Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

19.4R3-S1: Software Release Notification for JUNOS Software Version 19.4R3-S1

0

0

Article ID: TSB17938 TECHNICAL_BULLETINS Last Updated: 01 Feb 2021Version: 3.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 19.4R3-S1 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 19.4R3-S1 is now available.

19.4R3-S1 - List of Fixed issues
PR Number Synopsis Category: EX4300 PFE
1538401 LLDP neighborship might not come up on EX4300 non-aggregated Ethernet interfaces.
Product-Group=junos
On EX4300 platform, LLDP might not work on non-AE (Aggregated Ethernet) interfaces. However, it works fine for AE interfaces.
1548858 The targeted-broadcast feature may not work after a reboot
Product-Group=junos
On EX4300 Series platforms, the targeted-broadcast feature may not work after a reboot. It can be seen that no target-broadcast packets are received on the targeted-broadcast interface.
PR Number Synopsis Category: EX4300 Platform implementation
1502467 The mge interface might still stay up while the far end of the link goes down.
Product-Group=junos
On EX4300-48MP platforms which support multi-rate gigabit ethernet (mge) interfaces, if a mge interface which is located within port range 24-47 is connected with some specific devices (e.g. a bypass module from DELL), when the far end of the link goes down, the mge interface might still stay up due to this issue. It will lead to traffic drop when sending traffic via the affected link.
PR Number Synopsis Category: Marvell based EX PFE L2
1520351 On the EX4600 and EX4300 Virtual Chassis or Virtual Chassis Fabric, the VSTP configurations device goes unreachable and becomes nonresponsive after commit.
Product-Group=junos
On QFX5100 or EX4600 in mix-VC (Virtual Chassis) scenario when the QFX5100/EX4600 uses "PHY" port as VCP (Virtual Chassis Port) port, the VC system might get hanged and unreachable after committing the VSTP (VLAN Spanning Tree Protocol) configurations.
PR Number Synopsis Category: EX2300/3400 CP
1494712 The authentication session might be terminated if the PEAP request is retransmitted by an authenticator.
Product-Group=junos
On all Junos platforms with 802.1X (dot1x) enabled, if Protected Extensible Authentication Protocol (PEAP) request is not replied by supplicant in default time interval, it could cause the authenticator to retransmit PEAP proposal method message with new Extensible Authentication Protocol (EAP) ID. The new EAP ID is different from EAP ID sent by authentication server. As a result, mismatching EAP ID issue could terminate authentication session. In the end, supplicant cannot access network. Please consider increasing 'supplicant-timeout' to prevent this issue from happening.
PR Number Synopsis Category: EX2300/3400 platform
1495564 Interface on platforms using Broadcom chipset might have abnormal status
Product-Group=junosvae
On EX, OCX or QFX based platforms using Broadcom chipset, with SFP+ implemented, interface on the platforms might be in active status when TX or RX connector is removed. When this issue happens, traffic could be dropped.
PR Number Synopsis Category: QFX Multichassis Link Aggregrate
1525234 The dcpfe might crash when the ICL is disabled and then enabled
Product-Group=junos
On QFX5k platforms with MC-LAG (Multichassis Link Aggregation Groups) used, the dcpfe might crash when the ICL (Interchassis Link) is disabled and then enabled. Traffic loss might be seen during the dcpfe crash and restart.
PR Number Synopsis Category: QFX Access control list
1521763 Firewall "sample" configuration gives the warning as unsupported on QFX10002-36q and will not work.
Product-Group=junos
On QFX10002-36q, when inline-jflow is configured, the IPv4 firewall filter with 'sample' action gives a waring "unsupported platform" and will not work. On the other hand, the IPv6 firewall filter with 'sample' action will still work as expected.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1486632 System upgrade/installation might fail on QFX 5100-48T-6Q VC/VCF
Product-Group=junos
On QFX 5100-48T-6Q VC/VCF, RCP error might be seen while upgrading the system using "request system software add  no-validate" and system upgrade/ installation could fail. This issue happens if DCPFE cpu utilization is very high.
PR Number Synopsis Category: QFX VC Datapath
1519893 On QFX5120 and QFX5210 platforms unexpected storm control events might happen
Product-Group=junos
On QFX5120 and QFX5210 platforms unexpected storm control events might happen. A new knob on the fixed versions is required to avoid this behavior: set forwarding-options storm-control enhanced
PR Number Synopsis Category: ACX GE, 10GE, PoE, IDT framers
1523418 Interface does not come up with the autonegotiation setting between ACX1100 routers and QFX Series switches, MX Series routers, and ACX Series routers as the other end.
Product-Group=junosvae
Broadcom chipset Patch provided to address TD2+ and TD chip set address the remote fault issue.
PR Number Synopsis Category: a20a40 specific issue
1522130 Syslog reporting "PFE_FLOWD_SELFPING_PACKET_LOSS: Traffic impact: Selfping packets loss/err: 300 within 600 second" error messages in node 0 and node1 control panel.
Product-Group=junos
Syslog reporting "PFE_FLOWD_SELFPING_PACKET_LOSS: Traffic impact: Selfping packets loss/err: 300 within 600 second" error messages in node 0 and node 1 control panel.
PR Number Synopsis Category: BBE Autoconfigured DVLAN related issues
1541796 Subscriber may not come up on some dynamic VLAN ranges in an subscriber management environment
Product-Group=junos
On the MX series platforms, if dynamic VLAN ranges are configured more than 32 on an interface, subscriber may only come up on the first 32 dynamic VLAN ranges of that interface.
PR Number Synopsis Category: BBE WiFi applications/services
1526666 WAG control route prefix length are observed.
Product-Group=junos
This fix enables soft-gre destination network mask length of 1-32. Previously only multiples of 8 were supported.
PR Number Synopsis Category: BBE Layer-2 Bitstream Access
1551207 PPPoE subscribers login failure may happen
Product-Group=junos
In Broadband Network Gateway (BNG) scenario where Layer-2 Bitstream Access (L2BSA) and PPPoE subscribers are working on the same interface/VLAN, PPPoE subscribers login may get stuck in a pending state, if the IN-FLIGHT flag of L2BSA is not cleared after its Port-Up packet is rejected by RADIUS, and during this process, another Port-Up for the same access-loop arrives.
PR Number Synopsis Category: Border Gateway Protocol
1518056 Tag matching in the VRF policy does not work properly when the independent-domain option is configured.
Product-Group=junos
On all platforms and in an L3VPN environment, when the tag is configured in the policy and applied to the VRF instance, configuring 'independent domain' for the autonomous system under the routing-options will cause the inet-vpn routes stop getting advertised between VRF instances.
1523075 BGP session with VRRP virtual address used might not come up after a flap
Product-Group=junos
When VRRP virtual address is configured and used to set up a BGP session with the remote side, under rare timing conditions, BGP peer establishment may get rejected repetitively.
1532414 The L3VPN routes may be added to FIB on route reflector
Product-Group=junos
In L3VPN scenario with in-line RR (Route Reflector) which has an export policy with next-hop self to advertise all transit L3VPN routes to its clients and also uses route-target family, the undesired L3VPN routes may be pushed to FIB (Forwarding Information Base) after enabling/disabling route-target family on the RR or a new BGP peer joins a group with 'next-hop self'.
