Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles18.3R3-S4: Software Release Notification for JUNOS Software Version 18.3R3-S4
Junos Software service Release version 18.3R3-S4 is now available.
18.3R3-S4 - List of Fixed issuesPR Number | Synopsis | Category: EX4300 PFE |
---|---|---|
1456879 | The traffic for some VLANs might not be forwarded when vlan-id-list is configured Product-Group=junos |
On EX4300 Series switches, if the vlan-id-list is used on one interface, the traffic for some VLANs under the vlan-id-list might not be forwarded. |
1518929 | On the EX4300 device, the redirected IP traffic is being duplicated. Product-Group=junos |
On EX4300 platforms with IRB/L3 interface, the redirected traffic with the source from another subnet is getting duplicated. |
1538401 | LLDP neighborship might not come up on EX4300 non-aggregated Ethernet interfaces. Product-Group=junos |
On EX4300 platform, LLDP might not work on non-AE (Aggregated Ethernet) interfaces. However, it works fine for AE interfaces. |
1548858 | The targeted-broadcast feature may not work after a reboot Product-Group=junos |
On EX4300 Series platforms, the targeted-broadcast feature may not work after a reboot. It can be seen that no target-broadcast packets are received on the targeted-broadcast interface. |
PR Number | Synopsis | Category: EX4300 CP general implementation |
1498903 | In some cases, if we have an OSPF session on the IRB over LAG interface with 40-Gigabit Ethernet port as member, the session gets stuck in restart. Product-Group=junosvae |
On the EX4300-48MP VC (Virtual Chassis), if the LAG (Link Aggregation Group) interface with member interfaces of 40G/100G is configured across the master and the standby FPCs of the VC, the OSPF configured on the IRB (Integrated Routing and Bridging) interface over this LAG might be stuck in "ExStart" state. The issue impacts the establishment of the OSPF neighbor. |
PR Number | Synopsis | Category: EX4300 routing implementation |
1514729 | ARP learning issue might be seen on EX4300-MP platform when configuring L3 gateway interfaces Product-Group=junos |
On EX4300-MP platform, when adding a L3 interface as gateway, the related IRB interface might be created failed on one FPC due to memory corruption, and some ARP entries are not learnt on the device. |
PR Number | Synopsis | Category: Marvell based EX PFE ACL |
1532670 | Firewall policer with discard action might fail on EX4300 Product-Group=junos |
On EX4300 switches, firewall policer discard action might fail to work. This might cause traffic to pass even it exceeds set policer bandwidth limits. |
PR Number | Synopsis | Category: EX2300/3400 CP |
1494712 | The authentication session might be terminated if the PEAP request is retransmitted by an authenticator. Product-Group=junos |
On all Junos platforms with 802.1X (dot1x) enabled, if Protected Extensible Authentication Protocol (PEAP) request is not replied by supplicant in default time interval, it could cause the authenticator to retransmit PEAP proposal method message with new Extensible Authentication Protocol (EAP) ID. The new EAP ID is different from EAP ID sent by authentication server. As a result, mismatching EAP ID issue could terminate authentication session. In the end, supplicant cannot access network. Please consider increasing 'supplicant-timeout' to prevent this issue from happening. |
PR Number | Synopsis | Category: EX2300/3400 PFE |
1427075 | The Virtual Chassis splits after the network topology changes. Product-Group=junos |
In Virtual Chassis scenario, when the interfaces flaps or VLAN configuration is changed frequently, the network topology will be changed accordingly, then CPU utilization will be dramatically increased to very high within a short time, which might cause the failure of essential communications between VC master and members. When the failure happens, FPC will automatically restart. As a result, VC is split and traffic is lost. |
1472350 | CoS 802.1p bits rewrite might not happen in Q-in-Q mode Product-Group=junos |
In EX2300/EX3400 platform with CoS rewrite scenario, if an 802.1p bits (single VLAN) rewrite is used for an SVLAN (outer VLAN) of Q-in-Q, the rewrite will do nothing. Due to the PFE can not parse the firewall rule for given filter match conditions. Therefore, some traffic processing does not work as customer's expectation. Note: EX4300 has no this issue. |
1525373 | Drops and dropped packets counters in the output value of the show interface extensive command are counted twice. Product-Group=junos |
"show interface ..." command shows wrong values for the "Drops" and "Drop Packet" counters. The actual value is half of the display values. |
PR Number | Synopsis | Category: QFX Multichassis Link Aggregrate |
1525234 | The dcpfe might crash when the ICL is disabled and then enabled Product-Group=junos |
On QFX5k platforms with MC-LAG (Multichassis Link Aggregation Groups) used, the dcpfe might crash when the ICL (Interchassis Link) is disabled and then enabled. Traffic loss might be seen during the dcpfe crash and restart. |
PR Number | Synopsis | Category: QFX Access control list |
1521763 | Firewall "sample" configuration gives the warning as unsupported on QFX10002-36Q and will not work. Product-Group=junos |
On QFX10002-36q, when inline-jflow is configured, the IPv4 firewall filter with 'sample' action gives a waring "unsupported platform" and will not work. On the other hand, the IPv6 firewall filter with 'sample' action will still work as expected. |
PR Number | Synopsis | Category: QFX PFE L2 |
1496766 | Flow control is enabled in PFE irrespective of interface configuration and the fix causes a very small amount of packet loss when a parameter related to an interface such as "interface description" on any port is changed. Product-Group=junos |
On QFX5120 and QFX5210 running JunosOS 18.4R2-S5, 18.4R2-S6, 18.4R3-S5, 19.3R3 releases, there will be a very small amount of packet loss when a parameter related to an interface such as "interface description" on any port is changed. When the parameter is changed, COS buffer modifications is checked. Even when there is no change in previous and present COS buffer state for port, COS buffer modifications is unnecessarily performed and is calling traffic block and unblock and causing a very small amount of packet loss. This will be fixed in the following releases. Junos OS 18.4R2-S7, 18.4R3-S6, 19.3R3-S1 and all subsequent releases. |
1505239 | The dcpfe/FPC might crash due to the memory leak during the vlan add/delete operation Product-Group=junos |
On all QFX5k and EX4600 series platforms, memory leak might happen during the vlan add/delete operation on the interface. The dcpfe/FPC crashes with a coredump if the device is running out of memory. Traffic loss might be seen during the dcpfe/FPC crash and restart. |
1521324 | The MAC address in the hardware table might become out of synchronization between the primary device and member in the Virtual Chassis after the MAC flaps. Product-Group=junos |
When MAC address moves over the member in Virtual Chassis, the MAC address's learning port in Internal Hardware MAC table may be out of sync between Master and member and this may lead to misforwarding. This will be an extremely rare occurrence. If the issue happens, you can issue "clear ethernet-switching table " command to restore the communication. |
PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
1463092 | When deleting IRB on the layer 3 gateway, IRB does not get removed from PFE and will blackhole traffic to IRB mac address Product-Group=junos |
On QFX5110/5120 platform as the layer 3 gateway, after deleting the configuration of interfaces irb, The IRB might not get removed from PFE and will blackhole traffic to the MAC address of the deleted IRB. |
1486632 | On the QFX 5100-48T-6Q Virtual Chassis or Virtual Chassis fan, the following error message is observed while copying the image to the Virtual Chassis fan member and trying to downgrade the image: rcp for member 14, failed. Product-Group=junos |
On QFX 5100-48T-6Q VC/VCF, RCP error might be seen while upgrading the system using "request system software add no-validate" and system upgrade/ installation could fail. This issue happens if DCPFE cpu utilization is very high. |
1528490 | On the QFX5000 line of switches, the fxpc process might crash if the VXLAN interface flaps. Product-Group=junos |
On QFX5K platforms, if VXLAN enabled interfaces flap excessively in short period of time, PFE might crash. |
PR Number | Synopsis | Category: Accounting Profile |
1509114 | The pfed might crash when running 'show pfe fpc x'. Product-Group=junos |
When the pfed is running on a 64 bit machine, it might crash after issuing the command "show pfe fpc x". |
PR Number | Synopsis | Category: CoS support on ACX |
1493518 | On the ACX5048 and ACX5096 routers, the LACP control packets might be dropped due to high CPU utilization. Product-Group=junos |
On ACX5048/ACX5096 platforms, when one of the child links in AE goes down brings entire AE down due to high CPU.LACP control packets might get dropped as the port is blocked for a temporary period. |
PR Number | Synopsis | Category: Fireall support for ACX |
1513998 | Filter might not be programmed even if there is free TCAM available on ACX5048/5096 Product-Group=junos |
