18.2R3-S6: Software Release Notification for JUNOS Software Version 18.2R3-S6

Junos Software service Release version 18.2R3-S6 is now available.

Warning: With VPLS/Bridge-Domain environment, an MX/EX9200 Series router with Trio-based MPCs running software version 18.2R3-S6. The MPCs may experience NH memory leak in the PFEs when using integrated routing and bridging (IRB) interface participating in the VPLS/Bridge-domain instance.

18.2R3-S6 - List of Fixed issues

PR Number	Synopsis	Category: EX4300 PFE
1456879	The traffic for some VLANs might not be forwarded when vlan-id-list is configured Product-Group=junos	On EX4300 Series switches, if the vlan-id-list is used on one interface, the traffic for some VLANs under the vlan-id-list might not be forwarded.
1493212	IPv6 neighbor solicitation packets might be dropped in a transit device. Product-Group=junos	In EX4300 platform with a Layer 2 scenario, IPv6 neighbor solicitation (NS) packets transiting an EX switch might be dropped if there is a firewall filter matching "next-header icmpv6" then "policer xxx with discard action" configured under a loopback interface. That will cause the IPv6 communication going through the EX switch to fail (IPv4 works fine).
PR Number	Synopsis	Category: EX2300/3400 CP
1482709	EX2300 -- SNMP Traps are not generated when MAC addresses limit threshold is reached Product-Group=junos	On EX2300, with mac-limit and drop-and-log action configured,when the limit threshold is reached, a syslog message is triggered but no SNMP trap is generated.
1494712	Authentication session might be terminated if PEAP request is retransmitted by authenticator Product-Group=junos	On all Junos platforms with 802.1X (dot1x) enabled, if Protected Extensible Authentication Protocol (PEAP) request is not replied by supplicant in default time interval, it could cause the authenticator to retransmit PEAP proposal method message with new Extensible Authentication Protocol (EAP) ID. The new EAP ID is different from EAP ID sent by authentication server. As a result, mismatching EAP ID issue could terminate authentication session. In the end, supplicant cannot access network. Please consider increasing 'supplicant-timeout' to prevent this issue from happening.
PR Number	Synopsis	Category: EX2300/3400 PFE
1427075	VC split after network topology changed Product-Group=junos	In Virtual Chassis scenario, when the interfaces flaps or VLAN configuration is changed frequently, the network topology will be changed accordingly, then CPU utilization will be dramatically increased to very high within a short time, which might cause the failure of essential communications between VC master and members. When the failure happens, FPC will automatically restart. As a result, VC is split and traffic is lost.
1511073	LLDP might not work when PVLAN is configured on EX/QFX VC Product-Group=junos	On EX/QFX virtual-chassis setup, when LLDP is configured along with the PVLAN and the interface is connected to the backup/linecard member port, LLDP might not work on the other end of VC.
1525373	"Drops" and "Dropped packets" counters in the output by "show interface extensive" are double counting. Product-Group=junos	"show interface ..." command shows wrong values for the "Drops" and "Drop Packet" counters. The actual value is half of the display values.
PR Number	Synopsis	Category: QFX Access control list
1521763	Firewall "sample" configuration gives the warning as unsupported on QFX10002-36q and will not work. Product-Group=junos	On QFX10002-36q, when inline-jflow is configured, the IPv4 firewall filter with 'sample' action gives a waring "unsupported platform" and will not work. On the other hand, the IPv6 firewall filter with 'sample' action will still work as expected.
PR Number	Synopsis	Category: QFX PFE L2
1521324	MAC address in hardware table may become out of sync between Master and member in Virtual Chassis after MAC flap Product-Group=junos	When MAC address moves over the member in Virtual Chassis, the MAC address's learning port in Internal Hardware MAC table may be out of sync between Master and member and this may lead to misforwarding. This will be an extremely rare occurrence. If the issue happens, you can issue "clear ethernet-switching table " command to restore the communication.
PR Number	Synopsis	Category: QFX L3 data-plane/forwarding
1528490	The fxpc crash might be observed if VXLAN interface flaps on QFX5K Product-Group=junos	On QFX5K platforms, if VXLAN enabled interfaces flap excessively in short period of time, PFE might crash.
PR Number	Synopsis	Category: CoS support on ACX
1493518	On the ACX5048 or ACX5096 line of routers, the LACP control packets might get dropped due to high CPU utilization. Product-Group=junos	On ACX5048/ACX5096 platforms, when one of the child links in AE goes down brings entire AE down due to high CPU.LACP control packets might get dropped as the port is blocked for a temporary period.
PR Number	Synopsis	Category: JUNOS kernel/ukernel changes for ACX
1509402	PFE crash might be seen and the FPC may remain down on ACX710 platform Product-Group=junos	On ACX710 platform, after the PTP(Precision Time Protocol) configuration is removed and the router is rebooted, the PFE might crash and the FPC remains down if PTP traffic is still coming into the router. This issue might also happen when SyncE is configured. This causes the router to crash and not come up.
PR Number	Synopsis	Category: BBE interface related issues
1498024	Subscribers may be disconnected after one of the AE participating FPCs comes online in a Junos node slicing scenario Product-Group=junos	On MX Series platforms with node slicing setup, if subscriber services and targeted distribution feature are enabled on an aggregated Ethernet interface, and the FPC where one of the aggregated Ethernet member port is located comes online, subscribers that are already online might be disconnected.