1538491 Configuring 'then next-hop' and 'then reject' on a route policy for the same route might cause rpd crash
Product-Group=junos
On all Junos platforms with BGP enabled, if a policy is setting 'then next-hop' and 'then reject' at the same time for the same prefix, rpd crash might be seen. Like the following: set policy-options policy-statement xxx term 1 from route-filter xxx set policy-options policy-statement xxx term 1 then next-hop ... set policy-options policy-statement xxx term 2 then reject
1541768 The rpd process generates the core file at gp_rtarget_tsi_update,bgp_rtarget_flash_rt,bgp_rtarget_flash.
Product-Group=junos
If RTarget module tries to take an access of the active route which does not exist (since NextHop is not resolved), a reference is taken on the non-existent active route, and rpd crashes.
PR Number Synopsis Category: BGP Segment Routing
1550736 The rpd crash might be seen when BGP service route is resolved over color-only SRTE policy
Product-Group=junos
In BGP segment routing traffic engineering (SRTE) scenario, when BGP service route is resolved over color-only SRTE policy and extended-nexthop-color and no-install within bgp is enabled, the rpd crash might be observed.
PR Number Synopsis Category: QFX Control Plane VXLAN
1538117 evpn/vxlan registers mac-move counters under "system statistics bridge" even though there is no actual mac-move for MH (multi-home) clients
Product-Group=junos
When using EVPN VXLAN, the "mac-move" counter under the "show system statistics bridge" may show a higher event count than the actual MAC moved events
PR Number Synopsis Category: Device Configuration Daemon
1539719 Syslog "should have at least one member link on a different fpc" might occurs after commit for configuration under interface hierarchy
Product-Group=junos
This log could occur after commit for configuration under interface hierarchy f we have AE configuration with logical-interface-fpc-redundancy config, even if the AE interface have multiple legs on different FPCs. Sep 11 15:57:22.395 2020 lab-router-mx dcd[41283]: %DAEMON-4: Interface: ae5, should have at least one member link on a different fpc Trigger: 1- AE interfaces with logical-interface-fpc-redundancy are configured 2- Config change under interface hierarchy 3- Commit config
1539991 The logical interface might flap after adding or deleting native VLAN configuration
Product-Group=junos
On EX/QFX platforms, the unrelated logical interface on a physical interface would flap when adding or deleting native VLAN configuration on the physical interface.
1547853 The following the commit error is observed while trying to delete unit 1 logical systems interfaces: ae2.1: Only unit 0 is valid for this encapsulation.
Product-Group=junos
When non-zero IFL is configured under logical-systems and added to the bridge-domain under this logical-systems and its IFD is configured with flexible-vlan-tagging at top level, when deleting flexible-vlan-tagging from top level and deleting non-zero IFL from logical-systems and keeping the IFL under logical-systems/bridge-domain, commit error might be seen as 'Only unit 0 is valid for this encapsulation'. Workaround is to delete the IFL under logical-systems/bridge-domain also.
PR Number Synopsis Category: Layer 3 forwarding, both v4+v6
1499483 The hardware FRR for EVPN-VPWS, EVPN-FXC, and Layer 3 VPN with a composite next hop are not supported in Junos OS Release 20.2R1.
Product-Group=junos
EVPN-VPWS and EVPN-FXC circuits, L3VPN destination reachable over composite Next hop (this is enabled using CLI: set routing-options forwarding-table chained-composite-next-hop ingress l3vpn will not get HW-FRR behaviour (<50 ms convergence) in 20.2 release. The traffic convergence will be dependent on control plane convergence.
PR Number Synopsis Category: DNX VPLS
1527231 With no-local-switching knob traffic between local and remote CEs are affected
Product-Group=junos
no-local-switching knob is causing the traffic from local CE to remote CE blackhole and the remote mac learning stopped on LSI with the fix of the PR it is taken care that remote MAC learning is not impacted with the knob.
PR Number Synopsis Category: mgd, ddl, odl infra issues
1522339 Compressed /var/log/ creation through file archive compress might fail on certain PTX platforms running Junos Evolved.
Product-Group=junos
Compressed /var/log/ creation via "file archive compress" might fail on certain PTX platforms running Junos Evolved.
PR Number Synopsis Category: EVPN control plane issues
1513759 With dynamic list next hop configured, a forwarding problem occurs after performing graceful switchover.
Product-Group=junos
On all Junos platforms with EVPN scenario, if the knob 'dynamic-list-nexthop' is configured, traffic loss might be observed in some EVPN instances after performing GRES. This is a timing issue and seen in a scaled setup.
1521526 ARP table might not be updated after performing VMotion or a network loop
Product-Group=junos
On all Junos platforms with EVPN configured, the ARP table might not get updated. This issue happens after performing VMotion in a network or having a network loop.
1525888 BUM traffic might be dropped in EVPN-VXLAN setup
Product-Group=junos
On all platforms with EVPN-VXLAN setup, all the BUM traffic that sent to a remote PE might be dropped locally if, 1. the remote PE consists of two devices that share the same VTEP IP but have different loopback IP for their overlay BGP, 2. and when one of the devices loses connection, the local PE side will just delete the NH associated with the VTEP.
1547275 VLAN ID information is missed while installing the EVPN route from the BGP Type 2 Route after modifying a routing-instance from instance-type EVPN to instance-type virtual-switch.
Product-Group=junos
VLAN ID information might be missing while installing the EVPN route from the BGP Type 2 Route after modifying a routing-instance from "instance-type evpn" to "instance-type virtual-switch". As a result, the data traffic sent via these EVPN routes doesn't push vlan-id in the inner Ethernet Header. This might result in traffic getting discarded on the remote PE.
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1535515 All the ARP reply packets towards to some address are flooded across the entire fabric
Product-Group=junos
In the EVPN-VXLAN scenario, if the spine has irb and the leaves don't have irb, and the leaves have multi-home interfaces, the ARP reply packets flooding across the entire fabric might be seen.
PR Number Synopsis Category: Sflow on qfx10k/ptx series PRs for defect & enhancement req
1521732 Output interface index in SFLOW packet is zero when transit traffic is observed on the IRB interface with VRRP enabled
Product-Group=junos
When VRRP is enabled on IRB interface and SFLOW is enabled on QFX10000 Series platforms, output interface Index in SFLOW packet will be zero for the traffic destined to VRRP MAC address.
PR Number Synopsis Category: IDP policy
1546542 IDP Policy load might fail post image upgrade for *x49 releases
Product-Group=junos
On all Junos platforms, the preserved compiled IDP bin file might not load into PFE after the device upgrade. Fields such as sec_intel/is_intel_inspect_enabled/time_interval in time-binding are looked for during policy load which are missing in attacks, x49 does not support these features and hence these fields will be missing in the compiled policy resulting in load failure.
