Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

19.2R3-S1: Software Release Notification for JUNOS Software Version 19.2R3-S1

0

0

Article ID: TSB17927 TECHNICAL_BULLETINS Last Updated: 03 Dec 2020Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 19.2R3-S1 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 19.2R3-S1 is now available.

19.2R3-S1 - List of Fixed issues
PR Number Synopsis Category: EX4300 PFE
1518929 ex4300: Redirected IP traffic is being duplicated
Product-Group=junos
On EX4300 platforms with IRB/L3 interface, the redirected traffic with the source from another subnet is getting duplicated.
1538401 LLDP adjacency might fail for non-AE interfaces on EX4300 platform
Product-Group=junos
On EX4300 platform, LLDP might not work on non-AE (Aggregated Ethernet) interfaces. However, it works fine for AE interfaces.
PR Number Synopsis Category: EX4300 CP general implementation
1498903 In some cases, if we have an OSPF session on the IRB over LAG interface with 40-Gigabit Ethernet port as member, the session gets stuck in restart.
Product-Group=junosvae
On the EX4300-48MP VC (Virtual Chassis), if the LAG (Link Aggregation Group) interface with member interfaces of 40G/100G is configured across the primary and the standby FPCs of the VC, the OSPF configured on the IRB (Integrated Routing and Bridging) interface over this LAG might be stuck in "ExStart" state. The issue impacts the establishment of the OSPF neighbor.
PR Number Synopsis Category: EX2300/3400 CP
1494712 Authentication session might be terminated if PEAP request is retransmitted by authenticator
Product-Group=junos
On all Junos platforms with 802.1X (dot1x) enabled, if Protected Extensible Authentication Protocol (PEAP) request is not replied by supplicant in default time interval, it could cause the authenticator to retransmit PEAP proposal method message with new Extensible Authentication Protocol (EAP) ID. The new EAP ID is different from EAP ID sent by authentication server. As a result, mismatching EAP ID issue could terminate authentication session. In the end, supplicant cannot access network. Please consider increasing 'supplicant-timeout' to prevent this issue from happening.
PR Number Synopsis Category: EX2300/3400 PFE
1427075 VC split after network topology changed
Product-Group=junos
In Virtual Chassis scenario, when the interfaces flaps or VLAN configuration is changed frequently, the network topology will be changed accordingly, then CPU utilization will be dramatically increased to very high within a short time, which might cause the failure of essential communications between VC primary and members. When the failure happens, FPC will automatically restart. As a result, VC is split and traffic is lost.
1472350 CoS 802.1p bits rewrite might not happen in Q-in-Q mode
Product-Group=junos
In EX2300/EX3400 platform with CoS rewrite scenario, if an 802.1p bits (single VLAN) rewrite is used for an SVLAN (outer VLAN) of Q-in-Q, the rewrite will do nothing. Due to the PFE can not parse the firewall rule for given filter match conditions. Therefore, some traffic processing does not work as customer's expectation. Note: EX4300 has no this issue.
1525373 "Drops" and "Dropped packets" counters in the output by "show interface extensive" are double counting.
Product-Group=junos
"show interface ..." command shows wrong values for the "Drops" and "Drop Packet" counters. The actual value is half of the display values.
PR Number Synopsis Category: QFX Multichassis Link Aggregrate
1525234 The dcpfe might crash when the ICL is disabled and then enabled
Product-Group=junos
On QFX5k platforms with MC-LAG (Multichassis Link Aggregation Groups) used, the dcpfe might crash when the ICL (Interchassis Link) is disabled and then enabled. Traffic loss might be seen during the dcpfe crash and restart.
PR Number Synopsis Category: QFX Access control list
1521763 Firewall "sample" configuration gives the warning as unsupported on QFX10002-36q and will not work.
Product-Group=junos
On QFX10002-36q, when inline-jflow is configured, the IPv4 firewall filter with 'sample' action gives a waring "unsupported platform" and will not work. On the other hand, the IPv6 firewall filter with 'sample' action will still work as expected.
PR Number Synopsis Category: QFX PFE L2
1496766 Flow control is enabled in PFE irrespective of interface configuration and the fix causes a very small amount of packet loss when a parameter related to an interface such as "interface description" on any port is changed.
Product-Group=junos
On QFX5120 and QFX5210 running JunosOS 18.4R2-S5, 18.4R2-S6, 18.4R3-S5, 19.3R3 releases, there will be a very small amount of packet loss when a parameter related to an interface such as "interface description" on any port is changed. When the parameter is changed, COS buffer modifications is checked. Even when there is no change in previous and present COS buffer state for port, COS buffer modifications is unnecessarily performed and is calling traffic block and unblock and causing a very small amount of packet loss. This will be fixed in the following releases. Junos OS 18.4R2-S7, 18.4R3-S6, 19.3R3-S1 and all subsequent releases.
1521324 The MAC address in the hardware table might become out of synchronization between the primary and member in Virtual Chassis after the MAC flaps.
Product-Group=junos
When MAC address moves over the member in Virtual Chassis, the MAC address's learning port in Internal Hardware MAC table may be out of sync between Primary and member and this may lead to misforwarding. This will be an extremely rare occurrence. If the issue happens, you can issue "clear ethernet-switching table " command to restore the communication.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1486632 System upgrade/installation might fail on QFX 5100-48T-6Q VC/VCF
Product-Group=junos
On QFX 5100-48T-6Q VC/VCF, RCP error might be seen while upgrading the system using "request system software add  no-validate" and system upgrade/ installation could fail. This issue happens if DCPFE cpu utilization is very high.
1528490 On the QFX5000 line of switches, the fxpc process might crash if the VXLAN interface flaps.
Product-Group=junos
On QFX5K platforms, if VXLAN enabled interfaces flap excessively in short period of time, PFE might crash.
PR Number Synopsis Category: Accounting Profile
1425544 The rt-delay-threshold can be set below 1 second but rt-marker-interval is limited to 1 second.
Product-Group=junos
The RT marker interval can be any value rating from 0.1 sec to 10.0 sec. The marker interval shall be configured in multiples of 100 msecs.
1505409 The DHCP subscribers might get stuck in the Terminated state for around 5 minutes after disabling cascade ports.
Product-Group=junos
On the Junos fusion provider edge with subscriber management configured, the DHCP subscribers might get stuck in terminated state for around 5 minutes after disabling cascade ports. After 5 minutes, the original sessions will be aging timeout automatically and then the subscribers can login again.
1509114 The pfed process might crash while running the show pfe fpc x command
Product-Group=junos
When the pfed is running on a 64 bit machine, it might crash after issuing the command "show pfe fpc x".
PR Number Synopsis Category: CoS support on ACX
1493518 On the ACX5048 and ACX5096 routers, the LACP control packets might be dropped due to high CPU utilization.
Product-Group=junos
On ACX5048/ACX5096 platforms, when one of the child links in AE goes down brings entire AE down due to high CPU.LACP control packets might get dropped as the port is blocked for a temporary period.
1522941 The show class-of-service interface command does not show classifier information.
Product-Group=junos
This is a display issue. Due to misread in PFE registers, classifier is not shown in "show class-of-service interface" output
PR Number Synopsis Category: Fireall support for ACX
1513998 In ACX platforms, the loopback filter cannot take more than 2 TCAM slices
Product-Group=junos
In ACX platforms, the loopback filter cannot take more than 2 TCAM slices. This is applicable when applying a long loopback filter with more than 512 entries
PR Number Synopsis Category: JUNOS kernel/ukernel changes for ACX
1481151 Optimizing pre-allocate memory of the RPD process on an ACX platform
Product-Group=junos
RPD memory chunk size is optimized for the ACX platform to reduce the memory footprint.