PR Number	Synopsis	Category: BBE multicast related issues
1536149	Multicast traffic may be sent out through unexpected interfaces on MX platforms with distributed IGMP enabled Product-Group=junos	On MX platforms with enabled subscriber services, if distributed IGMP is enabled on subscriber dynamic interfaces and there are static interfaces are configured on the same fpc, and fpc is reloaded or interfaces flapped, then multicast may get enabled on static interface and the multicast traffic may be sent out through unexpected interface.
PR Number	Synopsis	Category: Bi Directional Forwarding Detection (BFD)
1522261	BFD with authentication for BGP flaps after NG-RE switchover Product-Group=junos	On the devices with NG-RE (Next Generation Routing Engine) and SCBE2 (Enhanced Switch Control Board), when BFD authentication for BGP is enabled, the BFD may flap after the NG-RE switchover. The switchover should be GRES or NSR switchover. After the flap, the device could be self recovery.
PR Number	Synopsis	Category: Border Gateway Protocol
1442291	The rpd process might crash in an inter-AS option B Layer 3 VPN scenario if CNHs are used. Product-Group=junos	In inter-AS option B L3VPN scenario with chained composite next hops (CNHs) used, on autonomous system boundary router (ASBR), if the configuration family mpls on the ASBR to ASBR interface is missing, the rpd might crash when there is AS loop of the received inter-AS option B L3VPN routes. It is a timing issue.
PR Number	Synopsis	Category: MPC5/6E pfe microcode software
1459698	After the DRD auto recovery, the traffic blackholing upon interface flaps. Product-Group=junos	An interface stops forwarding traffic when MX software triggers a "DRD reorder timeout recovery" event follows by an interface flap on the same XMCHIP. When the logic is triggered, you will see a "cmtfpc_xmchip_drd_reorder_id_timeout_callback" message in the PFE syslog messages. This issue affects XM based MPCs (3E 4E 5E 6E 2E-NG 3E-NG).
PR Number	Synopsis	Category: QFX Access Control related
1515972	"dot1x" memory leak Product-Group=junos	Memory leak is seen in 'dot1xd' daemon when no 'dot1x' is configured. Memory leak is seen for the allocation while creating socket from 'dot1xd' daemon to 'authd' daemon. If 'authd' is not running , 'dot1xd' daemon tries to connect to 'authd' periodically and every time it was allocating memory for string "/var/run/authd_control" for socket creation. The memory does not free in this scenario and we see memory leak for string "/var/run/authd_control". There will be no service impact to other services/daemons other than dot1x.
PR Number	Synopsis	Category: Firewall Filter
1511041	Traffic might be dropped though not exceeding the configured bandwidth under policer Product-Group=junos	If a bandwidth-percent-based policer is applied on an aggregated Ethernet bundle without the "shared-bandwidth-policer" configuration statement, traffic will hit the policer even if the traffic is not exceeding the configured bandwidth. As a workaround, configure the "shared-bandwidth-policer" configuration statement under the policer.
PR Number	Synopsis	Category: Covers Application classification workflows apart from custo
1500938	The srxpfe or flowd process might crash due to memory corruption within JDPI. Product-Group=junos	On SRX/MX platforms, if there are any services (e.g. AppID, IDP, APBR and so on) running based on Juniper Deep Packet Inspection (JDPI), when the work load is reaching heavy level, for example, above 50% of max connection per second for Layer 7 security policy, or 30% for IDP, the srxpfe/flowd process might crash due to memory corruption caused by this issue.
1516969	The flowd/srxpfe process might crash when SSL proxy and AppSecure process traffic simultaneously Product-Group=junos	On all SRX Platforms, the flowd/srxpfe process might crash when SSL proxy and AppSecure/IDP process traffic simultaneously.
PR Number	Synopsis	Category: mgd, ddl, odl infra issues
1458345	Commit fails and mustd process might crash on commit Product-Group=junos	mustd process, which is responsible for configuration constraint checks, might crash on commit leading to commit failure: ---> USER@ROUTER# commit and-quit re0: error: Child /usr/sbin/mustd dumped core (0x8b) error: Failed to open /var/run/db/enable-process.data+ file error: commit failed: daemon file propagation failed [edit] USER@ROUTER> show system core-dumps .. -rw------- 1 root wheel 7411164 Aug 11 12:33 /var/tmp/mustd.core.0.gz .. --->
PR Number	Synopsis	Category: EVPN Layer-2 Forwarding
1520078	Unable to create a new VTEP interface Product-Group=junos	In all platforms with VXLAN Static VTEP tunnels scenario (including Static VXLAN without EVPN), after RE switchover or restart of l2-learning, if create a new VTEP interface, the interface may not work.
PR Number	Synopsis	Category: Express PFE CoS Features
1531095	JDI-Reg:Switching-Regression-COS: Packet loss is seen while validating the policer after restarting chassis control Product-Group=junos	Check with Development team on this
PR Number	Synopsis	Category: Express PFE L2 fwding Features
1427994	The dcpfe process might crash and restart in MC-LAG scenario when the ARP/NDP next-hop is changed Product-Group=junos	On QFX10002/QFX10008/QFX10016 Series platforms with enhanced MC-LAG scenario, the dcpfe process might crash and restart if the ARP/NDP next-hop is changed.
