Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

19.1R3-S4: Software Release Notification for JUNOS Software Version 19.1R3-S4

0

0

Article ID: TSB17963 TECHNICAL_BULLETINS Last Updated: 05 Feb 2021Version: 2.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 19.1R3-S4 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

NOTE: This software version has a critical software defect - PR1564539. We do not recommend deploying this software on an MX system with MX-SCBE3

Junos Software service Release version 19.1R3-S4 is now available.

19.1R3-S4 - List of Fixed issues
PR Number Synopsis Category: EX4300 PFE
1531838 The FBF functionality on EX4300-VC may be broken after rebooting the VC or modifying the irb configuration
Product-Group=junos
On EX4300-VC with Filter-Based Forwarding(FBF) configured under irb, if the irb interface has ports across the VC boxes, the FBF functionality may be broken after rebooting the VC or modifying the irb configuration (like adding/deleting ports).
1538401 LLDP neighborship might not come up on EX4300 non-aggregated Ethernet interfaces.
Product-Group=junos
On EX4300 platform, LLDP might not work on non-AE (Aggregated Ethernet) interfaces. However, it works fine for AE interfaces.
1548858 The targeted-broadcast feature may not work after a reboot
Product-Group=junos
On EX4300 Series platforms, the targeted-broadcast feature may not work after a reboot. It can be seen that no target-broadcast packets are received on the targeted-broadcast interface.
PR Number Synopsis Category: EX4300 Platform
1494963 On the EX4300 switches, the NSSU upgrade might fail due to a storage issue in the /var/tmp directory.
Product-Group=junos
On EX4300 switches while upgrading/installing Junos image through NSSU, there might be space crunch on /var/tmp partition resulting in the upgrade failure. This is due to the '.schema-cache' directory consuming the available space on /var/tmp. The minimum required free space under /var/tmp is 490M for successful installation.
PR Number Synopsis Category: Marvell based EX PFE L2
1520351 On the EX4600 and EX4300 Virtual Chassis or Virtual Chassis Fabric, the VSTP configurations device goes unreachable and becomes nonresponsive after commit.
Product-Group=junos
On QFX5100 or EX4600 in mix-VC (Virtual Chassis) scenario when the QFX5100/EX4600 uses "PHY" port as VCP (Virtual Chassis Port) port, the VC system might get hanged and unreachable after committing the VSTP (VLAN Spanning Tree Protocol) configurations.
PR Number Synopsis Category: EX2300/3400 PFE
1472350 CoS 802.1p bits rewrite might not happen in Q-in-Q mode
Product-Group=junos
In EX2300/EX3400 platform with CoS rewrite scenario, if an 802.1p bits (single VLAN) rewrite is used for an SVLAN (outer VLAN) of Q-in-Q, the rewrite will do nothing. Due to the PFE can not parse the firewall rule for given filter match conditions. Therefore, some traffic processing does not work as customer's expectation. Note: EX4300 has no this issue.
1556198 Traffic might be dropped when a firewall filter rule uses 'then vlan' as the action
Product-Group=junos
If a firewall filter is configured with the action 'then vlan' on EX and QFX platforms, some of the traffic that matches the firewall filter might be dropped.
PR Number Synopsis Category: NFX Series Platform Software
1340414 Run command error: the jdmd subsystem is not responding to management requests
Product-Group=junosvae
When running "show virtual-network-functions", encountered the message error: the jdmd subsystem is not responding to management requests
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1486632 On the QFX 5100-48T-6Q Virtual Chassis or Virtual Chassis fan, the following error message is observed while copying the image to the Virtual Chassis fan member and trying to downgrade the image: rcp for member 14, failed.
Product-Group=junos
On QFX 5100-48T-6Q VC/VCF, RCP error might be seen while upgrading the system using "request system software add  no-validate" and system upgrade/ installation could fail. This issue happens if DCPFE cpu utilization is very high.
1558189 [evpn_vxlan] [evpn_instance] QFX5110-32Q :: JDI-RCT: Syslog error seen Err] LBCM-L2,pfe_bcm_l2_sp_bridge_port_tpid_set() Config TPID New/Old (8100:8100) Other-Tpid's ba49, 4aa0, 80f after loading NC t5 evpn vxlan configuration
Product-Group=junos
Handling of debug log related to TPID updates
PR Number Synopsis Category: QFX VC Datapath
1519893 On QFX5120 and QFX5210 platforms unexpected storm control events might happen
Product-Group=junos
On QFX5120 and QFX5210 platforms unexpected storm control events might happen. A new knob on the fixed versions is required to avoid this behavior: set forwarding-options storm-control enhanced
PR Number Synopsis Category: Accounting Profile
1505409 The DHCP subscribers might get stuck in terminated state for around 5 minutes after disabling cascade ports.
Product-Group=junos
On the Junos fusion provider edge with subscriber management configured, the DHCP subscribers might get stuck in terminated state for around 5 minutes after disabling cascade ports. After 5 minutes, the original sessions will be aging timeout automatically and then the subscribers can login again.
PR Number Synopsis Category: JUNOS kernel/ukernel changes for ACX
1509402 On the ACX710 router, the Packet Forwarding Engine might crash and the fpc process might remain down.
Product-Group=junos
On ACX710 platform, after the PTP(Precision Time Protocol) configuration is removed and the router is rebooted, the PFE might crash and the FPC remains down if PTP traffic is still coming into the router. This issue might also happen when SyncE is configured. This causes the router to crash and not come up.
PR Number Synopsis Category: ACX GE, 10GE, PoE, IDT framers
1523418 Interface does not come up with the auto-negotiation setting between the ACX1100 router and the other ACX Series routers, MX Series routers and QFX Series switches as the other end.
Product-Group=junosvae
When QFX5100/5110 is connected to other devices with 1G/10G ports, both sides configuring auto-negotiation and the remote interface might stay down.
PR Number Synopsis Category: "agentd" software daemon
1447665 Streaming telemtry subscription is not working for read-only user
Product-Group=junos
When local user on JunOS router is configured with read-only class as: set system login user test_user class read-only streaming telemetry subscription is not possible. The telemetry client will report an error as: rpc error: code = Unknown desc = Authorization failed subscribe returns, reconnecting after 10s
PR Number Synopsis Category: a20a40 specific issue
1522130 Syslog reporting "PFE_FLOWD_SELFPING_PACKET_LOSS: Traffic impact: Selfping packets loss/err: 300 within 600 second" error messages in node 0 and node1 control panel.
Product-Group=junos
Syslog reporting "PFE_FLOWD_SELFPING_PACKET_LOSS: Traffic impact: Selfping packets loss/err: 300 within 600 second" error messages in node 0 and node 1 control panel.
PR Number Synopsis Category: BBE Autoconfigured DVLAN related issues
1541796 Subscriber might not come up on some dynamic VLAN ranges in a subscriber management environment.
Product-Group=junos
On the MX series platforms, if dynamic VLAN ranges are configured more than 32 on an interface, subscriber may only come up on the first 32 dynamic VLAN ranges of that interface.
PR Number Synopsis Category: BBE Layer-2 Bitstream Access
1551207 The PPPoE subscribers might fail to login.
Product-Group=junos
In Broadband Network Gateway (BNG) scenario where Layer-2 Bitstream Access (L2BSA) and PPPoE subscribers are working on the same interface/VLAN, PPPoE subscribers login may get stuck in a pending state, if the IN-FLIGHT flag of L2BSA is not cleared after its Port-Up packet is rejected by RADIUS, and during this process, another Port-Up for the same access-loop arrives.
