17.4R3-S4: Software Release Notification for JUNOS Software Version 17.4R3-S4

Junos Software service Release version 17.4R3-S4 is now available.

17.4R3-S4 - List of Fixed issues

PR Number	Synopsis	Category: QFX PFE L2
1505239	The dcpfe/FPC might crash due to the memory leak during the vlan add/delete operation Product-Group=junos	On all QFX5k and EX4600 series platforms, memory leak might happen during the vlan add/delete operation on the interface. The dcpfe/FPC crashes with a coredump if the device is running out of memory. Traffic loss might be seen during the dcpfe/FPC crash and restart.
PR Number	Synopsis	Category: QFX L3 data-plane/forwarding
1367439	On the QFX5110 Virtual Chassis peers, invalid VRRP mastership election is observed. Product-Group=junos	In some specific scenarios, the configuration of bpdu-block-on-edge might cause both QFX5110 to claim as VRRP masters.
1486632	On the QFX 5100-48T-6Q Virtual Chassis or Virtual Chassis fan, the following error message is observed while copying the image to the Virtual Chassis fan member and trying to downgrade the image: rcp for member 14, failed. Product-Group=junos	On QFX 5100-48T-6Q VC/VCF, RCP error might be seen while upgrading the system using "request system software add no-validate" and system upgrade/ installation could fail. This issue happens if DCPFE cpu utilization is very high.
PR Number	Synopsis	Category: CoS support on ACX
1522941	The show class-of-service interface command does not show classifier information. Product-Group=junos	This is a display issue. Due to misread in PFE registers, classifier is not shown in "show class-of-service interface" output
PR Number	Synopsis	Category: ACX L3 IPv4, IPv6 support
1508534	The ACX1100, ACX2100, ACX2200, ACX2000, and ACX4000 might stop forwarding transit and control traffic. Product-Group=junos	The ACX500, ACX1000, ACX1100, ACX2100, ACX2200, and ACX4000 platform may stop forwarding transit and control traffic due to DMA stuck issue with SDK.
PR Number	Synopsis	Category: Border Gateway Protocol
1487486	The rpd might crash with BGP RPKI enabled in a race condition Product-Group=junos	On all Junos platforms with BGP PRKI (Resource Public Key Infrastructure) scenario, if NSR is enabled and scale routes and ROAs exist, in a very rare case, the ROA (route origin authorization) might be withdrawn before replicating to the backup RE when ROA changes happen, which results in the rpd crash.
1517498	The rpd might crash after deleting and re-adding a BGP neighbor. Product-Group=junos	In BGP scenario on all Junos platforms, after deleting and re-adding a BGP neighbor, the rpd might crash due to a rare timing issue.
1532414	Transit labels for Layer 3 VPN routes are pushed momentarily to the MPLS.0 table. Product-Group=junos	In L3VPN scenario with in-line RR (Route Reflector) which has an export policy with next-hop self to advertise all transit L3VPN routes to its clients and also uses route-target family, the undesired L3VPN routes may be pushed to FIB (Forwarding Information Base) after enabling/disabling route-target family on the RR or a new BGP peer joins a group with 'next-hop self'.
PR Number	Synopsis	Category: Track PRs in BGP Flow Spec area & is part of BGP inside RPD.
1539109	Junos OS and Junos OS Evolved: Upon receipt of a specific BGP FlowSpec message network traffic may be disrupted. (CVE-2021-0211) Product-Group=junos	Upon receipt of a specific BGP FlowSpec message network traffic may be disrupted. Please refer to https://kb.juniper.net/JSA11101 for more information.
PR Number	Synopsis	Category: MPC5/6E pfe microcode software
1453575	The FPC might crash due to the memory corruption in JNH pool Product-Group=junos	On all Trio-based platforms, after the restart of the fabric plane, the FPC might crash due to memory corruption in the JNH pool.
1478392	MX Series-based MPC linecard might crash when there is bulk route update failure in a corner case. Product-Group=junos	On all MPCs and certain MICs, if there are events like interface flaps, the routes learned over that interface might get retracted and deleted by the routing protocols. Because of this issue, when bulk route update failure happens, either some next hops are unable to be reached or certain next hops are still reachable incorrectly, and the line card might crash in a corner case. It is a rare timing issue.
