Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

17.4R3-S4: Software Release Notification for JUNOS Software Version 17.4R3-S4

0

0

Article ID: TSB17977 TECHNICAL_BULLETINS Last Updated: 15 Feb 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, MX, EX, PTX, QFX, vMX, vRR, NFX, SRX, vSRX.
Alert Description:
Junos Software Service Release version 17.4R3-S4 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 17.4R3-S4 is now available.

17.4R3-S4 - List of Fixed issues
PR Number Synopsis Category: QFX PFE L2
1505239 The dcpfe/FPC might crash due to the memory leak during the vlan add/delete operation
Product-Group=junos
On all QFX5k and EX4600 series platforms, memory leak might happen during the vlan add/delete operation on the interface. The dcpfe/FPC crashes with a coredump if the device is running out of memory. Traffic loss might be seen during the dcpfe/FPC crash and restart.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1367439 On the QFX5110 Virtual Chassis peers, invalid VRRP mastership election is observed.
Product-Group=junos
In some specific scenarios, the configuration of bpdu-block-on-edge might cause both QFX5110 to claim as VRRP masters.
1486632 On the QFX 5100-48T-6Q Virtual Chassis or Virtual Chassis fan, the following error message is observed while copying the image to the Virtual Chassis fan member and trying to downgrade the image: rcp for member 14, failed.
Product-Group=junos
On QFX 5100-48T-6Q VC/VCF, RCP error might be seen while upgrading the system using "request system software add  no-validate" and system upgrade/ installation could fail. This issue happens if DCPFE cpu utilization is very high.
PR Number Synopsis Category: CoS support on ACX
1522941 The show class-of-service interface command does not show classifier information.
Product-Group=junos
This is a display issue. Due to misread in PFE registers, classifier is not shown in "show class-of-service interface" output
PR Number Synopsis Category: ACX L3 IPv4, IPv6 support
1508534 The ACX1100, ACX2100, ACX2200, ACX2000, and ACX4000 might stop forwarding transit and control traffic.
Product-Group=junos
The ACX500, ACX1000, ACX1100, ACX2100, ACX2200, and ACX4000 platform may stop forwarding transit and control traffic due to DMA stuck issue with SDK.
PR Number Synopsis Category: Border Gateway Protocol
1487486 The rpd might crash with BGP RPKI enabled in a race condition
Product-Group=junos
On all Junos platforms with BGP PRKI (Resource Public Key Infrastructure) scenario, if NSR is enabled and scale routes and ROAs exist, in a very rare case, the ROA (route origin authorization) might be withdrawn before replicating to the backup RE when ROA changes happen, which results in the rpd crash.
1517498 The rpd might crash after deleting and re-adding a BGP neighbor.
Product-Group=junos
In BGP scenario on all Junos platforms, after deleting and re-adding a BGP neighbor, the rpd might crash due to a rare timing issue.
1532414 Transit labels for Layer 3 VPN routes are pushed momentarily to the MPLS.0 table.
Product-Group=junos
In L3VPN scenario with in-line RR (Route Reflector) which has an export policy with next-hop self to advertise all transit L3VPN routes to its clients and also uses route-target family, the undesired L3VPN routes may be pushed to FIB (Forwarding Information Base) after enabling/disabling route-target family on the RR or a new BGP peer joins a group with 'next-hop self'.
PR Number Synopsis Category: Track PRs in BGP Flow Spec area & is part of BGP inside RPD.
1539109 Junos OS and Junos OS Evolved: Upon receipt of a specific BGP FlowSpec message network traffic may be disrupted. (CVE-2021-0211)
Product-Group=junos
Upon receipt of a specific BGP FlowSpec message network traffic may be disrupted. Please refer to https://kb.juniper.net/JSA11101 for more information.
PR Number Synopsis Category: MPC5/6E pfe microcode software
1453575 The FPC might crash due to the memory corruption in JNH pool
Product-Group=junos
On all Trio-based platforms, after the restart of the fabric plane, the FPC might crash due to memory corruption in the JNH pool.
