Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles19.4R2-S2: Software Release Notification for JUNOS Software Version 19.4R2-S2
Warning: With VPLS/Bridge-Domain environment, an MX/EX9200 Series router with Trio-based MPCs running this software version, the MPCs may experience NH memory leak in the PFEs when using integrated routing and bridging (IRB) interface participating in the VPLS/Bridge-domain instance.
Junos Software service Release version 19.4R2-S2 is now available.
| PR Number | Synopsis | Category: EX driver issues |
|---|---|---|
| 1515689 | The IP communication between directly connected interfaces on EX4600 would fail Product-Group=junosvae |
The IP communication between directly connected interfaces on EX4600 TVP platforms would fail. This issue only might occur in this special scenario and it might have traffic/service impact. |
| PR Number | Synopsis | Category: NFX Layer 2 Features Software |
| 1502700 | MAC aging does not work on NFX platforms Product-Group=junos |
The MAC address in MAC table of NFX250/350 platforms does not age out of the table. In some special scenarios the MAC table might be fully filled, and the traffic with new destination MAC would be all flooded. The performance of the device might be impacted. |
| PR Number | Synopsis | Category: QFX Access control list |
| 1521763 | Firewall "sample" configuration gives the warning as unsupported on QFX10002-36q and will not work. Product-Group=junos |
On QFX10002-36q, when inline-jflow is configured, the IPv4 firewall filter with 'sample' action gives a waring "unsupported platform" and will not work. On the other hand, the IPv6 firewall filter with 'sample' action will still work as expected. |
| PR Number | Synopsis | Category: JUNOS kernel/ukernel changes for ACX |
| 1509402 | PFE crash might be seen and the FPC may remain down on ACX710 platform Product-Group=junos |
On ACX710 platform, after the PTP(Precision Time Protocol) configuration is removed and the router is rebooted, the PFE might crash and the FPC remains down if PTP traffic is still coming into the router. This issue might also happen when SyncE is configured. This causes the router to crash and not come up. |
| PR Number | Synopsis | Category: ACX GE, 10GE, PoE, IDT framers |
| 1430009 | The gigether-options command is enabled again under the interface hierarchy. Product-Group=junos |
gigether-options and ether-options both are support on ACX5k PR1430009 initially opened to remove gigether-options, now it has been reverted. Revert has been tracked in the same PR 1430009. Yes, latest fix of PR 1430009 has added back gigether-options |
| PR Number | Synopsis | Category: Border Gateway Protocol |
| 1483097 | The BGP RPKI ROA withdrawal might lead to an unexpected BGP route flap. Product-Group=junos |
Originally, when an RPKI RTR server or an RPKI Validator withdraws ROAs they are marked as "stale" and then flushed when the garbage collection timer runs out. For the short period of time, this might result in incorrect validation status. If there's an egress BGP policy which suppresses routes with RPKI status of invalid, the affected prefixes will be withdrawn and then, when the correct route validation status is reclaimed, re-advertised. With the fix, the withdrawn ROAs are deleted from the validation database immediately. |
| 1514635 | The rpd might report 100% CPU usage with BGP route damping enabled Product-Group=junos |
If a BGP speaker is configured with damping and a peer is flapping, the deferred deleting in BGP might cause a high rpd CPU usage. |
| 1517498 | The rpd process might crash after deleting and then adding a BGP neighbor. Product-Group=junos |
In BGP scenario on all Junos platforms, after deleting and re-adding a BGP neighbor, the rpd might crash due to a rare timing issue. |
| PR Number | Synopsis | Category: Device Configuration Daemon |
| 1519334 | Junos OS: Buffer overflow vulnerability in device control daemon (CVE-2020-1664) Product-Group=junos |
A stack buffer overflow vulnerability in the device control daemon (DCD) on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service (DoS) against the daemon or execute arbitrary code in the system with root privilege. Refer to https://kb.juniper.net/JSA11061 for more information. |
| PR Number | Synopsis | Category: JUNOS kernel/ukernel changes for DNX |
| 1537619 | on ACX5448 PFE crash on vty command "show pfe ifd" Product-Group=junos |
In 19.4 release when "show pfe ifd" command executed in the PFE, FPC crash is observed in ACX5448 platform. This issue is addressed in 19.4R2-S2. |
