Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles19.3R3-S1: Software Release Notification for JUNOS Software Version 19.3R3-S1
Junos Software service Release version 19.3R3-S1 is now available.
19.3R3-S1 - List of Fixed issuesPR Number | Synopsis | Category: EX4300 PFE |
---|---|---|
1518929 | On the EX4300 device, the redirected IP traffic is being duplicated. Product-Group=junos |
On EX4300 platforms with IRB/L3 interface, the redirected traffic with the source from another subnet is getting duplicated. |
1538401 | LLDP neighborship might not come up on EX4300 non-aggregated Ethernet interfaces. Product-Group=junos |
On EX4300 platform, LLDP might not work on non-AE (Aggregated Ethernet) interfaces. However, it works fine for AE interfaces. |
1548858 | The targeted-broadcast feature may not work after a reboot Product-Group=junos |
On EX4300 Series platforms, the targeted-broadcast feature may not work after a reboot. It can be seen that no target-broadcast packets are received on the targeted-broadcast interface. |
PR Number | Synopsis | Category: EX4300 Platform implementation |
1502467 | The mge interface might still stay up while the far end of the link goes down. Product-Group=junos |
On EX4300-48MP platforms which support multi-rate gigabit ethernet (mge) interfaces, if a mge interface which is located within port range 24-47 is connected with some specific devices (e.g. a bypass module from DELL), when the far end of the link goes down, the mge interface might still stay up due to this issue. It will lead to traffic drop when sending traffic via the affected link. |
PR Number | Synopsis | Category: EX2300/3400 CP |
1494712 | The authentication session might be terminated if the PEAP request is retransmitted by an authenticator. Product-Group=junos |
On all Junos platforms with 802.1X (dot1x) enabled, if Protected Extensible Authentication Protocol (PEAP) request is not replied by supplicant in default time interval, it could cause the authenticator to retransmit PEAP proposal method message with new Extensible Authentication Protocol (EAP) ID. The new EAP ID is different from EAP ID sent by authentication server. As a result, mismatching EAP ID issue could terminate authentication session. In the end, supplicant cannot access network. Please consider increasing 'supplicant-timeout' to prevent this issue from happening. |
PR Number | Synopsis | Category: EX-Series VC Infrastructure |
1527170 | On the EX4650 device, the following error message is observed during booting: kldload: an error occurred while loading the module. Product-Group=junos |
EX4650 prints the following messages during booting. The message does not have any effect on the feature or functionality hence can be safely ignored. --------------------------------------------------------- bcmsdk_5_9_x kldKLD bcmsdk_5_9_x.ko: depends on acb - not available or version mismatch linker_load_file: Unsupported file type kldload: an error occurred while loading the module. Please check dmesg(8) for more details. --------------------------------------------------------- pci-hgcomdev module loaded[: missing ] [: missing ] hw.dcf.flex_nonflex: 0 -> 0 kern.timecounter.hardware: TSC-low -> TSC-low *** Creating PVIDb..\n 894+0 records in 894+0 records out 464880 bytes transferred in 0.005812 secs (79986098 bytes/sec) ln: /usr/lib/dd/filter/libschema-filter-dd.tlv: File exists Copied libschema-filter-dd.tlv to /usr/lib/dd/filter\n Executing the Junos host files signature script Verified manifest signed by PackageDevelopmentECP256_2020 method ECDSA256+SHA256 [: missing ] mount_cd9660: /dev/gpt/junos: Invalid argument bcmsdk_5_9_x kldKLD bcmsdk_5_9_x.ko: depends on acb - not available or version mismatch <<<<<<<<<<<<<<<<<<<<<<<<<< linker_load_file: Unsupported file type <<<<<<<<<<<<<<<<<<<<<<<<<< kldload: an error occurred while loading the module. Please check dmesg(8) for more details. <<<<<<<<<<<<<<<<<<<<<<<<<< Junosprocfs mounted on /junosproc. @ 1594871283 [2020-07-16 03:48:03 UTC] mgd start Creating initial configuration: ... mgd: Running FIPS Self-tests veriexec: no fingerprint for file='/sbin/kats/cannot-exec' fsid=212 fileid=49356 gen=1 uid=0 pid=7174 mgd: FIPS Self-tests Passed ------------------------------------ |
PR Number | Synopsis | Category: QFX Access control list |
1521763 | Firewall "sample" configuration gives the warning as unsupported on QFX10002-36q and will not work. Product-Group=junos |
On QFX10002-36q, when inline-jflow is configured, the IPv4 firewall filter with 'sample' action gives a waring "unsupported platform" and will not work. On the other hand, the IPv6 firewall filter with 'sample' action will still work as expected. |
PR Number | Synopsis | Category: QFX PFE L2 |
1496766 | Flow control is enabled in PFE irrespective of interface configuration and the fix causes a very small amount of packet loss when a parameter related to an interface such as "interface description" on any port is changed. Product-Group=junos |
On QFX5120 and QFX5210 running JunosOS 18.4R2-S5, 18.4R2-S6, 18.4R3-S5, 19.3R3 releases, there will be a very small amount of packet loss when a parameter related to an interface such as "interface description" on any port is changed. When the parameter is changed, COS buffer modifications is checked. Even when there is no change in previous and present COS buffer state for port, COS buffer modifications is unnecessarily performed and is calling traffic block and unblock and causing a very small amount of packet loss. This will be fixed in the following releases. Junos OS 18.4R2-S7, 18.4R3-S6, 19.3R3-S1 and all subsequent releases. |
1521324 | The MAC address in the hardware table might become out of synchronization between the master and member in Virtual Chassis after the MAC flaps. Product-Group=junos |
When MAC address moves over the member in Virtual Chassis, the MAC address's learning port in Internal Hardware MAC table may be out of sync between Master and member and this may lead to misforwarding. This will be an extremely rare occurrence. If the issue happens, you can issue "clear ethernet-switching table " command to restore the communication. |
PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
1486632 | System upgrade/installation might fail on QFX 5100-48T-6Q VC/VCF Product-Group=junos |
On QFX 5100-48T-6Q VC/VCF, RCP error might be seen while upgrading the system using "request system software add no-validate" and system upgrade/ installation could fail. This issue happens if DCPFE cpu utilization is very high. |
PR Number | Synopsis | Category: QFX VC Datapath |
1519893 | On QFX5120 and QFX5210 platforms unexpected storm control events might happen Product-Group=junosvae |
On QFX5120 and QFX5210 platforms unexpected storm control events might happen. A new knob on the fixed versions is required to avoid this behavior: set forwarding-options storm-control enhanced |
PR Number | Synopsis | Category: Accounting Profile |
1505409 | The DHCP subscribers might get stuck in terminated state for around 5 minutes after disabling cascade ports. Product-Group=junos |