On ACX5048/5096 platforms, if a firewall filter is configured with many terms or many prefix-list/prefixes (e.g. a long loopback filter with more than 512 TCAM entries) , the filter might not be programmed in hardware even if there is free TCAM (Ternary Content Addressable Memory) entries. The filter does not work due to this issue. |
PR Number | Synopsis | Category: JUNOS kernel/ukernel changes for ACX |
1509402 | PFE crash might be seen and the FPC may remain down on ACX710 platform Product-Group=junos |
On ACX710 platform, after the PTP(Precision Time Protocol) configuration is removed and the router is rebooted, the PFE might crash and the FPC remains down if PTP traffic is still coming into the router. This issue might also happen when SyncE is configured. This causes the router to crash and not come up. |
PR Number | Synopsis | Category: ACX GE, 10GE, PoE, IDT framers |
1430009 | The gigether-options command is enabled again under the interface hierarchy. Product-Group=junos |
gigether-options and ether-options both are support on ACX5k PR1430009 initially opened to remove gigether-options, now it has been reverted. Revert has been tracked in the same PR 1430009. Yes, latest fix of PR 1430009 has added back gigether-options |
1523418 | Interface is not coming up with auto-negotiation setting when connecting QFX5100/QFX5110 with 1G/10G interface Product-Group=junosvae |
When QFX5100/5110 is connected to other devices with 1G/10G ports, both sides configuring auto-negotiation and the remote interface might stay down. |
PR Number | Synopsis | Category: BBE interface related issues |
1447493 | bbe-smgd core file on backup Routing Engine in bbe_ifd_add_vlan (ifd=0x8c3e835, ifl=0xcaf59f18) at ../../../../../../src/junos/usr.sbin/bbe-svcs/smd/infra/bbe_ifd.c:6374. Product-Group=junos |
When a logical interface with vlan is deleted from the master Routing Engine (master RE), the backup RE does not process the removal correctly. When a new vlan logical interface is added after the removal, the bbe-smgd process on the backup RE may panic. |
1498024 | Subscribers might be disconnected after one of the aggregated Ethernet participating FPCs comes online in a Junos OS node slicing scenario. Product-Group=junos |
On MX Series platforms with node slicing setup, if subscriber services and targeted distribution feature are enabled on an aggregated Ethernet interface, and the FPC where one of the aggregated Ethernet member port is located comes online, subscribers that are already online might be disconnected. |
PR Number | Synopsis | Category: BBE Layer-2 Bitstream Access |
1551207 | PPPoE subscribers login failure may happen Product-Group=junos |
In Broadband Network Gateway (BNG) scenario where Layer-2 Bitstream Access (L2BSA) and PPPoE subscribers are working on the same interface/VLAN, PPPoE subscribers login may get stuck in a pending state, if the IN-FLIGHT flag of L2BSA is not cleared after its Port-Up packet is rejected by RADIUS, and during this process, another Port-Up for the same access-loop arrives. |
PR Number | Synopsis | Category: BBE multicast related issues |
1536149 | Multicast traffic might be sent out through unexpected interfaces on MX Series platforms with distributed IGMP enabled. Product-Group=junos |
On MX platforms with enabled subscriber services, if distributed IGMP is enabled on subscriber dynamic interfaces and there are static interfaces are configured on the same fpc, and fpc is reloaded or interfaces flapped, then multicast may get enabled on static interface and the multicast traffic may be sent out through unexpected interface. |
PR Number | Synopsis | Category: MIBs related to BBE |
1535754 | Snmp mib walk for jnxSubscriber OIDs returns General error Product-Group=junos |
Snmp mib walk for jnxSubscriber OIDs returns General error |
PR Number | Synopsis | Category: Border Gateway Protocol |
1487486 | The rpd might crash with BGP RPKI enabled in a race condition Product-Group=junos |
On all Junos platforms with BGP PRKI (Resource Public Key Infrastructure) scenario, if NSR is enabled and scale routes and ROAs exist, in a very rare case, the ROA (route origin authorization) might be withdrawn before replicating to the backup RE when ROA changes happen, which results in the rpd crash. |
1517498 | The rpd might crash after deleting and re-adding a BGP neighbor. Product-Group=junos |
In BGP scenario on all Junos platforms, after deleting and re-adding a BGP neighbor, the rpd might crash due to a rare timing issue. |
1523075 | BGP session with VRRP virtual address used might not come up after a flap Product-Group=junos |
When VRRP virtual address is configured and used to set up a BGP session with the remote side, under rare timing conditions, BGP peer establishment may get rejected repetitively. |
1532414 | The L3VPN routes may be added to FIB on route reflector Product-Group=junos |
In L3VPN scenario with in-line RR (Route Reflector) which has an export policy with next-hop self to advertise all transit L3VPN routes to its clients and also uses route-target family, the undesired L3VPN routes may be pushed to FIB (Forwarding Information Base) after enabling/disabling route-target family on the RR or a new BGP peer joins a group with 'next-hop self'. |
1538491 | Configuring 'then next-hop' and 'then reject' on a route policy for the same route might cause rpd crash Product-Group=junos |
On all Junos platforms with BGP enabled, if a policy is setting 'then next-hop' and 'then reject' at the same time for the same prefix, rpd crash might be seen. Like the following: set policy-options policy-statement xxx term 1 from route-filter xxx set policy-options policy-statement xxx term 1 then next-hop ... set policy-options policy-statement xxx term 2 then reject |
PR Number | Synopsis | Category: MPC5/6E pfe microcode software |
1453575 | The FPC might crash due to the memory corruption in JNH pool Product-Group=junos |
On all Trio-based platforms, after the restart of the fabric plane, the FPC might crash due to memory corruption in the JNH pool. |
PR Number | Synopsis | Category: PTX Chassis Manager |
1462987 | On the PTX3000 or PTX5000 routers, PICs might restart if the QSFP optics get overheated. Product-Group=junos |
On PTX3K/5K platform with P3-24-U-QSFP28/P3-15-U-QSFP28/P3-10-U-QSFP28 PIC used, if the temperature of QSFP optics is overheated, the PIC might restart. |
PR Number | Synopsis | Category: Device Configuration Daemon |
1519334 | Buffer overflow vulnerability in device control daemon (CVE-2020-1664). Product-Group=junos |
A stack buffer overflow vulnerability in the device control daemon (DCD) on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service (DoS) against the daemon or execute arbitrary code in the system with root privilege. Please refer to https://kb.juniper.net/JSA11061 for more information. |
1539991 | The logical interface might flap after adding or deleting native VLAN configuration Product-Group=junos |
On EX/QFX platforms, the unrelated logical interface on a physical interface would flap when adding or deleting native VLAN configuration on the physical interface. |
1544257 | Subscribers might logout then login after loopback address is changed Product-Group=junos |
On MX platform, under subscriber environment and unnumbered IP address borrowed from the loopback interface configured on Demux interface and Aggregated Ethernet (AE) interface, subscriber session might flap if IP address of the loopback interface IP is changed. Please refer to workaround provided when this issue hit. |
PR Number | Synopsis | Category: Covers Application classification workflows apart from custo |
1516969 | The flowd srxpfe process might stop when SSL proxy and AppSecure process traffic simultaneously. Product-Group=junos |
On all SRX Platforms, the flowd/srxpfe process might crash when SSL proxy and AppSecure/IDP process traffic simultaneously. |
PR Number | Synopsis | Category: Manageability for Node Virtualization |
1532642 | Delete the jmgmt0 interface's address may fail if using the shortened version of the CLI command Product-Group=junosvae |
In the Junos node slicing scenario, the deletion of the jmgmt0 interface's address might fail if using the shortened version of the CLI command (delete groups server0 interfaces jmgmt0). |
PR Number | Synopsis | Category: JUNOS Dynamic Profile Configuration Infrastructure |
1526934 | Family IPv6 is not coming up for L2TP subscriber when additional attributes are not passed in the Framed-IPv6-Route VSA. Product-Group=junos |
In DHCP/PPP Subscriber scenario with IPv6 dynamic-profile configured, all the additional attributes (route prefix, next-hop, metric, preference, tag) for IPv6 access route must be fully specified in dynamic-profile and passed via RADIUS server, otherwise family inet6 might not come up. |
1555476 | show dynamic-profile session client-id' displays only one v6 framed-route information Product-Group=junos |
show dynamic-profile session client-id' displays only one v4 and v6 framed-route information, while two or more routes could be returned/configured. |
PR Number | Synopsis | Category: Ethernet OAM (LFM) |
1500048 | FPC crash might be observed with inline mode CFM configured. Product-Group=junos |
