Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles19.1R3-S3: Software Release Notification for JUNOS Software Version 19.1R3-S3
Junos Software service Release version 19.1R3-S3 is now available.
| PR Number | Synopsis | Category: EX4300 PFE |
|---|---|---|
| 1456879 | The traffic for some VLANs might not be forwarded when vlan-id-list is configured Product-Group=junos |
On EX4300 Series switches, if the vlan-id-list is used on one interface, the traffic for some VLANs under the vlan-id-list might not be forwarded. |
| PR Number | Synopsis | Category: EX4300 CP general implementation |
| 1498903 | In some cases, if we have an OSPF session on the IRB over LAG interface with 40-Gigabit Ethernet port as member, the session gets stuck in restart. Product-Group=junosvae |
On the EX4300-48MP VC (Virtual Chassis), if the LAG (Link Aggregation Group) interface with member interfaces of 40G/100G is configured across the master and the standby FPCs of the VC, the OSPF configured on the IRB (Integrated Routing and Bridging) interface over this LAG might be stuck in "ExStart" state. The issue impacts the establishment of the OSPF neighbor. |
| PR Number | Synopsis | Category: EX driver issues |
| 1515689 | The IP communication between directly connected interfaces on EX4600 would fail Product-Group=junosvae |
The IP communication between directly connected interfaces on EX4600 TVP platforms would fail. This issue only might occur in this special scenario and it might have traffic/service impact. |
| PR Number | Synopsis | Category: EX2300/3400 CP |
| 1494712 | Authentication session might be terminated if PEAP request is retransmitted by authenticator Product-Group=junos |
On all Junos platforms with 802.1X (dot1x) enabled, if Protected Extensible Authentication Protocol (PEAP) request is not replied by supplicant in default time interval, it could cause the authenticator to retransmit PEAP proposal method message with new Extensible Authentication Protocol (EAP) ID. The new EAP ID is different from EAP ID sent by authentication server. As a result, mismatching EAP ID issue could terminate authentication session. In the end, supplicant cannot access network. Please consider increasing 'supplicant-timeout' to prevent this issue from happening. |
| PR Number | Synopsis | Category: EX2300/3400 PFE |
| 1427075 | VC split after network topology changed Product-Group=junos |
In Virtual Chassis scenario, when the interfaces flaps or VLAN configuration is changed frequently, the network topology will be changed accordingly, then CPU utilization will be dramatically increased to very high within a short time, which might cause the failure of essential communications between VC master and members. When the failure happens, FPC will automatically restart. As a result, VC is split and traffic is lost. |
| PR Number | Synopsis | Category: QFX Access control list |
| 1514570 | Scale of filters with egress-to-ingress command is enabled. Product-Group=junos |
With the 'egress-to-ingress' knob enabled, the filter installation fails if the number of filter entries configured is more than 1K. |
| 1521763 | Firewall "sample" configuration gives the warning as unsupported on QFX10002-36q and will not work. Product-Group=junos |
On QFX10002-36q, when inline-jflow is configured, the IPv4 firewall filter with 'sample' action gives a waring "unsupported platform" and will not work. On the other hand, the IPv6 firewall filter with 'sample' action will still work as expected. |
| PR Number | Synopsis | Category: QFX PFE L2 |
| 1514793 | Traffic imbalance could be observed on QFX5K/EX46xx if "hash-params" is not configured Product-Group=junos |
On QFX5K/EX46xx, if "forwarding-options enhanced-hash-key hash-params" is not configured and if the hash function and pre-process for LAG is the same on ingress nodes and QFX5K/EX46xx, egress traffic imbalance might be observed when ECMP or LAG is used. It might cause traffic congestion unexpectedly. |
| 1521324 | MAC address in hardware table may become out of sync between Master and member in Virtual Chassis after MAC flap Product-Group=junos |
When MAC address moves over the member in Virtual Chassis, the MAC address's learning port in Internal Hardware MAC table may be out of sync between Master and member and this may lead to misforwarding. This will be an extremely rare occurrence. If the issue happens, you can issue "clear ethernet-switching table " command to restore the communication. |
| PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
| 1528490 | The fxpc crash might be observed if VXLAN interface flaps on QFX5K Product-Group=junos |
On QFX5K platforms, if VXLAN enabled interfaces flap excessively in short period of time, PFE might crash. |
| PR Number | Synopsis | Category: CoS support on ACX |
| 1493518 | On the ACX5048 and ACX5096 routers, the LACP control packets might be dropped due to high CPU utilization. Product-Group=junos |