1442587	The PMTUD might not work for both IPv4 and IPv6 if the ingress Layer 3 interface is an IRB. Product-Group=junos	Path MTU Discovery (PMTUD) is a standardized technique for determining the maximum transmission unit (MTU) size on the network path between two IP hosts, usually with the goal of avoiding IP fragmentation. On QFX10K platforms, the PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb. The corresponding ICMP Fragmentation Needed packet to the sender might be dropped silently, then PMTUD fails. This issue has service impact.
1522852	PRDS_SLU_SAL:jprds_slu_sal_update_lrncnt(),1379: jprds_slu_sal_update_lrncnt call failed" syslog errors messages might been which specific steps while clearing and loading again scaled configuration on QFX10002/QFX10008/QFX10016 Product-Group=junos	In scaled setup with scaled vlans and traffic flowing through all vlans. If current configuration is cleared and loaded again using below steps: load override rollback 1 commit Then base config is loaded, all leaned macs are aged out and the mac entries are marked as invalid. Ageing thread scans and finds SMAC ref bit transition for cleared mac entries and gets added to stale mac sw table. In scaled setup, considering 2k macs learned over a port, not all macs cleared at one Hw trigger, it happens in a batch of 256 entries in a mac table at a time as per qfx10k design and in the mean time, it is expected that IFBD on which macs were learned is deleted. This is the reason, Lport+IFL mapping is not found while clearing such macs and throws error.
PR Number	Synopsis	Category: IDP attack detection in the subscriber qmodules
1497340	The IDP attack detection might not work in a specific situation. Product-Group=junos	If the total number of applications (predefined as well as the custom applications configured) crosses 4096, attack detection might fail.
PR Number	Synopsis	Category: Internet Group Management Protocol
1520059	Packet loss might be observed while verifying traffic from access to core network for IPv4/IPv6 interfaces Product-Group=junos	On EX2300-48T/EX2300-48P/EX2300-48MP, packet loss may be seen when L3 IPv4/IPv6 interface and route related configurations with IPv4/IPv6 unicast stream are configured. This issue might cause traffic drop. This issue happens if two different NH(Next Hop) IDs are programmed in the Hardware for same route but only one entry is maintained in the software.This issue is specific to 48 port EX2300 platforms and will not occur on other 12/24 ports EX2300, such as EX2300-24T, EX2300-24P, EX2300-24MP.
PR Number	Synopsis	Category: Integrated Routing & Bridging (IRB) module
1453025	The IRB traffic might get drop after mastership switchover Product-Group=junos	In the Virtual-Chassis scenario with mac-persistence-timer enabled, the IRB traffic might get drop after master switchover.
PR Number	Synopsis	Category: Adresses ALG issues found in JSF
1475031	SIP messages that need to be fragmented might be dropped by the SIP ALG. Product-Group=junos	When SIP ALG is using, after payload changed by ALG, some SIP messages size maybe bigger than outgoing interface's MTU and need to be fragmented, that SIP messages might be dropped by SIP ALG.
PR Number	Synopsis	Category: JSR Infrastructure
1479156	The vSRX may restart unexpectedly Product-Group=junos	The srxpfe process generates core files when a socket-open error occurs during the initialization phase. Self-healing takes place when the srxpfe reboots and starts processing traffic.
PR Number	Synopsis	Category: IPSEC/IKE VPN
1446962	The IPSec VPN tunnel might not come up after restarting ike daemon Product-Group=junos	On the SRX platforms, the IPSec VPN tunnel might not come up after restarting ike daemon if the dynamic hostname (ike-id) is configured with empty string.
PR Number	Synopsis	Category: jsscd daemon
1511745	Static subscribers are logged out after creating a unit under demux0 interface Product-Group=junos	In MX platforms with static subscriber scenario, the existing static subscribers associated to a demux0 interface might be forced to log out after creating another unit under demux0 interface.
PR Number	Synopsis	Category: Layer 2 Circuit issues
1512834	The rpd might crash when deleting l2circuit configuration in a specific sequence Product-Group=junos	If l2circuit local-switching is enabled with connection-protection, the rpd could crash in the following configuration change sequence. 1. First, delete the logical interface (IFL) used by a l2circuit and commit the change. 2. Then, delete the corresponding l2circuit configuration. The rpd could crash after committing the change.
PR Number	Synopsis	Category: Layer 2 Control Module
1463251	Configure any combination of VLANs and interfaces under VSTP/MSTP may cause VSTP/MSTP related configuration can not be committed Product-Group=junos	On the EX platform, VSTP/MSTP related configuration might not be committed successfully if configure any combination of VLANs and interfaces under VSTP/MSTP to hit the maximum scale of 5219.
PR Number	Synopsis	Category: Layer2 forwarding on EX/NTF/PTX/QFX
1512802	Memory leak on l2ald might be seen when adding/deleting the routing-instances/bridge-domains configuration Product-Group=junos	Memory leak on l2ald might be seen when adding/deleting the routing-instances/bridge-domains configuration.