1478392 MX Series-based MPC linecard might crash when there is bulk route update failure in a corner case.
Product-Group=junos
On all MPCs and certain MICs, if there are events like interface flaps, the routes learned over that interface might get retracted and deleted by the routing protocols. Because of this issue, when bulk route update failure happens, either some next hops are unable to be reached or certain next hops are still reachable incorrectly, and the line card might crash in a corner case. It is a rare timing issue.
PR Number Synopsis Category: Device Configuration Daemon
1544257 Subscribers might logout then login after loopback address is changed
Product-Group=junos
On MX platform, under subscriber environment and unnumbered IP address borrowed from the loopback interface configured on Demux interface and Aggregated Ethernet (AE) interface, subscriber session might flap if IP address of the loopback interface IP is changed. Please refer to workaround provided when this issue hit.
PR Number Synopsis Category: This is for all defects raised against dns-proxy feature
1512212 Junos OS: SRX Series: ISC Security Advisory: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616)
Product-Group=junos
On Juniper Networks Junos OS SRX Series devices an uncontrolled resource consumption vulnerability in BIND may allow an attacker to cause a Denial of Service (DoS) condition. When these devices are configured to use DNS Proxy, these devices do not sufficiently limit the number of fetches performed when processing referrals. In order for a server performing recursion to locate records in the DNS graph it must be capable of processing referrals, such as those received when it attempts to query an authoritative server for a record which is delegated elsewhere. In its original design BIND (as well as other nameservers) does not sufficiently limit the number of fetches which may be performed while processing a referral response. A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. Refer to https://kb.juniper.net/JSA11090 for more information.
PR Number Synopsis Category: mgd, ddl, odl infra issues
1458345 "persist-groups-inheritance" causes the "mustd" process to crash and issues commit failure
Product-Group=junos
"persist-groups-inheritance" configuration option causes the "mustd" process to crash when one performs the "commit" action.
PR Number Synopsis Category: EVPN control plane issues
1313073 RPD coredump while changing the EVPN instance type from VIRTUAL_SWITCH to EVPN and deleting an IFL from family bridge.
Product-Group=junos
When we change the instance-type from virtual-switch to evpn, we are not resetting virtual-switch instance type(EVI_VIRTUAL_SWITCH) bit in evi flags. As a result, while parsing the evi interfaces, Junos is trying to validate the interfaces thinking that it's of type virtual-switch and looks for family bridge configuration for the interfaces. But the interface config was changed from family bridge to encap vlan-bridge to put it in instance type evpn. Example: 'delete interfaces ae5 unit 604 family bridge' 'delete routing-instances EVPN-0604 bridge-domains' 'set routing-instances EVPN-0604 instance-type evpn' 'delete routing-instances EVPN-0604 protocols evpn extended-vlan-list'
PR Number Synopsis Category: Integrated Routing & Bridging (IRB) module
1484721 ARP entry might not be created in the EVPN-MPLS environment.
Product-Group=junos
In the EVPN-MPLS environment, if a VLAN is created without having it in "protocols evpn extended-vlan-list", then adding it, the ARP entry may not be created on the device even it receives the ARP packets through the newly added VLAN.
PR Number Synopsis Category: ISIS routing protocol
1526447 The IS-IS LSP database synchronization issue might be seen while using the flood-group feature.
Product-Group=junos
On all Junos platform, when flood-group is configured on interface under isis, if isis LSPs time out and then come up, the device sends only self-generated LSPs and doesn't increment the LSP updates received from neighbor which flapped. This is causing LSP database out of synchronization issue.
PR Number Synopsis Category: jdhcpd daemon
1453464 PPPoE holding DHCPv6 prefix causes DHCPv6 binding failure due to duplicate prefix.
Product-Group=junos
In subscriber management scenario deployed with DHCPv6 over PPPoE, if the DHCPv6 handshake process of one subscriber does not complete and fails, the prefix assigned will be freed back to the address-assignment pool and assigned to the next subscriber. But that prefix is incorrectly retained in the first subscriber's PPPoE session. Then if the first subscriber solicits DHCPv6 prefix again, the original prefix which is already assigned to the second subscriber will be requested, resulting in DHCPv6 bind failure due to duplicate prefix.
PR Number Synopsis Category: Layer 2 Circuit issues
1511783 The rpd process might crash after removing the last configured interface under the Layer 2 circuit neighbor.
Product-Group=junos
On all Junos platforms, rpd crash may be observed after removing the last interface configured under the l2circuit neighbor which is in fact active.