PR Number	Synopsis	Category: Device Configuration Daemon
1544257	Subscribers might logout then login after loopback address is changed Product-Group=junos	On MX platform, under subscriber environment and unnumbered IP address borrowed from the loopback interface configured on Demux interface and Aggregated Ethernet (AE) interface, subscriber session might flap if IP address of the loopback interface IP is changed. Please refer to workaround provided when this issue hit.
PR Number	Synopsis	Category: This is for all defects raised against dns-proxy feature
1512212	Junos OS: SRX Series: ISC Security Advisory: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) Product-Group=junos	On Juniper Networks Junos OS SRX Series devices an uncontrolled resource consumption vulnerability in BIND may allow an attacker to cause a Denial of Service (DoS) condition. When these devices are configured to use DNS Proxy, these devices do not sufficiently limit the number of fetches performed when processing referrals. In order for a server performing recursion to locate records in the DNS graph it must be capable of processing referrals, such as those received when it attempts to query an authoritative server for a record which is delegated elsewhere. In its original design BIND (as well as other nameservers) does not sufficiently limit the number of fetches which may be performed while processing a referral response. A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. Refer to https://kb.juniper.net/JSA11090 for more information.
PR Number	Synopsis	Category: mgd, ddl, odl infra issues
1458345	"persist-groups-inheritance" causes the "mustd" process to crash and issues commit failure Product-Group=junos	"persist-groups-inheritance" configuration option causes the "mustd" process to crash when one performs the "commit" action.
PR Number	Synopsis	Category: EVPN control plane issues
1313073	RPD coredump while changing the EVPN instance type from VIRTUAL_SWITCH to EVPN and deleting an IFL from family bridge. Product-Group=junos	When we change the instance-type from virtual-switch to evpn, we are not resetting virtual-switch instance type(EVI_VIRTUAL_SWITCH) bit in evi flags. As a result, while parsing the evi interfaces, Junos is trying to validate the interfaces thinking that it's of type virtual-switch and looks for family bridge configuration for the interfaces. But the interface config was changed from family bridge to encap vlan-bridge to put it in instance type evpn. Example: 'delete interfaces ae5 unit 604 family bridge' 'delete routing-instances EVPN-0604 bridge-domains' 'set routing-instances EVPN-0604 instance-type evpn' 'delete routing-instances EVPN-0604 protocols evpn extended-vlan-list'
PR Number	Synopsis	Category: Integrated Routing & Bridging (IRB) module
1484721	ARP entry might not be created in the EVPN-MPLS environment. Product-Group=junos	In the EVPN-MPLS environment, if a VLAN is created without having it in "protocols evpn extended-vlan-list", then adding it, the ARP entry may not be created on the device even it receives the ARP packets through the newly added VLAN.
PR Number	Synopsis	Category: ISIS routing protocol
1526447	The IS-IS LSP database synchronization issue might be seen while using the flood-group feature. Product-Group=junos	On all Junos platform, when flood-group is configured on interface under isis, if isis LSPs time out and then come up, the device sends only self-generated LSPs and doesn't increment the LSP updates received from neighbor which flapped. This is causing LSP database out of synchronization issue.
PR Number	Synopsis	Category: jdhcpd daemon
1453464	PPPoE holding DHCPv6 prefix causes DHCPv6 binding failure due to duplicate prefix. Product-Group=junos	In subscriber management scenario deployed with DHCPv6 over PPPoE, if the DHCPv6 handshake process of one subscriber does not complete and fails, the prefix assigned will be freed back to the address-assignment pool and assigned to the next subscriber. But that prefix is incorrectly retained in the first subscriber's PPPoE session. Then if the first subscriber solicits DHCPv6 prefix again, the original prefix which is already assigned to the second subscriber will be requested, resulting in DHCPv6 bind failure due to duplicate prefix.
PR Number	Synopsis	Category: Layer 2 Circuit issues
1511783	The rpd process might crash after removing the last configured interface under the Layer 2 circuit neighbor. Product-Group=junos	On all Junos platforms, rpd crash may be observed after removing the last interface configured under the l2circuit neighbor which is in fact active.
PR Number	Synopsis	Category: L2TP service related issues
1472775	Services Applications MX Series L2tp LTS fails to forward the agentCircuitId and agentRemoteId AVP toward the LNS. Product-Group=junos	MX L2tp LTS fails to forward the agentCircuitId and agentRemoteId AVP received from the LAC towards the LNS.