On ACX5048/ACX5096 platforms, when one of the child links in AE goes down brings entire AE down due to high CPU.LACP control packets might get dropped as the port is blocked for a temporary period. |
| PR Number | Synopsis | Category: JUNOS kernel/ukernel changes for ACX |
| 1509402 | PFE crash might be seen and the FPC may remain down on ACX710 platform Product-Group=junos |
On ACX710 platform, after the PTP(Precision Time Protocol) configuration is removed and the router is rebooted, the PFE might crash and the FPC remains down if PTP traffic is still coming into the router. This issue might also happen when SyncE is configured. This causes the router to crash and not come up. |
| PR Number | Synopsis | Category: ACX GE, 10GE, PoE, IDT framers |
| 1430009 | The gigether-options command is enabled again under the interface hierarchy. Product-Group=junos |
gigether-options and ether-options both are support on ACX5k PR1430009 initially opened to remove gigether-options, now it has been reverted. Revert has been tracked in the same PR 1430009. Yes, latest fix of PR 1430009 has added back gigether-options |
| PR Number | Synopsis | Category: BBE Remote Access Server |
| 1405855 | Subscriber accounting messages retransmissions exist even after configuring accounting retry 0. Product-Group=junos |
When accounting-retry 0 is configured under the [access radius-server ] stanza, MX still attempts to re-transmits/retries accounting message to the AAA accounting Server |
| 1517507 | GX-PLUS: CCR-T doesn't contain the Usage Monitoring information Product-Group=junos |
On subscriber termination, CCR-T is sent to the PCRF server reporting the same. But this doesn't contain the Usage monitoring information. |
| 1518016 | JUNOS CLI [show network-access aaa subscribers statistics username "<>"] fails to fetch Subscriber-specific AAA statistics information if an subscriber username includes space Product-Group=junos |
Subscriber username with space in between is not displayed by [show network-access aaa subscribers statistics username "<>"] command |
| PR Number | Synopsis | Category: PTX Chassis Manager |
| 1439929 | FPC reboot may be observed in the events of jlock hog more than 5s Product-Group=junos |
On PTX1000 platform, in case of a jlock hog lasts for more than 5 seconds, FPC reboot might be seen. |
| PR Number | Synopsis | Category: Class of Service |
| 1475960 | snmp query for "jnxCos " objects wont work Product-Group=junos |
SNMP Polling of jnxCos objects will not work and throw OID not increasing error. It is fixed in latest releases. |
| PR Number | Synopsis | Category: Device Configuration Daemon |
| 1519334 | Junos OS: Buffer overflow vulnerability in device control daemon (CVE-2020-1664) Product-Group=junos |
A stack buffer overflow vulnerability in the device control daemon (DCD) on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service (DoS) against the daemon or execute arbitrary code in the system with root privilege. Refer to https://kb.juniper.net/JSA11061 for more information. |
| PR Number | Synopsis | Category: Covers Application classification workflows apart from custo |
| 1500938 | The srxpfe or flowd process might crash due to memory corruption within JDPI. Product-Group=junos |
On SRX/MX platforms, if there are any services (e.g. AppID, IDP, APBR and so on) running based on Juniper Deep Packet Inspection (JDPI), when the work load is reaching heavy level, for example, above 50% of max connection per second for Layer 7 security policy, or 30% for IDP, the srxpfe/flowd process might crash due to memory corruption caused by this issue. |
| 1516969 | The flowd/srxpfe process might crash when SSL proxy and AppSecure process traffic simultaneously Product-Group=junos |
On all SRX Platforms, the flowd/srxpfe process might crash when SSL proxy and AppSecure/IDP process traffic simultaneously. |
| PR Number | Synopsis | Category: JUNOS Dynamic Profile Configuration Infrastructure |
| 1526934 | Family IPv6 do not come up for the L2TP subscriber when additional attributes are not passed in the Framed-IPv6-Route VSA. Product-Group=junos |
In DHCP/PPP Subscriber scenario with IPv6 dynamic-profile configured, all the additional attributes (route prefix, next-hop, metric, preference, tag) for IPv6 access route must be fully specified in dynamic-profile and passed via RADIUS server, otherwise family inet6 might not come up. |
| PR Number | Synopsis | Category: mgd, ddl, odl infra issues |
| 1458345 | "persist-groups-inheritance" causes the "mustd" process to crash and issues commit failure Product-Group=junos |
"persist-groups-inheritance" configuration option causes the "mustd" process to crash when one performs the "commit" action. |
| PR Number | Synopsis | Category: EVPN control plane issues |
| 1461795 | EVPN-VXLAN core isolation is not working when the system is rebooted or the routing is restarted. Product-Group=junos |
