17.4R3-S3: Software Release Notification for JUNOS Software Version 17.4R3-S3

Junos Software service Release version 17.4R3-S3 is now available.

17.4R3-S3 - List of Fixed issues

PR Number	Synopsis	Category: EX4300 PFE
1456879	The traffic for some VLANs might not be forwarded when vlan-id-list is configured Product-Group=junos	On EX4300 Series switches, if the vlan-id-list is used on one interface, the traffic for some VLANs under the vlan-id-list might not be forwarded.
1493212	IPv6 neighbor solicitation packets might be dropped in a transit device. Product-Group=junos	In EX4300 platform with a Layer 2 scenario, IPv6 neighbor solicitation (NS) packets transiting an EX switch might be dropped if there is a firewall filter matching "next-header icmpv6" then "policer xxx with discard action" configured under a loopback interface. That will cause the IPv6 communication going through the EX switch to fail (IPv4 works fine).
1495129	Junos OS: EX4300 Series: High CPU load due to receipt of specific IPv4 packets (CVE-2020-1670) Product-Group=junos	On Juniper Networks EX4300 Series, receipt of a stream of specific IPv4 packets can cause Routing Engine (RE) high CPU load, which could lead to network protocol operation issue and traffic interruption. This specific packets can originate only from within the broadcast domain where the device is connected. Please refer to https://kb.juniper.net/JSA11067 for more information.
1518929	ex4300: Redirected IP traffic is being duplicated Product-Group=junos	On EX4300 platforms with IRB/L3 interface, the redirected traffic with the source from another subnet is getting duplicated.
PR Number	Synopsis	Category: Marvell based EX PFE L3
1462106	Error messages related to soft reset of port due to queue buffers being stuck could be seen on EX-4600-EX-4300 VC Product-Group=junos	Error messages related to soft reset of port due to queue buffers being stuck could be seen on EX-4600-EX-4300 VC
PR Number	Synopsis	Category: HW Board, FPGA, CPLD issues
1407095	QFX10002 showing error fpc0 prds_ptc_clear_all_pulse_and_samples: prds_ptc_clear_all_pulse_and_samples PE 4 PTC 2: after clearing sample, sample still valid 1 Product-Group=junos	The error we are seeing is for the ptc (Precision time counter ).On some QFX10002, the PTC Sync SW algorithm does not always run at the expected time; this algorithm keeps the PE chip time counters up to date, which is used for the IEEE 1588 PTP feature. On some hardware, there are error logs sent to the console, even though the algorithm is actually running correctly. Not all QFX10002 exhibit this behavior.The impact of the bug is that there are too many error logs that are not useful, which flood the console or message logs This only applies to the QFX10002.
PR Number	Synopsis	Category: QFX Access control list
1521763	Firewall "sample" configuration gives the warning as unsupported on QFX10002-36q and will not work. Product-Group=junos	On QFX10002-36q, when inline-jflow is configured, the IPv4 firewall filter with 'sample' action gives a waring "unsupported platform" and will not work. On the other hand, the IPv6 firewall filter with 'sample' action will still work as expected.
PR Number	Synopsis	Category: QFX PFE CoS
1510365	Traffic might be forwarded to the wrong queue when a fixed classifier is used. Product-Group=junos	If L2 access or vlan bridge IFL is created after fixed classifier is applied, the traffic matching the fixed classifier might be forwarded in unexpected queue, it might cause congestion unexpectedly hence there is traffic impact.
PR Number	Synopsis	Category: QFX L3 data-plane/forwarding
1495890	EX4300-MP/EX4600/QFX5K Series: High CPU load due to receipt of specific layer 2 frames in EVPN-VXLAN deployment. (CVE-2020-1687) & High CPU load due to receipt of specific layer 2 frames when deployed in a Virtual Chassis configuration (CVE-2020-1689) Product-Group=junos	JSA11084 Junos OS: EX4300-MP/EX4600/QFX5K Series: High CPU load due to receipt of specific layer 2 frames in EVPN-VXLAN deployment. (CVE-2020-1687): On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in (Ethernet VPN) EVPN-(Virtual Extensible LAN) VXLAN configuration, receipt of a stream of specific VXLAN encapsulated layer 2 frames can cause high CPU load, which could lead to network protocol operation issue and traffic interruption. Refer to https://kb.juniper.net/JSA11084 for more information. JSA11086 Junos OS: EX4300-MP/EX4600/QFX5K Series: High CPU load due to receipt of specific layer 2 frames when deployed in a Virtual Chassis configuration (CVE-2020-1689) On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in a Virtual Chassis configuration, receipt of a stream of specific layer 2 frames can cause high CPU load, which could lead to traffic interruption. This issue does not occur when the device is deployed in Stand Alone configuration. Refer to https://kb.juniper.net/JSA11086 for more information.
PR Number	Synopsis	Category: CoS support on ACX
1493518	On the ACX5048 and ACX5096 routers, the LACP control packets might be dropped due to high CPU utilization. Product-Group=junos	On ACX5048/ACX5096 platforms, when one of the child links in AE goes down brings entire AE down due to high CPU.LACP control packets might get dropped as the port is blocked for a temporary period.
PR Number	Synopsis	Category: JUNOS kernel/ukernel changes for ACX
1509402	PFE crash might be seen and the FPC may remain down on ACX710 platform Product-Group=junos	On ACX710 platform, after the PTP(Precision Time Protocol) configuration is removed and the router is rebooted, the PFE might crash and the FPC remains down if PTP traffic is still coming into the router. This issue might also happen when SyncE is configured. This causes the router to crash and not come up.
