Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

17.3R3-S11: Software Release Notification for JUNOS Software Version 17.3R3-S11

0

0

Article ID: TSB17975 TECHNICAL_BULLETINS Last Updated: 15 Feb 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, VRR
Alert Description:
Junos Software Service Release version 17.3R3-S11 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 17.3R3-S11 is now available.

17.3R3-S11 - List of Fixed issues
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1367439 On the QFX5110 Virtual Chassis peers, invalid VRRP mastership election is observed.
Product-Group=junos
In some specific scenarios, the configuration of bpdu-block-on-edge might cause both QFX5110 to claim as VRRP masters.
PR Number Synopsis Category: Border Gateway Protocol
1323306 Routing Protocols The BGP session might be stuck with high BGP OutQ value after GRES on both sides.
Product-Group=junos
From 16.1 or above release, when both sides of a BGP session are doing NSR RE switchover simultaneously (double failures), depending on the configuration and scale, there is a chance the BGP session may stuck and BGP PDUs can't be exchanged. The permanently stuck OutQ are seen which is a typical symptom for this issue. This is because both sides are waiting for socket record boundary. Both sides are waiting to drain their partially written PDU. Due to this bug, neither side read at this state, leading to permanent stuck.
1446383 The BGP route prefixes are not being advertised to the peer.
Product-Group=junos
In the graceful-restart and delay-route-advertisements are configured scenario, when a BGP router is waiting for the End-Of-Rib message from the upstream BGP peer, the received corresponding set of NLRI (network layer reachability information) might be held in the Rib-Out and not being sent to the downstream BGP peers. This issue will cause the route update failure.
1487486 The rpd might crash with BGP RPKI enabled in a race condition
Product-Group=junos
On all Junos platforms with BGP PRKI (Resource Public Key Infrastructure) scenario, if NSR is enabled and scale routes and ROAs exist, in a very rare case, the ROA (route origin authorization) might be withdrawn before replicating to the backup RE when ROA changes happen, which results in the rpd crash.
1532414 Transit labels for Layer 3 VPN routes are pushed momentarily to the MPLS.0 table.
Product-Group=junos
In L3VPN scenario with in-line RR (Route Reflector) which has an export policy with next-hop self to advertise all transit L3VPN routes to its clients and also uses route-target family, the undesired L3VPN routes may be pushed to FIB (Forwarding Information Base) after enabling/disabling route-target family on the RR or a new BGP peer joins a group with 'next-hop self'.
1541768 The rpd process generates the core file at gp_rtarget_tsi_update,bgp_rtarget_flash_rt,bgp_rtarget_flash.
Product-Group=junos
If RTarget module tries to take an access of the active route which does not exist (since NextHop is not resolved), a reference is taken on the non-existent active route, and rpd crashes.
PR Number Synopsis Category: Virtual-chassis platform/chassisd infrastructure PRs for MX
1552588 The VCP port is marked as administratively down on the wrong MX-VC member.
Product-Group=junos
On MX/EX/QFX platforms with Virtual Chassis (VC) scenario, some interfaces might be shutdown unexpectedly, which might cause traffic to be interrupted if there is an error generated on an FPC. The reason is that after an ASIC error, the IFD down messages is not sent to the local chassis master where the error was reported, instead, it will be sent to the master of the Virtual Chassis, so that another interface with the same Slot/PIC/Port number will be shutdown as well.
PR Number Synopsis Category: Enhanced Broadband Edge support for cos
1413297 During ISSU or merge virtual-chassis member back to the VC, CoS GENCFG writes failures may be observed
Product-Group=junos
In a subscriber management deployment, performing ISSU or merging virtual-chassis member back to VC, CoS may be invalid and CoS GENCFG writes may be failed.
PR Number Synopsis Category: Device Configuration Daemon
1544257 Subscribers might logout then login after loopback address is changed
Product-Group=junos
On MX platform, under subscriber environment and unnumbered IP address borrowed from the loopback interface configured on Demux interface and Aggregated Ethernet (AE) interface, subscriber session might flap if IP address of the loopback interface IP is changed. Please refer to workaround provided when this issue hit.