On the Junos fusion provider edge with subscriber management configured, the DHCP subscribers might get stuck in terminated state for around 5 minutes after disabling cascade ports. After 5 minutes, the original sessions will be aging timeout automatically and then the subscribers can login again. |
PR Number | Synopsis | Category: CoS support on ACX |
1493518 | On the ACX5048 and ACX5096 routers, the LACP control packets might be dropped due to high CPU utilization. Product-Group=junos |
On ACX5048/ACX5096 platforms, when one of the child links in AE goes down brings entire AE down due to high CPU.LACP control packets might get dropped as the port is blocked for a temporary period. |
PR Number | Synopsis | Category: JUNOS kernel/ukernel changes for ACX |
1481151 | Memory utilization enhancement is needed. Product-Group=junos |
RPD memory chunk size is optimized for the ACX platform to reduce the memory footprint. |
PR Number | Synopsis | Category: ACX GE, 10GE, PoE, IDT framers |
1523418 | Interface does not come up with the autonegotiation setting between ACX1100 routers and QFX Series switches, MX Series routers, and ACX Series routers as the other end. Product-Group=junosvae |
Broadcom chipset Patch provided to address TD2+ and TD chip set address the remote fault issue. |
PR Number | Synopsis | Category: a20a40 specific issue |
1522130 | Syslog reporting "PFE_FLOWD_SELFPING_PACKET_LOSS: Traffic impact: Selfping packets loss/err: 300 within 600 second" error messages in node 0 and node1 control panel. Product-Group=junos |
Syslog reporting "PFE_FLOWD_SELFPING_PACKET_LOSS: Traffic impact: Selfping packets loss/err: 300 within 600 second" error messages in node 0 and node 1 control panel. |
PR Number | Synopsis | Category: BBE multicast related issues |
1536149 | Multicast traffic might be sent out through unexpected interfaces with distributed IGMP enabled. Product-Group=junos |
On MX platforms with enabled subscriber services, if distributed IGMP is enabled on subscriber dynamic interfaces and there are static interfaces are configured on the same fpc, and fpc is reloaded or interfaces flapped, then multicast may get enabled on static interface and the multicast traffic may be sent out through unexpected interface. |
PR Number | Synopsis | Category: Border Gateway Protocol |
1538491 | Configuring 'then next-hop' and 'then reject' on a route policy for the same route might cause rpd crash Product-Group=junos |
On all Junos platforms with BGP enabled, if a policy is setting 'then next-hop' and 'then reject' at the same time for the same prefix, rpd crash might be seen. Like the following: set policy-options policy-statement xxx term 1 from route-filter xxx set policy-options policy-statement xxx term 1 then next-hop ... set policy-options policy-statement xxx term 2 then reject |
PR Number | Synopsis | Category: BBE Remote Access Server |
1405855 | Subscriber accounting messages retransmissions exist even after configuring accounting retry 0. Product-Group=junos |
When accounting-retry 0 is configured under the [access radius-server ] stanza, MX still attempts to re-transmits/retries accounting message to the AAA accounting Server |
PR Number | Synopsis | Category: QFX Control Plane VXLAN |
1538117 | evpn/vxlan registers mac-move counters under "system statistics bridge" even though there is no actual mac-move for MH (multi-home) clients Product-Group=junos |
When using EVPN VXLAN, the "mac-move" counter under the "show system statistics bridge" may show a higher event count than the actual MAC moved events |
PR Number | Synopsis | Category: VPWS, L2 CKT, EVPN-VPWS |
1527085 | On the ACX5448 and ACX710 routers, the vlan-id-list statement might not work as expected. Product-Group=junos |
On the ACX5448/ACX710 platforms, the statement "vlan-id-list" may not work as expected on a logical interface where the statement "encapsulation vlan-ccc" is configured, if the number of VLANs in the range is more than 16. |
PR Number | Synopsis | Category: Layer 3 forwarding, both v4+v6 |
1491261 | VPLS flood groups result in IPv4 traffic drop after the core interface flaps. Product-Group=junos |
VPLS flood groups result in IPv4 traffic drop after core interface flap. |
PR Number | Synopsis | Category: JUNOS Dynamic Profile Configuration Infrastructure |
1526934 | Family IPv6 do not come up for the L2TP subscriber when additional attributes are not passed in the Framed-IPv6-Route VSA Product-Group=junos |
In DHCP/PPP Subscriber scenario with IPv6 dynamic-profile configured, all the additional attributes (route prefix, next-hop, metric, preference, tag) for IPv6 access route must be fully specified in dynamic-profile and passed via RADIUS server, otherwise family inet6 might not come up. |
PR Number | Synopsis | Category: Ethernet OAM (LFM) |
1500048 | The FPC process might crash in inline mode with CFM configured. Product-Group=junos |
On the Junos platforms with inline mode CFM (Connectivity Fault Management) configured, if there are several CFM adjacencies flapping, due to the flaw in the CFM module to process the error-adjacencies messages, the FPC may crash alongside with NPC core-dump file generated. All services/traffic configured on the FPC will see outage till FPC recovers from an automatic reboot. |
PR Number | Synopsis | Category: mgd, ddl, odl infra issues |
1458345 | "persist-groups-inheritance" causes the "mustd" process to crash and issues commit failure Product-Group=junos |
"persist-groups-inheritance" configuration option causes the "mustd" process to crash when one performs the "commit" action. |
PR Number | Synopsis | Category: EVPN control plane issues |
1521526 | ARP table might not be updated after performing VMotion or a network loop Product-Group=junos |
On all Junos platforms with EVPN configured, the ARP table might not get updated. This issue happens after performing VMotion in a network or having a network loop. |
1530991 | The rpd might crash when auto-service-id is configured in EVPN VPWS scenario. Product-Group=junos |
On all Junos platforms with EVPN VPWS scenario, if auto-service-id is configured and the service IFL under VPWS instance is down, the rpd crash might be seen when any changes made to the configuration. |
PR Number | Synopsis | Category: Sflow on qfx10k/ptx series PRs for defect & enhancement req |
1521732 | Output interface index in SFLOW packet is zero when transit traffic is observed on the IRB interface with VRRP enabled Product-Group=junos |
When VRRP is enabled on IRB interface and SFLOW is enabled on QFX10000 Series platforms, output interface Index in SFLOW packet will be zero for the traffic destined to VRRP MAC address. |
PR Number | Synopsis | Category: Express PFE CoS Features |
1531095 | The MPLS EXP classifier might not work on QFX10K platforms Product-Group=junos |
On QFX10K platforms, the classification for incoming mpls traffic based on the EXP(experimental) bits might not take into effect, and instead the traffic will get classified based on the default setting, due to which packet loss could be observed. |