PR Number Synopsis Category: BBE multicast related issues
1536149 Multicast traffic might be observed even through unexpected interfaces with distributed IGMP is enabled.
Product-Group=junos
On MX platforms with enabled subscriber services, if distributed IGMP is enabled on subscriber dynamic interfaces and there are static interfaces are configured on the same fpc, and fpc is reloaded or interfaces flapped, then multicast may get enabled on static interface and the multicast traffic may be sent out through unexpected interface.
1548196 Multicast traffic drop might be seen after ISSU.
Product-Group=junos
In Broadband Network Gateway(BNG) scenario, after performing an ISSU, multicast traffic to PPPoE Subscriber might stop. During ISSU, multicast pseudo IFL notifications from bbe-smgd to rpd fail, which is not replayed causing the traffic drop.
PR Number Synopsis Category: MIBs related to BBE
1535754 Snmp mib walk for jnxSubscriber OIDs returns General error
Product-Group=junos
Snmp mib walk for jnxSubscriber OIDs returns General error
PR Number Synopsis Category: Border Gateway Protocol
1487486 The rpd might crash with BGP RPKI enabled in a race condition
Product-Group=junos
On all Junos platforms with BGP PRKI (Resource Public Key Infrastructure) scenario, if NSR is enabled and scale routes and ROAs exist, in a very rare case, the ROA (route origin authorization) might be withdrawn before replicating to the backup RE when ROA changes happen, which results in the rpd crash.
1517498 The rpd might crash after deleting and re-adding a BGP neighbor.
Product-Group=junos
In BGP scenario on all Junos platforms, after deleting and re-adding a BGP neighbor, the rpd might crash due to a rare timing issue.
1523075 The BGP session with VRRP virtual address might not come up after a flap.
Product-Group=junos
When VRRP virtual address is configured and used to set up a BGP session with the remote side, under rare timing conditions, BGP peer establishment may get rejected repetitively.
1532414 Transit labels for Layer 3 VPN routes are pushed momentarily to the MPLS.0 table.
Product-Group=junos
In L3VPN scenario with in-line RR (Route Reflector) which has an export policy with next-hop self to advertise all transit L3VPN routes to its clients and also uses route-target family, the undesired L3VPN routes may be pushed to FIB (Forwarding Information Base) after enabling/disabling route-target family on the RR or a new BGP peer joins a group with 'next-hop self'.
1538491 Configuring then next hop and then reject on a route policy for the same route might cause the rpd process to crash.
Product-Group=junos
On all Junos platforms with BGP enabled, if a policy is setting 'then next-hop' and 'then reject' at the same time for the same prefix, rpd crash might be seen. Like the following: set policy-options policy-statement xxx term 1 from route-filter xxx set policy-options policy-statement xxx term 1 then next-hop ... set policy-options policy-statement xxx term 2 then reject
PR Number Synopsis Category: MPC5/6E pfe microcode software
1478392 MX Series-based MPC linecard might crash when there is bulk route update failure in a corner case.
Product-Group=junos
On all MPCs and certain MICs, if there are events like interface flaps, the routes learned over that interface might get retracted and deleted by the routing protocols. Because of this issue, when bulk route update failure happens, either some next hops are unable to be reached or certain next hops are still reachable incorrectly, and the line card might crash in a corner case. It is a rare timing issue.
PR Number Synopsis Category: MX Platform SW - Power Management
1501108 On MX2020 and MX2010, the "pem_tiny_power_remaining:" message will be continuously logged in chassisd log.
Product-Group=junos
On MX2020/MX2010, the "pem_tiny_power_remaining" message might be continuously logged in chassisd log.
PR Number Synopsis Category: MX Platform SW - UI management
1537194 The chassisd memory leak might cause traffic loss.
Product-Group=junos
On MX/PTX platforms with 18.1 or higher release, chassisd memory leak may be caused by configuration commit. When chassisd consumes ~3.4GB of memory it may crash, chassisd crash may cause GRES or/and FPC restart. If GRES is enabled, commits are being synchronized between REs, so backup RE chassisd may suffer from memory leak too.
PR Number Synopsis Category: QFX Control Plane VXLAN
1538117 evpn/vxlan registers mac-move counters under "system statistics bridge" even though there is no actual mac-move for MH (multi-home) clients
Product-Group=junos
When using EVPN VXLAN, the "mac-move" counter under the "show system statistics bridge" may show a higher event count than the actual MAC moved events
PR Number Synopsis Category: Device Configuration Daemon
1539719 The following error message might occur after commit for configuration under interface hierarchy: should have at least one member link on a different fpc.
Product-Group=junos
This log could occur after commit for configuration under interface hierarchy f we have AE configuration with logical-interface-fpc-redundancy config, even if the AE interface have multiple legs on different FPCs. Sep 11 15:57:22.395 2020 lab-router-mx dcd[41283]: %DAEMON-4: Interface: ae5, should have at least one member link on a different fpc Trigger: 1- AE interfaces with logical-interface-fpc-redundancy are configured 2- Config change under interface hierarchy 3- Commit config
1539991 The logical interface might flap after adding or deleting native VLAN configuration
Product-Group=junos
On EX/QFX platforms, the unrelated logical interface on a physical interface would flap when adding or deleting native VLAN configuration on the physical interface.
1544257 Subscribers might logout then login after loopback address is changed
Product-Group=junos
On MX platform, under subscriber environment and unnumbered IP address borrowed from the loopback interface configured on Demux interface and Aggregated Ethernet (AE) interface, subscriber session might flap if IP address of the loopback interface IP is changed. Please refer to workaround provided when this issue hit.
PR Number Synopsis Category: Ethernet OAM (LFM)
1500048 The fpc process might crash in the inline mode with CFM configured.
Product-Group=junos
On the Junos platforms with inline mode CFM (Connectivity Fault Management) configured, if there are several CFM adjacencies flapping, due to the flaw in the CFM module to process the error-adjacencies messages, the FPC may crash alongside with NPC core-dump file generated. All services/traffic configured on the FPC will see outage till FPC recovers from an automatic reboot.
PR Number Synopsis Category: EVPN control plane issues
1521526 ARP table might not be updated after performing VMotion or a network loop
Product-Group=junos
On all Junos platforms with EVPN configured, the ARP table might not get updated. This issue happens after performing VMotion in a network or having a network loop.
1547275 VLAN ID information is missed while installing the EVPN route from the BGP Type 2 Route after modifying a routing-instance from instance-type EVPN to instance-type virtual-switch.
Product-Group=junos
VLAN ID information might be missing while installing the EVPN route from the BGP Type 2 Route after modifying a routing-instance from "instance-type evpn" to "instance-type virtual-switch". As a result, the data traffic sent via these EVPN routes doesn't push vlan-id in the inner Ethernet Header. This might result in traffic getting discarded on the remote PE.
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1535515 All the ARP reply packets toward some address are flooded across the entire fabric.
Product-Group=junos
In the EVPN-VXLAN scenario, if the spine has irb and the leaves don't have irb, and the leaves have multi-home interfaces, the ARP reply packets flooding across the entire fabric might be seen.
