Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

19.4R3-S1: Software Release Notification for JUNOS Software Version 19.4R3-S1

0

0

Article ID: TSB17938 TECHNICAL_BULLETINS Last Updated: 15 Mar 2021Version: 5.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 19.4R3-S1 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

NOTE: There is an on-going investigation of a report that a software defect introduced by PR1512919 causes interfaces on the "Type-6 Ethernet PIC" - "T6E-PIC", or PTX1000-72Q to become inactive in 19.4R3-S1. If you have a PTX1000-72Q or a PTX3000/5000 with the "T6E-PIC" - such as the P3-10-U-QSFP28, P3-15-U-QSFP28, or P3-24-U-QSFP28 - we don't recommend that you upgrade to this software release at this time.

Junos Software service Release version 19.4R3-S1 is now available.

19.4R3-S1 - List of Fixed issues

PR Number

Synopsis

Category: EX4300 PFE

1538401

LLDP neighborship might not come up on EX4300 non-aggregated Ethernet interfaces.
Product-Group=junos

On EX4300 platform, LLDP might not work on non-AE (Aggregated Ethernet) interfaces. However, it works fine for AE interfaces.

1548858

The targeted-broadcast feature may not work after a reboot
Product-Group=junos

On EX4300 Series platforms, the targeted-broadcast feature may not work after a reboot. It can be seen that no target-broadcast packets are received on the targeted-broadcast interface.

PR Number

Synopsis

Category: EX4300 Platform implementation

1502467

The mge interface might still stay up while the far end of the link goes down.
Product-Group=junos

On EX4300-48MP platforms which support multi-rate gigabit ethernet (mge) interfaces, if a mge interface which is located within port range 24-47 is connected with some specific devices (e.g. a bypass module from DELL), when the far end of the link goes down, the mge interface might still stay up due to this issue. It will lead to traffic drop when sending traffic via the affected link.

PR Number

Synopsis

Category: Marvell based EX PFE L2

1520351

On the EX4600 and EX4300 Virtual Chassis or Virtual Chassis Fabric, the VSTP configurations device goes unreachable and becomes nonresponsive after commit.
Product-Group=junos

On QFX5100 or EX4600 in mix-VC (Virtual Chassis) scenario when the QFX5100/EX4600 uses "PHY" port as VCP (Virtual Chassis Port) port, the VC system might get hanged and unreachable after committing the VSTP (VLAN Spanning Tree Protocol) configurations.

PR Number

Synopsis

Category: EX2300/3400 CP

1494712

The authentication session might be terminated if the PEAP request is retransmitted by an authenticator.
Product-Group=junos

On all Junos platforms with 802.1X (dot1x) enabled, if Protected Extensible Authentication Protocol (PEAP) request is not replied by supplicant in default time interval, it could cause the authenticator to retransmit PEAP proposal method message with new Extensible Authentication Protocol (EAP) ID. The new EAP ID is different from EAP ID sent by authentication server. As a result, mismatching EAP ID issue could terminate authentication session. In the end, supplicant cannot access network. Please consider increasing 'supplicant-timeout' to prevent this issue from happening.

PR Number

Synopsis

Category: EX2300/3400 platform

1495564

Interface on platforms using Broadcom chipset might have abnormal status
Product-Group=junosvae

On EX, OCX or QFX based platforms using Broadcom chipset, with SFP+ implemented, interface on the platforms might be in active status when TX or RX connector is removed. When this issue happens, traffic could be dropped.

PR Number

Synopsis

Category: QFX Multichassis Link Aggregrate

1525234

The dcpfe might crash when the ICL is disabled and then enabled
Product-Group=junos

On QFX5k platforms with MC-LAG (Multichassis Link Aggregation Groups) used, the dcpfe might crash when the ICL (Interchassis Link) is disabled and then enabled. Traffic loss might be seen during the dcpfe crash and restart.

PR Number

Synopsis

Category: QFX Access control list

1521763

Firewall "sample" configuration gives the warning as unsupported on QFX10002-36q and will not work.
Product-Group=junos

On QFX10002-36q, when inline-jflow is configured, the IPv4 firewall filter with 'sample' action gives a waring "unsupported platform" and will not work. On the other hand, the IPv6 firewall filter with 'sample' action will still work as expected.

PR Number

Synopsis

Category: QFX L3 data-plane/forwarding

1486632

System upgrade/installation might fail on QFX 5100-48T-6Q VC/VCF
Product-Group=junos

On QFX 5100-48T-6Q VC/VCF, RCP error might be seen while upgrading the system using "request system software add  no-validate" and system upgrade/ installation could fail. This issue happens if DCPFE cpu utilization is very high.

PR Number

Synopsis

Category: QFX VC Datapath

1519893

On QFX5120 and QFX5210 platforms unexpected storm control events might happen
Product-Group=junos

On QFX5120 and QFX5210 platforms unexpected storm control events might happen. A new knob on the fixed versions is required to avoid this behavior: set forwarding-options storm-control enhanced

PR Number

Synopsis

Category: ACX GE, 10GE, PoE, IDT framers

1523418

Interface does not come up with the autonegotiation setting between ACX1100 routers and QFX Series switches, MX Series routers, and ACX Series routers as the other end.
Product-Group=junosvae

Broadcom chipset Patch provided to address TD2+ and TD chip set address the remote fault issue.

PR Number

Synopsis

Category: a20a40 specific issue

1522130

Syslog reporting "PFE_FLOWD_SELFPING_PACKET_LOSS: Traffic impact: Selfping packets loss/err: 300 within 600 second" error messages in node 0 and node1 control panel.
Product-Group=junos

Syslog reporting "PFE_FLOWD_SELFPING_PACKET_LOSS: Traffic impact: Selfping packets loss/err: 300 within 600 second" error messages in node 0 and node 1 control panel.

PR Number

Synopsis

Category: BBE Autoconfigured DVLAN related issues

1541796

Subscriber may not come up on some dynamic VLAN ranges in an subscriber management environment
Product-Group=junos

On the MX series platforms, if dynamic VLAN ranges are configured more than 32 on an interface, subscriber may only come up on the first 32 dynamic VLAN ranges of that interface.

PR Number

Synopsis

Category: BBE WiFi applications/services

1526666

WAG control route prefix length are observed.
Product-Group=junos

This fix enables soft-gre destination network mask length of 1-32. Previously only multiples of 8 were supported.

PR Number

Synopsis

Category: BBE Layer-2 Bitstream Access

1551207

PPPoE subscribers login failure may happen
Product-Group=junos

In Broadband Network Gateway (BNG) scenario where Layer-2 Bitstream Access (L2BSA) and PPPoE subscribers are working on the same interface/VLAN, PPPoE subscribers login may get stuck in a pending state, if the IN-FLIGHT flag of L2BSA is not cleared after its Port-Up packet is rejected by RADIUS, and during this process, another Port-Up for the same access-loop arrives.

PR Number

Synopsis

Category: Border Gateway Protocol

1518056

Tag matching in the VRF policy does not work properly when the independent-domain option is configured.
Product-Group=junos

On all platforms and in an L3VPN environment, when the tag is configured in the policy and applied to the VRF instance, configuring 'independent domain' for the autonomous system under the routing-options will cause the inet-vpn routes stop getting advertised between VRF instances.

1523075

BGP session with VRRP virtual address used might not come up after a flap
Product-Group=junos

When VRRP virtual address is configured and used to set up a BGP session with the remote side, under rare timing conditions, BGP peer establishment may get rejected repetitively.