PR Number Synopsis Category: This is for all defects raised against dns-proxy feature
1512212 Junos OS: SRX Series: ISC Security Advisory: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616)
Product-Group=junos
On Juniper Networks Junos OS SRX Series devices an uncontrolled resource consumption vulnerability in BIND may allow an attacker to cause a Denial of Service (DoS) condition. When these devices are configured to use DNS Proxy, these devices do not sufficiently limit the number of fetches performed when processing referrals. In order for a server performing recursion to locate records in the DNS graph it must be capable of processing referrals, such as those received when it attempts to query an authoritative server for a record which is delegated elsewhere. In its original design BIND (as well as other nameservers) does not sufficiently limit the number of fetches which may be performed while processing a referral response. A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. Refer to https://kb.juniper.net/JSA11090 for more information.
PR Number Synopsis Category: jdhcpd daemon
1453464 PPPoE holding DHCPv6 prefix causes DHCPv6 binding failure due to duplicate prefix.
Product-Group=junos
In subscriber management scenario deployed with DHCPv6 over PPPoE, if the DHCPv6 handshake process of one subscriber does not complete and fails, the prefix assigned will be freed back to the address-assignment pool and assigned to the next subscriber. But that prefix is incorrectly retained in the first subscriber's PPPoE session. Then if the first subscriber solicits DHCPv6 prefix again, the original prefix which is already assigned to the second subscriber will be requested, resulting in DHCPv6 bind failure due to duplicate prefix.
PR Number Synopsis Category: lldp sw on MX platform
1538482 DUT did not receive the LLDP packet from phone.
Product-Group=junos
On EX4300 platforms, the LLDP (Link Layer Discovery Protocol) neighborship with the VoIP (Voice over Internet Protocol) phones can't be established when LLDP is configured on the PoE (Power over Ethernet) enabled port on EX4300 and connects to the VoIP Phone.
PR Number Synopsis Category: OS IPv4/ARP/ICMPv4
1544398 ARP expired timer on backup RE is not same with master RE if aging-timer is configured
Product-Group=junos
If aging-timer is configured on master RE for an IRB interface, the ARP timer configuration is not synced properly to backup RE for the IRB interface. It might cause ARP storm after RE switchover.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1525318 Junos OS: telnetd.real Local Privilege Escalation vulnerabilities in SUID binaries (CVE-2021-0223)
Product-Group=junos
A local privilege escalation vulnerability in telnetd.real of Juniper Networks Junos OS may allow a locally authenticated shell user to escalate privileges and execute arbitrary commands as root. Please refer to https://kb.juniper.net/JSA11114 for more information.
PR Number Synopsis Category: PE based L3 software
1500798 BFD sessions flap after deactivating or activating the aggregated Ethernet interface or executing GRES.
Product-Group=junos
On QFX10008 platforms, if the BFD is configured over an AE interface (member link across multiple FPCs), deactivating/activating the AE interface or executing GRES will cause the BFD sessions to flap.
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1538340 Interfaces are not created after channel-speed 10g is applied across ports 48 to 53 on QFX5100-48T
Product-Group=junos
After channelizing port 48 through 53 and channel speed, the interfaces are down on QFX5100-48T platform. This issue causes interfaces are deleted and traffic might be dropped.
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1534455 Some routes might get incorrectly programmed in the forwarding table in the kernel which is no longer present in rpd.
Product-Group=junos
In a scaled routes scenario, if there is any route change operation when the system is under memory pressure, the rpd might change a route entry but the same is not conveyed to the kernel. This causes a mismatch between routes in rpd and kernel leading to traffic blackhole for the mismatched route entries that are incorrectly programmed in the kernel.
PR Number Synopsis Category: show route table commands, tracing, and syslog facilities
1555866 Configuring HFRR i.e. link-protection on an interface may cause rpd to crash
Product-Group=junos
On MX/VMX/T/TX series platforms, if Host fast reroute (HFRR) is enabled on an interface, the ARP and FRR (BGP backup routes) routes will be added to RIB. Then changing this interface address and adding new ARP route within 10 seconds will cause the rpd to crash.
PR Number Synopsis Category: Resource Reservation Protocol
1516657 The rpd scheduler might slip after the link flaps.
Product-Group=junos
On all Junos platforms with RSVP-TE configured, when a transit router carries a large number of LSP's (for example, 60k and higher) and all those LSPs undergo FRR (for example, when link carrying large number of LSP's flap) then, the rpd scheduler might slip and LDP session tear down might be observed after the link flap.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1475948 The syslog reports simultaneous zone change reporting for all green, yellow, orange, and red zones for one or more service PICs.
