Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

19.1R3-S3: Software Release Notification for JUNOS Software Version 19.1R3-S3

0

0

Article ID: TSB17887 TECHNICAL_BULLETINS Last Updated: 14 Oct 2020Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, MX, EX, PTX, QFX, vMX, vRR, NFX, SRX, vSRX
Alert Description:
Junos Software Service Release version 19.1R3-S3 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 19.1R3-S3 is now available.

19.1R3-S3 - List of Fixed issues

PR Number Synopsis Category: EX4300 PFE
1456879 The traffic for some VLANs might not be forwarded when vlan-id-list is configured
Product-Group=junos
On EX4300 Series switches, if the vlan-id-list is used on one interface, the traffic for some VLANs under the vlan-id-list might not be forwarded.
PR Number Synopsis Category: EX4300 CP general implementation
1498903 In some cases, if we have an OSPF session on the IRB over LAG interface with 40-Gigabit Ethernet port as member, the session gets stuck in restart.
Product-Group=junosvae
On the EX4300-48MP VC (Virtual Chassis), if the LAG (Link Aggregation Group) interface with member interfaces of 40G/100G is configured across the master and the standby FPCs of the VC, the OSPF configured on the IRB (Integrated Routing and Bridging) interface over this LAG might be stuck in "ExStart" state. The issue impacts the establishment of the OSPF neighbor.
PR Number Synopsis Category: EX driver issues
1515689 The IP communication between directly connected interfaces on EX4600 would fail
Product-Group=junosvae
The IP communication between directly connected interfaces on EX4600 TVP platforms would fail. This issue only might occur in this special scenario and it might have traffic/service impact.
PR Number Synopsis Category: EX2300/3400 CP
1494712 Authentication session might be terminated if PEAP request is retransmitted by authenticator
Product-Group=junos
On all Junos platforms with 802.1X (dot1x) enabled, if Protected Extensible Authentication Protocol (PEAP) request is not replied by supplicant in default time interval, it could cause the authenticator to retransmit PEAP proposal method message with new Extensible Authentication Protocol (EAP) ID. The new EAP ID is different from EAP ID sent by authentication server. As a result, mismatching EAP ID issue could terminate authentication session. In the end, supplicant cannot access network. Please consider increasing 'supplicant-timeout' to prevent this issue from happening.
PR Number Synopsis Category: EX2300/3400 PFE
1427075 VC split after network topology changed
Product-Group=junos
In Virtual Chassis scenario, when the interfaces flaps or VLAN configuration is changed frequently, the network topology will be changed accordingly, then CPU utilization will be dramatically increased to very high within a short time, which might cause the failure of essential communications between VC master and members. When the failure happens, FPC will automatically restart. As a result, VC is split and traffic is lost.
PR Number Synopsis Category: QFX Access control list
1514570 Scale of filters with egress-to-ingress command is enabled.
Product-Group=junos
With the 'egress-to-ingress' knob enabled, the filter installation fails if the number of filter entries configured is more than 1K.
1521763 Firewall "sample" configuration gives the warning as unsupported on QFX10002-36q and will not work.
Product-Group=junos
On QFX10002-36q, when inline-jflow is configured, the IPv4 firewall filter with 'sample' action gives a waring "unsupported platform" and will not work. On the other hand, the IPv6 firewall filter with 'sample' action will still work as expected.
PR Number Synopsis Category: QFX PFE L2
1514793 Traffic imbalance could be observed on QFX5K/EX46xx if "hash-params" is not configured
Product-Group=junos
On QFX5K/EX46xx, if "forwarding-options enhanced-hash-key hash-params" is not configured and if the hash function and pre-process for LAG is the same on ingress nodes and QFX5K/EX46xx, egress traffic imbalance might be observed when ECMP or LAG is used. It might cause traffic congestion unexpectedly.
1521324 MAC address in hardware table may become out of sync between Master and member in Virtual Chassis after MAC flap
Product-Group=junos
When MAC address moves over the member in Virtual Chassis, the MAC address's learning port in Internal Hardware MAC table may be out of sync between Master and member and this may lead to misforwarding. This will be an extremely rare occurrence. If the issue happens, you can issue "clear ethernet-switching table " command to restore the communication.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1528490 The fxpc crash might be observed if VXLAN interface flaps on QFX5K
Product-Group=junos
On QFX5K platforms, if VXLAN enabled interfaces flap excessively in short period of time, PFE might crash.
