19.1R3-S4: Software Release Notification for JUNOS Software Version 19.1R3-S4

NOTE: This software version has a critical software defect - PR1564539. We do not recommend deploying this software on an MX system with MX-SCBE3

Junos Software service Release version 19.1R3-S4 is now available.

19.1R3-S4 - List of Fixed issues

PR Number	Synopsis	Category: EX4300 PFE
1531838	The FBF functionality on EX4300-VC may be broken after rebooting the VC or modifying the irb configuration Product-Group=junos	On EX4300-VC with Filter-Based Forwarding(FBF) configured under irb, if the irb interface has ports across the VC boxes, the FBF functionality may be broken after rebooting the VC or modifying the irb configuration (like adding/deleting ports).
1538401	LLDP neighborship might not come up on EX4300 non-aggregated Ethernet interfaces. Product-Group=junos	On EX4300 platform, LLDP might not work on non-AE (Aggregated Ethernet) interfaces. However, it works fine for AE interfaces.
1548858	The targeted-broadcast feature may not work after a reboot Product-Group=junos	On EX4300 Series platforms, the targeted-broadcast feature may not work after a reboot. It can be seen that no target-broadcast packets are received on the targeted-broadcast interface.
PR Number	Synopsis	Category: EX4300 Platform
1494963	On the EX4300 switches, the NSSU upgrade might fail due to a storage issue in the /var/tmp directory. Product-Group=junos	On EX4300 switches while upgrading/installing Junos image through NSSU, there might be space crunch on /var/tmp partition resulting in the upgrade failure. This is due to the '.schema-cache' directory consuming the available space on /var/tmp. The minimum required free space under /var/tmp is 490M for successful installation.
PR Number	Synopsis	Category: Marvell based EX PFE L2
1520351	On the EX4600 and EX4300 Virtual Chassis or Virtual Chassis Fabric, the VSTP configurations device goes unreachable and becomes nonresponsive after commit. Product-Group=junos	On QFX5100 or EX4600 in mix-VC (Virtual Chassis) scenario when the QFX5100/EX4600 uses "PHY" port as VCP (Virtual Chassis Port) port, the VC system might get hanged and unreachable after committing the VSTP (VLAN Spanning Tree Protocol) configurations.
PR Number	Synopsis	Category: EX2300/3400 PFE
1472350	CoS 802.1p bits rewrite might not happen in Q-in-Q mode Product-Group=junos	In EX2300/EX3400 platform with CoS rewrite scenario, if an 802.1p bits (single VLAN) rewrite is used for an SVLAN (outer VLAN) of Q-in-Q, the rewrite will do nothing. Due to the PFE can not parse the firewall rule for given filter match conditions. Therefore, some traffic processing does not work as customer's expectation. Note: EX4300 has no this issue.
1556198	Traffic might be dropped when a firewall filter rule uses 'then vlan' as the action Product-Group=junos	If a firewall filter is configured with the action 'then vlan' on EX and QFX platforms, some of the traffic that matches the firewall filter might be dropped.
PR Number	Synopsis	Category: NFX Series Platform Software
1340414	Run command error: the jdmd subsystem is not responding to management requests Product-Group=junosvae	When running "show virtual-network-functions", encountered the message error: the jdmd subsystem is not responding to management requests
PR Number	Synopsis	Category: QFX L3 data-plane/forwarding
1486632	On the QFX 5100-48T-6Q Virtual Chassis or Virtual Chassis fan, the following error message is observed while copying the image to the Virtual Chassis fan member and trying to downgrade the image: rcp for member 14, failed. Product-Group=junos	On QFX 5100-48T-6Q VC/VCF, RCP error might be seen while upgrading the system using "request system software add no-validate" and system upgrade/ installation could fail. This issue happens if DCPFE cpu utilization is very high.
1558189	[evpn_vxlan] [evpn_instance] QFX5110-32Q :: JDI-RCT: Syslog error seen Err] LBCM-L2,pfe_bcm_l2_sp_bridge_port_tpid_set() Config TPID New/Old (8100:8100) Other-Tpid's ba49, 4aa0, 80f after loading NC t5 evpn vxlan configuration Product-Group=junos	Handling of debug log related to TPID updates
PR Number	Synopsis	Category: QFX VC Datapath
1519893	On QFX5120 and QFX5210 platforms unexpected storm control events might happen Product-Group=junos	On QFX5120 and QFX5210 platforms unexpected storm control events might happen. A new knob on the fixed versions is required to avoid this behavior: set forwarding-options storm-control enhanced
PR Number	Synopsis	Category: Accounting Profile
1505409	The DHCP subscribers might get stuck in terminated state for around 5 minutes after disabling cascade ports. Product-Group=junos	On the Junos fusion provider edge with subscriber management configured, the DHCP subscribers might get stuck in terminated state for around 5 minutes after disabling cascade ports. After 5 minutes, the original sessions will be aging timeout automatically and then the subscribers can login again.
PR Number	Synopsis	Category: JUNOS kernel/ukernel changes for ACX
1509402	On the ACX710 router, the Packet Forwarding Engine might crash and the fpc process might remain down. Product-Group=junos	On ACX710 platform, after the PTP(Precision Time Protocol) configuration is removed and the router is rebooted, the PFE might crash and the FPC remains down if PTP traffic is still coming into the router. This issue might also happen when SyncE is configured. This causes the router to crash and not come up.
PR Number	Synopsis	Category: ACX GE, 10GE, PoE, IDT framers
1523418	Interface does not come up with the auto-negotiation setting between the ACX1100 router and the other ACX Series routers, MX Series routers and QFX Series switches as the other end. Product-Group=junosvae	When QFX5100/5110 is connected to other devices with 1G/10G ports, both sides configuring auto-negotiation and the remote interface might stay down.
PR Number	Synopsis	Category: "agentd" software daemon
1447665	Streaming telemtry subscription is not working for read-only user Product-Group=junos	When local user on JunOS router is configured with read-only class as: set system login user test_user class read-only streaming telemetry subscription is not possible. The telemetry client will report an error as: rpc error: code = Unknown desc = Authorization failed subscribe returns, reconnecting after 10s
PR Number	Synopsis	Category: a20a40 specific issue
1522130	Syslog reporting "PFE_FLOWD_SELFPING_PACKET_LOSS: Traffic impact: Selfping packets loss/err: 300 within 600 second" error messages in node 0 and node1 control panel. Product-Group=junos	Syslog reporting "PFE_FLOWD_SELFPING_PACKET_LOSS: Traffic impact: Selfping packets loss/err: 300 within 600 second" error messages in node 0 and node 1 control panel.
PR Number	Synopsis	Category: BBE Autoconfigured DVLAN related issues
1541796	Subscriber might not come up on some dynamic VLAN ranges in a subscriber management environment. Product-Group=junos	On the MX series platforms, if dynamic VLAN ranges are configured more than 32 on an interface, subscriber may only come up on the first 32 dynamic VLAN ranges of that interface.
PR Number	Synopsis	Category: BBE Layer-2 Bitstream Access
1551207	The PPPoE subscribers might fail to login. Product-Group=junos	In Broadband Network Gateway (BNG) scenario where Layer-2 Bitstream Access (L2BSA) and PPPoE subscribers are working on the same interface/VLAN, PPPoE subscribers login may get stuck in a pending state, if the IN-FLIGHT flag of L2BSA is not cleared after its Port-Up packet is rejected by RADIUS, and during this process, another Port-Up for the same access-loop arrives.