In an EVPN-VXLAN core isolation scenario, the server is multihomed to the leaf devices through LACP interfaces. If graceful restart is enabled, when you reboot the system or restart routing on the leaf device, the core isolation does not work. If you reboot the system, the issue results in the leaf device silently dropping the traffic sent from the server during the time window between LACP coming up and BGP coming up. If you restart routing, there might be no traffic drop because of the graceful restart. |
| 1530991 | The rpd process might crash when auto-service-id is configured in the EVPN-VPWS scenario. Product-Group=junos |
On all Junos platforms with EVPN VPWS scenario, if auto-service-id is configured and the service IFL under VPWS instance is down, the rpd crash might be seen when any changes made to the configuration. |
| PR Number | Synopsis | Category: EVPN Layer-2 Forwarding |
| 1520078 | Unable to create a new VTEP interface. Product-Group=junos |
In all platforms with VXLAN Static VTEP tunnels scenario (including Static VXLAN without EVPN), after RE switchover or restart of l2-learning, if create a new VTEP interface, the interface may not work. |
| PR Number | Synopsis | Category: Express PFE CoS Features |
| 1509220 | Traffic might be affected on QFX10002/QFX10008/QFX10016 platform Product-Group=junos |
On QFX10002/QFX10008/QFX10016, on the interfaces which map to h/w stream 0, if enhanced transmission selection (ETS), which in JunOS implementation is Hierarchical port scheduling configurations, change while high rate traffic is flowing, the chip might be wedged, thus no traffic flow is seen. Hierarchical port scheduling is the Junos OS implementation of enhanced transmission selection (ETS), as described in IEEE 802.1Qaz. |
| 1531095 | Packets are mis-classified while validating policer functions on a QFX10K Product-Group=junos |
The software change introduced by PR1525776 disables the EXP classifier bind option on QFX10K platforms. This causes the PFE to misclassified packets into the wrong COS queue. |
| PR Number | Synopsis | Category: Express PFE FW Features |
| 1420057 | On the PTX10008 and PTX5000 routers, the output of the show filter index < number> counter command shows value as zero at 28-02-HOSTBOUND_NDP_DISCARD_TERM. Product-Group=junos |
VTY command "show filter index < number> counter" showes values as zero at 28-02-HOSTBOUND_NDP_DISCARD_TERM on PTX5000 platform. Basically, the counter does not increase for NDP packets. The issue is only with "show filter index", which is a debug tool in VTY. This issue has no impact on NDP functionality for user traffic. There are no issues with NDP functionality and DDOS for NDP is also working, |
| PR Number | Synopsis | Category: Express PFE MPLS Features |
| 1515092 | The routes update might fail upon the HMC memory issue and traffic impact might be seen. Product-Group=junos |
On PTX Series and QFX Series devices, in rare cases, HMC memory error might cause routes update failure and traffic impact on the Packet Forwarding Engine. |
| PR Number | Synopsis | Category: Internet Group Management Protocol |
| 1520059 | Packet loss might be observed while verifying traffic from access to core network for IPv4/IPv6 interfaces Product-Group=junos |
On EX2300-48T/EX2300-48P/EX2300-48MP, packet loss may be seen when L3 IPv4/IPv6 interface and route related configurations with IPv4/IPv6 unicast stream are configured. This issue might cause traffic drop. This issue happens if two different NH(Next Hop) IDs are programmed in the Hardware for same route but only one entry is maintained in the software.This issue is specific to 48 port EX2300 platforms and will not occur on other 12/24 ports EX2300, such as EX2300-24T, EX2300-24P, EX2300-24MP. |
| PR Number | Synopsis | Category: Kernel software for AE/AS/Container |
| 1474300 | A new aggregated Ethernet member interface for a static LAG bundle is installed in the FIB even though the micro- BFD session is down. Product-Group=junos |
On all Junos platforms, if a static Link Aggregate Group (LAG) is configured, and Bidirectional Forwarding Detection (BFD) is enabled on the LAG which is also called as micro BFD, a newly added member link might start to forward traffic immediately when the configuration change commits even though its micro BFD session is still down, for example, add a new member interface only on single end, and the remote member interface is disabled or not added. Therefore, traffic loss might be seen due to this issue. |
| 1514146 | The 100M SFP-FX is not supported on satellite device in Junos Fusion setup Product-Group=junos |
On satellite device in Junos Fusion setup, interfaces with 100M SFP-FX might not work properly. |
| PR Number | Synopsis | Category: ISIS routing protocol |
| 1526447 | The IS-IS LSP database synchronization issue might be seen while using the flood-group feature. Product-Group=junos |
On all Junos platform, when flood-group is configured on interface under isis, if isis LSPs time out and then come up, the device sends only self-generated LSPs and doesn't increment the LSP updates received from neighbor which flapped. This is causing LSP database out of synchronization issue. |
