPC might crash because of route table object fetch failure in EVPN multihoming scenario.
PR Number Synopsis Category: Web-Management UI
1513612 Installing J-Web application package may fail on the EX2300/EX3400 platforms
Product-Group=junos
On the EX2300/EX3400 platforms, J-Web application package may fail to be installed with the affected releases.
1520246 The J-Web does not display the correct Flow-control status on EX devices
Product-Group=junos
On EX2300/EX4600 devices, when the flow control configuration is changed in the CLI (enable/disable), it is not correctly reflected in J-web. However, if the flow control configuration is changed in J-web, it will get updated in the CLI.
PR Number Synopsis Category: V44 Satellite Device Infra
1466324 Temperature sensor alarm is seen on EX4300 in Junos Fusion scenario.
Product-Group=junosvae
In Junos Fusion scenario with EX4300 acting as SD, the temperature sensor alarms and logs might be seen as a result of the incorrect temperature reading of about 2-3 degrees lower than the expected. There is no CLI command to clear the alarm and logs.
PR Number Synopsis Category: VMHOST platforms software
1446205 The jfirmware upgrade might fail on certain MX platforms with SCBE3
Product-Group=junos
On certain MX platforms having RE-S-2X00x6 and Enhanced MX-SCB installed, an error might be observed during the installation of jfirmware upgrade package which causes the installation to fail.
 

18.2R3-S6 - List of Known issues
PR Number Synopsis Category: EX2300 Hardware
1369924 EX2300 - Watchdog reset is shown as Swizzle
Product-Group=junos
On EX2300, when watchdog is induced, the last reboot reason is shown as Swizzle Reboot.
PR Number Synopsis Category: EX4300 PFE
1538401 LLDP neighborship might not come up on EX4300 non-AE interfaces
Product-Group=junos
Due to a regression introduced by PR/1517133, LLDP might not work on non-AE (Aggregated Ethernet) interfaces.
PR Number Synopsis Category: EX9200 Platform
1448368 On the EX9214 device, the following error message are observed after reboot and MACsec-enabled link flaps: errorlib_set_error_log(): err_id(-1718026239).
Product-Group=junos
On the EX9214 device, if the MACsec-enabled link flaps after reboot, the error "errorlib_set_error_log(): err_id(-1718026239)" is observed.
PR Number Synopsis Category: EX2300/3400 platform
1536408 PoE messages "poe_get_dev_class: Failed to get PD class info" seen on EX2300
Product-Group=junos
Moved POE messages to informational level: "poe_get_dev_class: Failed to get PD class info"
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1433884 JDI-RCT: EVPN-VXLAN NON-COLLAPSED: Traffic loss observed during longevity runs
Product-Group=junos
Adjust DDOS Value appropriately
PR Number Synopsis Category: ACX PFE
1407098 High CPU utilization of the fxpc process might be observed with the class-of-service changes on interfaces.
Product-Group=junos
On ACX5048/ACX5096 platforms, when applying COS configurations (schedulers related) on interfaces, the CPU utilization on fxpc process might be seen. And it might affect service.
PR Number Synopsis Category: BBE routing
1387690 In a subscriber management environment, multiple error messages of shmlog: argcnt 309 not enough memory might be generated every hour.
Product-Group=junos
In subscriber management scenario, the bbe-smgd process might crash when two subscribers login with the same framed-route prefix and preference values returned from Radius.
PR Number Synopsis Category: Border Gateway Protocol
1403186 All the BGP session flap after RE switchover
Product-Group=junos
With GRES and NSR enabled, if executing RE switchover, BGP session might flap in some scenario. When Junos version have the fix of PR-1440694, BGP session always flap after doing RE switchover.
1464931 RPKI validation is broken
Product-Group=junos
RPKI validation is broken in a scenario where the RV database gets updated in the master instance but the VRF route table is not triggered to re-verify its prefixes against the new updates.
1531715 Configuring or deleting the "family inet6 unicast" BGP configuration flaps the IPv4 neighbours
Product-Group=junos
This is expected behavior. To setup a BGP session, peers need to exchange open message where they will negotiate which families to support. When you changed family under a group, all the peers in this group will inherit the change. So they need to reset the session so family change info can be updated in the new open message. BGP neighborship will be re-established if there is any addition or deletion of a new family. If the family is configured at the neighbor level, addition or deletion of family from group level will not impact neighborship as the local configuration overrides global parameters.