PR Number	Synopsis	Category: Multiprotocol Label Switching
1517018	The rpd might crash after upgrading Junos software release from pre 18.1 to 18.1 onwards Product-Group=junos	On all Junos platforms, the rpd might continuously crash after upgrading Junos software release from pre 18.1 to 18.1 onwards while graceful-restart and RSVP/static LSP are configured. This is because there is a change in the data structure written to the restart db file from 18.1 onwards. So, when rpd comes up and tries to read the restart db file written by pre 18.1 release image, the rpd might crash.
PR Number	Synopsis	Category: Jflow and sflow on MX
1487876	Incorrect 'frame length' of 132 bytes might be captured in packet header Product-Group=junos	On all MX/PTX5k/EX platforms with Trio based line cards, if a packet is send with more than 128 bytes it will always show incorrect "Frame length" of 132 bytes in raw packet header of sflow collector captured data.
PR Number	Synopsis	Category: IDS features available on MS-MPC/MIC
1527236	After applying ids-rules to service-set, high session rate is observed even without any DDos traffic Product-Group=junos	On MX platforms with MS-MIC/MS-PIC, if applying IDS filter and reaching high CPU state, the session rate stay high even without any DDos traffic which may lead to dropping of new session requests.
PR Number	Synopsis	Category: Bugs related to ethernet interface on MX platform
1435221	MicroBFD 3x100ms flap is seen upon inserting a QSFP in another port. Product-Group=junos	Micro BFD/LFMD sessions with timer configured with less than 3x500ms (such as 3x100ms) might flap when a QSFP transceiver is inserted into another port.
PR Number	Synopsis	Category: FreeBSD Kernel Infrastructure
1518898	The kernel might crash if a file/directory is accessed for the first time and is not created locally Product-Group=junos	On the Junos with Virtual Filesystem (VirtFS), if a file/directory is accessed for the first time and is not created locally, the kernel might crash and generate a vmcore file. Junos might reboot due to this issue.
1537696	Errors seen when dumping vmcore on EX-3400 series Product-Group=junos	EX3400 and EX2300 hang while trying to generate core files.
PR Number	Synopsis	Category: "ifstate" infrastructure
1486161	Kernel core might be seen if deleting an ifstate Product-Group=junos	On all Junos OS platforms, some operations such as configuration change might cause the state information to change and eventually cause the ifstate to be deleted. In a very rare case, deleting an ifstate (kernel state) might cause kernel core and Routing Engine restart. There is no specific trigger. This issue is reported by the configuration change.
PR Number	Synopsis	Category: Kernel Stats Infrastructure
1462986	Slow response from SNMP might be observed after upgrading to Junos OS Release 19.2R1 and later. Product-Group=junos	Slow response introduced with PR/1411303 fix, is getting resolved with this PR.
1508442	SNMP poling may return unexpectedly high value of ifHCOutOctets counter for physical interface when any jnxDom OID is processed at the same time Product-Group=junos	When actual transmitted load is configured for interface as: set interfaces interface-transmit-statistics And ifHCOutOctets OID is polling together with any jnxDom OIDs for the same interface with time interval between pollings equal or less then one second, the resulted value of ifHCOutOctets may be unexpectedly high
1522561	OID ifOutDiscards reports zero and sometimes shows valid value. Product-Group=junos	OID ifOutDiscards reports zero and sometimes shows valid value. labroot@jtac-ex3400-48t-r2039> show snmp mib get ifOutDiscards.514 \| refresh 3 ---(refreshed at 2020-07-10 12:54:07 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:10 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:13 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:16 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:19 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:22 IST)--- ifOutDiscards.514 = 241974 ---(refreshed at 2020-07-10 12:54:25 IST)--- ifOutDiscards.514 = 241974 ---(refreshed at 2020-07-10 12:54:28 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:31 IST)--- ifOutDiscards.514 = 0
PR Number	Synopsis	Category: Used for tracking OVSDB software issues and features
1518807	The vgd core might get generated when OVSDB server resarts Product-Group=junos	On all Junos platforms that support OVSDB (Open vSwitch database), the vgd core might get generated when the OVSDB server is restarted. The vgd daemon restart after the core might cause traffic impact. This issue happens when OVSDB server is disconnected and the device (switch/router) sends some updates events to server.
PR Number	Synopsis	Category: Express Paradise PFE Sflow
1525589	Sampling with the rate limiter command enabled, crosses the sample rate 65535. Product-Group=junos	'show sflow Interfaces' command displays wrong adaptive-sampling rates for rate limiter configuration. The display usually shows a sampling rate of more than 65535.
PR Number	Synopsis	Category: Issues related to PKI daemon
1525924	Certificate validation might fail when OCSP is used and the OCSP server is dual-stack device Product-Group=junos	When IPSec and PKI are used on SRX platforms, two VPN peers are using OCSP and the OCSP server is dual-stack device, if revocation check is configured for certificate, the certificate validation might fail and the IPSec tunnel is not established.
PR Number	Synopsis	Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1507044	The archival function may fail in certain conditions Product-Group=junos	If the archival function is enabled with the statement "routing-instance" and transfer mode is set as SFTP/SCP for archive-sites, it may not work and fail to transfer the files.
PR Number	Synopsis	Category: Interface related issues. Port up/down, stats, CMLC , serdes
1435705	SIB/FPC Link Error alarms might be observed on QFX10K due to a single CRC Product-Group=junos	On QFX10002/10008/10016 platforms, the "SIB/FPC Link Error" alarms will be observed even though only one CRC (Cyclic Redundancy Check) error is encountered in a poll period.