1532414

The L3VPN routes may be added to FIB on route reflector
Product-Group=junos

In L3VPN scenario with in-line RR (Route Reflector) which has an export policy with next-hop self to advertise all transit L3VPN routes to its clients and also uses route-target family, the undesired L3VPN routes may be pushed to FIB (Forwarding Information Base) after enabling/disabling route-target family on the RR or a new BGP peer joins a group with 'next-hop self'.

1538491

Configuring 'then next-hop' and 'then reject' on a route policy for the same route might cause rpd crash
Product-Group=junos

On all Junos platforms with BGP enabled, if a policy is setting 'then next-hop' and 'then reject' at the same time for the same prefix, rpd crash might be seen. Like the following: set policy-options policy-statement xxx term 1 from route-filter xxx set policy-options policy-statement xxx term 1 then next-hop ... set policy-options policy-statement xxx term 2 then reject

1541768

The rpd process generates the core file at gp_rtarget_tsi_update,bgp_rtarget_flash_rt,bgp_rtarget_flash.
Product-Group=junos

If RTarget module tries to take an access of the active route which does not exist (since NextHop is not resolved), a reference is taken on the non-existent active route, and rpd crashes.

PR Number

Synopsis

Category: BGP Segment Routing

1550736

The rpd crash might be seen when BGP service route is resolved over color-only SRTE policy
Product-Group=junos

In BGP segment routing traffic engineering (SRTE) scenario, when BGP service route is resolved over color-only SRTE policy and extended-nexthop-color and no-install within bgp is enabled, the rpd crash might be observed.

PR Number

Synopsis

Category: QFX Control Plane VXLAN

1538117

evpn/vxlan registers mac-move counters under "system statistics bridge" even though there is no actual mac-move for MH (multi-home) clients
Product-Group=junos

When using EVPN VXLAN, the "mac-move" counter under the "show system statistics bridge" may show a higher event count than the actual MAC moved events

PR Number

Synopsis

Category: Device Configuration Daemon

1539719

Syslog "should have at least one member link on a different fpc" might occurs after commit for configuration under interface hierarchy
Product-Group=junos

This log could occur after commit for configuration under interface hierarchy f we have AE configuration with logical-interface-fpc-redundancy config, even if the AE interface have multiple legs on different FPCs. Sep 11 15:57:22.395 2020 lab-router-mx dcd[41283]: %DAEMON-4: Interface: ae5, should have at least one member link on a different fpc Trigger: 1- AE interfaces with logical-interface-fpc-redundancy are configured 2- Config change under interface hierarchy 3- Commit config

1539991

The logical interface might flap after adding or deleting native VLAN configuration
Product-Group=junos

On EX/QFX platforms, the unrelated logical interface on a physical interface would flap when adding or deleting native VLAN configuration on the physical interface.

1547853

The following the commit error is observed while trying to delete unit 1 logical systems interfaces: ae2.1: Only unit 0 is valid for this encapsulation.
Product-Group=junos

When non-zero IFL is configured under logical-systems and added to the bridge-domain under this logical-systems and its IFD is configured with flexible-vlan-tagging at top level, when deleting flexible-vlan-tagging from top level and deleting non-zero IFL from logical-systems and keeping the IFL under logical-systems/bridge-domain, commit error might be seen as 'Only unit 0 is valid for this encapsulation'. Workaround is to delete the IFL under logical-systems/bridge-domain also.

PR Number

Synopsis

Category: Layer 3 forwarding, both v4+v6

1499483

The hardware FRR for EVPN-VPWS, EVPN-FXC, and Layer 3 VPN with a composite next hop are not supported in Junos OS Release 20.2R1.
Product-Group=junos

EVPN-VPWS and EVPN-FXC circuits, L3VPN destination reachable over composite Next hop (this is enabled using CLI: set routing-options forwarding-table chained-composite-next-hop ingress l3vpn will not get HW-FRR behaviour (<50 ms convergence) in 20.2 release. The traffic convergence will be dependent on control plane convergence.

PR Number

Synopsis

Category: DNX VPLS

1527231

With no-local-switching knob traffic between local and remote CEs are affected
Product-Group=junos

no-local-switching knob is causing the traffic from local CE to remote CE blackhole and the remote mac learning stopped on LSI with the fix of the PR it is taken care that remote MAC learning is not impacted with the knob.

PR Number

Synopsis

Category: mgd, ddl, odl infra issues

1522339

Compressed /var/log/ creation through file archive compress might fail on certain PTX platforms running Junos Evolved.
Product-Group=junos

Compressed /var/log/ creation via "file archive compress" might fail on certain PTX platforms running Junos Evolved.

PR Number

Synopsis

Category: EVPN control plane issues

1513759

With dynamic list next hop configured, a forwarding problem occurs after performing graceful switchover.
Product-Group=junos

On all Junos platforms with EVPN scenario, if the knob 'dynamic-list-nexthop' is configured, traffic loss might be observed in some EVPN instances after performing GRES. This is a timing issue and seen in a scaled setup.

1521526

ARP table might not be updated after performing VMotion or a network loop
Product-Group=junos

On all Junos platforms with EVPN configured, the ARP table might not get updated. This issue happens after performing VMotion in a network or having a network loop.

1525888

BUM traffic might be dropped in EVPN-VXLAN setup
Product-Group=junos

On all platforms with EVPN-VXLAN setup, all the BUM traffic that sent to a remote PE might be dropped locally if, 1. the remote PE consists of two devices that share the same VTEP IP but have different loopback IP for their overlay BGP, 2. and when one of the devices loses connection, the local PE side will just delete the NH associated with the VTEP.

1547275

VLAN ID information is missed while installing the EVPN route from the BGP Type 2 Route after modifying a routing-instance from instance-type EVPN to instance-type virtual-switch.
Product-Group=junos

VLAN ID information might be missing while installing the EVPN route from the BGP Type 2 Route after modifying a routing-instance from "instance-type evpn" to "instance-type virtual-switch". As a result, the data traffic sent via these EVPN routes doesn't push vlan-id in the inner Ethernet Header. This might result in traffic getting discarded on the remote PE.

PR Number

Synopsis

Category: EVPN Layer-2 Forwarding

1535515

All the ARP reply packets towards to some address are flooded across the entire fabric
Product-Group=junos

In the EVPN-VXLAN scenario, if the spine has irb and the leaves don't have irb, and the leaves have multi-home interfaces, the ARP reply packets flooding across the entire fabric might be seen.

PR Number

Synopsis

Category: Sflow on qfx10k/ptx series PRs for defect & enhancement req

1521732

Output interface index in SFLOW packet is zero when transit traffic is observed on the IRB interface with VRRP enabled
Product-Group=junos

When VRRP is enabled on IRB interface and SFLOW is enabled on QFX10000 Series platforms, output interface Index in SFLOW packet will be zero for the traffic destined to VRRP MAC address.

PR Number

Synopsis

Category: IDP policy

1546542

IDP Policy load might fail post image upgrade for *x49 releases
Product-Group=junos

On all Junos platforms, the preserved compiled IDP bin file might not load into PFE after the device upgrade. Fields such as sec_intel/is_intel_inspect_enabled/time_interval in time-binding are looked for during policy load which are missing in attacks, x49 does not support these features and hence these fields will be missing in the compiled policy resulting in load failure.