PR Number | Synopsis | Category: Express PFE MPLS Features |
1515092 | The routes update might fail upon the HMC memory issue and traffic impact might be seen. Product-Group=junos |
On PTX Series and QFX Series devices, in rare cases, HMC memory error might cause routes update failure and traffic impact on the Packet Forwarding Engine. |
PR Number | Synopsis | Category: ISIS routing protocol |
1482983 | The output of the "show isis interface detail" command might be incorrect if wide-metrics-only is enabled for IS-IS and the ASCII representation of the metric in decimal is more than 6 characters long Product-Group=junos |
If 'wide-metrics-only' is enabled for any IS-IS level and a metric configured on the IS-IS enabled interface for that level has ASCII representation in decimal more than 6 characters long, this interface's metric for that level will be merged with 'priority' field value in the output of 'show isis interface detail'. |
1526447 | The IS-IS LSP database synchronization issue might be seen while using the flood-group feature. Product-Group=junos |
On all Junos platform, when flood-group is configured on interface under isis, if isis LSPs time out and then come up, the device sends only self-generated LSPs and doesn't increment the LSP updates received from neighbor which flapped. This is causing LSP database out of synchronization issue. |
PR Number | Synopsis | Category: jdhcpd daemon |
1521227 | The DHCP6 lease query is not as expected while verifying the DHCPV6v relay statistics. Product-Group=junos |
DHCPV6_LEASEQUERY counter may not be as expected in "show dhcpv6 relay statistics" output |
PR Number | Synopsis | Category: Adresses ALG issues found in JSF |
1535356 | The SCCP ALG does not work on SRX Series devices running with Junos OS Release 17.3R1 and onward Product-Group=junos |
On SRX Series devices running with Junos OS Release 17.3R1 and onward, the Skinny Client Control Protocol (SCCP) ALG does not work, which results in SCCP calls failure. |
PR Number | Synopsis | Category: Adresses NAT/NATLIB issues found in JSF |
1532249 | Need to improve the maximum eNode connections for one persistent NAT binding from 8 to 32. Product-Group=junos |
Improve the max ENODE connections for one persistent NAT binding from 8 to 32 |
PR Number | Synopsis | Category: To track issues related to jsf tcp proxy |
1502977 | A condition within TCP proxy could result in downloads becoming permanently stuck or not completing. TCP proxy is used by multiple services, including Juniper ATP Cloud in block mode, ICAP, SSL proxy, antivirus, content filtering, and antispam. Product-Group=junos |
On SRX5K/SRX4600/SRX4200 and vSRX platforms, TCP-Proxy configuration might result in downloads becoming permanently stuck and/or not completing. TCP-Proxy is used by multiple services, including SkyATP in block mode, ICAP, SSL-Proxy, Anti-Virus, Content Filtering, and Anti-Spam. |
PR Number | Synopsis | Category: all logging related bugs on srx platforms |
1521794 | On SRX Series devices with chassis clusters, high CPU usage might be seen due to the llmd process. Product-Group=junos |
On SRX Series devices with chassis cluster, high CPU usage might be seen due to the llmd process. |
PR Number | Synopsis | Category: Firewall Policy |
1544554 | The flowd/srxpfe process might crash when SRX/NFX device running on Junos OS 18.2R1 or above where the unified policy feature is supported Product-Group=junos |
On SRX Series device running on Junos OS 18.2R1 or above, or NFX Series device running on NextGen Junos OS, the unified policy feature is supported, the flowd/srxpfe might crash. |
PR Number | Synopsis | Category: Firewall Module |
1521325 | The TCP packet might be dropped if syn-proxy protection is enabled. Product-Group=junos |
On SRX series devices, if TCP SYN flood protection is enabled with TCP SYN Proxy and the 3rd and 4th packet from the client arrive at the same time, then it can cause an SEQ error that may break the TCP connection. |
PR Number | Synopsis | Category: IPSEC/IKE VPN |
1438311 | The Ping-icmp test fails after configuring ECMP routes over multipoint tunnel interface VPNs. Product-Group=junos |
On vSRX3.0 instances, when ECMP routes are configured to load balance over multiple IPSec VPNs connected to a single multipoint tunnel interface, the traffic may not flow. This issue applies to Junos OS Release 19.2R1 and higher releases. |
1488087 | IPsec tunnel could flap when ESN is enabled Product-Group=junos |
On SRX5000 line of devices, with extended-sequence-number (ESN) configured, the IPsec tunnel might be re-established. This issue could be self-recovered, and traffic loss happens during IPsec tunnel flapping. |
PR Number | Synopsis | Category: PFE infra to support jvision |
1547698 | SENSOR APP DWORD leak observed during the period of churn for routes bound to Sensor group Product-Group=junos |
SENSOR APP DWORD leak observed during the period of churn for routes bound to Sensor group.Sensor types that are affected are Segment Routing,Segment Routing-TE, LDP and RSVP LSPs. |
PR Number | Synopsis | Category: Platform infra to support jvision |
1526568 | The MPC10E line card might crash with the sensord process generating a core file due to a timing issue. Product-Group=junos |
If MPC10E is used in MX, the sensord running on PFE is used to stream telemetry data corresponding to CMError config sensor, CMError stats sensor etc. The J-Insight Fault Monitoring is enabled by default and it automatically subscribes to the CMError config sensor. The CMError config sensor is also able to be subscribed via Junos Telemetry Interface (JTI) by external user. In the current implementation, the update event of the CMError config sensor will be periodically sent to sensord with the frequency of 2 seconds even if no configuration change on these sensors. The frequent update of the CMError config sensor might cause the sensord to crash when it is not able to process the large-scale data. It is a timing issue which could happen in a system with a large-scale CMError config sensor leaves. |
PR Number | Synopsis | Category: Kernel MX virtual-chassis PRs |
1514583 | Fail to forward traffic to VCP FPC after MXVC reboot or FPC rebooted or adding VCP link Product-Group=junos |
When rebooted MXVC or FPC rebooted or adding VCP link, there is timing issue when DEVRT updates coming in before the VCP IFD add messages in some FPCs that caused next hop mis-programming on these specific FPCs. Can check by: request pfe execute command "show jnh 0 vc state 0" target member1-fpcX request pfe execute command "show jnh 0 vc state 1" target member0-fpcX And will see invalid slot id = 255 . And we have to reboot specific to let FPCs next hop programming correct. Per this PR, re-designed Kernel part to parse the VC internal device route message from VCCPD and guarantee that VCP- interface messages are always sent to Ukernel/PFE first, then followed by VC internal device route message. |
PR Number | Synopsis | Category: Label Distribution Protocol |