PR Number Synopsis Category: Sflow on qfx10k/ptx series PRs for defect & enhancement req
1521732 Output interface index in the sFLOW packet is zero when transit traffic is observed on the IRB interface with VRRP enabled.
Product-Group=junos
When VRRP is enabled on IRB interface and SFLOW is enabled on QFX10000 Series platforms, output interface Index in SFLOW packet will be zero for the traffic destined to VRRP MAC address.
PR Number Synopsis Category: Express PFE CoS Features
1531095 Packet loss is observed while validating the policer after restarting the chassis control.
Product-Group=junosvae
On QFX10K platforms, the classification for incoming mpls traffic based on the EXP(experimental) bits might not take into effect, and instead the traffic will get classified based on the default setting, due to which packet loss could be observed.
PR Number Synopsis Category: IDP attack detection in the subscriber qmodules
1497340 The IDP attack detection might not work in a specific situation.
Product-Group=junos
If the total number of applications (predefined as well as the custom applications configured) crosses 4096, attack detection might fail.
PR Number Synopsis Category: ISIS routing protocol
1482983 The output of the show isis interface detail command might be incorrect if wide-metrics-only is enabled for IS-IS and the ASCII representation of the metric in decimal is more than 6 characters long.
Product-Group=junos
If 'wide-metrics-only' is enabled for any IS-IS level and a metric configured on the IS-IS enabled interface for that level has ASCII representation in decimal more than 6 characters long, this interface's metric for that level will be merged with 'priority' field value in the output of 'show isis interface detail'.
PR Number Synopsis Category: Flow Module
1528898 A chassis cluster node might stop passing traffic.
Product-Group=junos
On SRX platforms, a node of chassis cluster might stop passing traffic. The traffic forwarding can be restored by a manual failover to Node1.
1541954 The rst-invalidate-session configuration does not work if configured together with no-sequence-check.
Product-Group=junos
On SRX Series platforms, the "rst-invalidate-session" does not work if configured together with no-sequence-check. It might result in a TCP connection unestablished.
PR Number Synopsis Category: JSR Infrastructure
1484872 JFlow/IPFix - tracking pr for fixing crash when sampling is more than 65535
Product-Group=junos
There was a crash when setting the sampling rate more than 65535, this is since fixed. set forwarding-options sampling instance s1 input rate 70000
PR Number Synopsis Category: all logging related bugs on srx platforms
1521794 On SRX Series devices with chassis clusters, high CPU usage might be seen due to the llmd process.
Product-Group=junos
On SRX Series devices with chassis cluster, high CPU usage might be seen due to the llmd process.
PR Number Synopsis Category: Firewall Policy
1544554 The flowd/srxpfe process might crash when SRX/NFX device running on Junos OS 18.2R1 or above where the unified policy feature is supported
Product-Group=junos
On SRX Series device running on Junos OS 18.2R1 or above, or NFX Series device running on NextGen Junos OS, the unified policy feature is supported, the flowd/srxpfe might crash.
1546120 Traffic might be dropped unexpectedly when the url-category match condition is used on a security policy
Product-Group=junos
An issue was discovered within Unified Policies that affected the url-category match condition that can cause it to "over-match" and apply to more traffic than it should. This can result in the SRX dropping traffic that would otherwise be permitted
PR Number Synopsis Category: IPSEC/IKE VPN
1522017 The traffic might be dropped when IPSec VPN with NAT-T enabled
Product-Group=junos
On SRX platforms, when IPSec VPN is configured with NAT-T enabled and VPN tunnel is established between two peers, if traffic is received from peer during VPN rekey, the traffic might be dropped in the VPN tunnel.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1534796 High rate of ARP or NS packets might be observed between a device that runs Junos OS and host when the device that runs Junos OS receives an ARP or NS packet on an interface in transition.
Product-Group=junos
On Junos device in EVPN scenario, if an interface is in transition status and an ARP request is received on the interface from a host, the Junos device may send out re-arp out towards the host, and the host responds to this re-arp and the Junos device sends another re-arp in response to this arp reply from host. This goes forever causing high rate of arp packets until the interface comes up. This issue is also applicable to ND/NS in IPv6 environment.
PR Number Synopsis Category: L2TP service related issues
1527343 L2TP subscribers might fail to establish a session on MX if the CPE is a virtual host
Product-Group=junos
L2TP subsribers might fail to establish sessions with MX device which is configured as L2TP LNS. This happens when the subscriber customer premises equipment host (CPE) is a virtual setup.
PR Number Synopsis Category: lacp protocol
1366825 RG1 failover occurs when RG0 failover is triggered
Product-Group=junos
RG1+ which is configured for interface-monitor, might fail over to the other node if RG0 failover is triggered.
PR Number Synopsis Category: Label Distribution Protocol
1527197 LDP routes might be deleted from MPLS routing table after RE switchover
Product-Group=junos
On all Junos platforms with NSR and segment routing for ISIS configured, LDP routes might be deleted on new master RE's MPLS routing table after RE switchover.
1538124 The rpd process might crash when the LDP route with indirect next hop is deleted on the aggregated Ethernet interface.
Product-Group=junos
If the Label Distribution Protocol (LDP) route with indirect next-hop exists (e.g. LDP egress-policy is used to advertise BGP route into LDP), the rpd might crash when the LDP route is deleted from the AE interface.
PR Number Synopsis Category: Issues related to Junos licensing infrastructure
1519672 During an upgrade, vSRX3.0 would display the following incorrect license warnings when utilizing licensable features even if the license was present on the device: such as warning: requires 'idp-sig' license.
Product-Group=junos
During an upgrade, vSRX3.0 would display incorrect license warnings when utilizing licensable features such as 'warning: requires 'idp-sig' license' even if the license was present on the device
PR Number Synopsis Category: lldp sw on MX platform
1538482 DUT did not receive the LLDP packet from phone.
Product-Group=junos
On EX4300 platforms, the LLDP (Link Layer Discovery Protocol) neighborship with the VoIP (Voice over Internet Protocol) phones can't be established when LLDP is configured on the PoE (Power over Ethernet) enabled port on EX4300 and connects to the VoIP Phone.
PR Number Synopsis Category: Multiprotocol Label Switching
1506062 The rpd process might crash when triggering rpd restart or GRES switchover.
Product-Group=junos
On all Junos platforms with GR (Graceful Restart) and LSP (Label Switched Path) configured, if the /mfs/var/db/tag_restart.db file is corrupted, the rpd process might crash when triggering rpd restart or GRES (Graceful Routing Engine Switchover) switchover. Traffic loss might be seen during the rpd crash and restart.
PR Number Synopsis Category: Fabric Manager for MX
1482124 Fabric healing logic incorrectly makes all MPC line cards go offline in the MX2000 router while the hardware fault is located on one specific MPC line card slot.
Product-Group=junos
In specific MPC hardware failure conditions within the MX2K platform, fabric healing will attempt to auto-heal the fault location in 3 phases to prevent traffic blackholing. If under such fault conditions only destination timeouts are reported without corresponding link errors, the fabric healing process might restart all MPCs in phase-2 in an auto-healing attempt and if the error condition appears again within 10 minutes the last phase-3 might offline all MPCs in the system.