| PR Number | Synopsis | Category: jdhcpd daemon |
| 1525052 | The memory leak in jdhcpd might be seen if access-profile is configured under the dhcp-relay or dhcp-local-server statement. Product-Group=junos |
With access-profile being configured under "forwarding-options dhcp-relay" or "system services dhcp-local-server" stanza, there might be memory leak in jdhcpd when DHCP request is processed. The leaked memory size for each processing will be the number of bytes equal to the length of the access profile. |
| PR Number | Synopsis | Category: JSR Infrastructure |
| 1479156 | The vSRX may restart unexpectedly Product-Group=junos |
The srxpfe process generates core files when a socket-open error occurs during the initialization phase. Self-healing takes place when the srxpfe reboots and starts processing traffic. |
| PR Number | Synopsis | Category: jsscd daemon |
| 1511745 | Static subscribers are logged out after creating a unit under the demux0 interface. Product-Group=junos |
In MX platforms with static subscriber scenario, the existing static subscribers associated to a demux0 interface might be forced to log out after creating another unit under demux0 interface. |
| PR Number | Synopsis | Category: lacp protocol |
| 1463791 | Member links state might be asychronized on a connection between the PE and CE devices in an EVPN active/active scenario. Product-Group=junos |
In EVPN multi-homed active/active scenario, when LACP is enabled on PE-CE child member links and after recovering from a core-isolation on the PE device, the PE-CE child member links might be stuck in Detached state if LACP sync-reset feature is enabled on the CE device. The child links on the CE device might show the LACP state as Collecting Distributing. However, on the PE devices, the LACP state might be shown as Detached. |
| 1505523 | The aggregated Ethernet interface sometimes might not come up after switch is rebooted. Product-Group=junos |
In Junos platforms with LACP and knob "minimum-links" enabled scenario, AE interface might not come up after the switch is rebooted or the AE interface is deactivated/activated. This is because the knob "sync-reset" is enabled. ("sync-reset" is enabled by default on QFX and EX platforms, and it only needs to use when the "minimal link" is not supported on one side of an LACP). |
| PR Number | Synopsis | Category: Multiprotocol Label Switching |
| 1517018 | The rpd process might crash after upgrading Junos OS Release 18.1 to a later release. Product-Group=junos |
The rpd might continuously crash after upgrading pre Junos OS Release 18.1 to Junos OS Release 18.1 and later while graceful-restart and RSVP/static LSP are configured. This is because there is a change in the data structure written to the restart database file from Junos OS Release 18.1 and later. So, when rpd comes up and tries to read the restart database file written by pre Junos OS Release 18.1 image, the rpd might crash. |
| PR Number | Synopsis | Category: FreeBSD Kernel Infrastructure |
| 1518898 | The kernel might crash if a file/directory is accessed for the first time and is not created locally Product-Group=junos |
On the Junos with Virtual Filesystem (VirtFS), if a file/directory is accessed for the first time and is not created locally, the kernel might crash and generate a vmcore file. Junos might reboot due to this issue. |
| PR Number | Synopsis | Category: Kernel Stats Infrastructure |
| 1398128 | If the serial number of the PEM starts with 1F1, the following alarm might be generated: Minor FPC PEM Temp Sensor Failed. Product-Group=junos |
On ACX/EX/QFX/SRX platforms, if the PEM's serial number starts with "1F1", the alarm "Minor FPC PEM Temp Sensor Failed" might be seen. |
| PR Number | Synopsis | Category: Used for tracking OVSDB software issues and features |
| 1518807 | The vgd process might generate a core file when the OVSDB server restarts. Product-Group=junos |
On all Junos platforms that support OVSDB (Open vSwitch database), the vgd core might get generated when the OVSDB server is restarted. The vgd daemon restart after the core might cause traffic impact. This issue happens when OVSDB server is disconnected and the device (switch/router) sends some updates events to server. |
| PR Number | Synopsis | Category: Express Paradise PFE Sflow |
| 1525589 | Sampling with the rate limiter command enabled, crosses the sample rate 65535. Product-Group=junos |
'show sflow Interfaces' command displays wrong adaptive-sampling rates for rate limiter configuration. The display usually shows a sampling rate of more than 65535. |
| PR Number | Synopsis | Category: PTP related issues. |
| 1527612 | The transit PTP packet might be unexpectedly modified when passing through MPC2E-NG/MPC3E-NG/MPC5E Product-Group=junos |