PR Number Synopsis Category: L2TP service related issues
1472775 Services Applications MX Series L2tp LTS fails to forward the agentCircuitId and agentRemoteId AVP toward the LNS.
Product-Group=junos
MX L2tp LTS fails to forward the agentCircuitId and agentRemoteId AVP received from the LAC towards the LNS.
PR Number Synopsis Category: lacp protocol
1277144 LACP is not sending IFF_DOWN reason with destroy session request
Product-Group=junos
In current scenario when interface is going down then LACPD is not sending reason for destroy session request i.e IFF_DOWN(interface down). So the LACP session may not be destoried immediately until the LACP session times out.
1366825 The RG1 interface failover occurs when RG0 failover is triggered.
Product-Group=junos
RG1+ which is configured for interface-monitor, might fail over to the other node if RG0 failover is triggered.
PR Number Synopsis Category: Label Distribution Protocol
1527197 LDP routes might be deleted from MPLS routing table after RE switchover
Product-Group=junos
On all Junos platforms with NSR and segment routing for ISIS configured, LDP routes might be deleted on new master RE's MPLS routing table after RE switchover.
PR Number Synopsis Category: lldp sw on MX platform
1538482 DUT did not receive the LLDP packet from phone.
Product-Group=junos
On EX4300 platforms, the LLDP (Link Layer Discovery Protocol) neighborship with the VoIP (Voice over Internet Protocol) phones can't be established when LLDP is configured on the PoE (Power over Ethernet) enabled port on EX4300 and connects to the VoIP Phone.
PR Number Synopsis Category: SW PRs for MPC10E Interfaces
1491142 BCM8238X SerDes firmware did not complete tuning may be a false positive alarm.
Product-Group=junos
BCM8238X SerDes firmware did not complete tuning may be a false positive alarm.
PR Number Synopsis Category: Multicast Routing
1555518 Sending multicast traffic to downstream receiver on Trio based Virtual Chassis platforms might fail.
Product-Group=junos
On Trio based Virtual Chassis (VC) platform, when there are multicast tunneled packets being received, which come into the Virtual Chassis Ports (VCP) and then pop out of the tunnel, if the VCP ports and the interfaces where multicast packets enter/leave the router are located on the same Packet Forwarding Engine (PFE), it might fail in sending multicast traffic to downstream receiver due to this issue.
PR Number Synopsis Category: Multicast for L3VPNs
1425876 MVPN using PIM dense mode does not prune the OIF when PIM prune is received.
Product-Group=junos
In the MVPN (Multicast Virtual Private Network) scenario, when PIM Dense mode is used, the egress PE might not prune the OIF (outgoing interface) when PIM prune is received.
PR Number Synopsis Category: OS IPv4/ARP/ICMPv4
1496429 Routing Engine crash might be seen when a large number of next hops are quickly deleted and readded in large ARP/ND scale scenario.
Product-Group=junos
On all Junos platforms with large ARP/ND scale scenario, if a large number of nexthops are deleted and re-added very quickly (such as a result of link flap), the memory corruption might occur and eventually cause RE crash.
1544398 ARP expired timer on backup RE is not same with master RE if aging-timer is configured
Product-Group=junos
If aging-timer is configured on master RE for an IRB interface, the ARP timer configuration is not synced properly to backup RE for the IRB interface. It might cause ARP storm after RE switchover.
PR Number Synopsis Category: Kernel Stats Infrastructure
1508442 SNMP polling might return unexpectedly high value of ifHCOutOctets counter for physical interface when any jnxDom OID is processed at the same time.