On the Junos platforms with inline mode CFM (Connectivity Fault Management) configured, if there are several CFM adjacencies flapping, due to the flaw in the CFM module to process the error-adjacencies messages, the FPC may crash alongside with NPC core-dump file generated. All services/traffic configured on the FPC will see outage till FPC recovers from an automatic reboot. |
PR Number | Synopsis | Category: mgd, ddl, odl infra issues |
1458345 | "persist-groups-inheritance" causes the "mustd" process to crash and issues commit failure Product-Group=junos |
"persist-groups-inheritance" configuration option causes the "mustd" process to crash when one performs the "commit" action. |
PR Number | Synopsis | Category: EVPN control plane issues |
1439537 | The rpd process may crash after committing changes in the EVPN environment Product-Group=junos |
On all Junos platforms with EVPN configured, the rpd process may crash after committing any configuration changes if there is an existing MAC entry received from multiple sources and trying to update the latest source. Traffic loss may be observed due to the rpd crash. |
1502984 | The BUM traffic loss may be seen in a rare condition under EVPN-MPLS multihoming scenario Product-Group=junos |
In a rare condition with EVPN-MPLS multihoming configured, the BUM traffic loss may be seen which is caused by packets forwarding with incorrect IM (Inclusive Multicast) and SH (Split Horizon) labels. |
1547275 | VLAN ID information is missed while installing the EVPN route from the BGP Type 2 Route after modifying a routing-instance from instance-type EVPN to instance-type virtual-switch. Product-Group=junos |
VLAN ID information might be missing while installing the EVPN route from the BGP Type 2 Route after modifying a routing-instance from "instance-type evpn" to "instance-type virtual-switch". As a result, the data traffic sent via these EVPN routes doesn't push vlan-id in the inner Ethernet Header. This might result in traffic getting discarded on the remote PE. |
PR Number | Synopsis | Category: EVPN Layer-2 Forwarding |
1520078 | Unable to create a new VTEP interface. Product-Group=junos |
In all platforms with VXLAN Static VTEP tunnels scenario (including Static VXLAN without EVPN), after RE switchover or restart of l2-learning, if create a new VTEP interface, the interface may not work. |
1535515 | All the ARP reply packets towards to some address are flooded across the entire fabric Product-Group=junos |
In the EVPN-VXLAN scenario, if the spine has irb and the leaves don't have irb, and the leaves have multi-home interfaces, the ARP reply packets flooding across the entire fabric might be seen. |
PR Number | Synopsis | Category: Sflow on qfx10k/ptx series PRs for defect & enhancement req |
1521732 | Output interface index in the sFLOW packet is zero when transit traffic is observed on the IRB interface with VRRP enabled. Product-Group=junos |
When VRRP is enabled on IRB interface and SFLOW is enabled on QFX10000 Series platforms, output interface Index in SFLOW packet will be zero for the traffic destined to VRRP MAC address. |
PR Number | Synopsis | Category: Express PFE CoS Features |
1531095 | Packet loss is observed while validating the policer after restarting the chassis control. Product-Group=junos |
On QFX10K platforms, the classification for incoming mpls traffic based on the EXP(experimental) bits might not take into effect, and instead the traffic will get classified based on the default setting, due to which packet loss could be observed. |
PR Number | Synopsis | Category: Express PFE MPLS Features |
1515092 | The routes update might fail upon the HMC memory issue and traffic impact might be seen. Product-Group=junos |
On PTX Series and QFX Series devices, in rare cases, HMC memory error might cause routes update failure and traffic impact on the Packet Forwarding Engine. |
PR Number | Synopsis | Category: Internet Group Management Protocol |
1520059 | Packet loss might be observed while verifying traffic from access to core network for IPv4 or IPv6 interfaces. Product-Group=junos |
On EX2300-48T/EX2300-48P/EX2300-48MP, packet loss may be seen when L3 IPv4/IPv6 interface and route related configurations with IPv4/IPv6 unicast stream are configured. This issue might cause traffic drop. This issue happens if two different NH(Next Hop) IDs are programmed in the Hardware for same route but only one entry is maintained in the software.This issue is specific to 48 port EX2300 platforms and will not occur on other 12/24 ports EX2300, such as EX2300-24T, EX2300-24P, EX2300-24MP. |
PR Number | Synopsis | Category: Kernel software for AE/AS/Container |
1514146 | The 100-Mbps SFP-FX transceiver is not supported on a satellite device in the Junos fusion setup. Product-Group=junos |
On satellite device in Junos Fusion setup, interfaces with 100M SFP-FX might not work properly. |
PR Number | Synopsis | Category: ISIS routing protocol |
1463650 | IS-IS IPv6 multi-topology routes might flap every time when there is an unrelated commit under protocol stanza. Product-Group=junos |
With multi-topology enabled in ISIS globally hierarchy level, if some ISIS interfaces don't have IPv6 address, all ISIS IPv6 routes flap when committing any change under protocol stanza (e.g. 'protocol pim traceoption'). |
1482983 | The output of the "show isis interface detail" command might be incorrect if wide-metrics-only is enabled for IS-IS and the ASCII representation of the metric in decimal is more than 6 characters long Product-Group=junos |
If 'wide-metrics-only' is enabled for any IS-IS level and a metric configured on the IS-IS enabled interface for that level has ASCII representation in decimal more than 6 characters long, this interface's metric for that level will be merged with 'priority' field value in the output of 'show isis interface detail'. |
1526447 | The IS-IS LSP database synchronization issue might be seen while using the flood-group feature. Product-Group=junos |
On all Junos platform, when flood-group is configured on interface under isis, if isis LSPs time out and then come up, the device sends only self-generated LSPs and doesn't increment the LSP updates received from neighbor which flapped. This is causing LSP database out of synchronization issue. |
PR Number | Synopsis | Category: Adresses ALG issues found in JSF |
1475031 | Resolved Issues: 19.4R2 Application Layer Gateways (ALGs) SIP messages that need to be fragmented might be dropped by the SIP ALG. Product-Group=junos |
When SIP ALG is using, after payload changed by ALG, some SIP messages size maybe bigger than outgoing interface's MTU and need to be fragmented, that SIP messages might be dropped by SIP ALG. |
PR Number | Synopsis | Category: JSR Infrastructure |
1479156 | The vSRX instance might restart unexpectedly. Product-Group=junos |
The srxpfe process generates core files when a socket-open error occurs during the initialization phase. Self-healing takes place when the srxpfe reboots and starts processing traffic. |
PR Number | Synopsis | Category: Firewall Policy |
1482200 | Request security policies check output shows policies out of syn command. Product-Group=junos |
This issue affects an SRX system with large security policies (reproduced with 8000 policies). The result of the "request security policies check" cli command may display policies in the "out-of-sync" instead of "in-sync" state. |
1544554 | The flowd/srxpfe process might crash when SRX/NFX device running on Junos OS 18.2R1 or above where the unified policy feature is supported Product-Group=junos |
On SRX Series device running on Junos OS 18.2R1 or above, or NFX Series device running on NextGen Junos OS, the unified policy feature is supported, the flowd/srxpfe might crash. |
PR Number | Synopsis | Category: IPSEC/IKE VPN |
1522017 | The traffic might be dropped when IPSec VPN with NAT-T enabled Product-Group=junos |
On SRX platforms, when IPSec VPN is configured with NAT-T enabled and VPN tunnel is established between two peers, if traffic is received from peer during VPN rekey, the traffic might be dropped in the VPN tunnel. |
PR Number | Synopsis | Category: jsscd daemon |
1511745 | Static subscribers are logged out after creating a unit under demux0 interface. Product-Group=junos |
In MX platforms with static subscriber scenario, the existing static subscribers associated to a demux0 interface might be forced to log out after creating another unit under demux0 interface. |
PR Number | Synopsis | Category: PFE infra to support jvision |
1547698 | SENSOR APP DWORD leak observed during the period of churn for routes bound to Sensor group Product-Group=junos |
SENSOR APP DWORD leak observed during the period of churn for routes bound to Sensor group. Sensor types that are affected are Segment Routing, Segment Routing-TE, LDP and RSVP LSPs. |
PR Number | Synopsis | Category: Layer 2 Circuit issues |
1511783 | The rpd might crash after removing the last interface configured under the l2circuit neighbor Product-Group=junos |
On all Junos platforms, rpd crash may be observed after removing the last interface configured under the l2circuit neighbor which is in fact active. |
PR Number | Synopsis | Category: Layer 2 Control Module |
1463251 | Configure any combination of VLANs and interfaces under VSTP/MSTP may cause VSTP/MSTP related configuration can not be committed Product-Group=junos |
On the EX platform, VSTP/MSTP related configuration might not be committed successfully if configure any combination of VLANs and interfaces under VSTP/MSTP to hit the maximum scale of 5219. |