If timestamping the packet at the physical layer (also known as PHY timestamping) is enabled for Precision Time Protocol (PTP), the transit PTP packets passing through the MPC2E-NG/MPC3E-NG/MPC5E might be modified to have huge value in Correction Field of the PTP packet even though there is not PTP port configured on these line cards. If the transit PTP packets are used for synchronizing downstream node, the clock frequency drift could be seen. The current fix in this PR is only applicable for G.8275.1 PTP profile. |
| PR Number | Synopsis | Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous) |
| 1387098 | Traffic loss may be observed due to switch modular failure on CB Product-Group=junos |
On QFX10008/QFX10016/PTX10008/PTX100016 platforms, traffic loss might be observed because of switch modular failure on the Control Board (CB). This failure further causes all SIBs to be marked as faulty and causes FPCs to restart until Routing Engine switchover occurs. |
| 1454527 | On the QFX5000 line of switches, the dcpfe process crashes due to the usage of data that is not null getting terminated. Product-Group=junosvae |
The dcpfe crash is due to usage of data which is not NULL terminated on QFX5K. |
| 1508611 | The fxpc may crash and restart with a fxpc core file created while installing image through ZTP Product-Group=junos |
On QFX5100/EX4600 Series platforms, the fxpc may crash sometimes while installing an image through ZTP. |
| PR Number | Synopsis | Category: QFX platform optics related issues |
| 1504630 | "Media type" in show interface command is displayed as "Fiber" for SFP-10G-T Product-Group=junos |
On QFX series, "Media type" in show interface command is displayed as "Fiber" for SFP-10G-T |
| PR Number | Synopsis | Category: QFX PFE Class of Services |
| 1430173 | The CoS rewrite rules applied under an aggregated Ethernet interface might not take effect after NSSU. Product-Group=junos |
On QFX 5K platform, Class of Service (CoS) rewrite rules applied under an Aggregated Ethernet (AE) interface might not take effect after Non-Stop Software Upgrade (NSSU). In the end, packets could not enter into correct queues for sending. |
| PR Number | Synopsis | Category: Filters |
| 1514710 | Firewall filters may not be loaded into the TCAM correctly Product-Group=junos |
n QFX5000/EX4600 platforms with VxLAN scenario, firewall filters loading failure might happen due to Ternary Content Addressable Memory(TCAM) overflow, which may cause traffic impact if the Junos version is upgraded to 18.1R3-S1 / 18.2R1 or higher. This is because IPACL VxLAN filter is introduced on that releases to replace regular IPACL for VxLAN VLANs. And after upgrade, IPACL VxLAN filter needs more entries in TACM compared with regular IPACL, which makes TCAM to overflow, and even traffic will be impacted. |
| PR Number | Synopsis | Category: QFX EVPN / VxLAN |
| 1473464 | QFX5K: "global-mac-table-aging-time" behavior with Multi homed EVPN VXLAN ESI Product-Group=junos |
When MAC change notification comes from L2 address learning daemon to PFE, PFE will handle this as MAC addition. That will cause the reset of MAC age timer in all FPC's of VC members in multi homed EVPN VXLAN-ESI cases. As part of MAC change HIT SA (Source Address) bits are wrongly programmed and leads to restart of the MAC age timer. So, MAC was aging in 3rd iteration and leading to this issue. |
| 1516653 | The MAC learning might not work properly after multiple MTU changes on the access port in VxLAN scenario Product-Group=junosvae |
On QFX5120 platform running with Virtual Extensible LAN protocol (VxLAN) scenario, if there are multiple iterations of MTU change on the access port which faces Customer Edge (CE) side, for example, 20 iterations under the scale with around 100 VLAN to VXLAN Network Identifier (VNI) mapping, the MAC learning on the access port might not be able to work properly due to this issue. |
| PR Number | Synopsis | Category: QFX VC Infrastructure |
| 1497563 | Virtual Chassis is not stable with 100-Gigabit Ethernet and 40-Gigabit Ethernet interfaces. Product-Group=junos |
In QFX5110 platform with Virtual Chassis (VC) scenario, VC might not get formed and can cause traffic loss if the 100G VCP ports are deleted and created, or changed from 40G to 100G or vice-versa. For the reason is that Forward Error Correction (FEC) should not be enabled when the physical interface is working as a VCP port. |
| PR Number | Synopsis | Category: RPD route tables, resolver, routing instances, static routes |
| 1421566 | Some LDP routes in VRF cannot be resolved over the inet.3 table Product-Group=junos |
Any route that is added to the rib will be resolved over predefined tables, and the resolution tables for a given protocol are fixed. LDP routes added to foo.mpls.0, the resolution table is not initialized due to this NULL access happen to lead to the core. |
| PR Number | Synopsis | Category: SNMP Infrastructure (snmpd, mib2d) |
| 1497841 | The SNMPv3 informs might not work properly after rebooting. Product-Group=junos |
On all Junos platforms with SNMPv3 informs configured, it may stop sending SNMP traffic to collector after rebooting the whole system. |
