Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

18.4R3-S6: Software Release Notification for JUNOS Software Version 18.4R3-S6

0

0

Article ID: TSB17908 TECHNICAL_BULLETINS Last Updated: 30 Nov 2020Version: 2.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 18.4R3-S6 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 18.4R3-S6 is now available.

18.4R3-S6 - List of Fixed issues
PR Number Synopsis Category: EX4300 PFE
1518929 ex4300: Redirected IP traffic is being duplicated
Product-Group=junos
On EX4300 platforms with IRB/L3 interface, the redirected traffic with the source from another subnet is getting duplicated.
1538401 LLDP adjacency might fail for non-AE interfaces on EX4300 platform
Product-Group=junos
On EX4300 platform, LLDP might not work on non-AE (Aggregated Ethernet) interfaces. However, it works fine for AE interfaces.
PR Number Synopsis Category: EX4300 CP general implementation
1498903 In some cases, if we have an OSPF session on the IRB over LAG interface with 40-Gigabit Ethernet port as member, the session gets stuck in restart.
Product-Group=junosvae
On the EX4300-48MP VC (Virtual Chassis), if the LAG (Link Aggregation Group) interface with member interfaces of 40G/100G is configured across the primary and the standby FPCs of the VC, the OSPF configured on the IRB (Integrated Routing and Bridging) interface over this LAG might be stuck in "ExStart" state. The issue impacts the establishment of the OSPF neighbor.
PR Number Synopsis Category: EX2300/3400 CP
1494712 Authentication session might be terminated if PEAP request is retransmitted by authenticator
Product-Group=junos
On all Junos platforms with 802.1X (dot1x) enabled, if Protected Extensible Authentication Protocol (PEAP) request is not replied by supplicant in default time interval, it could cause the authenticator to retransmit PEAP proposal method message with new Extensible Authentication Protocol (EAP) ID. The new EAP ID is different from EAP ID sent by authentication server. As a result, mismatching EAP ID issue could terminate authentication session. In the end, supplicant cannot access network. Please consider increasing 'supplicant-timeout' to prevent this issue from happening.
PR Number Synopsis Category: NFX Series Platform Software
1477151 Process jdmd is not responsive due to /etc/hosts file getting corrupted
Product-Group=junosvae
On NFX platforms, after a power outage, the process jdmd may become unresponsive and any the VMs running on it cannot work properly due to /etc/hosts file getting corrupted. The fix is to make the jdmd more resilient even if the hosts file contains corrupted characters, the device is still able to work stably. Note: Junos Device Manager is a Linux Container that provides CLI/NETCONF for device management and isolation for the Host OS from user applications.
PR Number Synopsis Category: QFX Multichassis Link Aggregrate
1525234 The dcpfe might crash when the ICL is disabled and then enabled
Product-Group=junos
On QFX5k platforms with MC-LAG (Multichassis Link Aggregation Groups) used, the dcpfe might crash when the ICL (Interchassis Link) is disabled and then enabled. Traffic loss might be seen during the dcpfe crash and restart.
PR Number Synopsis Category: QFX PFE L2
1496766 Flow control is enabled in PFE irrespective of interface configuration and the fix causes a very small amount of packet loss when a parameter related to an interface such as "interface description" on any port is changed.
Product-Group=junos
On QFX5120 and QFX5210 running JunosOS 18.4R2-S5, 18.4R2-S6, 18.4R3-S5, 19.3R3 releases, there will be a very small amount of packet loss when a parameter related to an interface such as "interface description" on any port is changed. When the parameter is changed, COS buffer modifications is checked. Even when there is no change in previous and present COS buffer state for port, COS buffer modifications is unnecessarily performed and is calling traffic block and unblock and causing a very small amount of packet loss. This will be fixed in the following releases. Junos OS 18.4R2-S7, 18.4R3-S6, 19.3R3-S1 and all subsequent releases.
1521324 The MAC address in the hardware table might become out of synchronization between the primary and member in Virtual Chassis after the MAC flaps.
Product-Group=junos
When MAC address moves over the member in Virtual Chassis, the MAC address's learning port in Internal Hardware MAC table may be out of sync between Primary and member and this may lead to misforwarding. This will be an extremely rare occurrence. If the issue happens, you can issue "clear ethernet-switching table " command to restore the communication.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1394866 JDI-RCT: EVPN-VXLAN NON-COLLAPSED: AUTONEG Errors and flush operation failed error, seen after power cycle of the device
Product-Group=junos
AUTONEG Errors and flush operation failed error, seen after power cycle of the device as mentioned below. These error message does not have any functionality impact. "LOG: Err] ifd 153; Ether autonegotiation error (1000)" and "ch_vchassis_ipc_flush_pipe: flush operation failed for pipe 155333280"
1486632 System upgrade/installation might fail on QFX 5100-48T-6Q VC/VCF
Product-Group=junos
On QFX 5100-48T-6Q VC/VCF, RCP error might be seen while upgrading the system using "request system software add  no-validate" and system upgrade/ installation could fail. This issue happens if DCPFE cpu utilization is very high.
1528490 On the QFX5000 line of switches, the fxpc process might crash if the VXLAN interface flaps.
Product-Group=junos
On QFX5K platforms, if VXLAN enabled interfaces flap excessively in short period of time, PFE might crash.
PR Number Synopsis Category: Accounting Profile
1505409 The DHCP subscribers might get stuck in the Terminated state for around 5 minutes after disabling cascade ports.
Product-Group=junos
On the Junos fusion provider edge with subscriber management configured, the DHCP subscribers might get stuck in terminated state for around 5 minutes after disabling cascade ports. After 5 minutes, the original sessions will be aging timeout automatically and then the subscribers can login again.
1509114 The pfed process might crash while running the show pfe fpc x command
Product-Group=junos
When the pfed is running on a 64 bit machine, it might crash after issuing the command "show pfe fpc x".
PR Number Synopsis Category: CoS support on ACX
1493518 On the ACX5048 and ACX5096 routers, the LACP control packets might be dropped due to high CPU utilization.
Product-Group=junos
On ACX5048/ACX5096 platforms, when one of the child links in AE goes down brings entire AE down due to high CPU.LACP control packets might get dropped as the port is blocked for a temporary period.
PR Number Synopsis Category: JUNOS kernel/ukernel changes for ACX
1509402 PFE crash might be seen and the FPC may remain down on ACX710 platform
Product-Group=junos
On ACX710 platform, after the PTP(Precision Time Protocol) configuration is removed and the router is rebooted, the PFE might crash and the FPC remains down if PTP traffic is still coming into the router. This issue might also happen when SyncE is configured. This causes the router to crash and not come up.
PR Number Synopsis Category: ACX GE, 10GE, PoE, IDT framers
1430009 The gigether-options command is enabled again under the interface hierarchy.
Product-Group=junos
gigether-options and ether-options both are support on ACX5k PR1430009 initially opened to remove gigether-options, now it has been reverted. Revert has been tracked in the same PR 1430009. Yes, latest fix of PR 1430009 has added back gigether-options
PR Number Synopsis Category: a20a40 specific issue
1522130 PFE_FLOWD_SELFPING_PACKET_LOSS error messages reported for CP SPU
Product-Group=junos
Syslog reporting "PFE_FLOWD_SELFPING_PACKET_LOSS: Traffic impact: Selfping packets loss/err: 300 within 600 second" error messages in node 0 and node 1 control panel.