PR Number Synopsis Category: ISIS routing protocol
1482983 The output of the "show isis interface detail" command might be incorrect if wide-metrics-only is enabled for IS-IS and the ASCII representation of the metric in decimal is more than 6 characters long
Product-Group=junos
If 'wide-metrics-only' is enabled for any IS-IS level and a metric configured on the IS-IS enabled interface for that level has ASCII representation in decimal more than 6 characters long, this interface's metric for that level will be merged with 'priority' field value in the output of 'show isis interface detail'.
PR Number Synopsis Category: Adresses NAT/NATLIB issues found in JSF
1532249 Need to improve the maximum eNode connections for one persistent NAT binding from 8 to 32.
Product-Group=junos
Improve the max ENODE connections for one persistent NAT binding from 8 to 32
PR Number Synopsis Category: Flow Module
1490878 The srxpfe may crash if perform a reboot or an upgrade
Product-Group=junosvae
On vSRX (not vSRX3.0) platforms, the srxpfe might crash if perform a reboot or an upgrade. It happens with a low probability.
PR Number Synopsis Category: JSR Infrastructure
1484872 JFlow/IPFix - tracking pr for fixing crash when sampling is more than 65535
Product-Group=junos
There was a crash when setting the sampling rate more than 65535, this is since fixed. set forwarding-options sampling instance s1 input rate 70000
PR Number Synopsis Category: all logging related bugs on srx platforms
1521794 On SRX Series devices with chassis clusters, high CPU usage might be seen due to the llmd process.
Product-Group=junos
On SRX Series devices with chassis cluster, high CPU usage might be seen due to the llmd process.
PR Number Synopsis Category: Firewall Policy
1544554 The flowd/srxpfe process might crash when SRX/NFX device running on Junos OS 18.2R1 or above where the unified policy feature is supported
Product-Group=junos
On SRX Series device running on Junos OS 18.2R1 or above, or NFX Series device running on NextGen Junos OS, the unified policy feature is supported, the flowd/srxpfe might crash.
1546120 Traffic might be dropped unexpectedly when the url-category match condition is used on a security policy
Product-Group=junos
An issue was discovered within Unified Policies that affected the url-category match condition that can cause it to "over-match" and apply to more traffic than it should. This can result in the SRX dropping traffic that would otherwise be permitted
PR Number Synopsis Category: IPSEC/IKE VPN
1488087 IPsec tunnel could flap when ESN is enabled
Product-Group=junos
On SRX5000 line of devices, with extended-sequence-number (ESN) configured, the IPsec tunnel might be re-established. This issue could be self-recovered, and traffic loss happens during IPsec tunnel flapping.
PR Number Synopsis Category: PFE infra to support jvision
1547698 SENSOR APP DWORD leak observed during the period of churn for routes bound to Sensor group
Product-Group=junos
SENSOR APP DWORD leak observed during the period of churn for routes bound to Sensor group. Sensor types that are affected are Segment Routing, Segment Routing-TE, LDP and RSVP LSPs.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1534796 High rate of ARP or NS packets might be observed between a device that runs Junos OS and host when the device that runs Junos OS receives an ARP or NS packet on an interface in transition.
Product-Group=junos
On Junos device in EVPN scenario, if an interface is in transition status and an ARP request is received on the interface from a host, the Junos device may send out re-arp out towards the host, and the host responds to this re-arp and the Junos device sends another re-arp in response to this arp reply from host. This goes forever causing high rate of arp packets until the interface comes up. This issue is also applicable to ND/NS in IPv6 environment.
PR Number Synopsis Category: Label Distribution Protocol
1538124 The rpd process might crash when the LDP route with indirect next hop is deleted on the aggregated Ethernet interface.
Product-Group=junos
If the Label Distribution Protocol (LDP) route with indirect next-hop exists (e.g. LDP egress-policy is used to advertise BGP route into LDP), the rpd might crash when the LDP route is deleted from the AE interface.
PR Number Synopsis Category: lldp sw on MX platform
1538482 DUT did not receive the LLDP packet from phone.
Product-Group=junos
On EX4300 platforms, the LLDP (Link Layer Discovery Protocol) neighborship with the VoIP (Voice over Internet Protocol) phones can't be established when LLDP is configured on the PoE (Power over Ethernet) enabled port on EX4300 and connects to the VoIP Phone.
PR Number Synopsis Category: Multicast for L3VPNs
1546739 MVPN multicast route entry may not be properly updated with actual downstream interfaces list
Product-Group=junos
In multicast VPN RPT-SPT mode with both locally and remotely connected receivers, the multicast forwarding entry related to the actual downstream interfaces may not be properly updated. The issue may happen when multicast forwarding entry is created by locally connected PIM receiver, followed by remote receiver and after local receiver decides to prune its membership in that multicast group.
PR Number Synopsis Category: Fabric Manager for MX
1535787 All SFBs might get offlined due to fabric failure and fabric self-ping probes performs "disable-pfe" action
Product-Group=junos
Once yanking out the MPC without prior offline and the chassisd process is not able to process this event on the master RE due to additional mastership switch, and later the MPC which pulled out the slot is re-inserted back, many Switch Fabric Board (SFB) might be offline due to max_total_cell_usage overflow condition on the xfchip. MX2020 Platform with SFB2 is not exposed to such event, neither if MX2020 has the disable-grant-bypass configured.
PR Number Synopsis Category: "ifstate" infrastructure
1484322 SNMP Index in PFE reports as 0, causing SFLOW to report either IIF or OIF (not both) as 0 in sflow record data at collector
Product-Group=junos
SNMP index on PFE is 0. This causes the SFLOW records to have either IIF(Input interface value) or OIF(Output interface value) as 0 value in sflow record data at collector.
PR Number Synopsis Category: OSPF routing protocol
1525870 The OSPFv3 adjacency should not be established when IPsec authentication is enabled.
Product-Group=junos
On EX4300 platforms, the OSPFv3 configured with IPsec authentication after device reboots, the OSPFv3 adjacency should not be established, while do the same configuration before device reboots, the adjacency should be established.
PR Number Synopsis Category: vMX Data Plane Issues
1544856 The riot forwarding daemon crash might be observed on vMX based platforms configured with IRB interface
Product-Group=junos
On vMX based platforms enabled with IRB interface, the riot forwarding daemon crash might be observed which could lead to traffic loss.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1507044 The archival function might fail in certain conditions.
Product-Group=junos
If the archival function is enabled with the statement "routing-instance" and transfer mode is set as SFTP/SCP for archive-sites, it may not work and fail to transfer the files.
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1538340 Interfaces are not created after channel-speed 10g is applied across ports 48 to 53 on QFX5100-48T
Product-Group=junos
After channelizing port 48 through 53 and channel speed, the interfaces are down on QFX5100-48T platform. This issue causes interfaces are deleted and traffic might be dropped.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1508611 The fxpc may crash and restart with a fxpc core file created while installing image through ZTP
Product-Group=junos
On QFX5100/EX4600 Series platforms, the fxpc may crash sometimes while installing an image through ZTP.
1520956 QFX5100: cprod timeout triggers high CPU (100%)
Product-Group=junos
In QFX5100, you might get into a high CPU (CPU running at 100%) situation when a "cprod" command timed out.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1484440 IRB MAC will not be programmed in hardware when MAC persistence timer expires
Product-Group=junos
On QFX5XXX/EX46XX virtual chassis platforms with GRES, if an IRB interface is configured with members across master and backup REs, and when mac-persistence-timer expires, the new MAC address of the IRB interface might not be programmed in hardware, which might result in failure on protocols and traffic.