PR Number

Synopsis

Category: ISIS routing protocol

1482983

The output of the "show isis interface detail" command might be incorrect if wide-metrics-only is enabled for IS-IS and the ASCII representation of the metric in decimal is more than 6 characters long
Product-Group=junos

If 'wide-metrics-only' is enabled for any IS-IS level and a metric configured on the IS-IS enabled interface for that level has ASCII representation in decimal more than 6 characters long, this interface's metric for that level will be merged with 'priority' field value in the output of 'show isis interface detail'.

PR Number

Synopsis

Category: Adresses NAT/NATLIB issues found in JSF

1532249

Need to improve the maximum eNode connections for one persistent NAT binding from 8 to 32.
Product-Group=junos

Improve the max ENODE connections for one persistent NAT binding from 8 to 32

PR Number

Synopsis

Category: Flow Module

1490878

The srxpfe may crash if perform a reboot or an upgrade
Product-Group=junosvae

On vSRX (not vSRX3.0) platforms, the srxpfe might crash if perform a reboot or an upgrade. It happens with a low probability.

PR Number

Synopsis

Category: JSR Infrastructure

1484872

JFlow/IPFix - tracking pr for fixing crash when sampling is more than 65535
Product-Group=junos

There was a crash when setting the sampling rate more than 65535, this is since fixed. set forwarding-options sampling instance s1 input rate 70000

PR Number

Synopsis

Category: all logging related bugs on srx platforms

1521794

On SRX Series devices with chassis clusters, high CPU usage might be seen due to the llmd process.
Product-Group=junos

On SRX Series devices with chassis cluster, high CPU usage might be seen due to the llmd process.

PR Number

Synopsis

Category: Firewall Policy

1544554

The flowd/srxpfe process might crash when SRX/NFX device running on Junos OS 18.2R1 or above where the unified policy feature is supported
Product-Group=junos

On SRX Series device running on Junos OS 18.2R1 or above, or NFX Series device running on NextGen Junos OS, the unified policy feature is supported, the flowd/srxpfe might crash.

1546120

Traffic might be dropped unexpectedly when the url-category match condition is used on a security policy
Product-Group=junos

An issue was discovered within Unified Policies that affected the url-category match condition that can cause it to "over-match" and apply to more traffic than it should. This can result in the SRX dropping traffic that would otherwise be permitted

PR Number

Synopsis

Category: IPSEC/IKE VPN

1488087

IPsec tunnel could flap when ESN is enabled
Product-Group=junos

On SRX5000 line of devices, with extended-sequence-number (ESN) configured, the IPsec tunnel might be re-established. This issue could be self-recovered, and traffic loss happens during IPsec tunnel flapping.

PR Number

Synopsis

Category: PFE infra to support jvision

1547698

SENSOR APP DWORD leak observed during the period of churn for routes bound to Sensor group
Product-Group=junos

SENSOR APP DWORD leak observed during the period of churn for routes bound to Sensor group. Sensor types that are affected are Segment Routing, Segment Routing-TE, LDP and RSVP LSPs.

PR Number

Synopsis

Category: Layer2 forwarding on EX/NTF/PTX/QFX

1534796

High rate of ARP or NS packets might be observed between a device that runs Junos OS and host when the device that runs Junos OS receives an ARP or NS packet on an interface in transition.
Product-Group=junos

On Junos device in EVPN scenario, if an interface is in transition status and an ARP request is received on the interface from a host, the Junos device may send out re-arp out towards the host, and the host responds to this re-arp and the Junos device sends another re-arp in response to this arp reply from host. This goes forever causing high rate of arp packets until the interface comes up. This issue is also applicable to ND/NS in IPv6 environment.

PR Number

Synopsis

Category: Label Distribution Protocol

1538124

The rpd process might crash when the LDP route with indirect next hop is deleted on the aggregated Ethernet interface.
Product-Group=junos

If the Label Distribution Protocol (LDP) route with indirect next-hop exists (e.g. LDP egress-policy is used to advertise BGP route into LDP), the rpd might crash when the LDP route is deleted from the AE interface.

PR Number

Synopsis

Category: lldp sw on MX platform

1538482

DUT did not receive the LLDP packet from phone.
Product-Group=junos

On EX4300 platforms, the LLDP (Link Layer Discovery Protocol) neighborship with the VoIP (Voice over Internet Protocol) phones can't be established when LLDP is configured on the PoE (Power over Ethernet) enabled port on EX4300 and connects to the VoIP Phone.

PR Number

Synopsis

Category: Multicast for L3VPNs

1546739

MVPN multicast route entry may not be properly updated with actual downstream interfaces list
Product-Group=junos

In multicast VPN RPT-SPT mode with both locally and remotely connected receivers, the multicast forwarding entry related to the actual downstream interfaces may not be properly updated. The issue may happen when multicast forwarding entry is created by locally connected PIM receiver, followed by remote receiver and after local receiver decides to prune its membership in that multicast group.

PR Number

Synopsis

Category: Fabric Manager for MX

1535787

All SFBs might get offlined due to fabric failure and fabric self-ping probes performs "disable-pfe" action
Product-Group=junos

Once yanking out the MPC without prior offline and the chassisd process is not able to process this event on the primary RE due to additional mastership switch, and later the MPC which pulled out the slot is re-inserted back, many Switch Fabric Board (SFB) might be offline due to max_total_cell_usage overflow condition on the xfchip. MX2020 Platform with SFB2 is not exposed to such event, neither if MX2020 has the disable-grant-bypass configured.

PR Number

Synopsis

Category: "ifstate" infrastructure

1484322

SNMP Index in PFE reports as 0, causing SFLOW to report either IIF or OIF (not both) as 0 in sflow record data at collector
Product-Group=junos

SNMP index on PFE is 0. This causes the SFLOW records to have either IIF(Input interface value) or OIF(Output interface value) as 0 value in sflow record data at collector.

PR Number

Synopsis

Category: OSPF routing protocol

1525870

The OSPFv3 adjacency should not be established when IPsec authentication is enabled.
Product-Group=junos

On EX4300 platforms, the OSPFv3 configured with IPsec authentication after device reboots, the OSPFv3 adjacency should not be established, while do the same configuration before device reboots, the adjacency should be established.

PR Number

Synopsis

Category: vMX Data Plane Issues

1544856

The riot forwarding daemon crash might be observed on vMX based platforms configured with IRB interface
Product-Group=junos

On vMX based platforms enabled with IRB interface, the riot forwarding daemon crash might be observed which could lead to traffic loss.

PR Number

Synopsis

Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI

1507044

The archival function might fail in certain conditions.
Product-Group=junos

If the archival function is enabled with the statement "routing-instance" and transfer mode is set as SFTP/SCP for archive-sites, it may not work and fail to transfer the files.

PR Number

Synopsis

Category: Interface related issues. Port up/down, stats, CMLC , serdes

1538340

Interfaces are not created after channel-speed 10g is applied across ports 48 to 53 on QFX5100-48T
Product-Group=junos

After channelizing port 48 through 53 and channel speed, the interfaces are down on QFX5100-48T platform. This issue causes interfaces are deleted and traffic might be dropped.

PR Number

Synopsis

Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)

1508611

The fxpc may crash and restart with a fxpc core file created while installing image through ZTP
Product-Group=junos

On QFX5100/EX4600 Series platforms, the fxpc may crash sometimes while installing an image through ZTP.