PR Number Synopsis Category: ACX GE, 10GE, PoE, IDT framers
1430009 The gigether-options command is enabled again under the interface hierarchy.
Product-Group=junos
gigether-options and ether-options both are support on ACX5k PR1430009 initially opened to remove gigether-options, now it has been reverted. Revert has been tracked in the same PR 1430009. Yes, latest fix of PR 1430009 has added back gigether-options
1523418 Interface not coming up with Auto-negotiation setting between ACX1100 and QFX/MX/ACX as other end
Product-Group=junosvae
Broadcom chipset Patch provided to address TD2+ and TD chip set address the remote fault issue.
PR Number Synopsis Category: a20a40 specific issue
1522130 PFE_FLOWD_SELFPING_PACKET_LOSS error messages reported for CP SPU
Product-Group=junos
Syslog reporting "PFE_FLOWD_SELFPING_PACKET_LOSS: Traffic impact: Selfping packets loss/err: 300 within 600 second" error messages in node 0 and node 1 control panel.
PR Number Synopsis Category: BBE multicast related issues
1536149 Multicast traffic might be sent out through unexpected interfaces with distributed IGMP enabled.
Product-Group=junos
On MX platforms with enabled subscriber services, if distributed IGMP is enabled on subscriber dynamic interfaces and there are static interfaces are configured on the same fpc, and fpc is reloaded or interfaces flapped, then multicast may get enabled on static interface and the multicast traffic may be sent out through unexpected interface.
PR Number Synopsis Category: Border Gateway Protocol
1517498 The rpd process might crash after deleting and then adding a BGP neighbor.
Product-Group=junos
In BGP scenario on all Junos platforms, after deleting and re-adding a BGP neighbor, the rpd might crash due to a rare timing issue.
1538491 Configuring 'then next-hop' and 'then reject' on a route policy for the same route might cause rpd crash
Product-Group=junos
On all Junos platforms with BGP enabled, if a policy is setting 'then next-hop' and 'then reject' at the same time for the same prefix, rpd crash might be seen. Like the following: set policy-options policy-statement xxx term 1 from route-filter xxx set policy-options policy-statement xxx term 1 then next-hop ... set policy-options policy-statement xxx term 2 then reject
PR Number Synopsis Category: BBE Remote Access Server
1405855 Subscriber accounting messages retransmissions exist even after configuring accounting retry 0.
Product-Group=junos
When accounting-retry 0 is configured under the [access radius-server ] stanza, MX still attempts to re-transmits/retries accounting message to the AAA accounting Server
1518016 The show network-access aaa subscribers statistics username "<>" command fails to fetch the subscriber-specific AAA statistics information if a subscriber username contains a space.
Product-Group=junos
Subscriber username with space in between is not displayed by [show network-access aaa subscribers statistics username "<>"] command
PR Number Synopsis Category: Firewall Filter
1395923 For Junos OS Releases 18.4R1 and 18.3R2, if IPv4 prefix is added on a prefix-list referred by IPv6 firewall filter, the following log message is not seen: Prefix-List [Block-Host] in Filter [Protect_V6] not having any relevant prefixes , Match [from prefix-list Block-Host] might be optimized.
Product-Group=junos
For Junos OS Releases 18.4R1 and 18.3R2, if IPv4 prefix is added on a prefix-list referred by IPv6 firewall filter, the following log message is not seen: Prefix-List [Block-Host] in Filter [Protect_V6] not having any relevant prefixes , Match [from prefix-list Block-Host] might be optimized.
PR Number Synopsis Category: JUNOS Dynamic Profile Configuration Infrastructure
1526934 Family IPv6 do not come up for the L2TP subscriber when additional attributes are not passed in the Framed-IPv6-Route VSA
Product-Group=junos
In DHCP/PPP Subscriber scenario with IPv6 dynamic-profile configured, all the additional attributes (route prefix, next-hop, metric, preference, tag) for IPv6 access route must be fully specified in dynamic-profile and passed via RADIUS server, otherwise family inet6 might not come up.
PR Number Synopsis Category: Ethernet OAM (LFM)
1500048 FPC crash might be observed with an inline mode with CFM configured.
Product-Group=junos
On the Junos platforms with inline mode CFM (Connectivity Fault Management) configured, if there are several CFM adjacencies flapping, due to the flaw in the CFM module to process the error-adjacencies messages, the FPC may crash alongside with NPC core-dump file generated. All services/traffic configured on the FPC will see outage till FPC recovers from an automatic reboot.
PR Number Synopsis Category: mgd, ddl, odl infra issues
1458345 "persist-groups-inheritance" causes the "mustd" process to crash and issues commit failure
Product-Group=junos
"persist-groups-inheritance" configuration option causes the "mustd" process to crash when one performs the "commit" action.
PR Number Synopsis Category: EVPN control plane issues
1530991 The rpd process might crash when auto-service-id is configured in the EVPN-VPWS scenario.
Product-Group=junos
On all Junos platforms with EVPN VPWS scenario, if auto-service-id is configured and the service IFL under VPWS instance is down, the rpd crash might be seen when any changes made to the configuration.
PR Number Synopsis Category: Sflow on qfx10k/ptx series PRs for defect & enhancement req
1521732 Output interface index in SFLOW packet is zero when transit traffic is observed on the IRB interface with VRRP enabled
Product-Group=junos
When VRRP is enabled on IRB interface and SFLOW is enabled on QFX10000 Series platforms, output interface Index in SFLOW packet will be zero for the traffic destined to VRRP MAC address.
PR Number Synopsis Category: Express PFE CoS Features
1531095 The MPLS EXP classifier might not work on QFX10K platforms
Product-Group=junos
On QFX10K platforms, the classification for incoming mpls traffic based on the EXP(experimental) bits might not take into effect, and instead the traffic will get classified based on the default setting, due to which packet loss could be observed.
PR Number Synopsis Category: Express PFE FW Features
1420057 On the PTX10008 and PTX5000 routers, the output of the show filter index < number> counter command shows value as zero at 28-02-HOSTBOUND_NDP_DISCARD_TERM.
Product-Group=junos
VTY command "show filter index < number> counter" showes values as zero at 28-02-HOSTBOUND_NDP_DISCARD_TERM on PTX5000 platform. Basically, the counter does not increase for NDP packets. The issue is only with "show filter index", which is a debug tool in VTY. This issue has no impact on NDP functionality for user traffic. There are no issues with NDP functionality and DDOS for NDP is also working,
PR Number Synopsis Category: Express PFE MPLS Features
1502385 The error message "mpls_extra NULL" might be seen during MPLS route add/change/delete operation
Product-Group=junos
On ACX, PTX and QFX platforms, after flapping MPLS routes, the error message "mpls_extra NULL" might be seen and the traffic might be impacted.
1515092 The routes update might fail upon the HMC memory issue and traffic impact might be seen.
Product-Group=junos
On PTX Series and QFX Series devices, in rare cases, HMC memory error might cause routes update failure and traffic impact on the Packet Forwarding Engine.