| PR Number | Synopsis | Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP) |
| 1482400 | The vmcore process crashes sometimes along with the mspmand process on MS-MPC/MS-MIC if large-scale traffic flows are processed. Product-Group=junos |
With NAT/Stateful-firewall/TCP tickle (enable by default) configured on MS-MPC/MS-MIC, the vmcore crash sometimes along with mspmand crash might happen if large-scale traffic flows (e.g. million flows) are processed by it. |
| 1489942 | Prolonged flow control might occur with MS-MPC or MS-MIC. Product-Group=junos |
On MX platforms with MS-MPC/MS-MIC, if there are lots of self-generated packets like TCP-tickle and UDP-logging, there might be data congestion on the data path due to no throttling functionality for such types of packets. When the data path is blocked, prolonged flow-control might happen with the service interfaces being brought down and the PIC reboot. At the same time, the mspmand core file will be generated if dump-on-flow-control is enabled. |
| PR Number | Synopsis | Category: Remote Access VPN issues on SRX |
| 1442145 | With NCP remote access solution, in a PathFinder case (for example, where IPsec traffic has to be encapsulated as TCP packets), TCP encapsulation for transit traffic is failing. Product-Group=junos |
With the NCP remote access solution, where IPsec traffic has to be encapsulated as TCP packets, TCP encapsulation for transit traffic is failing. |
| PR Number | Synopsis | Category: SSL Proxy functionality on JUNOS |
| 1516903 | A logic issue was corrected in SSL proxy that could lead to an srxpfe or flowd core file under load. Product-Group=junos |
On all SRX Series devices with SSL-Proxy used, memory leak might occur when new session creation refers to the SSL-Proxy profile, which results in a corrupted memory accessed and the flowd/srxpfe process crash. |
| PR Number | Synopsis | Category: MPC7/8/9 Interface Issues |
| 1513321 | The wavelength configured through the CLI might not be set on the SFP+-10G-T-DWDM-ZR optics when the optics is used on the MPC7E line card. Product-Group=junos |
The code change in PR 1410877 (which is fixed in 19.1R1 19.2R1) broke the wavelength configuration for tunable optics on MPC7E line card. After configuring 'interfaces <> optics-options wavelength' for interfaces using SFP+-10G-T-DWDM-ZR optics on MPC7E line card, the wavelength configured might not take effect on these interfaces. |
| PR Number | Synopsis | Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch |
| 1523902 | The PADI packets might be dropped when the interface encapsulation VPLS is set along with accepted protocol configured as PPPoE. Product-Group=junos |
On the MX platforms with the PPPoE subscriber management enabled, the PADI packets might get dropped when interface encapsulation VPLS is set along with accepted protocols configured as PPPoE in auto-configure dynamic profiles. This issue will cause the PPPoE subscribers can not access service. |
| 1525585 | Addition and removal of an aggregated Ethernet interface member link might cause the PPPoE subscriber session and traffic to drop. Product-Group=junos |
On the MX platforms with enhanced subscriber management enabled, when adding/removing one of the member links with "down" status to/from two member links AE bundle on the same PFE (Packet Forwarding Engine), because of the incorrect CoS (Class of Service) queue update, the PPPoE subscribers traffic are mapped to an incorrect queue and get dropped over the AE bundle. |
| 1529602 | In the subscriber management environment, the RADIUS interim accounting records does not get populated with the subscriber statistics. Product-Group=junos |
In subscriber management environment, RADIUS interim accounting records are not populated with the subscriber statistics after system reboot. In this case, the MAC of the routing engine is not learned by the nextgen-stats manager on the PFE. Use the following command to verify the problem. "request pfe execute target fpc0 command "show nextgen-stats manager" Nextgen Manager microcode stats: ================================== Interim stats push from ASIC supported : Yes Is ucode running : Yes configured values: gen num : 17 interval slow : 300000 ms interval fast : 60000 ms callout period : 1 ms vlan_re0 : 0 vlan_re1 : 2 ip re0 : 0x80000001 ip re1 : 0x80000006 mac re0 : 0x000000000000 <-----------not programmed mac re1 : 0x020100000005 <----------- programmed src ip : 0x8000001b version : 0 member id : 0 |
| PR Number | Synopsis | Category: Trio pfe bridging, learning, stp, oam, irb software |
| 1494594 | Packets get dropped when next hop is IRB over an lt interface. Product-Group=junos |
On MX series platforms, when a route's next-hop is an IRB interface with lt- as the underlying L2 interface, it is not getting programmed on PFE, resulting in packet drop. |
| 1501014 | Traffic to VRRP virtual IP or MAC addresses might be dropped when ingress queuing is enabled. Product-Group=junos |