1520956

QFX5100: cprod timeout triggers high CPU (100%)
Product-Group=junos

In QFX5100, you might get into a high CPU (CPU running at 100%) situation when a "cprod" command timed out.

PR Number

Synopsis

Category: QFX L3 data-plane/forwarding

1484440

IRB MAC will not be programmed in hardware when MAC persistence timer expires
Product-Group=junos

On QFX5XXX/EX46XX virtual chassis platforms with GRES, if an IRB interface is configured with members across primary and backup REs, and when mac-persistence-timer expires, the new MAC address of the IRB interface might not be programmed in hardware, which might result in failure on protocols and traffic.

1512712

Display issue, Virtual Chassis environment, Configured num-65-127-prefix value is shown incorrect for the command O/P "show chassis forwarding-options"
Product-Group=junosvae

Display issue, In a Virtual Chassis environment, Configured num-65-127-prefix value is shown incorrect for the command O/P "show chassis forwarding-options" for the FPC which is not local (Backup and line card members of the VC)

PR Number

Synopsis

Category: QFX EVPN / VxLAN

1510794

Multicast traffic loss is observed due to few multicast routes missing in the spine node
Product-Group=junos

In an EVPN-VXLAN scenario with scaled snooping configuration(for example, 100 vlan's with snooping enabled), traffic drops might be observed for multicast groups in few vlan's when "clear bgp sessions" is performed on all Spine devices.

PR Number

Synopsis

Category: RPD Next-hop issues including indirect, CNH, and MCNH

1534455

Some routes might get incorrectly programmed in the forwarding table in the kernel which is no longer present in rpd
Product-Group=junos

In a scaled routes scenario, if there is any route change operation when the system is under memory pressure, the rpd might change a route entry but the same is not conveyed to the kernel. This causes a mismatch between routes in rpd and kernel leading to traffic blackhole for the mismatched route entries that are incorrectly programmed in the kernel.

PR Number

Synopsis

Category: RPD policy options

1523891

The policy configuration might be mismatched between rpd and mgd when "deactivate policy-options prefix-list" is involved in configuration sequence
Product-Group=junos

If "deactivate policy-options prefix-list" is involved in configuration sequence along with other policy configurations, the mgd process might not notify the rpd process about the policy configuration changes after committing the configuration. This can cause the policy configuration to be out-of-synchronization between policy database used by rpd and configuration database used by mgd. Due to the missing policy entries in policy database, later the rpd might crash when accessing these entries via CLI command like "show policy".

PR Number

Synopsis

Category: jflow/monitoring services

1517646

The srrd process might crash in a high route churns scenario or if the process flaps.
Product-Group=junos

On all Junos OS platforms with inline Jflow enabled, the sampled route reflector process (srrd) might crash in a scenario where there are high route churns or flaps in the system. This is a rare timing issue and because of the crash, the Jflow export might report older route information for sometime.

PR Number

Synopsis

Category: IPSEC functionality on M/MX/T ser

1540538

Services process mspmand leaks memory in relation to MX telemetry, reporting RLIMIT_DATA exceed.
Product-Group=junos

On MX platforms with MS-MPC/MS-MIC service card installed, the card might run out of memory due to process mspmand memory leak, which may cause traffic interruption if adding and/or deleting of telemetry sensor. This is because these operations will trigger the memory allocation for decoding configuration change messages and will not release the memory at the end of processing.

1544794

The mspmand core might be observed on activating/deactivating the interface
Product-Group=junos

On MX480 platforms with MS-MPC service card installed, the Multiservices PIC manager daemon((mspmand) might get crashed on activating/deactivating the interface aggressively, causing the restart of the service PIC and traffic interruption.

PR Number

Synopsis

Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)

1482400

The vmcore process crashes sometimes along with the mspmand process on MS-MPC/MS-MIC if large-scale traffic flows are processed
Product-Group=junos

With NAT/Stateful-firewall/TCP tickle (enable by default) configured on MS-MPC/MS-MIC, the vmcore crash sometimes along with mspmand crash might happen if large-scale traffic flows (e.g. million flows) are processed by it.

PR Number

Synopsis

Category: MX10003 Platform SW - Platform s/w defects

1531190

PEM 0 always shows as Absent/Empty even if PEM 0 is present on MX10003
Product-Group=junosvae

PEM 0 always shows as Absent/Empty even if PEM 0 is present on MX10003

PR Number

Synopsis

Category: MX10003/MX204 SW - UI specific defects

1529028

The speed command cannot be configured under the interface hierarchy on an extended port when MX204 or MX10003 router works as an aggregation device.
Product-Group=junos

Due to the restriction added via PR 1389918 (fixed in 17.4R3 18.2R2 18.3R2 18.4R1 19.1R1), it is unable to configure the speed knob under interface hierarchy on extended port when MX204 or MX10003 works as aggregation device (AD) in Junos Fusion Provider Edge (JFPE) setup.

PR Number

Synopsis

Category: ZT/YT PFE l3 forwarding

1529475

The multicast traffic might be dropped due to hash mismatch when there are AE and ECMP links involved in multicast tree
Product-Group=junos

On MX platforms with MPC10 or MPC11 line cards, the multicast traffic over an AE or ECMP interface may be dropped because the hash calculation on the egress line card could be different than on the ingress line card. This could happen if the encapsulation on the egress interface changes a field in the packet that is used in the hash calculation.

PR Number

Synopsis

Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch

1529602

In the subscriber management environment, the RADIUS interim accounting records does not get populated with the subscriber statistics.
Product-Group=junos

In the subscriber management environment, RADIUS interim accounting records are not populated with the subscriber statistics after a system reboot. In this case, the MAC of the routing engine is not learned by the nextgen-stats manager on the PFE.

1539474

The accounting interim-updates for subscriber does not work after GRES and subsequent reboot of FPCs in the node-slicing setup.
Product-Group=junos

On MX with MPC5 and newer card installed, if node slicing and subscriber service are enabled, the radius accounting interim updates may not carry actual statistics after performing GRES of base system (BSYS) and subsequent reboot of FPCs.

PR Number

Synopsis

Category: Trio pfe qos software

1525188

Flow programming issue for lt- interface in the PFE level
Product-Group=junos

On the MX150/VMX platforms, flow programming issue for the logical tunnel interface is seen in the PFE level. The internal schedulers attached to the logical tunnel interfaces are wrong.

PR Number

Synopsis

Category: Trio pfe bridging, learning, stp, oam, irb software

1506861

The MEP session on the aggregated Ethernet interface might not come up if OAM runs with PPM mode by default.
Product-Group=junos

On MX platform running with enhance IP mode or enhanced ethernet mode, also, Operation, Administration and Maintenance (OAM) is enabled with Periodic Packet Management (PPM) mode by default, maintenance association end point (MEP) session might be failed to create. In the end, network connection failure might not be efficiently monitored. This is functional impact.

1533857

FPC crash might be observed when the ASIC's NH memory exhausted in the EVPN-MPLS scenario
Product-Group=junos

On all MX/EX92xx platforms with EVPN-MPLS configured, NH (Next-Hop) memory leak in Trio ASIC happens whenever there is a route churn for remote MAC-IP entries learned bound to the IRB interface in EVPN-MPLS routing-instance. When the ASIC's NH memory partition exhausted (free% NH memory is close to 20% or below), which will result in the line card to reboot.