1512712 Display issue, Virtual Chassis environment, Configured num-65-127-prefix value is shown incorrect for the command O/P "show chassis forwarding-options"
Product-Group=junosvae
Display issue, In a Virtual Chassis environment, Configured num-65-127-prefix value is shown incorrect for the command O/P "show chassis forwarding-options" for the FPC which is not local (Backup and line card members of the VC)
PR Number Synopsis Category: QFX EVPN / VxLAN
1510794 Multicast traffic loss is observed due to few multicast routes missing in the spine node
Product-Group=junos
In an EVPN-VXLAN scenario with scaled snooping configuration(for example, 100 vlan's with snooping enabled), traffic drops might be observed for multicast groups in few vlan's when "clear bgp sessions" is performed on all Spine devices.
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1534455 Some routes might get incorrectly programmed in the forwarding table in the kernel which is no longer present in rpd
Product-Group=junos
In a scaled routes scenario, if there is any route change operation when the system is under memory pressure, the rpd might change a route entry but the same is not conveyed to the kernel. This causes a mismatch between routes in rpd and kernel leading to traffic blackhole for the mismatched route entries that are incorrectly programmed in the kernel.
PR Number Synopsis Category: RPD policy options
1523891 The policy configuration might be mismatched between rpd and mgd when "deactivate policy-options prefix-list" is involved in configuration sequence
Product-Group=junos
If "deactivate policy-options prefix-list" is involved in configuration sequence along with other policy configurations, the mgd process might not notify the rpd process about the policy configuration changes after committing the configuration. This can cause the policy configuration to be out-of-synchronization between policy database used by rpd and configuration database used by mgd. Due to the missing policy entries in policy database, later the rpd might crash when accessing these entries via CLI command like "show policy".
PR Number Synopsis Category: jflow/monitoring services
1517646 The srrd process might crash in a high route churns scenario or if the process flaps.
Product-Group=junos
On all Junos OS platforms with inline Jflow enabled, the sampled route reflector process (srrd) might crash in a scenario where there are high route churns or flaps in the system. This is a rare timing issue and because of the crash, the Jflow export might report older route information for sometime.
PR Number Synopsis Category: IPSEC functionality on M/MX/T ser
1540538 Services process mspmand leaks memory in relation to MX telemetry, reporting RLIMIT_DATA exceed.
Product-Group=junos
On MX platforms with MS-MPC/MS-MIC service card installed, the card might run out of memory due to process mspmand memory leak, which may cause traffic interruption if adding and/or deleting of telemetry sensor. This is because these operations will trigger the memory allocation for decoding configuration change messages and will not release the memory at the end of processing.
1544794 The mspmand core might be observed on activating/deactivating the interface
Product-Group=junos
On MX480 platforms with MS-MPC service card installed, the Multiservices PIC manager daemon((mspmand) might get crashed on activating/deactivating the interface aggressively, causing the restart of the service PIC and traffic interruption.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1482400 The vmcore process crashes sometimes along with the mspmand process on MS-MPC/MS-MIC if large-scale traffic flows are processed
Product-Group=junos
With NAT/Stateful-firewall/TCP tickle (enable by default) configured on MS-MPC/MS-MIC, the vmcore crash sometimes along with mspmand crash might happen if large-scale traffic flows (e.g. million flows) are processed by it.
PR Number Synopsis Category: MX10003 Platform SW - Platform s/w defects
1531190 PEM 0 always shows as Absent/Empty even if PEM 0 is present on MX10003
Product-Group=junosvae
PEM 0 always shows as Absent/Empty even if PEM 0 is present on MX10003
PR Number Synopsis Category: MX10003/MX204 SW - UI specific defects
1529028 The speed command cannot be configured under the interface hierarchy on an extended port when MX204 or MX10003 router works as an aggregation device.
Product-Group=junos
Due to the restriction added via PR 1389918 (fixed in 17.4R3 18.2R2 18.3R2 18.4R1 19.1R1), it is unable to configure the speed knob under interface hierarchy on extended port when MX204 or MX10003 works as aggregation device (AD) in Junos Fusion Provider Edge (JFPE) setup.
PR Number Synopsis Category: ZT/YT PFE l3 forwarding
1529475 The multicast traffic might be dropped due to hash mismatch when there are AE and ECMP links involved in multicast tree
Product-Group=junos
On MX platforms with MPC10 or MPC11 line cards, the multicast traffic over an AE or ECMP interface may be dropped because the hash calculation on the egress line card could be different than on the ingress line card. This could happen if the encapsulation on the egress interface changes a field in the packet that is used in the hash calculation.
PR Number Synopsis Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1529602 In the subscriber management environment, the RADIUS interim accounting records does not get populated with the subscriber statistics.
Product-Group=junos
In the subscriber management environment, RADIUS interim accounting records are not populated with the subscriber statistics after a system reboot. In this case, the MAC of the routing engine is not learned by the nextgen-stats manager on the PFE.
1539474 The accounting interim-updates for subscriber does not work after GRES and subsequent reboot of FPCs in the node-slicing setup.
Product-Group=junos
On MX with MPC5 and newer card installed, if node slicing and subscriber service are enabled, the radius accounting interim updates may not carry actual statistics after performing GRES of base system (BSYS) and subsequent reboot of FPCs.
PR Number Synopsis Category: Trio pfe qos software
1525188 Flow programming issue for lt- interface in the PFE level
Product-Group=junos
On the MX150/VMX platforms, flow programming issue for the logical tunnel interface is seen in the PFE level. The internal schedulers attached to the logical tunnel interfaces are wrong.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1506861 The MEP session on the aggregated Ethernet interface might not come up if OAM runs with PPM mode by default.
Product-Group=junos
On MX platform running with enhance IP mode or enhanced ethernet mode, also, Operation, Administration and Maintenance (OAM) is enabled with Periodic Packet Management (PPM) mode by default, maintenance association end point (MEP) session might be failed to create. In the end, network connection failure might not be efficiently monitored. This is functional impact.
1533857 FPC crash might be observed when the ASIC's NH memory exhausted in the EVPN-MPLS scenario
Product-Group=junos
On all MX/EX92xx platforms with EVPN-MPLS configured, NH (Next-Hop) memory leak in Trio ASIC happens whenever there is a route churn for remote MAC-IP entries learned bound to the IRB interface in EVPN-MPLS routing-instance. When the ASIC's NH memory partition exhausted (free% NH memory is close to 20% or below), which will result in the line card to reboot.
1542211 Trio-based FPC might crash when the underlying layer 2 interface for ARP over IRB interface is changed from physical interface to LSI interface
Product-Group=junos
This issue applies to a Trio-based FPC using the integrated routing and bridging (IRB) interface with a VPLS instance using the label-switched interface (LSI) to provide VPLS functionality. The FPC may restart unexpectedly. The restart is triggered when the underlying layer-2 interface for ARP over IRB interface changes from the physical interface to the LSI interface.