Product-Group=junos
When actual transmitted load is configured for interface as: set interfaces interface-transmit-statistics And ifHCOutOctets OID is polling together with any jnxDom OIDs for the same interface with time interval between pollings equal or less then one second, the resulted value of ifHCOutOctets may be unexpectedly high
1522561 OID ifOutDiscards reports zero and sometimes shows valid value.
Product-Group=junos
OID ifOutDiscards reports zero and sometimes shows valid value. user@router> show snmp mib get ifOutDiscards.514 | refresh 3 ---(refreshed at 2020-07-10 12:54:07 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:10 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:13 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:16 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:19 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:22 IST)--- ifOutDiscards.514 = 241974 ---(refreshed at 2020-07-10 12:54:25 IST)--- ifOutDiscards.514 = 241974 ---(refreshed at 2020-07-10 12:54:28 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:31 IST)--- ifOutDiscards.514 = 0
PR Number Synopsis Category: Protocol Independant Multicast
1542573 Continuous rpd crash might be observed if a static group is added to protocol pim
Product-Group=junos
when the static group is configured under protocols pim, continuous rpd crash might happen, which will eventually cause rpd to be down. Please use IGMPv3 static join instead if not otherwise instructed to avoid this issue.
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1475851 FPC major error is observed after system boots up or FPC restarts.
Product-Group=junos
FPC is reporting Major Error because of SHUTDOWN ERI failure during BIST with repair on HMC having FW version >= 0x9c. BIST with repair is incorporated during boot up, so this Major Error will be reported during boot up having FW>=0x9c on HMC. During debugging, its found that this ERI is getting issued even before the HMC was brought up which is resulting into this Error. So added bringup steps for HMC before the BIST procedure starts as done for vale-ptx.
1538340 Interfaces are not created after channel-speed 10g is applied across ports 48 to 53 on QFX5100-48T
Product-Group=junos
After channelizing port 48 through 53 and channel speed, the interfaces are down on QFX5100-48T platform. This issue causes interfaces are deleted and traffic might be dropped.
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1534455 Some routes might get incorrectly programmed in the forwarding table in the kernel which is no longer present in rpd.
Product-Group=junos
In a scaled routes scenario, if there is any route change operation when the system is under memory pressure, the rpd might change a route entry but the same is not conveyed to the kernel. This causes a mismatch between routes in rpd and kernel leading to traffic blackhole for the mismatched route entries that are incorrectly programmed in the kernel.
PR Number Synopsis Category: RPD policy options
1562867 Generate route goes to hidden state when protect core knob is enabled
Product-Group=junos
On all Junos platforms, if protect core knob is enabled under routing options then generate route might go into hidden state.
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1459384 The rpd memory leak might be observed on the backup Routing Engine due to BGP flap.
Product-Group=junos
In a BGP scenario when certain routes are flapping frequently, it could lead to rpd memory leak on backup Routing Engine. The rpd might crash and restart once the rpd runs out of memory for certain junos releases.
PR Number Synopsis Category: RPM and TWAMP
1541808 The rmopd process memory leak might be seen if TWAMP client is configured
Product-Group=junos
If TWAMP (Two-Way Active Measurement Protocol) client is configured, memory leak in rmopd process may be observed after executing "request services rpm twamp start client" command.
PR Number Synopsis Category: Generic issues on MS-PIC and MS-DPC related Services feature
1550035 The following error message is observed: SPD_CONN_OPEN_FAILURE: spd_pre_fetch_query: unable to open connection to si-1/0/0.
Product-Group=junos
Following SPD failed messages are seen when inline-services interface (SI) is created: re0 spd[15922]: SPD_CONN_FAILURE: Connection did not succeed (Pic is down or busy) error: libservicesui: Unable to connect to 128.0.1.17 at fpc-slot 1 and pic-slot 0 after 1 retries (errno = 65) re0 spd[15922]: SPD_CONN_OPEN_FAILURE: spd_pre_fetch_query: unable to open connection to si-1/0/0 (No route to host) NOTE: There is no functionality break due to these error logs and these messages are harmless.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1475948 The syslog reports simultaneous zone change reporting for all green, yellow, orange, and red zones for one or more service PICs.
Product-Group=junos
The router may report erroneous, simultaneous syslog messages for zone change reporting for all zones green, yellow, orange, red for one or more Service PICs. Nov 30 05:58:22.162 TestR1 : %DAEMON-4: (FPC Slot 2, PIC Slot 0) ms50 mspmand[233]: Entered red memory zone Nov 30 05:58:22.163 TestR1 : %DAEMON-4: (FPC Slot 2, PIC Slot 0) ms50 mspmand[233]: Entered orange memory zone Nov 30 05:58:22.163 TestR1 : %DAEMON-4: (FPC Slot 2, PIC Slot 0) ms50 mspmand[233]: Entered yellow memory zone Nov 30 05:58:22.163 TestR1 : %DAEMON-4: (FPC Slot 2, PIC Slot 0) ms50 mspmand[233]: Entered green memory zone The issue is a reporting error and has no functional effect on traffic. The issue is self-correcting. These errors can be appear in approximately every 49-50 days.
