Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

18.3R3-S4: Software Release Notification for JUNOS Software Version 18.3R3-S4

0

0

Article ID: TSB17948 TECHNICAL_BULLETINS Last Updated: 03 Jan 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 18.3R3-S4 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 18.3R3-S4 is now available.

18.3R3-S4 - List of Fixed issues
PR Number Synopsis Category: EX4300 PFE
1456879 The traffic for some VLANs might not be forwarded when vlan-id-list is configured
Product-Group=junos
On EX4300 Series switches, if the vlan-id-list is used on one interface, the traffic for some VLANs under the vlan-id-list might not be forwarded.
1518929 On the EX4300 device, the redirected IP traffic is being duplicated.
Product-Group=junos
On EX4300 platforms with IRB/L3 interface, the redirected traffic with the source from another subnet is getting duplicated.
1538401 LLDP neighborship might not come up on EX4300 non-aggregated Ethernet interfaces.
Product-Group=junos
On EX4300 platform, LLDP might not work on non-AE (Aggregated Ethernet) interfaces. However, it works fine for AE interfaces.
1548858 The targeted-broadcast feature may not work after a reboot
Product-Group=junos
On EX4300 Series platforms, the targeted-broadcast feature may not work after a reboot. It can be seen that no target-broadcast packets are received on the targeted-broadcast interface.
PR Number Synopsis Category: EX4300 CP general implementation
1498903 In some cases, if we have an OSPF session on the IRB over LAG interface with 40-Gigabit Ethernet port as member, the session gets stuck in restart.
Product-Group=junosvae
On the EX4300-48MP VC (Virtual Chassis), if the LAG (Link Aggregation Group) interface with member interfaces of 40G/100G is configured across the master and the standby FPCs of the VC, the OSPF configured on the IRB (Integrated Routing and Bridging) interface over this LAG might be stuck in "ExStart" state. The issue impacts the establishment of the OSPF neighbor.
PR Number Synopsis Category: EX4300 routing implementation
1514729 ARP learning issue might be seen on EX4300-MP platform when configuring L3 gateway interfaces
Product-Group=junos
On EX4300-MP platform, when adding a L3 interface as gateway, the related IRB interface might be created failed on one FPC due to memory corruption, and some ARP entries are not learnt on the device.
PR Number Synopsis Category: Marvell based EX PFE ACL
1532670 Firewall policer with discard action might fail on EX4300
Product-Group=junos
On EX4300 switches, firewall policer discard action might fail to work. This might cause traffic to pass even it exceeds set policer bandwidth limits.
PR Number Synopsis Category: EX2300/3400 CP
1494712 The authentication session might be terminated if the PEAP request is retransmitted by an authenticator.
Product-Group=junos
On all Junos platforms with 802.1X (dot1x) enabled, if Protected Extensible Authentication Protocol (PEAP) request is not replied by supplicant in default time interval, it could cause the authenticator to retransmit PEAP proposal method message with new Extensible Authentication Protocol (EAP) ID. The new EAP ID is different from EAP ID sent by authentication server. As a result, mismatching EAP ID issue could terminate authentication session. In the end, supplicant cannot access network. Please consider increasing 'supplicant-timeout' to prevent this issue from happening.
PR Number Synopsis Category: EX2300/3400 PFE
1427075 The Virtual Chassis splits after the network topology changes.
Product-Group=junos
In Virtual Chassis scenario, when the interfaces flaps or VLAN configuration is changed frequently, the network topology will be changed accordingly, then CPU utilization will be dramatically increased to very high within a short time, which might cause the failure of essential communications between VC master and members. When the failure happens, FPC will automatically restart. As a result, VC is split and traffic is lost.
1472350 CoS 802.1p bits rewrite might not happen in Q-in-Q mode
Product-Group=junos
In EX2300/EX3400 platform with CoS rewrite scenario, if an 802.1p bits (single VLAN) rewrite is used for an SVLAN (outer VLAN) of Q-in-Q, the rewrite will do nothing. Due to the PFE can not parse the firewall rule for given filter match conditions. Therefore, some traffic processing does not work as customer's expectation. Note: EX4300 has no this issue.
1525373 Drops and dropped packets counters in the output value of the show interface extensive command are counted twice.
Product-Group=junos
"show interface ..." command shows wrong values for the "Drops" and "Drop Packet" counters. The actual value is half of the display values.
PR Number Synopsis Category: QFX Multichassis Link Aggregrate
1525234 The dcpfe might crash when the ICL is disabled and then enabled
Product-Group=junos
On QFX5k platforms with MC-LAG (Multichassis Link Aggregation Groups) used, the dcpfe might crash when the ICL (Interchassis Link) is disabled and then enabled. Traffic loss might be seen during the dcpfe crash and restart.
PR Number Synopsis Category: QFX Access control list
1521763 Firewall "sample" configuration gives the warning as unsupported on QFX10002-36Q and will not work.
Product-Group=junos
On QFX10002-36q, when inline-jflow is configured, the IPv4 firewall filter with 'sample' action gives a waring "unsupported platform" and will not work. On the other hand, the IPv6 firewall filter with 'sample' action will still work as expected.
PR Number Synopsis Category: QFX PFE L2
1496766 Flow control is enabled in PFE irrespective of interface configuration and the fix causes a very small amount of packet loss when a parameter related to an interface such as "interface description" on any port is changed.
Product-Group=junos
On QFX5120 and QFX5210 running JunosOS 18.4R2-S5, 18.4R2-S6, 18.4R3-S5, 19.3R3 releases, there will be a very small amount of packet loss when a parameter related to an interface such as "interface description" on any port is changed. When the parameter is changed, COS buffer modifications is checked. Even when there is no change in previous and present COS buffer state for port, COS buffer modifications is unnecessarily performed and is calling traffic block and unblock and causing a very small amount of packet loss. This will be fixed in the following releases. Junos OS 18.4R2-S7, 18.4R3-S6, 19.3R3-S1 and all subsequent releases.
1505239 The dcpfe/FPC might crash due to the memory leak during the vlan add/delete operation
Product-Group=junos
On all QFX5k and EX4600 series platforms, memory leak might happen during the vlan add/delete operation on the interface. The dcpfe/FPC crashes with a coredump if the device is running out of memory. Traffic loss might be seen during the dcpfe/FPC crash and restart.
1521324 The MAC address in the hardware table might become out of synchronization between the primary device and member in the Virtual Chassis after the MAC flaps.
Product-Group=junos
When MAC address moves over the member in Virtual Chassis, the MAC address's learning port in Internal Hardware MAC table may be out of sync between Master and member and this may lead to misforwarding. This will be an extremely rare occurrence. If the issue happens, you can issue "clear ethernet-switching table " command to restore the communication.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1463092 When deleting IRB on the layer 3 gateway, IRB does not get removed from PFE and will blackhole traffic to IRB mac address
Product-Group=junos
On QFX5110/5120 platform as the layer 3 gateway, after deleting the configuration of interfaces irb, The IRB might not get removed from PFE and will blackhole traffic to the MAC address of the deleted IRB.
1486632 On the QFX 5100-48T-6Q Virtual Chassis or Virtual Chassis fan, the following error message is observed while copying the image to the Virtual Chassis fan member and trying to downgrade the image: rcp for member 14, failed.
Product-Group=junos
On QFX 5100-48T-6Q VC/VCF, RCP error might be seen while upgrading the system using "request system software add  no-validate" and system upgrade/ installation could fail. This issue happens if DCPFE cpu utilization is very high.
1528490 On the QFX5000 line of switches, the fxpc process might crash if the VXLAN interface flaps.
Product-Group=junos
On QFX5K platforms, if VXLAN enabled interfaces flap excessively in short period of time, PFE might crash.
PR Number Synopsis Category: Accounting Profile
1509114 The pfed might crash when running 'show pfe fpc x'.
Product-Group=junos
When the pfed is running on a 64 bit machine, it might crash after issuing the command "show pfe fpc x".
PR Number Synopsis Category: CoS support on ACX
1493518 On the ACX5048 and ACX5096 routers, the LACP control packets might be dropped due to high CPU utilization.
Product-Group=junos
On ACX5048/ACX5096 platforms, when one of the child links in AE goes down brings entire AE down due to high CPU.LACP control packets might get dropped as the port is blocked for a temporary period.