PR Number	Synopsis	Category: OAM support on ACX
1483014	BFD over Layer 2 VPN or Layer 2 circuit does not work because of the SDK upgrade to version 6.5.16. Product-Group=junos	ACX platforms - BFD over L2VPN/ L2Circuit will not work due to ACX platforms' SDK upgrade to version 6.5.16
PR Number	Synopsis	Category: BBE interface related issues
1498024	Subscribers may be disconnected after one of the AE participating FPCs comes online in a Junos node slicing scenario Product-Group=junos	On MX Series platforms with node slicing setup, if subscriber services and targeted distribution feature are enabled on an aggregated Ethernet interface, and the FPC where one of the aggregated Ethernet member port is located comes online, subscribers that are already online might be disconnected.
PR Number	Synopsis	Category: MPC5/6E pfe microcode software
1459698	After the DRD auto recovery, the traffic blackholing upon interface flaps. Product-Group=junos	An interface stops forwarding traffic when MX software triggers a "DRD reorder timeout recovery" event follows by an interface flap on the same XMCHIP. When the logic is triggered, you will see a "cmtfpc_xmchip_drd_reorder_id_timeout_callback" message in the PFE syslog messages. This issue affects XM based MPCs (3E 4E 5E 6E 2E-NG 3E-NG).
PR Number	Synopsis	Category: MX Platform SW - FRU Management
1502118	The chassisd process might become nonresponsive Product-Group=junos	On the MX240, MX480, and MX960 platforms if a faulty SFP is inserted into the Enhanced Switch Control Board (SCBE) front port, it may cause the chassisd process to stall. This front port is only used for Node Slicing systems.
PR Number	Synopsis	Category: QFX Access Control related
1515972	"dot1x" memory leak Product-Group=junos	Memory leak is seen in 'dot1xd' daemon when no 'dot1x' is configured. Memory leak is seen for the allocation while creating socket from 'dot1xd' daemon to 'authd' daemon. If 'authd' is not running , 'dot1xd' daemon tries to connect to 'authd' periodically and every time it was allocating memory for string "/var/run/authd_control" for socket creation. The memory does not free in this scenario and we see memory leak for string "/var/run/authd_control". There will be no service impact to other services/daemons other than dot1x.
PR Number	Synopsis	Category: Device Configuration Daemon
1519334	Junos OS: Buffer overflow vulnerability in device control daemon (CVE-2020-1664) Product-Group=junos	A stack buffer overflow vulnerability in the device control daemon (DCD) on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service (DoS) against the daemon or execute arbitrary code in the system with root privilege. Refer to https://kb.juniper.net/JSA11061 for more information.
PR Number	Synopsis	Category: Firewall Filter
1511041	Traffic might be dropped though not exceeding the configured bandwidth under policer Product-Group=junos	If a bandwidth-percent-based policer is applied on an aggregated Ethernet bundle without the "shared-bandwidth-policer" configuration statement, traffic will hit the policer even if the traffic is not exceeding the configured bandwidth. As a workaround, configure the "shared-bandwidth-policer" configuration statement under the policer.
PR Number	Synopsis	Category: Covers Application classification workflows apart from custo
1473151	Junos OS: SRX Series: High CPU load due to processing for HTTP traffic when Application Identification is enabled. Product-Group=junos	On Juniper Networks SRX Series configured with application identification inspection enabled, receipt of specific HTTP traffic can cause high CPU load utilization, which could lead to traffic interruption. Refer to https://kb.juniper.net/JSA11081 for more information.
PR Number	Synopsis	Category: EVPN control plane issues
1438227	Configuring ESI on a single-homed 25-Gigabit Ethernet port might not work. Product-Group=junos	In an EVPN scenario, if the 25G interface of Leaf node is configured with an Ethernet Segment Identifier (ESI), and it actually only has a single-homed to reach its peer, that might cause the packets to the peer to be discarded.
PR Number	Synopsis	Category: EVPN Layer-2 Forwarding
1520078	Unable to create a new VTEP interface. Product-Group=junos	In all platforms with VXLAN Static VTEP tunnels scenario (including Static VXLAN without EVPN), after RE switchover or restart of l2-learning, if create a new VTEP interface, the interface may not work.
PR Number	Synopsis	Category: Express PFE L2 fwding Features
1442587	The PMTUD might not work for both IPv4 and IPv6 if the ingress Layer 3 interface is an IRB. Product-Group=junos	Path MTU Discovery (PMTUD) is a standardized technique for determining the maximum transmission unit (MTU) size on the network path between two IP hosts, usually with the goal of avoiding IP fragmentation. On QFX10K platforms, the PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb. The corresponding ICMP Fragmentation Needed packet to the sender might be dropped silently, then PMTUD fails. This issue has service impact.