PR Number	Synopsis	Category: BBE multicast related issues
1536149	Multicast traffic might be observed even through unexpected interfaces with distributed IGMP is enabled. Product-Group=junos	On MX platforms with enabled subscriber services, if distributed IGMP is enabled on subscriber dynamic interfaces and there are static interfaces are configured on the same fpc, and fpc is reloaded or interfaces flapped, then multicast may get enabled on static interface and the multicast traffic may be sent out through unexpected interface.
1548196	Multicast traffic drop might be seen after ISSU. Product-Group=junos	In Broadband Network Gateway(BNG) scenario, after performing an ISSU, multicast traffic to PPPoE Subscriber might stop. During ISSU, multicast pseudo IFL notifications from bbe-smgd to rpd fail, which is not replayed causing the traffic drop.
PR Number	Synopsis	Category: MIBs related to BBE
1535754	Snmp mib walk for jnxSubscriber OIDs returns General error Product-Group=junos	Snmp mib walk for jnxSubscriber OIDs returns General error
PR Number	Synopsis	Category: Border Gateway Protocol
1487486	The rpd might crash with BGP RPKI enabled in a race condition Product-Group=junos	On all Junos platforms with BGP PRKI (Resource Public Key Infrastructure) scenario, if NSR is enabled and scale routes and ROAs exist, in a very rare case, the ROA (route origin authorization) might be withdrawn before replicating to the backup RE when ROA changes happen, which results in the rpd crash.
1517498	The rpd might crash after deleting and re-adding a BGP neighbor. Product-Group=junos	In BGP scenario on all Junos platforms, after deleting and re-adding a BGP neighbor, the rpd might crash due to a rare timing issue.
1523075	The BGP session with VRRP virtual address might not come up after a flap. Product-Group=junos	When VRRP virtual address is configured and used to set up a BGP session with the remote side, under rare timing conditions, BGP peer establishment may get rejected repetitively.
1532414	Transit labels for Layer 3 VPN routes are pushed momentarily to the MPLS.0 table. Product-Group=junos	In L3VPN scenario with in-line RR (Route Reflector) which has an export policy with next-hop self to advertise all transit L3VPN routes to its clients and also uses route-target family, the undesired L3VPN routes may be pushed to FIB (Forwarding Information Base) after enabling/disabling route-target family on the RR or a new BGP peer joins a group with 'next-hop self'.
1538491	Configuring then next hop and then reject on a route policy for the same route might cause the rpd process to crash. Product-Group=junos	On all Junos platforms with BGP enabled, if a policy is setting 'then next-hop' and 'then reject' at the same time for the same prefix, rpd crash might be seen. Like the following: set policy-options policy-statement xxx term 1 from route-filter xxx set policy-options policy-statement xxx term 1 then next-hop ... set policy-options policy-statement xxx term 2 then reject
PR Number	Synopsis	Category: MPC5/6E pfe microcode software
1478392	MX Series-based MPC linecard might crash when there is bulk route update failure in a corner case. Product-Group=junos	On all MPCs and certain MICs, if there are events like interface flaps, the routes learned over that interface might get retracted and deleted by the routing protocols. Because of this issue, when bulk route update failure happens, either some next hops are unable to be reached or certain next hops are still reachable incorrectly, and the line card might crash in a corner case. It is a rare timing issue.
PR Number	Synopsis	Category: MX Platform SW - Power Management
1501108	On MX2020 and MX2010, the "pem_tiny_power_remaining:" message will be continuously logged in chassisd log. Product-Group=junos	On MX2020/MX2010, the "pem_tiny_power_remaining" message might be continuously logged in chassisd log.
PR Number	Synopsis	Category: MX Platform SW - UI management
1537194	The chassisd memory leak might cause traffic loss. Product-Group=junos	On MX/PTX platforms with 18.1 or higher release, chassisd memory leak may be caused by configuration commit. When chassisd consumes ~3.4GB of memory it may crash, chassisd crash may cause GRES or/and FPC restart. If GRES is enabled, commits are being synchronized between REs, so backup RE chassisd may suffer from memory leak too.
PR Number	Synopsis	Category: QFX Control Plane VXLAN
1538117	evpn/vxlan registers mac-move counters under "system statistics bridge" even though there is no actual mac-move for MH (multi-home) clients Product-Group=junos	When using EVPN VXLAN, the "mac-move" counter under the "show system statistics bridge" may show a higher event count than the actual MAC moved events
PR Number	Synopsis	Category: Device Configuration Daemon
1539719	The following error message might occur after commit for configuration under interface hierarchy: should have at least one member link on a different fpc. Product-Group=junos	This log could occur after commit for configuration under interface hierarchy f we have AE configuration with logical-interface-fpc-redundancy config, even if the AE interface have multiple legs on different FPCs. Sep 11 15:57:22.395 2020 lab-router-mx dcd[41283]: %DAEMON-4: Interface: ae5, should have at least one member link on a different fpc Trigger: 1- AE interfaces with logical-interface-fpc-redundancy are configured 2- Config change under interface hierarchy 3- Commit config
1539991	The logical interface might flap after adding or deleting native VLAN configuration Product-Group=junos	On EX/QFX platforms, the unrelated logical interface on a physical interface would flap when adding or deleting native VLAN configuration on the physical interface.
1544257	Subscribers might logout then login after loopback address is changed Product-Group=junos	On MX platform, under subscriber environment and unnumbered IP address borrowed from the loopback interface configured on Demux interface and Aggregated Ethernet (AE) interface, subscriber session might flap if IP address of the loopback interface IP is changed. Please refer to workaround provided when this issue hit.
PR Number	Synopsis	Category: Ethernet OAM (LFM)
1500048	The fpc process might crash in the inline mode with CFM configured. Product-Group=junos	On the Junos platforms with inline mode CFM (Connectivity Fault Management) configured, if there are several CFM adjacencies flapping, due to the flaw in the CFM module to process the error-adjacencies messages, the FPC may crash alongside with NPC core-dump file generated. All services/traffic configured on the FPC will see outage till FPC recovers from an automatic reboot.
PR Number	Synopsis	Category: EVPN control plane issues
1521526	ARP table might not be updated after performing VMotion or a network loop Product-Group=junos	On all Junos platforms with EVPN configured, the ARP table might not get updated. This issue happens after performing VMotion in a network or having a network loop.
1547275	VLAN ID information is missed while installing the EVPN route from the BGP Type 2 Route after modifying a routing-instance from instance-type EVPN to instance-type virtual-switch. Product-Group=junos	VLAN ID information might be missing while installing the EVPN route from the BGP Type 2 Route after modifying a routing-instance from "instance-type evpn" to "instance-type virtual-switch". As a result, the data traffic sent via these EVPN routes doesn't push vlan-id in the inner Ethernet Header. This might result in traffic getting discarded on the remote PE.
PR Number	Synopsis	Category: EVPN Layer-2 Forwarding
1535515	All the ARP reply packets toward some address are flooded across the entire fabric. Product-Group=junos	In the EVPN-VXLAN scenario, if the spine has irb and the leaves don't have irb, and the leaves have multi-home interfaces, the ARP reply packets flooding across the entire fabric might be seen.
PR Number	Synopsis	Category: Sflow on qfx10k/ptx series PRs for defect & enhancement req
1521732	Output interface index in the sFLOW packet is zero when transit traffic is observed on the IRB interface with VRRP enabled. Product-Group=junos	When VRRP is enabled on IRB interface and SFLOW is enabled on QFX10000 Series platforms, output interface Index in SFLOW packet will be zero for the traffic destined to VRRP MAC address.
