Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles17.4R3-S4: Software Release Notification for JUNOS Software Version 17.4R3-S4
Junos Software service Release version 17.4R3-S4 is now available.
17.4R3-S4 - List of Fixed issuesPR Number | Synopsis | Category: QFX PFE L2 |
---|---|---|
1505239 | The dcpfe/FPC might crash due to the memory leak during the vlan add/delete operation Product-Group=junos |
On all QFX5k and EX4600 series platforms, memory leak might happen during the vlan add/delete operation on the interface. The dcpfe/FPC crashes with a coredump if the device is running out of memory. Traffic loss might be seen during the dcpfe/FPC crash and restart. |
PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
1367439 | On the QFX5110 Virtual Chassis peers, invalid VRRP mastership election is observed. Product-Group=junos |
In some specific scenarios, the configuration of bpdu-block-on-edge might cause both QFX5110 to claim as VRRP masters. |
1486632 | On the QFX 5100-48T-6Q Virtual Chassis or Virtual Chassis fan, the following error message is observed while copying the image to the Virtual Chassis fan member and trying to downgrade the image: rcp for member 14, failed. Product-Group=junos |
On QFX 5100-48T-6Q VC/VCF, RCP error might be seen while upgrading the system using "request system software add no-validate" and system upgrade/ installation could fail. This issue happens if DCPFE cpu utilization is very high. |
PR Number | Synopsis | Category: CoS support on ACX |
1522941 | The show class-of-service interface command does not show classifier information. Product-Group=junos |
This is a display issue. Due to misread in PFE registers, classifier is not shown in "show class-of-service interface" output |
PR Number | Synopsis | Category: ACX L3 IPv4, IPv6 support |
1508534 | The ACX1100, ACX2100, ACX2200, ACX2000, and ACX4000 might stop forwarding transit and control traffic. Product-Group=junos |
The ACX500, ACX1000, ACX1100, ACX2100, ACX2200, and ACX4000 platform may stop forwarding transit and control traffic due to DMA stuck issue with SDK. |
PR Number | Synopsis | Category: Border Gateway Protocol |
1487486 | The rpd might crash with BGP RPKI enabled in a race condition Product-Group=junos |
On all Junos platforms with BGP PRKI (Resource Public Key Infrastructure) scenario, if NSR is enabled and scale routes and ROAs exist, in a very rare case, the ROA (route origin authorization) might be withdrawn before replicating to the backup RE when ROA changes happen, which results in the rpd crash. |
1517498 | The rpd might crash after deleting and re-adding a BGP neighbor. Product-Group=junos |
In BGP scenario on all Junos platforms, after deleting and re-adding a BGP neighbor, the rpd might crash due to a rare timing issue. |
1532414 | Transit labels for Layer 3 VPN routes are pushed momentarily to the MPLS.0 table. Product-Group=junos |
In L3VPN scenario with in-line RR (Route Reflector) which has an export policy with next-hop self to advertise all transit L3VPN routes to its clients and also uses route-target family, the undesired L3VPN routes may be pushed to FIB (Forwarding Information Base) after enabling/disabling route-target family on the RR or a new BGP peer joins a group with 'next-hop self'. |
PR Number | Synopsis | Category: Track PRs in BGP Flow Spec area & is part of BGP inside RPD. |
1539109 | Junos OS and Junos OS Evolved: Upon receipt of a specific BGP FlowSpec message network traffic may be disrupted. (CVE-2021-0211) Product-Group=junos |
Upon receipt of a specific BGP FlowSpec message network traffic may be disrupted. Please refer to https://kb.juniper.net/JSA11101 for more information. |
PR Number | Synopsis | Category: MPC5/6E pfe microcode software |
1453575 | The FPC might crash due to the memory corruption in JNH pool Product-Group=junos |
On all Trio-based platforms, after the restart of the fabric plane, the FPC might crash due to memory corruption in the JNH pool. |
1478392 | MX Series-based MPC linecard might crash when there is bulk route update failure in a corner case. Product-Group=junos |
On all MPCs and certain MICs, if there are events like interface flaps, the routes learned over that interface might get retracted and deleted by the routing protocols. Because of this issue, when bulk route update failure happens, either some next hops are unable to be reached or certain next hops are still reachable incorrectly, and the line card might crash in a corner case. It is a rare timing issue. |
PR Number | Synopsis | Category: Device Configuration Daemon |
1544257 | Subscribers might logout then login after loopback address is changed Product-Group=junos |