PR Number Synopsis Category: CoS support on ACX
1493518 On the ACX5048 and ACX5096 routers, the LACP control packets might be dropped due to high CPU utilization.
Product-Group=junos
On ACX5048/ACX5096 platforms, when one of the child links in AE goes down brings entire AE down due to high CPU.LACP control packets might get dropped as the port is blocked for a temporary period.
PR Number Synopsis Category: JUNOS kernel/ukernel changes for ACX
1509402 PFE crash might be seen and the FPC may remain down on ACX710 platform
Product-Group=junos
On ACX710 platform, after the PTP(Precision Time Protocol) configuration is removed and the router is rebooted, the PFE might crash and the FPC remains down if PTP traffic is still coming into the router. This issue might also happen when SyncE is configured. This causes the router to crash and not come up.
PR Number Synopsis Category: ACX GE, 10GE, PoE, IDT framers
1430009 The gigether-options command is enabled again under the interface hierarchy.
Product-Group=junos
gigether-options and ether-options both are support on ACX5k PR1430009 initially opened to remove gigether-options, now it has been reverted. Revert has been tracked in the same PR 1430009. Yes, latest fix of PR 1430009 has added back gigether-options
PR Number Synopsis Category: BBE Remote Access Server
1405855 Subscriber accounting messages retransmissions exist even after configuring accounting retry 0.
Product-Group=junos
When accounting-retry 0 is configured under the [access radius-server ] stanza, MX still attempts to re-transmits/retries accounting message to the AAA accounting Server
1517507 GX-PLUS: CCR-T doesn't contain the Usage Monitoring information
Product-Group=junos
On subscriber termination, CCR-T is sent to the PCRF server reporting the same. But this doesn't contain the Usage monitoring information.
1518016 JUNOS CLI [show network-access aaa subscribers statistics username "<>"] fails to fetch Subscriber-specific AAA statistics information if an subscriber username includes space
Product-Group=junos
Subscriber username with space in between is not displayed by [show network-access aaa subscribers statistics username "<>"] command
PR Number Synopsis Category: PTX Chassis Manager
1439929 FPC reboot may be observed in the events of jlock hog more than 5s
Product-Group=junos
On PTX1000 platform, in case of a jlock hog lasts for more than 5 seconds, FPC reboot might be seen.
PR Number Synopsis Category: Class of Service
1475960 snmp query for "jnxCos " objects wont work
Product-Group=junos
SNMP Polling of jnxCos objects will not work and throw OID not increasing error. It is fixed in latest releases.
PR Number Synopsis Category: Device Configuration Daemon
1519334 Junos OS: Buffer overflow vulnerability in device control daemon (CVE-2020-1664)
Product-Group=junos
A stack buffer overflow vulnerability in the device control daemon (DCD) on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service (DoS) against the daemon or execute arbitrary code in the system with root privilege. Refer to https://kb.juniper.net/JSA11061 for more information.
PR Number Synopsis Category: Covers Application classification workflows apart from custo
1500938 The srxpfe or flowd process might crash due to memory corruption within JDPI.
Product-Group=junos
On SRX/MX platforms, if there are any services (e.g. AppID, IDP, APBR and so on) running based on Juniper Deep Packet Inspection (JDPI), when the work load is reaching heavy level, for example, above 50% of max connection per second for Layer 7 security policy, or 30% for IDP, the srxpfe/flowd process might crash due to memory corruption caused by this issue.
1516969 The flowd/srxpfe process might crash when SSL proxy and AppSecure process traffic simultaneously
Product-Group=junos
On all SRX Platforms, the flowd/srxpfe process might crash when SSL proxy and AppSecure/IDP process traffic simultaneously.
PR Number Synopsis Category: JUNOS Dynamic Profile Configuration Infrastructure
1526934 Family IPv6 do not come up for the L2TP subscriber when additional attributes are not passed in the Framed-IPv6-Route VSA.
Product-Group=junos
In DHCP/PPP Subscriber scenario with IPv6 dynamic-profile configured, all the additional attributes (route prefix, next-hop, metric, preference, tag) for IPv6 access route must be fully specified in dynamic-profile and passed via RADIUS server, otherwise family inet6 might not come up.
PR Number Synopsis Category: mgd, ddl, odl infra issues
1458345 "persist-groups-inheritance" causes the "mustd" process to crash and issues commit failure
Product-Group=junos
"persist-groups-inheritance" configuration option causes the "mustd" process to crash when one performs the "commit" action.
