Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

18.4R2-S7: Software Release Notification for JUNOS Software Version 18.4R2-S7

0

0

Article ID: TSB17992 TECHNICAL_BULLETINS Last Updated: 04 Mar 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 18.4R2-S7 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 18.4R2-S7 is now available.

18.4R2-S7 - List of Fixed issues
PR Number Synopsis Category: EX Access Chassis platform
1508281 Unknown MIB OIDs 1.3.6.1.2.1.47.2.0.30 are referenced in the SNMP trap after upgrading to Junos OS Release 18.4R3-S3.
Product-Group=junos
There is a value mismatch between mib definition of entConfigChange and chassis trap enum variable LEAF_entConfigchange. in mib definition entConfiChange declared as .1 and where as LEAF_entConfigchange declared as .30. due to this mismatch when the trap is generated SNMP couldn't able to translate the mib. changed LEAF_entConfigchange value as 1 without effecting sequence of remaining enum variable values.
PR Number Synopsis Category: Marvell based EX PFE L2
1520351 On the EX4600 and EX4300 Virtual Chassis or Virtual Chassis Fabric, the VSTP configurations device goes unreachable and becomes nonresponsive after commit.
Product-Group=junos
On QFX5100 or EX4600 in mix-VC (Virtual Chassis) scenario when the QFX5100/EX4600 uses "PHY" port as VCP (Virtual Chassis Port) port, the VC system might get hanged and unreachable after committing the VSTP (VLAN Spanning Tree Protocol) configurations.
PR Number Synopsis Category: Marvell based EX PFE L3
1557229 Traffic related to IRB interface might be dropped when mac-persistence-timer expires.
Product-Group=junos
On EX3400/EX4400/EX4300MP virtual chassis (VC) platforms, if the IRB interface is configured with members across master and backup VC, the new MAC address of the IRB interface might not be programmed in hardware after mac-persistence-timer expires. This might result in all traffic related to the IRB interface be dropped.
PR Number Synopsis Category: EX driver issues
1515689 On the EX4600 device, the IP communication between directly connected interfaces might fail.
Product-Group=junosvae
The IP communication between directly connected interfaces on EX4600 TVP platforms would fail. This issue only might occur in this special scenario and it might have traffic/service impact.
PR Number Synopsis Category: QFX PFE L2
1453430 Traffic drop might be seen when one MX Series Virtual Chassis member reboots and rejoins the Virtual Chassis.
Product-Group=junos
On QFX5K or EX4600 VC (Virtual-Chassis) scenario, when VSTP is enabled and one AE interface is used, if one member reboots and rejoins the VC, some packets drop might be seen.
1496766 Flow control is enabled in the Packet Forwarding Engine irrespective of the interface configuration and the fix causes a very small amount of packet loss when a parameter related to an interface such as interface description on any port is changed.
Product-Group=junos
On QFX5120 and QFX5210 running JunosOS 18.4R2-S5, 18.4R2-S6, 18.4R3-S5, 19.3R3 releases, there will be a very small amount of packet loss when a parameter related to an interface such as "interface description" on any port is changed. When the parameter is changed, COS buffer modifications is checked. Even when there is no change in previous and present COS buffer state for port, COS buffer modifications is unnecessarily performed and is calling traffic block and unblock and causing a very small amount of packet loss. This will be fixed in the following releases. Junos OS 18.4R2-S7, 18.4R3-S6, 19.3R3-S1 and all subsequent releases.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1432023 The fxpc core might be seen during the reboot of device on QFX5100/EX4600 switches
Product-Group=junos
On QFX5100 and EX4600 switches, due to Bad Chip ID, an fxpc core filecan be seen during the device reboot. This is due to a transient error related to a chip where vendor tries to get the chip ID and it results in improper info.
1486632 On the QFX 5100-48T-6Q Virtual Chassis or Virtual Chassis fan, the following error message is observed while copying the image to the Virtual Chassis fan member and trying to downgrade the image: rcp for member 14, failed.
Product-Group=junos
On QFX 5100-48T-6Q VC/VCF, RCP error might be seen while upgrading the system using "request system software add  no-validate" and system upgrade/ installation could fail. This issue happens if DCPFE cpu utilization is very high.
1546745 DCPFE crash might be observed while updating vrf for multicast routes during irb uninit
Product-Group=junos
DCPFE (Data Center Packet Forwarding Engine) crash might be observed while updating VRF for multicast routes during irb uninit if the VRF value being updated is same as already programmed.