| PR Number | Synopsis | Category: Layer 3 forwarding, both v4+v6 |
| 1491261 | VPLS flood groups result in IPv4 traffic drop after the core interface flaps. Product-Group=junos |
VPLS flood groups result in IPv4 traffic drop after core interface flap. |
| 1519372 | The IPv6 neighbor state change causes Local Outlif to leak by two values, which leads to the following error: DNX_NH::dnx_nh_tag_ipv4_hw_install. Product-Group=junos |
On ACX5448/ACX5448-D, PFE memory exhaustion is reported due to continuous IPv6 neighbor flaps. |
| PR Number | Synopsis | Category: DNX VPLS |
| 1532995 | Memory leak in Local OutLif in VPLS/CCC topology Product-Group=junos |
In a VPLS/CCC topology with core link protection when one of the core link flaps or the remote CE flaps "Local OutLif" leak happens. Local OutLif Total entries: 196608 Used entries: 33335 Lowest entry: 0(0x0) /*Initially when vpls is up */ Local OutLif Total entries: 196608 Used entries: 33303 Lowest entry: 0(0x0) /*When VPLS is down*/ Local OutLif Total entries: 196608 Used entries: 33337 Lowest entry: 0(0x0) /*When VPLS is up again*/ |
| PR Number | Synopsis | Category: EVPN control plane issues |
| 1530991 | The rpd process might crash when auto-service-id is configured in the EVPN-VPWS scenario. Product-Group=junos |
On all Junos platforms with EVPN VPWS scenario, if auto-service-id is configured and the service IFL under VPWS instance is down, the rpd crash might be seen when any changes made to the configuration. |
| PR Number | Synopsis | Category: MX Inline Jflow |
| 1500179 | Inline JFlow might report wrong value for some fields in flow records after enabling nexthop-learning and route churn happens Product-Group=junos |
When inline flow monitoring (inline JFlow) along with nexthop-learning enabled is configured on Trio-based line card, the Sampling Route Record Module (i.e. sampler-rr or SRR thread) on PFE ukernel might miss some next-hops updates due to a race condition if route churn happens under large-scale next-hops scenario (e.g. >50K next-hops) and the route churn results in multiple next-hops adding/changing/deleting operations. So, JFlow might report wrong value for some fields in flow records for traffic forwarded using these next-hops missed in SRR. |
| PR Number | Synopsis | Category: Aggregated Sonet Interfaces |
| 1472439 | The sonet-options configuration statement is disabled for the xe interface that works in wan-phy mode. Product-Group=junos |
On all MX platforms, the 'sonet-options' stanza cannot be configured on xe interface working in wan-phy mode after Junos 19.4R1. This issue may cause software upgrade failure to 19.4R1 or onwards due to configuration validation fails. |
| PR Number | Synopsis | Category: jdhcpd daemon |
| 1511782 | Junos OS: Receipt of malformed DHCPv6 packets causes jdhcpd to crash (CVE-2020-1671) Product-Group=junos |
On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dump if a malformed DHCPv6 packet is received, resulting with the restart of the daemon. Refer to https://kb.juniper.net/JSA11068 for more information. |
| PR Number | Synopsis | Category: Adresses ALG issues found in JSF |
| 1510678 | The srxpfe or mspmand process might crash if FTPS is enabled in a specific scenario. Product-Group=junos |
If FTPS service is enabled on an SRX/MX device where both source NAT and "ssl-proxy" are not configured, then the device may crash upon receiving FTPS traffic. |
| PR Number | Synopsis | Category: Adresses NAT/NATLIB issues found in JSF |
| 1532249 | Improve the max ENODE connections for one persistent NAT binding from 8 to 32 Product-Group=junos |
Improve the max ENODE connections for one persistent NAT binding from 8 to 32 |
| PR Number | Synopsis | Category: Firewall Module |
| 1521325 | The TCP packet might be dropped if syn-proxy protection enabled Product-Group=junos |
On SRX series devices, if TCP SYN flood protection is enabled with TCP SYN Proxy and the 3rd and 4th packet from the client arrive at the same time, then it can cause an SEQ error that may break the TCP connection. |
| PR Number | Synopsis | Category: Layer 2 VPN related issues |
| 1503282 | The MPLS label manager might allow configuration of a duplicated VPLS static label. Product-Group=junos |
On all JUNOS and all Junos EVO platforms, when configuring wrong static label-range or duplicated static labels for l2circuit or LDP-based VPLS, the instance will not be up. |