PR Number Synopsis Category: platform related PRs on SRX branch platforms
1512810 Junos OS: SRX Series: A logic error in BIND can be used to trigger a Denial of Service (DoS) (CVE-2020-8617)
Product-Group=junos
A vulnerability in BIND code, used in Juniper Networks Junos OS on SRX Series devices, which checks the validity of messages containing TSIG resource records can be exploited by an attacker to trigger an assertion failure in tsig.c, resulting in a Denial of Service (DoS). Refer to https://kb.juniper.net/JSA11091 for more information.
PR Number Synopsis Category: MX10003/MX204 Linux issues (including driver issues)
1492121 The MX10003 router might shut itself down automatically after the system upgrades or downgrades.
Product-Group=junosvae
On the MX10003 platform, if we upgrade or downgrade Junos software from a set of original releases to a set of target releases, the system might detect incorrect temperature values and shutdown. The set of the original releases are: Junos 18.2R3, 18.3R3, 18.4R2, 19.1R2, 19.2R1, 19.3R1. The set of the target releases are: Junos pre-18.2R3, pre-18.3R3, pre-18.4R2, pre-19.1R2, pre-19.2R1, and pre-19.3R1 releases
PR Number Synopsis Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1343965 Stout card crash and cores when DHCPv6 on static vlan logout
Product-Group=junos
MPC7 card may crash when logout DHCPv6 subscribers over static VLAN
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1525824 The following error message is observed when alarms after interface reset: 7836 ifl 567 chan_index 8 NOENT & jnh_ifl_topo_handler_pfe(13015): ifl=567 err=1 updating channel table nexthop.
Product-Group=junos
When the VRRP MACs will be deleted, the VRRP feature will be disabled from the IFL. We are seeing this issue as part of deletion of VRRP feature. During VRRP feature disable process, Ifl_entry should be present. But here we can see that ifl delete has been happened first and then VRRP feature disable is happening. To avoid this, implementing precheck for the ifl_entry and also will be cleaning up the vrrp entry as part of sw_entry and hw_entry deletion.
1542211 Trio-based FPC might crash when the underlying Layer 2 interface for ARP over IRB interface is changed from the physical interface to the LSI interface.
Product-Group=junos
This issue applies to a Trio-based FPC using the integrated routing and bridging (IRB) interface with a VPLS instance using the label-switched interface (LSI) to provide VPLS functionality. The FPC may restart unexpectedly. The restart is triggered when the underlying layer-2 interface for ARP over IRB interface changes from the physical interface to the LSI interface.
 

17.4R3-S4 - List of Known issues
PR Number Synopsis Category: Marvell based EX PFE ACL
1434927 The FPC crashes with pfem generating core file might be seen if large-scale number of firewall filters are configured.
Product-Group=junos
On EX Series switches, If you are configuring a large-scale number of firewall filters on some interfaces, the FPC might crash and generate core files.
PR Number Synopsis Category: Marvell based EX PFE MISC
1232403 HSRPv2 IPv6 packets might get dropped if IGMP-snooping is enabled.
Product-Group=junos
On EX Series switches except EX4300/EX4600/EX9200, an interface is configured for single vlan or multiple vlans, if all these vlans of this interface have igmp-snooping enabled, then this interface will drop HSRPv2 (Hot Standby Router Protocol for IPv6) packets. But if some vlans do not have igmp-snooping enabled, then this interface is working fine.
PR Number Synopsis Category: NFX Series Platform Software
1462556 Junos OS: NFX350: Password hashes stored in world-readable format (CVE-2020-1669)
Product-Group=junos
The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. Refer to https://kb.juniper.net/JSA11066 for more information.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1455547 Core files might get generated during the addition or removal of the EVPN type-5 routing instance.