1558189 On the QFX5110-32Q device, the following syslog error message is observed after loading the NC T5 EVPN VXLAN configuration: BCM-L2,pfe_bcm_l2_sp_bridge_port_tpid_set() Config TPID New/Old (8100:8100) Other-Tpid's ba49, 4aa0, 80f.
Product-Group=junos
Handling of debug log related to TPID updates
1568159 The dcpfe process might crash when the size of the Local Bias Filter Bitmap string exceeds 256 characters.
Product-Group=junos
On QFX5K platforms with EVPN-VXLAN, the dcpfe process may crash when the size of the Local Bias Filter Bitmap string exceeds 256 characters.
PR Number Synopsis Category: QFX VC Datapath
1519893 On the QFX5120 and QFX5210 devices, unexpected storm control events might occur.
Product-Group=junos
On QFX5120 and QFX5210 platforms unexpected storm control events might happen. A new knob on the fixed versions is required to avoid this behavior: set forwarding-options storm-control enhanced
PR Number Synopsis Category: Accounting Profile
1509114 The pfed might crash when running 'show pfe fpc x'.
Product-Group=junos
When the pfed is running on a 64 bit machine, it might crash after issuing the command "show pfe fpc x".
PR Number Synopsis Category: JUNOS kernel/ukernel changes for ACX
1509402 On the ACX710 router, the Packet Forwarding Engine might crash and the fpc process might remain down.
Product-Group=junos
On ACX710 platform, after the PTP(Precision Time Protocol) configuration is removed and the router is rebooted, the PFE might crash and the FPC remains down if PTP traffic is still coming into the router. This issue might also happen when SyncE is configured. This causes the router to crash and not come up.
PR Number Synopsis Category: ACX GE, 10GE, PoE, IDT framers
1523418 Interface does not come up with the auto-negotiation setting between the ACX1100 router and the other ACX Series routers, MX Series routers and QFX Series switches as the other end.
Product-Group=junosvae
When QFX5100/5110 is connected to other devices with 1G/10G ports, both sides configuring auto-negotiation and the remote interface might stay down.
PR Number Synopsis Category: MX Layer 2 Forwarding Module
1546631 MAC learning issue might happen when EVPN-VXLAN is enabled.
Product-Group=junos
On MX platform, with Ethernet VPN and Virtual Extensible LANs (EVPN-VXLAN) implemented, Address Resolution Protocol (ARP) requests received on VXLAN tunnel endpoint (VTEP) might not forward to customer edge (CE) side or Proxy ARP role on VTEP might not work properly. This issue could happen when knob 'no-arp-suppression' is disabled under EVPN instance combined with static VXLAN implementation. Please refer to workaround provided when this issue hit.
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1516556 The remaining BFD sessions of the aggregated Ethernet interface flap continuously if one of the BFD sessions is deleted.
Product-Group=junos
On QFX10000 platforms, if multiple sub-interfaces of the same Aggregated Ethernet (AE) interface belong to different routing instances, and these sub-interfaces are configured with the same IP address and configured with separate Bidirectional Forwarding Detection (BFD) sessions, the remaining BFD sessions will flap continuously if one of these BFD sessions is deleted.
1518106 The BFD sessions might flap continuously after disruptive switchover followed by GRES
Product-Group=junos
Disruptive switchover (no GRES or NSR configured) can lead to stale PPM entries programmed on the new master Routing Engine. If both GRES and NSR are activated after disruptive switchover and then a GRES switchover is performed, BFD sessions might flap continuously.
PR Number Synopsis Category: Border Gateway Protocol
1466709 BGP peers might flap if the parameter of hold-time is set small.
Product-Group=junos
On all Junos platforms with BGP enabled, the hold timer is still running when the session is to processing BGP updates to peers, but the keepalive messages which BGP peer sends might be skipped. If the BGP updates in handling cannot be completed within the hold timer (e.g., manually sets the hold-time to 3s), the BGP peer flaps might be observed.
1483097 The BGP RPKI ROA withdrawal might lead to an unexpected BGP route flap.
Product-Group=junos
Originally, when an RPKI RTR server or an RPKI Validator withdraws ROAs they are marked as "stale" and then flushed when the garbage collection timer runs out. For the short period of time, this might result in incorrect validation status. If there's an ingress BGP policy which suppresses routes with validation status of invalid, the affected routes are deleted locally (as well as withdrawn from its neighbors). Later, when the withdrawn ROA is flushed, the validation state of the routes are corrected to unknown and the routes are re-installed and re-advertised. With this fix, the withdrawn ROAs are deleted from the validation database immediately, so that the affected routes transition to unknown state directly resulting in no route flaps.