PR Number Synopsis Category: EVPN control plane issues
1461795 EVPN-VXLAN core isolation is not working when the system is rebooted or the routing is restarted.
Product-Group=junos
In an EVPN-VXLAN core isolation scenario, the server is multihomed to the leaf devices through LACP interfaces. If graceful restart is enabled, when you reboot the system or restart routing on the leaf device, the core isolation does not work. If you reboot the system, the issue results in the leaf device silently dropping the traffic sent from the server during the time window between LACP coming up and BGP coming up. If you restart routing, there might be no traffic drop because of the graceful restart.
1530991 The rpd process might crash when auto-service-id is configured in the EVPN-VPWS scenario.
Product-Group=junos
On all Junos platforms with EVPN VPWS scenario, if auto-service-id is configured and the service IFL under VPWS instance is down, the rpd crash might be seen when any changes made to the configuration.
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1520078 Unable to create a new VTEP interface.
Product-Group=junos
In all platforms with VXLAN Static VTEP tunnels scenario (including Static VXLAN without EVPN), after RE switchover or restart of l2-learning, if create a new VTEP interface, the interface may not work.
PR Number Synopsis Category: Express PFE CoS Features
1509220 Traffic might be affected on QFX10002/QFX10008/QFX10016 platform
Product-Group=junos
On QFX10002/QFX10008/QFX10016, on the interfaces which map to h/w stream 0, if enhanced transmission selection (ETS), which in JunOS implementation is Hierarchical port scheduling configurations, change while high rate traffic is flowing, the chip might be wedged, thus no traffic flow is seen. Hierarchical port scheduling is the Junos OS implementation of enhanced transmission selection (ETS), as described in IEEE 802.1Qaz.
1531095 Packets are mis-classified while validating policer functions on a QFX10K
Product-Group=junos
The software change introduced by PR1525776 disables the EXP classifier bind option on QFX10K platforms. This causes the PFE to misclassified packets into the wrong COS queue.
PR Number Synopsis Category: Express PFE FW Features
1420057 On the PTX10008 and PTX5000 routers, the output of the show filter index < number> counter command shows value as zero at 28-02-HOSTBOUND_NDP_DISCARD_TERM.
Product-Group=junos
VTY command "show filter index < number> counter" showes values as zero at 28-02-HOSTBOUND_NDP_DISCARD_TERM on PTX5000 platform. Basically, the counter does not increase for NDP packets. The issue is only with "show filter index", which is a debug tool in VTY. This issue has no impact on NDP functionality for user traffic. There are no issues with NDP functionality and DDOS for NDP is also working,
PR Number Synopsis Category: Express PFE MPLS Features
1515092 The routes update might fail upon the HMC memory issue and traffic impact might be seen.
Product-Group=junos
On PTX Series and QFX Series devices, in rare cases, HMC memory error might cause routes update failure and traffic impact on the Packet Forwarding Engine.
PR Number Synopsis Category: Internet Group Management Protocol
1520059 Packet loss might be observed while verifying traffic from access to core network for IPv4/IPv6 interfaces
Product-Group=junos
On EX2300-48T/EX2300-48P/EX2300-48MP, packet loss may be seen when L3 IPv4/IPv6 interface and route related configurations with IPv4/IPv6 unicast stream are configured. This issue might cause traffic drop. This issue happens if two different NH(Next Hop) IDs are programmed in the Hardware for same route but only one entry is maintained in the software.This issue is specific to 48 port EX2300 platforms and will not occur on other 12/24 ports EX2300, such as EX2300-24T, EX2300-24P, EX2300-24MP.
PR Number Synopsis Category: Kernel software for AE/AS/Container
1474300 A new aggregated Ethernet member interface for a static LAG bundle is installed in the FIB even though the micro- BFD session is down.
Product-Group=junos
On all Junos platforms, if a static Link Aggregate Group (LAG) is configured, and Bidirectional Forwarding Detection (BFD) is enabled on the LAG which is also called as micro BFD, a newly added member link might start to forward traffic immediately when the configuration change commits even though its micro BFD session is still down, for example, add a new member interface only on single end, and the remote member interface is disabled or not added. Therefore, traffic loss might be seen due to this issue.
1514146 The 100M SFP-FX is not supported on satellite device in Junos Fusion setup
Product-Group=junos
On satellite device in Junos Fusion setup, interfaces with 100M SFP-FX might not work properly.
PR Number Synopsis Category: ISIS routing protocol
1526447 The IS-IS LSP database synchronization issue might be seen while using the flood-group feature.
Product-Group=junos
On all Junos platform, when flood-group is configured on interface under isis, if isis LSPs time out and then come up, the device sends only self-generated LSPs and doesn't increment the LSP updates received from neighbor which flapped. This is causing LSP database out of synchronization issue.