1538124 | The rpd process might crash when the LDP route with indirect next hop is deleted on the aggregated Ethernet interface. Product-Group=junos |
If the Label Distribution Protocol (LDP) route with indirect next-hop exists (e.g. LDP egress-policy is used to advertise BGP route into LDP), the rpd might crash when the LDP route is deleted from the AE interface. |
PR Number | Synopsis | Category: Multi Protocol Label Switch OAM |
1530382 | The "ping mpls rsvp" command does not take into account lower MTU in the path Product-Group=junos |
MPLS ping over rsvp LSP with sweep option is failing to fetch the right MTU. |
PR Number | Synopsis | Category: Fabric Manager for MX |
1482124 | Fabric healing logic incorrectly makes all MPC line cards go offline in the MX2000 router while the hardware fault is located on one specific MPC line card slot. Product-Group=junos |
In specific MPC hardware failure conditions within the MX2K platform, fabric healing will attempt to auto-heal the fault location in 3 phases to prevent traffic blackholing. If under such fault conditions only destination timeouts are reported without corresponding link errors, the fabric healing process might restart all MPCs in phase-2 in an auto-healing attempt and if the error condition appears again within 10 minutes the last phase-2 might offline all MPCs in the system. |
PR Number | Synopsis | Category: Neo Interface |
1541382 | With hold time configuration, GE Interfaces remain down on reboot Product-Group=junos |
With hold time configuration, GE Interfaces from MPC cards which use MIC driver (such as MPC2E/3E NG, MPC Type 1, MPC Type 2) may go down. |
PR Number | Synopsis | Category: FreeBSD Kernel Infrastructure |
1518898 | The kernel might crash if a file/directory is accessed for the first time and is not created locally. Product-Group=junos |
On the Junos with Virtual Filesystem (VirtFS), if a file/directory is accessed for the first time and is not created locally, the kernel might crash and generate a vmcore file. Junos might reboot due to this issue. |
1537696 | Errors might be seen when dumping vmcore on EX2300/EX3400 series Product-Group=junos |
On EX2300/EX3400, the vmcore might not be available and the device might hang while trying to generate core files via the rescue kernel. This might be caused by the ARM dumper device supporting only a fixed 512 byte block size, rather than scaling to any block size. This might cause loss of debug ability for the device. |
PR Number | Synopsis | Category: OSPF routing protocol |
1525870 | The OSPFv3 adjacency should not be established when IPsec authentication is enabled. Product-Group=junos |
On EX4300 platforms, the OSPFv3 configured with IPsec authentication after device reboots, the OSPFv3 adjacency should not be established, while do the same configuration before device reboots, the adjacency should be established. |
PR Number | Synopsis | Category: Used for tracking OVSDB software issues and features |
1518807 | The vgd process might generate a core file when the OVSDB server restarts. Product-Group=junos |
On all Junos platforms that support OVSDB (Open vSwitch database), the vgd core might get generated when the OVSDB server is restarted. The vgd daemon restart after the core might cause traffic impact. This issue happens when OVSDB server is disconnected and the device (switch/router) sends some updates events to server. |
PR Number | Synopsis | Category: vMX Data Plane Issues |
1544856 | The riot forwarding daemon crash might be observed on vMX based platforms configured with IRB interface Product-Group=junos |
On vMX based platforms enabled with IRB interface, the riot forwarding daemon crash might be observed which could lead to traffic loss. |
PR Number | Synopsis | Category: PTP related issues. |
1527612 | The transit PTP packet might be unexpectedly modified when passing through MPC2E-NG/MPC3E-NG/MPC5E Product-Group=junos |
If timestamping the packet at the physical layer (also known as PHY timestamping) is enabled for Precision Time Protocol (PTP), the transit PTP packets passing through the MPC2E-NG/MPC3E-NG/MPC5E might be modified to have huge value in Correction Field of the PTP packet even though there is not PTP port configured on these line cards. If the transit PTP packets are used for synchronizing downstream node, the clock frequency drift could be seen. The current fix in this PR is only applicable for G.8275.1 PTP profile. |
PR Number | Synopsis | Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI |
1507044 | The archival function might fail in certain conditions. Product-Group=junos |
If the archival function is enabled with the statement "routing-instance" and transfer mode is set as SFTP/SCP for archive-sites, it may not work and fail to transfer the files. |
PR Number | Synopsis | Category: Interface related issues. Port up/down, stats, CMLC , serdes |
1515487 | The 100-Gigabit Ethernet AOC non-breakout port might be auto-channelized to other speed Product-Group=junos |
On QFX5k platform with QFX-5e image, if the 100G port is enabled with auto-channelization (which is by default) and the AOC (Active Optical Cable) non-breakout transceiver is used on it, the 100G port might be detected as breakout and auto-channelized to other speed (e.g. 50G). The interface connection will be impacted. |
PR Number | Synopsis | Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous) |
1508611 | The fxpc may crash and restart with a fxpc core file created while installing image through ZTP Product-Group=junos |
On QFX5100/EX4600 Series platforms, the fxpc may crash sometimes while installing an image through ZTP. |
1520956 | QFX5100: cprod timeout triggers high CPU (100%) Product-Group=junos |
In QFX5100, you might get into a high CPU (CPU running at 100%) situation when a "cprod" command timed out. |
PR Number | Synopsis | Category: QFX L2 PFE |
1510629 | The output VLAN push might not work. Product-Group=junos |
In the l2circuit termination scenario with input-/output-vlan-map and family ccc, the output-vlan-map push operation might not work. It has a traffic impact. |
PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
1512712 | Display issue, Virtual Chassis environment, Configured num-65-127-prefix value is shown incorrect for the command O/P "show chassis forwarding-options" Product-Group=junos |
Display issue, In a Virtual Chassis environment, Configured num-65-127-prefix value is shown incorrect for the command O/P "show chassis forwarding-options" for the FPC which is not local (Backup and line card members of the VC) |
PR Number | Synopsis | Category: QFX EVPN / VxLAN |
1510794 | Multicast traffic loss is observed due to few multicast routes missing in the spine node Product-Group=junos |
In an EVPN-VXLAN scenario with scaled snooping configuration(for example, 100 vlan's with snooping enabled), traffic drops might be observed for multicast groups in few vlan's when "clear bgp sessions" is performed on all Spine devices. |
PR Number | Synopsis | Category: RPD route tables, resolver, routing instances, static routes |