PR Number	Synopsis	Category: lacp protocol
1277144	LACP is not sending IFF_DOWN reason with destroy session request Product-Group=junos	In current scenario when interface is going down then LACPD is not sending reason for destroy session request i.e IFF_DOWN(interface down). So the LACP session may not be destoried immediately until the LACP session times out.
1366825	The RG1 interface failover occurs when RG0 failover is triggered. Product-Group=junos	RG1+ which is configured for interface-monitor, might fail over to the other node if RG0 failover is triggered.
PR Number	Synopsis	Category: Label Distribution Protocol
1527197	LDP routes might be deleted from MPLS routing table after RE switchover Product-Group=junos	On all Junos platforms with NSR and segment routing for ISIS configured, LDP routes might be deleted on new master RE's MPLS routing table after RE switchover.
PR Number	Synopsis	Category: lldp sw on MX platform
1538482	DUT did not receive the LLDP packet from phone. Product-Group=junos	On EX4300 platforms, the LLDP (Link Layer Discovery Protocol) neighborship with the VoIP (Voice over Internet Protocol) phones can't be established when LLDP is configured on the PoE (Power over Ethernet) enabled port on EX4300 and connects to the VoIP Phone.
PR Number	Synopsis	Category: SW PRs for MPC10E Interfaces
1491142	BCM8238X SerDes firmware did not complete tuning may be a false positive alarm. Product-Group=junos	BCM8238X SerDes firmware did not complete tuning may be a false positive alarm.
PR Number	Synopsis	Category: Multicast Routing
1555518	Sending multicast traffic to downstream receiver on Trio based Virtual Chassis platforms might fail. Product-Group=junos	On Trio based Virtual Chassis (VC) platform, when there are multicast tunneled packets being received, which come into the Virtual Chassis Ports (VCP) and then pop out of the tunnel, if the VCP ports and the interfaces where multicast packets enter/leave the router are located on the same Packet Forwarding Engine (PFE), it might fail in sending multicast traffic to downstream receiver due to this issue.
PR Number	Synopsis	Category: Multicast for L3VPNs
1425876	MVPN using PIM dense mode does not prune the OIF when PIM prune is received. Product-Group=junos	In the MVPN (Multicast Virtual Private Network) scenario, when PIM Dense mode is used, the egress PE might not prune the OIF (outgoing interface) when PIM prune is received.
PR Number	Synopsis	Category: OS IPv4/ARP/ICMPv4
1496429	Routing Engine crash might be seen when a large number of next hops are quickly deleted and readded in large ARP/ND scale scenario. Product-Group=junos	On all Junos platforms with large ARP/ND scale scenario, if a large number of nexthops are deleted and re-added very quickly (such as a result of link flap), the memory corruption might occur and eventually cause RE crash.
1544398	ARP expired timer on backup RE is not same with master RE if aging-timer is configured Product-Group=junos	If aging-timer is configured on master RE for an IRB interface, the ARP timer configuration is not synced properly to backup RE for the IRB interface. It might cause ARP storm after RE switchover.
PR Number	Synopsis	Category: Kernel Stats Infrastructure
1508442	SNMP polling might return unexpectedly high value of ifHCOutOctets counter for physical interface when any jnxDom OID is processed at the same time. Product-Group=junos	When actual transmitted load is configured for interface as: set interfaces interface-transmit-statistics And ifHCOutOctets OID is polling together with any jnxDom OIDs for the same interface with time interval between pollings equal or less then one second, the resulted value of ifHCOutOctets may be unexpectedly high
1522561	OID ifOutDiscards reports zero and sometimes shows valid value. Product-Group=junos	OID ifOutDiscards reports zero and sometimes shows valid value. user@router> show snmp mib get ifOutDiscards.514 \| refresh 3 ---(refreshed at 2020-07-10 12:54:07 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:10 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:13 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:16 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:19 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:22 IST)--- ifOutDiscards.514 = 241974 ---(refreshed at 2020-07-10 12:54:25 IST)--- ifOutDiscards.514 = 241974 ---(refreshed at 2020-07-10 12:54:28 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:31 IST)--- ifOutDiscards.514 = 0
PR Number	Synopsis	Category: Protocol Independant Multicast
1542573	Continuous rpd crash might be observed if a static group is added to protocol pim Product-Group=junos	when the static group is configured under protocols pim, continuous rpd crash might happen, which will eventually cause rpd to be down. Please use IGMPv3 static join instead if not otherwise instructed to avoid this issue.