PR Number Synopsis Category: jdhcpd daemon
1525052 The memory leak in jdhcpd might be seen if access-profile is configured under the dhcp-relay or dhcp-local-server statement.
Product-Group=junos
With access-profile being configured under "forwarding-options dhcp-relay" or "system services dhcp-local-server" stanza, there might be memory leak in jdhcpd when DHCP request is processed. The leaked memory size for each processing will be the number of bytes equal to the length of the access profile.
PR Number Synopsis Category: JSR Infrastructure
1479156 The vSRX may restart unexpectedly
Product-Group=junos
The srxpfe process generates core files when a socket-open error occurs during the initialization phase. Self-healing takes place when the srxpfe reboots and starts processing traffic.
PR Number Synopsis Category: jsscd daemon
1511745 Static subscribers are logged out after creating a unit under the demux0 interface.
Product-Group=junos
In MX platforms with static subscriber scenario, the existing static subscribers associated to a demux0 interface might be forced to log out after creating another unit under demux0 interface.
PR Number Synopsis Category: lacp protocol
1463791 Member links state might be asychronized on a connection between the PE and CE devices in an EVPN active/active scenario.
Product-Group=junos
In EVPN multi-homed active/active scenario, when LACP is enabled on PE-CE child member links and after recovering from a core-isolation on the PE device, the PE-CE child member links might be stuck in Detached state if LACP sync-reset feature is enabled on the CE device. The child links on the CE device might show the LACP state as Collecting Distributing. However, on the PE devices, the LACP state might be shown as Detached.
1505523 The aggregated Ethernet interface sometimes might not come up after switch is rebooted.
Product-Group=junos
In Junos platforms with LACP and knob "minimum-links" enabled scenario, AE interface might not come up after the switch is rebooted or the AE interface is deactivated/activated. This is because the knob "sync-reset" is enabled. ("sync-reset" is enabled by default on QFX and EX platforms, and it only needs to use when the "minimal link" is not supported on one side of an LACP).
PR Number Synopsis Category: Multiprotocol Label Switching
1517018 The rpd process might crash after upgrading Junos OS Release 18.1 to a later release.
Product-Group=junos
The rpd might continuously crash after upgrading pre Junos OS Release 18.1 to Junos OS Release 18.1 and later while graceful-restart and RSVP/static LSP are configured. This is because there is a change in the data structure written to the restart database file from Junos OS Release 18.1 and later. So, when rpd comes up and tries to read the restart database file written by pre Junos OS Release 18.1 image, the rpd might crash.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1518898 The kernel might crash if a file/directory is accessed for the first time and is not created locally
Product-Group=junos
On the Junos with Virtual Filesystem (VirtFS), if a file/directory is accessed for the first time and is not created locally, the kernel might crash and generate a vmcore file. Junos might reboot due to this issue.
PR Number Synopsis Category: Kernel Stats Infrastructure
1398128 If the serial number of the PEM starts with 1F1, the following alarm might be generated: Minor FPC PEM Temp Sensor Failed.
Product-Group=junos
On ACX/EX/QFX/SRX platforms, if the PEM's serial number starts with "1F1", the alarm "Minor FPC PEM Temp Sensor Failed" might be seen.
PR Number Synopsis Category: Used for tracking OVSDB software issues and features
1518807 The vgd process might generate a core file when the OVSDB server restarts.
Product-Group=junos
On all Junos platforms that support OVSDB (Open vSwitch database), the vgd core might get generated when the OVSDB server is restarted. The vgd daemon restart after the core might cause traffic impact. This issue happens when OVSDB server is disconnected and the device (switch/router) sends some updates events to server.
PR Number Synopsis Category: Express Paradise PFE Sflow
1525589 Sampling with the rate limiter command enabled, crosses the sample rate 65535.
Product-Group=junos
'show sflow Interfaces' command displays wrong adaptive-sampling rates for rate limiter configuration. The display usually shows a sampling rate of more than 65535.
PR Number Synopsis Category: PTP related issues.