PR Number Synopsis Category: BBE interface related issues
1447493 DT_BNG: bbe-smgd core file on backup Routing Engine in bbe_ifd_add_vlan (ifd=0x8c3e835, ifl=0xcaf59f18) at ../../../../../../src/junos/usr.sbin/bbe-svcs/smd/infra/bbe_ifd.c:6374.
Product-Group=junos
Description: RCA: On ge-4/0/0 in the primary, RTM_DELETE from RTSOCK is received for the subunit 1009 and it deletes ge-4/0/0.1009 ifl from vlan table, sets KERNEL_DELETED flag to the IFL (on the primary) and publishes SS IFL change to back up with IFA/IFF delete bits set.On the standby,IFL SS CHANGE does not delete the entry ge-4/0/0.1009 from the ifd vlan table. IFD vlan table entry is being removed only during SS IFL delete events but not during IFL SS modify. so, on the next RTSOCK IFL creation on the same interface i.e. ge-4/0/0.1012 leads to publish SS IFL ADD to backup.SS IFL ADD notifications on the backup tries to set the new IFL i.e. ge-4/0/0.1012on the same IFD vlan table which leads to terminate the smg service due to duplication. Fix: A new flag BBE_FLAG_IFL_RTSOCK_KERNEL_DELETED is introduced only for rtsock_ifl to sync via SS to backup to handle the missing RTSOCK RTM_DELETE events from kernel for the corresponding RTSOCK_IFLs or during when SS precedes the RTM RTSOCK events for the RTSOCK IFLs.
1498024 Subscribers may be disconnected after one of the AE participating FPCs comes online in a Junos node slicing scenario
Product-Group=junos
On MX Series platforms with node slicing setup, if subscriber services and targeted distribution feature are enabled on an aggregated Ethernet interface, and the FPC where one of the aggregated Ethernet member port is located comes online, subscribers that are already online might be disconnected.
PR Number Synopsis Category: BBE multicast related issues
1536149 Multicast traffic might be sent out through unexpected interfaces with distributed IGMP enabled.
Product-Group=junos
On MX platforms with enabled subscriber services, if distributed IGMP is enabled on subscriber dynamic interfaces and there are static interfaces are configured on the same fpc, and fpc is reloaded or interfaces flapped, then multicast may get enabled on static interface and the multicast traffic may be sent out through unexpected interface.
PR Number Synopsis Category: Border Gateway Protocol
1517498 The rpd process might crash after deleting and then adding a BGP neighbor.
Product-Group=junos
In BGP scenario on all Junos platforms, after deleting and re-adding a BGP neighbor, the rpd might crash due to a rare timing issue.
1518056 Tag matching in the VRF policy does not work properly when the independent-domain option is configured.
Product-Group=junos
On all platforms and in an L3VPN environment, when the tag is configured in the policy and applied to the VRF instance, configuring 'independent domain' for the autonomous system under the routing-options will cause the inet-vpn routes stop getting advertised between VRF instances.
1538491 Configuring 'then next-hop' and 'then reject' on a route policy for the same route might cause rpd crash
Product-Group=junos
On all Junos platforms with BGP enabled, if a policy is setting 'then next-hop' and 'then reject' at the same time for the same prefix, rpd crash might be seen. Like the following: set policy-options policy-statement xxx term 1 from route-filter xxx set policy-options policy-statement xxx term 1 then next-hop ... set policy-options policy-statement xxx term 2 then reject
PR Number Synopsis Category: MX Platform SW - Power Management
1501108 The MX2020 and MX2010 routers continuously log pem_tiny_power_remaining: in the chassisd log.
Product-Group=junos
On MX2020/MX2010, the "pem_tiny_power_remaining" message might be continuously logged in chassisd log.
PR Number Synopsis Category: Class of Service
1475960 snmp query for "jnxCos " objects wont work
Product-Group=junos
SNMP Polling of jnxCos objects will not work and throw OID not increasing error. It is fixed in latest releases.
PR Number Synopsis Category: JUNOS Dynamic Profile Configuration Infrastructure
1526934 Family IPv6 do not come up for the L2TP subscriber when additional attributes are not passed in the Framed-IPv6-Route VSA
Product-Group=junos
In DHCP/PPP Subscriber scenario with IPv6 dynamic-profile configured, all the additional attributes (route prefix, next-hop, metric, preference, tag) for IPv6 access route must be fully specified in dynamic-profile and passed via RADIUS server, otherwise family inet6 might not come up.
PR Number Synopsis Category: Ethernet OAM (LFM)
1500048 FPC crash might be observed with an inline mode with CFM configured.
Product-Group=junos
On the Junos platforms with inline mode CFM (Connectivity Fault Management) configured, if there are several CFM adjacencies flapping, due to the flaw in the CFM module to process the error-adjacencies messages, the FPC may crash alongside with NPC core-dump file generated. All services/traffic configured on the FPC will see outage till FPC recovers from an automatic reboot.
PR Number Synopsis Category: mgd, ddl, odl infra issues
1458345 "persist-groups-inheritance" causes the "mustd" process to crash and issues commit failure
Product-Group=junos
"persist-groups-inheritance" configuration option causes the "mustd" process to crash when one performs the "commit" action.
PR Number Synopsis Category: EVPN control plane issues
1530991 The rpd process might crash when auto-service-id is configured in the EVPN-VPWS scenario.
Product-Group=junos
On all Junos platforms with EVPN VPWS scenario, if auto-service-id is configured and the service IFL under VPWS instance is down, the rpd crash might be seen when any changes made to the configuration.
PR Number Synopsis Category: Sflow on qfx10k/ptx series PRs for defect & enhancement req
1521732 Output interface index in SFLOW packet is zero when transit traffic is observed on the IRB interface with VRRP enabled
Product-Group=junos
When VRRP is enabled on IRB interface and SFLOW is enabled on QFX10000 Series platforms, output interface Index in SFLOW packet will be zero for the traffic destined to VRRP MAC address.
PR Number Synopsis Category: Express PFE CoS Features
1531095 The MPLS EXP classifier might not work on QFX10K platforms
Product-Group=junos
On QFX10K platforms, the classification for incoming mpls traffic based on the EXP(experimental) bits might not take into effect, and instead the traffic will get classified based on the default setting, due to which packet loss could be observed.
PR Number Synopsis Category: Express PFE L2 fwding Features
1522852 On the QFX10002, QFX10008, and QFX10016 line of switches, the following error message is observed during specific steps while clearing and loading the scaled configuration again: PRDS_SLU_SAL:jprds_slu_sal_update_lrncnt(),1379: jprds_slu_sal_update_lrncnt call failed.
Product-Group=junos
In scaled setup with scaled vlans and traffic flowing through all vlans. If current configuration is cleared and loaded again using below steps: load override rollback 1 commit Then base config is loaded, all leaned macs are aged out and the mac entries are marked as invalid. Ageing thread scans and finds SMAC ref bit transition for cleared mac entries and gets added to stale mac sw table. In scaled setup, considering 2k macs learned over a port, not all macs cleared at one Hw trigger, it happens in a batch of 256 entries in a mac table at a time as per qfx10k design and in the mean time, it is expected that IFBD on which macs were learned is deleted. This is the reason, Lport+IFL mapping is not found while clearing such macs and throws error.