1522852	On the QFX10002, QFX10008, and QFX10016 line of switches, the following error message is observed during specific steps while clearing and loading the scaled configuration again: PRDS_SLU_SAL:jprds_slu_sal_update_lrncnt(),1379: jprds_slu_sal_update_lrncnt call failed. Product-Group=junos	In scaled setup with scaled vlans and traffic flowing through all vlans. If current configuration is cleared and loaded again using below steps: load override rollback 1 commit Then base config is loaded, all leaned macs are aged out and the mac entries are marked as invalid. Ageing thread scans and finds SMAC ref bit transition for cleared mac entries and gets added to stale mac sw table. In scaled setup, considering 2k macs learned over a port, not all macs cleared at one Hw trigger, it happens in a batch of 256 entries in a mac table at a time as per qfx10k design and in the mean time, it is expected that IFBD on which macs were learned is deleted. This is the reason, Lport+IFL mapping is not found while clearing such macs and throws error.
PR Number	Synopsis	Category: Express PFE MPLS Features
1515092	The routes update might fail upon the HMC memory issue and traffic impact might be seen. Product-Group=junos	On PTX Series and QFX Series devices, in rare cases, HMC memory error might cause routes update failure and traffic impact on the Packet Forwarding Engine.
PR Number	Synopsis	Category: IDP attack detection in the subscriber qmodules
1497340	The IDP attack detection might not work in a specific situation. Product-Group=junos	If the total number of applications (predefined as well as the custom applications configured) crosses 4096, attack detection might fail.
PR Number	Synopsis	Category: Kernel software for AE/AS/Container
1514146	The 100M SFP-FX is not supported on satellite device in Junos Fusion setup Product-Group=junos	On satellite device in Junos Fusion setup, interfaces with 100M SFP-FX might not work properly.
PR Number	Synopsis	Category: ISIS routing protocol
1482983	The output of the show isis interface detail command might be incorrect if wide-metrics-only is enabled for IS-IS and the ASCII representation of the metric in decimal is more than 6 characters long. Product-Group=junos	If 'wide-metrics-only' is enabled for any IS-IS level and a metric configured on the IS-IS enabled interface for that level has ASCII representation in decimal more than 6 characters long, this interface's metric for that level will be merged with 'priority' field value in the output of 'show isis interface detail'.
PR Number	Synopsis	Category: jdhcpd daemon
1511782	Junos OS: Receipt of malformed DHCPv6 packets causes jdhcpd to crash (CVE-2020-1671) Product-Group=junos	On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dump if a malformed DHCPv6 packet is received, resulting with the restart of the daemon. Refer to https://kb.juniper.net/JSA11068 for more information.
1512765	Junos OS: jdhcpd process crash when processing a specific DHCPDv6 packet in DHCPv6 relay configuration. (CVE-2020-1672) Product-Group=junos	On Juniper Networks Junos OS devices configured with DHCPv6 relay enabled, receipt of a specific DHCPv6 packet might crash the jdhcpd daemon. Refer to https://kb.juniper.net/JSA11069 for more information.
PR Number	Synopsis	Category: Adresses ALG issues found in JSF
1475031	SIP messages that need to be fragmented might be dropped by the SIP ALG. Product-Group=junos	When SIP ALG is using, after payload changed by ALG, some SIP messages size maybe bigger than outgoing interface's MTU and need to be fragmented, that SIP messages might be dropped by SIP ALG.
PR Number	Synopsis	Category: Application aware Quality-of-Service
1486905	Junos OS: SRX1500, vSRX, SRX4K, NFX150: Denial of service vulnerability executing local CLI command (CVE-2020-1682) Product-Group=junos	An input validation vulnerability exists in Juniper Networks Junos OS, allowing an attacker to crash the srxpfe process, causing a Denial of Service (DoS) through the use of specific maintenance commands. Refer to https://kb.juniper.net/JSA11079 for more information.
PR Number	Synopsis	Category: JSR Infrastructure
1479156	The vSRX may restart unexpectedly Product-Group=junos	The srxpfe process generates core files when a socket-open error occurs during the initialization phase. Self-healing takes place when the srxpfe reboots and starts processing traffic.
PR Number	Synopsis	Category: Firewall Module
1521325	The TCP packet might be dropped if syn-proxy protection enabled Product-Group=junos	On SRX series devices, if TCP SYN flood protection is enabled with TCP SYN Proxy and the 3rd and 4th packet from the client arrive at the same time, then it can cause an SEQ error that may break the TCP connection.
PR Number	Synopsis	Category: jsscd daemon
1511745	Static subscribers are logged out after creating a unit under the demux0 interface. Product-Group=junos	In MX platforms with static subscriber scenario, the existing static subscribers associated to a demux0 interface might be forced to log out after creating another unit under demux0 interface.
PR Number	Synopsis	Category: Layer 2 Circuit issues
1512834	The rpd process might crash when deleting the l2circuit configuration in a specific sequence. Product-Group=junos	If l2circuit local-switching is enabled with connection-protection, the rpd could crash in the following configuration change sequence. 1. First, delete the logical interface (IFL) used by a l2circuit and commit the change. 2. Then, delete the corresponding l2circuit configuration. The rpd could crash after committing the change.