1527612 The transit PTP packet might be unexpectedly modified when passing through MPC2E-NG/MPC3E-NG/MPC5E
Product-Group=junos
If timestamping the packet at the physical layer (also known as PHY timestamping) is enabled for Precision Time Protocol (PTP), the transit PTP packets passing through the MPC2E-NG/MPC3E-NG/MPC5E might be modified to have huge value in Correction Field of the PTP packet even though there is not PTP port configured on these line cards. If the transit PTP packets are used for synchronizing downstream node, the clock frequency drift could be seen. The current fix in this PR is only applicable for G.8275.1 PTP profile.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1387098 Traffic loss may be observed due to switch modular failure on CB
Product-Group=junos
On QFX10008/QFX10016/PTX10008/PTX100016 platforms, traffic loss might be observed because of switch modular failure on the Control Board (CB). This failure further causes all SIBs to be marked as faulty and causes FPCs to restart until Routing Engine switchover occurs.
1454527 On the QFX5000 line of switches, the dcpfe process crashes due to the usage of data that is not null getting terminated.
Product-Group=junosvae
The dcpfe crash is due to usage of data which is not NULL terminated on QFX5K.
1508611 The fxpc may crash and restart with a fxpc core file created while installing image through ZTP
Product-Group=junos
On QFX5100/EX4600 Series platforms, the fxpc may crash sometimes while installing an image through ZTP.
PR Number Synopsis Category: QFX platform optics related issues
1504630 "Media type" in show interface command is displayed as "Fiber" for SFP-10G-T
Product-Group=junos
On QFX series, "Media type" in show interface command is displayed as "Fiber" for SFP-10G-T
PR Number Synopsis Category: QFX PFE Class of Services
1430173 The CoS rewrite rules applied under an aggregated Ethernet interface might not take effect after NSSU.
Product-Group=junos
On QFX 5K platform, Class of Service (CoS) rewrite rules applied under an Aggregated Ethernet (AE) interface might not take effect after Non-Stop Software Upgrade (NSSU). In the end, packets could not enter into correct queues for sending.
PR Number Synopsis Category: Filters
1514710 Firewall filters may not be loaded into the TCAM correctly
Product-Group=junos
n QFX5000/EX4600 platforms with VxLAN scenario, firewall filters loading failure might happen due to Ternary Content Addressable Memory(TCAM) overflow, which may cause traffic impact if the Junos version is upgraded to 18.1R3-S1 / 18.2R1 or higher. This is because IPACL VxLAN filter is introduced on that releases to replace regular IPACL for VxLAN VLANs. And after upgrade, IPACL VxLAN filter needs more entries in TACM compared with regular IPACL, which makes TCAM to overflow, and even traffic will be impacted.
PR Number Synopsis Category: QFX EVPN / VxLAN
1473464 QFX5K: "global-mac-table-aging-time" behavior with Multi homed EVPN VXLAN ESI
Product-Group=junos
When MAC change notification comes from L2 address learning daemon to PFE, PFE will handle this as MAC addition. That will cause the reset of MAC age timer in all FPC's of VC members in multi homed EVPN VXLAN-ESI cases. As part of MAC change HIT SA (Source Address) bits are wrongly programmed and leads to restart of the MAC age timer. So, MAC was aging in 3rd iteration and leading to this issue.
1516653 The MAC learning might not work properly after multiple MTU changes on the access port in VxLAN scenario
Product-Group=junosvae
On QFX5120 platform running with Virtual Extensible LAN protocol (VxLAN) scenario, if there are multiple iterations of MTU change on the access port which faces Customer Edge (CE) side, for example, 20 iterations under the scale with around 100 VLAN to VXLAN Network Identifier (VNI) mapping, the MAC learning on the access port might not be able to work properly due to this issue.
PR Number Synopsis Category: QFX VC Infrastructure
1497563 Virtual Chassis is not stable with 100-Gigabit Ethernet and 40-Gigabit Ethernet interfaces.
Product-Group=junos
In QFX5110 platform with Virtual Chassis (VC) scenario, VC might not get formed and can cause traffic loss if the 100G VCP ports are deleted and created, or changed from 40G to 100G or vice-versa. For the reason is that Forward Error Correction (FEC) should not be enabled when the physical interface is working as a VCP port.
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1421566 Some LDP routes in VRF cannot be resolved over the inet.3 table
Product-Group=junos
Any route that is added to the rib will be resolved over predefined tables, and the resolution tables for a given protocol are fixed. LDP routes added to foo.mpls.0, the resolution table is not initialized due to this NULL access happen to lead to the core.
PR Number Synopsis Category: SNMP Infrastructure (snmpd, mib2d)
1497841 The SNMPv3 informs might not work properly after rebooting.
Product-Group=junos
On all Junos platforms with SNMPv3 informs configured, it may stop sending SNMP traffic to collector after rebooting the whole system.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1482400 The vmcore process crashes sometimes along with the mspmand process on MS-MPC/MS-MIC if large-scale traffic flows are processed.