PR Number	Synopsis	Category: Express PFE CoS Features
1531095	Packet loss is observed while validating the policer after restarting the chassis control. Product-Group=junosvae	On QFX10K platforms, the classification for incoming mpls traffic based on the EXP(experimental) bits might not take into effect, and instead the traffic will get classified based on the default setting, due to which packet loss could be observed.
PR Number	Synopsis	Category: IDP attack detection in the subscriber qmodules
1497340	The IDP attack detection might not work in a specific situation. Product-Group=junos	If the total number of applications (predefined as well as the custom applications configured) crosses 4096, attack detection might fail.
PR Number	Synopsis	Category: ISIS routing protocol
1482983	The output of the show isis interface detail command might be incorrect if wide-metrics-only is enabled for IS-IS and the ASCII representation of the metric in decimal is more than 6 characters long. Product-Group=junos	If 'wide-metrics-only' is enabled for any IS-IS level and a metric configured on the IS-IS enabled interface for that level has ASCII representation in decimal more than 6 characters long, this interface's metric for that level will be merged with 'priority' field value in the output of 'show isis interface detail'.
PR Number	Synopsis	Category: Flow Module
1528898	A chassis cluster node might stop passing traffic. Product-Group=junos	On SRX platforms, a node of chassis cluster might stop passing traffic. The traffic forwarding can be restored by a manual failover to Node1.
1541954	The rst-invalidate-session configuration does not work if configured together with no-sequence-check. Product-Group=junos	On SRX Series platforms, the "rst-invalidate-session" does not work if configured together with no-sequence-check. It might result in a TCP connection unestablished.
PR Number	Synopsis	Category: JSR Infrastructure
1484872	JFlow/IPFix - tracking pr for fixing crash when sampling is more than 65535 Product-Group=junos	There was a crash when setting the sampling rate more than 65535, this is since fixed. set forwarding-options sampling instance s1 input rate 70000
PR Number	Synopsis	Category: all logging related bugs on srx platforms
1521794	On SRX Series devices with chassis clusters, high CPU usage might be seen due to the llmd process. Product-Group=junos	On SRX Series devices with chassis cluster, high CPU usage might be seen due to the llmd process.
PR Number	Synopsis	Category: Firewall Policy
1544554	The flowd/srxpfe process might crash when SRX/NFX device running on Junos OS 18.2R1 or above where the unified policy feature is supported Product-Group=junos	On SRX Series device running on Junos OS 18.2R1 or above, or NFX Series device running on NextGen Junos OS, the unified policy feature is supported, the flowd/srxpfe might crash.
1546120	Traffic might be dropped unexpectedly when the url-category match condition is used on a security policy Product-Group=junos	An issue was discovered within Unified Policies that affected the url-category match condition that can cause it to "over-match" and apply to more traffic than it should. This can result in the SRX dropping traffic that would otherwise be permitted
PR Number	Synopsis	Category: IPSEC/IKE VPN
1522017	The traffic might be dropped when IPSec VPN with NAT-T enabled Product-Group=junos	On SRX platforms, when IPSec VPN is configured with NAT-T enabled and VPN tunnel is established between two peers, if traffic is received from peer during VPN rekey, the traffic might be dropped in the VPN tunnel.
PR Number	Synopsis	Category: Layer2 forwarding on EX/NTF/PTX/QFX
1534796	High rate of ARP or NS packets might be observed between a device that runs Junos OS and host when the device that runs Junos OS receives an ARP or NS packet on an interface in transition. Product-Group=junos	On Junos device in EVPN scenario, if an interface is in transition status and an ARP request is received on the interface from a host, the Junos device may send out re-arp out towards the host, and the host responds to this re-arp and the Junos device sends another re-arp in response to this arp reply from host. This goes forever causing high rate of arp packets until the interface comes up. This issue is also applicable to ND/NS in IPv6 environment.
PR Number	Synopsis	Category: L2TP service related issues
1527343	L2TP subscribers might fail to establish a session on MX if the CPE is a virtual host Product-Group=junos	L2TP subsribers might fail to establish sessions with MX device which is configured as L2TP LNS. This happens when the subscriber customer premises equipment host (CPE) is a virtual setup.
PR Number	Synopsis	Category: lacp protocol
1366825	RG1 failover occurs when RG0 failover is triggered Product-Group=junos	RG1+ which is configured for interface-monitor, might fail over to the other node if RG0 failover is triggered.
PR Number	Synopsis	Category: Label Distribution Protocol
1527197	LDP routes might be deleted from MPLS routing table after RE switchover Product-Group=junos	On all Junos platforms with NSR and segment routing for ISIS configured, LDP routes might be deleted on new master RE's MPLS routing table after RE switchover.
1538124	The rpd process might crash when the LDP route with indirect next hop is deleted on the aggregated Ethernet interface. Product-Group=junos	If the Label Distribution Protocol (LDP) route with indirect next-hop exists (e.g. LDP egress-policy is used to advertise BGP route into LDP), the rpd might crash when the LDP route is deleted from the AE interface.
PR Number	Synopsis	Category: Issues related to Junos licensing infrastructure
1519672	During an upgrade, vSRX3.0 would display the following incorrect license warnings when utilizing licensable features even if the license was present on the device: such as warning: requires 'idp-sig' license. Product-Group=junos	During an upgrade, vSRX3.0 would display incorrect license warnings when utilizing licensable features such as 'warning: requires 'idp-sig' license' even if the license was present on the device
PR Number	Synopsis	Category: lldp sw on MX platform
1538482	DUT did not receive the LLDP packet from phone. Product-Group=junos	On EX4300 platforms, the LLDP (Link Layer Discovery Protocol) neighborship with the VoIP (Voice over Internet Protocol) phones can't be established when LLDP is configured on the PoE (Power over Ethernet) enabled port on EX4300 and connects to the VoIP Phone.
PR Number	Synopsis	Category: Multiprotocol Label Switching
1506062	The rpd process might crash when triggering rpd restart or GRES switchover. Product-Group=junos	On all Junos platforms with GR (Graceful Restart) and LSP (Label Switched Path) configured, if the /mfs/var/db/tag_restart.db file is corrupted, the rpd process might crash when triggering rpd restart or GRES (Graceful Routing Engine Switchover) switchover. Traffic loss might be seen during the rpd crash and restart.
PR Number	Synopsis	Category: Fabric Manager for MX
1482124	Fabric healing logic incorrectly makes all MPC line cards go offline in the MX2000 router while the hardware fault is located on one specific MPC line card slot. Product-Group=junos	In specific MPC hardware failure conditions within the MX2K platform, fabric healing will attempt to auto-heal the fault location in 3 phases to prevent traffic blackholing. If under such fault conditions only destination timeouts are reported without corresponding link errors, the fabric healing process might restart all MPCs in phase-2 in an auto-healing attempt and if the error condition appears again within 10 minutes the last phase-3 might offline all MPCs in the system.
1535787	All SFBs might go offline due to fabric failure and fabric self-ping probes performing the disable-pfe action. Product-Group=junos	Once yanking out the MPC without prior offline and the chassisd process is not able to process this event on the master RE due to additional mastership switch, and later the MPC which pulled out the slot is re-inserted back, many Switch Fabric Board (SFB) might be offline due to max_total_cell_usage overflow condition on the xfchip. MX2020 Platform with SFB2 is not exposed to such event, neither if MX2020 has the disable-grant-bypass configured.