PR Number	Synopsis	Category: Layer 2 Control Module
1350652	ERPv1_EX: On Ex3400 VC setup ERP node sessions stuck at pending state, with additional/removal of GRES config. Product-Group=junos	ERP filters are not getting installed with NSB configuration in place with NSB configured l2cpd will be running on the backup RE as well. This l2cpd running on backup RE connects to DFWD running on master RE. This connection is causing the issue here as the filter installation posted over tcp socket by l2cpd master RE to DFWD on master RE is not getting processed. With NSB unconfigured no issues are observed.Code changes done to disable l2cpd filter init on the backup RE to fix the issue. Note : As a part of switchover (master change) could see the l2cpd_filter_init is happening on the new master.See logs below. When master becomes standby could see l2cpd_filter_shutdown is happening which removes the connection between l2cpd and dfwd. Apr 6 08:06:53.005235 JTASK_TASK_REINIT: Reinitializing Apr 6 08:06:53.013342 task_module_var_inits: initializing Kernel family init Apr 6 08:06:53.013351 task_module_var_inits: initializing RT Instance family init Apr 6 08:06:53.013359 task_module_var_inits: initializing TELEMETRY Apr 6 08:06:53.013366 task_module_var_inits: initializing PPM Apr 6 08:06:53.013379 task_module_var_inits: initializing L2CPD-FILTER Apr 6 08:06:53.013389 task_module_var_inits: initializing ERP
PR Number	Synopsis	Category: Layer2 forwarding on EX/NTF/PTX/QFX
1512802	Memory leak on l2ald might be seen when adding or deleting the routing-instances or bridge-domains configuration. Product-Group=junos	Memory leak on l2ald might be seen when adding/deleting the routing-instances/bridge-domains configuration.
PR Number	Synopsis	Category: Multiprotocol Label Switching
1445024	An rpd memory leak might be seen when the interdomain RSVP LSP is in the down state. Product-Group=junos	In interdomain RSVP label-switched path (LSP) scenario, an rpd memory leak might be seen when the Constrained Shortest Path First (CSPF) tries to recompute the path for the "down" LSP that is due to no route or ERO is incorrectly configured. The issue might lead to rpd crash when the rpd is out of memory and results in traffic loss.
PR Number	Synopsis	Category: Fabric Manager for MX
1461356	Traffic might be impacted due to fabric hardening being stuck. Product-Group=junos	Fabric hardening (FH) is the process of controlling bandwidth degradation to prevent traffic black hole. When FH is processing, if SFB/SCB get failure, FH process will be stuck, which will get traffic lost.
PR Number	Synopsis	Category: IDS features available on MS-MPC/MIC
1527236	After applying ids-rules to service-set, high session rate is observed even without any DDos traffic Product-Group=junos	On MX platforms with MS-MIC/MS-PIC, if applying IDS filter and reaching high CPU state, the session rate stay high even without any DDos traffic which may lead to dropping of new session requests.
PR Number	Synopsis	Category: Bugs related to ethernet interface on MX platform
1435221	MicroBFD 3x100ms flap is seen upon inserting a QSFP in another port. Product-Group=junos	Micro BFD/LFMD sessions with timer configured with less than 3x500ms (such as 3x100ms) might flap when a QSFP transceiver is inserted into another port.
PR Number	Synopsis	Category: MX104 Software - PFE Microcode
1356657	The packets might be dropped when they go through MX104 built-in interface Product-Group=junos	If the packets are destined to a specific MAC address (such as last two octets are 0x1101, 0x1102, 0x1103, 0x1104, 0x1106, 0x1108, 0x1109, 0x110a, and so on), they might be dropped on the remote-end device when going through MX104 built-in xe (10-Gigabit Ethernet) ports.
PR Number	Synopsis	Category: Track Mt Rainier SPMB platform software issues
1460992	Hardware failure in CB2-PTX causes traffic interruption. Product-Group=junos	In PTX 3000/5000 platforms with CB2-PTX (Control Board), there is an existence of an errata on a clock signal component manufactured by a third-party supplier, which might cause the Switch Processor Mezzanine Board (SPMB) and Switch Interface Boards (SIBs) failure, eventually, traffic will be interrupted.
PR Number	Synopsis	Category: FreeBSD Kernel Infrastructure
1505864	The installation fails when upgrading from legacy Junos to specific BSDx based Junos Product-Group=junos	The installation might fail when upgrading from legacy Junos (before Junos 15.1) to higher BSDx based Junos releases (Junos 15.1 and after).
1518898	The kernel might crash if a file/directory is accessed for the first time and is not created locally Product-Group=junos	On the Junos with Virtual Filesystem (VirtFS), if a file/directory is accessed for the first time and is not created locally, the kernel might crash and generate a vmcore file. Junos might reboot due to this issue.
PR Number	Synopsis	Category: "ifstate" infrastructure
1437762	The CPU utilization on a daemon might be around 100 percent or the backup Routing Engine might crash in race conditions. Product-Group=junos	The CPU utilization on a daemon might keep around 100% or backup RE might crash in race conditions (it may get hit or triggered at times by some churn in the system, no specific trigger).
PR Number	Synopsis	Category: Kernel Stats Infrastructure
1462986	Slow response from SNMP might be observed after upgrading to Junos OS Release 19.2R1 and later. Product-Group=junos	Slow response introduced with PR/1411303 fix, is getting resolved with this PR.
PR Number	Synopsis	Category: Used for tracking OVSDB software issues and features
1518807	The vgd process might generate a core file when the OVSDB server restarts. Product-Group=junos	On all Junos platforms that support OVSDB (Open vSwitch database), the vgd core might get generated when the OVSDB server is restarted. The vgd daemon restart after the core might cause traffic impact. This issue happens when OVSDB server is disconnected and the device (switch/router) sends some updates events to server.
PR Number	Synopsis	Category: PTP related issues.