1498377 | The route entries might be unstable after being imported into inet6.x RIB via rib-group Product-Group=junos |
When inet6.x (such as 6.1/6.2/6.3, and so on) is used as a non-primary RIB by rib-group, the import function issue might cause the route entries not to be modified correctly for IPv6 format, it might lead the received routes not to be imported successfully into the inet6.x RIB of the routing protocols. Then the network reachability might be impacted. |
PR Number | Synopsis | Category: Resource Reservation Protocol |
1524736 | The inter-domain LSP with loose next-hops path might get stuck in the Down state. Product-Group=junos |
In the scenario of inter-domain LSP with loose next-hops path, when expanding the loose hop at the Area Border Router (ABR) / Autonomous System Border Router (ASBR), the LSP might not come up properly if the incoming link of the LSP at the ABR/ASBR is an unnumbered interface. |
PR Number | Synopsis | Category: jflow/monitoring services |
1517646 | The srrd process might crash in a high route churns scenario or if the process flaps. Product-Group=junos |
On all Junos OS platforms with inline Jflow enabled, the sampled route reflector process (srrd) might crash in a scenario where there are high route churns or flaps in the system. This is a rare timing issue and because of the crash, the Jflow export might report older route information for sometime. |
PR Number | Synopsis | Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP) |
1482400 | The vmcore process crashes sometimes along with the mspmand process on MS-MPC/MS-MIC if large-scale traffic flows are processed Product-Group=junos |
With NAT/Stateful-firewall/TCP tickle (enable by default) configured on MS-MPC/MS-MIC, the vmcore crash sometimes along with mspmand crash might happen if large-scale traffic flows (e.g. million flows) are processed by it. |
PR Number | Synopsis | Category: platform related PRs on SRX branch platforms |
1504986 | Layer 2 ping is not working with remote MEP. Product-Group=junos |
For sake of there is length judgement for Mbuf structure, so L2 ping frame fails to transmit on some branches. |
PR Number | Synopsis | Category: MX10003/MX204 Platform SW - Chassisd s/w defects |
1315577 | MX10003 : Despite of having all AC low PEM alarm is raised. Product-Group=junosvae |
An alarm is raised if mixed AC PEMs are present. This occurs because the criteria for checking whether mixed AC is present was changed. |
PR Number | Synopsis | Category: MX10003/MX204 Linux issues (including driver issues) |
1492121 | MX10003 might shut down itself automatically after system upgrade or downgrade Product-Group=junosvae |
On the MX10003 platform, if we upgrade or downgrade Junos software from a set of original releases to a set of target releases, the system might detect incorrect temperature values and shutdown. The set of the original releases are: Junos 18.2R3, 18.3R3, 18.4R2, 19.1R2, 19.2R1, 19.3R1. The set of the target releases are: Junos pre-18.2R3, pre-18.3R3, pre-18.4R2, pre-19.1R2, pre-19.2R1, and pre-19.3R1 releases |
PR Number | Synopsis | Category: MX10003/MX204 SW - UI specific defects |
1529028 | The speed command cannot be configured under the interface hierarchy on an extended port when MX204 or MX10003 router works as an aggregation device. Product-Group=junos |
Due to the restriction added via PR 1389918 (fixed in 17.4R3 18.2R2 18.3R2 18.4R1 19.1R1), it is unable to configure the speed knob under interface hierarchy on extended port when MX204 or MX10003 works as aggregation device (AD) in Junos Fusion Provider Edge (JFPE) setup. |
PR Number | Synopsis | Category: ZT/YT PFE l3 forwarding |
1529475 | The multicast traffic might be dropped due to hash mismatch when there are AE and ECMP links involved in multicast tree Product-Group=junos |
On MX platforms with MPC10 or MPC11 line cards, the multicast traffic over an AE or ECMP interface may be dropped because the hash calculation on the egress line card could be different than on the ingress line card. This could happen if the encapsulation on the egress interface changes a field in the packet that is used in the hash calculation. |
PR Number | Synopsis | Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch |
1529602 | In the subscriber management environment, the RADIUS interim accounting records does not get populated with the subscriber statistics. Product-Group=junos |
In the subscriber management environment, RADIUS interim accounting records are not populated with the subscriber statistics after a system reboot. In this case, the MAC of the routing engine is not learned by the nextgen-stats manager on the PFE. |
1539474 | The accounting interim-updates for subscriber does not work after GRES and subsequent reboot of FPCs in the node-slicing setup. Product-Group=junos |
On MX with MPC5 and newer card installed, if node slicing and subscriber service are enabled, the radius accounting interim updates may not carry actual statistics after performing GRES of base system (BSYS) and subsequent reboot of FPCs. |
PR Number | Synopsis | Category: Trio pfe bridging, learning, stp, oam, irb software |
1533767 | PPE errors seem while processing OSPF multicast packet being sent through EVPN instance Product-Group=junos |
For multicast OSPF packets entering EVPN instance, these packets are being handled as transient packets, flood next-hop structure will be used to forward these packets to remote PE/CE. During the process of packet replication, it might encounter a lookup error causing "HW trap" and lookup thread will stop for this packet. If a packet hits this situation, a PPFE trap along with ttrace will be generated. Similar logs might be seen during such event : [LOG: Err] LUCHIP(0) PPE_1 Errors lmem addr error [LOG: Err] LUCHIP(0) PPE_2 Errors lmem addr error [LOG: Err] LUCHIP(0) PPE_7 Errors lmem addr error [LOG: Err] PPE Thread Timeout Trap: Count 3, PC 601c, 0x601c: set_oif_mtu [LOG: Err] PPE PPE HW Fault Trap: Count 343580, PC 6da, 0x06da: dmac_miss_check_ndp |
1533857 | FPC crash might be observed when the ASIC's NH memory exhausted in the EVPN-MPLS scenario Product-Group=junos |
On all MX/EX92xx platforms with EVPN-MPLS configured, NH (Next-Hop) memory leak in Trio ASIC happens whenever there is a route churn for remote MAC-IP entries learned bound to the IRB interface in EVPN-MPLS routing-instance. When the ASIC's NH memory partition exhausted (free% NH memory is close to 20% or below), which will result in the line card to reboot. |
PR Number | Synopsis | Category: Issues related to port-mirroring functionality on JUNOS |
1542500 | Port mirroring with maximum-packet-length configuration does not work over GRE interface Product-Group=junos |
Port mirroring with maximum-packet-length configuration does not work over GRE interface on MX204. While constructing GRE header, the clipping aspect of inner packet was not accounted earlier. If the inner packet is truncated, the outer GRE header packet size must use the new size (clipped size) to calculate the total length of outer header. |