1535787 All SFBs might go offline due to fabric failure and fabric self-ping probes performing the disable-pfe action.
Product-Group=junos
Once yanking out the MPC without prior offline and the chassisd process is not able to process this event on the primary RE due to additional mastership switch, and later the MPC which pulled out the slot is re-inserted back, many Switch Fabric Board (SFB) might be offline due to max_total_cell_usage overflow condition on the xfchip. MX2020 Platform with SFB2 is not exposed to such event, neither if MX2020 has the disable-grant-bypass configured.
PR Number Synopsis Category: MX104 Software - Chassis Daemon
1534281 The interface with the "pic-mode 10GE" configuration may not come up if upgrading to 18.4R3-S4 or later versions
Product-Group=junos
On MX80/104 platforms with MIC-MACSEC-20GE used, if upgrading to 18.4R3-S4 or later versions while configuring the "pic-mode 10GE" on the interface, the interface might not come up.
PR Number Synopsis Category: MX10K platform
1456253 On 4x1GE using QSFP28 optics, continuos logging in chassisd process occurs when speed 1g is configured: pic_get_nports_inst and ch_fru_db_key.
Product-Group=junos
On MX10008 and PTX10008, the continuous logging in the chassisd file might be seen.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1518898 The kernel might crash if a file/directory is accessed for the first time and is not created locally.
Product-Group=junos
On the Junos with Virtual Filesystem (VirtFS), if a file/directory is accessed for the first time and is not created locally, the kernel might crash and generate a vmcore file. Junos might reboot due to this issue.
1525318 Junos OS: telnetd.real Local Privilege Escalation vulnerabilities in SUID binaries (CVE-2021-0223)
Product-Group=junos
A local privilege escalation vulnerability in telnetd.real of Juniper Networks Junos OS may allow a locally authenticated shell user to escalate privileges and execute arbitrary commands as root. Please refer to https://kb.juniper.net/JSA11114 for more information.
1537696 Errors might be seen when dumping vmcore on EX2300/EX3400 series
Product-Group=junos
On EX2300/EX3400, the vmcore might not be available and the device might hang while trying to generate core files via the rescue kernel. This might be caused by the ARM dumper device supporting only a fixed 512 byte block size, rather than scaling to any block size. This might cause loss of debug ability for the device.
PR Number Synopsis Category: "ifstate" infrastructure
1486161 Kernel core might be seen if deleting an ifstate
Product-Group=junos
On all Junos OS platforms, some operations such as configuration change might cause the state information to change and eventually cause the ifstate to be deleted. In a very rare case, deleting an ifstate (kernel state) might cause kernel core and Routing Engine restart. There is no specific trigger. This issue is reported by the configuration change.
PR Number Synopsis Category: JUNOS Network App Infrastructure (for ping, traceroute, etc)
1493824 Traceroute monitor with MTR version v.69 shows a false 10 percent loss.
Product-Group=junos
Traceroute monitor is a wrapper to a popular tool called mtr. The version that is deployed on JunOS has a bug when used to produce a report (aka summary on JunOS). The last packet always shows a loss when there isn't. See here: https://bugs.launchpad.net/ubuntu/+source/mtr/+bug/966065
PR Number Synopsis Category: Kernel Stats Infrastructure
1508442 SNMP polling might return unexpectedly high value of ifHCOutOctets counter for physical interface when any jnxDom OID is processed at the same time.
Product-Group=junos
When actual transmitted load is configured for interface as: set interfaces interface-transmit-statistics And ifHCOutOctets OID is polling together with any jnxDom OIDs for the same interface with time interval between pollings equal or less then one second, the resulted value of ifHCOutOctets may be unexpectedly high
1522561 OID ifOutDiscards reports zero and sometimes shows valid value.
Product-Group=junos
OID ifOutDiscards reports zero and sometimes shows valid value. user@router> show snmp mib get ifOutDiscards.514 | refresh 3 ---(refreshed at 2020-07-10 12:54:07 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:10 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:13 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:16 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:19 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:22 IST)--- ifOutDiscards.514 = 241974 ---(refreshed at 2020-07-10 12:54:25 IST)--- ifOutDiscards.514 = 241974 ---(refreshed at 2020-07-10 12:54:28 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:31 IST)--- ifOutDiscards.514 = 0
PR Number Synopsis Category: OSPF routing protocol
1525870 The OSPFv3 adjacency should not be established when IPsec authentication is enabled.
Product-Group=junos
On EX4300 platforms, the OSPFv3 configured with IPsec authentication after device reboots, the OSPFv3 adjacency should not be established, while do the same configuration before device reboots, the adjacency should be established.
PR Number Synopsis Category: PE based L3 software
1500798 BFD sessions flap after deactivating or activating the aggregated Ethernet interface or executing GRES.
Product-Group=junos
On QFX10008 platforms, if the BFD is configured over an AE interface (member link across multiple FPCs), deactivating/activating the AE interface or executing GRES will cause the BFD sessions to flap.
PR Number Synopsis Category: vMX Data Plane Issues
1544856 The riot forwarding daemon crash might be observed on vMX based platforms configured with IRB interface
Product-Group=junos
On vMX based platforms enabled with IRB interface, the riot forwarding daemon crash might be observed which could lead to traffic loss.
PR Number Synopsis Category: vMX Platform Infrastructure related issue tracking
1548422 Traffic with jumbo frame may be discarded on the vMX platforms
Product-Group=junos
On the VMX platforms which are installed on ESXI 6.7 with vmxnet3 driver, traffic with jumbo frame (Packets with MTU more than 1500) may be discarded upon receiving.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1507044 The archival function might fail in certain conditions.
Product-Group=junos
If the archival function is enabled with the statement "routing-instance" and transfer mode is set as SFTP/SCP for archive-sites, it may not work and fail to transfer the files.
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1515487 The 100-Gigabit Ethernet AOC non-breakout port might be auto-channelized to a different speed.
Product-Group=junos
On QFX5k platform with QFX-5e image, if the 100G port is enabled with auto-channelization (which is by default) and the AOC (Active Optical Cable) non-breakout transceiver is used on it, the 100G port might be detected as breakout and auto-channelized to other speed (e.g. 50G). The interface connection will be impacted.
1538340 Interfaces are not created after channel-speed 10g is applied across ports 48 to 53 on QFX5100-48T
Product-Group=junos
After channelizing port 48 through 53 and channel speed, the interfaces are down on QFX5100-48T platform. This issue causes interfaces are deleted and traffic might be dropped.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1520956 QFX5100: cprod timeout triggers high CPU (100%)
Product-Group=junos
In QFX5100, you might get into a high CPU (CPU running at 100%) situation when a "cprod" command timed out.
PR Number Synopsis Category: QFX L2 PFE
1475005 The system might stop new MAC learning and impact the Layer 2 traffic forwarding
Product-Group=junos
On QFX platforms, if there are a lot of MAC moves, the system might stop new MAC learning and lots of old MAC addresses might be stuck and couldn't be aged and deleted. Due to this issue, could have impact on layer 2 traffic forwarding and the customer service.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1484440 IRB MAC will not be programmed in hardware when MAC persistence timer expires
Product-Group=junos
On QFX5XXX/EX46XX virtual chassis platforms with GRES, if an IRB interface is configured with members across primary and backup REs, and when mac-persistence-timer expires, the new MAC address of the IRB interface might not be programmed in hardware, which might result in failure on protocols and traffic.