1462748	On the QFX5100 switches, the interface output counter is double counted for self-generated traffic. Product-Group=junos	On QFX5100 device, interface output counter is double counted for self-generated traffic
PR Number	Synopsis	Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1454527	On the QFX5000 line of switches, the dcpfe process crashes due to the usage of data that is not null getting terminated. Product-Group=junosvae	The dcpfe crash is due to usage of data which is not NULL terminated on QFX5K.
1508611	The fxpc may crash and restart with a fxpc core file created while installing image through ZTP Product-Group=junos	On QFX5100/EX4600 Series platforms, the fxpc may crash sometimes while installing an image through ZTP.
PR Number	Synopsis	Category: QFX PFE Class of Services
1430173	The CoS rewrite rules applied under an aggregated Ethernet interface might not take effect after NSSU. Product-Group=junos	On QFX 5K platform, Class of Service (CoS) rewrite rules applied under an Aggregated Ethernet (AE) interface might not take effect after Non-Stop Software Upgrade (NSSU). In the end, packets could not enter into correct queues for sending.
PR Number	Synopsis	Category: Filters
1514710	In VXLAN configuration, the firewall filters may not be loaded into the TCAM with the message "DFWE ERROR DFW: Cannot program filter .. " due to TCAM overflow after upgrading to 18.1R3-S1,18.2R1 and later Product-Group=junos	From 18.1R3-S1 and 18.2R1, we introduced the IPACL VXLAN filters in place of regular IPACL for the vxlan vlans. In regular IPACL, we just qualify the physical port on which the filter is installed and hence, much less entries are required as compared to the earlier introduced IPACL_VXLAN. Whereas in case of IPACL_VXLAN, we qualify based on the logical port and hence, we need to install the filter entries for all the vxlan vlans that physical port (on which filter is applied) is a part of, requiring much larger number of entries. Thus this caused TCAM overflow after upgrading. We qualified based on the logical port which is calculated from the IFL and the vlan configured on the IFL. The fix is to integrate the place of IPACL VxLAN for the L2 filtering on VxLAN ports into the regular IPACL filters and to add IFD level support unless VLAN name/ID clarification rule is used in the firewall filter.
PR Number	Synopsis	Category: QFX L2 PFE
1504354	LLDP is not acquired when native-vlan-id and tagged VLAN-ID are the same on a port. Product-Group=junos	On QFX5000 platforms running with Link Layer Discovery Protocol (LLDP) configured, if the interface has both native-vlan-id and vlan-id configured, and the native-vlan-id and vlan-id have the same value, LLDP neighborship might be unable to setup on that particular interface due to this issue.
PR Number	Synopsis	Category: QFX L3 data-plane/forwarding
1458206	Dual Tag Q-in-Q not working with EVPN-VXLAN Product-Group=junos	In EVPN-VXLAN with retaining S-VLAN Tags and C-VLAN tags scenario, both S-VLAN and C-VLAN tags are treated as the data of a packet when it is transported. when a dual-tagged ARP packet arrives at ingress PE, the device could only recognize either untagged ARP packet or single tag ARP packet, and if it is not, the device will assume that it is not an ARP packet. Since ARP resolution fails, all subsequent communication will not happen.
PR Number	Synopsis	Category: QFX VC Infrastructure
1497563	Virtual Chassis is not stable with 100-Gigabit Ethernet and 40-Gigabit Ethernet interfaces. Product-Group=junos	In QFX5110 platform with Virtual Chassis (VC) scenario, VC might not get formed and can cause traffic loss if the 100G VCP ports are deleted and created, or changed from 40G to 100G or vice-versa. For the reason is that Forward Error Correction (FEC) should not be enabled when the physical interface is working as a VCP port.
PR Number	Synopsis	Category: RPD route tables, resolver, routing instances, static routes
1421566	Some LDP routes in VRF cannot be resolved over the inet.3 table Product-Group=junos	Any route that is added to the rib will be resolved over predefined tables, and the resolution tables for a given protocol are fixed. LDP routes added to foo.mpls.0, the resolution table is not initialized due to this NULL access happen to lead to the core.
1471968	The rpd might stop when both instance-import and instance-export policies contain the as-path-prepend action. Product-Group=junos	On all platforms running Junos OS, when an internally route leaking between routing instances using instance import and instance export policies and both policies containing as-path-prepend actions, if this as-path is referred to some route, the rpd process might stop a change or delete operation on the route (for example, clearing BGP neighborship, changing BGP or policy configuration, and so on).
PR Number	Synopsis	Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1482400	The vmcore crash sometimes along with mspmand crash might happen on MS-MPC/MS-MIC if large-scale traffic flows are processed by it Product-Group=junos	With NAT/Stateful-firewall/TCP tickle (enable by default) configured on MS-MPC/MS-MIC, the vmcore crash sometimes along with mspmand crash might happen if large-scale traffic flows (e.g. million flows) are processed by it.
1489942	Prolonged flow-control might happen on MX platforms with MS-MPC/MS-MIC Product-Group=junos	On MX platforms with MS-MPC/MS-MIC, if there are lots of self-generated packets like TCP-tickle and UDP-logging, there might be data congestion on the data path due to no throttling functionality for such types of packets. When the data path is blocked, prolonged flow-control might happen with the service interfaces being brought down and the PIC reboot. At the same time, the mspmand core file will be generated if dump-on-flow-control is enabled.