1542211

Trio-based FPC might crash when the underlying layer 2 interface for ARP over IRB interface is changed from physical interface to LSI interface
Product-Group=junos

This issue applies to a Trio-based FPC using the integrated routing and bridging (IRB) interface with a VPLS instance using the label-switched interface (LSI) to provide VPLS functionality. The FPC may restart unexpectedly. The restart is triggered when the underlying layer-2 interface for ARP over IRB interface changes from the physical interface to the LSI interface.

PR Number

Synopsis

Category: Issues related to port-mirroring functionality on JUNOS

1542500

Port mirroring with maximum-packet-length configuration does not work over GRE interface
Product-Group=junos

Port mirroring with maximum-packet-length configuration does not work over GRE interface on MX204. While constructing GRE header, the clipping aspect of inner packet was not accounted earlier. If the inner packet is truncated, the outer GRE header packet size must use the new size (clipped size) to calculate the total length of outer header.

PR Number

Synopsis

Category: Antivirus UTM issue

1557278

Stream buffer memory leak might happen when UTM(AV/AS/CF) is configured under unified policies
Product-Group=junos

On all Junos platforms that support unified policies (layer 7 application), stream buffer memory leak might happen when Unified Threat Management (UTM) Antivirus Protection (AV)/ Antispam Filtering (AS)/Content Filtering (CF) is configured under unified policies. If the stream buffer memory is exhausted, traffic related to UTM will be affected.

PR Number

Synopsis

Category: Virtual Router Redundancy Protocol

1526851

When SRX receives proxy ARP request on VRRP interface, SRX sends ARP reply with underlying interface MAC address
Product-Group=junos

On SRX Series devices with VRRP scenario, the proxy ARP reply uses interface MAC address instead of VRRP MAC address if the VRRP is configured on some IFL and the proxy-arp is configured on same IFL, traffic loss may occur.

1546635

After VRRP failover VRRP backup router will keep receiving traffic for about 2 minutes
Product-Group=junos

In one scenario when there are three VRRP routers(VRRP priority: R1>R2>R3), with vrrp-inherit-from enabled, the VRRP backup router will keep receiving traffic for about 2 minutes after VRRP failover which will cause traffic drop.

PR Number

Synopsis

Category: VSRX platform software

1524243

The control link might be broken when there is excessive traffic load on the control link in vSRX cluster deployment.
Product-Group=junosvae

In the vSRX2.0 cluster running on KVM, when there is excessive traffic load on the control link (em0 link), the error message kernel: em0: watchdog timeout on queue 0 might be shown in the syslog. This interruption might cause the cluster control link to fail and dynamic routing protocols not to work properly.

 



19.4R3-S1 - List of Known issues

PR Number

Synopsis

Category: Marvell based EX PFE MISC

1232403

HSRPv2 IPV6 packets might get dropped if IGMP-snooping is enabled.
Product-Group=junos

On EX Series switches except EX4300/EX4600/EX9200, an interface is configured for single vlan or multiple vlans, if all these vlans of this interface have igmp-snooping enabled, then this interface will drop HSRPv2 (Hot Standby Router Protocol for IPv6) packets. But if some vlans do not have igmp-snooping enabled, then this interface is working fine.

PR Number

Synopsis

Category: EX2300/3400 PFE

1543181

Slaac-Snoopd child process core is observed upon Multiple Switchovers on RE
Product-Group=junos

Slaac-Snoopd core in the child process of slaac-snoopd daemon is seen when Old Primary transition to Primary happens again. It means when RE has undergone 2 switchovers starting from Mastership role and again regaining the Mastership role after second switchover, slaac-snoopd core in the child process of slaac-snoopd daemon is observed. However it was observed that the core has no impact on base functionality of slaac-snoopd daemon.

PR Number

Synopsis

Category: NFX Layer 2 Features Software

1517995

vSRX VM Cluster: IPC disconnect could be seen on JCP if the CPU0 gets hogged.
Product-Group=junos

This issue is applicable to vSRX VM cluster running on NFX250. The "dcpfe" process may consumes higher CPU cycles while flushing the stale/aged mac entries from the mac-to-interface ethernet-switching table. This can cause IPC connections to be disconnected on a JCP.

PR Number

Synopsis

Category: QFX VC/VCF NSSU

1496765

QFX 5100 VC/VCF : NSSU from older Junos release with Broadcom SDK 6.3.x to new Junos release with Broadcom SDK 6.5.x may not work
Product-Group=junos

On QFX5100, NSSU from older Junos release with Broadcom SDK 6.3.x to new Junos release with Broadcom SDK 6.5.x may not work. As a workaround normal upgrade from older release to new release can be done.

PR Number

Synopsis

Category: QFX ISSUE PFE related

1511607

QFX5200-32C : Reboot time is degraded from 205 seconds in Junos 20.2R1 to 260 seconds in Junos 20.3
Product-Group=junos

The reboot time of QFX5200-32C platforms increases from 205 seconds with Junos 20.2R1 to 269 seconds in Junos 20.3R1

PR Number

Synopsis

Category: QFX L3 data-plane/forwarding

1508133

Traffic loss occurs in the BGP streams while triggering GRES and reboot with the base configuration.
Product-Group=junos

On QFX5100-VC, traffic loss is observed in BGP streams while doing the triggers GRES & Reboot with base configurations.

PR Number

Synopsis

Category: CoS support on ACX

1531413

The show class-of-service routing-instance does not show the configured classifier.
Product-Group=junos

This classifier display got blocked due to PR 1353828, where they are blocking the classifier display function as ACX supports only IFD based classification. With fix of PR1531413, it made an exception to IFL lsi interface attached to layer 3 vpn routing-instances

PR Number

Synopsis

Category: ACX L2 related features

1263012

Transit ARP packets are being punted to the RE
Product-Group=junos

ACX device is getting transit ARP traffic coming from IFL's that are part of a bridge-domain or l2-circuit punted to the RE. Internal coded queues are supporting a maximum of 200 pps in the (ARP + ICMPv6) queue. When hitting limits in this internal queue, other protocols that depend on ARP resolution can be affected and eventually flap. In software versions which include the fix of this PR , a new internal design will allow 200 + 200 pps in the internal ARP and ICMPv6 queues, and will avoid other protocols to flap.

PR Number

Synopsis

Category: MX Layer 2 Forwarding Module

1529706

The l2ald might crash when device configuration flaps frequently
Product-Group=junos

When device configuration get deleted and added (configuration change from 'baseline-configuration' to 'user configuration' and rollback) through automated scripts, it sometimes causes data corruption and which results in l2-learning daemon crash.

1546631

MAC learning issue might happen when EVPN-VXLAN is enabled
Product-Group=junos

On MX platform, with Ethernet VPN and Virtual Extensible LANs (EVPN-VXLAN) implemented, Address Resolution Protocol (ARP) requests received on VXLAN tunnel endpoint (VTEP) might not forward to customer edge (CE) side or Proxy ARP role on VTEP might not work properly. This issue could happen when knob 'no-arp-suppression' is disabled under EVPN instance combined with static VXLAN implementation. Please refer to workaround provided when this issue hit.

PR Number

Synopsis

Category: Bi Directional Forwarding Detection (BFD)

1453705

On the MX2010 Series routers, the BFD session on the IS-IS step up flaps during the ISSU - FRU upgrade stage.
Product-Group=junos

Bfd session flaps during ISSU only in mpc7e card(Bfd sessions from other cards of DUT to peer routers did not flap during ISSU). Issue is not seen frequently.