1451950	RMPC core files are found after the configuration changes are done on the network for PTP or clock synchronization. Product-Group=junos	On the ACX/MX/QFX platform with PTP (Precision Time Protocol)/SyncE (Synchronous Ethernet) enabled, if configuration changes for the PTP/SyncE are combined with multiple events, the FPC core might be seen.
1507782	In the PTP environment, some vendor devices acting as slave are expecting announce messages at an interval of -3 (8pps) from the upstream master device. Product-Group=junos	In PTP environment some vendor devices acting as slave expecting announce messages at an interval of -3 (8pps) from upstream master device. As of today announce message are configurable in range of 0 to 3. To support the above requirement engineering provided a hidden cli knob "set protocol ptp master announce-interval -3". In the networks/design where we have this requirement we can configure the hidden cli otherwise regular cli which is in the range (0 to 3) can be configurable. Both the cli knobs are mutually exclusive, commit error is expected if both are configured. This new change is applicable to ACX platforms only excluding ACX5k.
PR Number	Synopsis	Category: QFX PFE Class of Services
1430173	The CoS rewrite rules applied under an aggregated Ethernet interface might not take effect after NSSU. Product-Group=junos	On QFX 5K platform, Class of Service (CoS) rewrite rules applied under an Aggregated Ethernet (AE) interface might not take effect after Non-Stop Software Upgrade (NSSU). In the end, packets could not enter into correct queues for sending.
PR Number	Synopsis	Category: QFX L2 PFE
1504354	LLDP is not acquired when native-vlan-id and tagged VLAN-ID are the same on a port. Product-Group=junos	On QFX5000 platforms running with Link Layer Discovery Protocol (LLDP) configured, if the interface has both native-vlan-id and vlan-id configured, and the native-vlan-id and vlan-id have the same value, LLDP neighborship might be unable to setup on that particular interface due to this issue.
PR Number	Synopsis	Category: RPD Next-hop issues including indirect, CNH, and MCNH
1458595	The rpd process might crash if a BGP route is resolved over the same prefix protocol next hop in an inet.3 table that has both RSVP and LDP routes. Product-Group=junos	In race condition, if a BGP route is resolved over the same prefix protocol next hop in an inet.3 table that has both RSVP and LDP routes, when the RSVP and LDP routes are flapping (firstly these routes are down and then up), the BGP route will be re-resolved, and then the rpd crash might be seen.
PR Number	Synopsis	Category: RPD route tables, resolver, routing instances, static routes
1421566	Some LDP routes in VRF cannot be resolved over the inet.3 table Product-Group=junos	Any route that is added to the rib will be resolved over predefined tables, and the resolution tables for a given protocol are fixed. LDP routes added to foo.mpls.0, the resolution table is not initialized due to this NULL access happen to lead to the core.
1471968	The rpd might stop when both instance-import and instance-export policies contain the as-path-prepend action. Product-Group=junos	On all platforms running Junos OS, when an internally route leaking between routing instances using instance import and instance export policies and both policies containing as-path-prepend actions, if this as-path is referred to some route, the rpd process might stop a change or delete operation on the route (for example, clearing BGP neighborship, changing BGP or policy configuration, and so on).
1498377	The route entries might be unstable after being imported into inet6.x RIB via rib-group Product-Group=junos	When inet6.x (such as 6.1/6.2/6.3, and so on) is used as a non-primary RIB by rib-group, the import function issue might cause the route entries not to be modified correctly for IPv6 format, it might lead the received routes not to be imported successfully into the inet6.x RIB of the routing protocols. Then the network reachability might be impacted.
PR Number	Synopsis	Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1482400	The vmcore process crashes sometimes along with the mspmand process on MS-MPC/MS-MIC if large-scale traffic flows are processed Product-Group=junos	With NAT/Stateful-firewall/TCP tickle (enable by default) configured on MS-MPC/MS-MIC, the vmcore crash sometimes along with mspmand crash might happen if large-scale traffic flows (e.g. million flows) are processed by it.
1489942	Prolonged flow control might occur with MS-MPC or MS-MIC. Product-Group=junos	On MX platforms with MS-MPC/MS-MIC, if there are lots of self-generated packets like TCP-tickle and UDP-logging, there might be data congestion on the data path due to no throttling functionality for such types of packets. When the data path is blocked, prolonged flow-control might happen with the service interfaces being brought down and the PIC reboot. At the same time, the mspmand core file will be generated if dump-on-flow-control is enabled.
PR Number	Synopsis	Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1523631	MPC1/2/3/4/5/6 might reboot after performing IP Packet Fragment Reassembly with L2TP or GRE Product-Group=junos	In MX with MPC1/2/3/4/5/6 scenario, if IP Packet Fragment Reassembly is configured with L2TP or GRE, some errors and some exception events related to IP Packet Fragment Reassembly might happen on MPCs, the fragment packets might not be processed correctly by PFE. Then MPC1/2/3/4/5/6 might reboot automatically.
PR Number	Synopsis	Category: Trio pfe bridging, learning, stp, oam, irb software
1513509	During route table object fetch failure, the FPC might crash. Product-Group=junos	Due to rare timing issue, the FPC might crash because of route table object fetch failure in EVPN multihoming scenario.
1516418	VPLS connection might be stuck in primary fail status when a dynamic profile is using on VPLS pseudowire IFL Product-Group=junos	On all Trinity platforms with network service enhanced mode (enhanced-ip/enhanced-ethernet) configured, when a dynamic profile is using on VPLS pseudowire IFL (LSI/VT) and a firewall policer is enabled for pseudowire IFL via the dynamic profile, VPLS connection might be stuck in primary fail (PF) status due to a PFE fabric table corruption, all traffic go through L2 connection over VPLS could be dropped.