On MX platforms with any MPC in enhanced network-service mode, if VRRP is configured on AE interface, after 'set chassis fpc X pic X traffic-manager mode ingress-and-egress' is enabled, traffic sent to virtual IP/MAC might be dropped and the forward traffic will be affected. |
| PR Number | Synopsis | Category: Web-Management UI |
| 1513612 | Installing J-Web application package may fail on the EX2300/EX3400 platforms Product-Group=junos |
On the EX2300/EX3400 platforms, J-Web application package may fail to be installed with the affected releases. |
| PR Number | Synopsis | Category: MX10K linecard |
| 1510994 | The disabled QSFP transceiver might fail to get turned on. Product-Group=junos |
In a scenario where QSFP is used as a single interface or child link of the aggregated Ethernet interface, if the interface is disabled and enabled frequently, the write errors might happen on inter-integrated circuit of QSPF. Then the laser of QSFP might not be enabled. |
| PR Number | Synopsis | Category: EX4300 PFE |
|---|---|---|
| 1538401 | LLDP neighborship might not come up on EX4300 non-AE interfaces Product-Group=junos |
Due to a regression introduced by PR/1517133, LLDP might not work on non-AE (Aggregated Ethernet) interfaces. |
| PR Number | Synopsis | Category: NFX Series Platform Software |
| 1462556 | Junos OS: NFX350: Password hashes stored in world-readable format (CVE-2020-1669) Product-Group=junos |
The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. Refer to https://kb.juniper.net/JSA11066 for more information. |
| PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
| 1481987 | Multicast traffic loss could be seen in certain conditions while enabling IGMP snooping under EVPN-VXLAN ERB scenario Product-Group=junos |
On QFX5110 and QFX5120 platform that is running as a Layer 3 VXLAN gateway, if the "igmp-snooping" statement is enabled in partial but not for all bridge domains, multicast traffic loss could be observed in non-igmp snooping bridge domains. |
| PR Number | Synopsis | Category: ACX Interfaces IFD, IFL, vlans, and BRCM init |
| 1529822 | "gigether-options fec none" option not available on ACX5048/ACX5096 on 10g/40g interfaces Product-Group=junos |
Knobs added back again via PR1430009 |
| PR Number | Synopsis | Category: Bi Directional Forwarding Detection (BFD) |
| 1522261 | BFD with authentication for BGP flaps after GRES or NSR switchover on the NG-RE and SCBE2 setup. Product-Group=junos |
On the devices with NG-RE (Next Generation Routing Engine) and SCBE2 (Enhanced Switch Control Board), when BFD authentication for BGP is enabled, the BFD may flap after the NG-RE switchover. The switchover should be GRES or NSR switchover. After the flap, the device could be self recovery. |
| PR Number | Synopsis | Category: Border Gateway Protocol |
| 1456260 | Packet drop and CPU spike on Routing Engine might be seen in certain conditions if labeled-unicast protection is enabled for a CsC-VRF peer. Product-Group=junos |
On all Junos OS platforms under carrier supporting carrier (CsC) scenario, when PE link protection (labeled-unicast protection) is enabled, after one of the redundant links between CsC-CE flap or RSVP-TE LSP re-route from the primary path happens, it might result in slow convergence issue. Packets drop and CPU spike on the Routing Engine might be seen during this period. |
| 1517498 | The rpd might crash after deleting and re-adding a BGP neighbor Product-Group=junos |
In BGP scenario on all Junos platforms, after deleting and re-adding a BGP neighbor, the rpd might crash due to a rare timing issue. |
| PR Number | Synopsis | Category: Manageability for Node Virtualization |
| 1524766 | Dvaita JDM[Ubuntu 18.04.4] Commit is Successful while Deactivating CB0/CB1 interfaces with GNF's running Product-Group=junosvae |
When a user tries to delete/deactivate cb0/cb1 interfaces while GNFs are running, commit failure is expected but the commit may succeed even though following (correct) error message gets displayed: "cb0/cb1 interfaces cannot be deleted while 'system commit synchronize' is configured" |
| 1527322 | Dvaita JDM: Commit Error Messages are coming twice while validating physical-cores knob Product-Group=junosvae |
Commit error messages get printed twice while validating physical-cores knob for GNFs. |
| PR Number | Synopsis | Category: EVPN Layer-2 Forwarding |
| 1521199 | The l2ad process might crash when EVPN-DCI session is teared down by MP-BGP-EVPN peer Product-Group=junos |
On EVPN-VXLAN scenario, when EVPN-DCI session is teared down by MP-BGP-EVPN peer, the l2ald process might crash with a core file generated in all VTEPs. It might cause total EVPN-VXLAN fabric bring down and entire network impact. |
| PR Number | Synopsis | Category: Category for JET(JUNOS Extension Toolkit) related issues |
| 1525671 | High CPU on NFX250-NG on process jsd Product-Group=junos |
High CPU is seen due to jsd, even though no telemetry/programmable features have been configured |
| PR Number | Synopsis | Category: Flow Module |