PR Number Synopsis Category: Fireall support for ACX
1513998 Filter might not be programmed even if there is free TCAM available on ACX5048/5096
Product-Group=junos
On ACX5048/5096 platforms, if a firewall filter is configured with many terms or many prefix-list/prefixes (e.g. a long loopback filter with more than 512 TCAM entries) , the filter might not be programmed in hardware even if there is free TCAM (Ternary Content Addressable Memory) entries. The filter does not work due to this issue.
PR Number Synopsis Category: JUNOS kernel/ukernel changes for ACX
1509402 PFE crash might be seen and the FPC may remain down on ACX710 platform
Product-Group=junos
On ACX710 platform, after the PTP(Precision Time Protocol) configuration is removed and the router is rebooted, the PFE might crash and the FPC remains down if PTP traffic is still coming into the router. This issue might also happen when SyncE is configured. This causes the router to crash and not come up.
PR Number Synopsis Category: ACX GE, 10GE, PoE, IDT framers
1430009 The gigether-options command is enabled again under the interface hierarchy.
Product-Group=junos
gigether-options and ether-options both are support on ACX5k PR1430009 initially opened to remove gigether-options, now it has been reverted. Revert has been tracked in the same PR 1430009. Yes, latest fix of PR 1430009 has added back gigether-options
1523418 Interface is not coming up with auto-negotiation setting when connecting QFX5100/QFX5110 with 1G/10G interface
Product-Group=junosvae
When QFX5100/5110 is connected to other devices with 1G/10G ports, both sides configuring auto-negotiation and the remote interface might stay down.
PR Number Synopsis Category: BBE interface related issues
1447493 bbe-smgd core file on backup Routing Engine in bbe_ifd_add_vlan (ifd=0x8c3e835, ifl=0xcaf59f18) at ../../../../../../src/junos/usr.sbin/bbe-svcs/smd/infra/bbe_ifd.c:6374.
Product-Group=junos
When a logical interface with vlan is deleted from the master Routing Engine (master RE), the backup RE does not process the removal correctly. When a new vlan logical interface is added after the removal, the bbe-smgd process on the backup RE may panic.
1498024 Subscribers might be disconnected after one of the aggregated Ethernet participating FPCs comes online in a Junos OS node slicing scenario.
Product-Group=junos
On MX Series platforms with node slicing setup, if subscriber services and targeted distribution feature are enabled on an aggregated Ethernet interface, and the FPC where one of the aggregated Ethernet member port is located comes online, subscribers that are already online might be disconnected.
PR Number Synopsis Category: BBE Layer-2 Bitstream Access
1551207 PPPoE subscribers login failure may happen
Product-Group=junos
In Broadband Network Gateway (BNG) scenario where Layer-2 Bitstream Access (L2BSA) and PPPoE subscribers are working on the same interface/VLAN, PPPoE subscribers login may get stuck in a pending state, if the IN-FLIGHT flag of L2BSA is not cleared after its Port-Up packet is rejected by RADIUS, and during this process, another Port-Up for the same access-loop arrives.
PR Number Synopsis Category: BBE multicast related issues
1536149 Multicast traffic might be sent out through unexpected interfaces on MX Series platforms with distributed IGMP enabled.
Product-Group=junos
On MX platforms with enabled subscriber services, if distributed IGMP is enabled on subscriber dynamic interfaces and there are static interfaces are configured on the same fpc, and fpc is reloaded or interfaces flapped, then multicast may get enabled on static interface and the multicast traffic may be sent out through unexpected interface.
PR Number Synopsis Category: MIBs related to BBE
1535754 Snmp mib walk for jnxSubscriber OIDs returns General error
Product-Group=junos
Snmp mib walk for jnxSubscriber OIDs returns General error
PR Number Synopsis Category: Border Gateway Protocol
1487486 The rpd might crash with BGP RPKI enabled in a race condition
Product-Group=junos
On all Junos platforms with BGP PRKI (Resource Public Key Infrastructure) scenario, if NSR is enabled and scale routes and ROAs exist, in a very rare case, the ROA (route origin authorization) might be withdrawn before replicating to the backup RE when ROA changes happen, which results in the rpd crash.
1517498 The rpd might crash after deleting and re-adding a BGP neighbor.
Product-Group=junos
In BGP scenario on all Junos platforms, after deleting and re-adding a BGP neighbor, the rpd might crash due to a rare timing issue.
1523075 BGP session with VRRP virtual address used might not come up after a flap
Product-Group=junos
When VRRP virtual address is configured and used to set up a BGP session with the remote side, under rare timing conditions, BGP peer establishment may get rejected repetitively.
1532414 The L3VPN routes may be added to FIB on route reflector
Product-Group=junos
In L3VPN scenario with in-line RR (Route Reflector) which has an export policy with next-hop self to advertise all transit L3VPN routes to its clients and also uses route-target family, the undesired L3VPN routes may be pushed to FIB (Forwarding Information Base) after enabling/disabling route-target family on the RR or a new BGP peer joins a group with 'next-hop self'.
1538491 Configuring 'then next-hop' and 'then reject' on a route policy for the same route might cause rpd crash
Product-Group=junos
On all Junos platforms with BGP enabled, if a policy is setting 'then next-hop' and 'then reject' at the same time for the same prefix, rpd crash might be seen. Like the following: set policy-options policy-statement xxx term 1 from route-filter xxx set policy-options policy-statement xxx term 1 then next-hop ... set policy-options policy-statement xxx term 2 then reject
PR Number Synopsis Category: MPC5/6E pfe microcode software
1453575 The FPC might crash due to the memory corruption in JNH pool
Product-Group=junos
On all Trio-based platforms, after the restart of the fabric plane, the FPC might crash due to memory corruption in the JNH pool.
PR Number Synopsis Category: PTX Chassis Manager
1462987 On the PTX3000 or PTX5000 routers, PICs might restart if the QSFP optics get overheated.
Product-Group=junos
On PTX3K/5K platform with P3-24-U-QSFP28/P3-15-U-QSFP28/P3-10-U-QSFP28 PIC used, if the temperature of QSFP optics is overheated, the PIC might restart.
PR Number Synopsis Category: Device Configuration Daemon
1519334 Buffer overflow vulnerability in device control daemon (CVE-2020-1664).
Product-Group=junos
A stack buffer overflow vulnerability in the device control daemon (DCD) on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service (DoS) against the daemon or execute arbitrary code in the system with root privilege. Please refer to https://kb.juniper.net/JSA11061 for more information.
1539991 The logical interface might flap after adding or deleting native VLAN configuration
Product-Group=junos
On EX/QFX platforms, the unrelated logical interface on a physical interface would flap when adding or deleting native VLAN configuration on the physical interface.
1544257 Subscribers might logout then login after loopback address is changed
Product-Group=junos
On MX platform, under subscriber environment and unnumbered IP address borrowed from the loopback interface configured on Demux interface and Aggregated Ethernet (AE) interface, subscriber session might flap if IP address of the loopback interface IP is changed. Please refer to workaround provided when this issue hit.
PR Number Synopsis Category: Covers Application classification workflows apart from custo
1516969 The flowd srxpfe process might stop when SSL proxy and AppSecure process traffic simultaneously.
Product-Group=junos
On all SRX Platforms, the flowd/srxpfe process might crash when SSL proxy and AppSecure/IDP process traffic simultaneously.
PR Number Synopsis Category: Manageability for Node Virtualization
1532642 Delete the jmgmt0 interface's address may fail if using the shortened version of the CLI command
Product-Group=junosvae
In the Junos node slicing scenario, the deletion of the jmgmt0 interface's address might fail if using the shortened version of the CLI command (delete groups server0 interfaces jmgmt0).
PR Number Synopsis Category: JUNOS Dynamic Profile Configuration Infrastructure
1526934 Family IPv6 is not coming up for L2TP subscriber when additional attributes are not passed in the Framed-IPv6-Route VSA.
Product-Group=junos
In DHCP/PPP Subscriber scenario with IPv6 dynamic-profile configured, all the additional attributes (route prefix, next-hop, metric, preference, tag) for IPv6 access route must be fully specified in dynamic-profile and passed via RADIUS server, otherwise family inet6 might not come up.
1555476 show dynamic-profile session client-id' displays only one v6 framed-route information
Product-Group=junos
show dynamic-profile session client-id' displays only one v4 and v6 framed-route information, while two or more routes could be returned/configured.
PR Number Synopsis Category: Ethernet OAM (LFM)
1500048 FPC crash might be observed with inline mode CFM configured.
Product-Group=junos
On the Junos platforms with inline mode CFM (Connectivity Fault Management) configured, if there are several CFM adjacencies flapping, due to the flaw in the CFM module to process the error-adjacencies messages, the FPC may crash alongside with NPC core-dump file generated. All services/traffic configured on the FPC will see outage till FPC recovers from an automatic reboot.