PR Number | Synopsis | Category: Configuration mgmt, ffp, load-action, commit processing |
1499265 | The commit check might fail when adding a logical interface into a routing-instance, which has no-normalization command enabled under the routing-instances stanza. Product-Group=junos |
The change by PR 1433542 (which is fixed in 18.3R3 18.4R3 19.1R2 19.2R2 19.3R1) causes commit check to fail. This happens when "no-normalization" is configured under a routing-instances stanza for a routing-instance with any of the following interface configuration - "vlan-id all", "vlan-id inner-all", "input-vlan-map", "output-vlan-map", "vlan-id-list", "vlan-id-range", "vlan-tags inner-list", "vlan-tags inner-range". |
PR Number | Synopsis | Category: UI Infrastructure - mgd, DAX API, DDL/ODL |
1459839 | Configuration change might not be applied if the Ephemeral database is used. Product-Group=junos |
If Ephemeral DB is used, configuration change might not be applied on the device. In case of LDP configuration change, it might cause LDP session down hence affects traffic. |
PR Number | Synopsis | Category: Virtual Router Redundancy Protocol |
1526851 | When SRX receives proxy ARP request on VRRP interface, SRX sends ARP reply with underlying interface MAC address Product-Group=junos |
On SRX Series devices with VRRP scenario, the proxy ARP reply uses interface MAC address instead of VRRP MAC address if the VRRP is configured on some IFL and the proxy-arp is configured on same IFL, traffic loss may occur. |
1546635 | After VRRP failover VRRP backup router will keep receiving traffic for about 2 minutes Product-Group=junos |
In one scenario when there are three VRRP routers(VRRP priority: R1>R2>R3), with vrrp-inherit-from enabled, the VRRP backup router will keep receiving traffic for about 2 minutes after VRRP failover which will cause traffic drop. |
PR Number | Synopsis | Category: VSRX platform software |
1524243 | The control link might be broken when there is excessive traffic load on the control link in vSRX cluster deployment. Product-Group=junosvae |
In the vSRX2.0 cluster running on KVM, when there is excessive traffic load on the control link (em0 link), the error message kernel: em0: watchdog timeout on queue 0 might be shown in the syslog. This interruption might cause the cluster control link to fail and dynamic routing protocols not to work properly. |
PR Number | Synopsis | Category: ZT pfe multicast software |
1499631 | Heap memory leak might be seen on the MPC10 and MPC11 line cards. Product-Group=junos |
On MPC10/MPC11 linecards, under heavy route churn, the aftd-trio process might slowly leak memory. |
PR Number | Synopsis | Category: SFI Infra-structure |
---|---|---|
1485038 | The following error message is observed continuously in AD with base configurations: IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) failed. Product-Group=junos |
EX 9251 Summit-B54 : "IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) error message is observed continuously in AD with base configurations. |
PR Number | Synopsis | Category: Marvell based EX PFE ACL |
1434927 | The FPC crashes with pfem generating core file might be seen if large-scale number of firewall filters are configured. Product-Group=junos |
On EX Series switches, If you are configuring a large-scale number of firewall filters on some interfaces, the FPC might crash and generate core files. |
PR Number | Synopsis | Category: Marvell based EX PFE MISC |
1232403 | HSRPv2 IPV6 packets might get dropped if IGMP-snooping is enabled. Product-Group=junos |
On EX Series switches except EX4300/EX4600/EX9200, an interface is configured for single vlan or multiple vlans, if all these vlans of this interface have igmp-snooping enabled, then this interface will drop HSRPv2 (Hot Standby Router Protocol for IPv6) packets. But if some vlans do not have igmp-snooping enabled, then this interface is working fine. |
PR Number | Synopsis | Category: EX2300/3400 PFE |
1462155 | The fxpc crashes due to PFEMAN_RT thread and BCM linkscan thread get into a deadlock Product-Group=junos |
In certain conditions, PFEMAN_RT thread and BCM linkscan thread get into a deadlock causing watchdog timeout. |
PR Number | Synopsis | Category: NFX Series Platform Software |
1462556 | Junos OS: NFX350: Password hashes stored in world-readable format (CVE-2020-1669) Product-Group=junos |
The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. Refer to https://kb.juniper.net/JSA11066 for more information. |
PR Number | Synopsis | Category: QFX PFE L2 |
1494072 | On the QFX5200 line of switches, the MAC learning rate is degraded by 88 percent. Product-Group=junos |
Juniper's qfx-5k products were originally using vendor's SDK handling mac learning. At some point, Juniper introduced its own DMA software for mac learning, which had improved learning rate by 50% or so. As the rest vendor's SDK software advanced over time, the mix of vendor's and Juniper's software had caused some sever mac learning stability issue. Mac learning may be stuck at some conditions. Decision has been made to re-align all software back to vendor's general SDK uniformly. This has solved the stability issue as tested extensively. At the expense, the mac learning rate is cut by about 50%, back to original rate. |
PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
1500508 | On the QFX5100 Virtual Chassis or Virtual Chassis fan, traffic loss on multiple traffic streams is observed after reboot and the interfaces of the Virtual Chassis node flaps. Product-Group=junos |
On QFX5100 VC/VCF : Observing traffic loss on multiple traffic streams after reboot and flapping the interfaces of the VC node |
PR Number | Synopsis | Category: CoS support on ACX |
1522941 | The show class-of-service interface command does not show classifier information. Product-Group=junos |
This is a display issue. Due to misread in PFE registers, classifier is not shown in "show class-of-service interface" output |
PR Number | Synopsis | Category: Bi Directional Forwarding Detection (BFD) |
1516556 | The remaining BFD sessions of the aggregated Ethernet interface flap continuously if one of the BFD sessions is deleted. Product-Group=junos |
On QFX10k platforms, if multiple sub-interfaces of the same AE (Aggregated Ethernet) interface are belonged to different routing instances, and these sub-interfaces are configured with the same IP address and configured with separate BFD (Bidirectional Forwarding Detection) sessions, the remaining BFD sessions will flap continuously if one of these BFD sessions is deleted. |
1522261 | BFD with authentication for BGP flaps after GRES or NSR switchover on the NG-RE and SCBE2 setup. Product-Group=junos |
On the devices with NG-RE (Next Generation Routing Engine) and SCBE2 (Enhanced Switch Control Board), when BFD authentication for BGP is enabled, the BFD may flap after the NG-RE switchover. The switchover should be GRES or NSR switchover. After the flap, the device could be self recovery. |
PR Number | Synopsis | Category: Border Gateway Protocol |