PR Number Synopsis Category: Internet Group Management Protocol
1520059 Packet loss might be observed while verifying traffic from access to core network for IPv4/IPv6 interfaces
Product-Group=junos
On EX2300-48T/EX2300-48P/EX2300-48MP, packet loss may be seen when L3 IPv4/IPv6 interface and route related configurations with IPv4/IPv6 unicast stream are configured. This issue might cause traffic drop. This issue happens if two different NH(Next Hop) IDs are programmed in the Hardware for same route but only one entry is maintained in the software.This issue is specific to 48 port EX2300 platforms and will not occur on other 12/24 ports EX2300, such as EX2300-24T, EX2300-24P, EX2300-24MP.
PR Number Synopsis Category: Kernel software for AE/AS/Container
1514146 The 100M SFP-FX is not supported on satellite device in Junos Fusion setup
Product-Group=junosvae
On satellite device in Junos Fusion setup, interfaces with 100M SFP-FX might not work properly.
PR Number Synopsis Category: ISIS routing protocol
1482983 The output of the "show isis interface detail" command might be incorrect if wide-metrics-only is enabled for IS-IS and the ASCII representation of the metric in decimal is more than 6 characters long
Product-Group=junos
If 'wide-metrics-only' is enabled for any IS-IS level and a metric configured on the IS-IS enabled interface for that level has ASCII representation in decimal more than 6 characters long, this interface's metric for that level will be merged with 'priority' field value in the output of 'show isis interface detail'.
1526447 The IS-IS LSP database synchronization issue might be seen while using the flood-group feature.
Product-Group=junos
On all Junos platform, when flood-group is configured on interface under isis, if isis LSPs time out and then come up, the device sends only self-generated LSPs and doesn't increment the LSP updates received from neighbor which flapped. This is causing LSP database out of synchronization issue.
PR Number Synopsis Category: jdhcpd daemon
1525052 Memory leak in jdhcpd might be seen if access-profile is configured under the dhcp-relay or dhcp-local-server statement.
Product-Group=junos
With access-profile being configured under "forwarding-options dhcp-relay" or "system services dhcp-local-server" stanza, there might be memory leak in jdhcpd when DHCP request is processed. The leaked memory size for each processing will be the number of bytes equal to the length of the access profile.
PR Number Synopsis Category: Adresses ALG issues found in JSF
1535356 The SCCP ALG does not work on SRX Series devices running with Junos OS Release 17.3R1 and onward
Product-Group=junos
On SRX Series devices running with Junos OS Release 17.3R1 and onward, the Skinny Client Control Protocol (SCCP) ALG does not work, which results in SCCP calls failure.
PR Number Synopsis Category: To track issues related to jsf tcp proxy
1502977 The downloads might permanently get stuck or not complete when TCP proxy is used on SRX Series devices.
Product-Group=junos
On SRX5K/SRX4600/SRX4200 and vSRX platforms, TCP-Proxy configuration might result in downloads becoming permanently stuck and/or not completing. TCP-Proxy is used by multiple services, including SkyATP in block mode, ICAP, SSL-Proxy, Anti-Virus, Content Filtering, and Anti-Spam.
PR Number Synopsis Category: Flow Module
1528898 A chassis cluster node might stop passing traffic.
Product-Group=junos
On SRX platforms, a node of chassis cluster might stop passing traffic. The traffic forwarding can be restored by a manual failover to Node1.
PR Number Synopsis Category: JSR Infrastructure
1479156 The vSRX may restart unexpectedly.
Product-Group=junos
The srxpfe process generates core files when a socket-open error occurs during the initialization phase. Self-healing takes place when the srxpfe reboots and starts processing traffic.
PR Number Synopsis Category: all logging related bugs on srx platforms
1521794 High RE CPU might be seen due to llmd process on branch SRX chassis clusters
Product-Group=junos
On SRX Series devices with chassis cluster, high CPU usage might be seen due to the llmd process.
PR Number Synopsis Category: Firewall Policy
1544554 The flowd/srxpfe process might crash when SRX/NFX device running on Junos OS 18.2R1 or above where the unified policy feature is supported
Product-Group=junos
On SRX Series device running on Junos OS 18.2R1 or above, or NFX Series device running on NextGen Junos OS, the unified policy feature is supported, the flowd/srxpfe might crash.
PR Number Synopsis Category: Firewall Module
1521325 The TCP packet might be dropped if syn-proxy protection enabled
Product-Group=junos
On SRX series devices, if TCP SYN flood protection is enabled with TCP SYN Proxy and the 3rd and 4th packet from the client arrive at the same time, then it can cause an SEQ error that may break the TCP connection.
PR Number Synopsis Category: IPSEC/IKE VPN
1438311 On vSRX3.0 instances, when ECMP routes are configured to load balance over multiple IPSec VPNs connected to a single multipoint tunnel interface, the traffic may not flow.
Product-Group=junos
On vSRX3.0 instances, when ECMP routes are configured to load balance over multiple IPSec VPNs connected to a single multipoint tunnel interface, the traffic may not flow. This issue applies to Junos OS Release 19.2R1 and higher releases.
1522017 The traffic might be dropped when IPSec VPN with NAT-T enabled
Product-Group=junos
On SRX platforms, when IPSec VPN is configured with NAT-T enabled and VPN tunnel is established between two peers, if traffic is received from peer during VPN rekey, the traffic might be dropped in the VPN tunnel.
PR Number Synopsis Category: Layer 2 VPN related issues
1503282 The MPLS label manager might allow configuration of a duplicated VPLS static label.
Product-Group=junos
On all JUNOS and all Junos EVO platforms, when configuring wrong static label-range or duplicated static labels for l2circuit or LDP-based VPLS, the instance will not be up.
PR Number Synopsis Category: lacp protocol
1366825 RG1 failover occurs when RG0 failover is triggered
Product-Group=junos
RG1+ which is configured for interface-monitor, might fail over to the other node if RG0 failover is triggered.
1463791 Member links state might be asychronized on a connection between the PE and CE devices in an EVPN active/active scenario.
Product-Group=junos
In EVPN multi-homed active/active scenario, when LACP is enabled on PE-CE child member links and after recovering from a core-isolation on the PE device, the PE-CE child member links might be stuck in Detached state if LACP sync-reset feature is enabled on the CE device. The child links on the CE device might show the LACP state as Collecting Distributing. However, on the PE devices, the LACP state might be shown as Detached.
1505523 The aggregated Ethernet interface sometimes might not come up after switch is rebooted.
Product-Group=junos
In Junos platforms with LACP and knob "minimum-links" enabled scenario, AE interface might not come up after the switch is rebooted or the AE interface is deactivated/activated. This is because the knob "sync-reset" is enabled. ("sync-reset" is enabled by default on QFX and EX platforms, and it only needs to use when the "minimal link" is not supported on one side of an LACP).
PR Number Synopsis Category: Label Distribution Protocol
1538124 The rpd process might crash when the LDP route with indirect next hop is deleted on the aggregated Ethernet interface.
Product-Group=junos
If the Label Distribution Protocol (LDP) route with indirect next-hop exists (e.g. LDP egress-policy is used to advertise BGP route into LDP), the rpd might crash when the LDP route is deleted from the AE interface.
PR Number Synopsis Category: SW PRs for MPC10E Interfaces
1491142 BCM8238X SerDes firmware did not complete tuning may be a false positive alarm.
Product-Group=junos
BCM8238X SerDes firmware did not complete tuning may be a false positive alarm.
PR Number Synopsis Category: Multiprotocol Label Switching
1448769 Deleting constituent-list used by an abstract-hop causes rpd crashed
Product-Group=junos
On MX, PTX and QFX platform, when MPLS traffic engineering (TE) and adminstrative group feature enabled, abstract-hop configuration need to be removed before deleting adminstrative group feature in order to avoid routing protocol daemon (rpd) crash issue.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1518898 The kernel might crash if a file/directory is accessed for the first time and is not created locally.