PR Number Synopsis Category: mgd, ddl, odl infra issues
1458345 "persist-groups-inheritance" causes the "mustd" process to crash and issues commit failure
Product-Group=junos
"persist-groups-inheritance" configuration option causes the "mustd" process to crash when one performs the "commit" action.
PR Number Synopsis Category: EVPN control plane issues
1439537 The rpd process may crash after committing changes in the EVPN environment
Product-Group=junos
On all Junos platforms with EVPN configured, the rpd process may crash after committing any configuration changes if there is an existing MAC entry received from multiple sources and trying to update the latest source. Traffic loss may be observed due to the rpd crash.
1502984 The BUM traffic loss may be seen in a rare condition under EVPN-MPLS multihoming scenario
Product-Group=junos
In a rare condition with EVPN-MPLS multihoming configured, the BUM traffic loss may be seen which is caused by packets forwarding with incorrect IM (Inclusive Multicast) and SH (Split Horizon) labels.
1547275 VLAN ID information is missed while installing the EVPN route from the BGP Type 2 Route after modifying a routing-instance from instance-type EVPN to instance-type virtual-switch.
Product-Group=junos
VLAN ID information might be missing while installing the EVPN route from the BGP Type 2 Route after modifying a routing-instance from "instance-type evpn" to "instance-type virtual-switch". As a result, the data traffic sent via these EVPN routes doesn't push vlan-id in the inner Ethernet Header. This might result in traffic getting discarded on the remote PE.
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1520078 Unable to create a new VTEP interface.
Product-Group=junos
In all platforms with VXLAN Static VTEP tunnels scenario (including Static VXLAN without EVPN), after RE switchover or restart of l2-learning, if create a new VTEP interface, the interface may not work.
1535515 All the ARP reply packets towards to some address are flooded across the entire fabric
Product-Group=junos
In the EVPN-VXLAN scenario, if the spine has irb and the leaves don't have irb, and the leaves have multi-home interfaces, the ARP reply packets flooding across the entire fabric might be seen.
PR Number Synopsis Category: Sflow on qfx10k/ptx series PRs for defect & enhancement req
1521732 Output interface index in the sFLOW packet is zero when transit traffic is observed on the IRB interface with VRRP enabled.
Product-Group=junos
When VRRP is enabled on IRB interface and SFLOW is enabled on QFX10000 Series platforms, output interface Index in SFLOW packet will be zero for the traffic destined to VRRP MAC address.
PR Number Synopsis Category: Express PFE CoS Features
1531095 Packet loss is observed while validating the policer after restarting the chassis control.
Product-Group=junos
On QFX10K platforms, the classification for incoming mpls traffic based on the EXP(experimental) bits might not take into effect, and instead the traffic will get classified based on the default setting, due to which packet loss could be observed.
PR Number Synopsis Category: Express PFE MPLS Features
1515092 The routes update might fail upon the HMC memory issue and traffic impact might be seen.
Product-Group=junos
On PTX Series and QFX Series devices, in rare cases, HMC memory error might cause routes update failure and traffic impact on the Packet Forwarding Engine.
PR Number Synopsis Category: Internet Group Management Protocol
1520059 Packet loss might be observed while verifying traffic from access to core network for IPv4 or IPv6 interfaces.
Product-Group=junos
On EX2300-48T/EX2300-48P/EX2300-48MP, packet loss may be seen when L3 IPv4/IPv6 interface and route related configurations with IPv4/IPv6 unicast stream are configured. This issue might cause traffic drop. This issue happens if two different NH(Next Hop) IDs are programmed in the Hardware for same route but only one entry is maintained in the software.This issue is specific to 48 port EX2300 platforms and will not occur on other 12/24 ports EX2300, such as EX2300-24T, EX2300-24P, EX2300-24MP.
PR Number Synopsis Category: Kernel software for AE/AS/Container
1514146 The 100-Mbps SFP-FX transceiver is not supported on a satellite device in the Junos fusion setup.
Product-Group=junos
On satellite device in Junos Fusion setup, interfaces with 100M SFP-FX might not work properly.
PR Number Synopsis Category: ISIS routing protocol
1463650 IS-IS IPv6 multi-topology routes might flap every time when there is an unrelated commit under protocol stanza.
Product-Group=junos
With multi-topology enabled in ISIS globally hierarchy level, if some ISIS interfaces don't have IPv6 address, all ISIS IPv6 routes flap when committing any change under protocol stanza (e.g. 'protocol pim traceoption').
1482983 The output of the "show isis interface detail" command might be incorrect if wide-metrics-only is enabled for IS-IS and the ASCII representation of the metric in decimal is more than 6 characters long
Product-Group=junos
If 'wide-metrics-only' is enabled for any IS-IS level and a metric configured on the IS-IS enabled interface for that level has ASCII representation in decimal more than 6 characters long, this interface's metric for that level will be merged with 'priority' field value in the output of 'show isis interface detail'.
1526447 The IS-IS LSP database synchronization issue might be seen while using the flood-group feature.
Product-Group=junos
On all Junos platform, when flood-group is configured on interface under isis, if isis LSPs time out and then come up, the device sends only self-generated LSPs and doesn't increment the LSP updates received from neighbor which flapped. This is causing LSP database out of synchronization issue.
PR Number Synopsis Category: Adresses ALG issues found in JSF
1475031 Resolved Issues: 19.4R2 Application Layer Gateways (ALGs) SIP messages that need to be fragmented might be dropped by the SIP ALG.
Product-Group=junos
When SIP ALG is using, after payload changed by ALG, some SIP messages size maybe bigger than outgoing interface's MTU and need to be fragmented, that SIP messages might be dropped by SIP ALG.
PR Number Synopsis Category: JSR Infrastructure
1479156 The vSRX instance might restart unexpectedly.
Product-Group=junos
The srxpfe process generates core files when a socket-open error occurs during the initialization phase. Self-healing takes place when the srxpfe reboots and starts processing traffic.
PR Number Synopsis Category: Firewall Policy
1482200 Request security policies check output shows policies out of syn command.
Product-Group=junos
This issue affects an SRX system with large security policies (reproduced with 8000 policies). The result of the "request security policies check" cli command may display policies in the "out-of-sync" instead of "in-sync" state.
1544554 The flowd/srxpfe process might crash when SRX/NFX device running on Junos OS 18.2R1 or above where the unified policy feature is supported
Product-Group=junos
On SRX Series device running on Junos OS 18.2R1 or above, or NFX Series device running on NextGen Junos OS, the unified policy feature is supported, the flowd/srxpfe might crash.
PR Number Synopsis Category: IPSEC/IKE VPN
1522017 The traffic might be dropped when IPSec VPN with NAT-T enabled
Product-Group=junos
On SRX platforms, when IPSec VPN is configured with NAT-T enabled and VPN tunnel is established between two peers, if traffic is received from peer during VPN rekey, the traffic might be dropped in the VPN tunnel.
PR Number Synopsis Category: jsscd daemon
1511745 Static subscribers are logged out after creating a unit under demux0 interface.
Product-Group=junos
In MX platforms with static subscriber scenario, the existing static subscribers associated to a demux0 interface might be forced to log out after creating another unit under demux0 interface.
PR Number Synopsis Category: PFE infra to support jvision
1547698 SENSOR APP DWORD leak observed during the period of churn for routes bound to Sensor group
Product-Group=junos
SENSOR APP DWORD leak observed during the period of churn for routes bound to Sensor group. Sensor types that are affected are Segment Routing, Segment Routing-TE, LDP and RSVP LSPs.
PR Number Synopsis Category: Layer 2 Circuit issues
1511783 The rpd might crash after removing the last interface configured under the l2circuit neighbor
Product-Group=junos
On all Junos platforms, rpd crash may be observed after removing the last interface configured under the l2circuit neighbor which is in fact active.
PR Number Synopsis Category: Layer 2 Control Module
1463251 Configure any combination of VLANs and interfaces under VSTP/MSTP may cause VSTP/MSTP related configuration can not be committed
Product-Group=junos
On the EX platform, VSTP/MSTP related configuration might not be committed successfully if configure any combination of VLANs and interfaces under VSTP/MSTP to hit the maximum scale of 5219.