Product-Group=junos
The router may report erroneous, simultaneous syslog messages for zone change reporting for all zones green, yellow, orange, red for one or more Service PICs. Nov 30 05:58:22.162 TestR1 : %DAEMON-4: (FPC Slot 2, PIC Slot 0) ms50 mspmand[233]: Entered red memory zone Nov 30 05:58:22.163 TestR1 : %DAEMON-4: (FPC Slot 2, PIC Slot 0) ms50 mspmand[233]: Entered orange memory zone Nov 30 05:58:22.163 TestR1 : %DAEMON-4: (FPC Slot 2, PIC Slot 0) ms50 mspmand[233]: Entered yellow memory zone Nov 30 05:58:22.163 TestR1 : %DAEMON-4: (FPC Slot 2, PIC Slot 0) ms50 mspmand[233]: Entered green memory zone The issue is a reporting error and has no functional effect on traffic. The issue is self-correcting. These errors can be appear in approximately every 49-50 days.
PR Number Synopsis Category: MPC7/8/9 Interface Issues
1490531 The MPC might crash due to the PHY interface driver issue of MIC in MX2K or MX10003 platform
Product-Group=junos
In MACSEC TIC (TerABIT INTERFACE CARD) with MX2K or 10003 scenarios, if the IFD is detached or attached when interface flaps, the PHY interface driver issue might happen in some corner cases. Then these flapped IFD might cause PFEMAN thread crash on PFE and the MPC where it is located might crash soon afterward.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1525824 The following error message is observed when alarms after interface reset: 7836 ifl 567 chan_index 8 NOENT & jnh_ifl_topo_handler_pfe(13015): ifl=567 err=1 updating channel table nexthop.
Product-Group=junos
When the VRRP MACs will be deleted, the VRRP feature will be disabled from the IFL. We are seeing this issue as part of deletion of VRRP feature. During VRRP feature disable process, Ifl_entry should be present. But here we can see that ifl delete has been happened first and then VRRP feature disable is happening. To avoid this, implementing precheck for the ifl_entry and also will be cleaning up the vrrp entry as part of sw_entry and hw_entry deletion.
 

17.3R3-S11 - List of Known issues
PR Number Synopsis Category: Marvell based EX PFE MISC
1232403 HSRPv2 IPv6 packets might get dropped if IGMP-snooping is enabled.
Product-Group=junos
On EX Series switches except EX4300/EX4600/EX9200, an interface is configured for single vlan or multiple vlans, if all these vlans of this interface have igmp-snooping enabled, then this interface will drop HSRPv2 (Hot Standby Router Protocol for IPv6) packets. But if some vlans do not have igmp-snooping enabled, then this interface is working fine.
PR Number Synopsis Category: NFX Series Platform Software
1462556 Junos OS: NFX350: Password hashes stored in world-readable format (CVE-2020-1669)
Product-Group=junos
The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. Refer to https://kb.juniper.net/JSA11066 for more information.
PR Number Synopsis Category: HW Board, FPGA, CPLD issues
1407095 QFX10002 showing error fpc0 prds_ptc_clear_all_pulse_and_samples: prds_ptc_clear_all_pulse_and_samples PE 4 PTC 2: after clearing sample, sample still valid 1
Product-Group=junos
The error we are seeing is for the ptc (Precision time counter ).On some QFX10002, the PTC Sync SW algorithm does not always run at the expected time; this algorithm keeps the PE chip time counters up to date, which is used for the IEEE 1588 PTP feature. On some hardware, there are error logs sent to the console, even though the algorithm is actually running correctly. Not all QFX10002 exhibit this behavior.The impact of the bug is that there are too many error logs that are not useful, which flood the console or message logs This only applies to the QFX10002.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1416025 The QFX and EX switch may not install all IRB MAC addresses in the initialization
Product-Group=junos
On QFX5100/QFX5110/QFX5120/QFX5200/EX4600 which is configured as a layer 3 gateway in an EVPN topology, it may not install all MAC-addresses for the integrated bridging and routing (IRB) interface in the TCAM table. Even though the MAC-address for the IRB gets installed by removing and reconfiguration, but the MAC-address is missed again in the TCAM table after reboot.