| PR Number | Synopsis | Category: Layer 2 Circuit issues |
| 1511783 | The rpd process might crash after removing the last configured interface under the l2circuit neighbor. Product-Group=junos |
On all Junos platforms, rpd crash may be observed after removing the last interface configured under the l2circuit neighbor which is in fact active. |
| 1512834 | The rpd process might crash when deleting the l2circuit configuration in a specific sequence. Product-Group=junos |
If l2circuit local-switching is enabled with connection-protection, the rpd could crash in the following configuration change sequence. 1. First, delete the logical interface (IFL) used by a l2circuit and commit the change. 2. Then, delete the corresponding l2circuit configuration. The rpd could crash after committing the change. |
| PR Number | Synopsis | Category: Multiprotocol Label Switching |
| 1517018 | The rpd process might crash after upgrading Junos OS Release 18.1 to a later release. Product-Group=junos |
The rpd might continuously crash after upgrading pre Junos OS Release 18.1 to Junos OS Release 18.1 and later while graceful-restart and RSVP/static LSP are configured. This is because there is a change in the data structure written to the restart database file from Junos OS Release 18.1 and later. So, when rpd comes up and tries to read the restart database file written by pre Junos OS Release 18.1 image, the rpd might crash. |
| PR Number | Synopsis | Category: OS IPv4/ARP/ICMPv4 |
| 1511833 | The kernel might crash causing the router or the Routing Engine to reboot when making virtual IP related change Product-Group=junos |
On all Junos platforms with VRRP enabled, if delete and add any configuration which involves the virtual IP in the same commit, the kernel might crash. When this happens, the system or the RE will reboot. |
| PR Number | Synopsis | Category: FreeBSD Kernel Infrastructure |
| 1518898 | The kernel might crash if a file/directory is accessed for the first time and is not created locally Product-Group=junos |
On the Junos with Virtual Filesystem (VirtFS), if a file/directory is accessed for the first time and is not created locally, the kernel might crash and generate a vmcore file. Junos might reboot due to this issue. |
| 1537696 | Errors seen when dumping vmcore on EX-3400 series Product-Group=junos |
EX3400 and EX2300 hang while trying to generate core files. |
| PR Number | Synopsis | Category: vMX Platform Infrastructure related issue tracking |
| 1493805 | Viewing a large file from vFPC console may hog the console. Product-Group=junos |
Viewing a large file from vFPC console using "cat" application may hog the console. |
| PR Number | Synopsis | Category: PTP related issues. |
| 1527612 | The transit PTP packet might be unexpectedly modified when passing through MPC2E-NG/MPC3E-NG/MPC5E Product-Group=junos |
If timestamping the packet at the physical layer (also known as PHY timestamping) is enabled for Precision Time Protocol (PTP), the transit PTP packets passing through the MPC2E-NG/MPC3E-NG/MPC5E might be modified to have huge value in Correction Field of the PTP packet even though there is not PTP port configured on these line cards. If the transit PTP packets are used for synchronizing downstream node, the clock frequency drift could be seen. The current fix in this PR is only applicable for G.8275.1 PTP profile. |
| PR Number | Synopsis | Category: QFX platform optics related issues |
| 1504630 | "Media type" in show interface command is displayed as "Fiber" for SFP-10G-T Product-Group=junos |
On QFX series, "Media type" in show interface command is displayed as "Fiber" for SFP-10G-T |
| PR Number | Synopsis | Category: QFX VC Infrastructure |
| 1497563 | Virtual Chassis is not stable with 100-Gigabit Ethernet and 40-Gigabit Ethernet interfaces. Product-Group=junos |
In QFX5110 platform with Virtual Chassis (VC) scenario, VC might not get formed and can cause traffic loss if the 100G VCP ports are deleted and created, or changed from 40G to 100G or vice-versa. For the reason is that Forward Error Correction (FEC) should not be enabled when the physical interface is working as a VCP port. |
| PR Number | Synopsis | Category: RPM and TWAMP |
| 1533025 | There is a TWAMP interoperability issue between Junos OS releases. Product-Group=junos |