PR Number | Synopsis | Category: lacp protocol |
1277144 | LACP is not sending IFF_DOWN reason with destroy session request Product-Group=junos |
In current scenario when interface is going down then LACPD is not sending reason for destroy session request i.e IFF_DOWN(interface down). So the LACP session may not be destoried immediately until the LACP session times out. |
1366825 | RG1 failover occurs when RG0 failover is triggered Product-Group=junos |
RG1+ which is configured for interface-monitor, might fail over to the other node if RG0 failover is triggered. |
PR Number | Synopsis | Category: Label Distribution Protocol |
1527197 | LDP routes might be deleted from MPLS routing table after RE switchover Product-Group=junos |
On all Junos platforms with NSR and segment routing for ISIS configured, LDP routes might be deleted on new master RE's MPLS routing table after RE switchover. |
1538124 | The rpd process might crash when the LDP route with indirect next hop is deleted on the aggregated Ethernet interface. Product-Group=junos |
If the Label Distribution Protocol (LDP) route with indirect next-hop exists (e.g. LDP egress-policy is used to advertise BGP route into LDP), the rpd might crash when the LDP route is deleted from the AE interface. |
PR Number | Synopsis | Category: lldp sw on MX platform |
1538482 | DUT did not receive the LLDP packet from phone. Product-Group=junos |
On EX4300 platforms, the LLDP (Link Layer Discovery Protocol) neighborship with the VoIP (Voice over Internet Protocol) phones can't be established when LLDP is configured on the PoE (Power over Ethernet) enabled port on EX4300 and connects to the VoIP Phone. |
PR Number | Synopsis | Category: SW PRs for MPC10E Interfaces |
1491142 | BCM8238X SerDes firmware did not complete tuning may be a false positive alarm. Product-Group=junos |
BCM8238X SerDes firmware did not complete tuning may be a false positive alarm. |
PR Number | Synopsis | Category: Multiprotocol Label Switching |
1517018 | The rpd might crash after upgrading Junos OS Release 18.1 to 18.1 and later releases. Product-Group=junos |
The rpd might continuously crash after upgrading pre Junos OS Release 18.1 to Junos OS Release 18.1 and later while graceful-restart and RSVP/static LSP are configured. This is because there is a change in the data structure written to the restart database file from Junos OS Release 18.1 and later. So, when rpd comes up and tries to read the restart database file written by pre Junos OS Release 18.1 image, the rpd might crash. |
PR Number | Synopsis | Category: Multicast Routing |
1555518 | It might fail in sending multicast traffic to downstream receiver on Trio based VC platforms Product-Group=junos |
On Trio based Virtual Chassis (VC) platform, when there are multicast tunneled packets being received, which come into the Virtual Chassis Ports (VCP) and then pop out of the tunnel, if the VCP ports and the interfaces where multicast packets enter/leave the router are located on the same Packet Forwarding Engine (PFE), it might fail in sending multicast traffic to downstream receiver due to this issue. |
PR Number | Synopsis | Category: Jflow and sflow on MX |
1487876 | Incorrect frame length of 132 bytes might be captured in the packet header. Product-Group=junos |
On all MX/PTX5k/EX platforms with Trio based line cards, if a packet is send with more than 128 bytes it will always show incorrect "Frame length" of 132 bytes in raw packet header of sflow collector captured data. |
PR Number | Synopsis | Category: IDS features available on MS-MPC/MIC |
1527236 | After applying ids-rules to service-set, high session rate is observed even without any DDos traffic Product-Group=junos |
On MX platforms with MS-MIC/MS-PIC, if applying IDS filter and reaching high CPU state, the session rate stay high even without any DDos traffic which may lead to dropping of new session requests. |
PR Number | Synopsis | Category: OS IPv4/ARP/ICMPv4 |
1496429 | Routing Engine crash might be seen when a large number of next hops are quickly deleted and readded in large ARP/ND scale scenario. Product-Group=junos |
On all Junos platforms with large ARP/ND scale scenario, if a large number of nexthops are deleted and re-added very quickly (such as a result of link flap), the memory corruption might occur and eventually cause RE crash. |
PR Number | Synopsis | Category: FreeBSD Kernel Infrastructure |
1518898 | The kernel might crash if a file/directory is accessed for the first time and is not created locally. Product-Group=junos |
On the Junos with Virtual Filesystem (VirtFS), if a file/directory is accessed for the first time and is not created locally, the kernel might crash and generate a vmcore file. Junos might reboot due to this issue. |
1537696 | Errors might be seen when dumping vmcore on EX2300/EX3400 series Product-Group=junos |
On EX2300/EX3400, the vmcore might not be available and the device might hang while trying to generate core files via the rescue kernel. This might be caused by the ARM dumper device supporting only a fixed 512 byte block size, rather than scaling to any block size. This might cause loss of debug ability for the device. |
PR Number | Synopsis | Category: Kernel Stats Infrastructure |
1508442 | SNMP polling might return unexpectedly high value of ifHCOutOctets counter for physical interface when any jnxDom OID is processed at the same time. Product-Group=junos |
When actual transmitted load is configured for interface as: set interfaces interface-transmit-statistics And ifHCOutOctets OID is polling together with any jnxDom OIDs for the same interface with time interval between pollings equal or less then one second, the resulted value of ifHCOutOctets may be unexpectedly high |
1522561 | OID ifOutDiscards reports zero and sometimes shows valid value. Product-Group=junos |
OID ifOutDiscards reports zero and sometimes shows valid value. user@router> show snmp mib get ifOutDiscards.514 | refresh 3 ---(refreshed at 2020-07-10 12:54:07 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:10 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:13 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:16 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:19 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:22 IST)--- ifOutDiscards.514 = 241974 ---(refreshed at 2020-07-10 12:54:25 IST)--- ifOutDiscards.514 = 241974 ---(refreshed at 2020-07-10 12:54:28 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:31 IST)--- ifOutDiscards.514 = 0 |
PR Number | Synopsis | Category: OSPF routing protocol |
1525870 | The OSPFv3 adjacency should not be established when IPsec authentication is enabled. Product-Group=junos |
On EX4300 platforms, the OSPFv3 configured with IPsec authentication after device reboots, the OSPFv3 adjacency should not be established, while do the same configuration before device reboots, the adjacency should be established. |
PR Number | Synopsis | Category: Used for tracking OVSDB software issues and features |
1518807 | The vgd process might generate a core file when the OVSDB server restarts. Product-Group=junos |
On all Junos platforms that support OVSDB (Open vSwitch database), the vgd core might get generated when the OVSDB server is restarted. The vgd daemon restart after the core might cause traffic impact. This issue happens when OVSDB server is disconnected and the device (switch/router) sends some updates events to server. |
PR Number | Synopsis | Category: Express Paradise PFE Sflow |
1525589 | Sampling with the rate limiter command enabled, crosses the sample rate 65535. Product-Group=junos |
'show sflow Interfaces' command displays wrong adaptive-sampling rates for rate limiter configuration. The display usually shows a sampling rate of more than 65535. |
PR Number | Synopsis | Category: Protocol Independant Multicast |
1487636 | The rpd might crash when perform GRES with MSDP configured Product-Group=junos |
On all Junos platforms, when execute Graceful Routing Engine Switchover (GRES) with Multicast Source Discovery Protocol (MSDP) enabled, rpd might crash on new master Routing Engine (RE). The issue could be automatically recovered after rpd successful self-restart. This is a timing and regression issue. |
PR Number | Synopsis | Category: vMX Platform Infrastructure related issue tracking |
1548422 | Traffic with jumbo frame may be discarded on the vMX platforms Product-Group=junos |
On the VMX platforms which are installed on ESXI 6.7 with vmxnet3 driver, traffic with jumbo frame (Packets with MTU more than 1500) may be discarded upon receiving. |
PR Number | Synopsis | Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI |
1462582 | "entPhysicalTable" MIB is not fetching expected data on QFX10002-72Q / 36Q platforms Product-Group=junos |
"entPhysicalTable" MIB is not fetching expected data on QFX10002-72Q / 36Q platforms |
1507044 | The archival function might fail in certain conditions. Product-Group=junos |
If the archival function is enabled with the statement "routing-instance" and transfer mode is set as SFTP/SCP for archive-sites, it may not work and fail to transfer the files. |
PR Number | Synopsis | Category: Interface related issues. Port up/down, stats, CMLC , serdes |