PR Number Synopsis Category: BBE Remote Access Server
1402653 The subscriber might need to take retry for login
Product-Group=junos
On all Junos platforms running in subscriber scenario with address pool configured, if the address pool has high usage so that only few addresses are free to allocate, when there are subscribers logout and login, the released address by one subscriber might get re-used and allocated to the other subscriber very soon. Due to this issue, syslog error messages might be seen, and the affected subscriber might need to take retry for login.
PR Number Synopsis Category: EVPN control plane issues
1485377 On the MX, QFX10002, QFX10008, and QFX10016 devices within an EVPN-MPLS active-active multi-homing mode, when adding and deleting the virtual-gateway-address, the ARP entry to CE might disappear from the kernel.
Product-Group=junos
On MX/QFX10002/QFX10008/QFX10016 devices within an EVPN-MPLS active-active multi-homing mode, when adding and deleting the virtual-gateway-address, the ARP entry to CE might disappear from the kernel.
PR Number Synopsis Category: Express pfe Mclag
1488166 Traffic getting dropped on doing ifd deactivate/activate trigger with mclag configurations on QFX10002
Product-Group=junos
On QFX10002 switches with mclag configurations, traffic drops when you deactivate or activate ifd trigger.
PR Number Synopsis Category: Express PFE MPLS Features
1515092 The routes update might fail upon the HMC memory issue and traffic impact might be seen.
Product-Group=junos
On PTX Series and QFX Series devices, in rare cases, HMC memory error might cause routes update failure and traffic impact on the Packet Forwarding Engine.
PR Number Synopsis Category: Flow Module
1534876 For gre-over-ipsec scenario, traffic drop observed after tunnel flap or reboot of SRX, when gr-0/0/0 and st0 interface are in custom routing-instance and egress interface is in master routing-instance.
Product-Group=junos
For gre-over-ipsec scenario, traffic drop observed after tunnel flap or reboot of SRX, when gr-0/0/0 and st0 interface are in custom routing-instance and egress interface is in master routing-instance.
PR Number Synopsis Category: IPSEC/IKE VPN
1517262 The flowd might crash in IPsec VPN scenario
Product-Group=junos
On SRX platforms with IPsec VPN configured, the flowd might crash during the IPsec VPN rekey window. The traffic/service might be impacted if hitting this issue.
PR Number Synopsis Category: Layer 2 Control Module
1473610 ERP might not come up properly when MSTP and ERP are enabled on the same interface.
Product-Group=junos
When both "Multiple Spanning Tree Protocol " (MSTP) and Ethernet Ring Protection Switching" ERPS are enabled on the same interface, then ERPS does not come up properly.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1505976 VRRPv6 might not work in EVPN scenario
Product-Group=junos
In EVPN scenario with VRRPv6 used, the ethernet source mac address might be used for IPv6 mac-ip binding when the NA is sent from VRRPv6 master, as this unexpected behavior is triggered on regular intervals, it causes the entries to keep refreshing in EVPN database because NS from VRRPv6 master changes the mac-ip binding. Hence it has traffic impact.
PR Number Synopsis Category: Fabric Manager for MX
1482124 The fabric healing might incorrectly offline all MPCs in MX2K system while the hardware fault is located on one MPC slot
Product-Group=junos
In specific MPC hardware failure conditions within the MX2K platform, fabric healing will attempt to auto-heal the fault location in 3 phases to prevent traffic blackholing. If under such fault conditions only destination timeouts are reported without corresponding link errors, the fabric healing process might restart all MPCs in phase-2 in an auto-healing attempt and if the error condition appears again within 10 minutes the last phase-2 might offline all MPCs in the system.
PR Number Synopsis Category: PE based L3 software
1500798 BFD sessions flap after deactivating or activating the aggregated Ethernet interface or executing GRES.
Product-Group=junos
On QFX10008 platforms, if the BFD is configured over an AE interface (member link across multiple FPCs), deactivating/activating the AE interface or executing GRES will cause the BFD sessions to flap.
PR Number Synopsis Category: vMX Data Plane Issues
1483224 Malformed packet causes one of the LACP AE (Aggregated Ethernet) interfaces to stop forwarding on vMX
Product-Group=junos
Only on vMX platform, when one of LACP links interface receives the malformed packet (such as runt packet), it might cause a PF reset which leads to the interface stop forwarding traffic.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1317750 Port LEDs do not work on the QFX5100 switch in QFX5110-QFX5100 mixed mode Virtual Chassis.