1512712 Display issue, Virtual Chassis environment, Configured num-65-127-prefix value is shown incorrect for the command O/P "show chassis forwarding-options"
Product-Group=junos
Display issue, In a Virtual Chassis environment, Configured num-65-127-prefix value is shown incorrect for the command O/P "show chassis forwarding-options" for the FPC which is not local (Backup and line card members of the VC)
PR Number Synopsis Category: QFX EVPN / VxLAN
1510794 On the QFX5000 line of switches, multicast traffic loss is observed due to few multicast routes missing in the spine node.
Product-Group=junos
In an EVPN-VXLAN scenario with scaled snooping configuration(for example, 100 vlan's with snooping enabled), traffic drops might be observed for multicast groups in few vlan's when "clear bgp sessions" is performed on all Spine devices.
PR Number Synopsis Category: QFX VC Infrastructure
1548079 Backup RE clears the reporting alarm for a PEM failure intermittently for a missing power source on a QFX5100 VC
Product-Group=junos
The PEM failure alarm for a missing power source on a QFX5100 VC is incorrectly being toggled on the Backup RE
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1534455 Some routes might get incorrectly programmed in the forwarding table in the kernel which is no longer present in rpd.
Product-Group=junos
In a scaled routes scenario, if there is any route change operation when the system is under memory pressure, the rpd might change a route entry but the same is not conveyed to the kernel. This causes a mismatch between routes in rpd and kernel leading to traffic blackhole for the mismatched route entries that are incorrectly programmed in the kernel.
PR Number Synopsis Category: RPD policy options
1523891 The policy configuration might be mismatched between the rpd and mgd process when deactivate policy-options prefix-list is involved in the configuration sequence.
Product-Group=junos
If "deactivate policy-options prefix-list" is involved in configuration sequence along with other policy configurations, the mgd process might not notify the rpd process about the policy configuration changes after committing the configuration. This can cause the policy configuration to be out-of-synchronization between policy database used by rpd and configuration database used by mgd. Due to the missing policy entries in policy database, later the rpd might crash when accessing these entries via CLI command like "show policy".
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1498377 The route entries might be unstable after being imported into inet6.x RIB through rib-group.
Product-Group=junos
When inet6.x (such as 6.1/6.2/6.3, and so on) is used as a non-primary RIB by rib-group, the import function issue might cause the route entries not to be modified correctly for IPv6 format, it might lead the received routes not to be imported successfully into the inet6.x RIB of the routing protocols. Then the network reachability might be impacted.
PR Number Synopsis Category: Resource Reservation Protocol
1495746 The rpd process generates core file on the backup Routing Engine.
Product-Group=junos
On the backup RE, when previous hop for P2MP LSP is not created, p2mp structures corresponding to this entity are freed. During this removal process, RPD crashes due to some condition failure in one of p2mp structures. This issue only happens on the backup RE and no service impact would be seen.
1516657 The rpd scheduler might slip after the link flaps.
Product-Group=junos
On all Junos platforms with RSVP-TE configured, when a transit router carries a large number of LSP's (for example, 60k and higher) and all those LSPs undergo FRR (for example, when link carrying large number of LSP's flap) then, the rpd scheduler might slip and LDP session tear down might be observed after the link flap.
PR Number Synopsis Category: RPM and TWAMP
1541808 The rmopd process memory leak might be seen if TWAMP client is configured
Product-Group=junos
If TWAMP (Two-Way Active Measurement Protocol) client is configured, memory leak in rmopd process may be observed after executing "request services rpm twamp start client" command.
PR Number Synopsis Category: jflow/monitoring services
1517646 The srrd process might crash in a high route churns scenario or if the process flaps.
Product-Group=junos
On all Junos OS platforms with inline Jflow enabled, the sampled route reflector process (srrd) might crash in a scenario where there are high route churns or flaps in the system. This is a rare timing issue and because of the crash, the Jflow export might report older route information for sometime.
PR Number Synopsis Category: IPSEC functionality on M/MX/T ser
1540538 The mspmand process leaks memory in relation to the MX telemetry reporting the following error message: RLIMIT_DATA exceed.
Product-Group=junos
On MX platforms with MS-MPC/MS-MIC service card installed, the card might run out of memory due to process mspmand memory leak, which may cause traffic interruption if adding and/or deleting of telemetry sensor. This is because these operations will trigger the memory allocation for decoding configuration change messages and will not release the memory at the end of processing.
PR Number Synopsis Category: MX10003/MX204 Linux issues (including driver issues)
1492121 The MX10003 router might shut itself down automatically after the system upgrades or downgrades.
Product-Group=junosvae
On the MX10003 platform, if we upgrade or downgrade Junos software from a set of original releases to a set of target releases, the system might detect incorrect temperature values and shutdown. The set of the original releases are: Junos 18.2R3, 18.3R3, 18.4R2, 19.1R2, 19.2R1, 19.3R1. The set of the target releases are: Junos pre-18.2R3, pre-18.3R3, pre-18.4R2, pre-19.1R2, pre-19.2R1, and pre-19.3R1 releases
PR Number Synopsis Category: MX10003/MX204 SW - UI specific defects
1529028 The speed command cannot be configured under the interface hierarchy on an extended port when the MX204 or MX10003 router works as an aggregation device.
Product-Group=junos
Due to the restriction added via PR 1389918 (fixed in 17.4R3 18.2R2 18.3R2 18.4R1 19.1R1), it is unable to configure the speed knob under interface hierarchy on extended port when MX204 or MX10003 works as aggregation device (AD) in Junos Fusion Provider Edge (JFPE) setup.
PR Number Synopsis Category: sync-e related issues.
1398129 Router advertises the ESMC QL of PRC even though the current clock status is holdover.
Product-Group=junos
Router is advertising the ESMC QL of PRC even though the current clock status is holdover. This behaviour is addressed in this PR and will be applicable to all platforms.
PR Number Synopsis Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1508291 The heap memory utilization might increase after extensive subscribers log in or log out.
Product-Group=junos
On MX platforms with subscriber scenario, if subscribers are hosted over iflset (interface-set), FPC heap memory leak might be observed after extensive subscribers login/logout.
1539474 The accounting interim-updates for subscriber does not work after GRES and subsequent reboot of FPCs in the node-slicing setup.
Product-Group=junos
On MX with MPC5 and newer card installed, if node slicing and subscriber service are enabled, the radius accounting interim updates may not carry actual statistics after performing GRES of base system (BSYS) and subsequent reboot of FPCs.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1502867 Traffic originated from another subnet is sent out with 0x8100 instead of 0x88a8.
Product-Group=junos
On the MX platforms with MPC7/8/9 installed, when an interface configured with vlan-tags outer tpid (tag protocol ID) 0x88a8 on these line cards, traffic originated from another subnet will be sent out with 0x8100. It will cause traffic to get dropped at the remote site.
1533767 PPE errors/traps might be observed in L2 flooding scenarios
Product-Group=junos
On Junos platforms with MPC1~4/MPC-3D-16XGE/T4000-FPC5/ EX9200-4QS/EX9200-2C-8XS/EX9200-MPC/EX9200-32XS/ SRX5K-SPC-4-15-320/SRX5K-MPC, when broadcast/multicast packets from access as transit traffic flooding in a bridge-domain (for example: multicast OSPF packets entering EVPN instance, these OSPF packets are being handled as transient packets), all packets except IPv6 NS (Neighbor Solicitation) might be dropped because of traps.