1474521

The BFD session may get stuck in the init or down state after BFD session flap
Product-Group=junos

On all Junos platforms, a BFD session configured with authentication may get stuck in init or down state after BFD session flap. This issue happens due to internal software logic error.

1516556

The remaining BFD sessions of the aggregated Ethernet interface flap continuously if one of the BFD sessions is deleted.
Product-Group=junos

On QFX10k platforms, if multiple sub-interfaces of the same AE (Aggregated Ethernet) interface are belonged to different routing instances, and these sub-interfaces are configured with the same IP address and configured with separate BFD (Bidirectional Forwarding Detection) sessions, the remaining BFD sessions will flap continuously if one of these BFD sessions is deleted.

1518106

The BFD sessions might flap continuously after disruptive switchover followed by GRES.
Product-Group=junos

Disruptive switchover (no GRES or NSR configured) can lead to stale PPM (Periodic Packet Management) entries programmed on the new master RE, if both GRES and NSR are activated after disruptive switchover and then a GRES switchover is performed, BFD sessions might flap continuously.

1546566

[CMVTS] [bfd] [traffic_drop] After interface flap multiple times few bfd sessions fail to come tup and getting struck in init state
Product-Group=junos


 After interface flap multiple times few bfd sessions fail to come tup and getting struck in init state

PR Number

Synopsis

Category: Border Gateway Protocol

1531299

Traffic drop on routes learned via BGP, after enabling BGP graceful-restart and restarting RPD
Product-Group=junos

On QFX5100, traffic drop may be seen on routes learned via BGP, after enabling graceful-restart [delete protocols bgp group ibgp1 graceful-restart disable] and restarting the rpd [restart routing gracefully]

1538956

[bgp] [VMX Regressions: After move peer out of protection group, path protection not removed from the PE router -- Multipath route still present]
Product-Group=junos

After move peer out of protection group, path protection not removed from the PE router -- Multipath route still present

1554569

BGP neighbor shutdown configuration does not take effect on non-established peer
Product-Group=junos

BGP neighbor shutdown configuration "set protocols bgp group <*> neighbor xx.xx.xx.xx shutdown" does not take effect on non-established peer.

PR Number

Synopsis

Category: BGP Openconfig and Sensor

1505425

The rpd process might crash in case of a network churn when the telemetry streaming is in progress.
Product-Group=junos

On all Junos OS platforms with the Juniper Telemetry Interface configured, the rpd might crash when there is telemetry streaming is in progress and meanwhile there is a network churn. This is a timing issue, and the rpd recovers automatically.

PR Number

Synopsis

Category: BBE Remote Access Server

1437042

Subscriber deactivation might get stuck in the terminated state.
Product-Group=junos

In a subscriber scenario when subscriber deactivation is done by CoA-request (Change of Authorization request), it might get stuck in terminated state. Since radius CoA requests are very sensitive to response timing, it would retry request and might misinterpret long response delay as failure.

PR Number

Synopsis

Category: Virtual-chassis platform/chassisd infrastructure PRs for MX

1552588

Another VCP port is wrongly shut down in a VC environment
Product-Group=junos

On MX/EX/QFX platforms with Virtual Chassis (VC) scenario, some interfaces might be shutdown unexpectedly, which might cause traffic to be interrupted if there is an error generated on an FPC. The reason is that after an ASIC error, the IFD down messages is not sent to the local chassis primary where the error was reported, instead, it will be sent to the primary of the Virtual Chassis, so that another interface with the same Slot/PIC/Port number will be shutdown as well.

PR Number

Synopsis

Category: MX Platform SW - UI management

1537194

The chassisd memory leak may cause traffic loss
Product-Group=junos

On MX/PTX platforms with 18.1 or higher release, chassisd memory leak may be caused by configuration commit. When chassisd consumes ~3.4GB of memory it may crash, chassisd crash may cause GRES or/and FPC restart. If GRES is enabled, commits are being synchronized between REs, so backup RE chassisd may suffer from memory leak too.

PR Number

Synopsis

Category: Device Configuration Daemon

1221993

Identical IP address could be configured on different IFLs from different IFDs in the same routing instance
Product-Group=junos

The same IP address could be configured on different logical interfaces (IFLs) from different physical interfaces (IFDs) in the same routing instance (including primary routing instance), but only one logical interface was assigned with the identical address after commit. There was no warning during the commit, only syslog messages indicating the incorrect configuration.

1544257

Subscribers might logout then login after loopback address is changed
Product-Group=junos

On MX platform, under subscriber environment and unnumbered IP address borrowed from the loopback interface configured on Demux interface and Aggregated Ethernet (AE) interface, subscriber session might flap if IP address of the loopback interface IP is changed. Please refer to workaround provided when this issue hit.

PR Number

Synopsis

Category: Layer 3 forwarding, both v4+v6

1495563

PFE_ERROR_FAIL_OPERATION: Failed to install in h/w, LOG: Err] dnx_nh_unilist_install: BCM L3 Egress create object failed for:Unilist nh 2097369 (0:Ok) nh 0
Product-Group=junos

During PFE initialization the unicast NH which are part of the unilist are miss programmed. In that condition if core link flap happens the error messages are observed as ASIC will not find the relevant unicast NH in the hardware as part of unilist.

1547713

The ACX5448 router as transit for BGP labeled unicast drops traffic.
Product-Group=junos

ACX5448 as transit for BGP Labeled unicast drops traffic.

PR Number

Synopsis

Category: DNX VPLS

1532995

Memory leak is observed in the Local OutLif in the VPLS and CCC topology.
Product-Group=junos

In a VPLS/CCC topology with core link protection when one of the core link flaps or the remote CE flaps "Local OutLif" leak happens. Local OutLif Total entries: 196608 Used entries: 33335 Lowest entry: 0(0x0) /*Initially when vpls is up */ Local OutLif Total entries: 196608 Used entries: 33303 Lowest entry: 0(0x0) /*When VPLS is down*/ Local OutLif Total entries: 196608 Used entries: 33337 Lowest entry: 0(0x0) /*When VPLS is up again*/

PR Number

Synopsis

Category: JUNOS Dynamic Profile Configuration Infrastructure

1526934

Family IPv6 is not coming up for L2TP subscriber when additional attributes are not passed in the Framed-IPv6-Route VSA.
Product-Group=junos

In DHCP/PPP Subscriber scenario with IPv6 dynamic-profile configured, all the additional attributes (route prefix, next-hop, metric, preference, tag) for IPv6 access route must be fully specified in dynamic-profile and passed via RADIUS server, otherwise family inet6 might not come up.

PR Number

Synopsis

Category: EVPN control plane issues

1534021

Route table shows additional paths for the same EVPN/VXLAN type 5 destination after upgrade from 18.4R2-S3 to 19.4R1-S2
Product-Group=junos

When upgraded from 18.4R2-S3 to 19.4R1-S2, EVPN/VXLAN type 5 routes show additional paths to the same destination. The beahvior does not impact traffic.