1462748 | On the QFX5100 switches, the interface output counter is double counted for self-generated traffic. Product-Group=junos |
On QFX5100 device, interface output counter is double counted for self-generated traffic |
1538340 | Interfaces are not created after channel-speed 10g is applied across ports 48 to 53 on QFX5100-48T Product-Group=junos |
After channelizing port 48 through 53 and channel speed, the interfaces are down on QFX5100-48T platform. This issue causes interfaces are deleted and traffic might be dropped. |
PR Number | Synopsis | Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous) |
1454527 | On the QFX5000 line of switches, the dcpfe process crashes due to the usage of data that is not null getting terminated. Product-Group=junosvae |
The dcpfe crash is due to usage of data which is not NULL terminated on QFX5K. |
1508611 | The fxpc may crash and restart with a fxpc core file created while installing the image through ZTP. Product-Group=junos |
On QFX5100/EX4600 Series platforms, the fxpc may crash sometimes while installing an image through ZTP. |
1520956 | QFX5100: cprod timeout triggers high CPU (100%) Product-Group=junos |
In QFX5100, you might get into a high CPU (CPU running at 100%) situation when a "cprod" command timed out. |
PR Number | Synopsis | Category: QFX PFE Class of Services |
1430173 | The CoS rewrite rules applied under an aggregated Ethernet interface might not take effect after NSSU. Product-Group=junos |
On QFX 5K platform, Class of Service (CoS) rewrite rules applied under an Aggregated Ethernet (AE) interface might not take effect after Non-Stop Software Upgrade (NSSU). In the end, packets could not enter into correct queues for sending. |
PR Number | Synopsis | Category: DCBX |
1517030 | The dcpfe process might crash due to memory leak. Product-Group=junos |
On all QFX5K/QFX3600/EX4600 series platform, if the 'dcpfe' process continuously detaches and reattaches port. For example, due to interface instability, it might cause memory leak. If all the memory is exhausted then the 'dcpfe' process crashes and linecard reboots. |
PR Number | Synopsis | Category: Filters |
1514710 | In the VXLAN configuration, the firewall filters might not be loaded into the TCAM with the following message due to TCAM overflow after upgrading to Releases 18.1R3-S1, 18.2R1, and later : DFWE ERROR DFW: Cannot program filter. Product-Group=junos |
n QFX5000/EX4600 platforms with VxLAN scenario, firewall filters loading failure might happen due to Ternary Content Addressable Memory(TCAM) overflow, which may cause traffic impact if the Junos version is upgraded to 18.1R3-S1 / 18.2R1 or higher. This is because IPACL VxLAN filter is introduced on that releases to replace regular IPACL for VxLAN VLANs. And after upgrade, IPACL VxLAN filter needs more entries in TACM compared with regular IPACL, which makes TCAM to overflow, and even traffic will be impacted. |
PR Number | Synopsis | Category: QFX L2 PFE |
1504354 | LLDP is not acquired when native-vlan-id and tagged VLAN-ID are the same on a port. Product-Group=junos |
On QFX5000 platforms running with Link Layer Discovery Protocol (LLDP) configured, if the interface has both native-vlan-id and vlan-id configured, and the native-vlan-id and vlan-id have the same value, LLDP neighborship might be unable to setup on that particular interface due to this issue. |
PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
1458206 | Dual Tag Q-in-Q not working with EVPN-VXLAN Product-Group=junos |
In EVPN-VXLAN with retaining S-VLAN Tags and C-VLAN tags scenario, both S-VLAN and C-VLAN tags are treated as the data of a packet when it is transported. when a dual-tagged ARP packet arrives at ingress PE, the device could only recognize either untagged ARP packet or single tag ARP packet, and if it is not, the device will assume that it is not an ARP packet. Since ARP resolution fails, all subsequent communication will not happen. |
1484440 | IRB MAC will not be programmed in hardware when MAC persistence timer expires Product-Group=junos |
On QFX5XXX/EX46XX virtual chassis platforms with GRES, if an IRB interface is configured with members across master and backup REs, and when mac-persistence-timer expires, the new MAC address of the IRB interface might not be programmed in hardware, which might result in failure on protocols and traffic. |
1512712 | Display issue, Virtual Chassis environment, Configured num-65-127-prefix value is shown incorrect for the command O/P "show chassis forwarding-options" Product-Group=junos |
Display issue, In a Virtual Chassis environment, Configured num-65-127-prefix value is shown incorrect for the command O/P "show chassis forwarding-options" for the FPC which is not local (Backup and line card members of the VC) |
1530602 | The dcpfe process core may be seen if L3VPN service is configured with an MPLS enabling AE interface Product-Group=junos |
On QFX5000 platforms with MPLS enabled on the AE interface, the intermittent dcpfe process core might be seen if the L3VPN service is configured. When it happens, traffic loss might be seen during the dcpfe crash and restart. |
PR Number | Synopsis | Category: QFX EVPN / VxLAN |
1516653 | The MAC learning might not work properly after multiple MTU changes on the access port in the VXLAN scenario. Product-Group=junosvae |
On QFX5120 platform running with Virtual Extensible LAN protocol (VxLAN) scenario, if there are multiple iterations of MTU change on the access port which faces Customer Edge (CE) side, for example, 20 iterations under the scale with around 100 VLAN to VXLAN Network Identifier (VNI) mapping, the MAC learning on the access port might not be able to work properly due to this issue. |
PR Number | Synopsis | Category: QFX VC Infrastructure |
1497563 | Virtual Chassis is not stable with 100-Gigabit Ethernet and 40-Gigabit Ethernet interfaces. Product-Group=junos |
In QFX5110 platform with Virtual Chassis (VC) scenario, VC might not get formed and can cause traffic loss if the 100G VCP ports are deleted and created, or changed from 40G to 100G or vice-versa. For the reason is that Forward Error Correction (FEC) should not be enabled when the physical interface is working as a VCP port. |
1548079 | Backup RE clears the reporting alarm for a PEM failure intermittently for a missing power source on a QFX5100 VC Product-Group=junos |
The PEM failure alarm for a missing power source on a QFX5100 VC is incorrectly being toggled on the Backup RE |
PR Number | Synopsis | Category: RPD Next-hop issues including indirect, CNH, and MCNH |
1458595 | The rpd crash might be seen if BGP route is resolved over the same prefix protocol next-hop in inet.3 table that has both RSVP and LDP routes. Product-Group=junos |
In race condition, if a BGP route is resolved over the same prefix protocol next hop in a routing table that has routes of the prefix from different routing protocols, when the routes are flapping (firstly these routes are down and then up), the BGP route will be re-resolved, and then the rpd crash might be seen. |
1534455 | Some routes might get incorrectly programmed in the kernel which is no longer present in rpd Product-Group=junos |
In a scaled routes scenario, if there is any route change operation when the system is under memory pressure, the rpd might change a route entry but the same is not conveyed to the kernel. This causes a mismatch between routes in rpd and kernel leading to traffic blackhole for the mismatched route entries that are incorrectly programmed in the kernel. |
PR Number | Synopsis | Category: RPD policy options |
1523891 | The policy configuration might be mismatched between rpd and mgd when "deactivate policy-options prefix-list" is involved in configuration sequence Product-Group=junos |
If "deactivate policy-options prefix-list" is involved in configuration sequence along with other policy configurations, the mgd process might not notify the rpd process about the policy configuration changes after committing the configuration. This can cause the policy configuration to be out-of-synchronization between policy database used by rpd and configuration database used by mgd. Due to the missing policy entries in policy database, later the rpd might crash when accessing these entries via CLI command like "show policy". |
PR Number | Synopsis | Category: RPD route tables, resolver, routing instances, static routes |
1421566 | Some LDP routes in VRF cannot be resolved over the inet.3 table Product-Group=junos |
Any route that is added to the rib will be resolved over predefined tables, and the resolution tables for a given protocol are fixed. LDP routes added to foo.mpls.0, the resolution table is not initialized due to this NULL access happen to lead to the core. |
1498377 | The route entries might be unstable after being imported into inet6.x RIB through rib-group. Product-Group=junos |
When inet6.x (such as 6.1/6.2/6.3, and so on) is used as a non-primary RIB by rib-group, the import function issue might cause the route entries not to be modified correctly for IPv6 format, it might lead the received routes not to be imported successfully into the inet6.x RIB of the routing protocols. Then the network reachability might be impacted. |
1507638 | On all Junos OS dual-Routing Engine GRES/NSR enabled routers, RPD might crash on a new master Routing Engine if Routing Engine switchover occurs right after a massive routing-instances deletion. Product-Group=junos |