PR Number Synopsis Category: Issues related to port-mirroring functionality on JUNOS
1542500 Port mirroring with maximum-packet-length configuration does not work over GRE interface
Product-Group=junos
Port mirroring with maximum-packet-length configuration does not work over GRE interface on MX204. While constructing GRE header, the clipping aspect of inner packet was not accounted earlier. If the inner packet is truncated, the outer GRE header packet size must use the new size (clipped size) to calculate the total length of outer header.
PR Number Synopsis Category: Antivirus UTM issue
1557278 Stream buffer memory leak might happen when UTM(AV/AS/CF) is configured under unified policies
Product-Group=junos
On all Junos platforms that support unified policies (layer 7 application), stream buffer memory leak might happen when Unified Threat Management (UTM) Antivirus Protection (AV)/ Antispam Filtering (AS)/Content Filtering (CF) is configured under unified policies. If the stream buffer memory is exhausted, traffic related to UTM will be affected.
PR Number Synopsis Category: Virtual Router Redundancy Protocol
1526851 When SRX receives proxy ARP request on VRRP interface, SRX sends ARP reply with underlying interface MAC address
Product-Group=junos
On SRX Series devices with VRRP scenario, the proxy ARP reply uses interface MAC address instead of VRRP MAC address if the VRRP is configured on some IFL and the proxy-arp is configured on same IFL, traffic loss may occur.
1546635 After VRRP failover VRRP backup router will keep receiving traffic for about 2 minutes
Product-Group=junos
In one scenario when there are three VRRP routers(VRRP priority: R1>R2>R3), with vrrp-inherit-from enabled, the VRRP backup router will keep receiving traffic for about 2 minutes after VRRP failover which will cause traffic drop.
PR Number Synopsis Category: VSRX platform software
1524243 The control link might be broken when there is excessive traffic load on the control link in vSRX cluster deployment.
Product-Group=junosvae
In the vSRX2.0 cluster running on KVM, when there is excessive traffic load on the control link (em0 link), the error message kernel: em0: watchdog timeout on queue 0 might be shown in the syslog. This interruption might cause the cluster control link to fail and dynamic routing protocols not to work properly.
 

19.4R3-S1 - List of Known issues
PR Number Synopsis Category: Marvell based EX PFE MISC
1232403 HSRPv2 IPV6 packets might get dropped if IGMP-snooping is enabled.
Product-Group=junos
On EX Series switches except EX4300/EX4600/EX9200, an interface is configured for single vlan or multiple vlans, if all these vlans of this interface have igmp-snooping enabled, then this interface will drop HSRPv2 (Hot Standby Router Protocol for IPv6) packets. But if some vlans do not have igmp-snooping enabled, then this interface is working fine.
PR Number Synopsis Category: EX2300/3400 PFE
1543181 Slaac-Snoopd child process core is observed upon Multiple Switchovers on RE
Product-Group=junos
Slaac-Snoopd core in the child process of slaac-snoopd daemon is seen when Old Master transition to Master happens again. It means when RE has undergone 2 switchovers starting from Mastership role and again regaining the Mastership role after second switchover, slaac-snoopd core in the child process of slaac-snoopd daemon is observed. However it was observed that the core has no impact on base functionality of slaac-snoopd daemon.
PR Number Synopsis Category: NFX Layer 2 Features Software
1517995 vSRX VM Cluster: IPC disconnect could be seen on JCP if the CPU0 gets hogged.
Product-Group=junos
This issue is applicable to vSRX VM cluster running on NFX250. The "dcpfe" process may consumes higher CPU cycles while flushing the stale/aged mac entries from the mac-to-interface ethernet-switching table. This can cause IPC connections to be disconnected on a JCP.
PR Number Synopsis Category: QFX VC/VCF NSSU
1496765 QFX 5100 VC/VCF : NSSU from older Junos release with Broadcom SDK 6.3.x to new Junos release with Broadcom SDK 6.5.x may not work
Product-Group=junos
On QFX5100, NSSU from older Junos release with Broadcom SDK 6.3.x to new Junos release with Broadcom SDK 6.5.x may not work. As a workaround normal upgrade from older release to new release can be done.
PR Number Synopsis Category: QFX ISSUE PFE related
1511607 QFX5200-32C : Reboot time is degraded from 205 seconds in Junos 20.2R1 to 260 seconds in Junos 20.3
Product-Group=junos
The reboot time of QFX5200-32C platforms increases from 205 seconds with Junos 20.2R1 to 269 seconds in Junos 20.3R1
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1508133 Traffic loss occurs in the BGP streams while triggering GRES and reboot with the base configuration.
Product-Group=junos
On QFX5100-VC, traffic loss is observed in BGP streams while doing the triggers GRES & Reboot with base configurations.
PR Number Synopsis Category: CoS support on ACX
1531413 The show class-of-service routing-instance does not show the configured classifier.
Product-Group=junos
This classifier display got blocked due to PR 1353828, where they are blocking the classifier display function as ACX supports only IFD based classification. With fix of PR1531413, it made an exception to IFL lsi interface attached to layer 3 vpn routing-instances
PR Number Synopsis Category: ACX L2 related features
1263012 Transit ARP packets are being punted to the RE
Product-Group=junos
ACX device is getting transit ARP traffic coming from IFL's that are part of a bridge-domain or l2-circuit punted to the RE. Internal coded queues are supporting a maximum of 200 pps in the (ARP + ICMPv6) queue. When hitting limits in this internal queue, other protocols that depend on ARP resolution can be affected and eventually flap. In software versions which include the fix of this PR , a new internal design will allow 200 + 200 pps in the internal ARP and ICMPv6 queues, and will avoid other protocols to flap.
PR Number Synopsis Category: MX Layer 2 Forwarding Module
1529706 The l2ald might crash when device configuration flaps frequently
Product-Group=junos
When device configuration get deleted and added (configuration change from 'baseline-configuration' to 'user configuration' and rollback) through automated scripts, it sometimes causes data corruption and which results in l2-learning daemon crash.
1546631 MAC learning issue might happen when EVPN-VXLAN is enabled
Product-Group=junos
On MX platform, with Ethernet VPN and Virtual Extensible LANs (EVPN-VXLAN) implemented, Address Resolution Protocol (ARP) requests received on VXLAN tunnel endpoint (VTEP) might not forward to customer edge (CE) side or Proxy ARP role on VTEP might not work properly. This issue could happen when knob 'no-arp-suppression' is disabled under EVPN instance combined with static VXLAN implementation. Please refer to workaround provided when this issue hit.
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1453705 On the MX2010 Series routers, the BFD session on the IS-IS step up flaps during the ISSU - FRU upgrade stage.
Product-Group=junos
Bfd session flaps during ISSU only in mpc7e card(Bfd sessions from other cards of DUT to peer routers did not flap during ISSU). Issue is not seen frequently.
1474521 The BFD session may get stuck in the init or down state after BFD session flap
Product-Group=junos
On all Junos platforms, a BFD session configured with authentication may get stuck in init or down state after BFD session flap. This issue happens due to internal software logic error.