Product-Group=junos
On the Junos with Virtual Filesystem (VirtFS), if a file/directory is accessed for the first time and is not created locally, the kernel might crash and generate a vmcore file. Junos might reboot due to this issue.
1537696 Errors might be seen when dumping vmcore on EX2300/EX3400 series
Product-Group=junos
On EX2300/EX3400, the vmcore might not be available and the device might hang while trying to generate core files via the rescue kernel. This might be caused by the ARM dumper device supporting only a fixed 512 byte block size, rather than scaling to any block size. This might cause loss of debug ability for the device.
PR Number Synopsis Category: Kernel Stats Infrastructure
1508442 SNMP polling might return an unexpectedly high value for the ifHCOutOctets counter for a physical interface when any jnxDom OID is processed at the same time.
Product-Group=junos
When actual transmitted load is configured for interface as: set interfaces interface-transmit-statistics And ifHCOutOctets OID is polling together with any jnxDom OIDs for the same interface with time interval between pollings equal or less then one second, the resulted value of ifHCOutOctets may be unexpectedly high
1522561 OID ifOutDiscards reports zero and sometimes shows valid value.
Product-Group=junos
OID ifOutDiscards reports zero and sometimes shows valid value. user@router> show snmp mib get ifOutDiscards.514 | refresh 3 ---(refreshed at 2020-07-10 12:54:07 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:10 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:13 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:16 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:19 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:22 IST)--- ifOutDiscards.514 = 241974 ---(refreshed at 2020-07-10 12:54:25 IST)--- ifOutDiscards.514 = 241974 ---(refreshed at 2020-07-10 12:54:28 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:31 IST)--- ifOutDiscards.514 = 0
PR Number Synopsis Category: OSPF routing protocol
1525870 OSPFv3 adjacency should not be established when IPsec authentication is enabled
Product-Group=junos
On EX4300 platforms, the OSPFv3 configured with IPsec authentication after device reboots, the OSPFv3 adjacency should not be established, while do the same configuration before device reboots, the adjacency should be established.
PR Number Synopsis Category: Used for tracking OVSDB software issues and features
1518807 The vgd process might generate a core file when the OVSDB server restarts.
Product-Group=junos
On all Junos platforms that support OVSDB (Open vSwitch database), the vgd core might get generated when the OVSDB server is restarted. The vgd daemon restart after the core might cause traffic impact. This issue happens when OVSDB server is disconnected and the device (switch/router) sends some updates events to server.
PR Number Synopsis Category: Express Paradise PFE Sflow
1525589 Sampling with the rate limiter command enabled, crosses the sample rate 65535.
Product-Group=junos
'show sflow Interfaces' command displays wrong adaptive-sampling rates for rate limiter configuration. The display usually shows a sampling rate of more than 65535.
PR Number Synopsis Category: PTP related issues.
1527612 The transit PTP packet might be unexpectedly modified when passing through MPC2E-NG/MPC3E-NG/MPC5E
Product-Group=junos
If timestamping the packet at the physical layer (also known as PHY timestamping) is enabled for Precision Time Protocol (PTP), the transit PTP packets passing through the MPC2E-NG/MPC3E-NG/MPC5E might be modified to have huge value in Correction Field of the PTP packet even though there is not PTP port configured on these line cards. If the transit PTP packets are used for synchronizing downstream node, the clock frequency drift could be seen. The current fix in this PR is only applicable for G.8275.1 PTP profile.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1507044 The archival function might fail in certain conditions.
Product-Group=junos
If the archival function is enabled with the statement "routing-instance" and transfer mode is set as SFTP/SCP for archive-sites, it may not work and fail to transfer the files.
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1515487 The 100-Gigabit Ethernet AOC non-breakout port might be auto-channelized to other speed
Product-Group=junos
On QFX5k platform with QFX-5e image, if the 100G port is enabled with auto-channelization (which is by default) and the AOC (Active Optical Cable) non-breakout transceiver is used on it, the 100G port might be detected as breakout and auto-channelized to other speed (e.g. 50G). The interface connection will be impacted.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1454527 On the QFX5000 line of switches, the dcpfe process crashes due to the usage of data that is not null getting terminated.
Product-Group=junosvae
The dcpfe crash is due to usage of data which is not NULL terminated on QFX5K.
1508611 The fxpc may crash and restart with a fxpc core file created while installing image through ZTP
Product-Group=junos
On QFX5100/EX4600 Series platforms, the fxpc may crash sometimes while installing an image through ZTP.
1517030 The dcpfe (PFE) process might crash due to memory leak
Product-Group=junos
On all QFX5K/QFX3600/EX4600 series platform, if the 'dcpfe' process continuously detaches and reattaches port. For example, due to interface instability, it might cause memory leak. If all the memory is exhausted then the 'dcpfe' process crashes and linecard reboots.
1520956 QFX5100: cprod timeout triggers high CPU (100%)
Product-Group=junos
In QFX5100, you might get high CPU (100%) caused by cprod command timing out after the execution of the following command: % cprod -A fpc0 -c 'set dc bc "counter on"' Command timed out % root@jtac-qfx5100-48s-6q-r2320> start shell % top -SH last pid: 4369; load averages: 1.00, 1.00, 1.00 up 0+18:45:06 08:52:40 174 processes: 3 running, 150 sleeping, 21 waiting CPU states: 58.3% user, 0.0% nice, 41.4% system, 0.0% interrupt, 0.4% idle Mem: 839M Active, 109M Inact, 446M Wired, 419M Cache, 69M Buf, 36M Free Swap: 1106M Total, 1106M Free PID USERNAME PRI NICE SIZE RES STATE TIME WCPU COMMAND 1866 root 76 0 1255M 573M RUN 897:06 97.36% fxpc <<<<<<<<<<<<<<< 1857 root 40 0 100M 30456K select 6:28 0.10% chassisd root@jtac-qfx5100-48s-6q-r2320> show chassis fpc Temp CPU Utilization (%) CPU Utilization (%) Memory Utilization (%) Slot State (C) Total Interrupt 1min 5min 15min DRAM (MB) Heap Buffer 0 Online 38 100 0 0 0 0 1920 0 62 1 Empty 2 Empty
PR Number Synopsis Category: Filters
1514710 In the VXLAN configuration, the firewall filters might not be loaded into the TCAM with the following message due to TCAM overflow after upgrading to Releases 18.1R3-S1, 18.2R1, and later : DFWE ERROR DFW: Cannot program filter.
Product-Group=junos
n QFX5000/EX4600 platforms with VxLAN scenario, firewall filters loading failure might happen due to Ternary Content Addressable Memory(TCAM) overflow, which may cause traffic impact if the Junos version is upgraded to 18.1R3-S1 / 18.2R1 or higher. This is because IPACL VxLAN filter is introduced on that releases to replace regular IPACL for VxLAN VLANs. And after upgrade, IPACL VxLAN filter needs more entries in TACM compared with regular IPACL, which makes TCAM to overflow, and even traffic will be impacted.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1512712 Display issue, Virtual Chassis environment, Configured num-65-127-prefix value is shown incorrect for the command O/P "show chassis forwarding-options"
Product-Group=junos
Display issue, In a Virtual Chassis environment, Configured num-65-127-prefix value is shown incorrect for the command O/P "show chassis forwarding-options" for the FPC which is not local (Backup and line card members of the VC)
1525387 The ECMP and LAG hash polarization might happen if the "hash-parameters" knob is not configured
Product-Group=junos
On the QFX5K platforms without "hash-parameters" configured, hash polarization may happen on ECMP (Equal-cost Multipath) and LAG (Link Aggregation Group). Because of this, traffic load imbalance will be seen.