On MX platform, under subscriber environment and unnumbered IP address borrowed from the loopback interface configured on Demux interface and Aggregated Ethernet (AE) interface, subscriber session might flap if IP address of the loopback interface IP is changed. Please refer to workaround provided when this issue hit. |
PR Number | Synopsis | Category: This is for all defects raised against dns-proxy feature |
1512212 | Junos OS: SRX Series: ISC Security Advisory: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) Product-Group=junos |
On Juniper Networks Junos OS SRX Series devices an uncontrolled resource consumption vulnerability in BIND may allow an attacker to cause a Denial of Service (DoS) condition. When these devices are configured to use DNS Proxy, these devices do not sufficiently limit the number of fetches performed when processing referrals. In order for a server performing recursion to locate records in the DNS graph it must be capable of processing referrals, such as those received when it attempts to query an authoritative server for a record which is delegated elsewhere. In its original design BIND (as well as other nameservers) does not sufficiently limit the number of fetches which may be performed while processing a referral response. A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. Refer to https://kb.juniper.net/JSA11090 for more information. |
PR Number | Synopsis | Category: mgd, ddl, odl infra issues |
1458345 | "persist-groups-inheritance" causes the "mustd" process to crash and issues commit failure Product-Group=junos |
"persist-groups-inheritance" configuration option causes the "mustd" process to crash when one performs the "commit" action. |
PR Number | Synopsis | Category: EVPN control plane issues |
1313073 | RPD coredump while changing the EVPN instance type from VIRTUAL_SWITCH to EVPN and deleting an IFL from family bridge. Product-Group=junos |
When we change the instance-type from virtual-switch to evpn, we are not resetting virtual-switch instance type(EVI_VIRTUAL_SWITCH) bit in evi flags. As a result, while parsing the evi interfaces, Junos is trying to validate the interfaces thinking that it's of type virtual-switch and looks for family bridge configuration for the interfaces. But the interface config was changed from family bridge to encap vlan-bridge to put it in instance type evpn. Example: 'delete interfaces ae5 unit 604 family bridge' 'delete routing-instances EVPN-0604 bridge-domains' 'set routing-instances EVPN-0604 instance-type evpn' 'delete routing-instances EVPN-0604 protocols evpn extended-vlan-list' |
PR Number | Synopsis | Category: Integrated Routing & Bridging (IRB) module |
1484721 | ARP entry might not be created in the EVPN-MPLS environment. Product-Group=junos |
In the EVPN-MPLS environment, if a VLAN is created without having it in "protocols evpn extended-vlan-list", then adding it, the ARP entry may not be created on the device even it receives the ARP packets through the newly added VLAN. |
PR Number | Synopsis | Category: ISIS routing protocol |
1526447 | The IS-IS LSP database synchronization issue might be seen while using the flood-group feature. Product-Group=junos |
On all Junos platform, when flood-group is configured on interface under isis, if isis LSPs time out and then come up, the device sends only self-generated LSPs and doesn't increment the LSP updates received from neighbor which flapped. This is causing LSP database out of synchronization issue. |
PR Number | Synopsis | Category: jdhcpd daemon |
1453464 | PPPoE holding DHCPv6 prefix causes DHCPv6 binding failure due to duplicate prefix. Product-Group=junos |
In subscriber management scenario deployed with DHCPv6 over PPPoE, if the DHCPv6 handshake process of one subscriber does not complete and fails, the prefix assigned will be freed back to the address-assignment pool and assigned to the next subscriber. But that prefix is incorrectly retained in the first subscriber's PPPoE session. Then if the first subscriber solicits DHCPv6 prefix again, the original prefix which is already assigned to the second subscriber will be requested, resulting in DHCPv6 bind failure due to duplicate prefix. |
PR Number | Synopsis | Category: Layer 2 Circuit issues |
1511783 | The rpd process might crash after removing the last configured interface under the Layer 2 circuit neighbor. Product-Group=junos |
On all Junos platforms, rpd crash may be observed after removing the last interface configured under the l2circuit neighbor which is in fact active. |
PR Number | Synopsis | Category: L2TP service related issues |