1516556 The remaining BFD sessions of the aggregated Ethernet interface flap continuously if one of the BFD sessions is deleted.
Product-Group=junos
On QFX10k platforms, if multiple sub-interfaces of the same AE (Aggregated Ethernet) interface are belonged to different routing instances, and these sub-interfaces are configured with the same IP address and configured with separate BFD (Bidirectional Forwarding Detection) sessions, the remaining BFD sessions will flap continuously if one of these BFD sessions is deleted.
1518106 The BFD sessions might flap continuously after disruptive switchover followed by GRES.
Product-Group=junos
Disruptive switchover (no GRES or NSR configured) can lead to stale PPM (Periodic Packet Management) entries programmed on the new master RE, if both GRES and NSR are activated after disruptive switchover and then a GRES switchover is performed, BFD sessions might flap continuously.
1546566 [CMVTS] [bfd] [traffic_drop] After interface flap multiple times few bfd sessions fail to come tup and getting struck in init state
Product-Group=junos

 After interface flap multiple times few bfd sessions fail to come tup and getting struck in init state
PR Number Synopsis Category: Border Gateway Protocol
1531299 Traffic drop on routes learned via BGP, after enabling BGP graceful-restart and restarting RPD
Product-Group=junos
On QFX5100, traffic drop may be seen on routes learned via BGP, after enabling graceful-restart [delete protocols bgp group ibgp1 graceful-restart disable] and restarting the rpd [restart routing gracefully]
1538956 [bgp] [VMX Regressions: After move peer out of protection group, path protection not removed from the PE router -- Multipath route still present]
Product-Group=junos
After move peer out of protection group, path protection not removed from the PE router -- Multipath route still present
1554569 BGP neighbor shutdown configuration does not take effect on non-established peer
Product-Group=junos
BGP neighbor shutdown configuration "set protocols bgp group <*> neighbor xx.xx.xx.xx shutdown" does not take effect on non-established peer.
PR Number Synopsis Category: BGP Openconfig and Sensor
1505425 The rpd process might crash in case of a network churn when the telemetry streaming is in progress.
Product-Group=junos
On all Junos OS platforms with the Juniper Telemetry Interface configured, the rpd might crash when there is telemetry streaming is in progress and meanwhile there is a network churn. This is a timing issue, and the rpd recovers automatically.
PR Number Synopsis Category: BBE Remote Access Server
1437042 Subscriber deactivation might get stuck in the terminated state.
Product-Group=junos
In a subscriber scenario when subscriber deactivation is done by CoA-request (Change of Authorization request), it might get stuck in terminated state. Since radius CoA requests are very sensitive to response timing, it would retry request and might misinterpret long response delay as failure.
PR Number Synopsis Category: Virtual-chassis platform/chassisd infrastructure PRs for MX
1552588 Another VCP port is wrongly shut down in a VC environment
Product-Group=junos
On MX/EX/QFX platforms with Virtual Chassis (VC) scenario, some interfaces might be shutdown unexpectedly, which might cause traffic to be interrupted if there is an error generated on an FPC. The reason is that after an ASIC error, the IFD down messages is not sent to the local chassis master where the error was reported, instead, it will be sent to the master of the Virtual Chassis, so that another interface with the same Slot/PIC/Port number will be shutdown as well.
PR Number Synopsis Category: MX Platform SW - UI management
1537194 The chassisd memory leak may cause traffic loss
Product-Group=junos
On MX/PTX platforms with 18.1 or higher release, chassisd memory leak may be caused by configuration commit. When chassisd consumes ~3.4GB of memory it may crash, chassisd crash may cause GRES or/and FPC restart. If GRES is enabled, commits are being synchronized between REs, so backup RE chassisd may suffer from memory leak too.
PR Number Synopsis Category: Device Configuration Daemon
1221993 Identical IP address could be configured on different IFLs from different IFDs in the same routing instance
Product-Group=junos
The same IP address could be configured on different logical interfaces (IFLs) from different physical interfaces (IFDs) in the same routing instance (including master routing instance), but only one logical interface was assigned with the identical address after commit. There was no warning during the commit, only syslog messages indicating the incorrect configuration.
1544257 Subscribers might logout then login after loopback address is changed
Product-Group=junos
On MX platform, under subscriber environment and unnumbered IP address borrowed from the loopback interface configured on Demux interface and Aggregated Ethernet (AE) interface, subscriber session might flap if IP address of the loopback interface IP is changed. Please refer to workaround provided when this issue hit.
PR Number Synopsis Category: Layer 3 forwarding, both v4+v6
1495563 PFE_ERROR_FAIL_OPERATION: Failed to install in h/w, LOG: Err] dnx_nh_unilist_install: BCM L3 Egress create object failed for:Unilist nh 2097369 (0:Ok) nh 0
Product-Group=junos
During PFE initialization the unicast NH which are part of the unilist are miss programmed. In that condition if core link flap happens the error messages are observed as ASIC will not find the relevant unicast NH in the hardware as part of unilist.
1547713 The ACX5448 router as transit for BGP labeled unicast drops traffic.
Product-Group=junos
ACX5448 as transit for BGP Labeled unicast drops traffic.
PR Number Synopsis Category: DNX VPLS
1532995 Memory leak is observed in the Local OutLif in the VPLS and CCC topology.
Product-Group=junos
In a VPLS/CCC topology with core link protection when one of the core link flaps or the remote CE flaps "Local OutLif" leak happens. Local OutLif Total entries: 196608 Used entries: 33335 Lowest entry: 0(0x0) /*Initially when vpls is up */ Local OutLif Total entries: 196608 Used entries: 33303 Lowest entry: 0(0x0) /*When VPLS is down*/ Local OutLif Total entries: 196608 Used entries: 33337 Lowest entry: 0(0x0) /*When VPLS is up again*/
PR Number Synopsis Category: JUNOS Dynamic Profile Configuration Infrastructure
1526934 Family IPv6 is not coming up for L2TP subscriber when additional attributes are not passed in the Framed-IPv6-Route VSA.
Product-Group=junos
In DHCP/PPP Subscriber scenario with IPv6 dynamic-profile configured, all the additional attributes (route prefix, next-hop, metric, preference, tag) for IPv6 access route must be fully specified in dynamic-profile and passed via RADIUS server, otherwise family inet6 might not come up.
PR Number Synopsis Category: EVPN control plane issues
1534021 Route table shows additional paths for the same EVPN/VXLAN type 5 destination after upgrade from 18.4R2-S3 to 19.4R1-S2
Product-Group=junos
When upgraded from 18.4R2-S3 to 19.4R1-S2, EVPN/VXLAN type 5 routes show additional paths to the same destination. The beahvior does not impact traffic.
PR Number Synopsis Category: Express PFE Services including JTI, TOE, HostPath, Jflow
1543845 PVL: PTX10008: LC1105: Inline jflow records are not getting exported correctly to the collector
Product-Group=junos
Jflow feature is being claimed for LC1105 from 19.4R1-S1. Jflow for LC1105 should not be configured in 19.4R3
PR Number Synopsis Category: idp flow creation, deletion,notification, session mgr intfce
1521682 The flowd/srxpfe process core file might be seen during the idpd process commit on SRX devices
Product-Group=junos
On all SRX platforms, there is chance of core dump on PFE, if "delete security idp" command is issued from CLI while already an idpd process commit is in progress. The core might be produced due to memory corruption on the PFE. There is no check for IDPD status (Ready or Commit) while unloading running policy on issuing "delete security idp". This leads to out of sync message processing on PFE when already a commit is in progress and "delete security idp" is issued. This is a rare issue.