PR Number Synopsis Category: QFX EVPN / VxLAN
1510794 Multicast traffic loss is observed due to few multicast routes missing in the spine node
Product-Group=junos
In an EVPN-VXLAN scenario with scaled snooping configuration(for example, 100 vlan's with snooping enabled), traffic drops might be observed for multicast groups in few vlan's when "clear bgp sessions" is performed on all Spine devices.
1516653 The MAC learning might not work properly after multiple MTU changes on the access port in the VXLAN scenario
Product-Group=junosvae
On QFX5120 platform running with Virtual Extensible LAN protocol (VxLAN) scenario, if there are multiple iterations of MTU change on the access port which faces Customer Edge (CE) side, for example, 20 iterations under the scale with around 100 VLAN to VXLAN Network Identifier (VNI) mapping, the MAC learning on the access port might not be able to work properly due to this issue.
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1503421 The packets from a nonexisting source on the GRE or UDP designated tunnel might be accepted.
Product-Group=junos
On MX platforms with designated Generic Routing Encapsulation (GRE) or User Datagram Protocol (UDP) tunnel configured, if the reverse-path forwarding (RPF) check is enabled, when multiple routing instances are configured or updated at the same time, for example, multiple routing instances are deactivated and activated together, then RPF check might fail and packet from non-existing source on the tunnel might be accepted.
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1498377 The route entries might be unstable after being imported into inet6.x RIB via rib-group
Product-Group=junos
When inet6.x (such as 6.1/6.2/6.3, and so on) is used as a non-primary RIB by rib-group, the import function issue might cause the route entries not to be modified correctly for IPv6 format, it might lead the received routes not to be imported successfully into the inet6.x RIB of the routing protocols. Then the network reachability might be impacted.
PR Number Synopsis Category: Resource Reservation Protocol
1524736 The inter-domain LSP with loose next-hops path might get stuck in the Down state.
Product-Group=junos
In the scenario of inter-domain LSP with loose next-hops path, when expanding the loose hop at the Area Border Router (ABR) / Autonomous System Border Router (ASBR), the LSP might not come up properly if the incoming link of the LSP at the ABR/ASBR is an unnumbered interface.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1482400 The vmcore process crashes sometimes along with the mspmand process on MS-MPC/MS-MIC if large-scale traffic flows are processed
Product-Group=junos
With NAT/Stateful-firewall/TCP tickle (enable by default) configured on MS-MPC/MS-MIC, the vmcore crash sometimes along with mspmand crash might happen if large-scale traffic flows (e.g. million flows) are processed by it.
1489942 Prolonged flow control might occur with MS-MPC or MS-MIC.
Product-Group=junos
On MX platforms with MS-MPC/MS-MIC, if there are lots of self-generated packets like TCP-tickle and UDP-logging, there might be data congestion on the data path due to no throttling functionality for such types of packets. When the data path is blocked, prolonged flow-control might happen with the service interfaces being brought down and the PIC reboot. At the same time, the mspmand core file will be generated if dump-on-flow-control is enabled.
PR Number Synopsis Category: MX10003/MX204 Linux issues (including driver issues)
1492121 MX10003 might shut down itself automatically after system upgrade or downgrade
Product-Group=junosvae
On MX10003 platform, if system upgrade or downgrade is done from Junos 18.2R3, 18.3R3, 18.4R2, 19.1R2, 19.2R1, 19.3R1 and onwards releases to pre-18.2R3, pre-18.3R3, pre-18.4R2, pre-19.1R2, pre-19.2R1, and pre-19.3R1 releases, the system might detect incorrect temperature value and shut down itself automatically due to this issue.
PR Number Synopsis Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1525585 Addition and removal of an aggregated Ethernet interface member link might cause the PPPoE subscriber session and traffic to drop.
Product-Group=junos
On the MX platforms with enhanced subscriber management enabled, when adding/removing one of the member links with "down" status to/from two member links AE bundle on the same PFE (Packet Forwarding Engine), because of the incorrect CoS (Class of Service) queue update, the PPPoE subscribers traffic are mapped to an incorrect queue and get dropped over the AE bundle.
1539474 The accounting interim-updates for subscriber does not work after GRES and subsequent reboot of FPCs in the node-slicing setup.
Product-Group=junos
On MX with MPC5 and newer card installed, if node slicing and subscriber service are enabled, the radius accounting interim updates may not carry actual statistics after performing GRES of base system (BSYS) and subsequent reboot of FPCs.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1533767 PPE errors seem while processing OSPF multicast packet being sent through EVPN instance
Product-Group=junos
For multicast OSPF packets entering EVPN instance, these packets are being handled as transient packets, flood next-hop structure will be used to forward these packets to remote PE/CE. During the process of packet replication, it might encounter a lookup error causing "HW trap" and lookup thread will stop for this packet. If a packet hits this situation, a PPFE trap along with ttrace will be generated. Similar logs might be seen during such event : [LOG: Err] LUCHIP(0) PPE_1 Errors lmem addr error [LOG: Err] LUCHIP(0) PPE_2 Errors lmem addr error [LOG: Err] LUCHIP(0) PPE_7 Errors lmem addr error [LOG: Err] PPE Thread Timeout Trap: Count 3, PC 601c, 0x601c: set_oif_mtu [LOG: Err] PPE PPE HW Fault Trap: Count 343580, PC 6da, 0x06da: dmac_miss_check_ndp
1533857 FPC crash might be observed when the ASIC's NH memory exhausted in the EVPN-MPLS scenario
Product-Group=junos
On all MX/EX92xx platforms with EVPN-MPLS configured, NH (Next-Hop) memory leak in Trio ASIC happens whenever there is a route churn for remote MAC-IP entries learned bound to the IRB interface in EVPN-MPLS routing-instance. When the ASIC's NH memory partition exhausted (free% NH memory is close to 20% or below), which will result in the line card to reboot.
PR Number Synopsis Category: Issues related to port-mirroring functionality on JUNOS
1542500 Port mirroring with maximum-packet-length configuration does not work over GRE interface
Product-Group=junos
Port mirroring with maximum-packet-length configuration does not work over GRE interface on MX204. While constructing GRE header, the clipping aspect of inner packet was not accounted earlier. If the inner packet is truncated, the outer GRE header packet size must use the new size (clipped size) to calculate the total length of outer header.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1438144 ISSU fails from 19.1R1 legacy Junos release images.
Product-Group=junos
ISSU from 19.1R1 Legacy Junos images impact the commits on the device
PR Number Synopsis Category: VNID L2-forwarding on Trio
1517591 no-arp-suppression is required for MAC learning across the EVPN domain on the static VTEP.
Product-Group=junos
On MX platform, with Ethernet VPN and Virtual Extensible LANs (EVPN-VXLAN) implemented, Address Resolution Protocol (ARP) requests received on VXLAN tunnel endpoint (VTEP) might not forward to customer edge (CE) side or Proxy ARP role on VTEP might not work properly. This issue could happen when knob 'no-arp-suppression' is disabled under EVPN instance combined with static VXLAN implementation. Please refer to workaround provided when this issue hit.