PR Number	Synopsis	Category: SRX Argon module bugs
1450904	The AAMW policy rules for IMAP traffic sometimes might not get applied when traffic passes through SRX Series devices. Product-Group=junos	AAMW policy rules for IMAP traffic sometimes might not get applied when the IMAP traffic passes through an SRX Series device.
PR Number	Synopsis	Category: Remote Access VPN issues on SRX
1442145	With NCP remote access solution, in a PathFinder case (for example, where IPsec traffic has to be encapsulated as TCP packets), TCP encapsulation for transit traffic is failing. Product-Group=junos	With the NCP remote access solution, where IPsec traffic has to be encapsulated as TCP packets, TCP encapsulation for transit traffic is failing.
PR Number	Synopsis	Category: MX10003/MX204 Platform SW - Chassisd s/w defects
1315577	MX10003 : Despite of having all AC low PEM alarm is raised. Product-Group=junosvae	An alarm is raised if mixed AC PEMs are present. This occurs because the criteria for checking whether mixed AC is present was changed.
PR Number	Synopsis	Category: MX10003/MX204 MPC defects tracking
1426349	Interfaces may come to down after device reboots Product-Group=junos	On MX204/SRX4600/EX9251 platform, interfaces with the parameter "speed 1g" configured may come to down after device reboots, this is a timing issue and reproduced after about 50 reboots in the test.
PR Number	Synopsis	Category: SRX-1RU platfom related protocol, QoS, filtering features et
1515046	VRRP does not work on the reth interface with a VLAN ID greater than 1023. Product-Group=junos	When a redundant Ethernet (reth) interface has vlan-tagging configured and is part of a VRRP group, the SRX/vSRX is unable to allocate the VIP to the reth interface if the vlan-id configured is greater than 1023. As a result, VRRP does not work.
PR Number	Synopsis	Category: Trio pfe bridging, learning, stp, oam, irb software
1501014	Traffic to VRRP virtual IP/MAC might be dropped when ingress queueing is enabled Product-Group=junos	On MX platforms with any MPC in enhanced network-service mode, if VRRP is configured on AE interface, after 'set chassis fpc X pic X traffic-manager mode ingress-and-egress' is enabled, traffic sent to virtual IP/MAC might be dropped and the forward traffic will be affected.
1513509	During route table object fetch failure, FPC may crash Product-Group=junos	Due to rare timing issue, the FPC might crash because of route table object fetch failure in EVPN multihoming scenario.
PR Number	Synopsis	Category: Web-Management UI
1513612	Installing J-Web application package may fail on the EX2300/EX3400 platforms Product-Group=junos	On the EX2300/EX3400 platforms, J-Web application package may fail to be installed with the affected releases.
1520246	The J-Web does not display the correct Flow-control status on EX devices Product-Group=junos	On EX2300/EX4600 devices, when the flow control configuration is changed in the CLI (enable/disable), it is not correctly reflected in J-web. However, if the flow control configuration is changed in J-web, it will get updated in the CLI.
PR Number	Synopsis	Category: V44 Satellite Device Infra
1466324	Temperature sensor alarm is seen on EX4300 in Junos Fusion scenario. Product-Group=junosvae	In Junos Fusion scenario with EX4300 acting as SD, the temperature sensor alarms and logs might be seen as a result of the incorrect temperature reading of about 2-3 degrees lower than the expected. There is no CLI command to clear the alarm and logs.
PR Number	Synopsis	Category: VMHOST platforms software
1446205	The jfirmware upgrade might fail on certain MX platforms with SCBE3 Product-Group=junos	On certain MX platforms having RE-S-2X00x6 and Enhanced MX-SCB installed, an error might be observed during the installation of jfirmware upgrade package which causes the installation to fail.

18.2R3-S6 - List of Known issues

PR Number	Synopsis	Category: EX2300 Hardware
1369924	EX2300 - Watchdog reset is shown as Swizzle Product-Group=junos	On EX2300, when watchdog is induced, the last reboot reason is shown as Swizzle Reboot.
PR Number	Synopsis	Category: EX4300 PFE
1538401	LLDP neighborship might not come up on EX4300 non-AE interfaces Product-Group=junos	Due to a regression introduced by PR/1517133, LLDP might not work on non-AE (Aggregated Ethernet) interfaces.
PR Number	Synopsis	Category: EX9200 Platform
1448368	On the EX9214 device, the following error message are observed after reboot and MACsec-enabled link flaps: errorlib_set_error_log(): err_id(-1718026239). Product-Group=junos	On the EX9214 device, if the MACsec-enabled link flaps after reboot, the error "errorlib_set_error_log(): err_id(-1718026239)" is observed.
PR Number	Synopsis	Category: EX2300/3400 platform
1536408	PoE messages "poe_get_dev_class: Failed to get PD class info" seen on EX2300 Product-Group=junos	Moved POE messages to informational level: "poe_get_dev_class: Failed to get PD class info"
PR Number	Synopsis	Category: QFX L3 data-plane/forwarding
1433884	JDI-RCT: EVPN-VXLAN NON-COLLAPSED: Traffic loss observed during longevity runs Product-Group=junos	Adjust DDOS Value appropriately
PR Number	Synopsis	Category: ACX PFE
1407098	High CPU utilization of the fxpc process might be observed with the class-of-service changes on interfaces. Product-Group=junos	On ACX5048/ACX5096 platforms, when applying COS configurations (schedulers related) on interfaces, the CPU utilization on fxpc process might be seen. And it might affect service.