PR Number	Synopsis	Category: Junos Automation, Commit/Op/Event and SLAX
1501746	Python or SLAX script might not be executed. Product-Group=junos	On all Junos OS platforms, Python or SLAX script might not be successfully executed when the script is not present under hard disk path (/config/scripts) of the device combined with statement 'load-scripts-from-flash'. This is a regression issue.
PR Number	Synopsis	Category: V44 Satellite Device Infra
1466324	Temperature sensor alarm is seen on EX4300 in Junos Fusion scenario. Product-Group=junosvae	In Junos Fusion scenario with EX4300 acting as SD, the temperature sensor alarms and logs might be seen as a result of the incorrect temperature reading of about 2-3 degrees lower than the expected. There is no CLI command to clear the alarm and logs.

17.4R3-S3 - List of Known issues

PR Number	Synopsis	Category: Software build tools (packaging, makefiles, et. al.)
1464570	mspmand core can be generated at bootup Product-Group=junos	An mspmand core can be generated when the MS-MPC is booting. This has been mainly seen during an upgrade. The card will reboot and continue with normal operation without manual intervention.
PR Number	Synopsis	Category: NFX Series Platform Software
1462556	Junos OS: NFX350: Password hashes stored in world-readable format (CVE-2020-1669) Product-Group=junos	The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. Refer to https://kb.juniper.net/JSA11066 for more information.
PR Number	Synopsis	Category: Sflow on QFX 5100,5200, 5110
1449568	Except one AE member link, the other links do not send out sFlow sample packets for ingress traffic Product-Group=junos	The sFlow sample packets might stop on one aggregated ethernet member link if ingress sFlow is configured on the member link. This might cause inaccurate monitoring on the network traffic.
PR Number	Synopsis	Category: CoS support on ACX
1522941	The show class-of-service interface command does not show classifier information. Product-Group=junos	This is a display issue. Due to misread in PFE registers, classifier is not shown in "show class-of-service interface" output
1531413	"show class-of-service routing-instance" is not showing configured classifier on ACX platforms Product-Group=junos	This classifier display got blocked due to PR 1353828, where they are blocking the classifier display function as ACX supports only IFD based classification. With fix of PR1531413, it made an exception to IFL lsi interface attached to layer 3 vpn routing-instances
PR Number	Synopsis	Category: Fireall support for ACX
1531244	Filter in VPLS routing instance is not supported in ACX. Product-Group=junos	ACX does not have support for filter on VPLS routing-instance. This is a day one limitation in all ACXs.
PR Number	Synopsis	Category: ACX PFE
1407098	High CPU utilization of the fxpc process might be observed with the class-of-service changes on interfaces. Product-Group=junos	On ACX5048/ACX5096 platforms, when applying COS configurations (schedulers related) on interfaces, the CPU utilization on fxpc process might be seen. And it might affect service.
1488949	JDI ACCESS REGRESSION: Platforms - BCM-SDK:L2VPN : L2VPN pign is not happening though l2VPN instance is up Product-Group=junos	MPLS Ping shall fail for L2VPN as the packets are being processed in the wrong queue due to recent SDK upgrade for ACX Fortius devices.
PR Number	Synopsis	Category: Bi Directional Forwarding Detection (BFD)
1516556	The remaining BFD sessions of the aggregated Ethernet interface flap continuously if one of the BFD sessions is deleted. Product-Group=junos	On QFX10k platforms, if multiple sub-interfaces of the same AE (Aggregated Ethernet) interface are belonged to different routing instances, and these sub-interfaces are configured with the same IP address and configured with separate BFD (Bidirectional Forwarding Detection) sessions, the remaining BFD sessions will flap continuously if one of these BFD sessions is deleted.
PR Number	Synopsis	Category: Border Gateway Protocol
1403186	All the BGP session flap after RE switchover Product-Group=junos	With GRES and NSR enabled, if executing RE switchover, BGP session might flap in some scenario. When Junos version have the fix of PR-1440694, BGP session always flap after doing RE switchover.
1423647	Route churn might be seen after changing the maximum-prefixes configuration from value A to value B. Product-Group=junos	In BGP setup configured with VPN families (inet-vpn, inet6-vpn, l2vpn, evpn or mvpn), route churn might be seen after changing maximum-prefixes configuration from value A to value B, it causes rpd CPU usage to be hogged for about an hour.
1437108	Wrong next hop might be seen when BGP PIC edge is enabled. Product-Group=junos	On all Junos OS releases before 19.1R1, when BGP PIC Edge is enabled, the incorrect next-hop might be assigned through BGP update, which results in the following: 1. The next-hop advertised through BGP can be incorrect. 2. ECMP paths can get replaced with a PIC backup when the egress interface is same for the ECMP paths.
1447601	On the MX2000 and PTX10000 lines of devices , Layer 3 VPN PE-CE link protection exhibits unexpected behavior. Product-Group=junos	In L3VPN PE-CE link protection scenario with MX2K/PTX10K platforms, the external and internal BGP (EIBGP) multipath route might be advertised with an unexpected VPN label if IBGP backup path is present. When the backup IBGP path goes away, it will get the correct VPN label like other routes.