1545837 BGP flap and rpd crash might be observed
Product-Group=junos
On all Junos platforms with 'output-queue-priority expedited update-tokens' configured, rpd crash might be seen upon BGP flap.
PR Number Synopsis Category: Track PRs in BGP BMP area & is part of BGP inside RPD.
1466477 BGP Open messages with specific types of BGP Optional Capabilities causing BMP messages not been encoded correctly when sent to the BMP Collector.
Product-Group=junos
The issue happens when a specific type of BGP optional capabilities are sent to the Juniper device during a BGP session establishment, resulting in BMP errounesly encoded later messages sent to the BMP collector. Problem only manifest itself when the BGP peer is using the 'allow' feature ( Also known as bgp listen/dynamic mode ).
PR Number Synopsis Category: MX Platform SW - Power Management
1501108 On MX2020 and MX2010, the "pem_tiny_power_remaining:" message will be continuously logged in chassisd log.
Product-Group=junos
On MX2020/MX2010, the "pem_tiny_power_remaining" message might be continuously logged in chassisd log.
PR Number Synopsis Category: MX-ELM l2ng stormcontrol
1552815 The knob 'action-shutdown' of storm control does not work for ARP broadcast packets
Product-Group=junos
With knob 'action-shutdown' configured in storm control scenario, the interface will not go to shutdown state if ARP storm exceeds the configured limit. The excess packets will be dropped normally.
PR Number Synopsis Category: Device Configuration Daemon
1467855 When you configure ESI on a physical interface and disable a logical interface, traffic drop will be seen under the physical interface.
Product-Group=junos
On EVPN active or active software design, disabling the ESI logical interface might effect the designated forwarder election of EVPN when the physical interface has ESI configured. In such configuration, disabling the ESI logical interface, type-1 routes (AD/EVI and AD/ES) are not generated from this PE. With ESI configured at the IFD level, as one of the logical interface in the IFD is down, DF election can not happen for the ESI. Also, AD/EVI and AD/ESI routes are deleted. The following warning message occurs upon commit, where this configuration might cause DF election issues and undesired unicast or BUM traffic drop: DCD_PARSE_CFG_WARNING: aex.y : Disabling the IFL might affect the Designated Forwarder election of EVPN when IFD is having ESI configured.
1539991 The logical interface might flap after the addition or deletion of the native VLAN configuration.
Product-Group=junos
On EX/QFX platforms, the unrelated logical interface on a physical interface would flap when adding or deleting native VLAN configuration on the physical interface.
1553148 The dcd process might leak memory on pushing the configuration to the ephemeral database.
Product-Group=junos
The dcd (device control daemon) memory leak issue could be observed on all Junos platforms, on pushing the scaled routing-instance configuration with bridge-domain stanza into the Ephemeral database.
PR Number Synopsis Category: Firewall Filter
1395923 The log message of 'Prefix-List [] in Filter [] not having any relevant prefixes' might not be seen when IPv4 prefix is added on a prefix-list referred by IPv6 firewall filter
Product-Group=junos
From 18.3R2 and 18.4R1 onwards, if IPv4 prefix is added on a prefix-list referred by IPv6 firewall filter then the log message of "Prefix-List [...] in Filter [...] not having any relevant prefixes, Match [from prefix-list ...] might be optimized" will not be seen.
PR Number Synopsis Category: Control Plane for Node Virtualization
1488946 The chassisd might crash if executing an SNMP request for a MIC which is a part of an offline FPC
Product-Group=junos
If executing an SNMP request for a MIC which is a part of an offline FPC, the chassisd crashes and RE goes down might be seen.
PR Number Synopsis Category: EVPN control plane issues
1521526 ARP table might not be updated after VMotion or network loop is performed.
Product-Group=junos
On all Junos platforms with EVPN configured, the ARP table might not get updated. This issue happens after performing VMotion in a network or having a network loop.
1540788 The rpd memory leak might occur when changing EVPN configuration
Product-Group=junos
On all Junos platforms that support EVPN, once any EVPN configuration is changed, rpd memory leak might be seen. If the change is rapid and frequent, rpd memory will exhaust which results in rpd core or restart.
1547275 VLAN ID information is missed while installing the EVPN route from the BGP Type 2 Route after modifying a routing-instance from instance-type EVPN to instance-type virtual-switch.
Product-Group=junos
VLAN ID information might be missing while installing the EVPN route from the BGP Type 2 Route after modifying a routing-instance from "instance-type evpn" to "instance-type virtual-switch". As a result, the data traffic sent via these EVPN routes doesn't push vlan-id in the inner Ethernet Header. This might result in traffic getting discarded on the remote PE.