1472775 | Services Applications MX Series L2tp LTS fails to forward the agentCircuitId and agentRemoteId AVP toward the LNS. Product-Group=junos |
MX L2tp LTS fails to forward the agentCircuitId and agentRemoteId AVP received from the LAC towards the LNS. |
PR Number | Synopsis | Category: lacp protocol |
1277144 | LACP is not sending IFF_DOWN reason with destroy session request Product-Group=junos |
In current scenario when interface is going down then LACPD is not sending reason for destroy session request i.e IFF_DOWN(interface down). So the LACP session may not be destoried immediately until the LACP session times out. |
1366825 | The RG1 interface failover occurs when RG0 failover is triggered. Product-Group=junos |
RG1+ which is configured for interface-monitor, might fail over to the other node if RG0 failover is triggered. |
PR Number | Synopsis | Category: Label Distribution Protocol |
1527197 | LDP routes might be deleted from MPLS routing table after RE switchover Product-Group=junos |
On all Junos platforms with NSR and segment routing for ISIS configured, LDP routes might be deleted on new master RE's MPLS routing table after RE switchover. |
PR Number | Synopsis | Category: lldp sw on MX platform |
1538482 | DUT did not receive the LLDP packet from phone. Product-Group=junos |
On EX4300 platforms, the LLDP (Link Layer Discovery Protocol) neighborship with the VoIP (Voice over Internet Protocol) phones can't be established when LLDP is configured on the PoE (Power over Ethernet) enabled port on EX4300 and connects to the VoIP Phone. |
PR Number | Synopsis | Category: SW PRs for MPC10E Interfaces |
1491142 | BCM8238X SerDes firmware did not complete tuning may be a false positive alarm. Product-Group=junos |
BCM8238X SerDes firmware did not complete tuning may be a false positive alarm. |
PR Number | Synopsis | Category: Multicast Routing |
1555518 | Sending multicast traffic to downstream receiver on Trio based Virtual Chassis platforms might fail. Product-Group=junos |
On Trio based Virtual Chassis (VC) platform, when there are multicast tunneled packets being received, which come into the Virtual Chassis Ports (VCP) and then pop out of the tunnel, if the VCP ports and the interfaces where multicast packets enter/leave the router are located on the same Packet Forwarding Engine (PFE), it might fail in sending multicast traffic to downstream receiver due to this issue. |
PR Number | Synopsis | Category: Multicast for L3VPNs |
1425876 | MVPN using PIM dense mode does not prune the OIF when PIM prune is received. Product-Group=junos |
In the MVPN (Multicast Virtual Private Network) scenario, when PIM Dense mode is used, the egress PE might not prune the OIF (outgoing interface) when PIM prune is received. |
PR Number | Synopsis | Category: OS IPv4/ARP/ICMPv4 |
1496429 | Routing Engine crash might be seen when a large number of next hops are quickly deleted and readded in large ARP/ND scale scenario. Product-Group=junos |
On all Junos platforms with large ARP/ND scale scenario, if a large number of nexthops are deleted and re-added very quickly (such as a result of link flap), the memory corruption might occur and eventually cause RE crash. |
1544398 | ARP expired timer on backup RE is not same with master RE if aging-timer is configured Product-Group=junos |
If aging-timer is configured on master RE for an IRB interface, the ARP timer configuration is not synced properly to backup RE for the IRB interface. It might cause ARP storm after RE switchover. |
PR Number | Synopsis | Category: Kernel Stats Infrastructure |
1508442 | SNMP polling might return unexpectedly high value of ifHCOutOctets counter for physical interface when any jnxDom OID is processed at the same time. Product-Group=junos |
When actual transmitted load is configured for interface as: set interfaces interface-transmit-statistics And ifHCOutOctets OID is polling together with any jnxDom OIDs for the same interface with time interval between pollings equal or less then one second, the resulted value of ifHCOutOctets may be unexpectedly high |
1522561 | OID ifOutDiscards reports zero and sometimes shows valid value. Product-Group=junos |
OID ifOutDiscards reports zero and sometimes shows valid value. user@router> show snmp mib get ifOutDiscards.514 | refresh 3 ---(refreshed at 2020-07-10 12:54:07 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:10 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:13 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:16 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:19 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:22 IST)--- ifOutDiscards.514 = 241974 ---(refreshed at 2020-07-10 12:54:25 IST)--- ifOutDiscards.514 = 241974 ---(refreshed at 2020-07-10 12:54:28 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:31 IST)--- ifOutDiscards.514 = 0 |