1501008	bgp neighbor flapped after RE mastership switchover Product-Group=junos	When device was running Junos version which have the fix of PR1440694, BGP session alway flap after doing RE switchover
PR Number	Synopsis	Category: BBE Remote Access Server
1402653	The subscriber might need to take retry for login Product-Group=junos	On all Junos platforms running in subscriber scenario with address pool configured, if the address pool has high usage so that only few addresses are free to allocate, when there are subscribers logout and login, the released address by one subscriber might get re-used and allocated to the other subscriber very soon. Due to this issue, syslog error messages might be seen, and the affected subscriber might need to take retry for login.
PR Number	Synopsis	Category: EVPN control plane issues
1313073	RPD coredump while changing the EVPN instance type from VIRTUAL_SWITCH to EVPN and deleting an IFL from family bridge. Product-Group=junos	When we change the instance-type from virtual-switch to evpn, we are not resetting virtual-switch instance type(EVI_VIRTUAL_SWITCH) bit in evi flags. As a result, while parsing the evi interfaces, Junos is trying to validate the interfaces thinking that it's of type virtual-switch and looks for family bridge configuration for the interfaces. But the interface config was changed from family bridge to encap vlan-bridge to put it in instance type evpn. Example: 'delete interfaces ae5 unit 604 family bridge' 'delete routing-instances EVPN-0604 bridge-domains' 'set routing-instances EVPN-0604 instance-type evpn' 'delete routing-instances EVPN-0604 protocols evpn extended-vlan-list'
1428581	The CE interface IP address is missed in mac-ip-table of the EVPN database Product-Group=junos	In the EVPN scenario, if a CE interface has more than one IP addresses, when one of the addresses is taken by another CE, that IP address might be missed in mac-ip-table of the EVPN database. This issue may impact traffic/host reachability.
PR Number	Synopsis	Category: IPSEC/IKE VPN
1517262	The flowd might crash in IPsec VPN scenario Product-Group=junos	On SRX platforms with IPsec VPN configured, the flowd might crash during the IPsec VPN rekey window. The traffic/service might be impacted if hitting this issue.
PR Number	Synopsis	Category: Layer 2 Circuit issues
1511783	The rpd process might crash after removing the last configured interface under the l2circuit neighbor. Product-Group=junos	On all Junos platforms, rpd crash may be observed after removing the last interface configured under the l2circuit neighbor which is in fact active.
PR Number	Synopsis	Category: Layer2 forwarding on EX/NTF/PTX/QFX
1505976	VRRPv6 might not work in an EVPN scenario. Product-Group=junos	In an EVPN scenario with VRRPv6 is used, the Ethernet source MAC address might be used for IPv6 mac-ip binding when the NA is sent from VRRPv6 master. AS this unexpected behavior is triggered on regular intervals, it causes the entries to keep refreshing in the EVPN database because NS from VRRPv6 master changes the mac-ip binding. This impacts the traffic.
PR Number	Synopsis	Category: Label Distribution Protocol
1538124	The rpd process might crash when the LDP route with indirect next hop is deleted on the aggregated Ethernet interface. Product-Group=junos	If the Label Distribution Protocol (LDP) route with indirect next-hop exists (e.g. LDP egress-policy is used to advertise BGP route into LDP), the rpd might crash when the LDP route is deleted from the AE interface.
PR Number	Synopsis	Category: Multicast for L3VPNs
1425876	MVPN using PIM dense mode does not prune the OIF when PIM prune is received. Product-Group=junos	In the MVPN (Multicast Virtual Private Network) scenario, when PIM Dense mode is used, the egress PE might not prune the OIF (outgoing interface) when PIM prune is received.
PR Number	Synopsis	Category: MX104 Software - Chassis Daemon
1103870	High CPU usage and slow response might be seen when using "snmpbulkget" or "snmpbulkwalk" on MX104 platform.On the MX104 platform, when using snmpbulkget or snmpbulkwalk (for example, used by the SNMP server) on a chassisd-related component (for example, jnxOperatingEntry), chassis process (chassisd) high CPU usage and slow response might be seen because of a hardware limitation, which might also lead to a query timeout on the SNMP client. In addition, the issue might not be seen while using an SNMP query f Product-Group=junos	On the MX104 platform, when using snmpbulkget or snmpbulkwalk (for example, used by the SNMP server) on a chassisd-related component (for example, jnxOperatingEntry), chassis process (chassisd) high CPU usage and slow response might be seen because of a hardware limitation, which might also lead to a query timeout on the SNMP client. In addition, the issue might not be seen while using an SNMP query for interface statistics. As a workaround, to avoid the issue, use either of the following approaches: Use snmpget or snmpwalk instead of snmpbulkget or snmpbulkwalk and include the -t 30 option when doing the SNMP query. For example, snmpget -v2c -c XX -t 30. Use the -t 30 option with snmpbulkget or snmpbulkwalk. For example, snmpbulkget -v2c -c XX -t 30.
1453893	The FPC or the Packet Forwarding Engine might crash with the ATM MIC installed in the FPC. Product-Group=junos	FPC crash on MX240 and MX2020 routers or Packet Forwarding Engine crash on MX104 routers might happen when the MIC-3D-8OC3-2OC12-ATM is installed and ATM interface is configured.
PR Number	Synopsis	Category: MX104 Software - Kernel
1281016	MX104 JTASK_SCHED_SLIP seen on commit Product-Group=junos	On MX 104 JTASK_SCHED_SLIP seen on commit randomly. Problem is till under investigation by the engineering.