1423647 | Route churn might be seen after changing the maximum-prefixes configuration from value A to value B. Product-Group=junos |
In BGP setup configured with VPN families (inet-vpn, inet6-vpn, l2vpn, evpn or mvpn), route churn might be seen after changing maximum-prefixes configuration from value A to value B, it causes rpd CPU usage to be hogged for about an hour. |
1456260 | Packet drop and CPU spike on Routing Engine might be seen in certain conditions if labeled-unicast protection is enabled for a CsC-VRF peer. Product-Group=junos |
On all Junos OS platforms under carrier supporting carrier (CsC) scenario, when PE link protection (labeled-unicast protection) is enabled, after one of the redundant links between CsC-CE flap or RSVP-TE LSP re-route from the primary path happens, it might result in slow convergence issue. Packets drop and CPU spike on the Routing Engine might be seen during this period. |
1483097 | The BGP RPKI ROA withdrawal might lead to an unexpected BGP route flap. Product-Group=junos |
Originally, when an RPKI RTR server or an RPKI Validator withdraws ROAs they are marked as "stale" and then flushed when the garbage collection timer runs out. For the short period of time, this might result in incorrect validation status. If there's an egress BGP policy which suppresses routes with RPKI status of invalid, the affected prefixes will be withdrawn and then, when the correct route validation status is reclaimed, re-advertised. With the fix, the withdrawn ROAs are deleted from the validation database immediately. |
1523075 | BGP session with VRRP virtual address used might not come up after a flap Product-Group=junos |
When VRRP virtual address is configured and used to set up a BGP session with the remote side, under rare timing conditions, BGP peer establishment may get rejected repetitively. |
PR Number | Synopsis | Category: Device Configuration Daemon |
1539991 | The logical interface might flap after adding or deleting native VLAN configuration Product-Group=junos |
On EX/QFX platforms, the unrelated logical interface on a physical interface would flap when adding or deleting native VLAN configuration on the physical interface. |
PR Number | Synopsis | Category: DNX VPLS |
1532995 | Memory leak is observed in the Local OutLif in the VPLS and CCC topology. Product-Group=junos |
In a VPLS/CCC topology with core link protection when one of the core link flaps or the remote CE flaps "Local OutLif" leak happens. Local OutLif Total entries: 196608 Used entries: 33335 Lowest entry: 0(0x0) /*Initially when vpls is up */ Local OutLif Total entries: 196608 Used entries: 33303 Lowest entry: 0(0x0) /*When VPLS is down*/ Local OutLif Total entries: 196608 Used entries: 33337 Lowest entry: 0(0x0) /*When VPLS is up again*/ |
PR Number | Synopsis | Category: Manageability for Node Virtualization |
1527322 | Dvaita JDM: Commit Error Messages are coming twice while validating physical-cores knob Product-Group=junosvae |
Commit error messages get printed twice while validating physical-cores knob for GNFs. |
PR Number | Synopsis | Category: EVPN Layer-2 Forwarding |
1535515 | All the ARP reply packets towards to some address are flooded across the entire fabric Product-Group=junos |
In the EVPN-VXLAN scenario, if the spine has irb and the leaves don't have irb, and the leaves have multi-home interfaces, the ARP reply packets flooding across the entire fabric might be seen. |
PR Number | Synopsis | Category: Express PFE FW Features |
1420560 | On the PTX3000 routers, the firewall counter for lo0 does not increment. Product-Group=junos |
Issue will not be fixed in 19.1 release, will be fixed in subsequent releases. |
PR Number | Synopsis | Category: ISIS routing protocol |
1458791 | Consider the case where the backup nexthop for a route in inet6.3 has all valid labels except for the last label. While it is not possible to install a working backup path in inet6.3, it is possible to install a working backup path for inet6.0. This is because the inet6.0 backup path is derived from the inet6.3 backup path by removing the last label. Removing the last label leaves a label stack with all valid labels. However, the current implementation does not install the inet6.0 backup path. Product-Group=junos |
On all Junos platforms deployed with Topology-Independent Loop-Free Alternate (TI-LFA), if a router advertises a prefix but not a prefix segment identifier (SID), there might be no TI-LFA backup path installed for the route in the routing table inet.0 or inet6.0. Without the protection provided by the TI-LFA backup path, the convergence time might be much longer and therefore cause more traffic loss than expected. The issue would happen whether the routing protocol Open Shortest Path First (OSPF) or Intermediate System-to-Intermediate System (IS-IS) is used. |
PR Number | Synopsis | Category: Flow Module |
1467654 | TCP session cannot time out properly upon receiving the TCP RESET packet, and the session timeout does not change to two seconds. Product-Group=junos |
TCP session cannot time out properly upon receiving the TCP RESET packet, and the session timeout does not change to 2 seconds. |
1528898 | A chassis cluster node might stop passing traffic. Product-Group=junos |
On SRX platforms, a node of chassis cluster might stop passing traffic. The traffic forwarding can be restored by a manual failover to Node1. |
1541954 | The rst-invalidate-session configuration does not work if configured together with no-sequence-check. Product-Group=junos |
On SRX Series platforms, the "rst-invalidate-session" does not work if configured together with no-sequence-check. It might result in a TCP connection unestablished. |
PR Number | Synopsis | Category: JSR Infrastructure |
1484872 | JFlow/IPFix - tracking pr for fixing crash when sampling is more than 65535 Product-Group=junos |
There was a crash when setting the sampling rate more than 65535, this is since fixed. set forwarding-options sampling instance s1 input rate 70000 |
PR Number | Synopsis | Category: IPSEC/IKE VPN |
1522017 | The traffic might be dropped when IPSec VPN with NAT-T enabled Product-Group=junos |
On SRX platforms, when IPSec VPN is configured with NAT-T enabled and VPN tunnel is established between two peers, if traffic is received from peer during VPN rekey, the traffic might be dropped in the VPN tunnel. |
1530684 | On SRX Series devices using IPsec with NAT traversal, MTU size for the external interface might be changed after IPsec SA is reestablished. Product-Group=junos |
On all SRX series devices using IPsec with NAT Traversal, MTU size might be changed to a lower value for the ike external interface after IPSEC SA is re-established. |
PR Number | Synopsis | Category: Layer 2 Control Module |
1532992 | [xstp] [xstptag] :: EX4300:: PDT :: Complete traffic drop seen on configuring MSTP edge port over access and QinQ ports Product-Group=junos |