PR Number Synopsis Category: Express PFE MPLS Features
1515092 The routes update might fail upon the HMC memory issue and traffic impact might be seen.
Product-Group=junos
On PTX Series and QFX Series devices, in rare cases, HMC memory error might cause routes update failure and traffic impact on the Packet Forwarding Engine.
PR Number Synopsis Category: SRX1500 platform software
1527511 [SRX1500] Traffic rate shown in CLI command is not accurate
Product-Group=junos
On SRX1500 platform, traffic rate shown in CLI command is not accurate
PR Number Synopsis Category: IDP attack detection in the subscriber qmodules
1497340 The IDP attack detection might not work in a specific situation.
Product-Group=junos
If the total number of applications (predefined as well as the custom applications configured) crosses 4096, attack detection might fail.
PR Number Synopsis Category: Kernel software for AE/AS/Container
1514146 The 100M SFP-FX is not supported on satellite device in Junos Fusion setup
Product-Group=junos
On satellite device in Junos Fusion setup, interfaces with 100M SFP-FX might not work properly.
PR Number Synopsis Category: ISIS routing protocol
1482983 The output of the "show isis interface detail" command might be incorrect if wide-metrics-only is enabled for IS-IS and the ASCII representation of the metric in decimal is more than 6 characters long
Product-Group=junos
If 'wide-metrics-only' is enabled for any IS-IS level and a metric configured on the IS-IS enabled interface for that level has ASCII representation in decimal more than 6 characters long, this interface's metric for that level will be merged with 'priority' field value in the output of 'show isis interface detail'.
1526447 The IS-IS LSP database synchronization issue might be seen while using the flood-group feature.
Product-Group=junos
On all Junos platform, when flood-group is configured on interface under isis, if isis LSPs time out and then come up, the device sends only self-generated LSPs and doesn't increment the LSP updates received from neighbor which flapped. This is causing LSP database out of synchronization issue.
PR Number Synopsis Category: Adresses ALG issues found in JSF
1535356 The SCCP ALG does not work on SRX Series devices running with Junos OS Release 17.3R1 and onward
Product-Group=junos
On SRX Series devices running with Junos OS Release 17.3R1 and onward, the Skinny Client Control Protocol (SCCP) ALG does not work, which results in SCCP calls failure.
PR Number Synopsis Category: Flow Module
1467654 TCP session cannot time out properly upon receiving the TCP RESET packet, and the session timeout does not change to two seconds.
Product-Group=junos
TCP session cannot time out properly upon receiving the TCP RESET packet, and the session timeout does not change to 2 seconds.
1528898 A chassis cluster node might stop passing traffic.
Product-Group=junos
On SRX platforms, a node of chassis cluster might stop passing traffic. The traffic forwarding can be restored by a manual failover to Node1.
PR Number Synopsis Category: JSR Infrastructure
1479156 The vSRX may restart unexpectedly.
Product-Group=junos
The srxpfe process generates core files when a socket-open error occurs during the initialization phase. Self-healing takes place when the srxpfe reboots and starts processing traffic.
PR Number Synopsis Category: all logging related bugs on srx platforms
1521794 High RE CPU might be seen due to llmd process on branch SRX chassis clusters
Product-Group=junos
On SRX Series devices with chassis cluster, high CPU usage might be seen due to the llmd process.
PR Number Synopsis Category: Firewall Policy
1454907 Traffic might be dropped when policies are changed in SRX Series devices
Product-Group=junos
If a huge number of policies are configured on SRX Series devices and some policies are changed, the traffic that matches the changed policies might be dropped.
1527570 Traffic might be dropped when policies are changed in SRX Series devices
Product-Group=junos
If some policies are changed on SRX Series devices, the traffic that matches new and existing policies might be dropped.
1544554 The flowd/srxpfe process might crash when SRX/NFX device running on Junos OS 18.2R1 or above where the unified policy feature is supported
Product-Group=junos
On SRX Series device running on Junos OS 18.2R1 or above, or NFX Series device running on NextGen Junos OS, the unified policy feature is supported, the flowd/srxpfe might crash.
PR Number Synopsis Category: Firewall Module
1521325 The TCP packet might be dropped if syn-proxy protection enabled
Product-Group=junos
On SRX series devices, if TCP SYN flood protection is enabled with TCP SYN Proxy and the 3rd and 4th packet from the client arrive at the same time, then it can cause an SEQ error that may break the TCP connection.
PR Number Synopsis Category: IPSEC/IKE VPN
1522017 The traffic might be dropped when IPSec VPN with NAT-T enabled
Product-Group=junos
On SRX platforms, when IPSec VPN is configured with NAT-T enabled and VPN tunnel is established between two peers, if traffic is received from peer during VPN rekey, the traffic might be dropped in the VPN tunnel.
1530684 On all SRX series devices using IPsec with NAT Traversal, MTU size for the external interface might be changed after IPSEC SA is re-established.
Product-Group=junos
On all SRX series devices using IPsec with NAT Traversal, MTU size might be changed to a lower value for the ike external interface after IPSEC SA is re-established.
PR Number Synopsis Category: Kernel MX virtual-chassis PRs
1514583 Fail to forward traffic to VCP FPC after MXVC reboot or FPC rebooted or adding VCP link
Product-Group=junos
When rebooted MXVC or FPC rebooted or adding VCP link, there is timing issue when DEVRT updates coming in before the VCP IFD add messages in some FPCs that caused next hop mis-programming on these specific FPCs. Can check by: request pfe execute command "show jnh 0 vc state 0" target member1-fpcX request pfe execute command "show jnh 0 vc state 1" target member0-fpcX And will see invalid slot id = 255 . And we have to reboot specific to let FPCs next hop programming correct. Per this PR, re-designed Kernel part to parse the VC internal device route message from VCCPD and guarantee that VCP- interface messages are always sent to Ukernel/PFE first, then followed by VC internal device route message.
PR Number Synopsis Category: lacp protocol
1277144 LACP is not sending IFF_DOWN reason with destroy session request
Product-Group=junos
In current scenario when interface is going down then LACPD is not sending reason for destroy session request i.e IFF_DOWN(interface down). So the LACP session may not be destoried immediately until the LACP session times out.
1366825 RG1 failover occurs when RG0 failover is triggered
Product-Group=junos
RG1+ which is configured for interface-monitor, might fail over to the other node if RG0 failover is triggered.
1463791 Member links state might be asychronized on a connection between the PE and CE devices in an EVPN active/active scenario.
Product-Group=junos
In EVPN multi-homed active/active scenario, when LACP is enabled on PE-CE child member links and after recovering from a core-isolation on the PE device, the PE-CE child member links might be stuck in Detached state if LACP sync-reset feature is enabled on the CE device. The child links on the CE device might show the LACP state as Collecting Distributing. However, on the PE devices, the LACP state might be shown as Detached.