Product-Group=junos
On QFX platforms, the coredump might occur during adding/removing EVPN Type-5 routing instance. The EVPN route would be corrupted and traffic/service impact appears if hitting the issue.
PR Number Synopsis Category: JUNOS kernel/ukernel changes for ACX
1481151 Memory utilization enhancement is needed.
Product-Group=junos
RPD memory chunk size is optimized for the ACX platform to reduce the memory footprint.
PR Number Synopsis Category: ACX MPLS
1525348 In ACX platforms, family inet6 configuration is needed in core interface for VPNv6 traffic forwarding
Product-Group=junos
In ACX platforms, family inet6 configuration is needed in core facing interface for VPNv6 traffic forwarding
PR Number Synopsis Category: ACX Services feature
1520305 On the ACX500-I router, the show services session count does not work as expected.
Product-Group=junos
Configuring stateful-firewall filter will lead to traffic drop & firewall session counters will not be incremented. This is seen only in new SDk 6.5.16 releases. Issue will be fixed in 20.1R3.
1559690 On the ACX5048 router, the fxpc process generates core file on the analyzer configuration.
Product-Group=junos
In analyzer configuration, if the route to the monitoring server (output ip-address) is reachable with unilist NH fxpc crashes while programming the next-hop in the hardware. It is taken care through this PR that this scenario is handled and crash is avoided while NH programming.
PR Number Synopsis Category: ACX TDM Infrastructure
1378747 FEB restarted after commit "delete interfaces e1-0/0/*"
Product-Group=junos
Because of a race condition, in which the "class-of-service" configuration request for an interface is received before the e1-interface is created, a circuit with specified class-of-service parameters is created. Because of this, the interface creation fails resulting in traffic not flowing on the e1-interface and then (if e1-interfaces are further disabled or enabled) a core file is generated.
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1518106 The BFD sessions might flap continuously after disruptive switchover followed by GRES.
Product-Group=junos
Disruptive switchover (no GRES or NSR configured) can lead to stale PPM entries programmed on the new master Routing Engine. If both GRES and NSR are activated after disruptive switchover and then a GRES switchover is performed, BFD sessions might flap continuously.
PR Number Synopsis Category: Border Gateway Protocol
1523075 The BGP session with VRRP virtual address might not come up after a flap.
Product-Group=junos
When VRRP virtual address is configured and used to set up a BGP session with the remote side, under rare timing conditions, BGP peer establishment may get rejected repetitively.
PR Number Synopsis Category: BBE Remote Access Server
1402653 The subscriber might need to take retry for login
Product-Group=junos
On all Junos platforms running in subscriber scenario with address pool configured, if the address pool has high usage so that only few addresses are free to allocate, when there are subscribers logout and login, the released address by one subscriber might get re-used and allocated to the other subscriber very soon. Due to this issue, syslog error messages might be seen, and the affected subscriber might need to take retry for login.
PR Number Synopsis Category: EVPN control plane issues
1439537 The rpd process may crash after committing changes in the EVPN environment
Product-Group=junos
On all Junos platforms with EVPN configured, the rpd process may crash after committing any configuration changes if there is an existing MAC entry received from multiple sources and trying to update the latest source. Traffic loss may be observed due to the rpd crash.
PR Number Synopsis Category: ISIS routing protocol
1338448 RPd core seen during changes
Product-Group=junos
Core occur when freeing sensor which is already freed. Spring interface sensor store sensor id in gencfg. while deleting this sensor, it is sometime possible that IPC to gencfg failed result gencfg still present which will be read when again interface come up. This gencfg sensor might allocated to autobw hence 2 time allocated so while freeing same sensor again it result in core.
1455994 Prefix SID conflict might be observed in IS-IS.
Product-Group=junos
In an ISIS segment routing scenario, prefix SID(Segment Identifier) might conflict for internal prefixes. When ISIS L2 to L1 route leaking policy is used after NSR(Nonstop active Routing), it is observed that the L1/L2 router appears to be leaking some prefixes twice, second time setting SID and all flags to 0 due to which all the SIDs have conflicting values as '0' which might cause traffic loss.