PR Number	Synopsis	Category: Interface related issues. Port up/down, stats, CMLC , serdes
1475851	FPC major error is observed after system boots up or FPC restarts. Product-Group=junos	FPC is reporting Major Error because of SHUTDOWN ERI failure during BIST with repair on HMC having FW version >= 0x9c. BIST with repair is incorporated during boot up, so this Major Error will be reported during boot up having FW>=0x9c on HMC. During debugging, its found that this ERI is getting issued even before the HMC was brought up which is resulting into this Error. So added bringup steps for HMC before the BIST procedure starts as done for vale-ptx.
1538340	Interfaces are not created after channel-speed 10g is applied across ports 48 to 53 on QFX5100-48T Product-Group=junos	After channelizing port 48 through 53 and channel speed, the interfaces are down on QFX5100-48T platform. This issue causes interfaces are deleted and traffic might be dropped.
PR Number	Synopsis	Category: RPD Next-hop issues including indirect, CNH, and MCNH
1534455	Some routes might get incorrectly programmed in the forwarding table in the kernel which is no longer present in rpd. Product-Group=junos	In a scaled routes scenario, if there is any route change operation when the system is under memory pressure, the rpd might change a route entry but the same is not conveyed to the kernel. This causes a mismatch between routes in rpd and kernel leading to traffic blackhole for the mismatched route entries that are incorrectly programmed in the kernel.
PR Number	Synopsis	Category: RPD policy options
1562867	Generate route goes to hidden state when protect core knob is enabled Product-Group=junos	On all Junos platforms, if protect core knob is enabled under routing options then generate route might go into hidden state.
PR Number	Synopsis	Category: RPD route tables, resolver, routing instances, static routes
1459384	The rpd memory leak might be observed on the backup Routing Engine due to BGP flap. Product-Group=junos	In a BGP scenario when certain routes are flapping frequently, it could lead to rpd memory leak on backup Routing Engine. The rpd might crash and restart once the rpd runs out of memory for certain junos releases.
PR Number	Synopsis	Category: RPM and TWAMP
1541808	The rmopd process memory leak might be seen if TWAMP client is configured Product-Group=junos	If TWAMP (Two-Way Active Measurement Protocol) client is configured, memory leak in rmopd process may be observed after executing "request services rpm twamp start client" command.
PR Number	Synopsis	Category: Generic issues on MS-PIC and MS-DPC related Services feature
1550035	The following error message is observed: SPD_CONN_OPEN_FAILURE: spd_pre_fetch_query: unable to open connection to si-1/0/0. Product-Group=junos	Following SPD failed messages are seen when inline-services interface (SI) is created: re0 spd[15922]: SPD_CONN_FAILURE: Connection did not succeed (Pic is down or busy) error: libservicesui: Unable to connect to 128.0.1.17 at fpc-slot 1 and pic-slot 0 after 1 retries (errno = 65) re0 spd[15922]: SPD_CONN_OPEN_FAILURE: spd_pre_fetch_query: unable to open connection to si-1/0/0 (No route to host) NOTE: There is no functionality break due to these error logs and these messages are harmless.
PR Number	Synopsis	Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1475948	The syslog reports simultaneous zone change reporting for all green, yellow, orange, and red zones for one or more service PICs. Product-Group=junos	The router may report erroneous, simultaneous syslog messages for zone change reporting for all zones green, yellow, orange, red for one or more Service PICs. Nov 30 05:58:22.162 TestR1 : %DAEMON-4: (FPC Slot 2, PIC Slot 0) ms50 mspmand[233]: Entered red memory zone Nov 30 05:58:22.163 TestR1 : %DAEMON-4: (FPC Slot 2, PIC Slot 0) ms50 mspmand[233]: Entered orange memory zone Nov 30 05:58:22.163 TestR1 : %DAEMON-4: (FPC Slot 2, PIC Slot 0) ms50 mspmand[233]: Entered yellow memory zone Nov 30 05:58:22.163 TestR1 : %DAEMON-4: (FPC Slot 2, PIC Slot 0) ms50 mspmand[233]: Entered green memory zone The issue is a reporting error and has no functional effect on traffic. The issue is self-correcting. These errors can be appear in approximately every 49-50 days.