PR Number Synopsis Category: lacp protocol
1277144 LACP is not sending IFF_DOWN reason with destroy session request
Product-Group=junos
In current scenario when interface is going down then LACPD is not sending reason for destroy session request i.e IFF_DOWN(interface down). So the LACP session may not be destoried immediately until the LACP session times out.
1366825 RG1 failover occurs when RG0 failover is triggered
Product-Group=junos
RG1+ which is configured for interface-monitor, might fail over to the other node if RG0 failover is triggered.
PR Number Synopsis Category: Label Distribution Protocol
1527197 LDP routes might be deleted from MPLS routing table after RE switchover
Product-Group=junos
On all Junos platforms with NSR and segment routing for ISIS configured, LDP routes might be deleted on new master RE's MPLS routing table after RE switchover.
1538124 The rpd process might crash when the LDP route with indirect next hop is deleted on the aggregated Ethernet interface.
Product-Group=junos
If the Label Distribution Protocol (LDP) route with indirect next-hop exists (e.g. LDP egress-policy is used to advertise BGP route into LDP), the rpd might crash when the LDP route is deleted from the AE interface.
PR Number Synopsis Category: lldp sw on MX platform
1538482 DUT did not receive the LLDP packet from phone.
Product-Group=junos
On EX4300 platforms, the LLDP (Link Layer Discovery Protocol) neighborship with the VoIP (Voice over Internet Protocol) phones can't be established when LLDP is configured on the PoE (Power over Ethernet) enabled port on EX4300 and connects to the VoIP Phone.
PR Number Synopsis Category: SW PRs for MPC10E Interfaces
1491142 BCM8238X SerDes firmware did not complete tuning may be a false positive alarm.
Product-Group=junos
BCM8238X SerDes firmware did not complete tuning may be a false positive alarm.
PR Number Synopsis Category: Multiprotocol Label Switching
1517018 The rpd might crash after upgrading Junos OS Release 18.1 to 18.1 and later releases.
Product-Group=junos
The rpd might continuously crash after upgrading pre Junos OS Release 18.1 to Junos OS Release 18.1 and later while graceful-restart and RSVP/static LSP are configured. This is because there is a change in the data structure written to the restart database file from Junos OS Release 18.1 and later. So, when rpd comes up and tries to read the restart database file written by pre Junos OS Release 18.1 image, the rpd might crash.
PR Number Synopsis Category: Multicast Routing
1555518 It might fail in sending multicast traffic to downstream receiver on Trio based VC platforms
Product-Group=junos
On Trio based Virtual Chassis (VC) platform, when there are multicast tunneled packets being received, which come into the Virtual Chassis Ports (VCP) and then pop out of the tunnel, if the VCP ports and the interfaces where multicast packets enter/leave the router are located on the same Packet Forwarding Engine (PFE), it might fail in sending multicast traffic to downstream receiver due to this issue.
PR Number Synopsis Category: Jflow and sflow on MX
1487876 Incorrect frame length of 132 bytes might be captured in the packet header.
Product-Group=junos
On all MX/PTX5k/EX platforms with Trio based line cards, if a packet is send with more than 128 bytes it will always show incorrect "Frame length" of 132 bytes in raw packet header of sflow collector captured data.
PR Number Synopsis Category: IDS features available on MS-MPC/MIC
1527236 After applying ids-rules to service-set, high session rate is observed even without any DDos traffic
Product-Group=junos
On MX platforms with MS-MIC/MS-PIC, if applying IDS filter and reaching high CPU state, the session rate stay high even without any DDos traffic which may lead to dropping of new session requests.
PR Number Synopsis Category: OS IPv4/ARP/ICMPv4
1496429 Routing Engine crash might be seen when a large number of next hops are quickly deleted and readded in large ARP/ND scale scenario.
Product-Group=junos
On all Junos platforms with large ARP/ND scale scenario, if a large number of nexthops are deleted and re-added very quickly (such as a result of link flap), the memory corruption might occur and eventually cause RE crash.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1518898 The kernel might crash if a file/directory is accessed for the first time and is not created locally.
Product-Group=junos
On the Junos with Virtual Filesystem (VirtFS), if a file/directory is accessed for the first time and is not created locally, the kernel might crash and generate a vmcore file. Junos might reboot due to this issue.
1537696 Errors might be seen when dumping vmcore on EX2300/EX3400 series
Product-Group=junos
On EX2300/EX3400, the vmcore might not be available and the device might hang while trying to generate core files via the rescue kernel. This might be caused by the ARM dumper device supporting only a fixed 512 byte block size, rather than scaling to any block size. This might cause loss of debug ability for the device.
PR Number Synopsis Category: Kernel Stats Infrastructure
1508442 SNMP polling might return unexpectedly high value of ifHCOutOctets counter for physical interface when any jnxDom OID is processed at the same time.
Product-Group=junos
When actual transmitted load is configured for interface as: set interfaces interface-transmit-statistics And ifHCOutOctets OID is polling together with any jnxDom OIDs for the same interface with time interval between pollings equal or less then one second, the resulted value of ifHCOutOctets may be unexpectedly high
1522561 OID ifOutDiscards reports zero and sometimes shows valid value.
Product-Group=junos
OID ifOutDiscards reports zero and sometimes shows valid value. user@router> show snmp mib get ifOutDiscards.514 | refresh 3 ---(refreshed at 2020-07-10 12:54:07 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:10 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:13 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:16 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:19 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:22 IST)--- ifOutDiscards.514 = 241974 ---(refreshed at 2020-07-10 12:54:25 IST)--- ifOutDiscards.514 = 241974 ---(refreshed at 2020-07-10 12:54:28 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:31 IST)--- ifOutDiscards.514 = 0
PR Number Synopsis Category: OSPF routing protocol
1525870 The OSPFv3 adjacency should not be established when IPsec authentication is enabled.
Product-Group=junos
On EX4300 platforms, the OSPFv3 configured with IPsec authentication after device reboots, the OSPFv3 adjacency should not be established, while do the same configuration before device reboots, the adjacency should be established.
PR Number Synopsis Category: Used for tracking OVSDB software issues and features
1518807 The vgd process might generate a core file when the OVSDB server restarts.
Product-Group=junos
On all Junos platforms that support OVSDB (Open vSwitch database), the vgd core might get generated when the OVSDB server is restarted. The vgd daemon restart after the core might cause traffic impact. This issue happens when OVSDB server is disconnected and the device (switch/router) sends some updates events to server.
PR Number Synopsis Category: Express Paradise PFE Sflow
1525589 Sampling with the rate limiter command enabled, crosses the sample rate 65535.
Product-Group=junos
'show sflow Interfaces' command displays wrong adaptive-sampling rates for rate limiter configuration. The display usually shows a sampling rate of more than 65535.
PR Number Synopsis Category: Protocol Independant Multicast
1487636 The rpd might crash when perform GRES with MSDP configured
Product-Group=junos
On all Junos platforms, when execute Graceful Routing Engine Switchover (GRES) with Multicast Source Discovery Protocol (MSDP) enabled, rpd might crash on new master Routing Engine (RE). The issue could be automatically recovered after rpd successful self-restart. This is a timing and regression issue.
PR Number Synopsis Category: vMX Platform Infrastructure related issue tracking
1548422 Traffic with jumbo frame may be discarded on the vMX platforms
Product-Group=junos
On the VMX platforms which are installed on ESXI 6.7 with vmxnet3 driver, traffic with jumbo frame (Packets with MTU more than 1500) may be discarded upon receiving.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1462582 "entPhysicalTable" MIB is not fetching expected data on QFX10002-72Q / 36Q platforms
Product-Group=junos
"entPhysicalTable" MIB is not fetching expected data on QFX10002-72Q / 36Q platforms
1507044 The archival function might fail in certain conditions.
Product-Group=junos
If the archival function is enabled with the statement "routing-instance" and transfer mode is set as SFTP/SCP for archive-sites, it may not work and fail to transfer the files.
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1462748 On the QFX5100 switches, the interface output counter is double counted for self-generated traffic.
Product-Group=junos
On QFX5100 device, interface output counter is double counted for self-generated traffic
1538340 Interfaces are not created after channel-speed 10g is applied across ports 48 to 53 on QFX5100-48T
Product-Group=junos
After channelizing port 48 through 53 and channel speed, the interfaces are down on QFX5100-48T platform. This issue causes interfaces are deleted and traffic might be dropped.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1454527 On the QFX5000 line of switches, the dcpfe process crashes due to the usage of data that is not null getting terminated.