PR Number Synopsis Category: Express PFE CoS Features
1531095 Packet loss is observed while validating the policer after restarting the chassis control.
Product-Group=junos
On QFX10K platforms, the classification for incoming mpls traffic based on the EXP(experimental) bits might not take into effect, and instead the traffic will get classified based on the default setting, due to which packet loss could be observed.
PR Number Synopsis Category: Express PFE L2 fwding Features
1473313 The detached interface in LAG might process the xSTP BPDUs.
Product-Group=junos
If the xSTP protocol is running between a detached lag member and the physically connected peer interface (which is not part of a LAG), the xSTP BPDUs might get exchanged instead of getting dropped. Because of this behavior, the xSTP protocol might make the lag interface flap.
1561084 When configuring static MAC and static ARP on the EVPN core aggregate interface the underlay NH programming might not be updated in the PFE
Product-Group=junos
After installing static MAC/ARP into the core underlay link and reverting the configuration, the Next Hop (NH) in PFE might still point to the configured MAC address. It might cause traffic blackholing towards the CE.
PR Number Synopsis Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip
1418192 The rpd core files are seen when you restart the rpd or when the logical system is deactivated.
Product-Group=junos
The rpd process might generate a core file when the user intentionally restarts the rpd or deactivates logical-system.
1472643 Restarting the rpd back-to-back crashes the rpd process.
Product-Group=junos
On all Junos OS platforms, after performing back-to-back rpd restarts, rpd might crash. The rpd core may be observed after a timeout of 10 minutes.
PR Number Synopsis Category: all logging related bugs on srx platforms
1438834 Security logs cannot be sent to the external syslog server through TCP.
Product-Group=junos
RTLOG is not able to create new connection with syslog server any more after a lot of TCP connections have been created by RTLOG. This issue causes security logs not to be sent to external syslog server via TCP.
PR Number Synopsis Category: PFE infra to support jvision
1547698 SENSOR APP DWORD leak is observed during the period of churn for routes bound to the sensor group.
Product-Group=junos
SENSOR APP DWORD leak observed during the period of churn for routes bound to Sensor group. Sensor types that are affected are Segment Routing, Segment Routing-TE, LDP and RSVP LSPs.
PR Number Synopsis Category: lacp protocol
1500758 The MC-LAG might become down after disabling and then enabling the force-up.
Product-Group=junos
If the AE (Aggregation Ethernet) interface under the MC-LAG (Multichassis Link Aggregation Groups) is configured with force-up, the MC-LAG might become down after disabling and then enabling the force-up. Traffic goes through the MC-LAG will be dropped when the interface is down.
PR Number Synopsis Category: Label Distribution Protocol
1471191 The rpd process might crash during shutdown.
Product-Group=junos
The rpd shutdown process such as clean up of scale configuration and rolling it back with LDP configured might cause rpd to crash. The rpd shutdown rarely happens during normal operation. It is widely used for testing purpose. The rpd crash may result in traffic loss.
PR Number Synopsis Category: Multiprotocol Label Switching
1506062 The rpd process might crash when triggering rpd restart or GRES switchover.
Product-Group=junos
On all Junos platforms with GR (Graceful Restart) and LSP (Label Switched Path) configured, if the /mfs/var/db/tag_restart.db file is corrupted, the rpd process might crash when triggering rpd restart or GRES (Graceful Routing Engine Switchover) switchover. Traffic loss might be seen during the rpd crash and restart.
1546824 Performing commit may trigger externally provisioned LSP MBB mechanism
Product-Group=junos
If link-protection is enabled for an externally provisioned LSP, any commit for the first time after provisioning will cause a make before break (MBB) even the configuration is not related to the LSP.
PR Number Synopsis Category: IDS features available on MS-MPC/MIC
1536100 Junos OS: MX Series: Dynamic filter fails to match IPv6 prefix (CVE-2021-0205)
Product-Group=junos
When the "Intrusion Detection Service" (IDS) feature is configured on Juniper Networks MX series with a dynamic firewall filter using IPv6 source or destination prefix, it may incorrectly match the prefix as /32, causing the filter to block unexpected traffic. Refer to https://kb.juniper.net/JSA11095 for more information.
PR Number Synopsis Category: MX10K platform
1456253 On 4x1GE using QSFP28 optics, continuos logging in chassisd process occurs when speed 1g is configured: pic_get_nports_inst and ch_fru_db_key.