PR Number Synopsis Category: Firewall Policy
1454907 Traffic might be dropped when policies are changed in SRX Series devices
Product-Group=junos
If a huge number of policies are configured on SRX Series devices and some policies are changed, the traffic that matches the changed policies might be dropped.
PR Number Synopsis Category: Key Management Daemon
1421591 IPsec tunnels flapping causes KMD memory leak
Product-Group=junos
KMD leaks memory when DEP (dynamic endpoints) or static IPsec tunnels are flapping or getting re-established. In a scaled scenario this eventually leads to KMD crash due to memory exhaustion.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1441824 On routers running Junos OS and serving as EVPN/VPLS gateways, FPC core files available at heap_block_log due to NULL entries are also seen in the ifbd level list, which are typically added for flush list. This occurs because of the relink logic failure flush logic for MACs when there is ifbd/bd delete.
Product-Group=junos
On routers running Junos OS and serving as EVPN/VPLS gateways, FPC core files at heap_block_log due to NULL entries are also seen in the ifbd level list which are typically added for flush list. So this seems to be the side effect of the relink logic failure flush logic for MACs when there is ifbd/bd delete.
PR Number Synopsis Category: Multicast for L3VPNs
1536903 The PIM (S,G) join state might stay forever when there are no MC receivers and source is inactive.
Product-Group=junos
The problem can be seen in MVPN ASM scenario on a PE which has local MC source and receivers and RP is remote. If all receivers stop joining the group and MC source stops transmitting, corresponding PIM (S,G) state may remain indefinitely despite that. Due to the problem a router will maintain extra PIM state. Service is not impacted.
1546739 MVPN multicast route entry might not be properly updated with the actual downstream interfaces list.
Product-Group=junos
In multicast VPN RPT-SPT mode with both locally and remotely connected receivers, the multicast forwarding entry related to the actual downstream interfaces may not be properly updated. The issue may happen when multicast forwarding entry is created by locally connected PIM receiver, followed by remote receiver and after local receiver decides to prune its membership in that multicast group.
PR Number Synopsis Category: Fabric Manager for MX
1535787 All SFBs might go offline due to fabric failure and fabric self-ping probes performing the disable-pfe action.
Product-Group=junos
Once yanking out the MPC without prior offline and the chassisd process is not able to process this event on the master RE due to additional mastership switch, and later the MPC which pulled out the slot is re-inserted back, many Switch Fabric Board (SFB) might be offline due to max_total_cell_usage overflow condition on the xfchip. MX2020 Platform with SFB2 is not exposed to such event, neither if MX2020 has the disable-grant-bypass configured.
PR Number Synopsis Category: PE based L3 software
1500798 BFD sessions flap after deactivating or activating the aggregated Ethernet interface or executing GRES.
Product-Group=junos
On QFX10008 platforms, if the BFD is configured over an AE interface (member link across multiple FPCs), deactivating/activating the AE interface or executing GRES will cause the BFD sessions to flap.
PR Number Synopsis Category: PTX5KBroadway based PFE IPv4, IPv6 software
1254415 On the PTX Platform with FPC Model FPC-PTX-P1-A or FPC2-PTX-P1A, you might encounter single event upset (SEU) event that might cause a linked-list corruption of the TQCHIP. The following syslog message gets reported: Jan 9 08:16:47.295 router fpc0 TQCHIP1: Fatal error pqt_min_free_cnt is zero Jan 9 08:16:47.295 router fpc0 CMSNG: Fatal ASIC error, chip TQ Jan 9 08:16:47.295 router fpc0 TQ Chip::FATAL ERROR!! from PQT free count is zero jan 9 08:16:47.380 router alarmd[2427]: Alarm set: FPC color=RED, class=
Product-Group=junos
On the PTX Platform with FPC Model FPC-PTX-P1-A or FPC2-PTX-P1A, you might encounter single event upset (SEU) event that might cause a linked-list corruption of the TQCHIP. The following syslog message gets reported: Jan 9 08:16:47.295 router fpc0 TQCHIP1: Fatal error pqt_min_free_cnt is zero Jan 9 08:16:47.295 router fpc0 CMSNG: Fatal ASIC error, chip TQ Jan 9 08:16:47.295 router fpc0 TQ Chip::FATAL ERROR!! from PQT free count is zero jan 9 08:16:47.380 router alarmd[2427]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 Jan 9 08:16:47.380 router craftd[2051]: Fatal alarm set, FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 The Junos OS Chassis Management Error handling detects such a condition, raises an Alarm, and disables the affected Packet Forwarding Engine entity. To recover this Packet Forwarding Engine entity, restart the FPC. Contact your Juniper support representative if the issue persists even after the FPC restarts.