PR Number Synopsis Category: VSRX platform software
1524243 The control link may be broken when there is excessive traffic load on the control link in vSRX cluster deployment
Product-Group=junosvae
In the vSRX2.0 cluster running on KVM, when there is excessive traffic load on the control link (em0 link), the error message kernel: em0: watchdog timeout on queue 0 might be shown in the syslog. This interruption might cause the cluster control link to fail and dynamic routing protocols not to work properly.
 

19.2R3-S1 - List of Known issues
PR Number Synopsis Category: Marvell based EX PFE ACL
1434927 The FPC crashes with pfem generating core file might be seen if large-scale number of firewall filters are configured.
Product-Group=junos
On EX Series switches, If you are configuring a large-scale number of firewall filters on some interfaces, the FPC might crash and generate core files.
PR Number Synopsis Category: Marvell based EX PFE L2
1538482 The LLDP neighborship with the VoIP phones can't be established
Product-Group=junos
On EX4300 platforms, the LLDP (Link Layer Discovery Protocol) neighborship with the VoIP (Voice over Internet Protocol) phones can't be established when LLDP is configured on the PoE (Power over Ethernet) enabled port on EX4300 and connects to the VoIP Phone.
PR Number Synopsis Category: Marvell based EX PFE MISC
1232403 HSRPv2 IPV6 packets might get dropped if IGMP-snooping is enabled.
Product-Group=junos
On EX Series switches except EX4300/EX4600/EX9200, an interface is configured for single vlan or multiple vlans, if all these vlans of this interface have igmp-snooping enabled, then this interface will drop HSRPv2 (Hot Standby Router Protocol for IPv6) packets. But if some vlans do not have igmp-snooping enabled, then this interface is working fine.
PR Number Synopsis Category: EX9200 Platform
1448368 On the EX9214 device, the following error message are observed after reboot and MACsec-enabled link flaps: errorlib_set_error_log(): err_id(-1718026239).
Product-Group=junos
On the EX9214 device, if the MACsec-enabled link flaps after reboot, the error "errorlib_set_error_log(): err_id(-1718026239)" is observed.
PR Number Synopsis Category: NFX Series Platform Software
1462556 Junos OS: NFX350: Password hashes stored in world-readable format (CVE-2020-1669)
Product-Group=junos
The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. Refer to https://kb.juniper.net/JSA11066 for more information.
PR Number Synopsis Category: QFX PFE L2
1494072 On the QFX5200 line of switches, the MAC learning rate is degraded by 88 percent.
Product-Group=junos
Juniper's qfx-5k products were originally using vendor's SDK handling mac learning. At some point, Juniper introduced its own DMA software for mac learning, which had improved learning rate by 50% or so. As the rest vendor's SDK software advanced over time, the mix of vendor's and Juniper's software had caused some sever mac learning stability issue. Mac learning may be stuck at some conditions. Decision has been made to re-align all software back to vendor's general SDK uniformly. This has solved the stability issue as tested extensively. At the expense, the mac learning rate is cut by about 50%, back to original rate.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1407175 On the QFX-5100 Virtual Chassis or Virtual Chassis Fan, the following error is observed in the hardware with the mini-PDT base configurations: BRCM_NH-,brcm_nh_bdvlan_ucast_uninstall(), 128:l3 nh 6594 unintsall failed.
Product-Group=junos
On QFX5100 Virtual Chassis or Virtual Chassis Fabric, when the mini-PDT-base configuration is issued, the following error message is seen in the hardware: BRCM_NH-,brcm_nh_bdvlan_ucast_uninstall(), 128:l3 nh 6594 unintsall failed. There is no functionality impact because of this error message.
1500508 On the QFX5100 Virtual Chassis or Virtual Chassis fan, traffic loss on multiple traffic streams is observed after reboot and the interfaces of the Virtual Chassis node flaps.
Product-Group=junos
On QFX5100 VC/VCF : Observing traffic loss on multiple traffic streams after reboot and flapping the interfaces of the VC node
PR Number Synopsis Category: CoS support on ACX
1488935 The queue statistics are not as expected after configuring the physical interface and logical interface shaping with the transmit rate and scheduler-map.
Product-Group=junos
On ACX platforms with shaping configured, after deactivating and activating CoS the shaping might not work and traffic drop would appear. Not fixed on 19.2R3-S1. Fixed in higher releases.
PR Number Synopsis Category: Argus Platform issues
1480217 On the ACX6360 router, the disk usage might keep increasing.
Product-Group=junos
On PTX1000/ACX6360 Series platforms, the vmhost disk usage might keep increasing due to an incorrect sensor path.
PR Number Synopsis Category: MX Layer 2 Forwarding Module
1546631 MAC learning issue might happen when EVPN-VXLAN is enabled
Product-Group=junos
On MX platform, with Ethernet VPN and Virtual Extensible LANs (EVPN-VXLAN) implemented, Address Resolution Protocol (ARP) requests received on VXLAN tunnel endpoint (VTEP) might not forward to customer edge (CE) side or Proxy ARP role on VTEP might not work properly. This issue could happen when knob 'no-arp-suppression' is disabled under EVPN instance combined with static VXLAN implementation. Please refer to workaround provided when this issue hit.
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1516556 The remaining BFD sessions of the aggregated Ethernet interface flap continuously if one of the BFD sessions is deleted.
Product-Group=junos
On QFX10k platforms, if multiple sub-interfaces of the same AE (Aggregated Ethernet) interface are belonged to different routing instances, and these sub-interfaces are configured with the same IP address and configured with separate BFD (Bidirectional Forwarding Detection) sessions, the remaining BFD sessions will flap continuously if one of these BFD sessions is deleted.
1518106 The BFD sessions might flap continuously after disruptive switchover followed by GRES.
Product-Group=junos
Disruptive switchover (no GRES or NSR configured) can lead to stale PPM (Periodic Packet Management) entries programmed on the new primary RE, if both GRES and NSR are activated after disruptive switchover and then a GRES switchover is performed, BFD sessions might flap continuously.
1522261 BFD with authentication for BGP flaps after GRES or NSR switchover on the NG-RE and SCBE2 setup.
Product-Group=junos
On the devices with NG-RE (Next Generation Routing Engine) and SCBE2 (Enhanced Switch Control Board), when BFD authentication for BGP is enabled, the BFD may flap after the NG-RE switchover. The switchover should be GRES or NSR switchover. After the flap, the device could be self recovery.
PR Number Synopsis Category: Border Gateway Protocol
1456260 Packet drop and CPU spike on Routing Engine might be seen in certain conditions if labeled-unicast protection is enabled for a CsC-VRF peer.
Product-Group=junos
On all Junos OS platforms under carrier supporting carrier (CsC) scenario, when PE link protection (labeled-unicast protection) is enabled, after one of the redundant links between CsC-CE flap or RSVP-TE LSP re-route from the primary path happens, it might result in slow convergence issue. Packets drop and CPU spike on the Routing Engine might be seen during this period.
1523075 BGP session with VRRP virtual address used might not come up after a flap
Product-Group=junos
When VRRP virtual address is configured and used to set up a BGP session with the remote side, under rare timing conditions, BGP peer establishment may get rejected repetitively.
PR Number Synopsis Category: BGP Openconfig and Sensor
1505425 The rpd process might crash in case of a network churn when the telemetry streaming is in progress.
Product-Group=junos
On all Junos OS platforms with the Juniper Telemetry Interface configured, the rpd might crash when there is telemetry streaming is in progress and meanwhile there is a network churn. This is a timing issue, and the rpd recovers automatically.