PR 1434740 (which is fixed in 19.1R2 19.2R1-S4 19.2R2 19.3R1) corrected a timeout format in Two-Way Active Management Protocol (TWAMP) so as to comply with RFC 5357. However, it causes TWAMP interoperability issue between Junos releases with and without the fix of PR 1434740. If Junos release without PR 1434740 is used on TWAMP client and Junos release with PR 1434740 is used on TWAMP server, only the first TWAMP test iteration runs, after that, the TWAMP server will terminate both the TWAMP control connection and TWAMP test sessions because the timeout condition is not triggered by the TWAMP server due to the timeout counter having an invalid value (i.e. a negative value). If TWAMP client does not support TWAMP Auto-Restart feature (supported from Junos 19.1R1), TWAMP client have to start the TWAMP control connection once again using the "request services rpm twamp start client", irrespective of test-count value. This PR fix resolves this TWAMP interoperability issue. |
| PR Number | Synopsis | Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP) |
| 1489942 | Prolonged flow control might occur with MS-MPC or MS-MIC. Product-Group=junos |
On MX platforms with MS-MPC/MS-MIC, if there are lots of self-generated packets like TCP-tickle and UDP-logging, there might be data congestion on the data path due to no throttling functionality for such types of packets. When the data path is blocked, prolonged flow-control might happen with the service interfaces being brought down and the PIC reboot. At the same time, the mspmand core file will be generated if dump-on-flow-control is enabled. |
| PR Number | Synopsis | Category: SRX-1RU platfom related protocol, QoS, filtering features et |
| 1515046 | VRRP does not work on the reth interface with a VLAN ID greater than 1023. Product-Group=junos |
When a redundant Ethernet (reth) interface has vlan-tagging configured and is part of a VRRP group, the SRX/vSRX is unable to allocate the VIP to the reth interface if the vlan-id configured is greater than 1023. As a result, VRRP does not work. |
| PR Number | Synopsis | Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch |
| 1529602 | In the subscriber management environment, the RADIUS interim accounting records does not get populated with the subscriber statistics. Product-Group=junos |
In subscriber management environment, RADIUS interim accounting records are not populated with the subscriber statistics after system reboot. In this case, the MAC of the routing engine is not learned by the nextgen-stats manager on the PFE. Use the following command to verify the problem. "request pfe execute target fpc0 command "show nextgen-stats manager" Nextgen Manager microcode stats: ================================== Interim stats push from ASIC supported : Yes Is ucode running : Yes configured values: gen num : 17 interval slow : 300000 ms interval fast : 60000 ms callout period : 1 ms vlan_re0 : 0 vlan_re1 : 2 ip re0 : 0x80000001 ip re1 : 0x80000006 mac re0 : 0x000000000000 <-----------not programmed mac re1 : 0x020100000005 <----------- programmed src ip : 0x8000001b version : 0 member id : 0 |
| PR Number | Synopsis | Category: Trio pfe qos software |
| 1523881 | Configured scheduler-map is not applied on ms- interface if the service PIC is in the Offline state during commit Product-Group=junos |
On MX platforms with MS-MPC/MS-MIC card installed, when configuring Class of Service (CoS) scheduler-map on ms- interface, if the corresponding service PIC is in offline state at the moment of configuration commit, the configured scheduler-map will not get applied to the ms- interface after the PIC is brought online. |
| PR Number | Synopsis | Category: Trio pfe bridging, learning, stp, oam, irb software |
| 1494594 | Packets get dropped when next hop is IRB over an lt interface. Product-Group=junos |
On MX series platforms, when a route's next-hop is an IRB interface with lt- as the underlying L2 interface, it is not getting programmed on PFE, resulting in packet drop. |
| PR Number | Synopsis | Category: VSRX platform software |
| 1402028 | Azure vSRX3.0:SSH public key authentication is NOT supported on deployment Product-Group=junos |
On Microsoft Azure deployments, SSH public key authentication is not supported for vSRX 3.0 CLI and portal deployment. |
| PR Number | Synopsis | Category: NFX Series Platform Software |
|---|---|---|
| 1462556 | Junos OS: NFX350: Password hashes stored in world-readable format (CVE-2020-1669) Product-Group=junos |
The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. Refer to https://kb.juniper.net/JSA11066 for more information. |
| PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