PR Number	Synopsis	Category: MX104 Software - Chassis Daemon
1534281	The interface with the "pic-mode 10GE" configuration may not come up if upgrading to 18.4R3-S4 or later versions Product-Group=junos	On MX80/104 platforms with MIC-MACSEC-20GE used, if upgrading to 18.4R3-S4 or later versions while configuring the "pic-mode 10GE" on the interface, the interface might not come up.
PR Number	Synopsis	Category: MX10K platform
1456253	On 4x1GE using QSFP28 optics, continuos logging in chassisd process occurs when speed 1g is configured: pic_get_nports_inst and ch_fru_db_key. Product-Group=junos	On MX10008 and PTX10008, the continuous logging in the chassisd file might be seen.
PR Number	Synopsis	Category: FreeBSD Kernel Infrastructure
1518898	The kernel might crash if a file/directory is accessed for the first time and is not created locally. Product-Group=junos	On the Junos with Virtual Filesystem (VirtFS), if a file/directory is accessed for the first time and is not created locally, the kernel might crash and generate a vmcore file. Junos might reboot due to this issue.
1525318	Junos OS: telnetd.real Local Privilege Escalation vulnerabilities in SUID binaries (CVE-2021-0223) Product-Group=junos	A local privilege escalation vulnerability in telnetd.real of Juniper Networks Junos OS may allow a locally authenticated shell user to escalate privileges and execute arbitrary commands as root. Please refer to https://kb.juniper.net/JSA11114 for more information.
1537696	Errors might be seen when dumping vmcore on EX2300/EX3400 series Product-Group=junos	On EX2300/EX3400, the vmcore might not be available and the device might hang while trying to generate core files via the rescue kernel. This might be caused by the ARM dumper device supporting only a fixed 512 byte block size, rather than scaling to any block size. This might cause loss of debug ability for the device.
PR Number	Synopsis	Category: "ifstate" infrastructure
1486161	Kernel core might be seen if deleting an ifstate Product-Group=junos	On all Junos OS platforms, some operations such as configuration change might cause the state information to change and eventually cause the ifstate to be deleted. In a very rare case, deleting an ifstate (kernel state) might cause kernel core and Routing Engine restart. There is no specific trigger. This issue is reported by the configuration change.
PR Number	Synopsis	Category: JUNOS Network App Infrastructure (for ping, traceroute, etc)
1493824	Traceroute monitor with MTR version v.69 shows a false 10 percent loss. Product-Group=junos	Traceroute monitor is a wrapper to a popular tool called mtr. The version that is deployed on JunOS has a bug when used to produce a report (aka summary on JunOS). The last packet always shows a loss when there isn't. See here: https://bugs.launchpad.net/ubuntu/+source/mtr/+bug/966065
PR Number	Synopsis	Category: Kernel Stats Infrastructure
1508442	SNMP polling might return unexpectedly high value of ifHCOutOctets counter for physical interface when any jnxDom OID is processed at the same time. Product-Group=junos	When actual transmitted load is configured for interface as: set interfaces interface-transmit-statistics And ifHCOutOctets OID is polling together with any jnxDom OIDs for the same interface with time interval between pollings equal or less then one second, the resulted value of ifHCOutOctets may be unexpectedly high
1522561	OID ifOutDiscards reports zero and sometimes shows valid value. Product-Group=junos	OID ifOutDiscards reports zero and sometimes shows valid value. user@router> show snmp mib get ifOutDiscards.514 \| refresh 3 ---(refreshed at 2020-07-10 12:54:07 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:10 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:13 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:16 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:19 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:22 IST)--- ifOutDiscards.514 = 241974 ---(refreshed at 2020-07-10 12:54:25 IST)--- ifOutDiscards.514 = 241974 ---(refreshed at 2020-07-10 12:54:28 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:31 IST)--- ifOutDiscards.514 = 0
PR Number	Synopsis	Category: OSPF routing protocol
1525870	The OSPFv3 adjacency should not be established when IPsec authentication is enabled. Product-Group=junos	On EX4300 platforms, the OSPFv3 configured with IPsec authentication after device reboots, the OSPFv3 adjacency should not be established, while do the same configuration before device reboots, the adjacency should be established.
PR Number	Synopsis	Category: PE based L3 software
1500798	BFD sessions flap after deactivating or activating the aggregated Ethernet interface or executing GRES. Product-Group=junos	On QFX10008 platforms, if the BFD is configured over an AE interface (member link across multiple FPCs), deactivating/activating the AE interface or executing GRES will cause the BFD sessions to flap.
PR Number	Synopsis	Category: vMX Data Plane Issues
1544856	The riot forwarding daemon crash might be observed on vMX based platforms configured with IRB interface Product-Group=junos	On vMX based platforms enabled with IRB interface, the riot forwarding daemon crash might be observed which could lead to traffic loss.
PR Number	Synopsis	Category: vMX Platform Infrastructure related issue tracking
1548422	Traffic with jumbo frame may be discarded on the vMX platforms Product-Group=junos	On the VMX platforms which are installed on ESXI 6.7 with vmxnet3 driver, traffic with jumbo frame (Packets with MTU more than 1500) may be discarded upon receiving.
PR Number	Synopsis	Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1507044	The archival function might fail in certain conditions. Product-Group=junos	If the archival function is enabled with the statement "routing-instance" and transfer mode is set as SFTP/SCP for archive-sites, it may not work and fail to transfer the files.
PR Number	Synopsis	Category: Interface related issues. Port up/down, stats, CMLC , serdes
1515487	The 100-Gigabit Ethernet AOC non-breakout port might be auto-channelized to a different speed. Product-Group=junos	On QFX5k platform with QFX-5e image, if the 100G port is enabled with auto-channelization (which is by default) and the AOC (Active Optical Cable) non-breakout transceiver is used on it, the 100G port might be detected as breakout and auto-channelized to other speed (e.g. 50G). The interface connection will be impacted.
1538340	Interfaces are not created after channel-speed 10g is applied across ports 48 to 53 on QFX5100-48T Product-Group=junos	After channelizing port 48 through 53 and channel speed, the interfaces are down on QFX5100-48T platform. This issue causes interfaces are deleted and traffic might be dropped.
PR Number	Synopsis	Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1520956	QFX5100: cprod timeout triggers high CPU (100%) Product-Group=junos	In QFX5100, you might get into a high CPU (CPU running at 100%) situation when a "cprod" command timed out.
PR Number	Synopsis	Category: QFX L2 PFE
1475005	The system might stop new MAC learning and impact the Layer 2 traffic forwarding Product-Group=junos	On QFX platforms, if there are a lot of MAC moves, the system might stop new MAC learning and lots of old MAC addresses might be stuck and couldn't be aged and deleted. Due to this issue, could have impact on layer 2 traffic forwarding and the customer service.
PR Number	Synopsis	Category: QFX L3 data-plane/forwarding
1484440	IRB MAC will not be programmed in hardware when MAC persistence timer expires Product-Group=junos	On QFX5XXX/EX46XX virtual chassis platforms with GRES, if an IRB interface is configured with members across master and backup REs, and when mac-persistence-timer expires, the new MAC address of the IRB interface might not be programmed in hardware, which might result in failure on protocols and traffic.