PR Number | Synopsis | Category: Protocol Independant Multicast |
1542573 | Continuous rpd crash might be observed if a static group is added to protocol pim Product-Group=junos |
when the static group is configured under protocols pim, continuous rpd crash might happen, which will eventually cause rpd to be down. Please use IGMPv3 static join instead if not otherwise instructed to avoid this issue. |
PR Number | Synopsis | Category: Interface related issues. Port up/down, stats, CMLC , serdes |
1475851 | FPC major error is observed after system boots up or FPC restarts. Product-Group=junos |
FPC is reporting Major Error because of SHUTDOWN ERI failure during BIST with repair on HMC having FW version >= 0x9c. BIST with repair is incorporated during boot up, so this Major Error will be reported during boot up having FW>=0x9c on HMC. During debugging, its found that this ERI is getting issued even before the HMC was brought up which is resulting into this Error. So added bringup steps for HMC before the BIST procedure starts as done for vale-ptx. |
1538340 | Interfaces are not created after channel-speed 10g is applied across ports 48 to 53 on QFX5100-48T Product-Group=junos |
After channelizing port 48 through 53 and channel speed, the interfaces are down on QFX5100-48T platform. This issue causes interfaces are deleted and traffic might be dropped. |
PR Number | Synopsis | Category: RPD Next-hop issues including indirect, CNH, and MCNH |
1534455 | Some routes might get incorrectly programmed in the forwarding table in the kernel which is no longer present in rpd. Product-Group=junos |
In a scaled routes scenario, if there is any route change operation when the system is under memory pressure, the rpd might change a route entry but the same is not conveyed to the kernel. This causes a mismatch between routes in rpd and kernel leading to traffic blackhole for the mismatched route entries that are incorrectly programmed in the kernel. |
PR Number | Synopsis | Category: RPD policy options |
1562867 | Generate route goes to hidden state when protect core knob is enabled Product-Group=junos |
On all Junos platforms, if protect core knob is enabled under routing options then generate route might go into hidden state. |
PR Number | Synopsis | Category: RPD route tables, resolver, routing instances, static routes |
1459384 | The rpd memory leak might be observed on the backup Routing Engine due to BGP flap. Product-Group=junos |
In a BGP scenario when certain routes are flapping frequently, it could lead to rpd memory leak on backup Routing Engine. The rpd might crash and restart once the rpd runs out of memory for certain junos releases. |
PR Number | Synopsis | Category: RPM and TWAMP |
1541808 | The rmopd process memory leak might be seen if TWAMP client is configured Product-Group=junos |
If TWAMP (Two-Way Active Measurement Protocol) client is configured, memory leak in rmopd process may be observed after executing "request services rpm twamp start client" command. |
PR Number | Synopsis | Category: Generic issues on MS-PIC and MS-DPC related Services feature |
1550035 | The following error message is observed: SPD_CONN_OPEN_FAILURE: spd_pre_fetch_query: unable to open connection to si-1/0/0. Product-Group=junos |
Following SPD failed messages are seen when inline-services interface (SI) is created: re0 spd[15922]: SPD_CONN_FAILURE: Connection did not succeed (Pic is down or busy) error: libservicesui: Unable to connect to 128.0.1.17 at fpc-slot 1 and pic-slot 0 after 1 retries (errno = 65) re0 spd[15922]: SPD_CONN_OPEN_FAILURE: spd_pre_fetch_query: unable to open connection to si-1/0/0 (No route to host) NOTE: There is no functionality break due to these error logs and these messages are harmless. |
PR Number | Synopsis | Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP) |
1475948 | The syslog reports simultaneous zone change reporting for all green, yellow, orange, and red zones for one or more service PICs. Product-Group=junos |
The router may report erroneous, simultaneous syslog messages for zone change reporting for all zones green, yellow, orange, red for one or more Service PICs. Nov 30 05:58:22.162 TestR1 : %DAEMON-4: (FPC Slot 2, PIC Slot 0) ms50 mspmand[233]: Entered red memory zone Nov 30 05:58:22.163 TestR1 : %DAEMON-4: (FPC Slot 2, PIC Slot 0) ms50 mspmand[233]: Entered orange memory zone Nov 30 05:58:22.163 TestR1 : %DAEMON-4: (FPC Slot 2, PIC Slot 0) ms50 mspmand[233]: Entered yellow memory zone Nov 30 05:58:22.163 TestR1 : %DAEMON-4: (FPC Slot 2, PIC Slot 0) ms50 mspmand[233]: Entered green memory zone The issue is a reporting error and has no functional effect on traffic. The issue is self-correcting. These errors can be appear in approximately every 49-50 days. |