Product-Group=junosvae
The dcpfe crash is due to usage of data which is not NULL terminated on QFX5K.
1508611 The fxpc may crash and restart with a fxpc core file created while installing the image through ZTP.
Product-Group=junos
On QFX5100/EX4600 Series platforms, the fxpc may crash sometimes while installing an image through ZTP.
1520956 QFX5100: cprod timeout triggers high CPU (100%)
Product-Group=junos
In QFX5100, you might get into a high CPU (CPU running at 100%) situation when a "cprod" command timed out.
PR Number Synopsis Category: QFX PFE Class of Services
1430173 The CoS rewrite rules applied under an aggregated Ethernet interface might not take effect after NSSU.
Product-Group=junos
On QFX 5K platform, Class of Service (CoS) rewrite rules applied under an Aggregated Ethernet (AE) interface might not take effect after Non-Stop Software Upgrade (NSSU). In the end, packets could not enter into correct queues for sending.
PR Number Synopsis Category: DCBX
1517030 The dcpfe process might crash due to memory leak.
Product-Group=junos
On all QFX5K/QFX3600/EX4600 series platform, if the 'dcpfe' process continuously detaches and reattaches port. For example, due to interface instability, it might cause memory leak. If all the memory is exhausted then the 'dcpfe' process crashes and linecard reboots.
PR Number Synopsis Category: Filters
1514710 In the VXLAN configuration, the firewall filters might not be loaded into the TCAM with the following message due to TCAM overflow after upgrading to Releases 18.1R3-S1, 18.2R1, and later : DFWE ERROR DFW: Cannot program filter.
Product-Group=junos
n QFX5000/EX4600 platforms with VxLAN scenario, firewall filters loading failure might happen due to Ternary Content Addressable Memory(TCAM) overflow, which may cause traffic impact if the Junos version is upgraded to 18.1R3-S1 / 18.2R1 or higher. This is because IPACL VxLAN filter is introduced on that releases to replace regular IPACL for VxLAN VLANs. And after upgrade, IPACL VxLAN filter needs more entries in TACM compared with regular IPACL, which makes TCAM to overflow, and even traffic will be impacted.
PR Number Synopsis Category: QFX L2 PFE
1504354 LLDP is not acquired when native-vlan-id and tagged VLAN-ID are the same on a port.
Product-Group=junos
On QFX5000 platforms running with Link Layer Discovery Protocol (LLDP) configured, if the interface has both native-vlan-id and vlan-id configured, and the native-vlan-id and vlan-id have the same value, LLDP neighborship might be unable to setup on that particular interface due to this issue.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1458206 Dual Tag Q-in-Q not working with EVPN-VXLAN
Product-Group=junos
In EVPN-VXLAN with retaining S-VLAN Tags and C-VLAN tags scenario, both S-VLAN and C-VLAN tags are treated as the data of a packet when it is transported. when a dual-tagged ARP packet arrives at ingress PE, the device could only recognize either untagged ARP packet or single tag ARP packet, and if it is not, the device will assume that it is not an ARP packet. Since ARP resolution fails, all subsequent communication will not happen.
1484440 IRB MAC will not be programmed in hardware when MAC persistence timer expires
Product-Group=junos
On QFX5XXX/EX46XX virtual chassis platforms with GRES, if an IRB interface is configured with members across master and backup REs, and when mac-persistence-timer expires, the new MAC address of the IRB interface might not be programmed in hardware, which might result in failure on protocols and traffic.
1512712 Display issue, Virtual Chassis environment, Configured num-65-127-prefix value is shown incorrect for the command O/P "show chassis forwarding-options"
Product-Group=junos
Display issue, In a Virtual Chassis environment, Configured num-65-127-prefix value is shown incorrect for the command O/P "show chassis forwarding-options" for the FPC which is not local (Backup and line card members of the VC)
1530602 The dcpfe process core may be seen if L3VPN service is configured with an MPLS enabling AE interface
Product-Group=junos
On QFX5000 platforms with MPLS enabled on the AE interface, the intermittent dcpfe process core might be seen if the L3VPN service is configured. When it happens, traffic loss might be seen during the dcpfe crash and restart.
PR Number Synopsis Category: QFX EVPN / VxLAN
1516653 The MAC learning might not work properly after multiple MTU changes on the access port in the VXLAN scenario.
Product-Group=junosvae
On QFX5120 platform running with Virtual Extensible LAN protocol (VxLAN) scenario, if there are multiple iterations of MTU change on the access port which faces Customer Edge (CE) side, for example, 20 iterations under the scale with around 100 VLAN to VXLAN Network Identifier (VNI) mapping, the MAC learning on the access port might not be able to work properly due to this issue.
PR Number Synopsis Category: QFX VC Infrastructure
1497563 Virtual Chassis is not stable with 100-Gigabit Ethernet and 40-Gigabit Ethernet interfaces.
Product-Group=junos
In QFX5110 platform with Virtual Chassis (VC) scenario, VC might not get formed and can cause traffic loss if the 100G VCP ports are deleted and created, or changed from 40G to 100G or vice-versa. For the reason is that Forward Error Correction (FEC) should not be enabled when the physical interface is working as a VCP port.
1548079 Backup RE clears the reporting alarm for a PEM failure intermittently for a missing power source on a QFX5100 VC
Product-Group=junos
The PEM failure alarm for a missing power source on a QFX5100 VC is incorrectly being toggled on the Backup RE
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1458595 The rpd crash might be seen if BGP route is resolved over the same prefix protocol next-hop in inet.3 table that has both RSVP and LDP routes.
Product-Group=junos
In race condition, if a BGP route is resolved over the same prefix protocol next hop in a routing table that has routes of the prefix from different routing protocols, when the routes are flapping (firstly these routes are down and then up), the BGP route will be re-resolved, and then the rpd crash might be seen.
1534455 Some routes might get incorrectly programmed in the kernel which is no longer present in rpd
Product-Group=junos
In a scaled routes scenario, if there is any route change operation when the system is under memory pressure, the rpd might change a route entry but the same is not conveyed to the kernel. This causes a mismatch between routes in rpd and kernel leading to traffic blackhole for the mismatched route entries that are incorrectly programmed in the kernel.
PR Number Synopsis Category: RPD policy options
1523891 The policy configuration might be mismatched between rpd and mgd when "deactivate policy-options prefix-list" is involved in configuration sequence
Product-Group=junos
If "deactivate policy-options prefix-list" is involved in configuration sequence along with other policy configurations, the mgd process might not notify the rpd process about the policy configuration changes after committing the configuration. This can cause the policy configuration to be out-of-synchronization between policy database used by rpd and configuration database used by mgd. Due to the missing policy entries in policy database, later the rpd might crash when accessing these entries via CLI command like "show policy".
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1421566 Some LDP routes in VRF cannot be resolved over the inet.3 table
Product-Group=junos
Any route that is added to the rib will be resolved over predefined tables, and the resolution tables for a given protocol are fixed. LDP routes added to foo.mpls.0, the resolution table is not initialized due to this NULL access happen to lead to the core.
1498377 The route entries might be unstable after being imported into inet6.x RIB through rib-group.
Product-Group=junos
When inet6.x (such as 6.1/6.2/6.3, and so on) is used as a non-primary RIB by rib-group, the import function issue might cause the route entries not to be modified correctly for IPv6 format, it might lead the received routes not to be imported successfully into the inet6.x RIB of the routing protocols. Then the network reachability might be impacted.
1507638 On all Junos OS dual-Routing Engine GRES/NSR enabled routers, RPD might crash on a new master Routing Engine if Routing Engine switchover occurs right after a massive routing-instances deletion.
Product-Group=junos
On all Junos platforms, if GRES and NSR are enabled at a dual-RE router and if RE switchover happens (either manually or due to some other reasons) right after deleting a big number of routing instances, then rpd at a new master RE could crash once. Once a new master RPD crashed, it will restart by itself.
PR Number Synopsis Category: Resource Reservation Protocol
1516657 RPD scheduler might slip after link flap
Product-Group=junos
On all Junos platforms with RSVP-TE configured, when a transit router carries a large number of LSP's (for example, 60k and higher) and all those LSPs undergo FRR (for example, when link carrying large number of LSP's flap) then, the rpd scheduler might slip and LDP session tear down might be observed after the link flap.
1524736 The inter-domain LSP with loose next hop path might get stuck in down state.
Product-Group=junos
In the scenario of inter-domain LSP with loose next-hops path, when expanding the loose hop at the Area Border Router (ABR) / Autonomous System Border Router (ASBR), the LSP might not come up properly if the incoming link of the LSP at the ABR/ASBR is an unnumbered interface.