PR Number	Synopsis	Category: platform related PRs on SRX branch platforms
1512810	Junos OS: SRX Series: A logic error in BIND can be used to trigger a Denial of Service (DoS) (CVE-2020-8617) Product-Group=junos	A vulnerability in BIND code, used in Juniper Networks Junos OS on SRX Series devices, which checks the validity of messages containing TSIG resource records can be exploited by an attacker to trigger an assertion failure in tsig.c, resulting in a Denial of Service (DoS). Refer to https://kb.juniper.net/JSA11091 for more information.
PR Number	Synopsis	Category: MX10003/MX204 Linux issues (including driver issues)
1492121	The MX10003 router might shut itself down automatically after the system upgrades or downgrades. Product-Group=junosvae	On the MX10003 platform, if we upgrade or downgrade Junos software from a set of original releases to a set of target releases, the system might detect incorrect temperature values and shutdown. The set of the original releases are: Junos 18.2R3, 18.3R3, 18.4R2, 19.1R2, 19.2R1, 19.3R1. The set of the target releases are: Junos pre-18.2R3, pre-18.3R3, pre-18.4R2, pre-19.1R2, pre-19.2R1, and pre-19.3R1 releases
PR Number	Synopsis	Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1343965	Stout card crash and cores when DHCPv6 on static vlan logout Product-Group=junos	MPC7 card may crash when logout DHCPv6 subscribers over static VLAN
PR Number	Synopsis	Category: Trio pfe bridging, learning, stp, oam, irb software
1525824	The following error message is observed when alarms after interface reset: 7836 ifl 567 chan_index 8 NOENT & jnh_ifl_topo_handler_pfe(13015): ifl=567 err=1 updating channel table nexthop. Product-Group=junos	When the VRRP MACs will be deleted, the VRRP feature will be disabled from the IFL. We are seeing this issue as part of deletion of VRRP feature. During VRRP feature disable process, Ifl_entry should be present. But here we can see that ifl delete has been happened first and then VRRP feature disable is happening. To avoid this, implementing precheck for the ifl_entry and also will be cleaning up the vrrp entry as part of sw_entry and hw_entry deletion.
1542211	Trio-based FPC might crash when the underlying Layer 2 interface for ARP over IRB interface is changed from the physical interface to the LSI interface. Product-Group=junos	This issue applies to a Trio-based FPC using the integrated routing and bridging (IRB) interface with a VPLS instance using the label-switched interface (LSI) to provide VPLS functionality. The FPC may restart unexpectedly. The restart is triggered when the underlying layer-2 interface for ARP over IRB interface changes from the physical interface to the LSI interface.

17.4R3-S4 - List of Known issues

PR Number	Synopsis	Category: Marvell based EX PFE ACL
1434927	The FPC crashes with pfem generating core file might be seen if large-scale number of firewall filters are configured. Product-Group=junos	On EX Series switches, If you are configuring a large-scale number of firewall filters on some interfaces, the FPC might crash and generate core files.
PR Number	Synopsis	Category: Marvell based EX PFE MISC
1232403	HSRPv2 IPv6 packets might get dropped if IGMP-snooping is enabled. Product-Group=junos	On EX Series switches except EX4300/EX4600/EX9200, an interface is configured for single vlan or multiple vlans, if all these vlans of this interface have igmp-snooping enabled, then this interface will drop HSRPv2 (Hot Standby Router Protocol for IPv6) packets. But if some vlans do not have igmp-snooping enabled, then this interface is working fine.
PR Number	Synopsis	Category: NFX Series Platform Software
1462556	Junos OS: NFX350: Password hashes stored in world-readable format (CVE-2020-1669) Product-Group=junos	The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. Refer to https://kb.juniper.net/JSA11066 for more information.
PR Number	Synopsis	Category: QFX L3 data-plane/forwarding
1455547	Core files might get generated during the addition or removal of the EVPN type-5 routing instance. Product-Group=junos	On QFX platforms, the coredump might occur during adding/removing EVPN Type-5 routing instance. The EVPN route would be corrupted and traffic/service impact appears if hitting the issue.