PR Number	Synopsis	Category: BBE routing
1387690	In a subscriber management environment, multiple error messages of shmlog: argcnt 309 not enough memory might be generated every hour. Product-Group=junos	In subscriber management scenario, the bbe-smgd process might crash when two subscribers login with the same framed-route prefix and preference values returned from Radius.
PR Number	Synopsis	Category: Border Gateway Protocol
1403186	All the BGP session flap after RE switchover Product-Group=junos	With GRES and NSR enabled, if executing RE switchover, BGP session might flap in some scenario. When Junos version have the fix of PR-1440694, BGP session always flap after doing RE switchover.
1464931	RPKI validation is broken Product-Group=junos	RPKI validation is broken in a scenario where the RV database gets updated in the master instance but the VRF route table is not triggered to re-verify its prefixes against the new updates.
1531715	Configuring or deleting the "family inet6 unicast" BGP configuration flaps the IPv4 neighbours Product-Group=junos	This is expected behavior. To setup a BGP session, peers need to exchange open message where they will negotiate which families to support. When you changed family under a group, all the peers in this group will inherit the change. So they need to reset the session so family change info can be updated in the new open message. BGP neighborship will be re-established if there is any addition or deletion of a new family. If the family is configured at the neighbor level, addition or deletion of family from group level will not impact neighborship as the local configuration overrides global parameters.
PR Number	Synopsis	Category: BBE Remote Access Server
1402653	The subscriber might need to take retry for login Product-Group=junos	On all Junos platforms running in subscriber scenario with address pool configured, if the address pool has high usage so that only few addresses are free to allocate, when there are subscribers logout and login, the released address by one subscriber might get re-used and allocated to the other subscriber very soon. Due to this issue, syslog error messages might be seen, and the affected subscriber might need to take retry for login.
PR Number	Synopsis	Category: EVPN control plane issues
1485377	On the MX, QFX10002, QFX10008, and QFX10016 devices within an EVPN-MPLS active-active multi-homing mode, when adding and deleting the virtual-gateway-address, the ARP entry to CE might disappear from the kernel. Product-Group=junos	On MX/QFX10002/QFX10008/QFX10016 devices within an EVPN-MPLS active-active multi-homing mode, when adding and deleting the virtual-gateway-address, the ARP entry to CE might disappear from the kernel.
PR Number	Synopsis	Category: Express pfe Mclag
1488166	Traffic getting dropped on doing ifd deactivate/activate trigger with mclag configurations on QFX10002 Product-Group=junos	On QFX10002 switches with mclag configurations, traffic drops when you deactivate or activate ifd trigger.
PR Number	Synopsis	Category: Express PFE MPLS Features
1515092	The routes update might fail upon the HMC memory issue and traffic impact might be seen. Product-Group=junos	On PTX Series and QFX Series devices, in rare cases, HMC memory error might cause routes update failure and traffic impact on the Packet Forwarding Engine.
PR Number	Synopsis	Category: Flow Module
1534876	For gre-over-ipsec scenario, traffic drop observed after tunnel flap or reboot of SRX, when gr-0/0/0 and st0 interface are in custom routing-instance and egress interface is in master routing-instance. Product-Group=junos	For gre-over-ipsec scenario, traffic drop observed after tunnel flap or reboot of SRX, when gr-0/0/0 and st0 interface are in custom routing-instance and egress interface is in master routing-instance.
PR Number	Synopsis	Category: IPSEC/IKE VPN
1517262	The flowd might crash in IPsec VPN scenario Product-Group=junos	On SRX platforms with IPsec VPN configured, the flowd might crash during the IPsec VPN rekey window. The traffic/service might be impacted if hitting this issue.
PR Number	Synopsis	Category: Layer 2 Control Module
1473610	ERP might not come up properly when MSTP and ERP are enabled on the same interface. Product-Group=junos	When both "Multiple Spanning Tree Protocol " (MSTP) and Ethernet Ring Protection Switching" ERPS are enabled on the same interface, then ERPS does not come up properly.
PR Number	Synopsis	Category: Layer2 forwarding on EX/NTF/PTX/QFX
1505976	VRRPv6 might not work in EVPN scenario Product-Group=junos	In EVPN scenario with VRRPv6 used, the ethernet source mac address might be used for IPv6 mac-ip binding when the NA is sent from VRRPv6 master, as this unexpected behavior is triggered on regular intervals, it causes the entries to keep refreshing in EVPN database because NS from VRRPv6 master changes the mac-ip binding. Hence it has traffic impact.
PR Number	Synopsis	Category: Fabric Manager for MX
1482124	The fabric healing might incorrectly offline all MPCs in MX2K system while the hardware fault is located on one MPC slot Product-Group=junos	In specific MPC hardware failure conditions within the MX2K platform, fabric healing will attempt to auto-heal the fault location in 3 phases to prevent traffic blackholing. If under such fault conditions only destination timeouts are reported without corresponding link errors, the fabric healing process might restart all MPCs in phase-2 in an auto-healing attempt and if the error condition appears again within 10 minutes the last phase-2 might offline all MPCs in the system.