PR Number Synopsis Category: RPM and TWAMP
1541808 The rmopd process memory leak might be seen if TWAMP client is configured
Product-Group=junos
If TWAMP (Two-Way Active Measurement Protocol) client is configured, memory leak in rmopd process may be observed after executing "request services rpm twamp start client" command.
PR Number Synopsis Category: jflow/monitoring services
1517646 The srrd process might crash in a high route churns scenario or if the process flaps
Product-Group=junos
On all Junos OS platforms with inline Jflow enabled, the sampled route reflector process (srrd) might crash in a scenario where there are high route churns or flaps in the system. This is a rare timing issue and because of the crash, the Jflow export might report older route information for sometime.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1482400 The vmcore process crashes sometimes along with the mspmand process on MS-MPC/MS-MIC if large-scale traffic flows are processed
Product-Group=junos
With NAT/Stateful-firewall/TCP tickle (enable by default) configured on MS-MPC/MS-MIC, the vmcore crash sometimes along with mspmand crash might happen if large-scale traffic flows (e.g. million flows) are processed by it.
1489942 Prolonged flow control might occur with MS-MPC or MS-MIC.
Product-Group=junos
On MX platforms with MS-MPC/MS-MIC, if there are lots of self-generated packets like TCP-tickle and UDP-logging, there might be data congestion on the data path due to no throttling functionality for such types of packets. When the data path is blocked, prolonged flow-control might happen with the service interfaces being brought down and the PIC reboot. At the same time, the mspmand core file will be generated if dump-on-flow-control is enabled.
PR Number Synopsis Category: MX10003/MX204 Platform SW - Chassisd s/w defects
1315577 MX10003 : Despite of having all AC low PEM alarm is raised.
Product-Group=junosvae
An alarm is raised if mixed AC PEMs are present. This occurs because the criteria for checking whether mixed AC is present was changed.
PR Number Synopsis Category: MX10002 Platform SW - Platform s/w defects
1468642 MX10003/MX204 - Temperature sensor name for PEMs under show chassis environment pem is incorrect
Product-Group=junos
On MX10003 and MX204 routers, temperature sensor name for PEMs under show chassis environment pem is incorrect
PR Number Synopsis Category: MX10003/MX204 Linux issues (including driver issues)
1492121 MX10003 RCB always detect fire temp and shutdown in short time after downgrade.
Product-Group=junosvae
On the MX10003 platform, if we upgrade or downgrade Junos software from a set of original releases to a set of target releases, the system might detect incorrect temperature values and shutdown. The set of the original releases are: Junos 18.2R3, 18.3R3, 18.4R2, 19.1R2, 19.2R1, 19.3R1. The set of the target releases are: Junos pre-18.2R3, pre-18.3R3, pre-18.4R2, pre-19.1R2, pre-19.2R1, and pre-19.3R1 releases
PR Number Synopsis Category: SRX-1RU platfom related protocol, QoS, filtering features et
1515046 VRRP does not work on the redundant Ethernet interface with a VLAN ID greater than 1023.
Product-Group=junos
When a redundant Ethernet (reth) interface has vlan-tagging configured and is part of a VRRP group, the SRX/vSRX is unable to allocate the VIP to the reth interface if the vlan-id configured is greater than 1023. As a result, VRRP does not work.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1501014 Traffic to VRRP virtual IP/MAC might be dropped when ingress queueing is enabled.
Product-Group=junos
On MX platforms with any MPC in enhanced network-service mode, if VRRP is configured on AE interface, after 'set chassis fpc X pic X traffic-manager mode ingress-and-egress' is enabled, traffic sent to virtual IP/MAC might be dropped and the forward traffic will be affected.
1502867 Traffic originated from another subnet is sent out with 0x8100 instead of 0x88a8.
Product-Group=junos
On the MX platforms with MPC7/8/9 installed, when an interface configured with vlan-tags outer tpid (tag protocol ID) 0x88a8 on these line cards, traffic originated from another subnet will be sent out with 0x8100. It will cause traffic to get dropped at the remote site.
1533767 PPE errors/traps might be observed in L2 flooding scenarios
Product-Group=junos
On Junos platforms with MPC1~4/MPC-3D-16XGE/T4000-FPC5/ EX9200-4QS/EX9200-2C-8XS/EX9200-MPC/EX9200-32XS/ SRX5K-SPC-4-15-320/SRX5K-MPC, when broadcast/multicast packets from access as transit traffic flooding in a bridge-domain (for example: multicast OSPF packets entering EVPN instance, these OSPF packets are being handled as transient packets), all packets except IPv6 NS (Neighbor Solicitation) might be dropped because of traps.
1533857 FPC crash might be observed when the ASIC's NH memory exhausted in the EVPN-MPLS scenario
Product-Group=junos
On all MX/EX92xx platforms with EVPN-MPLS configured, NH (Next-Hop) memory leak in Trio ASIC happens whenever there is a route churn for remote MAC-IP entries learned bound to the IRB interface in EVPN-MPLS routing-instance. When the ASIC's NH memory partition exhausted (free% NH memory is close to 20% or below), which will result in the line card to reboot.
1542211 Trio-based FPC might crash when the underlying layer 2 interface for ARP over IRB interface is changed from physical interface to LSI interface
Product-Group=junos
This issue applies to a Trio-based FPC using the integrated routing and bridging (IRB) interface with a VPLS instance using the label-switched interface (LSI) to provide VPLS functionality. The FPC may restart unexpectedly. The restart is triggered when the underlying layer-2 interface for ARP over IRB interface changes from the physical interface to the LSI interface.
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1478279 FPC memory leak might happen after executing show pfe route.
Product-Group=junos
On all Junos OS platforms, if the command "show pfe route " is executed to dump the Packet Forwarding Engine (PFE) routes, and then the routes get deleted by some events (for example, Virtual Routing and Forwarding (VRF) configuration removal or Border Gateway Protocol (BGP) flap), the FPC memory leak might happen due to this issue. In large scaled scenario, the memory leak will increase by a large amount, which might be easier to cause FPC crash.
PR Number Synopsis Category: Trio pfe mpls- lsps,rsvp,vpns- ccc, tcc software
1452866 The traffic might silently get dropped and discarded after the LACP timeout.
Product-Group=junos
In Link Aggregation Control Protocol (LACP) with Unilist next-hop scenario, when Resource Reservation Protocol (RSVP) protection or BGP Prefix-Independent Convergence (PIC)is used, if the LACP interface flapping happens fast enough, which might cause traffic blackhole. Due to a delay which causes the first "link down message" arriving at Packet Forwarding Engine (PFE) after the "link up message" already being received. So that PFE marks both of the primary and backup next-hop as unusable. (This is a timing issue)
PR Number Synopsis Category: Issues related to port-mirroring functionality on JUNOS
1542500 Port mirroring with maximum-packet-length configuration does not work over GRE interface
Product-Group=junos
Port mirroring with maximum-packet-length configuration does not work over GRE interface on MX204. While constructing GRE header, the clipping aspect of inner packet was not accounted earlier. If the inner packet is truncated, the outer GRE header packet size must use the new size (clipped size) to calculate the total length of outer header.
PR Number Synopsis Category: Web-Management UI
1513612 On the EX2300 and EX3400 devices, installing J-Web application package might fail.
Product-Group=junos
On the EX2300/EX3400 platforms, J-Web application package may fail to be installed with the affected releases.
PR Number Synopsis Category: VMHOST platforms software
1446205 The jfirmware upgrade might fail on certain MX platforms with SCBE3
Product-Group=junos
On certain MX platforms having RE-S-2X00x6 and Enhanced MX-SCB installed, an error might be observed during the installation of jfirmware upgrade package which causes the installation to fail.
PR Number Synopsis Category: Virtual Router Redundancy Protocol
1526851 When SRX receives proxy ARP request on VRRP interface, SRX sends ARP reply with underlying interface MAC address
Product-Group=junos
On SRX Series devices with VRRP scenario, the proxy ARP reply uses interface MAC address instead of VRRP MAC address if the VRRP is configured on some IFL and the proxy-arp is configured on same IFL, traffic loss may occur.
 

18.3R3-S4 - List of Known issues
PR Number Synopsis Category: SFI Infra-structure
1485038 The following error message is observed continuously in AD with base configurations: IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) failed.