PR Number Synopsis Category: jl2tpd daemon
1541271 All the unreachable destinations are not put in the Locked out state post GRES.
Product-Group=junos
When GRES switchover is performed, L2tp Tunnels which are being destroyed (i.e. there are no active sessions in it) are not recovered. When there is abnormal termination of Tunnel - conditions such as Tunnel Timeout or bad packet such tunnels are added to Lockout State with timer running. During this time, if GRES occurs, such tunnels are recovered post GRES and added back to Lockout State. The current issue tracked by this PR is that such tunnels are not recovered post GRES.
PR Number Synopsis Category: Adresses ALG issues found in JSF
1535356 The SCCP ALG does not work on SRX Series devices running with Junos OS Release 17.3R1 and onward
Product-Group=junos
On SRX Series devices running with Junos OS Release 17.3R1 and onward, the Skinny Client Control Protocol (SCCP) ALG does not work, which results in SCCP calls failure.
PR Number Synopsis Category: Flow Module
1528898 A chassis cluster node might stop passing traffic.
Product-Group=junos
On SRX platforms, a node of chassis cluster might stop passing traffic. The traffic forwarding can be restored by a manual failover to Node1.
1541954 The rst-invalidate-session configuration does not work if configured together with no-sequence-check.
Product-Group=junos
On SRX Series platforms, the "rst-invalidate-session" does not work if configured together with no-sequence-check. It might result in a TCP connection unestablished.
PR Number Synopsis Category: Firewall Policy
1454907 Traffic might be dropped when policies are changed in SRX Series devices
Product-Group=junos
If a huge number of policies are configured on SRX Series devices and some policies are changed, the traffic that matches the changed policies might be dropped.
1558382 On SRX5K platforms, the secondary node might get stuck in performing ColdSync after a reboot, upgrade or if ISSU is performed
Product-Group=junos
On SRX5K platforms, the secondary node might get stuck in performing ColdSync after a reboot. The following situation is observed on the SRX: > show chassis cluster information detail coldsync . Progress: CS Prereq 2 of 2 SPUs completed 1. if_state sync 2 SPUs completed <<<<<< Stuck here 2. fabric link 0 SPUs completed 3. policy data sync 0 SPUs completed 4. cp ready 0 SPUs completed 5. VPN data sync 0 SPUs completed 6. IPID data sync 0 SPUs completed 7. All SPU ready 0 SPUs completed 8. AppID ready 0 SPUs completed 9. Tunnel Sess ready 0 SPUs completed CS RTO sync 0 of 2 SPUs completed CS Postreq 0 of 2 SPUs completed If it gets stuck here for more than 30 minutes, try to recover using this command: > request security policies resync
PR Number Synopsis Category: IPSEC/IKE VPN
1522017 The traffic might be dropped when IPSec VPN with NAT-T enabled
Product-Group=junos
On SRX platforms, when IPSec VPN is configured with NAT-T enabled and VPN tunnel is established between two peers, if traffic is received from peer during VPN rekey, the traffic might be dropped in the VPN tunnel.
PR Number Synopsis Category: Layer 2 Control Module
1532992 [xstp] [xstptag] :: EX4300:: PDT :: Complete traffic drop seen on configuring MSTP edge port over access and QinQ ports
Product-Group=junos
In a qinq configuration xSTP should not be enabled on interface having ifls with vlan-id-list configured. If xSTP is enabled on such interface, it will only run on ifl whose vlan-id range includes native-vlan-id configured and all other ifls of this interface will in discarding state. So, user should not enable xSTP on these kind of interfaces. Sample configuration which is not allowed: set interfaces ge-0/0/1 flexible-vlan-tagging set interfaces ge-0/0/1 native-vlan-id 3000 set interfaces ge-0/0/1 encapsulation extended-vlan-bridge set interfaces ge-0/0/1 unit 2000 vlan-id-list 1-200 set interfaces ge-0/0/1 unit 2000 input-vlan-map push set interfaces ge-0/0/1 unit 2000 output-vlan-map pop set vlans csvlan1 interface ge-0/0/1.2000 set protocols mstp interface ge-0/0/1
1545310 JDI_REGRESSION:PLATFORM_PFE:SWITCHING[B54]:L2CPD:l2cpd core is seen on EX9204 AD/SD setup with traces rpc_proto_start_packet (packet_ptr=0x1050865, packet_type=9), 0x086be323 in ppm_proto_build_program_send (packet=< optimized out>, 0x0886d56b in ppmlite_build_program_send_rpc (proto_conn=< optimized out>, packet=0x1050865, xmit_entry=0xa59f8e0)
Product-Group=junos
In Junos Fusion l2cpd core might be seen upon deactivating/activating chassis satellite-management multiple times.
PR Number Synopsis Category: PRs for Lazurite Platform and Interface
1538514 [mgdtag] [mgdtag] Scapa : [lazurite]: After config "global system name-server" config commit should fail but commit is succeeds.
Product-Group=junos

After config "global system name-server" config commit should fail but commit is succeeds.
PR Number Synopsis Category: Multicast Routing
1555518 It might fail in sending multicast traffic to downstream receiver on Trio based VC platforms
Product-Group=junos
On Trio based Virtual Chassis (VC) platform, when there are multicast tunneled packets being received, which come into the Virtual Chassis Ports (VCP) and then pop out of the tunnel, if the VCP ports and the interfaces where multicast packets enter/leave the router are located on the same Packet Forwarding Engine (PFE), it might fail in sending multicast traffic to downstream receiver due to this issue.
PR Number Synopsis Category: Multicast for L3VPNs
1536903 MVPN: PIM (S,G) join state may stay forever when there are no MC receivers and source is inactive
Product-Group=junos
The problem can be seen in MVPN ASM scenario on a PE which has local MC source and receivers and RP is remote. If all receivers stop joining the group and MC source stops transmitting, corresponding PIM (S,G) state may remain indefinitely despite that. Due to the problem a router will maintain extra PIM state. Service is not impacted.
PR Number Synopsis Category: Fabric Manager for MX
1482124 Fabric healing logic incorrectly makes all MPC line cards go offline in the MX2000 router while the hardware fault is located on one specific MPC line card slot.
Product-Group=junos
In specific MPC hardware failure conditions within the MX2K platform, fabric healing will attempt to auto-heal the fault location in 3 phases to prevent traffic blackholing. If under such fault conditions only destination timeouts are reported without corresponding link errors, the fabric healing process might restart all MPCs in phase-2 in an auto-healing attempt and if the error condition appears again within 10 minutes the last phase-2 might offline all MPCs in the system.