1512712	Display issue, Virtual Chassis environment, Configured num-65-127-prefix value is shown incorrect for the command O/P "show chassis forwarding-options" Product-Group=junos	Display issue, In a Virtual Chassis environment, Configured num-65-127-prefix value is shown incorrect for the command O/P "show chassis forwarding-options" for the FPC which is not local (Backup and line card members of the VC)
PR Number	Synopsis	Category: QFX EVPN / VxLAN
1510794	On the QFX5000 line of switches, multicast traffic loss is observed due to few multicast routes missing in the spine node. Product-Group=junos	In an EVPN-VXLAN scenario with scaled snooping configuration(for example, 100 vlan's with snooping enabled), traffic drops might be observed for multicast groups in few vlan's when "clear bgp sessions" is performed on all Spine devices.
PR Number	Synopsis	Category: QFX VC Infrastructure
1548079	Backup RE clears the reporting alarm for a PEM failure intermittently for a missing power source on a QFX5100 VC Product-Group=junos	The PEM failure alarm for a missing power source on a QFX5100 VC is incorrectly being toggled on the Backup RE
PR Number	Synopsis	Category: RPD Next-hop issues including indirect, CNH, and MCNH
1534455	Some routes might get incorrectly programmed in the forwarding table in the kernel which is no longer present in rpd. Product-Group=junos	In a scaled routes scenario, if there is any route change operation when the system is under memory pressure, the rpd might change a route entry but the same is not conveyed to the kernel. This causes a mismatch between routes in rpd and kernel leading to traffic blackhole for the mismatched route entries that are incorrectly programmed in the kernel.
PR Number	Synopsis	Category: RPD policy options
1523891	The policy configuration might be mismatched between the rpd and mgd process when deactivate policy-options prefix-list is involved in the configuration sequence. Product-Group=junos	If "deactivate policy-options prefix-list" is involved in configuration sequence along with other policy configurations, the mgd process might not notify the rpd process about the policy configuration changes after committing the configuration. This can cause the policy configuration to be out-of-synchronization between policy database used by rpd and configuration database used by mgd. Due to the missing policy entries in policy database, later the rpd might crash when accessing these entries via CLI command like "show policy".
PR Number	Synopsis	Category: RPD route tables, resolver, routing instances, static routes
1498377	The route entries might be unstable after being imported into inet6.x RIB through rib-group. Product-Group=junos	When inet6.x (such as 6.1/6.2/6.3, and so on) is used as a non-primary RIB by rib-group, the import function issue might cause the route entries not to be modified correctly for IPv6 format, it might lead the received routes not to be imported successfully into the inet6.x RIB of the routing protocols. Then the network reachability might be impacted.
PR Number	Synopsis	Category: Resource Reservation Protocol
1495746	The rpd process generates core file on the backup Routing Engine. Product-Group=junos	On the backup RE, when previous hop for P2MP LSP is not created, p2mp structures corresponding to this entity are freed. During this removal process, RPD crashes due to some condition failure in one of p2mp structures. This issue only happens on the backup RE and no service impact would be seen.
1516657	The rpd scheduler might slip after the link flaps. Product-Group=junos	On all Junos platforms with RSVP-TE configured, when a transit router carries a large number of LSP's (for example, 60k and higher) and all those LSPs undergo FRR (for example, when link carrying large number of LSP's flap) then, the rpd scheduler might slip and LDP session tear down might be observed after the link flap.
PR Number	Synopsis	Category: RPM and TWAMP
1541808	The rmopd process memory leak might be seen if TWAMP client is configured Product-Group=junos	If TWAMP (Two-Way Active Measurement Protocol) client is configured, memory leak in rmopd process may be observed after executing "request services rpm twamp start client" command.
PR Number	Synopsis	Category: jflow/monitoring services
1517646	The srrd process might crash in a high route churns scenario or if the process flaps. Product-Group=junos	On all Junos OS platforms with inline Jflow enabled, the sampled route reflector process (srrd) might crash in a scenario where there are high route churns or flaps in the system. This is a rare timing issue and because of the crash, the Jflow export might report older route information for sometime.
PR Number	Synopsis	Category: IPSEC functionality on M/MX/T ser
1540538	The mspmand process leaks memory in relation to the MX telemetry reporting the following error message: RLIMIT_DATA exceed. Product-Group=junos	On MX platforms with MS-MPC/MS-MIC service card installed, the card might run out of memory due to process mspmand memory leak, which may cause traffic interruption if adding and/or deleting of telemetry sensor. This is because these operations will trigger the memory allocation for decoding configuration change messages and will not release the memory at the end of processing.
PR Number	Synopsis	Category: MX10003/MX204 Linux issues (including driver issues)
1492121	The MX10003 router might shut itself down automatically after the system upgrades or downgrades. Product-Group=junosvae	On the MX10003 platform, if we upgrade or downgrade Junos software from a set of original releases to a set of target releases, the system might detect incorrect temperature values and shutdown. The set of the original releases are: Junos 18.2R3, 18.3R3, 18.4R2, 19.1R2, 19.2R1, 19.3R1. The set of the target releases are: Junos pre-18.2R3, pre-18.3R3, pre-18.4R2, pre-19.1R2, pre-19.2R1, and pre-19.3R1 releases
PR Number	Synopsis	Category: MX10003/MX204 SW - UI specific defects
1529028	The speed command cannot be configured under the interface hierarchy on an extended port when the MX204 or MX10003 router works as an aggregation device. Product-Group=junos	Due to the restriction added via PR 1389918 (fixed in 17.4R3 18.2R2 18.3R2 18.4R1 19.1R1), it is unable to configure the speed knob under interface hierarchy on extended port when MX204 or MX10003 works as aggregation device (AD) in Junos Fusion Provider Edge (JFPE) setup.
PR Number	Synopsis	Category: sync-e related issues.
1398129	Router advertises the ESMC QL of PRC even though the current clock status is holdover. Product-Group=junos	Router is advertising the ESMC QL of PRC even though the current clock status is holdover. This behaviour is addressed in this PR and will be applicable to all platforms.
PR Number	Synopsis	Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1508291	The heap memory utilization might increase after extensive subscribers log in or log out. Product-Group=junos	On MX platforms with subscriber scenario, if subscribers are hosted over iflset (interface-set), FPC heap memory leak might be observed after extensive subscribers login/logout.
1539474	The accounting interim-updates for subscriber does not work after GRES and subsequent reboot of FPCs in the node-slicing setup. Product-Group=junos	On MX with MPC5 and newer card installed, if node slicing and subscriber service are enabled, the radius accounting interim updates may not carry actual statistics after performing GRES of base system (BSYS) and subsequent reboot of FPCs.
PR Number	Synopsis	Category: Trio pfe bridging, learning, stp, oam, irb software
1502867	Traffic originated from another subnet is sent out with 0x8100 instead of 0x88a8. Product-Group=junos	On the MX platforms with MPC7/8/9 installed, when an interface configured with vlan-tags outer tpid (tag protocol ID) 0x88a8 on these line cards, traffic originated from another subnet will be sent out with 0x8100. It will cause traffic to get dropped at the remote site.
1533767	PPE errors/traps might be observed in L2 flooding scenarios Product-Group=junos	On Junos platforms with MPC1~4/MPC-3D-16XGE/T4000-FPC5/ EX9200-4QS/EX9200-2C-8XS/EX9200-MPC/EX9200-32XS/ SRX5K-SPC-4-15-320/SRX5K-MPC, when broadcast/multicast packets from access as transit traffic flooding in a bridge-domain (for example: multicast OSPF packets entering EVPN instance, these OSPF packets are being handled as transient packets), all packets except IPv6 NS (Neighbor Solicitation) might be dropped because of traps.