PR Number	Synopsis	Category: JUNOS kernel/ukernel changes for ACX
1481151	Memory utilization enhancement is needed. Product-Group=junos	RPD memory chunk size is optimized for the ACX platform to reduce the memory footprint.
PR Number	Synopsis	Category: ACX MPLS
1525348	In ACX platforms, family inet6 configuration is needed in core interface for VPNv6 traffic forwarding Product-Group=junos	In ACX platforms, family inet6 configuration is needed in core facing interface for VPNv6 traffic forwarding
PR Number	Synopsis	Category: ACX Services feature
1520305	On the ACX500-I router, the show services session count does not work as expected. Product-Group=junos	Configuring stateful-firewall filter will lead to traffic drop & firewall session counters will not be incremented. This is seen only in new SDk 6.5.16 releases. Issue will be fixed in 20.1R3.
1559690	On the ACX5048 router, the fxpc process generates core file on the analyzer configuration. Product-Group=junos	In analyzer configuration, if the route to the monitoring server (output ip-address) is reachable with unilist NH fxpc crashes while programming the next-hop in the hardware. It is taken care through this PR that this scenario is handled and crash is avoided while NH programming.
PR Number	Synopsis	Category: ACX TDM Infrastructure
1378747	FEB restarted after commit "delete interfaces e1-0/0/*" Product-Group=junos	Because of a race condition, in which the "class-of-service" configuration request for an interface is received before the e1-interface is created, a circuit with specified class-of-service parameters is created. Because of this, the interface creation fails resulting in traffic not flowing on the e1-interface and then (if e1-interfaces are further disabled or enabled) a core file is generated.
PR Number	Synopsis	Category: Bi Directional Forwarding Detection (BFD)
1518106	The BFD sessions might flap continuously after disruptive switchover followed by GRES. Product-Group=junos	Disruptive switchover (no GRES or NSR configured) can lead to stale PPM entries programmed on the new master Routing Engine. If both GRES and NSR are activated after disruptive switchover and then a GRES switchover is performed, BFD sessions might flap continuously.
PR Number	Synopsis	Category: Border Gateway Protocol
1523075	The BGP session with VRRP virtual address might not come up after a flap. Product-Group=junos	When VRRP virtual address is configured and used to set up a BGP session with the remote side, under rare timing conditions, BGP peer establishment may get rejected repetitively.
PR Number	Synopsis	Category: BBE Remote Access Server
1402653	The subscriber might need to take retry for login Product-Group=junos	On all Junos platforms running in subscriber scenario with address pool configured, if the address pool has high usage so that only few addresses are free to allocate, when there are subscribers logout and login, the released address by one subscriber might get re-used and allocated to the other subscriber very soon. Due to this issue, syslog error messages might be seen, and the affected subscriber might need to take retry for login.
PR Number	Synopsis	Category: EVPN control plane issues
1439537	The rpd process may crash after committing changes in the EVPN environment Product-Group=junos	On all Junos platforms with EVPN configured, the rpd process may crash after committing any configuration changes if there is an existing MAC entry received from multiple sources and trying to update the latest source. Traffic loss may be observed due to the rpd crash.
PR Number	Synopsis	Category: ISIS routing protocol
1338448	RPd core seen during changes Product-Group=junos	Core occur when freeing sensor which is already freed. Spring interface sensor store sensor id in gencfg. while deleting this sensor, it is sometime possible that IPC to gencfg failed result gencfg still present which will be read when again interface come up. This gencfg sensor might allocated to autobw hence 2 time allocated so while freeing same sensor again it result in core.
1455994	Prefix SID conflict might be observed in IS-IS. Product-Group=junos	In an ISIS segment routing scenario, prefix SID(Segment Identifier) might conflict for internal prefixes. When ISIS L2 to L1 route leaking policy is used after NSR(Nonstop active Routing), it is observed that the L1/L2 router appears to be leaking some prefixes twice, second time setting SID and all flags to 0 due to which all the SIDs have conflicting values as '0' which might cause traffic loss.
PR Number	Synopsis	Category: Firewall Policy
1454907	Traffic might be dropped when policies are changed in SRX Series devices Product-Group=junos	If a huge number of policies are configured on SRX Series devices and some policies are changed, the traffic that matches the changed policies might be dropped.