On all Junos platforms, if GRES and NSR are enabled at a dual-RE router and if RE switchover happens (either manually or due to some other reasons) right after deleting a big number of routing instances, then rpd at a new master RE could crash once. Once a new master RPD crashed, it will restart by itself. |
PR Number | Synopsis | Category: Resource Reservation Protocol |
1516657 | RPD scheduler might slip after link flap Product-Group=junos |
On all Junos platforms with RSVP-TE configured, when a transit router carries a large number of LSP's (for example, 60k and higher) and all those LSPs undergo FRR (for example, when link carrying large number of LSP's flap) then, the rpd scheduler might slip and LDP session tear down might be observed after the link flap. |
1524736 | The inter-domain LSP with loose next hop path might get stuck in down state. Product-Group=junos |
In the scenario of inter-domain LSP with loose next-hops path, when expanding the loose hop at the Area Border Router (ABR) / Autonomous System Border Router (ASBR), the LSP might not come up properly if the incoming link of the LSP at the ABR/ASBR is an unnumbered interface. |
PR Number | Synopsis | Category: RPM and TWAMP |
1541808 | The rmopd process memory leak might be seen if TWAMP client is configured Product-Group=junos |
If TWAMP (Two-Way Active Measurement Protocol) client is configured, memory leak in rmopd process may be observed after executing "request services rpm twamp start client" command. |
PR Number | Synopsis | Category: jflow/monitoring services |
1517646 | The srrd process might crash in a high route churns scenario or if the process flaps Product-Group=junos |
On all Junos OS platforms with inline Jflow enabled, the sampled route reflector process (srrd) might crash in a scenario where there are high route churns or flaps in the system. This is a rare timing issue and because of the crash, the Jflow export might report older route information for sometime. |
PR Number | Synopsis | Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP) |
1482400 | The vmcore process crashes sometimes along with the mspmand process on MS-MPC/MS-MIC if large-scale traffic flows are processed Product-Group=junos |
With NAT/Stateful-firewall/TCP tickle (enable by default) configured on MS-MPC/MS-MIC, the vmcore crash sometimes along with mspmand crash might happen if large-scale traffic flows (e.g. million flows) are processed by it. |
1489942 | Prolonged flow control might occur with MS-MPC or MS-MIC. Product-Group=junos |
On MX platforms with MS-MPC/MS-MIC, if there are lots of self-generated packets like TCP-tickle and UDP-logging, there might be data congestion on the data path due to no throttling functionality for such types of packets. When the data path is blocked, prolonged flow-control might happen with the service interfaces being brought down and the PIC reboot. At the same time, the mspmand core file will be generated if dump-on-flow-control is enabled. |
PR Number | Synopsis | Category: MX10003/MX204 Platform SW - Chassisd s/w defects |
1315577 | MX10003 : Despite of having all AC low PEM alarm is raised. Product-Group=junosvae |
An alarm is raised if mixed AC PEMs are present. This occurs because the criteria for checking whether mixed AC is present was changed. |
PR Number | Synopsis | Category: MX10002 Platform SW - Platform s/w defects |
1468642 | MX10003/MX204 - Temperature sensor name for PEMs under show chassis environment pem is incorrect Product-Group=junos |
On MX10003 and MX204 routers, temperature sensor name for PEMs under show chassis environment pem is incorrect |
PR Number | Synopsis | Category: MX10003/MX204 Linux issues (including driver issues) |
1492121 | MX10003 RCB always detect fire temp and shutdown in short time after downgrade. Product-Group=junosvae |
On the MX10003 platform, if we upgrade or downgrade Junos software from a set of original releases to a set of target releases, the system might detect incorrect temperature values and shutdown. The set of the original releases are: Junos 18.2R3, 18.3R3, 18.4R2, 19.1R2, 19.2R1, 19.3R1. The set of the target releases are: Junos pre-18.2R3, pre-18.3R3, pre-18.4R2, pre-19.1R2, pre-19.2R1, and pre-19.3R1 releases |
PR Number | Synopsis | Category: SRX-1RU platfom related protocol, QoS, filtering features et |
1515046 | VRRP does not work on the redundant Ethernet interface with a VLAN ID greater than 1023. Product-Group=junos |
When a redundant Ethernet (reth) interface has vlan-tagging configured and is part of a VRRP group, the SRX/vSRX is unable to allocate the VIP to the reth interface if the vlan-id configured is greater than 1023. As a result, VRRP does not work. |
PR Number | Synopsis | Category: Trio pfe bridging, learning, stp, oam, irb software |
1501014 | Traffic to VRRP virtual IP/MAC might be dropped when ingress queueing is enabled. Product-Group=junos |
On MX platforms with any MPC in enhanced network-service mode, if VRRP is configured on AE interface, after 'set chassis fpc X pic X traffic-manager mode ingress-and-egress' is enabled, traffic sent to virtual IP/MAC might be dropped and the forward traffic will be affected. |
1502867 | Traffic originated from another subnet is sent out with 0x8100 instead of 0x88a8. Product-Group=junos |
On the MX platforms with MPC7/8/9 installed, when an interface configured with vlan-tags outer tpid (tag protocol ID) 0x88a8 on these line cards, traffic originated from another subnet will be sent out with 0x8100. It will cause traffic to get dropped at the remote site. |
1533767 | PPE errors/traps might be observed in L2 flooding scenarios Product-Group=junos |
On Junos platforms with MPC1~4/MPC-3D-16XGE/T4000-FPC5/ EX9200-4QS/EX9200-2C-8XS/EX9200-MPC/EX9200-32XS/ SRX5K-SPC-4-15-320/SRX5K-MPC, when broadcast/multicast packets from access as transit traffic flooding in a bridge-domain (for example: multicast OSPF packets entering EVPN instance, these OSPF packets are being handled as transient packets), all packets except IPv6 NS (Neighbor Solicitation) might be dropped because of traps. |
1533857 | FPC crash might be observed when the ASIC's NH memory exhausted in the EVPN-MPLS scenario Product-Group=junos |
On all MX/EX92xx platforms with EVPN-MPLS configured, NH (Next-Hop) memory leak in Trio ASIC happens whenever there is a route churn for remote MAC-IP entries learned bound to the IRB interface in EVPN-MPLS routing-instance. When the ASIC's NH memory partition exhausted (free% NH memory is close to 20% or below), which will result in the line card to reboot. |
1542211 | Trio-based FPC might crash when the underlying layer 2 interface for ARP over IRB interface is changed from physical interface to LSI interface Product-Group=junos |
This issue applies to a Trio-based FPC using the integrated routing and bridging (IRB) interface with a VPLS instance using the label-switched interface (LSI) to provide VPLS functionality. The FPC may restart unexpectedly. The restart is triggered when the underlying layer-2 interface for ARP over IRB interface changes from the physical interface to the LSI interface. |
PR Number | Synopsis | Category: Trio pfe l3 forwarding issues |
1478279 | FPC memory leak might happen after executing show pfe route. Product-Group=junos |
On all Junos OS platforms, if the command "show pfe route " is executed to dump the Packet Forwarding Engine (PFE) routes, and then the routes get deleted by some events (for example, Virtual Routing and Forwarding (VRF) configuration removal or Border Gateway Protocol (BGP) flap), the FPC memory leak might happen due to this issue. In large scaled scenario, the memory leak will increase by a large amount, which might be easier to cause FPC crash. |
PR Number | Synopsis | Category: Trio pfe mpls- lsps,rsvp,vpns- ccc, tcc software |
1452866 | The traffic might silently get dropped and discarded after the LACP timeout. Product-Group=junos |
In Link Aggregation Control Protocol (LACP) with Unilist next-hop scenario, when Resource Reservation Protocol (RSVP) protection or BGP Prefix-Independent Convergence (PIC)is used, if the LACP interface flapping happens fast enough, which might cause traffic blackhole. Due to a delay which causes the first "link down message" arriving at Packet Forwarding Engine (PFE) after the "link up message" already being received. So that PFE marks both of the primary and backup next-hop as unusable. (This is a timing issue) |
PR Number | Synopsis | Category: Issues related to port-mirroring functionality on JUNOS |
1542500 | Port mirroring with maximum-packet-length configuration does not work over GRE interface Product-Group=junos |
Port mirroring with maximum-packet-length configuration does not work over GRE interface on MX204. While constructing GRE header, the clipping aspect of inner packet was not accounted earlier. If the inner packet is truncated, the outer GRE header packet size must use the new size (clipped size) to calculate the total length of outer header. |
PR Number | Synopsis | Category: Web-Management UI |
1513612 | On the EX2300 and EX3400 devices, installing J-Web application package might fail. Product-Group=junos |
On the EX2300/EX3400 platforms, J-Web application package may fail to be installed with the affected releases. |