PR Number Synopsis Category: build and packaging related PRs and features using WRL Yocto
1470217 The router might become nonresponsive and bring the traffic down when the disk space becomes full.
Product-Group=junos
On the PTX10001/ACX6360 platforms, the unionfs filesystem may get full on vmhost, this bacause there is a mail package in the WRlinux 8 continue to fill the mail logs into the unionfs filesystem. This issue will cause the router to hand and bring traffic down.
PR Number Synopsis Category: QFX Control Plane VXLAN
1538117 evpn/vxlan registers mac-move counters under "system statistics bridge" even though there is no actual mac-move for MH (multi-home) clients
Product-Group=junos
dev to add content
PR Number Synopsis Category: Device Configuration Daemon
1539991 The logical interface might flap after adding or deleting native VLAN configuration
Product-Group=junos
On EX/QFX platforms, the unrelated logical interface on a physical interface would flap when adding or deleting native VLAN configuration on the physical interface.
1544257 Subscribers might logout then login after loopback address is changed
Product-Group=junos
On MX platform, under subscriber environment and unnumbered IP address borrowed from the loopback interface configured on Demux interface and Aggregated Ethernet (AE) interface, subscriber session might flap if IP address of the loopback interface IP is changed. Please refer to workaround provided when this issue hit.
PR Number Synopsis Category: CoS support on DNX
1427148 Rio-X: RLI-39176: ACX5448-D: Tail Drop packet counters are not available even though tail-drop is the default behavior
Product-Group=junos
There is no Support on separate counters for tail-dropped packets. Counters are reflected as part of RED-dropped packets.
PR Number Synopsis Category: DNX VPLS
1532995 Memory leak in Local OutLif in VPLS/CCC topology
Product-Group=junos
In a VPLS/CCC topology with core link protection when one of the core link flaps or the remote CE flaps "Local OutLif" leak happens. Local OutLif Total entries: 196608 Used entries: 33335 Lowest entry: 0(0x0) /*Initially when vpls is up */ Local OutLif Total entries: 196608 Used entries: 33303 Lowest entry: 0(0x0) /*When VPLS is down*/ Local OutLif Total entries: 196608 Used entries: 33337 Lowest entry: 0(0x0) /*When VPLS is up again*/
PR Number Synopsis Category: Manageability for Node Virtualization
1524766 Dvaita JDM[Ubuntu 18.04.4] Commit is Successful while Deactivating CB0/CB1 interfaces with GNF's running
Product-Group=junosvae
When a user tries to delete/deactivate cb0/cb1 interfaces while GNFs are running, commit failure is expected but the commit may succeed even though following (correct) error message gets displayed: "cb0/cb1 interfaces cannot be deleted while 'system commit synchronize' is configured"
1527322 Dvaita JDM: Commit Error Messages are coming twice while validating physical-cores knob
Product-Group=junosvae
Commit error messages get printed twice while validating physical-cores knob for GNFs.
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1520078 Unable to create a new VTEP interface.
Product-Group=junos
In all platforms with VXLAN Static VTEP tunnels scenario (including Static VXLAN without EVPN), after RE switchover or restart of l2-learning, if create a new VTEP interface, the interface may not work.
1535515 All the ARP reply packets towards to some address are flooded across the entire fabric
Product-Group=junos
In the EVPN-VXLAN scenario, if the spine has irb and the leaves don't have irb, and the leaves have multi-home interfaces, the ARP reply packets flooding across the entire fabric might be seen.
PR Number Synopsis Category: Express PFE FW Features
1420560 On the PTX3000 routers, the firewall counter for lo0 does not increment.
Product-Group=junos
Issue will not be fixed in 19.1 release, will be fixed in subsequent releases.
1537390 Unable to see the firewall counters after configuring traffic-class-count as firewall filter action.
Product-Group=junos
Traffic-class-counter are fetch counters, one counter request is sent down and 15 responses are received. Here Counter configured is ipv4-count, this spawns into 15 counters while disapplying , but individual counter are not defined in firewall. Counter is not defined with traffic-class-cnt0. As there are no pass logs for this attempted show cli, so this is behaving in the same manner since day-1. Also There is no documentation provided which concludes if the counter which has been spawned internally but not configured explicitly, should fetch the results. The functionality is working as expected as we are seeing the proper result for show firewall cli, but show cli with non explicitly configured counter will not fetch any result.
PR Number Synopsis Category: Express PFE L2 fwding Features
1491161 On the QFX10002-60C switches with MSTP scale that has 2 interfaces, 64 instances, and 3840 VLANs in which each MSTI is associated with 60 VLANs, traffic loss is observed.
Product-Group=junos
Traffic loss on QFX10002-60C with MSTP Scale - 2 interfaces, 64 instances and 3840 vlans in which each msti is associated with 60 vlans
PR Number Synopsis Category: ISIS routing protocol
1463650 IS-IS IPv6 multi-topology routes might flap every time when there is an unrelated commit under protocol stanza
Product-Group=junos
With multi-topology enabled in ISIS globally hierarchy level, if some ISIS interfaces don't have IPv6 address, all ISIS IPv6 routes flap when committing any change under protocol stanza (e.g. 'protocol pim traceoption').
PR Number Synopsis Category: Flow Module
1467654 TCP session cannot time out properly upon receiving the TCP RESET packet, and the session timeout does not change to two seconds.
Product-Group=junos
TCP session cannot time out properly upon receiving the TCP RESET packet, and the session timeout does not change to 2 seconds.
1541954 Rst-invalidate-session does not work if configured together with no-sequence-check
Product-Group=junos
On SRX Series platforms, the "rst-invalidate-session" does not work if configured together with no-sequence-check. It might result in a TCP connection unestablished.
PR Number Synopsis Category: JSR Infrastructure
1484872 JFlow/IPFix - tracking pr for fixing crash when sampling is more than 65535
Product-Group=junos
There was a crash when setting the sampling rate more than 65535, this is since fixed. set forwarding-options sampling instance s1 input rate 70000
PR Number Synopsis Category: Firewall Policy
1454907 Traffic might be dropped when policies are changed in SRX Series devices
Product-Group=junos
If a huge number of policies are configured on SRX Series devices and some policies are changed, the traffic that matches the changed policies might be dropped.
PR Number Synopsis Category: IPSEC/IKE VPN
1517262 The flowd might crash in IPsec VPN scenario
Product-Group=junos
On SRX platforms with IPsec VPN configured, the flowd might crash during the IPsec VPN rekey window. The traffic/service might be impacted if hitting this issue.
PR Number Synopsis Category: Layer 2 Control Module
1532992 [xstp] [xstptag] :: EX4300:: PDT :: Complete traffic drop seen on configuring MSTP edge port over access and QinQ ports
Product-Group=junos
In a qinq configuration xSTP should not be enabled on interface having ifls with vlan-id-list configured. If xSTP is enabled on such interface, it will only run on ifl whose vlan-id range includes native-vlan-id configured and all other ifls of this interface will in discarding state. So, user should not enable xSTP on these kind of interfaces. Sample configuration which is not allowed: set interfaces ge-0/0/1 flexible-vlan-tagging set interfaces ge-0/0/1 native-vlan-id 3000 set interfaces ge-0/0/1 encapsulation extended-vlan-bridge set interfaces ge-0/0/1 unit 2000 vlan-id-list 1-200 set interfaces ge-0/0/1 unit 2000 input-vlan-map push set interfaces ge-0/0/1 unit 2000 output-vlan-map pop set vlans csvlan1 interface ge-0/0/1.2000 set protocols mstp interface ge-0/0/1
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1534796 High rate of ARP or NS packets might be observed between a device that runs Junos OS and host when the device that runs Junos OS receives an ARP or NS packet on an interface in transition.