1505523 The aggregated Ethernet interface sometimes might not come up after switch is rebooted.
Product-Group=junos
In Junos platforms with LACP and knob "minimum-links" enabled scenario, AE interface might not come up after the switch is rebooted or the AE interface is deactivated/activated. This is because the knob "sync-reset" is enabled. ("sync-reset" is enabled by default on QFX and EX platforms, and it only needs to use when the "minimal link" is not supported on one side of an LACP).
PR Number Synopsis Category: Label Distribution Protocol
1521698 The LDP session-group might throw a commit error and flap.
Product-Group=junos
This PR addresses the below issues: 1. Configuration of "protocols ldp session-group" on EVO platform may throw commit failure error. 2. The LDP session keeps flapping on MX Power PC platform upon adding authentication key in ldp session-group.
1538124 The rpd process might crash when the LDP route with indirect next hop is deleted on the aggregated Ethernet interface.
Product-Group=junos
If the Label Distribution Protocol (LDP) route with indirect next-hop exists (e.g. LDP egress-policy is used to advertise BGP route into LDP), the rpd might crash when the LDP route is deleted from the AE interface.
PR Number Synopsis Category: SW PRs for MPC10E Interfaces
1491142 BCM8238X SerDes firmware did not complete tuning may be a false positive alarm.
Product-Group=junos
BCM8238X SerDes firmware did not complete tuning may be a false positive alarm.
PR Number Synopsis Category: Jflow and sflow on MX
1487876 Incorrect 'frame length' of 132 bytes might be captured in packet header
Product-Group=junos
On all MX/PTX5k/EX platforms with Trio based line cards, if a packet is send with more than 128 bytes it will always show incorrect "Frame length" of 132 bytes in raw packet header of sflow collector captured data.
PR Number Synopsis Category: Fabric Manager for MX
1482124 Fabric healing logic incorrectly makes all MPC line cards go offline in the MX2000 router while the hardware fault is located on one specific MPC line card slot.
Product-Group=junos
In specific MPC hardware failure conditions within the MX2K platform, fabric healing will attempt to auto-heal the fault location in 3 phases to prevent traffic blackholing. If under such fault conditions only destination timeouts are reported without corresponding link errors, the fabric healing process might restart all MPCs in phase-2 in an auto-healing attempt and if the error condition appears again within 10 minutes the last phase-2 might offline all MPCs in the system.
PR Number Synopsis Category: OS IPv4/ARP/ICMPv4
1511833 The kernel might crash causing the router or the Routing Engine to reboot when performing virtual IP related change.
Product-Group=junos
On all Junos platforms with VRRP enabled, if delete and add any configuration which involves the virtual IP in the same commit, the kernel might crash. When this happens, the system or the RE will reboot.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1518898 The kernel might crash if a file/directory is accessed for the first time and is not created locally.
Product-Group=junos
On the Junos with Virtual Filesystem (VirtFS), if a file/directory is accessed for the first time and is not created locally, the kernel might crash and generate a vmcore file. Junos might reboot due to this issue.
1537696 Errors might be seen when dumping vmcore on EX2300/EX3400 series
Product-Group=junos
On EX2300/EX3400, the vmcore might not be available and the device might hang while trying to generate core files via the rescue kernel. This might be caused by the ARM dumper device supporting only a fixed 512 byte block size, rather than scaling to any block size. This might cause loss of debug ability for the device.
PR Number Synopsis Category: Kernel Stats Infrastructure
1508442 SNMP polling might return an unexpectedly high value for the ifHCOutOctets counter for a physical interface when any jnxDom OID is processed at the same time.
Product-Group=junos
When actual transmitted load is configured for interface as: set interfaces interface-transmit-statistics And ifHCOutOctets OID is polling together with any jnxDom OIDs for the same interface with time interval between pollings equal or less then one second, the resulted value of ifHCOutOctets may be unexpectedly high
1522561 OID ifOutDiscards reports zero and sometimes shows valid value.
Product-Group=junos
OID ifOutDiscards reports zero and sometimes shows valid value. user@router> show snmp mib get ifOutDiscards.514 | refresh 3 ---(refreshed at 2020-07-10 12:54:07 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:10 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:13 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:16 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:19 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:22 IST)--- ifOutDiscards.514 = 241974 ---(refreshed at 2020-07-10 12:54:25 IST)--- ifOutDiscards.514 = 241974 ---(refreshed at 2020-07-10 12:54:28 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:31 IST)--- ifOutDiscards.514 = 0
PR Number Synopsis Category: Kernel Tunnel Interface Infrastructure
1478822 The protocol MTU might not be changed to lt- interface from the default value.
Product-Group=junos
For the first time, the protocol MTU of lt- interface changing from default state to any other specific value, it can not be changed. The configuration will show it has been changed to the specific value, but checking by the CLI command "show interface lt-x/x/x", there's no setting value for the protocol MTU of lt- interface. The traffic may be impacted by this issue.
PR Number Synopsis Category: OSPF routing protocol
1525870 OSPFv3 adjacency should not be established when IPsec authentication is enabled
Product-Group=junos
On EX4300 platforms, the OSPFv3 configured with IPsec authentication after device reboots, the OSPFv3 adjacency should not be established, while do the same configuration before device reboots, the adjacency should be established.
PR Number Synopsis Category: Used for tracking OVSDB software issues and features
1518807 The vgd process might generate a core file when the OVSDB server restarts.
Product-Group=junos
On all Junos platforms that support OVSDB (Open vSwitch database), the vgd core might get generated when the OVSDB server is restarted. The vgd daemon restart after the core might cause traffic impact. This issue happens when OVSDB server is disconnected and the device (switch/router) sends some updates events to server.
PR Number Synopsis Category: Protocol Independant Multicast
1487636 The rpd might crash when perform GRES with MSDP configured
Product-Group=junos
On all Junos platforms, when execute Graceful Routing Engine Switchover (GRES) with Multicast Source Discovery Protocol (MSDP) enabled, rpd might crash on new primary Routing Engine (RE). The issue could be automatically recovered after rpd successful self-restart. This is a timing and regression issue.
PR Number Synopsis Category: Issues related to PKI daemon
1525924 Certificate validation might fail when OCSP is used and the OCSP server is dual-stack device
Product-Group=junos
When IPSec and PKI are used on SRX platforms, two VPN peers are using OCSP and the OCSP server is dual-stack device, if revocation check is configured for certificate, the certificate validation might fail and the IPSec tunnel is not established.
PR Number Synopsis Category: PTP related issues.
1420335 In some scenarios with PTP hybrid mode , continuous resetting of the Playback Engine log message occurs. Playback engine resides inside the MPC FPGA and it is responsible for maintaining the PTP states corresponding.
Product-Group=junos
In some scenarios with PTP hybrid mode, continuous Resetting the Playback Engine log message. Playback engine resides inside MPC FPGA and it is responsible for maintaining the PTP states corresponding.
1493743 The ptp-clock-global-freq-tracable leaf value becomes false and does not changes to true) when the internal lock is in the Acquiring state.
Product-Group=junos
Frequency traceable flag reflected the wrong status and toggled unexpectedly. This has been fixed to reflect the correct values based on the clock status.