PR Number Synopsis Category: Protocol Independant Multicast
1487636 The rpd might crash when perform GRES with MSDP configured
Product-Group=junos
On all Junos platforms, when execute Graceful Routing Engine Switchover (GRES) with Multicast Source Discovery Protocol (MSDP) enabled, rpd might crash on new master Routing Engine (RE). The issue could be automatically recovered after rpd successful self-restart. This is a timing and regression issue.
1500125 Some PIM join or prune packets might not be processed in the first attempt in the scale scenario where the PIM routers establish neighborship and immediately join the multicast group.
Product-Group=junos
On all Junos platforms with scaling MVPN scenario, some PIM Join/Prune messages may not be processed for the first attempt. For instance, a dedicated PIM router receives more than 2500 PIM hello packets from the new neighbors, followed by PIM Join packets for the same multicast group in a very short period of time.
PR Number Synopsis Category: RPD policy options
1523891 The policy configuration might be mismatched between the rpd and mgd process when deactivate policy-options prefix-list is involved in the configuration sequence.
Product-Group=junos
If "deactivate policy-options prefix-list" is involved in configuration sequence along with other policy configurations, the mgd process might not notify the rpd process about the policy configuration changes after committing the configuration. This can cause the policy configuration to be out-of-synchronization between policy database used by rpd and configuration database used by mgd. Due to the missing policy entries in policy database, later the rpd might crash when accessing these entries via CLI command like "show policy".
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1252025 JFLOW/IPFIX forwarding database is not updated after next-hop changes causing stale flow attributes being exported for a flow record
Product-Group=junos
In case there is a topology change event (link-down) that does not involve BGP_route->indirect_nexthop mapping change (that is, only the indirect next hop itself is changed to point to another unicast next hop), or BGP route changes do not causing BGP_route->indirect_nexthop mapping change, then the JFLOW/IPFIX forwarding database is not updated. This database is used by the JFLOW export thread (multiservice daemon in case of PTX inline JFLOW/IPFIX) to fill the JFLOW/IPFIX flow data. Thus stale flow record attributes like gateway (NH), outgoing interface (OIF) and BGPNextHop could be inserted into the flow record by the multiservice daemon performing IPFIX/JFLOW export.
PR Number Synopsis Category: Resource Reservation Protocol
1516657 The rpd scheduler might slip after the link flaps.
Product-Group=junos
On all Junos platforms with RSVP-TE configured, when a transit router carries a large number of LSP's (for example, 60k and higher) and all those LSPs undergo FRR (for example, when link carrying large number of LSP's flap) then, the rpd scheduler might slip and LDP session tear down might be observed after the link flap.
PR Number Synopsis Category: Sangria Platform fabric, fabric management, TF chip driver
1547790 Traffic blackhole might be seen after swapping an FPC type 3 card with an FPC type 1 card in the same slot on a PTX3000 router
Product-Group=junos
On the PTX3000 router, swapping an FPC type 3 card (FPC3-SFF-PTX) with an FPC type 1 card (FPC-SFF-PTX) in the same slot will result in the fabric channel-map not get updated on the SIB after the swap. This issue will cause total traffic loss.
PR Number Synopsis Category: MPC7/8/9 Interface Issues
1441816 Egress stream flush failure and traffic black hole might occur.
Product-Group=junos
Egress stream flush failure and silent dropping of traffic could occur in a rare occasion for a repeatedly flapping link on MPC7E, MPC8E, MPC9E cards, MX204 and MX10003.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1542537 In EVPN-MPLS scenario, BUM traffic is dropped during configuration changes.
Product-Group=junos
In evpn-mpls scenario, BUM(Broadcast, unknown-unicast and multicast) traffic would be dropped due to flood nexthop deletion during configuration changes on any of the PE node.
 
Modification History:
First publication 2021-02-15
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search