PR Number	Synopsis	Category: PE based L3 software
1500798	BFD sessions flap after deactivating or activating the aggregated Ethernet interface or executing GRES. Product-Group=junos	On QFX10008 platforms, if the BFD is configured over an AE interface (member link across multiple FPCs), deactivating/activating the AE interface or executing GRES will cause the BFD sessions to flap.
PR Number	Synopsis	Category: vMX Data Plane Issues
1483224	Malformed packet causes one of the LACP AE (Aggregated Ethernet) interfaces to stop forwarding on vMX Product-Group=junos	Only on vMX platform, when one of LACP links interface receives the malformed packet (such as runt packet), it might cause a PF reset which leads to the interface stop forwarding traffic.
PR Number	Synopsis	Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1317750	Port LEDs do not work on the QFX5100 switch in QFX5110-QFX5100 mixed mode Virtual Chassis. Product-Group=junosvae	Port LEDs on the QFX5100 do not work. If a device connects to a port on the QFX5100, the port LED stays unlit.
PR Number	Synopsis	Category: QFX L2 PFE
1500825	On the QFX5000 switches, ERPS might not work correctly. Product-Group=junos	On QFX5k platforms, Ethernet ring protection switching (ERPS) might not work correctly due to ERPS instance programming failure in hardware which might cause loop in the network.
PR Number	Synopsis	Category: QFX L3 data-plane/forwarding
1537924	ECMP over GRE does not work for BGP route Product-Group=junos	ECMP over GRE does not work for BGP route. Traffic is polarized to just one egress interface but not distributed to multiple egress interfaces.
PR Number	Synopsis	Category: KRT Queue issues within RPD
1388119	During link flap, kernel veto messages are seen and traffic is being blackholed Product-Group=junos	In JUNOS 16.1/later releases, when the quick interface "down/up" happens, IGP and BGP protocols perform RIB route-change, in some sceanrios we may observe rt_pfe_veto messages in syslog, due to slow PFE consumption, kernel will throttle RPD by sending ENOBUFS. In order to avoid this scenario we can configure in JUNOS the following values to the Kernel Routing Table IO: set routing-options krt-io-options work-queue-length high-threshold 250 set routing-options krt-io-options work-queue-length low-threshold 200 set routing-options krt-io-options tx-bulk-count 10 Important Notes: The above commands require RPD restart to take effect. When the "interface down" happens, IGP and BGP protocols perform RIB route-change. The IGP change is placed into a high priority queue and the exterior route change is placed into a low priority queue. For 64-bit systems, RPD workqueue size is 10000 and bulk count is 30. As a result, the head of line blocking for the IGP route change could potentially be up to 300000 rtsock requests, which causes the delay in FIB convergence for that particular prefix when the interface comes up immediately after interface down.
1402569	The rpd might crash when a change in import policy or resolution rib happens at the same time BGP peer is shutting down Product-Group=junos	The rpd crash might be seen in the configuration change scenario with large BGP and IGP configuration. In a rare condition, when a change in import policy or resolution rib happens at the same time BGP peer is shutting down, some inconsistencies in Next-Hop entries could occur, which could result in rpd process crash.
PR Number	Synopsis	Category: Cover Logical System Infrastrcuture Development
1516661	On all SRX product that support Logical Systems, enabling OSPFv3 authentication in a custom LSYS is not supported Product-Group=junos	On all SRX product that support Logical Systems, enabling OSPFv3 authentication in a custom LSYS is not supported
PR Number	Synopsis	Category: MPC7/8/9 Interface Issues
1517202	MPC7E with QSFP installed may get rebooted when 'show mtip-chmac <1\|2> registers' vty command is executed. Product-Group=junos	MPC7E with QSFP-100GBASE-SR4/LR4 installed may get rebooted when 'show mtip-chmac <1\|2> registers' vty command is executed. The mtip-chmac id 1 and 2 are not mapped to any IFD instance. Accessing the registers of the MAC that is not mapped to any IFD instance causes a crash. If IFDs are allocated, then the MAC is initialized and out of reset, but if there are no IFDs allocated, accessing the registers of the MAC results in a crash.
PR Number	Synopsis	Category: UI Infrastructure - mgd, DAX API, DDL/ODL
991081	The configuration change on Backup RE cannot be synchronized while deleting inactivated interfaces/routing-instances from master Product-Group=junos	In the dual Routing Engine scenario, the backup Routing Engine does not sync up the configuration change while deleting an inactivated interface/routing-instances from the master. So after the operation, the inactivated interface/routing-instances still exists on the backup Routing Engine.
PR Number	Synopsis	Category: PTX/QFX10002/8/16 specific software components
1397030	Seeing "VMHost RE 0 Secure BIOS Version Mismatch" and "VMHost RE 1 Secure Boot Disabled" alarms Product-Group=junos	Minor False alarms "Secure BIOS Version Mismatch" seen on MX1008 platforms. There is no functionality break/impact due to this.
PR Number	Synopsis	Category: VMHOST platforms software
1436201	The ifHCInOctets counter on aggregated Ethernet interface shows the zero value when SNMP MIB walk is executed. Product-Group=junos	Customer found ifHCInOctets counter on AE interface going to ZERO when snmp gets those value via both CLI and remote snmp get commands.

Knowledge Base