1533857 The fpc process might crash when the next hop memory of ASIC is exhausted in the EVPN-MPLS scenario.
Product-Group=junos
On all MX/EX92xx platforms with EVPN-MPLS configured, NH (Next-Hop) memory leak in Trio ASIC happens whenever there is a route churn for remote MAC-IP entries learned bound to the IRB interface in EVPN-MPLS routing-instance. When the ASIC's NH memory partition exhausted (free% NH memory is close to 20% or below), which will result in the line card to reboot.
PR Number Synopsis Category: Issues related to port-mirroring functionality on JUNOS
1542500 Port mirroring with maximum-packet-length configuration does not work over the GRE interface.
Product-Group=junos
Port mirroring with maximum-packet-length configuration does not work over GRE interface on MX204. While constructing GRE header, the clipping aspect of inner packet was not accounted earlier. If the inner packet is truncated, the outer GRE header packet size must use the new size (clipped size) to calculate the total length of outer header.
PR Number Synopsis Category: VNID L2-forwarding on Trio
1517591 no-arp-suppression is required for MAC learning across the EVPN domain on the static VTEP.
Product-Group=junos
O On MX Series platform, with Ethernet VPN and Virtual Extensible LANs (EVPN-VXLAN) implemented, the Address Resolution Protocol (ARP) requests received on VXLAN tunnel endpoint (VTEP) might not forward to customer edge (CE) side or proxy ARP role on VTEP might not work properly. This issue might occur when the 'no-arp-suppression' configuration statement is disabled under EVPN instance combined with static VXLAN implementation. Please refer to the workaround provided when this issue hit.
PR Number Synopsis Category: Virtual Router Redundancy Protocol
1526851 When SRX receives proxy ARP request on VRRP interface, SRX sends ARP reply with underlying interface MAC address
Product-Group=junos
On SRX Series devices with VRRP scenario, the proxy ARP reply uses interface MAC address instead of VRRP MAC address if the VRRP is configured on some IFL and the proxy-arp is configured on same IFL, traffic loss may occur.
PR Number Synopsis Category: VSRX platform software
1496937 The clock drift issue might cause control link failure of a vSRX cluster running on the KVM hypervisor.
Product-Group=junos
When the vSRX cluster is deployed on the top of the KVM hypervisor, the host clock drift issue might cause vSRX cluster deployment to be unstable status due to the vSRX doesn't handle the KVM clock well. The issue will cause control link failure between the cluster nodes. Further, if the knob "control-link-recovery" is enabled, the secondary node for the RG0 (redundancy-group 0) will reboot automatically.
1524243 The control link might be broken when there is excessive traffic load on the control link in vSRX cluster deployment.
Product-Group=junosvae
In the vSRX2.0 cluster running on KVM, when there is excessive traffic load on the control link (em0 link), the error message kernel: em0: watchdog timeout on queue 0 might be shown in the syslog. This interruption might cause the cluster control link to fail and dynamic routing protocols not to work properly.
 

19.1R3-S4 - List of Known issues
PR Number Synopsis Category: Marvell based EX PFE ACL
1434927 The FPC crashes with pfem generating core file might be seen if large-scale number of firewall filters are configured.
Product-Group=junos
On EX Series switches, If you are configuring a large-scale number of firewall filters on some interfaces, the FPC might crash and generate core files.
PR Number Synopsis Category: Marvell based EX PFE MISC
1232403 HSRPv2 IPv6 packets might get dropped if IGMP-snooping is enabled.
Product-Group=junos
On EX Series switches except EX4300/EX4600/EX9200, an interface is configured for single vlan or multiple vlans, if all these vlans of this interface have igmp-snooping enabled, then this interface will drop HSRPv2 (Hot Standby Router Protocol for IPv6) packets. But if some vlans do not have igmp-snooping enabled, then this interface is working fine.
PR Number Synopsis Category: EX9200 Platform
1448368 On the EX9214 device, the following error message are observed after reboot and MACsec-enabled link flaps: errorlib_set_error_log(): err_id(-1718026239).
Product-Group=junos
On the EX9214 device, if the MACsec-enabled link flaps after reboot, the error "errorlib_set_error_log(): err_id(-1718026239)" is observed.
PR Number Synopsis Category: Cassis XQ related issues
1464297 On the MX960 router, the following error message might be observed: SCHED L4NP[0] Parity errors.
Product-Group=junos
This PR along with an earlier PR1232952 address the issue completely, so JUNOS version in question should have fix for these two PRs to address this issue completely.
PR Number Synopsis Category: NFX Series Platform Software
1462556 Junos OS: NFX350: Password hashes stored in world-readable format (CVE-2020-1669)
Product-Group=junos
The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. Refer to https://kb.juniper.net/JSA11066 for more information.
1508580 Errors on vjunos0 Regarding TSensor related to PR 1362108
Product-Group=junosvae
False positive TSensor errors are reported on vjunos0
PR Number Synopsis Category: QFX PFE L2
1494072 On the QFX5200 line of switches, the MAC learning rate is degraded by 88 percent.
Product-Group=junos
Juniper's qfx-5k products were originally using vendor's SDK handling mac learning. At some point, Juniper introduced its own DMA software for mac learning, which had improved learning rate by 50% or so. As the rest vendor's SDK software advanced over time, the mix of vendor's and Juniper's software had caused some sever mac learning stability issue. Mac learning may be stuck at some conditions. Decision has been made to re-align all software back to vendor's general SDK uniformly. This has solved the stability issue as tested extensively. At the expense, the mac learning rate is cut by about 50%, back to original rate.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1464567 QFX5120 -- EVPN/VXLAN -- ACL TCAM scaling
Product-Group=junos
On QFX5120 switches with VXLAN configured, user configured ACLs are limited to only one type (iRACL, iVACL or iPACL).
PR Number Synopsis Category: CoS support on ACX
1522941 The show class-of-service interface command does not show classifier information.
Product-Group=junos
This is a display issue. Due to misread in PFE registers, classifier is not shown in "show class-of-service interface" output
PR Number Synopsis Category: JUNOS kernel/ukernel changes for ACX
1481151 Memory utilization enhancement is needed.
Product-Group=junos
RPD memory chunk size is optimized for the ACX platform to reduce the memory footprint.
PR Number Synopsis Category: MX Layer 2 Forwarding Module
1546631 MAC learning issue might happen when EVPN-VXLAN is enabled.
Product-Group=junos
On MX platform, with Ethernet VPN and Virtual Extensible LANs (EVPN-VXLAN) implemented, Address Resolution Protocol (ARP) requests received on VXLAN tunnel endpoint (VTEP) might not forward to customer edge (CE) side or Proxy ARP role on VTEP might not work properly. This issue could happen when knob 'no-arp-suppression' is disabled under EVPN instance combined with static VXLAN implementation. Please refer to workaround provided when this issue hit.
PR Number Synopsis Category: BBE interface related issues
1525036 Problem With static VLAN deletion with active subscribers and the FPC might be stuck at Ready state during restart
Product-Group=junos
In subscriber brought up over static VLAN scenario on MX platforms, during the restart process, some resources are stuck in the FPC and the FPC is never able to reach online state but stuck at Ready state. The fix is to make sure the device control daemon deletes the static VLAN interface only after the dependency table associated with the static VLAN interface are resolved/removed.