Product-Group=junos
EX 9251 Summit-B54 : "IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) error message is observed continuously in AD with base configurations.
PR Number Synopsis Category: Marvell based EX PFE ACL
1434927 The FPC crashes with pfem generating core file might be seen if large-scale number of firewall filters are configured.
Product-Group=junos
On EX Series switches, If you are configuring a large-scale number of firewall filters on some interfaces, the FPC might crash and generate core files.
PR Number Synopsis Category: Marvell based EX PFE L3
1557229 Traffic related to IRB interface might be dropped when mac-persistence-timer expires
Product-Group=junos
On EX3400/EX4400/EX4300MP virtual chassis (VC) platforms, if the IRB interface is configured with members across master and backup VC, the new MAC address of the IRB interface might not be programmed in hardware after mac-persistence-timer expires. This might result in all traffic related to the IRB interface be dropped.
PR Number Synopsis Category: Marvell based EX PFE MISC
1232403 HSRPv2 IPV6 packets might get dropped if IGMP-snooping is enabled.
Product-Group=junos
On EX Series switches except EX4300/EX4600/EX9200, an interface is configured for single vlan or multiple vlans, if all these vlans of this interface have igmp-snooping enabled, then this interface will drop HSRPv2 (Hot Standby Router Protocol for IPv6) packets. But if some vlans do not have igmp-snooping enabled, then this interface is working fine.
PR Number Synopsis Category: Cassis XQ related issues
1464297 On the MX960 router, the following error message might be observed: SCHED L4NP[0] Parity errors.
Product-Group=junos
This PR along with an earlier PR1232952 address the issue completely, so JUNOS version in question should have fix for these two PRs to address this issue completely.
PR Number Synopsis Category: NFX Series Platform Software
1462556 Junos OS: NFX350: Password hashes stored in world-readable format (CVE-2020-1669)
Product-Group=junos
The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. Refer to https://kb.juniper.net/JSA11066 for more information.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1407175 On the QFX-5100 Virtual Chassis or Virtual Chassis Fan, the following error is observed in the hardware with the mini-PDT base configurations: BRCM_NH-,brcm_nh_bdvlan_ucast_uninstall(), 128:l3 nh 6594 unintsall failed.
Product-Group=junos
On QFX5100 Virtual Chassis or Virtual Chassis fabric, when the mini-PDT-base configuration is issued, the following error message is seen in the hardware: BRCM_NH-,brcm_nh_bdvlan_ucast_uninstall(), 128:l3 nh 6594 unintsall failed. There is no functionality impact because of this error message.
PR Number Synopsis Category: CoS support on ACX
1522941 The show class-of-service interface command does not show classifier information.
Product-Group=junos
This is a display issue. Due to misread in PFE registers, classifier is not shown in "show class-of-service interface" output
PR Number Synopsis Category: JUNOS kernel/ukernel changes for ACX
1481151 Memory utilization enhancement is needed.
Product-Group=junos
RPD memory chunk size is optimized for the ACX platform to reduce the memory footprint.
PR Number Synopsis Category: ACX MPLS
1488614 Local switching in VPLS in ACX does not carry the inner vlan with input-vlan-map pop and output-vlan-map push operation
Product-Group=junos
In VPLS local switching scenario, the packet can never be double tagged even if we have a push operation in output vlan map. As it is a Product limitation.
PR Number Synopsis Category: ACX PFE
1231621 Table Full error messages are seen after ldp routes flaps multiple times
Product-Group=junos
Following error logs will be seen on an scenario on which number of mpls-tunnel is over limit for the platform: - acx_nh_mpls_tunnel_install(),1076:acx_nh_mpls_tunnel_install: BCM TNL InitiatorSet failed for NH #### (Table full) As a consequence of previous error, following logs could be also seen: - fpc0 ACX_NH::acx_nh_l3_tag_hw_install(),#### :acx_nh_l3_tag_hw_install: Tunnel installed failed: NH #### - fpc0 NH: Failed to find nh (3662) for deletion When the error persist for a while we eventually get below: - ACX_NH::acx_nh_mpls_tunnel_uninstall(),1171:acx_nh_mpls_tunnel_uninstall: BCM L3 Egress destroy object failed for (-10:Operation still running) Note: > For ACX5000 series, the max number of MPLS-tunnel supported is 256x4. On scenarios with route flaps new tunnels will be created and we can reach limits during add/deletion, due to that, we recommend to avoid reaching over 1000 tunnels in normal operation. > To check number of tunnels use cli command: request pfe execute command "show pfe-hw mpls-tunnel" target fpc0
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1518106 The BFD sessions might flap continuously after disruptive switchover followed by GRES
Product-Group=junos
Disruptive switchover (no GRES or NSR configured) can lead to stale PPM entries programmed on the new master Routing Engine. If both GRES and NSR are activated after disruptive switchover and then a GRES switchover is performed, BFD sessions might flap continuously.
1522261 BFD with authentication for BGP flaps after GRES or NSR switchover on the NG-RE and SCBE2 setup.
Product-Group=junos
On the devices with NG-RE (Next Generation Routing Engine) and SCBE2 (Enhanced Switch Control Board), when BFD authentication for BGP is enabled, the BFD may flap after the NG-RE switchover. The switchover should be GRES or NSR switchover. After the flap, the device could be self recovery.
PR Number Synopsis Category: BBE Remote Access Server
1402653 The subscriber might need to take retry for login
Product-Group=junos
On all Junos platforms running in subscriber scenario with address pool configured, if the address pool has high usage so that only few addresses are free to allocate, when there are subscribers logout and login, the released address by one subscriber might get re-used and allocated to the other subscriber very soon. Due to this issue, syslog error messages might be seen, and the affected subscriber might need to take retry for login.
PR Number Synopsis Category: MPC5/6E pfe microcode software
1459698 Silent dropping of traffic upon interface flapping after DRD auto-recovery
Product-Group=junos
An interface stops forwarding traffic when MX software triggers a "DRD reorder timeout recovery" event followed by an interface flap on the same XM-chip. When the logic is triggered, message "cmtfpc_xmchip_drd_reorder_id_timeout_callback" will be reported in the PFE syslog messages. This issue affects XM-chip based MPCs (MPC3E/4E/5E/6E/2E-NG/3E-NG).
PR Number Synopsis Category: MX Platform SW - UI management
1537194 The chassisd memory leak may cause traffic loss
Product-Group=junos
On MX/PTX platforms with 18.1 or higher release, chassisd memory leak may be caused by configuration commit. When chassisd consumes ~3.4GB of memory it may crash, chassisd crash may cause GRES or/and FPC restart. If GRES is enabled, commits are being synchronized between REs, so backup RE chassisd may suffer from memory leak too.
PR Number Synopsis Category: Layer 3 forwarding, both v4+v6
1380145 ACX5448- Latency observed for Host generated ICMP traffic
Product-Group=junos
This ping latency behavior is expected for host generated ICMP traffic due to the design of PFE queue polling the packets from ASIC. lab@jtac-acx5448> ping 10.0.0.4 PING 10.0.0.4 (10.0.0.4): 56 data bytes 64 bytes from 10.0.0.4: icmp_seq=0 ttl=63 time=8.994 ms 64 bytes from 10.0.0.4: icmp_seq=1 ttl=63 time=49.370 ms 64 bytes from 10.0.0.4: icmp_seq=2 ttl=63 time=47.348 ms 64 bytes from 10.0.0.4: icmp_seq=3 ttl=63 time=45.411 ms <<< 64 bytes from 10.0.0.4: icmp_seq=4 ttl=63 time=106.449 ms <<< 64 bytes from 10.0.0.4: icmp_seq=5 ttl=63 time=79.697 ms <<< 64 bytes from 10.0.0.4: icmp_seq=6 ttl=63 time=37.489 ms <<< 64 bytes from 10.0.0.4: icmp_seq=7 ttl=63 time=31.436 ms << 64 bytes from 10.0.0.4: icmp_seq=8 ttl=63 time=35.460 ms << 64 bytes from 10.0.0.4: icmp_seq=9 ttl=63 time=77.198 ms << ^C --- 10.0.0.4 ping statistics --- 10 packets transmitted, 10 packets received, 0% packet loss round-trip min/avg/max/stddev = 8.994/51.885/106.449/26.824 ms
PR Number Synopsis Category: DNX VPLS
1532995 Memory leak is observed in the Local OutLif in the VPLS and CCC topology.
Product-Group=junos
In a VPLS/CCC topology with core link protection when one of the core link flaps or the remote CE flaps "Local OutLif" leak happens. Local OutLif Total entries: 196608 Used entries: 33335 Lowest entry: 0(0x0) /*Initially when vpls is up */ Local OutLif Total entries: 196608 Used entries: 33303 Lowest entry: 0(0x0) /*When VPLS is down*/ Local OutLif Total entries: 196608 Used entries: 33337 Lowest entry: 0(0x0) /*When VPLS is up again*/
PR Number Synopsis Category: Express PFE FW Features
1420560 On the PTX3000 routers, the firewall counter for lo0 does not increment.
Product-Group=junos
Issue will not be fixed in 19.1 release, will be fixed in subsequent releases.