PR Number | Synopsis | Category: VMHOST platforms software |
1446205 | The jfirmware upgrade might fail on certain MX platforms with SCBE3 Product-Group=junos |
On certain MX platforms having RE-S-2X00x6 and Enhanced MX-SCB installed, an error might be observed during the installation of jfirmware upgrade package which causes the installation to fail. |
PR Number | Synopsis | Category: Virtual Router Redundancy Protocol |
1526851 | When SRX receives proxy ARP request on VRRP interface, SRX sends ARP reply with underlying interface MAC address Product-Group=junos |
On SRX Series devices with VRRP scenario, the proxy ARP reply uses interface MAC address instead of VRRP MAC address if the VRRP is configured on some IFL and the proxy-arp is configured on same IFL, traffic loss may occur. |
PR Number | Synopsis | Category: SFI Infra-structure |
---|---|---|
1485038 | The following error message is observed continuously in AD with base configurations: IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) failed. Product-Group=junos |
EX 9251 Summit-B54 : "IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) error message is observed continuously in AD with base configurations. |
PR Number | Synopsis | Category: Marvell based EX PFE ACL |
1434927 | The FPC crashes with pfem generating core file might be seen if large-scale number of firewall filters are configured. Product-Group=junos |
On EX Series switches, If you are configuring a large-scale number of firewall filters on some interfaces, the FPC might crash and generate core files. |
PR Number | Synopsis | Category: Marvell based EX PFE L3 |
1557229 | Traffic related to IRB interface might be dropped when mac-persistence-timer expires Product-Group=junos |
On EX3400/EX4400/EX4300MP virtual chassis (VC) platforms, if the IRB interface is configured with members across master and backup VC, the new MAC address of the IRB interface might not be programmed in hardware after mac-persistence-timer expires. This might result in all traffic related to the IRB interface be dropped. |
PR Number | Synopsis | Category: Marvell based EX PFE MISC |
1232403 | HSRPv2 IPV6 packets might get dropped if IGMP-snooping is enabled. Product-Group=junos |
On EX Series switches except EX4300/EX4600/EX9200, an interface is configured for single vlan or multiple vlans, if all these vlans of this interface have igmp-snooping enabled, then this interface will drop HSRPv2 (Hot Standby Router Protocol for IPv6) packets. But if some vlans do not have igmp-snooping enabled, then this interface is working fine. |
PR Number | Synopsis | Category: Cassis XQ related issues |
1464297 | On the MX960 router, the following error message might be observed: SCHED L4NP[0] Parity errors. Product-Group=junos |
This PR along with an earlier PR1232952 address the issue completely, so JUNOS version in question should have fix for these two PRs to address this issue completely. |
PR Number | Synopsis | Category: NFX Series Platform Software |
1462556 | Junos OS: NFX350: Password hashes stored in world-readable format (CVE-2020-1669) Product-Group=junos |
The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. Refer to https://kb.juniper.net/JSA11066 for more information. |
PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
1407175 | On the QFX-5100 Virtual Chassis or Virtual Chassis Fan, the following error is observed in the hardware with the mini-PDT base configurations: BRCM_NH-,brcm_nh_bdvlan_ucast_uninstall(), 128:l3 nh 6594 unintsall failed. Product-Group=junos |
On QFX5100 Virtual Chassis or Virtual Chassis fabric, when the mini-PDT-base configuration is issued, the following error message is seen in the hardware: BRCM_NH-,brcm_nh_bdvlan_ucast_uninstall(), 128:l3 nh 6594 unintsall failed. There is no functionality impact because of this error message. |
PR Number | Synopsis | Category: CoS support on ACX |
1522941 | The show class-of-service interface command does not show classifier information. Product-Group=junos |
This is a display issue. Due to misread in PFE registers, classifier is not shown in "show class-of-service interface" output |
PR Number | Synopsis | Category: JUNOS kernel/ukernel changes for ACX |
1481151 | Memory utilization enhancement is needed. Product-Group=junos |
RPD memory chunk size is optimized for the ACX platform to reduce the memory footprint. |
PR Number | Synopsis | Category: ACX MPLS |
1488614 | Local switching in VPLS in ACX does not carry the inner vlan with input-vlan-map pop and output-vlan-map push operation Product-Group=junos |
In VPLS local switching scenario, the packet can never be double tagged even if we have a push operation in output vlan map. As it is a Product limitation. |
PR Number | Synopsis | Category: ACX PFE |
1231621 | Table Full error messages are seen after ldp routes flaps multiple times Product-Group=junos |
Following error logs will be seen on an scenario on which number of mpls-tunnel is over limit for the platform: - acx_nh_mpls_tunnel_install(),1076:acx_nh_mpls_tunnel_install: BCM TNL InitiatorSet failed for NH #### (Table full) As a consequence of previous error, following logs could be also seen: - fpc0 ACX_NH::acx_nh_l3_tag_hw_install(),#### :acx_nh_l3_tag_hw_install: Tunnel installed failed: NH #### - fpc0 NH: Failed to find nh (3662) for deletion When the error persist for a while we eventually get below: - ACX_NH::acx_nh_mpls_tunnel_uninstall(),1171:acx_nh_mpls_tunnel_uninstall: BCM L3 Egress destroy object failed for (-10:Operation still running) Note: > For ACX5000 series, the max number of MPLS-tunnel supported is 256x4. On scenarios with route flaps new tunnels will be created and we can reach limits during add/deletion, due to that, we recommend to avoid reaching over 1000 tunnels in normal operation. > To check number of tunnels use cli command: request pfe execute command "show pfe-hw mpls-tunnel" target fpc0 |
PR Number | Synopsis | Category: Bi Directional Forwarding Detection (BFD) |
1518106 | The BFD sessions might flap continuously after disruptive switchover followed by GRES Product-Group=junos |
Disruptive switchover (no GRES or NSR configured) can lead to stale PPM entries programmed on the new master Routing Engine. If both GRES and NSR are activated after disruptive switchover and then a GRES switchover is performed, BFD sessions might flap continuously. |
1522261 | BFD with authentication for BGP flaps after GRES or NSR switchover on the NG-RE and SCBE2 setup. Product-Group=junos |
On the devices with NG-RE (Next Generation Routing Engine) and SCBE2 (Enhanced Switch Control Board), when BFD authentication for BGP is enabled, the BFD may flap after the NG-RE switchover. The switchover should be GRES or NSR switchover. After the flap, the device could be self recovery. |
PR Number | Synopsis | Category: BBE Remote Access Server |
1402653 | The subscriber might need to take retry for login Product-Group=junos |
On all Junos platforms running in subscriber scenario with address pool configured, if the address pool has high usage so that only few addresses are free to allocate, when there are subscribers logout and login, the released address by one subscriber might get re-used and allocated to the other subscriber very soon. Due to this issue, syslog error messages might be seen, and the affected subscriber might need to take retry for login. |
PR Number | Synopsis | Category: MPC5/6E pfe microcode software |
1459698 | Silent dropping of traffic upon interface flapping after DRD auto-recovery Product-Group=junos |
An interface stops forwarding traffic when MX software triggers a "DRD reorder timeout recovery" event followed by an interface flap on the same XM-chip. When the logic is triggered, message "cmtfpc_xmchip_drd_reorder_id_timeout_callback" will be reported in the PFE syslog messages. This issue affects XM-chip based MPCs (MPC3E/4E/5E/6E/2E-NG/3E-NG). |
PR Number | Synopsis | Category: MX Platform SW - UI management |
1537194 | The chassisd memory leak may cause traffic loss Product-Group=junos |
On MX/PTX platforms with 18.1 or higher release, chassisd memory leak may be caused by configuration commit. When chassisd consumes ~3.4GB of memory it may crash, chassisd crash may cause GRES or/and FPC restart. If GRES is enabled, commits are being synchronized between REs, so backup RE chassisd may suffer from memory leak too. |
PR Number | Synopsis | Category: Layer 3 forwarding, both v4+v6 |
1380145 | ACX5448- Latency observed for Host generated ICMP traffic Product-Group=junos |
This ping latency behavior is expected for host generated ICMP traffic due to the design of PFE queue polling the packets from ASIC. lab@jtac-acx5448> ping 10.0.0.4 PING 10.0.0.4 (10.0.0.4): 56 data bytes 64 bytes from 10.0.0.4: icmp_seq=0 ttl=63 time=8.994 ms 64 bytes from 10.0.0.4: icmp_seq=1 ttl=63 time=49.370 ms 64 bytes from 10.0.0.4: icmp_seq=2 ttl=63 time=47.348 ms 64 bytes from 10.0.0.4: icmp_seq=3 ttl=63 time=45.411 ms <<< 64 bytes from 10.0.0.4: icmp_seq=4 ttl=63 time=106.449 ms <<< 64 bytes from 10.0.0.4: icmp_seq=5 ttl=63 time=79.697 ms <<< 64 bytes from 10.0.0.4: icmp_seq=6 ttl=63 time=37.489 ms <<< 64 bytes from 10.0.0.4: icmp_seq=7 ttl=63 time=31.436 ms << 64 bytes from 10.0.0.4: icmp_seq=8 ttl=63 time=35.460 ms << 64 bytes from 10.0.0.4: icmp_seq=9 ttl=63 time=77.198 ms << ^C --- 10.0.0.4 ping statistics --- 10 packets transmitted, 10 packets received, 0% packet loss round-trip min/avg/max/stddev = 8.994/51.885/106.449/26.824 ms |