Product-Group=junosvae
Port LEDs on the QFX5100 do not work. If a device connects to a port on the QFX5100, the port LED stays unlit.
PR Number Synopsis Category: QFX L2 PFE
1500825 On the QFX5000 switches, ERPS might not work correctly.
Product-Group=junos
On QFX5k platforms, Ethernet ring protection switching (ERPS) might not work correctly due to ERPS instance programming failure in hardware which might cause loop in the network.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1537924 ECMP over GRE does not work for BGP route
Product-Group=junos
ECMP over GRE does not work for BGP route. Traffic is polarized to just one egress interface but not distributed to multiple egress interfaces.
PR Number Synopsis Category: KRT Queue issues within RPD
1388119 During link flap, kernel veto messages are seen and traffic is being blackholed
Product-Group=junos
In JUNOS 16.1/later releases, when the quick interface "down/up" happens, IGP and BGP protocols perform RIB route-change, in some sceanrios we may observe rt_pfe_veto messages in syslog, due to slow PFE consumption, kernel will throttle RPD by sending ENOBUFS. In order to avoid this scenario we can configure in JUNOS the following values to the Kernel Routing Table IO: set routing-options krt-io-options work-queue-length high-threshold 250 set routing-options krt-io-options work-queue-length low-threshold 200 set routing-options krt-io-options tx-bulk-count 10 Important Notes: The above commands require RPD restart to take effect. When the "interface down" happens, IGP and BGP protocols perform RIB route-change. The IGP change is placed into a high priority queue and the exterior route change is placed into a low priority queue. For 64-bit systems, RPD workqueue size is 10000 and bulk count is 30. As a result, the head of line blocking for the IGP route change could potentially be up to 300000 rtsock requests, which causes the delay in FIB convergence for that particular prefix when the interface comes up immediately after interface down.
1402569 The rpd might crash when a change in import policy or resolution rib happens at the same time BGP peer is shutting down
Product-Group=junos
The rpd crash might be seen in the configuration change scenario with large BGP and IGP configuration. In a rare condition, when a change in import policy or resolution rib happens at the same time BGP peer is shutting down, some inconsistencies in Next-Hop entries could occur, which could result in rpd process crash.
PR Number Synopsis Category: Cover Logical System Infrastrcuture Development
1516661 On all SRX product that support Logical Systems, enabling OSPFv3 authentication in a custom LSYS is not supported
Product-Group=junos
On all SRX product that support Logical Systems, enabling OSPFv3 authentication in a custom LSYS is not supported
PR Number Synopsis Category: MPC7/8/9 Interface Issues
1517202 MPC7E with QSFP installed may get rebooted when 'show mtip-chmac <1|2> registers' vty command is executed.
Product-Group=junos
MPC7E with QSFP-100GBASE-SR4/LR4 installed may get rebooted when 'show mtip-chmac <1|2> registers' vty command is executed. The mtip-chmac id 1 and 2 are not mapped to any IFD instance. Accessing the registers of the MAC that is not mapped to any IFD instance causes a crash. If IFDs are allocated, then the MAC is initialized and out of reset, but if there are no IFDs allocated, accessing the registers of the MAC results in a crash.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
991081 The configuration change on Backup RE cannot be synchronized while deleting inactivated interfaces/routing-instances from master
Product-Group=junos
In the dual Routing Engine scenario, the backup Routing Engine does not sync up the configuration change while deleting an inactivated interface/routing-instances from the master. So after the operation, the inactivated interface/routing-instances still exists on the backup Routing Engine.
PR Number Synopsis Category: PTX/QFX10002/8/16 specific software components
1397030 Seeing "VMHost RE 0 Secure BIOS Version Mismatch" and "VMHost RE 1 Secure Boot Disabled" alarms
Product-Group=junos
Minor False alarms "Secure BIOS Version Mismatch" seen on MX1008 platforms. There is no functionality break/impact due to this.
PR Number Synopsis Category: VMHOST platforms software
1436201 The ifHCInOctets counter on aggregated Ethernet interface shows the zero value when SNMP MIB walk is executed.
Product-Group=junos
Customer found ifHCInOctets counter on AE interface going to ZERO when snmp gets those value via both CLI and remote snmp get commands.
Modification History:
First publication 2020-10-07
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search