Product-Group=junos
With NAT/Stateful-firewall/TCP tickle (enable by default) configured on MS-MPC/MS-MIC, the vmcore crash sometimes along with mspmand crash might happen if large-scale traffic flows (e.g. million flows) are processed by it.
1489942 Prolonged flow control might occur with MS-MPC or MS-MIC.
Product-Group=junos
On MX platforms with MS-MPC/MS-MIC, if there are lots of self-generated packets like TCP-tickle and UDP-logging, there might be data congestion on the data path due to no throttling functionality for such types of packets. When the data path is blocked, prolonged flow-control might happen with the service interfaces being brought down and the PIC reboot. At the same time, the mspmand core file will be generated if dump-on-flow-control is enabled.
PR Number Synopsis Category: Remote Access VPN issues on SRX
1442145 With NCP remote access solution, in a PathFinder case (for example, where IPsec traffic has to be encapsulated as TCP packets), TCP encapsulation for transit traffic is failing.
Product-Group=junos
With the NCP remote access solution, where IPsec traffic has to be encapsulated as TCP packets, TCP encapsulation for transit traffic is failing.
PR Number Synopsis Category: SSL Proxy functionality on JUNOS
1516903 A logic issue was corrected in SSL proxy that could lead to an srxpfe or flowd core file under load.
Product-Group=junos
On all SRX Series devices with SSL-Proxy used, memory leak might occur when new session creation refers to the SSL-Proxy profile, which results in a corrupted memory accessed and the flowd/srxpfe process crash.
PR Number Synopsis Category: MPC7/8/9 Interface Issues
1513321 The wavelength configured through the CLI might not be set on the SFP+-10G-T-DWDM-ZR optics when the optics is used on the MPC7E line card.
Product-Group=junos
The code change in PR 1410877 (which is fixed in 19.1R1 19.2R1) broke the wavelength configuration for tunable optics on MPC7E line card. After configuring 'interfaces <> optics-options wavelength' for interfaces using SFP+-10G-T-DWDM-ZR optics on MPC7E line card, the wavelength configured might not take effect on these interfaces.
PR Number Synopsis Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1523902 The PADI packets might be dropped when the interface encapsulation VPLS is set along with accepted protocol configured as PPPoE.
Product-Group=junos
On the MX platforms with the PPPoE subscriber management enabled, the PADI packets might get dropped when interface encapsulation VPLS is set along with accepted protocols configured as PPPoE in auto-configure dynamic profiles. This issue will cause the PPPoE subscribers can not access service.
1525585 Addition and removal of an aggregated Ethernet interface member link might cause the PPPoE subscriber session and traffic to drop.
Product-Group=junos
On the MX platforms with enhanced subscriber management enabled, when adding/removing one of the member links with "down" status to/from two member links AE bundle on the same PFE (Packet Forwarding Engine), because of the incorrect CoS (Class of Service) queue update, the PPPoE subscribers traffic are mapped to an incorrect queue and get dropped over the AE bundle.
1529602 In the subscriber management environment, the RADIUS interim accounting records does not get populated with the subscriber statistics.
Product-Group=junos
In subscriber management environment, RADIUS interim accounting records are not populated with the subscriber statistics after system reboot. In this case, the MAC of the routing engine is not learned by the nextgen-stats manager on the PFE. Use the following command to verify the problem. "request pfe execute target fpc0 command "show nextgen-stats manager" Nextgen Manager microcode stats: ================================== Interim stats push from ASIC supported : Yes Is ucode running : Yes configured values: gen num : 17 interval slow : 300000 ms interval fast : 60000 ms callout period : 1 ms vlan_re0 : 0 vlan_re1 : 2 ip re0 : 0x80000001 ip re1 : 0x80000006 mac re0 : 0x000000000000 <-----------not programmed mac re1 : 0x020100000005 <----------- programmed src ip : 0x8000001b version : 0 member id : 0
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1494594 Packets get dropped when next hop is IRB over an lt interface.
Product-Group=junos
On MX series platforms, when a route's next-hop is an IRB interface with lt- as the underlying L2 interface, it is not getting programmed on PFE, resulting in packet drop.