PR Number

Synopsis

Category: Express PFE Services including JTI, TOE, HostPath, Jflow

1543845

PVL: PTX10008: LC1105: Inline jflow records are not getting exported correctly to the collector
Product-Group=junos

Jflow feature is being claimed for LC1105 from 19.4R1-S1. Jflow for LC1105 should not be configured in 19.4R3

PR Number

Synopsis

Category: idp flow creation, deletion,notification, session mgr intfce

1521682

The flowd/srxpfe process core file might be seen during the idpd process commit on SRX devices
Product-Group=junos

On all SRX platforms, there is chance of core dump on PFE, if "delete security idp" command is issued from CLI while already an idpd process commit is in progress. The core might be produced due to memory corruption on the PFE. There is no check for IDPD status (Ready or Commit) while unloading running policy on issuing "delete security idp". This leads to out of sync message processing on PFE when already a commit is in progress and "delete security idp" is issued. This is a rare issue.

PR Number

Synopsis

Category: jl2tpd daemon

1541271

All the unreachable destinations are not put in the Locked out state post GRES.
Product-Group=junos

When GRES switchover is performed, L2tp Tunnels which are being destroyed (i.e. there are no active sessions in it) are not recovered. When there is abnormal termination of Tunnel - conditions such as Tunnel Timeout or bad packet such tunnels are added to Lockout State with timer running. During this time, if GRES occurs, such tunnels are recovered post GRES and added back to Lockout State. The current issue tracked by this PR is that such tunnels are not recovered post GRES.

PR Number

Synopsis

Category: Adresses ALG issues found in JSF

1535356

The SCCP ALG does not work on SRX Series devices running with Junos OS Release 17.3R1 and onward
Product-Group=junos

On SRX Series devices running with Junos OS Release 17.3R1 and onward, the Skinny Client Control Protocol (SCCP) ALG does not work, which results in SCCP calls failure.

PR Number

Synopsis

Category: Flow Module

1528898

A chassis cluster node might stop passing traffic.
Product-Group=junos

On SRX platforms, a node of chassis cluster might stop passing traffic. The traffic forwarding can be restored by a manual failover to Node1.

1541954

The rst-invalidate-session configuration does not work if configured together with no-sequence-check.
Product-Group=junos

On SRX Series platforms, the "rst-invalidate-session" does not work if configured together with no-sequence-check. It might result in a TCP connection unestablished.

PR Number

Synopsis

Category: Firewall Policy

1454907

Traffic might be dropped when policies are changed in SRX Series devices
Product-Group=junos

If a huge number of policies are configured on SRX Series devices and some policies are changed, the traffic that matches the changed policies might be dropped.

1558382

On SRX5K platforms, the secondary node might get stuck in performing ColdSync after a reboot, upgrade or if ISSU is performed
Product-Group=junos

On SRX5K platforms, the secondary node might get stuck in performing ColdSync after a reboot. The following situation is observed on the SRX: > show chassis cluster information detail coldsync . Progress: CS Prereq 2 of 2 SPUs completed 1. if_state sync 2 SPUs completed <<<<<< Stuck here 2. fabric link 0 SPUs completed 3. policy data sync 0 SPUs completed 4. cp ready 0 SPUs completed 5. VPN data sync 0 SPUs completed 6. IPID data sync 0 SPUs completed 7. All SPU ready 0 SPUs completed 8. AppID ready 0 SPUs completed 9. Tunnel Sess ready 0 SPUs completed CS RTO sync 0 of 2 SPUs completed CS Postreq 0 of 2 SPUs completed If it gets stuck here for more than 30 minutes, try to recover using this command: > request security policies resync

PR Number

Synopsis

Category: IPSEC/IKE VPN

1522017

The traffic might be dropped when IPSec VPN with NAT-T enabled
Product-Group=junos

On SRX platforms, when IPSec VPN is configured with NAT-T enabled and VPN tunnel is established between two peers, if traffic is received from peer during VPN rekey, the traffic might be dropped in the VPN tunnel.

PR Number

Synopsis

Category: Layer 2 Control Module

1532992

[xstp] [xstptag] :: EX4300:: PDT :: Complete traffic drop seen on configuring MSTP edge port over access and QinQ ports
Product-Group=junos

In a qinq configuration xSTP should not be enabled on interface having ifls with vlan-id-list configured. If xSTP is enabled on such interface, it will only run on ifl whose vlan-id range includes native-vlan-id configured and all other ifls of this interface will in discarding state. So, user should not enable xSTP on these kind of interfaces. Sample configuration which is not allowed: set interfaces ge-0/0/1 flexible-vlan-tagging set interfaces ge-0/0/1 native-vlan-id 3000 set interfaces ge-0/0/1 encapsulation extended-vlan-bridge set interfaces ge-0/0/1 unit 2000 vlan-id-list 1-200 set interfaces ge-0/0/1 unit 2000 input-vlan-map push set interfaces ge-0/0/1 unit 2000 output-vlan-map pop set vlans csvlan1 interface ge-0/0/1.2000 set protocols mstp interface ge-0/0/1

1545310

JDI_REGRESSION:PLATFORM_PFE:SWITCHING[B54]:L2CPD:l2cpd core is seen on EX9204 AD/SD setup with traces rpc_proto_start_packet (packet_ptr=0x1050865, packet_type=9), 0x086be323 in ppm_proto_build_program_send (packet=< optimized out>, 0x0886d56b in ppmlite_build_program_send_rpc (proto_conn=< optimized out>, packet=0x1050865, xmit_entry=0xa59f8e0)
Product-Group=junos

In Junos Fusion l2cpd core might be seen upon deactivating/activating chassis satellite-management multiple times.

PR Number

Synopsis

Category: PRs for Lazurite Platform and Interface

1538514

[mgdtag] [mgdtag] Scapa : [lazurite]: After config "global system name-server" config commit should fail but commit is succeeds.
Product-Group=junos


After config "global system name-server" config commit should fail but commit is succeeds.

PR Number

Synopsis

Category: Multicast Routing

1555518

It might fail in sending multicast traffic to downstream receiver on Trio based VC platforms
Product-Group=junos

On Trio based Virtual Chassis (VC) platform, when there are multicast tunneled packets being received, which come into the Virtual Chassis Ports (VCP) and then pop out of the tunnel, if the VCP ports and the interfaces where multicast packets enter/leave the router are located on the same Packet Forwarding Engine (PFE), it might fail in sending multicast traffic to downstream receiver due to this issue.

PR Number

Synopsis

Category: Multicast for L3VPNs

1536903

MVPN: PIM (S,G) join state may stay forever when there are no MC receivers and source is inactive
Product-Group=junos

The problem can be seen in MVPN ASM scenario on a PE which has local MC source and receivers and RP is remote. If all receivers stop joining the group and MC source stops transmitting, corresponding PIM (S,G) state may remain indefinitely despite that. Due to the problem a router will maintain extra PIM state. Service is not impacted.

PR Number

Synopsis

Category: Fabric Manager for MX

1482124

Fabric healing logic incorrectly makes all MPC line cards go offline in the MX2000 router while the hardware fault is located on one specific MPC line card slot.
Product-Group=junos

In specific MPC hardware failure conditions within the MX2K platform, fabric healing will attempt to auto-heal the fault location in 3 phases to prevent traffic blackholing. If under such fault conditions only destination timeouts are reported without corresponding link errors, the fabric healing process might restart all MPCs in phase-2 in an auto-healing attempt and if the error condition appears again within 10 minutes the last phase-2 might offline all MPCs in the system.

PR Number

Synopsis

Category: Kernel Stats Infrastructure

1482379

Junos OS: Memory leak leads to kernel crash (vmcore) due to SNMP polling (CVE-2020-1683)
Product-Group=junos

On Juniper Networks Junos OS devices, a specific SNMP OID poll causes a memory leak which over time leads to a kernel crash (vmcore). Refer to https://kb.juniper.net/JSA11080 for more information.