PR Number	Synopsis	Category: Key Management Daemon
1421591	IPsec tunnels flapping causes KMD memory leak Product-Group=junos	KMD leaks memory when DEP (dynamic endpoints) or static IPsec tunnels are flapping or getting re-established. In a scaled scenario this eventually leads to KMD crash due to memory exhaustion.
PR Number	Synopsis	Category: Layer2 forwarding on EX/NTF/PTX/QFX
1441824	On routers running Junos OS and serving as EVPN/VPLS gateways, FPC core files available at heap_block_log due to NULL entries are also seen in the ifbd level list, which are typically added for flush list. This occurs because of the relink logic failure flush logic for MACs when there is ifbd/bd delete. Product-Group=junos	On routers running Junos OS and serving as EVPN/VPLS gateways, FPC core files at heap_block_log due to NULL entries are also seen in the ifbd level list which are typically added for flush list. So this seems to be the side effect of the relink logic failure flush logic for MACs when there is ifbd/bd delete.
PR Number	Synopsis	Category: Multicast for L3VPNs
1536903	The PIM (S,G) join state might stay forever when there are no MC receivers and source is inactive. Product-Group=junos	The problem can be seen in MVPN ASM scenario on a PE which has local MC source and receivers and RP is remote. If all receivers stop joining the group and MC source stops transmitting, corresponding PIM (S,G) state may remain indefinitely despite that. Due to the problem a router will maintain extra PIM state. Service is not impacted.
1546739	MVPN multicast route entry might not be properly updated with the actual downstream interfaces list. Product-Group=junos	In multicast VPN RPT-SPT mode with both locally and remotely connected receivers, the multicast forwarding entry related to the actual downstream interfaces may not be properly updated. The issue may happen when multicast forwarding entry is created by locally connected PIM receiver, followed by remote receiver and after local receiver decides to prune its membership in that multicast group.
PR Number	Synopsis	Category: Fabric Manager for MX
1535787	All SFBs might go offline due to fabric failure and fabric self-ping probes performing the disable-pfe action. Product-Group=junos	Once yanking out the MPC without prior offline and the chassisd process is not able to process this event on the master RE due to additional mastership switch, and later the MPC which pulled out the slot is re-inserted back, many Switch Fabric Board (SFB) might be offline due to max_total_cell_usage overflow condition on the xfchip. MX2020 Platform with SFB2 is not exposed to such event, neither if MX2020 has the disable-grant-bypass configured.
PR Number	Synopsis	Category: PE based L3 software
1500798	BFD sessions flap after deactivating or activating the aggregated Ethernet interface or executing GRES. Product-Group=junos	On QFX10008 platforms, if the BFD is configured over an AE interface (member link across multiple FPCs), deactivating/activating the AE interface or executing GRES will cause the BFD sessions to flap.
PR Number	Synopsis	Category: PTX5KBroadway based PFE IPv4, IPv6 software
1254415	On the PTX Platform with FPC Model FPC-PTX-P1-A or FPC2-PTX-P1A, you might encounter single event upset (SEU) event that might cause a linked-list corruption of the TQCHIP. The following syslog message gets reported: Jan 9 08:16:47.295 router fpc0 TQCHIP1: Fatal error pqt_min_free_cnt is zero Jan 9 08:16:47.295 router fpc0 CMSNG: Fatal ASIC error, chip TQ Jan 9 08:16:47.295 router fpc0 TQ Chip::FATAL ERROR!! from PQT free count is zero jan 9 08:16:47.380 router alarmd[2427]: Alarm set: FPC color=RED, class= Product-Group=junos	On the PTX Platform with FPC Model FPC-PTX-P1-A or FPC2-PTX-P1A, you might encounter single event upset (SEU) event that might cause a linked-list corruption of the TQCHIP. The following syslog message gets reported: Jan 9 08:16:47.295 router fpc0 TQCHIP1: Fatal error pqt_min_free_cnt is zero Jan 9 08:16:47.295 router fpc0 CMSNG: Fatal ASIC error, chip TQ Jan 9 08:16:47.295 router fpc0 TQ Chip::FATAL ERROR!! from PQT free count is zero jan 9 08:16:47.380 router alarmd[2427]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 Jan 9 08:16:47.380 router craftd[2051]: Fatal alarm set, FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 The Junos OS Chassis Management Error handling detects such a condition, raises an Alarm, and disables the affected Packet Forwarding Engine entity. To recover this Packet Forwarding Engine entity, restart the FPC. Contact your Juniper support representative if the issue persists even after the FPC restarts.