PR Number Synopsis Category: ACX MPLS
1512821 On a ACX ring topo, after link connection flap between PHP node and Egress PE node, VRF traffic that should be PHP still go out with MPLS and VPN labels
Product-Group=junos
After link connection flap between the PHP node and the egress PE node, the VRF traffic which supposed to PHP and sent only with VPN label out to egress PE, would wrongly tagged with both MPLS label and VPN label.
PR Number Synopsis Category: Border Gateway Protocol
1523075 The BGP session with VRRP virtual address might not come up after a flap.
Product-Group=junos
When VRRP virtual address is configured and used to set up a BGP session with the remote side, under rare timing conditions, BGP peer establishment may get rejected repetitively.
PR Number Synopsis Category: BBE Remote Access Server
1402653 The subscriber might need to take retry for login
Product-Group=junos
On all Junos platforms running in subscriber scenario with address pool configured, if the address pool has high usage so that only few addresses are free to allocate, when there are subscribers logout and login, the released address by one subscriber might get re-used and allocated to the other subscriber very soon. Due to this issue, syslog error messages might be seen, and the affected subscriber might need to take retry for login.
1426244 Address allocation issue with linked pools when using linked-pool-aggregation
Product-Group=junos
In a chain of linked address pools, if the last pool is sent and linked-pool-aggregation is configured, the head of the linked pool might not be returned once the last pool is consumed.
PR Number Synopsis Category: Virtual-chassis platform/chassisd infrastructure PRs for MX
1431377 Benign "registration is being denied" message maybe seen when committing configuration on MXVC
Product-Group=junos
The following logs may be displayed when doing commit: Dec 24 13:19:20.018 2020 jtac-mx480-r2041-re0 kernel: %KERN-3: rts_ifstate_chk_multi_registration: daemon chassisd(80693) has previously registered 4 time(s) Dec 24 13:19:20.018 2020 jtac-mx480-r2041-re0 kernel: %KERN-3: rts_ifstate_client_open: Process chassisd(80693) has exceeded the maximum permissible limit as ifstate client. Hence this registration is being denied These message can happen as part of the JUNOS configuration commit process, where a new instance of processes are started to specifically (and only) "check" the configuration before the configuration is committed. In this case, the client connections from the chassisd process to the kernel are not needed to perform the "check" operation, and should be skipped when running in "check" mode. The messages are benign.
PR Number Synopsis Category: Express ASIC platform
1384435 An enhancement of optimizing the report to the single bit error check
Product-Group=junos
Due to transient hardware condition, single-bit error (SBE) events are corrected and have no operational impact. Reporting of those events had been disabled to prevent alarms and possibly unnecessary hardware replacements. This change applies to all Platforms using Hybrid Memory Controller (HMC).
PR Number Synopsis Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip
1361250 On the MX104 router, the scheduler slip is observed when the configuration changes are committed.
Product-Group=junos
RPD slips are noticed on MX104 for customers that have large configuration load on the box with multiple services enabled [Example l2circuits, VPLS, L3VPN, firewall-filters configuration, SNMP-polling, etc.] Following should be considered to avoid RPD slips for longer time duration: Configure system config: delta-export, persist-groups-inheritance, fast-synchronize Reduce configuration size where possible on this platform Remove any trace-options and reduce the logging pressure on the NAND-flash storage Analyse the load from processes such as snmpd, mib2d, pfed processes incase customers running SNMP.
PR Number Synopsis Category: jdhcpd daemon
1565540 jnxJdhcpLocalServerMacAddress (.1.3.6.1.4.1.2636.3.61.61.1.4.3) returns incorrect format of MAC address
Product-Group=junos
Due to the improper data type is assigned for the MAC address in the code, jnxJdhcpLocalServerMacAddress (.1.3.6.1.4.1.2636.3.61.61.1.4.3) returns incorrect format of MAC address.
PR Number Synopsis Category: jl2tpd daemon
1414092 The jpppd might generates core files on LNS.
Product-Group=junos
The jpppd might core dump on LNS.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1441824 On routers running Junos OS and serving as EVPN/VPLS gateways, FPC core files available at heap_block_log due to NULL entries are also seen in the ifbd level list, which are typically added for flush list. This occurs because of the relink logic failure flush logic for MACs when there is ifbd/bd delete.