1527612 The transit PTP packet might be unexpectedly modified when passing through MPC2E-NG/MPC3E-NG/MPC5E
Product-Group=junos
If timestamping the packet at the physical layer (also known as PHY timestamping) is enabled for Precision Time Protocol (PTP), the transit PTP packets passing through the MPC2E-NG/MPC3E-NG/MPC5E might be modified to have huge value in Correction Field of the PTP packet even though there is not PTP port configured on these line cards. If the transit PTP packets are used for synchronizing downstream node, the clock frequency drift could be seen. The current fix in this PR is only applicable for G.8275.1 PTP profile.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1507044 The archival function might fail in certain conditions.
Product-Group=junos
If the archival function is enabled with the statement "routing-instance" and transfer mode is set as SFTP/SCP for archive-sites, it may not work and fail to transfer the files.
1520144 SNMP trap of power failure might not be sent out
Product-Group=junosvae
On QFX5K platforms, the SNMP trap of power failure might not be sent out when power cable is removed from PSU, and the output of CLI command 'show chassis environment' would not display the information of the power failure.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1454527 On the QFX5000 line of switches, the dcpfe process crashes due to the usage of data that is not null getting terminated.
Product-Group=junosvae
The dcpfe crash is due to usage of data which is not NULL terminated on QFX5K.
1508611 The fxpc may crash and restart with a fxpc core file created while installing image through ZTP
Product-Group=junos
On QFX5100/EX4600 Series platforms, the fxpc may crash sometimes while installing an image through ZTP.
1520956 QFX5100: cprod timeout triggers high CPU (100%)
Product-Group=junos
In QFX5100, you might get high CPU (100%) caused by cprod command timing out after the execution of the following command: % cprod -A fpc0 -c 'set dc bc "counter on"' Command timed out % root@jtac-qfx5100-48s-6q-r2320> start shell % top -SH last pid: 4369; load averages: 1.00, 1.00, 1.00 up 0+18:45:06 08:52:40 174 processes: 3 running, 150 sleeping, 21 waiting CPU states: 58.3% user, 0.0% nice, 41.4% system, 0.0% interrupt, 0.4% idle Mem: 839M Active, 109M Inact, 446M Wired, 419M Cache, 69M Buf, 36M Free Swap: 1106M Total, 1106M Free PID USERNAME PRI NICE SIZE RES STATE TIME WCPU COMMAND 1866 root 76 0 1255M 573M RUN 897:06 97.36% fxpc <<<<<<<<<<<<<<< 1857 root 40 0 100M 30456K select 6:28 0.10% chassisd root@jtac-qfx5100-48s-6q-r2320> show chassis fpc Temp CPU Utilization (%) CPU Utilization (%) Memory Utilization (%) Slot State (C) Total Interrupt 1min 5min 15min DRAM (MB) Heap Buffer 0 Online 38 100 0 0 0 0 1920 0 62 1 Empty 2 Empty
PR Number Synopsis Category: QFX PFE Class of Services
1430173 The CoS rewrite rules applied under an aggregated Ethernet interface might not take effect after NSSU.
Product-Group=junos
On QFX 5K platform, Class of Service (CoS) rewrite rules applied under an Aggregated Ethernet (AE) interface might not take effect after Non-Stop Software Upgrade (NSSU). In the end, packets could not enter into correct queues for sending.
PR Number Synopsis Category: Filters
1514710 In the VXLAN configuration, the firewall filters might not be loaded into the TCAM with the following message due to TCAM overflow after upgrading to Releases 18.1R3-S1, 18.2R1, and later : DFWE ERROR DFW: Cannot program filter.
Product-Group=junos
n QFX5000/EX4600 platforms with VxLAN scenario, firewall filters loading failure might happen due to Ternary Content Addressable Memory(TCAM) overflow, which may cause traffic impact if the Junos version is upgraded to 18.1R3-S1 / 18.2R1 or higher. This is because IPACL VxLAN filter is introduced on that releases to replace regular IPACL for VxLAN VLANs. And after upgrade, IPACL VxLAN filter needs more entries in TACM compared with regular IPACL, which makes TCAM to overflow, and even traffic will be impacted.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1512712 Display issue, Virtual Chassis environment, Configured num-65-127-prefix value is shown incorrect for the command O/P "show chassis forwarding-options"
Product-Group=junos
Display issue, In a Virtual Chassis environment, Configured num-65-127-prefix value is shown incorrect for the command O/P "show chassis forwarding-options" for the FPC which is not local (Backup and line card members of the VC)
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1483585 Traffic impact might be observed when policy-multipath is configured without LDP on the SPRING-TE scenario.
Product-Group=junos
When policy-multipath is configured without LDP on Spring-TE scenario and active-route uses indirect-nexthop (Sprint-TE tunnel with first-hop label uses indirect-nexthop), traffic loss might be seen due to FNH (Forwarding next-hop) not get flashed. Below is the introduction of policy-multipath feature. In Segment Routing networks with multiple protocols in the core, the Segment Routing traffic-engineered (SR-TE) LDP routes and SR-TE IP routes can be combined to create a multipath route that is installed in the routing table. BGP service routes could be resolved over the mutlipath route through policy configuration and traffic could be steered differently for different prefixes. This may not be the only case which can result in this issue. If RE does not have LDP config but using multipath between SR-TE and ISIS then PR-1483585 fix is critical. Without this fix, we can run into problems in multiple cases. Any config change that triggers nexthop change of mpls.0 route added by L-ISIS (which is First-hop label of SR-TE LSP), can trigger this problem. Few triggers: Interface down (which was originally reported in PR1483585) MPLS family change on the interface (due to max-labels config) Any other topology changes which result in L-ISIS nexthop change (neighbor interface down, neighbor RE down etc)
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1421566 Some LDP routes in VRF cannot be resolved over the inet.3 table
Product-Group=junos
Any route that is added to the rib will be resolved over predefined tables, and the resolution tables for a given protocol are fixed. LDP routes added to foo.mpls.0, the resolution table is not initialized due to this NULL access happen to lead to the core.
1471968 The rpd might stop when both instance-import and instance-export policies contain the as-path-prepend action.
Product-Group=junos
On all platforms running Junos OS, when an internally route leaking between routing instances using instance import and instance export policies and both policies containing as-path-prepend actions, if this as-path is referred to some route, the rpd process might stop a change or delete operation on the route (for example, clearing BGP neighborship, changing BGP or policy configuration, and so on).
1498377 The route entries might be unstable after being imported into inet6.x RIB via rib-group
Product-Group=junos
When inet6.x (such as 6.1/6.2/6.3, and so on) is used as a non-primary RIB by rib-group, the import function issue might cause the route entries not to be modified correctly for IPv6 format, it might lead the received routes not to be imported successfully into the inet6.x RIB of the routing protocols. Then the network reachability might be impacted.
1507638 On all Junos OS dual-Routing Engine GRES or NSR enabled routers, the rpd process might crash on a new primary Routing Engine if the Routing Engine switchover occurs right after massive routing-instance deletion.
Product-Group=junos
On all Junos platforms, if GRES and NSR are enabled at a dual-RE router and if RE switchover happens (either manually or due to some other reasons) right after deleting a big number of routing instances, then rpd at a new primary RE could crash once. Once a new primary RPD crashed, it will restart by itself.