PR Number	Synopsis	Category: Protocol Independant Multicast
1487636	The rpd might crash when perform GRES with MSDP configured Product-Group=junos	On all Junos platforms, when execute Graceful Routing Engine Switchover (GRES) with Multicast Source Discovery Protocol (MSDP) enabled, rpd might crash on new master Routing Engine (RE). The issue could be automatically recovered after rpd successful self-restart. This is a timing and regression issue.
1500125	Some PIM join or prune packets might not be processed in the first attempt in the scale scenario where the PIM routers establish neighborship and immediately join the multicast group. Product-Group=junos	On all Junos platforms with scaling MVPN scenario, some PIM Join/Prune messages may not be processed for the first attempt. For instance, a dedicated PIM router receives more than 2500 PIM hello packets from the new neighbors, followed by PIM Join packets for the same multicast group in a very short period of time.
PR Number	Synopsis	Category: RPD policy options
1523891	The policy configuration might be mismatched between the rpd and mgd process when deactivate policy-options prefix-list is involved in the configuration sequence. Product-Group=junos	If "deactivate policy-options prefix-list" is involved in configuration sequence along with other policy configurations, the mgd process might not notify the rpd process about the policy configuration changes after committing the configuration. This can cause the policy configuration to be out-of-synchronization between policy database used by rpd and configuration database used by mgd. Due to the missing policy entries in policy database, later the rpd might crash when accessing these entries via CLI command like "show policy".
PR Number	Synopsis	Category: RPD route tables, resolver, routing instances, static routes
1252025	JFLOW/IPFIX forwarding database is not updated after next-hop changes causing stale flow attributes being exported for a flow record Product-Group=junos	In case there is a topology change event (link-down) that does not involve BGP_route->indirect_nexthop mapping change (that is, only the indirect next hop itself is changed to point to another unicast next hop), or BGP route changes do not causing BGP_route->indirect_nexthop mapping change, then the JFLOW/IPFIX forwarding database is not updated. This database is used by the JFLOW export thread (multiservice daemon in case of PTX inline JFLOW/IPFIX) to fill the JFLOW/IPFIX flow data. Thus stale flow record attributes like gateway (NH), outgoing interface (OIF) and BGPNextHop could be inserted into the flow record by the multiservice daemon performing IPFIX/JFLOW export.
PR Number	Synopsis	Category: Resource Reservation Protocol
1516657	The rpd scheduler might slip after the link flaps. Product-Group=junos	On all Junos platforms with RSVP-TE configured, when a transit router carries a large number of LSP's (for example, 60k and higher) and all those LSPs undergo FRR (for example, when link carrying large number of LSP's flap) then, the rpd scheduler might slip and LDP session tear down might be observed after the link flap.
PR Number	Synopsis	Category: Sangria Platform fabric, fabric management, TF chip driver
1547790	Traffic blackhole might be seen after swapping an FPC type 3 card with an FPC type 1 card in the same slot on a PTX3000 router Product-Group=junos	On the PTX3000 router, swapping an FPC type 3 card (FPC3-SFF-PTX) with an FPC type 1 card (FPC-SFF-PTX) in the same slot will result in the fabric channel-map not get updated on the SIB after the swap. This issue will cause total traffic loss.
PR Number	Synopsis	Category: MPC7/8/9 Interface Issues
1441816	Egress stream flush failure and traffic black hole might occur. Product-Group=junos	Egress stream flush failure and silent dropping of traffic could occur in a rare occasion for a repeatedly flapping link on MPC7E, MPC8E, MPC9E cards, MX204 and MX10003.
PR Number	Synopsis	Category: Trio pfe bridging, learning, stp, oam, irb software
1542537	In EVPN-MPLS scenario, BUM traffic is dropped during configuration changes. Product-Group=junos	In evpn-mpls scenario, BUM(Broadcast, unknown-unicast and multicast) traffic would be dropped due to flood nexthop deletion during configuration changes on any of the PE node.

Knowledge Base