Product-Group=junos
On routers running Junos OS and serving as EVPN/VPLS gateways, FPC core files at heap_block_log due to NULL entries are also seen in the ifbd level list which are typically added for flush list. So this seems to be the side effect of the relink logic failure flush logic for MACs when there is ifbd/bd delete.
PR Number Synopsis Category: "ifstate" infrastructure
1439906 On all Junos OS VM based platforms, FPC might reboot if jlock hog occurs.
Product-Group=junos
On a JUNOS VM using TSC clocking from the host system, "jlock hog" messages may be seen. This may lead to FPCs reboot.
1545463 Continuous rpd errors might be seen and new routes will fail to be programmed by rpd
Product-Group=junos
In case of high route churn in the network, all kuackmem (Kernel ACK mechanism) entries may be exhausted as a result of a rare timing issue and any new routes will fail to get programmed by rpd.
PR Number Synopsis Category: TCP/UDP transport layer
1552603 The BGP session replication might fail to start after the session crashes on a backup Routing Engine
Product-Group=junos
On certain Junos platforms with Dual-REs (platforms capable of installing Junos packages with name format as "junos*install"), BGP replication may fail to start under GRES/NSR setup after a crash on backup Routing Engine. NSR starts un-replicating the socket since backup Routing Engine is no longer present. Massive unreplicated request leads to memory buffer getting full with multiple BGP sessions (e.g., 20 BGP peers). Hence BGP unreplicated request returned with an error. Besides, the kernel is left with stale data. It does not allow the JSR (Juniper Socket Replication, BGP in this case) when backup RE comes up due to the stale data. BGP-NSR (Nonstop Routing) is broke under the conditions. Traffic outage will be observed after performing GRES.
PR Number Synopsis Category: Periodic Packet Management Daemon
1563947 A single hop BFD session over IRB interface works in centralised mode if the VPLS instance the IRB belongs to has only LSI interfaces bound to VPLS pseudowires and has no local non-tunnel attachment circuits
Product-Group=junos
A single hop BFD session over IRB interface works in centralised mode if the VPLS instance the IRB belongs to has only LSI interfaces bound to VPLS pseudowires and has no local non-tunnel attachment circuits. PPMD daemon responsible for the session distribution to FPC microkernel will be attempting to distribute the session indefinitely failing every time. Upon every distribution failure, the following counter increases by 1, typical counter increase rate is about +40 per minute: > user@router> show ppm distribution-statistics > > PPMD distribution statistics: > PFE not eligible: 0 > Kernel returned no address: 340 <<<--- > Client hash index fail: 0 > PFE marked for deletion: 0 > Client eligibility fail: 0 > PFE is not capable: 0 > DFWD is not capable: 0 > Lo0 subunit missing: 0 This issue could be seen on any JUNOS release/platform supporting distributed or inlined single hop BFD over IRB. Both session distribution failure and endless failing attempts to distribute it are expected to be addressed in JUNOS, there is no confirmed date of the fixes arrival. General centralised mode recommendations like avoiding agressive subsecond BFD timers are applicable to this case.
PR Number Synopsis Category: QFX L2 PFE
1475005 The system might stop new MAC learning and impact the Layer 2 traffic forwarding
Product-Group=junos
On QFX platforms, if there are a lot of MAC moves, the system might stop new MAC learning and lots of old MAC addresses might be stuck and couldn't be aged and deleted. Due to this issue, could have impact on layer 2 traffic forwarding and the customer service.
PR Number Synopsis Category: QFX EVPN / VxLAN
1550305 EVPN_VXLAN : Traffic not load balanced by QFX10002 over ESI links with evpn_vxlan configured
Product-Group=junos
EVPN_VXLAN : Traffic not load balanced by QFX10002 over ESI links with evpn_vxlan configured
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1458595 The rpd crash might be seen if BGP route is resolved over the same prefix protocol next-hop in inet.3 table that has both RSVP and LDP routes.