| 1486632 | On the QFX 5100-48T-6Q Virtual Chassis or Virtual Chassis fan, the following error message is observed while copying image to the Virtual Chassis fan member and trying to downgrade the image: rcp for member 14, failed. Product-Group=junos |
On QFX 5100-48T-6Q VC/VCF, Observed error message "rcp for member 14, failed" while copying image to VCF member. when trying to downgrade the image |
| 1500508 | On the QFX5100 Virtual Chassis or Virtual Chassis fan, traffic loss on multiple traffic streams is observed after reboot and the interfaces of the Virtual Chassis node flaps. Product-Group=junos |
On QFX5100 VC/VCF : Observing traffic loss on multiple traffic streams after reboot and flapping the interfaces of the VC node |
| 1508133 | Traffic loss occurs in the BGP streams while triggering GRES and reboot with the base configuration. Product-Group=junos |
On QFX5100-VC, traffic loss is observed in BGP streams while doing the triggers GRES & Reboot with base configurations. |
| PR Number | Synopsis | Category: CoS support on ACX |
| 1488935 | The queue statistics are not as expected after configuring the physical interface and logical interface shaping with the transmit rate and scheduler-map. Product-Group=junos |
On ACX platforms with shaping configured, after deactivating and activating CoS the shaping might not work and traffic drop would appear. Not fixed on 19.2R3-S1. Fixed in higher releases. |
| PR Number | Synopsis | Category: Argus Platform issues |
| 1480217 | On the ACX6360 router, the disk usage might keep increasing. Product-Group=junos |
On PTX1000/ACX6360 Series platforms, the vmhost disk usage might keep increasing due to an incorrect sensor path. |
| PR Number | Synopsis | Category: build and packaging related PRs and features using WRL Yocto |
| 1470217 | The router might become nonresponsive and bring the traffic down when the disk space becomes full. Product-Group=junos |
On the PTX10001/ACX6360 platforms, the unionfs filesystem may get full on vmhost, this bacause there is a mail package in the WRlinux 8 continue to fill the mail logs into the unionfs filesystem. This issue will cause the router to hand and bring traffic down. |
| PR Number | Synopsis | Category: Sflow on qfx10k/ptx series PRs for defect & enhancement req |
| 1521732 | Output interface index in SFLOW packet is zero when transit traffic is observed on the IRB interface with VRRP enabled Product-Group=junos |
When VRRP is enabled on IRB interface and SFLOW is enabled on QFX10000 Series platforms, output interface Index in SFLOW packet will be zero for the traffic destined to VRRP MAC address. |
| PR Number | Synopsis | Category: IPSEC/IKE VPN |
| 1517262 | The flowd might crash in IPsec VPN scenario Product-Group=junos |
On SRX platforms with IPsec VPN configured, the flowd might crash during the IPsec VPN rekey window. The traffic/service might be impacted if hitting this issue. |
| PR Number | Synopsis | Category: FreeBSD Kernel Infrastructure |
| 1505864 | The installation fails when upgrading from legacy Junos to specific BSDx based Junos Product-Group=junos |
The installation might fail when upgrading from legacy Junos (before Junos 15.1) to higher BSDx based Junos releases (Junos 15.1 and after). |
| PR Number | Synopsis | Category: RPD Interfaces related issues |
| 1469873 | With the BGP rib-sharding and update-threading, traffic drops 100 percent in the BGP Layer 3 VPN streams, post the removal or restoration configuration. Product-Group=junos |
This issue observed with BGP rib-sharding and update-threading configuration which has SCALE VRFs and below steps are performed. 1. Delete all VRFs. 2. Rollback or reconfigure the same VRFs immediately. The issue can also be seen if the above steps are performed directly or indirectly such as loading configuration which doesn't have VRFs and rollbacking immediately. |
| PR Number | Synopsis | Category: Web-Management UI |
| 1513612 | Installing J-Web application package may fail on the EX2300/EX3400 platforms Product-Group=junos |
On the EX2300/EX3400 platforms, J-Web application package may fail to be installed with the affected releases. |
| PR Number | Synopsis | Category: Unified Services Framework |
| 1529224 | Non-impacting error message is seen in the message logs: IFP error> ../../../../../../../../../src/pfe/usp/control/applications/interface/ifp.c@3270:(errno=1000) tunnel session add failed. Product-Group=junos |
SPC3 related 'IFP tunnel session add' messages in the logs. |
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search