PR Number | Synopsis | Category: platform related PRs on SRX branch platforms |
1512810 | Junos OS: SRX Series: A logic error in BIND can be used to trigger a Denial of Service (DoS) (CVE-2020-8617) Product-Group=junos |
A vulnerability in BIND code, used in Juniper Networks Junos OS on SRX Series devices, which checks the validity of messages containing TSIG resource records can be exploited by an attacker to trigger an assertion failure in tsig.c, resulting in a Denial of Service (DoS). Refer to https://kb.juniper.net/JSA11091 for more information. |
PR Number | Synopsis | Category: MX10003/MX204 Linux issues (including driver issues) |
1492121 | The MX10003 router might shut itself down automatically after the system upgrades or downgrades. Product-Group=junosvae |
On the MX10003 platform, if we upgrade or downgrade Junos software from a set of original releases to a set of target releases, the system might detect incorrect temperature values and shutdown. The set of the original releases are: Junos 18.2R3, 18.3R3, 18.4R2, 19.1R2, 19.2R1, 19.3R1. The set of the target releases are: Junos pre-18.2R3, pre-18.3R3, pre-18.4R2, pre-19.1R2, pre-19.2R1, and pre-19.3R1 releases |
PR Number | Synopsis | Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch |
1343965 | Stout card crash and cores when DHCPv6 on static vlan logout Product-Group=junos |
MPC7 card may crash when logout DHCPv6 subscribers over static VLAN |
PR Number | Synopsis | Category: Trio pfe bridging, learning, stp, oam, irb software |
1525824 | The following error message is observed when alarms after interface reset: 7836 ifl 567 chan_index 8 NOENT & jnh_ifl_topo_handler_pfe(13015): ifl=567 err=1 updating channel table nexthop. Product-Group=junos |
When the VRRP MACs will be deleted, the VRRP feature will be disabled from the IFL. We are seeing this issue as part of deletion of VRRP feature. During VRRP feature disable process, Ifl_entry should be present. But here we can see that ifl delete has been happened first and then VRRP feature disable is happening. To avoid this, implementing precheck for the ifl_entry and also will be cleaning up the vrrp entry as part of sw_entry and hw_entry deletion. |
1542211 | Trio-based FPC might crash when the underlying Layer 2 interface for ARP over IRB interface is changed from the physical interface to the LSI interface. Product-Group=junos |
This issue applies to a Trio-based FPC using the integrated routing and bridging (IRB) interface with a VPLS instance using the label-switched interface (LSI) to provide VPLS functionality. The FPC may restart unexpectedly. The restart is triggered when the underlying layer-2 interface for ARP over IRB interface changes from the physical interface to the LSI interface. |
PR Number | Synopsis | Category: Marvell based EX PFE ACL |
---|---|---|
1434927 | The FPC crashes with pfem generating core file might be seen if large-scale number of firewall filters are configured. Product-Group=junos |
On EX Series switches, If you are configuring a large-scale number of firewall filters on some interfaces, the FPC might crash and generate core files. |
PR Number | Synopsis | Category: Marvell based EX PFE MISC |
1232403 | HSRPv2 IPv6 packets might get dropped if IGMP-snooping is enabled. Product-Group=junos |
On EX Series switches except EX4300/EX4600/EX9200, an interface is configured for single vlan or multiple vlans, if all these vlans of this interface have igmp-snooping enabled, then this interface will drop HSRPv2 (Hot Standby Router Protocol for IPv6) packets. But if some vlans do not have igmp-snooping enabled, then this interface is working fine. |
PR Number | Synopsis | Category: NFX Series Platform Software |
1462556 | Junos OS: NFX350: Password hashes stored in world-readable format (CVE-2020-1669) Product-Group=junos |
The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. Refer to https://kb.juniper.net/JSA11066 for more information. |
PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
1455547 | Core files might get generated during the addition or removal of the EVPN type-5 routing instance. Product-Group=junos |
On QFX platforms, the coredump might occur during adding/removing EVPN Type-5 routing instance. The EVPN route would be corrupted and traffic/service impact appears if hitting the issue. |
PR Number | Synopsis | Category: JUNOS kernel/ukernel changes for ACX |
1481151 | Memory utilization enhancement is needed. Product-Group=junos |