PR Number Synopsis Category: Kernel Stats Infrastructure
1482379 Junos OS: Memory leak leads to kernel crash (vmcore) due to SNMP polling (CVE-2020-1683)
Product-Group=junos
On Juniper Networks Junos OS devices, a specific SNMP OID poll causes a memory leak which over time leads to a kernel crash (vmcore). Refer to https://kb.juniper.net/JSA11080 for more information.
PR Number Synopsis Category: PE based L3 software
1550632 The Neighbor Solicitation might be dropped from the peer device
Product-Group=junos
The Neighbor Solicitation (NS) might be dropped after the IPv6 binding is flushed from the peer side. The ping to IPv6 peer fails due to the NS message not reach RE. Since ping doesn?t work between the connected interface, any kind of traffic sent towards QFX might also not work. It has a traffic impact.
PR Number Synopsis Category: Protocol Independant Multicast
1500125 Some PIM Join/Prune packets may not be processed from the first attempt in scale scenario under MVPN scenario
Product-Group=junos
On all Junos platforms with MVPN scenario, some PIM Join/Prune messages may not be processed from the first attempt. For a scale pure MVPN setup, this defect might be seen when in a very short period of time dedicated PIM router receives more than 2500 PIM Hello packets from the new neighbors followed by PIM Join packets for the same multicast group. For a scale BNG (Broadband Network Gateway) MVPN setup, this defect might be seen when 4,000 subscribers send PIM joins for three groups and the messages are sent in very close succession. Normally, PIM messages are sent every 60 seconds by the host. Hence, in that case, the issue will be self resolved.
PR Number Synopsis Category: PPPoE functional plugin for bbe-smgd
1550227 NG-RE Graceful Routing Engine Switchover Fails When Static PPPoE is Configured over Aggregated Ethernet Interface
Product-Group=junos
In Junos Subscriber Management scenario, when MX system is installed with dual Next-Gen Routing Engine and if the system is configured with static PPPoE ifl over Aggregated Ethernet Interface, during a GRES (Graceful Routing Engine Switchover) condition, the backup Routing Engine may fail to take over new Mastership role from the former primary Routing Engine and may result system outage.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1481143 Chassisd cores might happen on backup RE after commit on QFX10Ks due to CHASSISD_MAIN_THREAD_STALLED for 200 seconds
Product-Group=junos
Chassisd cores might happen on the backup RE after commit on QFX10K8/16s due to CHASSISD_MAIN_THREAD_STALLED for 200 seconds.
PR Number Synopsis Category: QFX VC Infrastructure
1544353 QFX5100-VC :: Traffic loss is seen as some interfaces are down after swapping master and backup in a VCF
Product-Group=junos
On QFX5k platforms, in VC setup, if master and backup routing engine members are swapped by swapping serial numbers of members then, auto channelization may fail for ports of linecard members, leaving the ports in down state.
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1555187 The changes do not get effective when the values are set under static default hierarchy
Product-Group=junos
The static default (like preference, metric, tag, etc.) values do not get effective after commit when the values are set under static default hierarchy.
PR Number Synopsis Category: Resource Reservation Protocol
1542774 [/technology/rpd/] [rpdtag] MX240 :: RPT_RPD_Regressions : Expected number of RSVP sessions are not up with no cspf in inter area
Product-Group=junos
Expected number of RSVP sessions are not up with no cspf in inter area.
1555774 "setup-protection" doesn't work.
Product-Group=junos
Even if "setup-protection" is set a router it doesn't work properly. New adding LSP will not be up after link-protection happen.
PR Number Synopsis Category: SW PRs for SCBE3 fabric
1553641 Fabric errors are seen and FPCs might get offline with SCBE3, MPC3E-NG/MPC3E and MPC7/MPC10 in increased-bandwidth fabric mode
Product-Group=junos
On MX240/MX480/MX960 platforms, with SCBE3, MPC2E-NG, MPC3E-NG, MPC3E, with the default "increased-bandwidth" fabric mode. You may see fabric errors and traffic loss might be seen. The fabric error initiates fabric hardening actions which eventually offlining one or more FPCs.
PR Number Synopsis Category: SRX Argon module bugs
1533862 19.4R3 : SRX4600 (SnP): SKYATP : Observing 16.7 % performance drop with SKYATP_stream throughput in the latest 19.4R3.2 build.
Product-Group=junos
With JDPI service enabled for protocol context propagation, throughput drop is observed.
PR Number Synopsis Category: platform related PRs on SRX branch platforms
1504986 Layer 2 ping is not working with remote MEP.
Product-Group=junos
For sake of there is length judgement for Mbuf structure, so L2 ping frame fails to transmit on some branches.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1516418 VPLS connection might be stuck in the primary fail status when a dynamic profile is used on the VPLS pseudowire logical interface.
Product-Group=junos
On all Trinity platforms with network service enhanced mode (enhanced-ip/enhanced-ethernet) configured, when a dynamic profile is using on VPLS pseudowire IFL (LSI/VT) and a firewall policer is enabled for pseudowire IFL via the dynamic profile, VPLS connection might be stuck in primary fail (PF) status due to a PFE fabric table corruption, all traffic go through L2 connection over VPLS could be dropped.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1558808 outbound-ssh routing-instance shown as unsupported
Product-Group=junos
The outbound-ssh service has routing-instance configuration option, but it is hidden. If it is configured manually, it is shown as unsupported for the platform.
PR Number Synopsis Category: PRs related to PICd and associated lib WAN side PI code.
1501314 PICD_OPTICS_READ_ERROR and PICD_OPTICS_WRITE_ERROR flooding in logs
Product-Group=junos
This error can be seen when there's a faulty optic or MIC
PR Number Synopsis Category: V44 Aggregation Device Platforms
1435964 Junos fusion / EX4300 SD / Low RX power seen on SD
Product-Group=junos
On Juniper Fusion on SNOS devices running older JUNOS there is no support to read rx power values considering internal calibration. Hence low rx power values are read. This is resolved in the future releases where in the support for this feature is introduced. This is addressed through SNOS 3.5R4 and 3.2R4
PR Number Synopsis Category: VMHOST platforms software
1524791 BGP neighbor flaps during master NG-RE reboot, although GRES/NSR is enabled
Product-Group=junos
On MX platforms with GRES/NSR is enabled, BGP neighbor flaps during master NG-RE reboot. GRES/NSR works with RE switchover "request chassis routing-engine master switch" CLI, but is not supported in the case of RE reboot. Reboot command is being treated as connection close requested to TCP. TCP is sending FIN to the peer, hence TCP based BGP sessions get flapped. This is a product limitation.
PR Number Synopsis Category: VNID L2-forwarding on Trio
1517591 no-arp-suppression is required for MAC learning across the EVPN domain on the static VTEP.
Product-Group=junos
O On MX Series platform, with Ethernet VPN and Virtual Extensible LANs (EVPN-VXLAN) implemented, the Address Resolution Protocol (ARP) requests received on VXLAN tunnel endpoint (VTEP) might not forward to customer edge (CE) side or proxy ARP role on VTEP might not work properly. This issue might occur when the 'no-arp-suppression' configuration statement is disabled under EVPN instance combined with static VXLAN implementation. Please refer to the workaround provided when this issue hit.
 
Modification History:
First publication 2020-12-17
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search