PR Number Synopsis Category: Resource Reservation Protocol
1495746 The rpd process generates core file on the backup Routing Engine.
Product-Group=junos
On the backup RE, when previous hop for P2MP LSP is not created, p2mp structures corresponding to this entity are freed. During this removal process, RPD crashes due to some condition failure in one of p2mp structures. This issue only happens on the backup RE and no service impact would be seen.
1524736 The inter-domain LSP with loose next-hops path might get stuck in the Down state.
Product-Group=junos
In the scenario of inter-domain LSP with loose next-hops path, when expanding the loose hop at the Area Border Router (ABR) / Autonomous System Border Router (ASBR), the LSP might not come up properly if the incoming link of the LSP at the ABR/ASBR is an unnumbered interface.
PR Number Synopsis Category: jflow/monitoring services
1517646 The srrd process might crash in a high route churns scenario or if the process flaps.
Product-Group=junos
On all Junos platforms with inline Jflow enabled, the sampled route reflector process (srrd) might crash in a scenario where there are high route churns or flaps in the system. This is a rare timing issue and due to the crash Jflow export might report older routes information for sometime.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1482400 The vmcore process crashes sometimes along with the mspmand process on MS-MPC/MS-MIC if large-scale traffic flows are processed
Product-Group=junos
With NAT/Stateful-firewall/TCP tickle (enable by default) configured on MS-MPC/MS-MIC, the vmcore crash sometimes along with mspmand crash might happen if large-scale traffic flows (e.g. million flows) are processed by it.
PR Number Synopsis Category: SSL Proxy functionality on JUNOS
1505013 On SRX platform, when the SSL proxy is enabled and if the device runs out of memory, then the SSL proxy module might stop
Product-Group=junos
On SRX platforms, when the SSL proxy is enabled and if the device runs out of memory, then the SSL proxy module might stop. This issue might lead to PFE crash. Once the core file is generated, the packet forwarding engine gets restored automatically.
PR Number Synopsis Category: MX10003/MX204 Linux issues (including driver issues)
1492121 MX10003 might shut down itself automatically after system upgrade or downgrade
Product-Group=junosvae
On MX10003 platform, if system upgrade or downgrade is done from Junos 18.2R3, 18.3R3, 18.4R2, 19.1R2, 19.2R1, 19.3R1 and onwards releases to pre-18.2R3, pre-18.3R3, pre-18.4R2, pre-19.1R2, pre-19.2R1, and pre-19.3R1 releases, the system might detect incorrect temperature value and shut down itself automatically due to this issue.
PR Number Synopsis Category: SRX-1RU HA SW defects
1474233 An unhealthy node might become primary in SRX4600 devices in a chassis cluster scenario.
Product-Group=junos
In the SRX4600 Chassis Cluster scenario, a node might become primary in a failover scenario. This can lead to packet drops.
PR Number Synopsis Category: MX10003/MX204 SW - UI specific defects
1529028 The speed command cannot be configured under the interface hierarchy on an extended port when MX204 or MX10003 router works as an aggregation device.
Product-Group=junos
Due to the restriction added via PR 1389918 (fixed in 17.4R3 18.2R2 18.3R2 18.4R1 19.1R1), it is unable to configure the speed knob under interface hierarchy on extended port when MX204 or MX10003 works as aggregation device (AD) in Junos Fusion Provider Edge (JFPE) setup.
PR Number Synopsis Category: sync-e related issues.
1398129 Router advertises the ESMC QL of PRC even though the current clock status is holdover.
Product-Group=junos
Router is advertising the ESMC QL of PRC even though the current clock status is holdover. This behaviour is addressed in this PR and will be applicable to all platforms.
PR Number Synopsis Category: Trio LU, IX, QX, MQ chip drivers, ucode & related SW
1490761 The PFE might wedge when forwarding loop exist in the network on MX platforms
Product-Group=junos
Because of a gap in timeout settings on MX platforms, the PFE might wedge when forwarding loop exist in the network. This is a very rare timing issue.
PR Number Synopsis Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1525585 Addition and removal of an aggregated Ethernet interface member link might cause the PPPoE subscriber session and traffic to drop.
Product-Group=junos
On the MX platforms with enhanced subscriber management enabled, when adding/removing one of the member links with "down" status to/from two member links AE bundle on the same PFE (Packet Forwarding Engine), because of the incorrect CoS (Class of Service) queue update, the PPPoE subscribers traffic are mapped to an incorrect queue and get dropped over the AE bundle.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1533767 PPE errors seem while processing OSPF multicast packet being sent through EVPN instance
Product-Group=junos
For multicast OSPF packets entering EVPN instance, these packets are being handled as transient packets, flood next-hop structure will be used to forward these packets to remote PE/CE. During the process of packet replication, it might encounter a lookup error causing "HW trap" and lookup thread will stop for this packet. If a packet hits this situation, a PPFE trap along with ttrace will be generated. Similar logs might be seen during such event : [LOG: Err] LUCHIP(0) PPE_1 Errors lmem addr error [LOG: Err] LUCHIP(0) PPE_2 Errors lmem addr error [LOG: Err] LUCHIP(0) PPE_7 Errors lmem addr error [LOG: Err] PPE Thread Timeout Trap: Count 3, PC 601c, 0x601c: set_oif_mtu [LOG: Err] PPE PPE HW Fault Trap: Count 343580, PC 6da, 0x06da: dmac_miss_check_ndp
1533857 FPC crash might be observed when the ASIC's NH memory exhausted in the EVPN-MPLS scenario
Product-Group=junos
On all MX/EX92xx platforms with EVPN-MPLS configured, NH (Next-Hop) memory leak in Trio ASIC happens whenever there is a route churn for remote MAC-IP entries learned bound to the IRB interface in EVPN-MPLS routing-instance. When the ASIC's NH memory partition exhausted (free% NH memory is close to 20% or below), which will result in the line card to reboot.
1542211 Trio-based FPC might crash when the underlying layer 2 interface for ARP over IRB interface is changed from physical interface to LSI interface
Product-Group=junos
This issue applies to a Trio-based FPC using the integrated routing and bridging (IRB) interface with a VPLS instance using the label-switched interface (LSI) to provide VPLS functionality. The FPC may restart unexpectedly. The restart is triggered when the underlying layer-2 interface for ARP over IRB interface changes from the physical interface to the LSI interface.
PR Number Synopsis Category: Issues related to port-mirroring functionality on JUNOS
1542500 Port mirroring with maximum-packet-length configuration does not work over GRE interface
Product-Group=junos
Port mirroring with maximum-packet-length configuration does not work over GRE interface on MX204. While constructing GRE header, the clipping aspect of inner packet was not accounted earlier. If the inner packet is truncated, the outer GRE header packet size must use the new size (clipped size) to calculate the total length of outer header.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1470695 SSH session closes while checking for "show configuration | display set " command for both local and non local users
Product-Group=junos
SSH session logs out users when running the command "show configuration | display set" for local and non-local users authenticated using RADIUS server, the issue is not seeing for root users This issue occurs only when "configuration-breadcrumbs" statement is enabled at the [edit system login class ] hierarchy level.
PR Number Synopsis Category: Web-Management UI
1513612 Installing J-Web application package may fail on the EX2300/EX3400 platforms
Product-Group=junos
On the EX2300/EX3400 platforms, J-Web application package may fail to be installed with the affected releases.