RPD memory chunk size is optimized for the ACX platform to reduce the memory footprint. |
PR Number | Synopsis | Category: ACX MPLS |
1525348 | In ACX platforms, family inet6 configuration is needed in core interface for VPNv6 traffic forwarding Product-Group=junos |
In ACX platforms, family inet6 configuration is needed in core facing interface for VPNv6 traffic forwarding |
PR Number | Synopsis | Category: ACX Services feature |
1520305 | On the ACX500-I router, the show services session count does not work as expected. Product-Group=junos |
Configuring stateful-firewall filter will lead to traffic drop & firewall session counters will not be incremented. This is seen only in new SDk 6.5.16 releases. Issue will be fixed in 20.1R3. |
1559690 | On the ACX5048 router, the fxpc process generates core file on the analyzer configuration. Product-Group=junos |
In analyzer configuration, if the route to the monitoring server (output ip-address) is reachable with unilist NH fxpc crashes while programming the next-hop in the hardware. It is taken care through this PR that this scenario is handled and crash is avoided while NH programming. |
PR Number | Synopsis | Category: ACX TDM Infrastructure |
1378747 | FEB restarted after commit "delete interfaces e1-0/0/*" Product-Group=junos |
Because of a race condition, in which the "class-of-service" configuration request for an interface is received before the e1-interface is created, a circuit with specified class-of-service parameters is created. Because of this, the interface creation fails resulting in traffic not flowing on the e1-interface and then (if e1-interfaces are further disabled or enabled) a core file is generated. |
PR Number | Synopsis | Category: Bi Directional Forwarding Detection (BFD) |
1518106 | The BFD sessions might flap continuously after disruptive switchover followed by GRES. Product-Group=junos |
Disruptive switchover (no GRES or NSR configured) can lead to stale PPM entries programmed on the new master Routing Engine. If both GRES and NSR are activated after disruptive switchover and then a GRES switchover is performed, BFD sessions might flap continuously. |
PR Number | Synopsis | Category: Border Gateway Protocol |
1523075 | The BGP session with VRRP virtual address might not come up after a flap. Product-Group=junos |
When VRRP virtual address is configured and used to set up a BGP session with the remote side, under rare timing conditions, BGP peer establishment may get rejected repetitively. |
PR Number | Synopsis | Category: BBE Remote Access Server |
1402653 | The subscriber might need to take retry for login Product-Group=junos |
On all Junos platforms running in subscriber scenario with address pool configured, if the address pool has high usage so that only few addresses are free to allocate, when there are subscribers logout and login, the released address by one subscriber might get re-used and allocated to the other subscriber very soon. Due to this issue, syslog error messages might be seen, and the affected subscriber might need to take retry for login. |
PR Number | Synopsis | Category: EVPN control plane issues |
1439537 | The rpd process may crash after committing changes in the EVPN environment Product-Group=junos |
On all Junos platforms with EVPN configured, the rpd process may crash after committing any configuration changes if there is an existing MAC entry received from multiple sources and trying to update the latest source. Traffic loss may be observed due to the rpd crash. |
PR Number | Synopsis | Category: ISIS routing protocol |
1338448 | RPd core seen during changes Product-Group=junos |
Core occur when freeing sensor which is already freed. Spring interface sensor store sensor id in gencfg. while deleting this sensor, it is sometime possible that IPC to gencfg failed result gencfg still present which will be read when again interface come up. This gencfg sensor might allocated to autobw hence 2 time allocated so while freeing same sensor again it result in core. |
1455994 | Prefix SID conflict might be observed in IS-IS. Product-Group=junos |
In an ISIS segment routing scenario, prefix SID(Segment Identifier) might conflict for internal prefixes. When ISIS L2 to L1 route leaking policy is used after NSR(Nonstop active Routing), it is observed that the L1/L2 router appears to be leaking some prefixes twice, second time setting SID and all flags to 0 due to which all the SIDs have conflicting values as '0' which might cause traffic loss. |
PR Number | Synopsis | Category: Firewall Policy |
1454907 | Traffic might be dropped when policies are changed in SRX Series devices Product-Group=junos |