Product-Group=junos
On Junos device in EVPN scenario, if an interface is in transition status and an ARP request is received on the interface from a host, the Junos device may send out re-arp out towards the host, and the host responds to this re-arp and the Junos device sends another re-arp in response to this arp reply from host. This goes forever causing high rate of arp packets until the interface comes up. This issue is also applicable to ND/NS in IPv6 environment.
PR Number Synopsis Category: Fabric Manager for MX
1451958 On MX Series, the dropped packets are seen on MQ/XM-based MPCs, although there is no traffic flowing through the system.
Product-Group=junos
After fixing PR 1338647, Error dropped packets are seen on MQ/XM based MPC cards, though there is no traffic flowing through the system.
1482124 Fabric healing logic incorrectly makes all MPC line cards go offline in the MX2000 router while the hardware fault is located on one specific MPC line card slot.
Product-Group=junos
In specific MPC hardware failure conditions within the MX2K platform, fabric healing will attempt to auto-heal the fault location in 3 phases to prevent traffic blackholing. If under such fault conditions only destination timeouts are reported without corresponding link errors, the fabric healing process might restart all MPCs in phase-2 in an auto-healing attempt and if the error condition appears again within 10 minutes the last phase-2 might offline all MPCs in the system.
PR Number Synopsis Category: IDS features available on MS-MPC/MIC
1527236 After applying ids-rules to service-set, high session rate is observed even without any DDos traffic
Product-Group=junos
On MX platforms with MS-MIC/MS-PIC, if applying IDS filter and reaching high CPU state, the session rate stay high even without any DDos traffic which may lead to dropping of new session requests.
PR Number Synopsis Category: Microkernel for neo mpc
1538131 JDI-RCT:M/Mx: NPC crashed @ cmtfpc_mic_neo_state_check (mic_env=< optimized out>, mic_slot=< optimized out>) at ../../../../src/pfe/common/applications/cmt/jam/cmtfpc_pic_npc_jam.c:4808
Product-Group=junos
This issue is due to Thread hogging for 2.5s after ISR registration during ISSU done phase causing a core at FPC. FPC will get rebooted with ISR registration again during normal init. This issue is specific to "3D 20x 1GE(LAN)-E,SFP" and "3D 20x 1GE(LAN)-EH,SFP" MIC types.
PR Number Synopsis Category: PE based L3 software
1500798 BFD sessions flap after deactivating or activating the aggregated Ethernet interface or executing GRES.
Product-Group=junos
On QFX10008 platforms, if the BFD is configured over an AE interface (member link across multiple FPCs), deactivating/activating the AE interface or executing GRES will cause the BFD sessions to flap.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1520144 SNMP trap of power failure might not be sent out
Product-Group=junosvae
On QFX5K platforms, the SNMP trap of power failure might not be sent out when power cable is removed from PSU, and the output of CLI command 'show chassis environment' would not display the information of the power failure.
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1518305 JDI-RCT: qfx5200-32c-32q : dcpfe core occured at ../../../../../src/pfe/common/drivers/dc-bcm-pic/dcbcm_drv.c after config remove/restore with mpls profile config
Product-Group=junos
Fix is being validated on many scenarios through PR-1484336,
PR Number Synopsis Category: QFX VC Infrastructure
1497563 Virtual Chassis is not stable with 100-Gigabit Ethernet and 40-Gigabit Ethernet interfaces.
Product-Group=junos
In QFX5110 platform with Virtual Chassis (VC) scenario, VC might not get formed and can cause traffic loss if the 100G VCP ports are deleted and created, or changed from 40G to 100G or vice-versa. For the reason is that Forward Error Correction (FEC) should not be enabled when the physical interface is working as a VCP port.
PR Number Synopsis Category: RPD Interfaces related issues
1469873 With the BGP rib-sharding and update-threading, traffic drops 100 percent in the BGP Layer 3 VPN streams, post the removal or restoration configuration.
Product-Group=junos
This issue observed with BGP rib-sharding and update-threading configuration which has SCALE VRFs and below steps are performed. 1. Delete all VRFs. 2. Rollback or reconfigure the same VRFs immediately. The issue can also be seen if the above steps are performed directly or indirectly such as loading configuration which doesn't have VRFs and rollbacking immediately.
PR Number Synopsis Category: Resource Reservation Protocol
1498457 The rpd process crashes at rsvp_ing_rt_nh_remove_path, rsvp_delete_ing_path, and rsvp_delete_lp_headend_route after routing restarts.
Product-Group=junos
RPD process may dump core while performing "restart routing" if there are LSPs that are unprotected & without secondary paths.
1516657 RPD scheduler might slip after link flap
Product-Group=junos
On all Junos platforms with RSVP-TE configured, when a transit router carries a large number of LSP's (for example, 60k and higher) and all those LSPs undergo FRR (for example, when link carrying large number of LSP's flap) then, the rpd scheduler might slip and LDP session tear down might be observed after the link flap.
PR Number Synopsis Category: jflow/monitoring services
1517646 The srrd process might crash in a high route churns scenario or if the process flaps.
Product-Group=junos
On all Junos platforms with inline Jflow enabled, the sampled route reflector process (srrd) might crash in a scenario where there are high route churns or flaps in the system. This is a rare timing issue and due to the crash Jflow export might report older routes information for sometime.
PR Number Synopsis Category: MX10003/MX204 Platform SW - Chassisd s/w defects
1464879 The following constant messages flooding in log is observed: summit_pic_port_profile_isvalid: VALID Port profile.
Product-Group=junos
constant messages flodding in log: summit_pic_port_profile_isvalid: VALID Port profile These messages are cosmetic messages and don't have any service impact
PR Number Synopsis Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1523902 The PADI packets might be dropped when the interface encapsulation VPLS is set along with accepted protocol configured as PPPoE.
Product-Group=junos
On the MX platforms with the PPPoE subscriber management enabled, the PADI packets might get dropped when interface encapsulation VPLS is set along with accepted protocols configured as PPPoE in auto-configure dynamic profiles. This issue will cause the PPPoE subscribers can not access service.
1529602 In the subscriber management environment, the RADIUS interim accounting records does not get populated with the subscriber statistics.
Product-Group=junos
In subscriber management environment, RADIUS interim accounting records are not populated with the subscriber statistics after system reboot. In this case, the MAC of the routing engine is not learned by the nextgen-stats manager on the PFE. Use the following command to verify the problem. "request pfe execute target fpc0 command "show nextgen-stats manager" Nextgen Manager microcode stats: ================================== Interim stats push from ASIC supported : Yes Is ucode running : Yes configured values: gen num : 17 interval slow : 300000 ms interval fast : 60000 ms callout period : 1 ms vlan_re0 : 0 vlan_re1 : 2 ip re0 : 0x80000001 ip re1 : 0x80000006 mac re0 : 0x000000000000 <-----------not programmed mac re1 : 0x020100000005 <----------- programmed src ip : 0x8000001b version : 0 member id : 0
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1501014 Traffic to VRRP virtual IP or MAC addresses might be dropped when ingress queuing is enabled.
Product-Group=junos
On MX platforms with any MPC in enhanced network-service mode, if VRRP is configured on AE interface, after 'set chassis fpc X pic X traffic-manager mode ingress-and-egress' is enabled, traffic sent to virtual IP/MAC might be dropped and the forward traffic will be affected.
Modification History:
First publication 2020-12-03
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search