PR Number Synopsis Category: BBE Resource monitoring related issues
1559810 JDI_REG_MANAGEABILITY_REGRESSION : [mgd_infra] [all] : mx960 :: mismatch between Yang schema and RPC output
Product-Group=junos
While running YANG based RPC commands for resource-monitor-fpc-information. There is a mismatch and failure to use YANG for this command. These commands are available in all cases (not just Tomcat or XDA), although they are not very relevant in other cases.
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1516556 The remaining BFD sessions of the aggregated Ethernet interface flap continuously if one of the BFD sessions is deleted.
Product-Group=junos
On QFX10000 platforms, if multiple sub-interfaces of the same Aggregated Ethernet (AE) interface belong to different routing instances, and these sub-interfaces are configured with the same IP address and configured with separate Bidirectional Forwarding Detection (BFD) sessions, the remaining BFD sessions will flap continuously if one of these BFD sessions is deleted.
1518106 The BFD sessions might flap continuously after disruptive switchover followed by GRES.
Product-Group=junos
Disruptive switchover (no GRES or NSR configured) can lead to stale PPM entries programmed on the new primary Routing Engine. If both GRES and NSR are activated after disruptive switchover and then a GRES switchover is performed, BFD sessions might flap continuously.
PR Number Synopsis Category: Border Gateway Protocol
1456260 Packet drop and CPU spike on Routing Engine might be seen in certain conditions if labeled-unicast protection is enabled for a CsC-VRF peer.
Product-Group=junos
On all Junos OS platforms under carrier supporting carrier (CsC) scenario, when PE link protection (labeled-unicast protection) is enabled, after one of the redundant links between CsC-CE flap or RSVP-TE LSP re-route from the primary path happens, it might result in slow convergence issue. Packets drop and CPU spike on the Routing Engine might be seen during this period.
PR Number Synopsis Category: BGP Openconfig and Sensor
1505425 The rpd process might crash in case of a network churn when the telemetry streaming is in progress
Product-Group=junos
On all Junos OS platforms with the Juniper Telemetry Interface configured, the rpd might crash when there is telemetry streaming is in progress and meanwhile there is a network churn. This is a timing issue, and the rpd recovers automatically.
PR Number Synopsis Category: BBE Remote Access Server
1402653 The subscriber might need to take retry for login
Product-Group=junos
On all Junos platforms running in subscriber scenario with address pool configured, if the address pool has high usage so that only few addresses are free to allocate, when there are subscribers logout and login, the released address by one subscriber might get re-used and allocated to the other subscriber very soon. Due to this issue, syslog error messages might be seen, and the affected subscriber might need to take retry for login.
PR Number Synopsis Category: Virtual-chassis platform/chassisd infrastructure PRs for MX
1552588 The VCP port is marked as administratively down on the wrong MX-VC member.
Product-Group=junos
On MX/EX/QFX platforms with Virtual Chassis (VC) scenario, some interfaces might be shutdown unexpectedly, which might cause traffic to be interrupted if there is an error generated on an FPC. The reason is that after an ASIC error, the IFD down messages is not sent to the local chassis primary where the error was reported, instead, it will be sent to the primary of the Virtual Chassis, so that another interface with the same Slot/PIC/Port number will be shutdown as well.
PR Number Synopsis Category: DNX VPLS
1532995 Memory leak in Local OutLif in VPLS/CCC topology may be observed.
Product-Group=junos
On ACX5448 platform, in a VPLS/CCC topology with core link protection when one of the core link flaps or the remote CE flaps "Local OutLif" leak might happen. The outlif leak may also cause scaling issue.
PR Number Synopsis Category: Flow Module
1467654 TCP session cannot time out properly upon receiving the TCP RESET packet, and the session timeout does not change to two seconds.
Product-Group=junos
TCP session cannot time out properly upon receiving the TCP RESET packet, and the session timeout does not change to 2 seconds.
PR Number Synopsis Category: Firewall Policy
1454907 Traffic might be dropped when policies are changed in SRX Series devices
Product-Group=junos
If a huge number of policies are configured on SRX Series devices and some policies are changed, the traffic that matches the changed policies might be dropped.
1558382 On SRX5K platforms, the secondary node might get stuck in performing ColdSync after a reboot, upgrade or if ISSU is performed
Product-Group=junos
On SRX5K platforms, the secondary node might get stuck in performing ColdSync after a reboot.
PR Number Synopsis Category: Security platform jweb support
1550755 Jweb: "+" button is not shown at Jweb interface menu
Product-Group=junos
When SRX has both dl0 and pp0 interfaces, no "+" button on interface (Configure > Interfaces > Ports) at Jweb. It prevents users to refer/modify logical interface configuration via Jweb.
PR Number Synopsis Category: PFE infra to support jvision
1547698 SENSOR APP DWORD leak is observed during the period of churn for routes bound to the sensor group.
Product-Group=junos
SENSOR APP DWORD leak observed during the period of churn for routes bound to Sensor group. Sensor types that are affected are Segment Routing, Segment Routing-TE, LDP and RSVP LSPs.
PR Number Synopsis Category: Layer 2 Control Module
1532992 [xstp] [xstptag] :: EX4300:: PDT :: Complete traffic drop seen on configuring MSTP edge port over access and QinQ ports
Product-Group=junos
In a qinq configuration xSTP should not be enabled on interface having ifls with vlan-id-list configured. If xSTP is enabled on such interface, it will only run on ifl whose vlan-id range includes native-vlan-id configured and all other ifls of this interface will in discarding state. So, user should not enable xSTP on these kind of interfaces. Sample configuration which is not allowed: set interfaces ge-0/0/1 flexible-vlan-tagging set interfaces ge-0/0/1 native-vlan-id 3000 set interfaces ge-0/0/1 encapsulation extended-vlan-bridge set interfaces ge-0/0/1 unit 2000 vlan-id-list 1-200 set interfaces ge-0/0/1 unit 2000 input-vlan-map push set interfaces ge-0/0/1 unit 2000 output-vlan-map pop set vlans csvlan1 interface ge-0/0/1.2000 set protocols mstp interface ge-0/0/1
PR Number Synopsis Category: Multicast Routing
1555518 Sending multicast traffic to downstream receiver on Trio based Virtual Chassis platforms might fail.
Product-Group=junos
On Trio based Virtual Chassis (VC) platform, when there are multicast tunneled packets being received, which come into the Virtual Chassis Ports (VCP) and then pop out of the tunnel, if the VCP ports and the interfaces where multicast packets enter/leave the router are located on the same Packet Forwarding Engine (PFE), it might fail in sending multicast traffic to downstream receiver due to this issue.
PR Number Synopsis Category: Multicast for L3VPNs
1536903 The PIM (S,G) join state might stay forever when there are no MC receivers and source is inactive.
Product-Group=junos
The problem can be seen in MVPN ASM scenario on a PE which has local MC source and receivers and RP is remote. If all receivers stop joining the group and MC source stops transmitting, corresponding PIM (S,G) state may remain indefinitely despite that. Due to the problem a router will maintain extra PIM state. Service is not impacted.
1546739 MVPN multicast route entry might not be properly updated with the actual downstream interfaces list.
Product-Group=junos
In multicast VPN RPT-SPT mode with both locally and remotely connected receivers, the multicast forwarding entry related to the actual downstream interfaces may not be properly updated. The issue may happen when multicast forwarding entry is created by locally connected PIM receiver, followed by remote receiver and after local receiver decides to prune its membership in that multicast group.