If a huge number of policies are configured on SRX Series devices and some policies are changed, the traffic that matches the changed policies might be dropped. |
PR Number | Synopsis | Category: Key Management Daemon |
1421591 | IPsec tunnels flapping causes KMD memory leak Product-Group=junos |
KMD leaks memory when DEP (dynamic endpoints) or static IPsec tunnels are flapping or getting re-established. In a scaled scenario this eventually leads to KMD crash due to memory exhaustion. |
PR Number | Synopsis | Category: Layer2 forwarding on EX/NTF/PTX/QFX |
1441824 | On routers running Junos OS and serving as EVPN/VPLS gateways, FPC core files available at heap_block_log due to NULL entries are also seen in the ifbd level list, which are typically added for flush list. This occurs because of the relink logic failure flush logic for MACs when there is ifbd/bd delete. Product-Group=junos |
On routers running Junos OS and serving as EVPN/VPLS gateways, FPC core files at heap_block_log due to NULL entries are also seen in the ifbd level list which are typically added for flush list. So this seems to be the side effect of the relink logic failure flush logic for MACs when there is ifbd/bd delete. |
PR Number | Synopsis | Category: Multicast for L3VPNs |
1536903 | The PIM (S,G) join state might stay forever when there are no MC receivers and source is inactive. Product-Group=junos |
The problem can be seen in MVPN ASM scenario on a PE which has local MC source and receivers and RP is remote. If all receivers stop joining the group and MC source stops transmitting, corresponding PIM (S,G) state may remain indefinitely despite that. Due to the problem a router will maintain extra PIM state. Service is not impacted. |
1546739 | MVPN multicast route entry might not be properly updated with the actual downstream interfaces list. Product-Group=junos |
In multicast VPN RPT-SPT mode with both locally and remotely connected receivers, the multicast forwarding entry related to the actual downstream interfaces may not be properly updated. The issue may happen when multicast forwarding entry is created by locally connected PIM receiver, followed by remote receiver and after local receiver decides to prune its membership in that multicast group. |
PR Number | Synopsis | Category: Fabric Manager for MX |
1535787 | All SFBs might go offline due to fabric failure and fabric self-ping probes performing the disable-pfe action. Product-Group=junos |
Once yanking out the MPC without prior offline and the chassisd process is not able to process this event on the master RE due to additional mastership switch, and later the MPC which pulled out the slot is re-inserted back, many Switch Fabric Board (SFB) might be offline due to max_total_cell_usage overflow condition on the xfchip. MX2020 Platform with SFB2 is not exposed to such event, neither if MX2020 has the disable-grant-bypass configured. |
PR Number | Synopsis | Category: PE based L3 software |
1500798 | BFD sessions flap after deactivating or activating the aggregated Ethernet interface or executing GRES. Product-Group=junos |
On QFX10008 platforms, if the BFD is configured over an AE interface (member link across multiple FPCs), deactivating/activating the AE interface or executing GRES will cause the BFD sessions to flap. |
PR Number | Synopsis | Category: PTX5KBroadway based PFE IPv4, IPv6 software |
1254415 | On the PTX Platform with FPC Model FPC-PTX-P1-A or FPC2-PTX-P1A, you might encounter single event upset (SEU) event that might cause a linked-list corruption of the TQCHIP. The following syslog message gets reported: Jan 9 08:16:47.295 router fpc0 TQCHIP1: Fatal error pqt_min_free_cnt is zero Jan 9 08:16:47.295 router fpc0 CMSNG: Fatal ASIC error, chip TQ Jan 9 08:16:47.295 router fpc0 TQ Chip::FATAL ERROR!! from PQT free count is zero jan 9 08:16:47.380 router alarmd[2427]: Alarm set: FPC color=RED, class= Product-Group=junos |
On the PTX Platform with FPC Model FPC-PTX-P1-A or FPC2-PTX-P1A, you might encounter single event upset (SEU) event that might cause a linked-list corruption of the TQCHIP. The following syslog message gets reported: Jan 9 08:16:47.295 router fpc0 TQCHIP1: Fatal error pqt_min_free_cnt is zero Jan 9 08:16:47.295 router fpc0 CMSNG: Fatal ASIC error, chip TQ Jan 9 08:16:47.295 router fpc0 TQ Chip::FATAL ERROR!! from PQT free count is zero jan 9 08:16:47.380 router alarmd[2427]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 Jan 9 08:16:47.380 router craftd[2051]: Fatal alarm set, FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 The Junos OS Chassis Management Error handling detects such a condition, raises an Alarm, and disables the affected Packet Forwarding Engine entity. To recover this Packet Forwarding Engine entity, restart the FPC. Contact your Juniper support representative if the issue persists even after the FPC restarts. |