1533857	The fpc process might crash when the next hop memory of ASIC is exhausted in the EVPN-MPLS scenario. Product-Group=junos	On all MX/EX92xx platforms with EVPN-MPLS configured, NH (Next-Hop) memory leak in Trio ASIC happens whenever there is a route churn for remote MAC-IP entries learned bound to the IRB interface in EVPN-MPLS routing-instance. When the ASIC's NH memory partition exhausted (free% NH memory is close to 20% or below), which will result in the line card to reboot.
PR Number	Synopsis	Category: Issues related to port-mirroring functionality on JUNOS
1542500	Port mirroring with maximum-packet-length configuration does not work over the GRE interface. Product-Group=junos	Port mirroring with maximum-packet-length configuration does not work over GRE interface on MX204. While constructing GRE header, the clipping aspect of inner packet was not accounted earlier. If the inner packet is truncated, the outer GRE header packet size must use the new size (clipped size) to calculate the total length of outer header.
PR Number	Synopsis	Category: VNID L2-forwarding on Trio
1517591	no-arp-suppression is required for MAC learning across the EVPN domain on the static VTEP. Product-Group=junos	O On MX Series platform, with Ethernet VPN and Virtual Extensible LANs (EVPN-VXLAN) implemented, the Address Resolution Protocol (ARP) requests received on VXLAN tunnel endpoint (VTEP) might not forward to customer edge (CE) side or proxy ARP role on VTEP might not work properly. This issue might occur when the 'no-arp-suppression' configuration statement is disabled under EVPN instance combined with static VXLAN implementation. Please refer to the workaround provided when this issue hit.
PR Number	Synopsis	Category: Virtual Router Redundancy Protocol
1526851	When SRX receives proxy ARP request on VRRP interface, SRX sends ARP reply with underlying interface MAC address Product-Group=junos	On SRX Series devices with VRRP scenario, the proxy ARP reply uses interface MAC address instead of VRRP MAC address if the VRRP is configured on some IFL and the proxy-arp is configured on same IFL, traffic loss may occur.
PR Number	Synopsis	Category: VSRX platform software
1496937	The clock drift issue might cause control link failure of a vSRX cluster running on the KVM hypervisor. Product-Group=junos	When the vSRX cluster is deployed on the top of the KVM hypervisor, the host clock drift issue might cause vSRX cluster deployment to be unstable status due to the vSRX doesn't handle the KVM clock well. The issue will cause control link failure between the cluster nodes. Further, if the knob "control-link-recovery" is enabled, the secondary node for the RG0 (redundancy-group 0) will reboot automatically.
1524243	The control link might be broken when there is excessive traffic load on the control link in vSRX cluster deployment. Product-Group=junosvae	In the vSRX2.0 cluster running on KVM, when there is excessive traffic load on the control link (em0 link), the error message kernel: em0: watchdog timeout on queue 0 might be shown in the syslog. This interruption might cause the cluster control link to fail and dynamic routing protocols not to work properly.

19.1R3-S4 - List of Known issues

PR Number	Synopsis	Category: Marvell based EX PFE ACL
1434927	The FPC crashes with pfem generating core file might be seen if large-scale number of firewall filters are configured. Product-Group=junos	On EX Series switches, If you are configuring a large-scale number of firewall filters on some interfaces, the FPC might crash and generate core files.
PR Number	Synopsis	Category: Marvell based EX PFE MISC
1232403	HSRPv2 IPv6 packets might get dropped if IGMP-snooping is enabled. Product-Group=junos	On EX Series switches except EX4300/EX4600/EX9200, an interface is configured for single vlan or multiple vlans, if all these vlans of this interface have igmp-snooping enabled, then this interface will drop HSRPv2 (Hot Standby Router Protocol for IPv6) packets. But if some vlans do not have igmp-snooping enabled, then this interface is working fine.
PR Number	Synopsis	Category: EX9200 Platform
1448368	On the EX9214 device, the following error message are observed after reboot and MACsec-enabled link flaps: errorlib_set_error_log(): err_id(-1718026239). Product-Group=junos	On the EX9214 device, if the MACsec-enabled link flaps after reboot, the error "errorlib_set_error_log(): err_id(-1718026239)" is observed.
PR Number	Synopsis	Category: Cassis XQ related issues
1464297	On the MX960 router, the following error message might be observed: SCHED L4NP[0] Parity errors. Product-Group=junos	This PR along with an earlier PR1232952 address the issue completely, so JUNOS version in question should have fix for these two PRs to address this issue completely.
PR Number	Synopsis	Category: NFX Series Platform Software
1462556	Junos OS: NFX350: Password hashes stored in world-readable format (CVE-2020-1669) Product-Group=junos	The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. Refer to https://kb.juniper.net/JSA11066 for more information.
1508580	Errors on vjunos0 Regarding TSensor related to PR 1362108 Product-Group=junosvae	False positive TSensor errors are reported on vjunos0
PR Number	Synopsis	Category: QFX PFE L2
1494072	On the QFX5200 line of switches, the MAC learning rate is degraded by 88 percent. Product-Group=junos	Juniper's qfx-5k products were originally using vendor's SDK handling mac learning. At some point, Juniper introduced its own DMA software for mac learning, which had improved learning rate by 50% or so. As the rest vendor's SDK software advanced over time, the mix of vendor's and Juniper's software had caused some sever mac learning stability issue. Mac learning may be stuck at some conditions. Decision has been made to re-align all software back to vendor's general SDK uniformly. This has solved the stability issue as tested extensively. At the expense, the mac learning rate is cut by about 50%, back to original rate.
PR Number	Synopsis	Category: QFX L3 data-plane/forwarding
1464567	QFX5120 -- EVPN/VXLAN -- ACL TCAM scaling Product-Group=junos	On QFX5120 switches with VXLAN configured, user configured ACLs are limited to only one type (iRACL, iVACL or iPACL).
PR Number	Synopsis	Category: CoS support on ACX
1522941	The show class-of-service interface command does not show classifier information. Product-Group=junos	This is a display issue. Due to misread in PFE registers, classifier is not shown in "show class-of-service interface" output
PR Number	Synopsis	Category: JUNOS kernel/ukernel changes for ACX
1481151	Memory utilization enhancement is needed. Product-Group=junos	RPD memory chunk size is optimized for the ACX platform to reduce the memory footprint.
PR Number	Synopsis	Category: MX Layer 2 Forwarding Module
1546631	MAC learning issue might happen when EVPN-VXLAN is enabled. Product-Group=junos	On MX platform, with Ethernet VPN and Virtual Extensible LANs (EVPN-VXLAN) implemented, Address Resolution Protocol (ARP) requests received on VXLAN tunnel endpoint (VTEP) might not forward to customer edge (CE) side or Proxy ARP role on VTEP might not work properly. This issue could happen when knob 'no-arp-suppression' is disabled under EVPN instance combined with static VXLAN implementation. Please refer to workaround provided when this issue hit.
PR Number	Synopsis	Category: BBE interface related issues
1525036	Problem With static VLAN deletion with active subscribers and the FPC might be stuck at Ready state during restart Product-Group=junos	In subscriber brought up over static VLAN scenario on MX platforms, during the restart process, some resources are stuck in the FPC and the FPC is never able to reach online state but stuck at Ready state. The fix is to make sure the device control daemon deletes the static VLAN interface only after the dependency table associated with the static VLAN interface are resolved/removed.