PR Number Synopsis Category: SRX4100/SRX4200 platform software
1547053 On all SRX4100/4200, if PEM0 is removed, the output of jnxOperatingDescr.2 might be incomplete
Product-Group=junos
On all SRX4100/4200, if PEM0 is removed, the output of jnxOperatingDescr.2 might be incomplete
PR Number Synopsis Category: Firewall Policy
1454907 Traffic might be dropped when policies are changed in SRX Series devices
Product-Group=junos
If a huge number of policies are configured on SRX Series devices and some policies are changed, the traffic that matches the changed policies might be dropped.
PR Number Synopsis Category: IPSEC/IKE VPN
1517262 The flowd might crash in IPsec VPN scenario
Product-Group=junos
On SRX platforms with IPsec VPN configured, the flowd might crash during the IPsec VPN rekey window. The traffic/service might be impacted if hitting this issue.
PR Number Synopsis Category: Multicast for L3VPNs
1536903 MVPN: PIM (S,G) join state may stay forever when there are no MC receivers and source is inactive
Product-Group=junos
The problem can be seen in MVPN ASM scenario on a PE which has local MC source and receivers and RP is remote. If all receivers stop joining the group and MC source stops transmitting, corresponding PIM (S,G) state may remain indefinitely despite that. Due to the problem a router will maintain extra PIM state. Service is not impacted.
1546739 MVPN multicast route entry may not be properly updated with actual downstream interfaces list
Product-Group=junos
In multicast VPN RPT-SPT mode with both locally and remotely connected receivers, the multicast forwarding entry related to the actual downstream interfaces may not be properly updated. The issue may happen when multicast forwarding entry is created by locally connected PIM receiver, followed by remote receiver and after local receiver decides to prune its membership in that multicast group.
PR Number Synopsis Category: OSPF routing protocol
1256434 LDP OSPF are in synchronization state because the IGP interface is down with ldp-synchronization enabled for OSPF. user@host> show ospf interface ae100.0 extensive Interface State Area DR ID BDR ID Nbrs ae100.0 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 1 Type: P2P, Address: 10.0.60.93, Mask: 255.255.255.252, MTU: 9100, Cost: 1050 Adj count: 1 Hello: 10, Dead: 40, ReXmit: 2, Not Stub Auth type: MD5, Active key ID: 1, Start time: 1970 Jan 1 00:00:00 UTC Protection type: None Topology default (ID 0) -> Cost: 1050 LDP syn
Product-Group=junos
LDP OSPF are in synchronization state because the IGP interface is down with ldp-synchronization enabled for OSPF. user@host> show ospf interface ae100.0 extensive Interface State Area DR ID BDR ID Nbrs ae100.0 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 1 Type: P2P, Address: 10.0.60.93, Mask: 255.255.255.252, MTU: 9100, Cost: 1050 Adj count: 1 Hello: 10, Dead: 40, ReXmit: 2, Not Stub Auth type: MD5, Active key ID: 1, Start time: 1970 Jan 1 00:00:00 UTC Protection type: None Topology default (ID 0) -> Cost: 1050 LDP sync state: in sync, for: 00:04:03, reason: IGP interface down config holdtime: infinity. As per the current analysis, the IGP interface goes down because although LDP notified OSPF that LDP synchronization was achieved, OSPF is not able to take note of the LDP synchronization notification, because the OSPF neighbor is not up yet.
PR Number Synopsis Category: MPLS Point-to-Multipoint TE
1415384 p2mp sub-LSP down after transit link flap due to wrong computed ERO
Product-Group=junos
In a large scale P2MP LSP sub LSPs for example, if 1 P2MP have 100s of sub LSPs. If there is a path change in transit, the sub LSPs might repeatedly undergo MBB without switching over to a new path. This is due to by default the branch timeout is 30 second and if some branches were not able to recalculate/come up during this timeframe. LSPs resignal caused internal RSVP related tasks run behind in processing further control updates.
PR Number Synopsis Category: PE based L3 software
1500798 BFD sessions flap after deactivating or activating the aggregated Ethernet interface or executing GRES.
Product-Group=junos
On QFX10008 platforms, if the BFD is configured over an AE interface (member link across multiple FPCs), deactivating/activating the AE interface or executing GRES will cause the BFD sessions to flap.
PR Number Synopsis Category: PTX Broadway based PFE MPLS-LSPs RSVP VPNs tcc ccc software
1466659 IPv6 traffic might be dropped in a Layer 3 VPN network.
Product-Group=junos
On certain PTX and QFX platforms, IPv6 traffic might get affected in the L3VPN scenario between CEs.
PR Number Synopsis Category: Protocol Independant Multicast
1500125 Some PIM Join/Prune packets may not be processed for the first attempt in scale scenario under MVPN scenario
Product-Group=junos
On all Junos platforms with scaling MVPN scenario, some PIM Join/Prune messages may not be processed for the first attempt. For instance, a dedicated PIM router receives more than 2500 PIM hello packets from the new neighbors, followed by PIM Join packets for the same multicast group in a very short period of time.
PR Number Synopsis Category: QFX EVPN / VxLAN
1337275 The DF of an EVPN instance might flood all the ARP request back to the Ethernet Segment
Product-Group=junos
On QFX-5110 Series platforms with an EVPN deployment, the Designated Forwarder (DF) of an EVPN instance might flood all the ARP request back to the Ethernet Segment if 'forwarding-table chained-composite-next-hop ingress evpn' knob is configured. As a result, it may cause a loop between the leaf switches.
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1463112 RPD memory leak in RT_NEXTHOPS_TEMPLATE
Product-Group=junos
Junos releases having fix of PR1450123 might show RPD memory leak in RT_NEXTHOPS_TEMPLATE
PR Number Synopsis Category: SRX Argon module bugs
1450904 The AAMW policy rules for IMAP traffic sometimes might not get applied when traffic passes through SRX Series devices.
Product-Group=junos
AAMW policy rules for IMAP traffic sometimes might not get applied when the IMAP traffic passes through an SRX Series device.
PR Number Synopsis Category: MPC7/8/9 Interface Issues
1441816 Egress stream flush failure and traffic black hole might occur.
Product-Group=junos
Egress stream flush failure and silent dropping of traffic could occur in a rare occasion for a repeatedly flapping link on MPC7E, MPC8E, MPC9E cards, MX204 and MX10003.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1542537 In EVPN-MPLS scenario, BUM traffic is dropped during configuration changes.
Product-Group=junos
In evpn-mpls scenario, BUM(Broadcast, unknown-unicast and multicast) traffic would be dropped due to flood nexthop deletion during configuration changes on any of the PE node.
PR Number Synopsis Category: Trio pfe microcode software
1463718 On MX204 platform, Packet Forwarding Engine errors might occur when incoming GRE tunnel fragments (1) get sampled and (2) undergo inline reassembly.
Product-Group=junos
On MX204 platform, Packet Forwarding Engine (PFE) error messages might be seen when sampling, GRE tunnel termination and inline reassembly are all configured. The errors could cause packet buffer memory leak. Eventually, once packet buffer memory is exhausted, traffic will starting getting lost.
PR Number Synopsis Category: Virtual Router Redundancy Protocol
1558560 Junos device might send VRRP advertisement packets in VRRP init or idle state before startup-silent-period timer expiry after performing GRES on VRRP master device with NSR disabled
Product-Group=junos
If VRRP master device has dual REs and GRES enabled but NSR disabled, after performing GRES, both REs will move to VRRP init then idle state and the new master RE will send VRRP advertisement packets in this stage before startup-silent-period timer expiry. Since the VRRP backup device can still receive the VRRP advertisement packets with higher priority, it will not transition to VRRP master state and hence cause the longer traffic downtime until the VRRP master device re-take the VRRP mastership after startup-silent-period timer expiry.
 
Modification History:
First publication date 2021-01-02
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search