In a qinq configuration xSTP should not be enabled on interface having ifls with vlan-id-list configured. If xSTP is enabled on such interface, it will only run on ifl whose vlan-id range includes native-vlan-id configured and all other ifls of this interface will in discarding state. So, user should not enable xSTP on these kind of interfaces. Sample configuration which is not allowed: set interfaces ge-0/0/1 flexible-vlan-tagging set interfaces ge-0/0/1 native-vlan-id 3000 set interfaces ge-0/0/1 encapsulation extended-vlan-bridge set interfaces ge-0/0/1 unit 2000 vlan-id-list 1-200 set interfaces ge-0/0/1 unit 2000 input-vlan-map push set interfaces ge-0/0/1 unit 2000 output-vlan-map pop set vlans csvlan1 interface ge-0/0/1.2000 set protocols mstp interface ge-0/0/1 |
PR Number | Synopsis | Category: Layer2 forwarding on EX/NTF/PTX/QFX |
1534796 | High rate of ARP or NS packets might be observed between a device that runs Junos OS and host when the device that runs Junos OS receives an ARP or NS packet on an interface in transition. Product-Group=junos |
On Junos device in EVPN scenario, if an interface is in transition status and an ARP request is received on the interface from a host, the Junos device may send out re-arp out towards the host, and the host responds to this re-arp and the Junos device sends another re-arp in response to this arp reply from host. This goes forever causing high rate of arp packets until the interface comes up. This issue is also applicable to ND/NS in IPv6 environment. |
PR Number | Synopsis | Category: lacp protocol |
1366825 | RG1 failover occurs when RG0 failover is triggered Product-Group=junos |
RG1+ which is configured for interface-monitor, might fail over to the other node if RG0 failover is triggered. |
PR Number | Synopsis | Category: lldp sw on MX platform |
1538482 | DUT did not receive the LLDP packet from phone. Product-Group=junos |
On EX4300 platforms, the LLDP (Link Layer Discovery Protocol) neighborship with the VoIP (Voice over Internet Protocol) phones can't be established when LLDP is configured on the PoE (Power over Ethernet) enabled port on EX4300 and connects to the VoIP Phone. |
PR Number | Synopsis | Category: Multicast for L3VPNs |
1546739 | MVPN multicast route entry may not be properly updated with actual downstream interfaces list Product-Group=junos |
In multicast VPN RPT-SPT mode with both locally and remotely connected receivers, the multicast forwarding entry related to the actual downstream interfaces may not be properly updated. The issue may happen when multicast forwarding entry is created by locally connected PIM receiver, followed by remote receiver and after local receiver decides to prune its membership in that multicast group. |
PR Number | Synopsis | Category: Jflow and sflow on MX |
1487876 | Incorrect frame length of 132 bytes might be captured in the packet header. Product-Group=junos |
On all MX/PTX5k/EX platforms with Trio based line cards, if a packet is send with more than 128 bytes it will always show incorrect "Frame length" of 132 bytes in raw packet header of sflow collector captured data. |
PR Number | Synopsis | Category: OSPF routing protocol |
1543147 | The metric of prefixes in intra-area-prefix LSA might be changed to 65535 when the metric of one of the OSPFv3 p2p interfaces is set to 65535 Product-Group=junos |
On all Junos platforms with OSPFv3 configured, when the metric of one of the OSPFv3 p2p interfaces is set to 65535, metrics of some of the prefixes in intra-area-prefixes LSA associated with p2p interface will also be changed to 65535. This issue will cause routes selection issues even traffic loss. |
PR Number | Synopsis | Category: QFX L2 PFE |
1475005 | The system might stop new MAC learning and impact the Layer 2 traffic forwarding Product-Group=junos |
On QFX platforms, if there are a lot of MAC moves, the system might stop new MAC learning and lots of old MAC addresses might be stuck and couldn't be aged and deleted. Due to this issue, could have impact on layer 2 traffic forwarding and the customer service. |
PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
1484440 | IRB MAC will not be programmed in hardware when MAC persistence timer expires Product-Group=junos |
On QFX5XXX/EX46XX virtual chassis platforms with GRES, if an IRB interface is configured with members across master and backup REs, and when mac-persistence-timer expires, the new MAC address of the IRB interface might not be programmed in hardware, which might result in failure on protocols and traffic. |
PR Number | Synopsis | Category: KRT Queue issues within RPD |
1474965 | [LDP] [Redbull] MPC11E: Not all LDP FEC routes are synced to backup RE while scaling routes to 480K Product-Group=junos |
If the LDP is scaled to 480,000 over four interface, the mirror subsystem times out and goes down. |
PR Number | Synopsis | Category: Resource Reservation Protocol |
1401800 | MPLS LSPs do not revert back on primary path when no-cspf & node/link protection is configure on head-end router/lsp Product-Group=junos |
The default behavior of local reversion has changed from Junos OS Release 16.1 and that impacts the LSPs for which the ingress does not perform make-before-break. Junos OS does not perform make-before-break for no-cspf LSPs. |
1516657 | RPD scheduler might slip after link flap Product-Group=junos |
On all Junos platforms with RSVP-TE configured, when a transit router carries a large number of LSP's (for example, 60k and higher) and all those LSPs undergo FRR (for example, when link carrying large number of LSP's flap) then, the rpd scheduler might slip and LDP session tear down might be observed after the link flap. |
PR Number | Synopsis | Category: Trio pfe bridging, learning, stp, oam, irb software |
1501014 | Traffic to VRRP virtual IP or MAC addresses might be dropped when ingress queuing is enabled. Product-Group=junos |
On MX platforms with any MPC in enhanced network-service mode, if VRRP is configured on AE interface, after 'set chassis fpc X pic X traffic-manager mode ingress-and-egress' is enabled, traffic sent to virtual IP/MAC might be dropped and the forward traffic will be affected. |
PR Number | Synopsis | Category: UI Infrastructure - mgd, DAX API, DDL/ODL |
1452136 | The mgd might crash when you use the replace pattern command. Product-Group=junos |
When you use the "replace pattern" command to replace the name in the apply-group, the mgd crashes. |
PR Number | Synopsis | Category: VNID L2-forwarding on Trio |
1517591 | no-arp-suppression is required for MAC learning across the EVPN domain on the static VTEP. Product-Group=junos |
O On MX Series platform, with Ethernet VPN and Virtual Extensible LANs (EVPN-VXLAN) implemented, the Address Resolution Protocol (ARP) requests received on VXLAN tunnel endpoint (VTEP) might not forward to customer edge (CE) side or proxy ARP role on VTEP might not work properly. This issue might occur when the 'no-arp-suppression' configuration statement is disabled under EVPN instance combined with static VXLAN implementation. Please refer to the workaround provided when this issue hit. |
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search