PR Number Synopsis Category: Jflow and sflow on MX
1550603 The adapted sample rate might be reset to the configured sample rate without changing the sampling rate information in sFlow datagrams after enabling sFlow technology on a new interface
Product-Group=junos
For the platforms supporting single sample rate per line card (i.e. MX Series routers and EX9200 switches), the actual (effective) sample rate of all the interfaces on a single FPC will be set to the sample rate with the lowest value if the configured or adapted sample rate are different among the interfaces enabled sFlow technology on this FPC. So, after the adaptive sampling event happens and the adapted sample rate (It has value great than the configured sample rate) is used for the interfaces on a FPC, if enabling sFlow technology on a new interface on the same FPC, the actual (effective) sample rate for the existing interfaces will be changed to the configured sample rate. However, the "Adapted sample rate" in "show sflow interface" CLI command and the "Sampling rate" in sampling information of the sFlow datagrams still shows the previous adapted sample rate. The inconsistency between flow information and actual sample rate might cause issues on the collector side.
PR Number Synopsis Category: Fabric Manager for MX
1451958 On MX Series, the dropped packets are seen on MQ/XM-based MPCs, although there is no traffic flowing through the system.
Product-Group=junos
After fixing PR 1338647, Error dropped packets are seen on MQ/XM based MPC cards, though there is no traffic flowing through the system.
PR Number Synopsis Category: PE based L3 software
1550632 The Neighbor Solicitation might be dropped from the peer device
Product-Group=junos
The Neighbor Solicitation (NS) might be dropped after the IPv6 binding is flushed from the peer side. The ping to IPv6 peer fails due to the NS message not reach RE. Since ping doesn?t work between the connected interface, any kind of traffic sent towards QFX might also not work. It has a traffic impact.
PR Number Synopsis Category: vMX Data Plane Issues
1534568 [CORE-PR][vZT]: Inconsistent core.python2.7.mpc0 core is seen with stacktrace @ea_wi_precl,@ea_macsec_receive
Product-Group=junos
Inconsistent core.python2.7.mpc0 core is seen with stacktrace @ea_wi_precl,@ea_macsec_receive()
PR Number Synopsis Category: Protocol Independant Multicast
1487636 The rpd might crash when perform GRES with MSDP configured
Product-Group=junos
On all Junos platforms, when execute Graceful Routing Engine Switchover (GRES) with Multicast Source Discovery Protocol (MSDP) enabled, rpd might crash on new primary Routing Engine (RE). The issue could be automatically recovered after rpd successful self-restart. This is a timing and regression issue.
1500125 Some PIM join or prune packets might not be processed in the first attempt in the scale scenario where the PIM routers establish neighborship and immediately join the multicast group.
Product-Group=junos
On all Junos platforms with scaling MVPN scenario, some PIM Join/Prune messages may not be processed for the first attempt. For instance, a dedicated PIM router receives more than 2500 PIM hello packets from the new neighbors, followed by PIM Join packets for the same multicast group in a very short period of time.
PR Number Synopsis Category: PTP related issues.
1420335 Resetting the playback engine log messages are seen on MPC5E.
Product-Group=junos
In some scenarios with PTP hybrid mode, continuous Resetting the Playback Engine log message. Playback engine resides inside MPC FPGA and it is responsible for maintaining the PTP states corresponding.
1477775 Interface flaps with MAC local/remote fault might be seen
Product-Group=junos
On MX with MPC5/6 100G, When PTP clock adjustments which the 100G interface is not able to cope up with are done in MPC5/6, interface flaps with MAC local fault might be seen. Traffic might be dropped when interface flaps.
1561372 JDI-_QFX5110_-REGRESSION-SWITCHING-[ptp] [ptptag] : qfx5110-48s-4c :: ptp lock status stuck at ACQUIRING state where PHASE ALIGNED is expected
Product-Group=junos
In some cases the PTP backup port will stay in acquiring mode indefinitely, because the QFX is starting with EPOCH time Jan 1, 1970, and the time difference to the GM is too large for the servo algorithm. Fix is to start QFX at a time closer to the current NTP time.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1481143 Chassisd cores might happen on backup RE after commit on QFX10Ks due to CHASSISD_MAIN_THREAD_STALLED for 200 seconds
Product-Group=junos
Chassisd cores might happen on the backup RE after commit on QFX10K8/16s due to CHASSISD_MAIN_THREAD_STALLED for 200 seconds.
1520144 SNMP trap of power failure might not be sent out
Product-Group=junosvae
On QFX5K platforms, the SNMP trap of power failure might not be sent out when power cable is removed from PSU, and the output of CLI command 'show chassis environment' would not display the information of the power failure.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1512175 DHCP traffic might not be forwarded correctly when sending DHCP unicast packets
Product-Group=junos
On EX4600/QFX5K platforms, DHCP unicast packets are getting dropped in the device due to DHCP relay filters which are getting installed during the init time without any DHCP configuration.
PR Number Synopsis Category: KRT Queue issues within RPD
1542280 The KRT queue might get stuck after RE switchover
Product-Group=junos
On all Junos platforms with dual Routing Engines (REs), if RE switchover happens while the rpd process on backup RE (new master RE) is reading routes from kernel, some error might happen in a very rare timing condition, and the Kernel Routing Table (KRT) queue might get stuck due to this issue.
PR Number Synopsis Category: IPSEC functionality on M/MX/T ser
1557216 [fips] [fips] EX4300 :: JUNOS:JDI_FT_REGRESSION:PROTOCOLS:SWITCHING:FIPS:Script is failing while committing the IPSEC authentication configuration as it is missing the statement of "algorithm".
Product-Group=junos
DEV needs to provide release note.
PR Number Synopsis Category: MX10003/MX204 Platform SW - Chassisd s/w defects
1426480 SNMP MIB jnxAlarms is not available on MX10003 and MX204 platforms.
Product-Group=junos
These MIBs are handled by craftd process, which does not run on MX10003/MX204 due to HW limitation.
PR Number Synopsis Category: Antivirus UTM issue
1557278 Stream buffer memory leak might happen when UTM(AV/AS/CF) is configured under unified policies
Product-Group=junos
On all Junos platforms that support unified policies (layer 7 application), stream buffer memory leak might happen when Unified Threat Management (UTM) Antivirus Protection (AV)/ Antispam Filtering (AS)/Content Filtering (CF) is configured under unified policies. If the stream buffer memory is exhausted, traffic related to UTM will be affected.
PR Number Synopsis Category: Virtual Router Redundancy Protocol
1558560 Junos device might send VRRP advertisement packets in VRRP init or idle state before startup-silent-period timer expiry after performing GRES on VRRP primary device with NSR disabled
Product-Group=junos
If VRRP primary device has dual Routing Engines (REs) and GRES enabled but nonstop-routing (NSR) disabled, after performing GRES, both REs will move to VRRP init then idle state and the new primary RE will send VRRP advertisement packets in this stage before startup-silent-period timer expiry. Since the VRRP backup device can still receive the VRRP advertisement packets with higher priority, it will not transition to VRRP primary state and hence cause the longer traffic downtime until the VRRP primary device re-take the VRRP mastership after startup-silent-period timer expiry.
 
Modification History:
2021-02-05 - Update to give a warning that this software has a critical defect when deploys on an MX system with MX-SCBE3
First publication 2021-01-21
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search