Product-Group=junos
In race condition, if a BGP route is resolved over the same prefix protocol next hop in a routing table that has routes of the prefix from different routing protocols, when the routes are flapping (firstly these routes are down and then up), the BGP route will be re-resolved, and then the rpd crash might be seen.
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1482112 The rpd process might crash when deactivating logical systems.
Product-Group=junos
On all Junos platforms running with logical systems, if the logical systems get deactivated either by manually restarting the rpd process or by the deletion of the logical system configurations, the rpd process might crash in a race condition. It is a timing issue.
PR Number Synopsis Category: Resource Reservation Protocol
1445994 Traffic might be silently dropped or discarded if two consecutive PLRs along the LSP performs local repair simultaneously under certain misconfigured conditions.
Product-Group=junos
In RSVP environment with link or node protection deployed, if two consecutive PLRs (point of local repair) along the LSP perform local repair simultaneously and if backup LSP signaling between the downstream PLR & MP (merge point) pair fails due to any reason, then the backup LSP signaling between the upstream PLR & MP pair also does not succeed. Then due to a software defect the upstream PLR does not correctly clean up the LSP state and continues to send traffic into the backup LSP, resulting in traffic blackhole at the downstream PLR.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1482400 The vmcore process crashes sometimes along with the mspmand process on MS-MPC or MS-MIC if large-scale traffic flows are processed.
Product-Group=junos
With NAT/Stateful-firewall/TCP tickle (enable by default) configured on MS-MPC/MS-MIC, the vmcore crash sometimes along with mspmand crash might happen if large-scale traffic flows (e.g. million flows) are processed by it.
1544887 IPFIX/JFLOW sampling is not supported when Interface style CGNAT is enabled on the same interface.
Product-Group=junos
IPFIX/JFLOW sampling is not supported when Interface style CGNAT is enabled on the same interface.
PR Number Synopsis Category: Trio pfe stateless firewall software
1303529 MQSS parcel error may result in performance degradation or the forwarding through the Packet Forwarding Engine (PFE) might stall
Product-Group=junos
On an affected FPC type, when traffic is passed through the optimized loopback path (like using lt- interfaces or traffic manager ingress-and-egress mode) with packet sizes more than 512 bytes ; the forwarding through the Packet Forwarding Engine (PFE) might stall or you may notice performance degradation. The following syslog entry will be reported: MQSS(0): LI-1: Received a parcel with more than 512B accompanying data The MPC that reports this syslog error message needs to be restarted to recover from this condition. The problem is applicable to MX204, MX10003,MX2020, MX2010 ,MX960,MX480 and MX240 which are using On MPC7/8/9E linecards (MPC1, MPC2, MPC3,MPC4,MPC5,MPC6 are not affected).Remaining MX platforms such as MX104 and MX80/MX40/MX5 are not affected by this issue.
PR Number Synopsis Category: DDos Support on MX
1519887 The state of the flow detection configuration might not be displayed properly if DDOS-SCFD is configured globally
Product-Group=junos
The display output under "Flow detection configuration" for individual packet-type does not reflect the effect of DDoS global configuration (e.g. "set system ddos-protection global flow-detection-mode off"). This is only a display issue that happens when the DDoS-SCFD (suspicious flow detection) function is configured for all protocol groups and packet types.
PR Number Synopsis Category: Issues related to YANG Data Models
1502939 YANG packages and event-options hierarchy
Product-Group=junos
When you want to delete a YANG package, you must deactivate the "event-options" hierarchy (if configured) prior to issuing the "request system yang delete" command. Once the package is deleted, "event-options" can be activated.
PR Number Synopsis Category: Virtual Private LAN Services
1295664 Layer 2 Features LSI interface might not be created, causing remote MACs not to be learned and display of the following error log: RPD_KRT_Q_RETRIES: ifl iff add: Device busy".
Product-Group=junos
With VPLS being configured, after upgrade to 15.1/16.1/17.x releases, in some circumstances VPLS LSI interface are not correctly created, causing remote MACs not being learnt and L2 VPLS outage. The issue is not reproduced and the code change is not a fix but add a instrumentation using a hidden command 'show vpls ipc-history', which should be captured right away when the issue is seen on latest releases. show vpls ipc-history <<<<< show vpls connections show krt queue show route forwarding-table extensive /var/log/messages
 
Modification History:
First Publication 2021-02-12
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search