PR Number	Synopsis	Category: BBE Resource monitoring related issues
1559810	JDI_REG_MANAGEABILITY_REGRESSION : [mgd_infra] [all] : mx960 :: mismatch between Yang schema and RPC output Product-Group=junos	While running YANG based RPC commands for resource-monitor-fpc-information. There is a mismatch and failure to use YANG for this command. These commands are available in all cases (not just Tomcat or XDA), although they are not very relevant in other cases.
PR Number	Synopsis	Category: Bi Directional Forwarding Detection (BFD)
1516556	The remaining BFD sessions of the aggregated Ethernet interface flap continuously if one of the BFD sessions is deleted. Product-Group=junos	On QFX10000 platforms, if multiple sub-interfaces of the same Aggregated Ethernet (AE) interface belong to different routing instances, and these sub-interfaces are configured with the same IP address and configured with separate Bidirectional Forwarding Detection (BFD) sessions, the remaining BFD sessions will flap continuously if one of these BFD sessions is deleted.
1518106	The BFD sessions might flap continuously after disruptive switchover followed by GRES. Product-Group=junos	Disruptive switchover (no GRES or NSR configured) can lead to stale PPM entries programmed on the new master Routing Engine. If both GRES and NSR are activated after disruptive switchover and then a GRES switchover is performed, BFD sessions might flap continuously.
PR Number	Synopsis	Category: Border Gateway Protocol
1456260	Packet drop and CPU spike on Routing Engine might be seen in certain conditions if labeled-unicast protection is enabled for a CsC-VRF peer. Product-Group=junos	On all Junos OS platforms under carrier supporting carrier (CsC) scenario, when PE link protection (labeled-unicast protection) is enabled, after one of the redundant links between CsC-CE flap or RSVP-TE LSP re-route from the primary path happens, it might result in slow convergence issue. Packets drop and CPU spike on the Routing Engine might be seen during this period.
PR Number	Synopsis	Category: BGP Openconfig and Sensor
1505425	The rpd process might crash in case of a network churn when the telemetry streaming is in progress Product-Group=junos	On all Junos OS platforms with the Juniper Telemetry Interface configured, the rpd might crash when there is telemetry streaming is in progress and meanwhile there is a network churn. This is a timing issue, and the rpd recovers automatically.
PR Number	Synopsis	Category: BBE Remote Access Server
1402653	The subscriber might need to take retry for login Product-Group=junos	On all Junos platforms running in subscriber scenario with address pool configured, if the address pool has high usage so that only few addresses are free to allocate, when there are subscribers logout and login, the released address by one subscriber might get re-used and allocated to the other subscriber very soon. Due to this issue, syslog error messages might be seen, and the affected subscriber might need to take retry for login.
PR Number	Synopsis	Category: Virtual-chassis platform/chassisd infrastructure PRs for MX
1552588	The VCP port is marked as administratively down on the wrong MX-VC member. Product-Group=junos	On MX/EX/QFX platforms with Virtual Chassis (VC) scenario, some interfaces might be shutdown unexpectedly, which might cause traffic to be interrupted if there is an error generated on an FPC. The reason is that after an ASIC error, the IFD down messages is not sent to the local chassis master where the error was reported, instead, it will be sent to the master of the Virtual Chassis, so that another interface with the same Slot/PIC/Port number will be shutdown as well.
PR Number	Synopsis	Category: DNX VPLS
1532995	Memory leak in Local OutLif in VPLS/CCC topology may be observed. Product-Group=junos	On ACX5448 platform, in a VPLS/CCC topology with core link protection when one of the core link flaps or the remote CE flaps "Local OutLif" leak might happen. The outlif leak may also cause scaling issue.
PR Number	Synopsis	Category: Flow Module
1467654	TCP session cannot time out properly upon receiving the TCP RESET packet, and the session timeout does not change to two seconds. Product-Group=junos	TCP session cannot time out properly upon receiving the TCP RESET packet, and the session timeout does not change to 2 seconds.
PR Number	Synopsis	Category: Firewall Policy
1454907	Traffic might be dropped when policies are changed in SRX Series devices Product-Group=junos	If a huge number of policies are configured on SRX Series devices and some policies are changed, the traffic that matches the changed policies might be dropped.
1558382	On SRX5K platforms, the secondary node might get stuck in performing ColdSync after a reboot, upgrade or if ISSU is performed Product-Group=junos	On SRX5K platforms, the secondary node might get stuck in performing ColdSync after a reboot.
PR Number	Synopsis	Category: Security platform jweb support
1550755	Jweb: "+" button is not shown at Jweb interface menu Product-Group=junos	When SRX has both dl0 and pp0 interfaces, no "+" button on interface (Configure > Interfaces > Ports) at Jweb. It prevents users to refer/modify logical interface configuration via Jweb.
PR Number	Synopsis	Category: PFE infra to support jvision
1547698	SENSOR APP DWORD leak is observed during the period of churn for routes bound to the sensor group. Product-Group=junos	SENSOR APP DWORD leak observed during the period of churn for routes bound to Sensor group. Sensor types that are affected are Segment Routing, Segment Routing-TE, LDP and RSVP LSPs.
PR Number	Synopsis	Category: Layer 2 Control Module
1532992	[xstp] [xstptag] :: EX4300:: PDT :: Complete traffic drop seen on configuring MSTP edge port over access and QinQ ports Product-Group=junos	In a qinq configuration xSTP should not be enabled on interface having ifls with vlan-id-list configured. If xSTP is enabled on such interface, it will only run on ifl whose vlan-id range includes native-vlan-id configured and all other ifls of this interface will in discarding state. So, user should not enable xSTP on these kind of interfaces. Sample configuration which is not allowed: set interfaces ge-0/0/1 flexible-vlan-tagging set interfaces ge-0/0/1 native-vlan-id 3000 set interfaces ge-0/0/1 encapsulation extended-vlan-bridge set interfaces ge-0/0/1 unit 2000 vlan-id-list 1-200 set interfaces ge-0/0/1 unit 2000 input-vlan-map push set interfaces ge-0/0/1 unit 2000 output-vlan-map pop set vlans csvlan1 interface ge-0/0/1.2000 set protocols mstp interface ge-0/0/1
PR Number	Synopsis	Category: Multicast Routing
1555518	Sending multicast traffic to downstream receiver on Trio based Virtual Chassis platforms might fail. Product-Group=junos	On Trio based Virtual Chassis (VC) platform, when there are multicast tunneled packets being received, which come into the Virtual Chassis Ports (VCP) and then pop out of the tunnel, if the VCP ports and the interfaces where multicast packets enter/leave the router are located on the same Packet Forwarding Engine (PFE), it might fail in sending multicast traffic to downstream receiver due to this issue.
PR Number	Synopsis	Category: Multicast for L3VPNs
1536903	The PIM (S,G) join state might stay forever when there are no MC receivers and source is inactive. Product-Group=junos	The problem can be seen in MVPN ASM scenario on a PE which has local MC source and receivers and RP is remote. If all receivers stop joining the group and MC source stops transmitting, corresponding PIM (S,G) state may remain indefinitely despite that. Due to the problem a router will maintain extra PIM state. Service is not impacted.
1546739	MVPN multicast route entry might not be properly updated with the actual downstream interfaces list. Product-Group=junos	In multicast VPN RPT-SPT mode with both locally and remotely connected receivers, the multicast forwarding entry related to the actual downstream interfaces may not be properly updated. The issue may happen when multicast forwarding entry is created by locally connected PIM receiver, followed by remote receiver and after local receiver decides to prune its membership in that multicast group.