1501014 Traffic to VRRP virtual IP or MAC addresses might be dropped when ingress queuing is enabled.
Product-Group=junos
On MX platforms with any MPC in enhanced network-service mode, if VRRP is configured on AE interface, after 'set chassis fpc X pic X traffic-manager mode ingress-and-egress' is enabled, traffic sent to virtual IP/MAC might be dropped and the forward traffic will be affected.
PR Number Synopsis Category: Web-Management UI
1513612 Installing J-Web application package may fail on the EX2300/EX3400 platforms
Product-Group=junos
On the EX2300/EX3400 platforms, J-Web application package may fail to be installed with the affected releases.
PR Number Synopsis Category: MX10K linecard
1510994 The disabled QSFP transceiver might fail to get turned on.
Product-Group=junos
In a scenario where QSFP is used as a single interface or child link of the aggregated Ethernet interface, if the interface is disabled and enabled frequently, the write errors might happen on inter-integrated circuit of QSPF. Then the laser of QSFP might not be enabled.
 

19.1R3-S3 - List of Known issues
PR Number Synopsis Category: EX4300 PFE
1538401 LLDP neighborship might not come up on EX4300 non-AE interfaces
Product-Group=junos
Due to a regression introduced by PR/1517133, LLDP might not work on non-AE (Aggregated Ethernet) interfaces.
PR Number Synopsis Category: NFX Series Platform Software
1462556 Junos OS: NFX350: Password hashes stored in world-readable format (CVE-2020-1669)
Product-Group=junos
The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. Refer to https://kb.juniper.net/JSA11066 for more information.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1481987 Multicast traffic loss could be seen in certain conditions while enabling IGMP snooping under EVPN-VXLAN ERB scenario
Product-Group=junos
On QFX5110 and QFX5120 platform that is running as a Layer 3 VXLAN gateway, if the "igmp-snooping" statement is enabled in partial but not for all bridge domains, multicast traffic loss could be observed in non-igmp snooping bridge domains.
PR Number Synopsis Category: ACX Interfaces IFD, IFL, vlans, and BRCM init
1529822 "gigether-options fec none" option not available on ACX5048/ACX5096 on 10g/40g interfaces
Product-Group=junos
Knobs added back again via PR1430009
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1522261 BFD with authentication for BGP flaps after GRES or NSR switchover on the NG-RE and SCBE2 setup.
Product-Group=junos
On the devices with NG-RE (Next Generation Routing Engine) and SCBE2 (Enhanced Switch Control Board), when BFD authentication for BGP is enabled, the BFD may flap after the NG-RE switchover. The switchover should be GRES or NSR switchover. After the flap, the device could be self recovery.
PR Number Synopsis Category: Border Gateway Protocol
1456260 Packet drop and CPU spike on Routing Engine might be seen in certain conditions if labeled-unicast protection is enabled for a CsC-VRF peer.
Product-Group=junos
On all Junos OS platforms under carrier supporting carrier (CsC) scenario, when PE link protection (labeled-unicast protection) is enabled, after one of the redundant links between CsC-CE flap or RSVP-TE LSP re-route from the primary path happens, it might result in slow convergence issue. Packets drop and CPU spike on the Routing Engine might be seen during this period.
1517498 The rpd might crash after deleting and re-adding a BGP neighbor
Product-Group=junos
In BGP scenario on all Junos platforms, after deleting and re-adding a BGP neighbor, the rpd might crash due to a rare timing issue.
PR Number Synopsis Category: Manageability for Node Virtualization
1524766 Dvaita JDM[Ubuntu 18.04.4] Commit is Successful while Deactivating CB0/CB1 interfaces with GNF's running
Product-Group=junosvae
When a user tries to delete/deactivate cb0/cb1 interfaces while GNFs are running, commit failure is expected but the commit may succeed even though following (correct) error message gets displayed: "cb0/cb1 interfaces cannot be deleted while 'system commit synchronize' is configured"
1527322 Dvaita JDM: Commit Error Messages are coming twice while validating physical-cores knob
Product-Group=junosvae
Commit error messages get printed twice while validating physical-cores knob for GNFs.
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1521199 The l2ad process might crash when EVPN-DCI session is teared down by MP-BGP-EVPN peer
Product-Group=junos
On EVPN-VXLAN scenario, when EVPN-DCI session is teared down by MP-BGP-EVPN peer, the l2ald process might crash with a core file generated in all VTEPs. It might cause total EVPN-VXLAN fabric bring down and entire network impact.