| 1467654 | TCP session might not time out properly upon receiving TCP RESET packet Product-Group=junos |
TCP session cannot time out properly upon receiving the TCP RESET packet, and the session timeout does not change to 2 seconds. |
| PR Number | Synopsis | Category: Firewall Policy |
| 1454907 | Traffic might be dropped when policies are changed in SRX Series devices Product-Group=junos |
If a huge number of policies are configured on SRX Series devices and some policies are changed, the traffic that matches the changed policies might be dropped. |
| PR Number | Synopsis | Category: IPSEC/IKE VPN |
| 1517262 | The flowd might crash in IPsec VPN scenario Product-Group=junos |
On SRX platforms with IPsec VPN configured, the flowd might crash during the IPsec VPN rekey window. The traffic/service might be impacted if hitting this issue. |
| PR Number | Synopsis | Category: L2TP service related issues |
| 1527343 | L2TP subscribers might fail to establish a session on MX if the CPE is a virtual host Product-Group=junos |
L2TP subsribers might fail to establish sessions with MX device which is configured as L2TP LNS. This happens when the subscriber customer premises equipment host (CPE) is a virtual setup. |
| PR Number | Synopsis | Category: Multiprotocol Label Switching |
| 1506062 | The rpd process might crash when rpd restarts or GRES switchovers. Product-Group=junos |
On all Junos platforms with GR (Graceful Restart) and LSP (Label Switched Path) configured, if the /mfs/var/db/tag_restart.db file is corrupted, the rpd process might crash when triggering rpd restart or GRES (Graceful Routing Engine Switchover) switchover. Traffic loss might be seen during the rpd crash and restart. |
| PR Number | Synopsis | Category: Multicast for L3VPNs |
| 1460480 | Traffic loss is observed while verifying multicast route with VT for VPNA. Product-Group=junos |
On the Junos platforms with inter-AS NG-MVPN, traffic loss may be observed when the NG-MVPN VRF is disabled on one of these ASBRs. |
| PR Number | Synopsis | Category: Jflow and sflow on MX |
| 1487876 | Incorrect 'frame length' of 132 bytes might be captured in packet header Product-Group=junos |
On all MX/PTX5k/EX platforms with Trio based line cards, if a packet is send with more than 128 bytes it will always show incorrect "Frame length" of 132 bytes in raw packet header of sflow collector captured data. |
| PR Number | Synopsis | Category: IDS features available on MS-MPC/MIC |
| 1527236 | After applying ids-rules to service-set, high session rate is observed even without any DDos traffic Product-Group=junos |
On MX platforms with MS-MIC/MS-PIC, if applying IDS filter and reaching high CPU state, the session rate stay high even without any DDos traffic which may lead to dropping of new session requests. |
| PR Number | Synopsis | Category: PE based L3 software |
| 1500798 | BFD sessions flap after deactivating or activating the aggregated Ethernet interface or executing GRES. Product-Group=junos |
On QFX10008 platforms, if the BFD is configured over an AE interface (member link across multiple FPCs), deactivating/activating the AE interface or executing GRES will cause the BFD sessions to flap. |
| PR Number | Synopsis | Category: Interface related issues. Port up/down, stats, CMLC , serdes |
| 1515487 | The 100G AOC non-breakout port might be auto-channelized to other speed Product-Group=junos |
On QFX5k platform with QFX-5e image, if the 100G port is enabled with auto-channelization (which is by default) and the AOC (Active Optical Cable) non-breakout transceiver is used on it, the 100G port might be detected as breakout and auto-channelized to other speed (e.g. 50G). The interface connection will be impacted. |
| PR Number | Synopsis | Category: MX10003/MX204 Platform SW - Chassisd s/w defects |
| 1464879 | The following constant messages flooding in log is observed: summit_pic_port_profile_isvalid: VALID Port profile. Product-Group=junos |
constant messages flodding in log: summit_pic_port_profile_isvalid: VALID Port profile These messages are cosmetic messages and don't have any service impact |
| PR Number | Synopsis | Category: ZT/YT PFE l3 forwarding |
| 1529475 | The multicast traffic might be dropped due to hash mismatch when there are AE and ECMP links involved in multicast tree Product-Group=junos |
On MX platforms with MPC10 or MPC11 line cards, the multicast traffic over an AE or ECMP interface may be dropped because the hash calculation on the egress line card could be different than on the ingress line card. This could happen if the encapsulation on the egress interface changes a field in the packet that is used in the hash calculation. |
| PR Number | Synopsis | Category: UI Infrastructure - mgd, DAX API, DDL/ODL |
| 1452136 | The mgd might crash when you use the replace pattern command. Product-Group=junos |
When you use the "replace pattern" command to replace the name in the apply-group, the mgd crashes. |
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search