PR Number	Synopsis	Category: PE based L3 software
1500798	BFD sessions flap after deactivating or activating the aggregated Ethernet interface or executing GRES. Product-Group=junos	On QFX10008 platforms, if the BFD is configured over an AE interface (member link across multiple FPCs), deactivating/activating the AE interface or executing GRES will cause the BFD sessions to flap.
1518106	The BFD sessions might flap continuously after disruptive switchover followed by GRES. Product-Group=junos	Disruptive switchover (no GRES or NSR configured) can lead to stale PPM (Periodic Packet Management) entries programmed on the new master RE, if both GRES and NSR are activated after disruptive switchover and then a GRES switchover is performed, BFD sessions might flap continuously.
PR Number	Synopsis	Category: PTX5KBroadway based PFE IPv4, IPv6 software
1254415	On the PTX Platform with FPC Model FPC-PTX-P1-A or FPC2-PTX-P1A, you might encounter single event upset (SEU) event that might cause a linked-list corruption of the TQCHIP. The following syslog message gets reported: Jan 9 08:16:47.295 router fpc0 TQCHIP1: Fatal error pqt_min_free_cnt is zero Jan 9 08:16:47.295 router fpc0 CMSNG: Fatal ASIC error, chip TQ Jan 9 08:16:47.295 router fpc0 TQ Chip::FATAL ERROR!! from PQT free count is zero jan 9 08:16:47.380 router alarmd[2427]: Alarm set: FPC color=RED, class= Product-Group=junos	On the PTX Platform with FPC Model FPC-PTX-P1-A or FPC2-PTX-P1A, you might encounter single event upset (SEU) event that might cause a linked-list corruption of the TQCHIP. The following syslog message gets reported: Jan 9 08:16:47.295 router fpc0 TQCHIP1: Fatal error pqt_min_free_cnt is zero Jan 9 08:16:47.295 router fpc0 CMSNG: Fatal ASIC error, chip TQ Jan 9 08:16:47.295 router fpc0 TQ Chip::FATAL ERROR!! from PQT free count is zero jan 9 08:16:47.380 router alarmd[2427]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 Jan 9 08:16:47.380 router craftd[2051]: Fatal alarm set, FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 The Junos OS Chassis Management Error handling detects such a condition, raises an Alarm, and disables the affected Packet Forwarding Engine entity. To recover this Packet Forwarding Engine entity, restart the FPC. Contact your Juniper support representative if the issue persists even after the FPC restarts.
PR Number	Synopsis	Category: PTP related issues.
1458581	The FPC X major errors alarm might be raised after committing the PTP configuration change. Product-Group=junos	On MX router with MPC5/MPC6/MPC7/MPC8/MPC9/MPC10 installed environment, after committing the PTP configuration change, the "FPC X major errors" alarm may be raised. This issue may cause interface flap and traffic loss.
PR Number	Synopsis	Category: QFX platform optics related issues
1402127	QSFP-100GBASE-SR4/LR4 might take a long time to come up after disabling interface or reboot Product-Group=junos	On QFX5110 platform with QSFP-100GBASE-SR4/LR4 port used, after disabling an 100G port and then enable the port again, or reboot the device, there is a long time delay (5-15 minutes) before the ports come up.
PR Number	Synopsis	Category: Trio pfe stateless firewall software
1454257	The MPC might drop packets after you enable the firewall fast lookup filter. Product-Group=junos	On the MX routers with MPC2E-NG/MPC3E-NG/MPC5E/MPC6E/MPC7E/MPC8E/MPC9E installed, when the firewall FLT (fast lookup filter) configured on the interface which belongs to these type MPCs, due to the FLT memory parity error, it may cause that MPC to drop packets.
PR Number	Synopsis	Category: Authentication, Authorization, Accounting, PAM (RADIUS/tacplus)
1393839	The lockout-period might not work for the user being locked out Product-Group=junos	If 'system login retry-options lockout-period' is configured, the variables related to lockout-period are accessed without getting initialized, which could cause junk values in the variables to be used. The junk values in the variables might cause the lockout-period to not work. The actual behavior depends on what is the junk value. For example, user might not be allowed to login with correct password even after the lockout-period is elapsed, or user still can login during lockout-period.
PR Number	Synopsis	Category: Configuration mgmt, ffp, load-action, commit processing
1385902	The device with more than five IP addresses configured in the DHCP server group goes into amnesiac mode after reboot Product-Group=junos	If the knob "commit fast-synchronize" is enabled, the device with more than 5 IP addresses configured in the dhcp server-group might go into amnesiac mode after reboot. But in practice it should not allow more than 5 IP addresses based on the implementation, and this validation for "commit check" is skipped when fast-synchronize is configured.
PR Number	Synopsis	Category: Web-Management UI
1513612	Installing J-Web application package may fail on the EX2300/EX3400 platforms Product-Group=junos	On the EX2300/EX3400 platforms, J-Web application package may fail to be installed with the affected releases.
PR Number	Synopsis	Category: VNID L2-forwarding on Trio
1344727	ARP packets coming from Extended Ports might be dropped on Aggregation device Product-Group=junos	ARP packets coming from Extended Ports might be dropped on Aggregation device in a Junos Fusion setup.

Knowledge Base

17.4R3-S3 - List of Fixed issues

17.4R3-S3 - List of Known issues