PR Number Synopsis Category: Category for JET(JUNOS Extension Toolkit) related issues
1525671 High CPU on NFX250-NG on process jsd
Product-Group=junos
High CPU is seen due to jsd, even though no telemetry/programmable features have been configured
PR Number Synopsis Category: Flow Module
1467654 TCP session might not time out properly upon receiving TCP RESET packet
Product-Group=junos
TCP session cannot time out properly upon receiving the TCP RESET packet, and the session timeout does not change to 2 seconds.
PR Number Synopsis Category: Firewall Policy
1454907 Traffic might be dropped when policies are changed in SRX Series devices
Product-Group=junos
If a huge number of policies are configured on SRX Series devices and some policies are changed, the traffic that matches the changed policies might be dropped.
PR Number Synopsis Category: IPSEC/IKE VPN
1517262 The flowd might crash in IPsec VPN scenario
Product-Group=junos
On SRX platforms with IPsec VPN configured, the flowd might crash during the IPsec VPN rekey window. The traffic/service might be impacted if hitting this issue.
PR Number Synopsis Category: L2TP service related issues
1527343 L2TP subscribers might fail to establish a session on MX if the CPE is a virtual host
Product-Group=junos
L2TP subsribers might fail to establish sessions with MX device which is configured as L2TP LNS. This happens when the subscriber customer premises equipment host (CPE) is a virtual setup.
PR Number Synopsis Category: Multiprotocol Label Switching
1506062 The rpd process might crash when rpd restarts or GRES switchovers.
Product-Group=junos
On all Junos platforms with GR (Graceful Restart) and LSP (Label Switched Path) configured, if the /mfs/var/db/tag_restart.db file is corrupted, the rpd process might crash when triggering rpd restart or GRES (Graceful Routing Engine Switchover) switchover. Traffic loss might be seen during the rpd crash and restart.
PR Number Synopsis Category: Multicast for L3VPNs
1460480 Traffic loss is observed while verifying multicast route with VT for VPNA.
Product-Group=junos
On the Junos platforms with inter-AS NG-MVPN, traffic loss may be observed when the NG-MVPN VRF is disabled on one of these ASBRs.
PR Number Synopsis Category: Jflow and sflow on MX
1487876 Incorrect 'frame length' of 132 bytes might be captured in packet header
Product-Group=junos
On all MX/PTX5k/EX platforms with Trio based line cards, if a packet is send with more than 128 bytes it will always show incorrect "Frame length" of 132 bytes in raw packet header of sflow collector captured data.
PR Number Synopsis Category: IDS features available on MS-MPC/MIC
1527236 After applying ids-rules to service-set, high session rate is observed even without any DDos traffic
Product-Group=junos
On MX platforms with MS-MIC/MS-PIC, if applying IDS filter and reaching high CPU state, the session rate stay high even without any DDos traffic which may lead to dropping of new session requests.
PR Number Synopsis Category: PE based L3 software
1500798 BFD sessions flap after deactivating or activating the aggregated Ethernet interface or executing GRES.
Product-Group=junos
On QFX10008 platforms, if the BFD is configured over an AE interface (member link across multiple FPCs), deactivating/activating the AE interface or executing GRES will cause the BFD sessions to flap.
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1515487 The 100G AOC non-breakout port might be auto-channelized to other speed
Product-Group=junos
On QFX5k platform with QFX-5e image, if the 100G port is enabled with auto-channelization (which is by default) and the AOC (Active Optical Cable) non-breakout transceiver is used on it, the 100G port might be detected as breakout and auto-channelized to other speed (e.g. 50G). The interface connection will be impacted.
PR Number Synopsis Category: MX10003/MX204 Platform SW - Chassisd s/w defects
1464879 The following constant messages flooding in log is observed: summit_pic_port_profile_isvalid: VALID Port profile.
Product-Group=junos
constant messages flodding in log: summit_pic_port_profile_isvalid: VALID Port profile These messages are cosmetic messages and don't have any service impact
PR Number Synopsis Category: ZT/YT PFE l3 forwarding
1529475 The multicast traffic might be dropped due to hash mismatch when there are AE and ECMP links involved in multicast tree
Product-Group=junos
On MX platforms with MPC10 or MPC11 line cards, the multicast traffic over an AE or ECMP interface may be dropped because the hash calculation on the egress line card could be different than on the ingress line card. This could happen if the encapsulation on the egress interface changes a field in the packet that is used in the hash calculation.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1452136 The mgd might crash when you use the replace pattern command.
Product-Group=junos
When you use the "replace pattern" command to replace the name in the apply-group, the mgd crashes.
 
Modification History:
First publication 2020-10-14
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search