PR Number	Synopsis	Category: Jflow and sflow on MX
1550603	The adapted sample rate might be reset to the configured sample rate without changing the sampling rate information in sFlow datagrams after enabling sFlow technology on a new interface Product-Group=junos	For the platforms supporting single sample rate per line card (i.e. MX Series routers and EX9200 switches), the actual (effective) sample rate of all the interfaces on a single FPC will be set to the sample rate with the lowest value if the configured or adapted sample rate are different among the interfaces enabled sFlow technology on this FPC. So, after the adaptive sampling event happens and the adapted sample rate (It has value great than the configured sample rate) is used for the interfaces on a FPC, if enabling sFlow technology on a new interface on the same FPC, the actual (effective) sample rate for the existing interfaces will be changed to the configured sample rate. However, the "Adapted sample rate" in "show sflow interface" CLI command and the "Sampling rate" in sampling information of the sFlow datagrams still shows the previous adapted sample rate. The inconsistency between flow information and actual sample rate might cause issues on the collector side.
PR Number	Synopsis	Category: Fabric Manager for MX
1451958	On MX Series, the dropped packets are seen on MQ/XM-based MPCs, although there is no traffic flowing through the system. Product-Group=junos	After fixing PR 1338647, Error dropped packets are seen on MQ/XM based MPC cards, though there is no traffic flowing through the system.
PR Number	Synopsis	Category: PE based L3 software
1550632	The Neighbor Solicitation might be dropped from the peer device Product-Group=junos	The Neighbor Solicitation (NS) might be dropped after the IPv6 binding is flushed from the peer side. The ping to IPv6 peer fails due to the NS message not reach RE. Since ping doesn?t work between the connected interface, any kind of traffic sent towards QFX might also not work. It has a traffic impact.
PR Number	Synopsis	Category: vMX Data Plane Issues
1534568	[CORE-PR][vZT]: Inconsistent core.python2.7.mpc0 core is seen with stacktrace @ea_wi_precl,@ea_macsec_receive Product-Group=junos	Inconsistent core.python2.7.mpc0 core is seen with stacktrace @ea_wi_precl,@ea_macsec_receive()
PR Number	Synopsis	Category: Protocol Independant Multicast
1487636	The rpd might crash when perform GRES with MSDP configured Product-Group=junos	On all Junos platforms, when execute Graceful Routing Engine Switchover (GRES) with Multicast Source Discovery Protocol (MSDP) enabled, rpd might crash on new master Routing Engine (RE). The issue could be automatically recovered after rpd successful self-restart. This is a timing and regression issue.
1500125	Some PIM join or prune packets might not be processed in the first attempt in the scale scenario where the PIM routers establish neighborship and immediately join the multicast group. Product-Group=junos	On all Junos platforms with scaling MVPN scenario, some PIM Join/Prune messages may not be processed for the first attempt. For instance, a dedicated PIM router receives more than 2500 PIM hello packets from the new neighbors, followed by PIM Join packets for the same multicast group in a very short period of time.
PR Number	Synopsis	Category: PTP related issues.
1420335	Resetting the playback engine log messages are seen on MPC5E. Product-Group=junos	In some scenarios with PTP hybrid mode, continuous Resetting the Playback Engine log message. Playback engine resides inside MPC FPGA and it is responsible for maintaining the PTP states corresponding.
1477775	Interface flaps with MAC local/remote fault might be seen Product-Group=junos	On MX with MPC5/6 100G, When PTP clock adjustments which the 100G interface is not able to cope up with are done in MPC5/6, interface flaps with MAC local fault might be seen. Traffic might be dropped when interface flaps.
1561372	JDI-_QFX5110_-REGRESSION-SWITCHING-[ptp] [ptptag] : qfx5110-48s-4c :: ptp lock status stuck at ACQUIRING state where PHASE ALIGNED is expected Product-Group=junos	In some cases the PTP slave port will stay in acquiring mode indefinitely, because the QFX is starting with EPOCH time Jan 1, 1970, and the time difference to the GM is too large for the servo algorithm. Fix is to start QFX at a time closer to the current NTP time.
PR Number	Synopsis	Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1481143	Chassisd cores might happen on backup RE after commit on QFX10Ks due to CHASSISD_MAIN_THREAD_STALLED for 200 seconds Product-Group=junos	Chassisd cores might happen on the backup RE after commit on QFX10K8/16s due to CHASSISD_MAIN_THREAD_STALLED for 200 seconds.
1520144	SNMP trap of power failure might not be sent out Product-Group=junosvae	On QFX5K platforms, the SNMP trap of power failure might not be sent out when power cable is removed from PSU, and the output of CLI command 'show chassis environment' would not display the information of the power failure.
PR Number	Synopsis	Category: QFX L3 data-plane/forwarding
1512175	DHCP traffic might not be forwarded correctly when sending DHCP unicast packets Product-Group=junos	On EX4600/QFX5K platforms, DHCP unicast packets are getting dropped in the device due to DHCP relay filters which are getting installed during the init time without any DHCP configuration.
PR Number	Synopsis	Category: KRT Queue issues within RPD
1542280	The KRT queue might get stuck after RE switchover Product-Group=junos	On all Junos platforms with dual Routing Engines (REs), if RE switchover happens while the rpd process on backup RE (new master RE) is reading routes from kernel, some error might happen in a very rare timing condition, and the Kernel Routing Table (KRT) queue might get stuck due to this issue.
PR Number	Synopsis	Category: IPSEC functionality on M/MX/T ser
1557216	[fips] [fips] EX4300 :: JUNOS:JDI_FT_REGRESSION:PROTOCOLS:SWITCHING:FIPS:Script is failing while committing the IPSEC authentication configuration as it is missing the statement of "algorithm". Product-Group=junos	DEV needs to provide release note.
PR Number	Synopsis	Category: MX10003/MX204 Platform SW - Chassisd s/w defects
1426480	SNMP MIB jnxAlarms is not available on MX10003 and MX204 platforms. Product-Group=junos	These MIBs are handled by craftd process, which does not run on MX10003/MX204 due to HW limitation.
PR Number	Synopsis	Category: Antivirus UTM issue
1557278	Stream buffer memory leak might happen when UTM(AV/AS/CF) is configured under unified policies Product-Group=junos	On all Junos platforms that support unified policies (layer 7 application), stream buffer memory leak might happen when Unified Threat Management (UTM) Antivirus Protection (AV)/ Antispam Filtering (AS)/Content Filtering (CF) is configured under unified policies. If the stream buffer memory is exhausted, traffic related to UTM will be affected.
PR Number	Synopsis	Category: Virtual Router Redundancy Protocol
1558560	Junos device might send VRRP advertisement packets in VRRP init or idle state before startup-silent-period timer expiry after performing GRES on VRRP master device with NSR disabled Product-Group=junos	If VRRP master device has dual Routing Engines (REs) and GRES enabled but nonstop-routing (NSR) disabled, after performing GRES, both REs will move to VRRP init then idle state and the new master RE will send VRRP advertisement packets in this stage before startup-silent-period timer expiry. Since the VRRP backup device can still receive the VRRP advertisement packets with higher priority, it will not transition to VRRP master state and hence cause the longer traffic downtime until the VRRP master device re-take the VRRP mastership after startup-silent-period timer expiry.

Knowledge Base