PR Number | Synopsis | Category: Protocol Independant Multicast |
1487636 | The rpd might crash when perform GRES with MSDP configured Product-Group=junos |
On all Junos platforms, when execute Graceful Routing Engine Switchover (GRES) with Multicast Source Discovery Protocol (MSDP) enabled, rpd might crash on new master Routing Engine (RE). The issue could be automatically recovered after rpd successful self-restart. This is a timing and regression issue. |
1500125 | Some PIM join or prune packets might not be processed in the first attempt in the scale scenario where the PIM routers establish neighborship and immediately join the multicast group. Product-Group=junos |
On all Junos platforms with scaling MVPN scenario, some PIM Join/Prune messages may not be processed for the first attempt. For instance, a dedicated PIM router receives more than 2500 PIM hello packets from the new neighbors, followed by PIM Join packets for the same multicast group in a very short period of time. |
PR Number | Synopsis | Category: RPD policy options |
1523891 | The policy configuration might be mismatched between the rpd and mgd process when deactivate policy-options prefix-list is involved in the configuration sequence. Product-Group=junos |
If "deactivate policy-options prefix-list" is involved in configuration sequence along with other policy configurations, the mgd process might not notify the rpd process about the policy configuration changes after committing the configuration. This can cause the policy configuration to be out-of-synchronization between policy database used by rpd and configuration database used by mgd. Due to the missing policy entries in policy database, later the rpd might crash when accessing these entries via CLI command like "show policy". |
PR Number | Synopsis | Category: RPD route tables, resolver, routing instances, static routes |
1252025 | JFLOW/IPFIX forwarding database is not updated after next-hop changes causing stale flow attributes being exported for a flow record Product-Group=junos |
In case there is a topology change event (link-down) that does not involve BGP_route->indirect_nexthop mapping change (that is, only the indirect next hop itself is changed to point to another unicast next hop), or BGP route changes do not causing BGP_route->indirect_nexthop mapping change, then the JFLOW/IPFIX forwarding database is not updated. This database is used by the JFLOW export thread (multiservice daemon in case of PTX inline JFLOW/IPFIX) to fill the JFLOW/IPFIX flow data. Thus stale flow record attributes like gateway (NH), outgoing interface (OIF) and BGPNextHop could be inserted into the flow record by the multiservice daemon performing IPFIX/JFLOW export. |
PR Number | Synopsis | Category: Resource Reservation Protocol |
1516657 | The rpd scheduler might slip after the link flaps. Product-Group=junos |
On all Junos platforms with RSVP-TE configured, when a transit router carries a large number of LSP's (for example, 60k and higher) and all those LSPs undergo FRR (for example, when link carrying large number of LSP's flap) then, the rpd scheduler might slip and LDP session tear down might be observed after the link flap. |
PR Number | Synopsis | Category: Sangria Platform fabric, fabric management, TF chip driver |
1547790 | Traffic blackhole might be seen after swapping an FPC type 3 card with an FPC type 1 card in the same slot on a PTX3000 router Product-Group=junos |
On the PTX3000 router, swapping an FPC type 3 card (FPC3-SFF-PTX) with an FPC type 1 card (FPC-SFF-PTX) in the same slot will result in the fabric channel-map not get updated on the SIB after the swap. This issue will cause total traffic loss. |
PR Number | Synopsis | Category: MPC7/8/9 Interface Issues |
1441816 | Egress stream flush failure and traffic black hole might occur. Product-Group=junos |
Egress stream flush failure and silent dropping of traffic could occur in a rare occasion for a repeatedly flapping link on MPC7E, MPC8E, MPC9E cards, MX204 and MX10003. |
PR Number | Synopsis | Category: Trio pfe bridging, learning, stp, oam, irb software |
1542537 | In EVPN-MPLS scenario, BUM traffic is dropped during configuration changes. Product-Group=junos |
In evpn-mpls scenario, BUM(Broadcast, unknown-unicast and multicast) traffic would be dropped due to flood nexthop deletion during configuration changes on any of the PE node. |
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search