PR Number

Synopsis

Category: PE based L3 software

1550632

The Neighbor Solicitation might be dropped from the peer device
Product-Group=junos

The Neighbor Solicitation (NS) might be dropped after the IPv6 binding is flushed from the peer side. The ping to IPv6 peer fails due to the NS message not reach RE. Since ping doesn?t work between the connected interface, any kind of traffic sent towards QFX might also not work. It has a traffic impact.

PR Number

Synopsis

Category: Protocol Independant Multicast

1500125

Some PIM Join/Prune packets may not be processed from the first attempt in scale scenario under MVPN scenario
Product-Group=junos

On all Junos platforms with MVPN scenario, some PIM Join/Prune messages may not be processed from the first attempt. For a scale pure MVPN setup, this defect might be seen when in a very short period of time dedicated PIM router receives more than 2500 PIM Hello packets from the new neighbors followed by PIM Join packets for the same multicast group. For a scale BNG (Broadband Network Gateway) MVPN setup, this defect might be seen when 4,000 subscribers send PIM joins for three groups and the messages are sent in very close succession. Normally, PIM messages are sent every 60 seconds by the host. Hence, in that case, the issue will be self resolved.

PR Number

Synopsis

Category: PPPoE functional plugin for bbe-smgd

1550227

NG-RE Graceful Routing Engine Switchover Fails When Static PPPoE is Configured over Aggregated Ethernet Interface
Product-Group=junos

In Junos Subscriber Management scenario, when MX system is installed with dual Next-Gen Routing Engine and if the system is configured with static PPPoE ifl over Aggregated Ethernet Interface, during a GRES (Graceful Routing Engine Switchover) condition, the backup Routing Engine may fail to take over new Mastership role from the former primary Routing Engine and may result system outage.

PR Number

Synopsis

Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI

1481143

Chassisd cores might happen on backup RE after commit on QFX10Ks due to CHASSISD_MAIN_THREAD_STALLED for 200 seconds
Product-Group=junos

Chassisd cores might happen on the backup RE after commit on QFX10K8/16s due to CHASSISD_MAIN_THREAD_STALLED for 200 seconds.

PR Number

Synopsis

Category: QFX VC Infrastructure

1544353

QFX5100-VC :: Traffic loss is seen as some interfaces are down after swapping primary and backup in a VCF
Product-Group=junos

On QFX5k platforms, in VC setup, if primary and backup routing engine members are swapped by swapping serial numbers of members then, auto channelization may fail for ports of linecard members, leaving the ports in down state.

PR Number

Synopsis

Category: RPD route tables, resolver, routing instances, static routes

1555187

The changes do not get effective when the values are set under static default hierarchy
Product-Group=junos

The static default (like preference, metric, tag, etc.) values do not get effective after commit when the values are set under static default hierarchy.

PR Number

Synopsis

Category: Resource Reservation Protocol

1542774

[/technology/rpd/] [rpdtag] MX240 :: RPT_RPD_Regressions : Expected number of RSVP sessions are not up with no cspf in inter area
Product-Group=junos

Expected number of RSVP sessions are not up with no cspf in inter area.

1555774

"setup-protection" doesn't work.
Product-Group=junos

Even if "setup-protection" is set a router it doesn't work properly. New adding LSP will not be up after link-protection happen.

PR Number

Synopsis

Category: SW PRs for SCBE3 fabric

1553641

Fabric errors are seen and FPCs might get offline with SCBE3, MPC3E-NG/MPC3E and MPC7/MPC10 in increased-bandwidth fabric mode
Product-Group=junos

On MX240/MX480/MX960 platforms, with SCBE3, MPC2E-NG, MPC3E-NG, MPC3E, with the default "increased-bandwidth" fabric mode. You may see fabric errors and traffic loss might be seen. The fabric error initiates fabric hardening actions which eventually offlining one or more FPCs.

PR Number

Synopsis

Category: SRX Argon module bugs

1533862

19.4R3 : SRX4600 (SnP): SKYATP : Observing 16.7 % performance drop with SKYATP_stream throughput in the latest 19.4R3.2 build.
Product-Group=junos

With JDPI service enabled for protocol context propagation, throughput drop is observed.

PR Number

Synopsis

Category: platform related PRs on SRX branch platforms

1504986

Layer 2 ping is not working with remote MEP.
Product-Group=junos

For sake of there is length judgement for Mbuf structure, so L2 ping frame fails to transmit on some branches.

PR Number

Synopsis

Category: Trio pfe bridging, learning, stp, oam, irb software

1516418

VPLS connection might be stuck in the primary fail status when a dynamic profile is used on the VPLS pseudowire logical interface.
Product-Group=junos

On all Trinity platforms with network service enhanced mode (enhanced-ip/enhanced-ethernet) configured, when a dynamic profile is using on VPLS pseudowire IFL (LSI/VT) and a firewall policer is enabled for pseudowire IFL via the dynamic profile, VPLS connection might be stuck in primary fail (PF) status due to a PFE fabric table corruption, all traffic go through L2 connection over VPLS could be dropped.

PR Number

Synopsis

Category: UI Infrastructure - mgd, DAX API, DDL/ODL

1558808

outbound-ssh routing-instance shown as unsupported
Product-Group=junos

The outbound-ssh service has routing-instance configuration option, but it is hidden. If it is configured manually, it is shown as unsupported for the platform.

PR Number

Synopsis

Category: PRs related to PICd and associated lib WAN side PI code.

1501314

PICD_OPTICS_READ_ERROR and PICD_OPTICS_WRITE_ERROR flooding in logs
Product-Group=junos

This error can be seen when there's a faulty optic or MIC

PR Number

Synopsis

Category: V44 Aggregation Device Platforms

1435964

Junos fusion / EX4300 SD / Low RX power seen on SD
Product-Group=junos

On Juniper Fusion on SNOS devices running older JUNOS there is no support to read rx power values considering internal calibration. Hence low rx power values are read. This is resolved in the future releases where in the support for this feature is introduced. This is addressed through SNOS 3.5R4 and 3.2R4

PR Number

Synopsis

Category: VMHOST platforms software

1524791

BGP neighbor flaps during primary NG-RE reboot, although GRES/NSR is enabled
Product-Group=junos

On MX platforms with GRES/NSR is enabled, BGP neighbor flaps during primary NG-RE reboot. GRES/NSR works with RE switchover "request chassis routing-engine primary switch" CLI, but is not supported in the case of RE reboot. Reboot command is being treated as connection close requested to TCP. TCP is sending FIN to the peer, hence TCP based BGP sessions get flapped. This is a product limitation.

PR Number

Synopsis

Category: VNID L2-forwarding on Trio

1517591

no-arp-suppression is required for MAC learning across the EVPN domain on the static VTEP.
Product-Group=junos

O On MX Series platform, with Ethernet VPN and Virtual Extensible LANs (EVPN-VXLAN) implemented, the Address Resolution Protocol (ARP) requests received on VXLAN tunnel endpoint (VTEP) might not forward to customer edge (CE) side or proxy ARP role on VTEP might not work properly. This issue might occur when the 'no-arp-suppression' configuration statement is disabled under EVPN instance combined with static VXLAN implementation. Please refer to the workaround provided when this issue hit.

 


Modification History:
First publication 2020-12-17
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search