PR Number Synopsis Category: VNID L2-forwarding on Trio
1517591 no-arp-suppression is required for MAC learning across the EVPN domain on the static VTEP.
Product-Group=junos
On MX platform, with Ethernet VPN and Virtual Extensible LANs (EVPN-VXLAN) implemented, Address Resolution Protocol (ARP) requests received on VXLAN tunnel endpoint (VTEP) might not forward to customer edge (CE) side or Proxy ARP role on VTEP might not work properly. This issue could happen when knob 'no-arp-suppression' is disabled under EVPN instance combined with static VXLAN implementation. Please refer to workaround provided when this issue hit.
PR Number Synopsis Category: VSRX platform software
1496937 The clock drift issue might cause control link failure of a vSRX cluster running on KVM hypervisor.
Product-Group=junos
When the vSRX cluster is deployed on the top of the KVM hypervisor, the host clock drift issue might cause vSRX cluster deployment to be unstable status due to the vSRX doesn't handle the KVM clock well. The issue will cause control link failure between the cluster nodes. Further, if the knob "control-link-recovery" is enabled, the secondary node for the RG0 (redundancy-group 0) will reboot automatically.
1524243 The control link may be broken when there is excessive traffic load on the control link in vSRX cluster deployment
Product-Group=junosvae
In the vSRX2.0 cluster running on KVM, when there is excessive traffic load on the control link (em0 link), the error message kernel: em0: watchdog timeout on queue 0 might be shown in the syslog. This interruption might cause the cluster control link to fail and dynamic routing protocols not to work properly.
 

18.4R3-S6 - List of Known issues
PR Number Synopsis Category: SFI Infra-structure
1485038 The following error message is observed continuously in AD with base configurations: IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) failed.
Product-Group=junos
EX 9251 "IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) error message is observed continuously in AD with base configurations.
PR Number Synopsis Category: Marvell based EX PFE ACL
1434927 The FPC crashes with pfem generating core file might be seen if large-scale number of firewall filters are configured.
Product-Group=junos
On EX Series switches, If you are configuring a large-scale number of firewall filters on some interfaces, the FPC might crash and generate core files.
PR Number Synopsis Category: Marvell based EX PFE L2
1538482 The LLDP neighborship with the VoIP phones can't be established
Product-Group=junos
On EX4300 platforms, the LLDP (Link Layer Discovery Protocol) neighborship with the VoIP (Voice over Internet Protocol) phones can't be established when LLDP is configured on the PoE (Power over Ethernet) enabled port on EX4300 and connects to the VoIP Phone.
PR Number Synopsis Category: Marvell based EX PFE MISC
1232403 HSRPv2 IPV6 packets might get dropped if IGMP-snooping is enabled.
Product-Group=junos
On EX Series switches except EX4300/EX4600/EX9200, an interface is configured for single vlan or multiple vlans, if all these vlans of this interface have igmp-snooping enabled, then this interface will drop HSRPv2 (Hot Standby Router Protocol for IPv6) packets. But if some vlans do not have igmp-snooping enabled, then this interface is working fine.
PR Number Synopsis Category: EX9200 Platform
1448368 On the EX9214 device, the following error message are observed after reboot and MACsec-enabled link flaps: errorlib_set_error_log(): err_id(-1718026239).
Product-Group=junos
On the EX9214 device, if the MACsec-enabled link flaps after reboot, the error "errorlib_set_error_log(): err_id(-1718026239)" is observed.
PR Number Synopsis Category: NFX Layer 2 Features Software
1517995 vSRX VM Cluster: IPC disconnect could be seen on JCP if the CPU0 gets hogged.
Product-Group=junos
This issue is applicable to vSRX VM cluster running on NFX250. The "dcpfe" process may consumes higher CPU cycles while flushing the stale/aged mac entries from the mac-to-interface ethernet-switching table. This can cause IPC connections to be disconnected on a JCP.
PR Number Synopsis Category: NFX Series Platform Software
1462556 Junos OS: NFX350: Password hashes stored in world-readable format (CVE-2020-1669)
Product-Group=junos
The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. Refer to https://kb.juniper.net/JSA11066 for more information.
PR Number Synopsis Category: CoS support on ACX
1522941 The show class-of-service interface command does not show classifier information.
Product-Group=junos
This is a display issue. Due to misread in PFE registers, classifier is not shown in "show class-of-service interface" output
PR Number Synopsis Category: ACX GE, 10GE, PoE, IDT framers
1523418 Interface not coming up with Auto-negotiation setting between ACX1100 and QFX/MX/ACX as other end
Product-Group=junosvae
Broadcom chipset Patch provided to address TD2+ and TD chip set address the remote fault issue.
PR Number Synopsis Category: common or misc area for SRX product
1345941 Packet drop when one of reth link at secondary node comes up
Product-Group=junos
On the SRX4000 line of devices with chassis cluster setup, when more than two ports are bound as reth interfaces on each node, packet drop might be seen.
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1516556 The remaining BFD sessions of the aggregated Ethernet interface flap continuously if one of the BFD sessions is deleted.
Product-Group=junos
On QFX10k platforms, if multiple sub-interfaces of the same AE (Aggregated Ethernet) interface are belonged to different routing instances, and these sub-interfaces are configured with the same IP address and configured with separate BFD (Bidirectional Forwarding Detection) sessions, the remaining BFD sessions will flap continuously if one of these BFD sessions is deleted.
1522261 BFD with authentication for BGP flaps after GRES or NSR switchover on the NG-RE and SCBE2 setup.
Product-Group=junos
On the devices with NG-RE (Next Generation Routing Engine) and SCBE2 (Enhanced Switch Control Board), when BFD authentication for BGP is enabled, the BFD may flap after the NG-RE switchover. The switchover should be GRES or NSR switchover. After the flap, the device could be self recovery.
PR Number Synopsis Category: Border Gateway Protocol
1456260 Packet drop and CPU spike on Routing Engine might be seen in certain conditions if labeled-unicast protection is enabled for a CsC-VRF peer.
Product-Group=junos
On all Junos OS platforms under carrier supporting carrier (CsC) scenario, when PE link protection (labeled-unicast protection) is enabled, after one of the redundant links between CsC-CE flap or RSVP-TE LSP re-route from the primary path happens, it might result in slow convergence issue. Packets drop and CPU spike on the Routing Engine might be seen during this period.
PR Number Synopsis Category: MX Platform SW - Mastership Module
1546002 Even though enhanced-ip is active, the following alarm is observed during ISSU: RE0 network-service mode mismatch between configuration and kernel setting.
Product-Group=junos
new alarm "network-service mode mismatch between configuration and kernel setting" was introduced by PR 1514840 commit. when ISSU is performed from images without PR 1514840 commit to images with PR 1514840 commit, then the transient false alarm will be seen.
PR Number Synopsis Category: Device Configuration Daemon
1221993 Identical IP address are configured on different logical interfaces from different physical interfaces in the same routing instance including the primary routing-instance
Product-Group=junos
The same IP address could be configured on different logical interfaces from different physical interfaces in the same routing instance (including primary routing instance), but only one logical interface was assigned with the identical address after commit. There was no warning during the commit, only syslog messages indicating the incorrect configuration.