PR Number | Synopsis | Category: DNX VPLS |
1532995 | Memory leak is observed in the Local OutLif in the VPLS and CCC topology. Product-Group=junos |
In a VPLS/CCC topology with core link protection when one of the core link flaps or the remote CE flaps "Local OutLif" leak happens. Local OutLif Total entries: 196608 Used entries: 33335 Lowest entry: 0(0x0) /*Initially when vpls is up */ Local OutLif Total entries: 196608 Used entries: 33303 Lowest entry: 0(0x0) /*When VPLS is down*/ Local OutLif Total entries: 196608 Used entries: 33337 Lowest entry: 0(0x0) /*When VPLS is up again*/ |
PR Number | Synopsis | Category: Express PFE FW Features |
1420560 | On the PTX3000 routers, the firewall counter for lo0 does not increment. Product-Group=junos |
Issue will not be fixed in 19.1 release, will be fixed in subsequent releases. |
PR Number | Synopsis | Category: SRX4100/SRX4200 platform software |
1547053 | On all SRX4100/4200, if PEM0 is removed, the output of jnxOperatingDescr.2 might be incomplete Product-Group=junos |
On all SRX4100/4200, if PEM0 is removed, the output of jnxOperatingDescr.2 might be incomplete |
PR Number | Synopsis | Category: Firewall Policy |
1454907 | Traffic might be dropped when policies are changed in SRX Series devices Product-Group=junos |
If a huge number of policies are configured on SRX Series devices and some policies are changed, the traffic that matches the changed policies might be dropped. |
PR Number | Synopsis | Category: IPSEC/IKE VPN |
1517262 | The flowd might crash in IPsec VPN scenario Product-Group=junos |
On SRX platforms with IPsec VPN configured, the flowd might crash during the IPsec VPN rekey window. The traffic/service might be impacted if hitting this issue. |
PR Number | Synopsis | Category: Multicast for L3VPNs |
1536903 | MVPN: PIM (S,G) join state may stay forever when there are no MC receivers and source is inactive Product-Group=junos |
The problem can be seen in MVPN ASM scenario on a PE which has local MC source and receivers and RP is remote. If all receivers stop joining the group and MC source stops transmitting, corresponding PIM (S,G) state may remain indefinitely despite that. Due to the problem a router will maintain extra PIM state. Service is not impacted. |
1546739 | MVPN multicast route entry may not be properly updated with actual downstream interfaces list Product-Group=junos |
In multicast VPN RPT-SPT mode with both locally and remotely connected receivers, the multicast forwarding entry related to the actual downstream interfaces may not be properly updated. The issue may happen when multicast forwarding entry is created by locally connected PIM receiver, followed by remote receiver and after local receiver decides to prune its membership in that multicast group. |
PR Number | Synopsis | Category: OSPF routing protocol |
1256434 | LDP OSPF are in synchronization state because the IGP interface is down with ldp-synchronization enabled for OSPF. user@host> show ospf interface ae100.0 extensive Interface State Area DR ID BDR ID Nbrs ae100.0 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 1 Type: P2P, Address: 10.0.60.93, Mask: 255.255.255.252, MTU: 9100, Cost: 1050 Adj count: 1 Hello: 10, Dead: 40, ReXmit: 2, Not Stub Auth type: MD5, Active key ID: 1, Start time: 1970 Jan 1 00:00:00 UTC Protection type: None Topology default (ID 0) -> Cost: 1050 LDP syn Product-Group=junos |
LDP OSPF are in synchronization state because the IGP interface is down with ldp-synchronization enabled for OSPF. user@host> show ospf interface ae100.0 extensive Interface State Area DR ID BDR ID Nbrs ae100.0 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 1 Type: P2P, Address: 10.0.60.93, Mask: 255.255.255.252, MTU: 9100, Cost: 1050 Adj count: 1 Hello: 10, Dead: 40, ReXmit: 2, Not Stub Auth type: MD5, Active key ID: 1, Start time: 1970 Jan 1 00:00:00 UTC Protection type: None Topology default (ID 0) -> Cost: 1050 LDP sync state: in sync, for: 00:04:03, reason: IGP interface down config holdtime: infinity. As per the current analysis, the IGP interface goes down because although LDP notified OSPF that LDP synchronization was achieved, OSPF is not able to take note of the LDP synchronization notification, because the OSPF neighbor is not up yet. |
PR Number | Synopsis | Category: MPLS Point-to-Multipoint TE |
1415384 | p2mp sub-LSP down after transit link flap due to wrong computed ERO Product-Group=junos |
In a large scale P2MP LSP sub LSPs for example, if 1 P2MP have 100s of sub LSPs. If there is a path change in transit, the sub LSPs might repeatedly undergo MBB without switching over to a new path. This is due to by default the branch timeout is 30 second and if some branches were not able to recalculate/come up during this timeframe. LSPs resignal caused internal RSVP related tasks run behind in processing further control updates. |
PR Number | Synopsis | Category: PE based L3 software |
1500798 | BFD sessions flap after deactivating or activating the aggregated Ethernet interface or executing GRES. Product-Group=junos |
On QFX10008 platforms, if the BFD is configured over an AE interface (member link across multiple FPCs), deactivating/activating the AE interface or executing GRES will cause the BFD sessions to flap. |
PR Number | Synopsis | Category: PTX Broadway based PFE MPLS-LSPs RSVP VPNs tcc ccc software |
1466659 | IPv6 traffic might be dropped in a Layer 3 VPN network. Product-Group=junos |
On certain PTX and QFX platforms, IPv6 traffic might get affected in the L3VPN scenario between CEs. |
PR Number | Synopsis | Category: Protocol Independant Multicast |
1500125 | Some PIM Join/Prune packets may not be processed for the first attempt in scale scenario under MVPN scenario Product-Group=junos |
On all Junos platforms with scaling MVPN scenario, some PIM Join/Prune messages may not be processed for the first attempt. For instance, a dedicated PIM router receives more than 2500 PIM hello packets from the new neighbors, followed by PIM Join packets for the same multicast group in a very short period of time. |
PR Number | Synopsis | Category: QFX EVPN / VxLAN |
1337275 | The DF of an EVPN instance might flood all the ARP request back to the Ethernet Segment Product-Group=junos |
On QFX-5110 Series platforms with an EVPN deployment, the Designated Forwarder (DF) of an EVPN instance might flood all the ARP request back to the Ethernet Segment if 'forwarding-table chained-composite-next-hop ingress evpn' knob is configured. As a result, it may cause a loop between the leaf switches. |
PR Number | Synopsis | Category: RPD route tables, resolver, routing instances, static routes |
1463112 | RPD memory leak in RT_NEXTHOPS_TEMPLATE Product-Group=junos |
Junos releases having fix of PR1450123 might show RPD memory leak in RT_NEXTHOPS_TEMPLATE |
PR Number | Synopsis | Category: SRX Argon module bugs |
1450904 | The AAMW policy rules for IMAP traffic sometimes might not get applied when traffic passes through SRX Series devices. Product-Group=junos |
AAMW policy rules for IMAP traffic sometimes might not get applied when the IMAP traffic passes through an SRX Series device. |
PR Number | Synopsis | Category: MPC7/8/9 Interface Issues |
1441816 | Egress stream flush failure and traffic black hole might occur. Product-Group=junos |
Egress stream flush failure and silent dropping of traffic could occur in a rare occasion for a repeatedly flapping link on MPC7E, MPC8E, MPC9E cards, MX204 and MX10003. |
PR Number | Synopsis | Category: Trio pfe bridging, learning, stp, oam, irb software |
1542537 | In EVPN-MPLS scenario, BUM traffic is dropped during configuration changes. Product-Group=junos |
In evpn-mpls scenario, BUM(Broadcast, unknown-unicast and multicast) traffic would be dropped due to flood nexthop deletion during configuration changes on any of the PE node. |
PR Number | Synopsis | Category: Trio pfe microcode software |
1463718 | On MX204 platform, Packet Forwarding Engine errors might occur when incoming GRE tunnel fragments (1) get sampled and (2) undergo inline reassembly. Product-Group=junos |
On MX204 platform, Packet Forwarding Engine (PFE) error messages might be seen when sampling, GRE tunnel termination and inline reassembly are all configured. The errors could cause packet buffer memory leak. Eventually, once packet buffer memory is exhausted, traffic will starting getting lost. |
PR Number | Synopsis | Category: Virtual Router Redundancy Protocol |
1558560 | Junos device might send VRRP advertisement packets in VRRP init or idle state before startup-silent-period timer expiry after performing GRES on VRRP master device with NSR disabled Product-Group=junos |
If VRRP master device has dual REs and GRES enabled but NSR disabled, after performing GRES, both REs will move to VRRP init then idle state and the new master RE will send VRRP advertisement packets in this stage before startup-silent-period timer expiry. Since the VRRP backup device can still receive the VRRP advertisement packets with higher priority, it will not transition to VRRP master state and hence cause the longer traffic downtime until the VRRP master device re-take the VRRP mastership after startup-silent-period timer expiry. |
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search