1539991 The logical interface might flap after adding or deleting native VLAN configuration
Product-Group=junos
On EX/QFX platforms, the unrelated logical interface on a physical interface would flap when adding or deleting native VLAN configuration on the physical interface.
PR Number Synopsis Category: DNX VPLS
1532995 Memory leak in Local OutLif in VPLS/CCC topology
Product-Group=junos
In a VPLS/CCC topology with core link protection when one of the core link flaps or the remote CE flaps "Local OutLif" leak happens. Local OutLif Total entries: 196608 Used entries: 33335 Lowest entry: 0(0x0) /*Initially when vpls is up */ Local OutLif Total entries: 196608 Used entries: 33303 Lowest entry: 0(0x0) /*When VPLS is down*/ Local OutLif Total entries: 196608 Used entries: 33337 Lowest entry: 0(0x0) /*When VPLS is up again*/
PR Number Synopsis Category: EVPN control plane issues
1521526 ARP table might not be updated after performing VMotion or a network loop
Product-Group=junos
On all Junos platforms with EVPN configured, the ARP table might not get updated. This issue happens after performing VMotion in a network or having a network loop.
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1520078 Unable to create a new VTEP interface.
Product-Group=junos
In all platforms with VXLAN Static VTEP tunnels scenario (including Static VXLAN without EVPN), after RE switchover or restart of l2-learning, if create a new VTEP interface, the interface may not work.
1535515 All the ARP reply packets towards to some address are flooded across the entire fabric
Product-Group=junos
In the EVPN-VXLAN scenario, if the spine has irb and the leaves don't have irb, and the leaves have multi-home interfaces, the ARP reply packets flooding across the entire fabric might be seen.
PR Number Synopsis Category: Flow Module
1541954 Rst-invalidate-session does not work if configured together with no-sequence-check
Product-Group=junos
On SRX Series platforms, the "rst-invalidate-session" does not work if configured together with no-sequence-check. It might result in a TCP connection unestablished.
PR Number Synopsis Category: IPSEC/IKE VPN
1517262 The flowd might crash in IPsec VPN scenario
Product-Group=junos
On SRX platforms with IPsec VPN configured, the flowd might crash during the IPsec VPN rekey window. The traffic/service might be impacted if hitting this issue.
PR Number Synopsis Category: Multiprotocol Label Switching
1506062 The rpd process might crash when rpd restarts or GRES switchovers.
Product-Group=junos
On all Junos platforms with GR (Graceful Restart) and LSP (Label Switched Path) configured, if the /mfs/var/db/tag_restart.db file is corrupted, the rpd process might crash when triggering rpd restart or GRES (Graceful Routing Engine Switchover) switchover. Traffic loss might be seen during the rpd crash and restart.
PR Number Synopsis Category: Fabric Manager for MX
1535787 All SFBs might get offlined due to fabric failure and fabric self-ping probes performs "disable-pfe" action
Product-Group=junos
Once yanking out the MPC without prior offline and the chassisd process is not able to process this event on the primary RE due to additional mastership switch, and later the MPC which pulled out the slot is re-inserted back, many Switch Fabric Board (SFB) might be offline due to max_total_cell_usage overflow condition on the xfchip. MX2020 Platform with SFB2 is not exposed to such event, neither if MX2020 has the disable-grant-bypass configured.
PR Number Synopsis Category: PE based L3 software
1500798 BFD sessions flap after deactivating or activating the aggregated Ethernet interface or executing GRES.
Product-Group=junos
On QFX10008 platforms, if the BFD is configured over an AE interface (member link across multiple FPCs), deactivating/activating the AE interface or executing GRES will cause the BFD sessions to flap.
PR Number Synopsis Category: vMX Data Plane Issues
1544856 The riot forwarding daemon crash might be observed on vMX based platforms configured with IRB interface
Product-Group=junos
On vMX based platforms enabled with IRB interface, the riot forwarding daemon crash might be observed which could lead to traffic loss.
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1515487 The 100-Gigabit Ethernet AOC non-breakout port might be auto-channelized to other speed
Product-Group=junos
On QFX5k platform with QFX-5e image, if the 100G port is enabled with auto-channelization (which is by default) and the AOC (Active Optical Cable) non-breakout transceiver is used on it, the 100G port might be detected as breakout and auto-channelized to other speed (e.g. 50G). The interface connection will be impacted.
PR Number Synopsis Category: QFX L2 PFE
1475005 The system might stop new MAC learning and impact the Layer 2 traffic forwarding
Product-Group=junos
On QFX platforms, if there are a lot of MAC moves, the system might stop new MAC learning and lots of old MAC addresses might be stuck and couldn't be aged and deleted. Due to this issue, could have impact on layer 2 traffic forwarding and the customer service.
PR Number Synopsis Category: QFX EVPN / VxLAN
1550305 EVPN_VXLAN : Traffic not load balanced by QFX10002 over ESI links with evpn_vxlan configured
Product-Group=junos
EVPN_VXLAN : Traffic not load balanced by QFX10002 over ESI links with evpn_vxlan configured
PR Number Synopsis Category: QFX VC Infrastructure
1526679 QFX5100 in a virtual-chassis configuration may flap MSDP sessions after GRES switch
Product-Group=junos
MSDP sessions may reset after a GRES reset even when nonstop routing state is synchronized and ready for switchover
PR Number Synopsis Category: RPD policy options
1538172 If upgrade to a specific version, the configuration validation may fail and the rpd may crash
Product-Group=junos
On all Junos OS platforms with "set policy-options rtf-prefix-list" configured, if upgrade to a specific version, the device might fail to validate its configuration which eventually causing rpd to crash unexpectedly due to a software fault.
PR Number Synopsis Category: Resource Reservation Protocol
1516657 RPD scheduler might slip after link flap
Product-Group=junos
On all Junos platforms with RSVP-TE configured, when a transit router carries a large number of LSP's (for example, 60k and higher) and all those LSPs undergo FRR (for example, when link carrying large number of LSP's flap) then, the rpd scheduler might slip and LDP session tear down might be observed after the link flap.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1542487 [chassisd] [troubleshooting_fru] : ptx5000 :: [FPC 1 Major Error and mustd Coredump]
Product-Group=junos
>> persist-groups-inheritance when enabled system maintains additional constraints database(cdg.db), Mustd core is seen while processing this cdg.db. When persist-groups-inheritance is not enabled must constraints are checked within the context of mgd itself and this is the reason why the workaround doesn't lead to coring. Enabling persist-groups-inheritance is a optimisation for scaled configuration using scaled uses of groups and wildcard groups. Persist-groups-inheritance hardening is done 19.4 onwards.
PR Number Synopsis Category: Virtual Router Redundancy Protocol
1526851 When SRX receives proxy ARP request on VRRP interface, SRX sends ARP reply with underlying interface MAC address
Product-Group=junos
On SRX Series devices with VRRP scenario, the proxy ARP reply uses interface MAC address instead of VRRP MAC address if the VRRP is configured on some IFL and the proxy-arp is configured on same IFL, traffic loss may occur.

 

 

Modification History:
2020-11-30 addendum to include fixed PRs that did not have enough information at the first publication
First publication 2020-11-11
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search