Product-Group=junos
On MX10008 and PTX10008, the continuous logging in the chassisd file might be seen.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1427233 Infrastructure The duplex status of management interface might not be updated in the output of show command.
Product-Group=junos
On all Junos platforms that are upgraded to Junos OS Release 15.1 onward, when the duplex setting is changed on the management interface (for example, fxp0/em0), the duplex status of the management interface might not be updated in the output of the "show interface <>".
1518898 The kernel might crash if a file/directory is accessed for the first time and is not created locally.
Product-Group=junos
On the Junos with Virtual Filesystem (VirtFS), if a file/directory is accessed for the first time and is not created locally, the kernel might crash and generate a vmcore file. Junos might reboot due to this issue.
1525318 Junos OS: telnetd.real Local Privilege Escalation vulnerabilities in SUID binaries (CVE-2021-0223)
Product-Group=junos
A local privilege escalation vulnerability in telnetd.real of Juniper Networks Junos OS may allow a locally authenticated shell user to escalate privileges and execute arbitrary commands as root. Please refer to https://kb.juniper.net/JSA11114 for more information.
1537696 Errors might be seen when dumping vmcore on EX2300/EX3400 series
Product-Group=junos
On EX2300/EX3400, the vmcore might not be available and the device might hang while trying to generate core files via the rescue kernel. This might be caused by the ARM dumper device supporting only a fixed 512 byte block size, rather than scaling to any block size. This might cause loss of debug ability for the device.
PR Number Synopsis Category: "ifstate" infrastructure
1545463 Continuous rpd errors might be seen and new routes will fail to be programmed by rpd
Product-Group=junos
In case of high route churn in the network, all kuackmem (Kernel ACK mechanism) entries may be exhausted as a result of a rare timing issue and any new routes will fail to get programmed by rpd.
PR Number Synopsis Category: Kernel MPLS / Tag / P2MP Infrastructure
1493431 BGP session might keep flapping between two directly connected BGP peers because of the incorrect TCP-MSS in use.
Product-Group=junos
If there are two directly connected BGP peers established over MPLS LSP and the MTU od the IP layer is smaller than the MTU of the MPLS layer, and also if the BGP packets from the host have the DF bit set, the BGP session might keep flapping because of the usage of the wrong TCP-MSS.
PR Number Synopsis Category: TCP/UDP transport layer
1552603 The BGP session replication might fail to start after the session crashes on the backup Routing Engine.
Product-Group=junos
On certain Junos platforms with Dual-REs (platforms capable of installing Junos packages with name format as "junos*install"), BGP replication may fail to start under GRES/NSR setup after a crash on backup Routing Engine. NSR starts un-replicating the socket since backup Routing Engine is no longer present. Massive unreplicated request leads to memory buffer getting full with multiple BGP sessions (e.g., 20 BGP peers). Hence BGP unreplicated request returned with an error. Besides, the kernel is left with stale data. It does not allow the JSR (Juniper Socket Replication, BGP in this case) when backup RE comes up due to the stale data. BGP-NSR (Nonstop Routing) is broke under the conditions. Traffic outage will be observed after performing GRES.
PR Number Synopsis Category: OSPF routing protocol
1463535 Need to install all possible next hops for OSPF network LSAs.
Product-Group=junos
For each network lsa, OSPF code fetches the first router lsa link and adds the only one candidate as route. Now the code is updated to fetch all the router lsa link, present in network lsa.
PR Number Synopsis Category: PE based L3 software
1500798 BFD sessions flap after deactivating or activating the aggregated Ethernet interface or executing GRES.
Product-Group=junos
On QFX10008 platforms, if the BFD is configured over an AE interface (member link across multiple FPCs), deactivating/activating the AE interface or executing GRES will cause the BFD sessions to flap.
PR Number Synopsis Category: vMX Platform Infrastructure related issue tracking
1548422 Traffic with jumbo frame may be discarded on the vMX platforms
Product-Group=junos
On the VMX platforms which are installed on ESXI 6.7 with vmxnet3 driver, traffic with jumbo frame (Packets with MTU more than 1500) may be discarded upon receiving.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1520144 SNMP trap of power failure might not be sent out
Product-Group=junosvae
On QFX5K platforms, the SNMP trap of power failure might not be sent out when power cable is removed from PSU, and the output of CLI command 'show chassis environment' would not display the information of the power failure.
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1462748 On the QFX5100 switches, the interface output counter is double counted for self-generated traffic.
Product-Group=junos
On QFX5100 device, interface output counter is double counted for self-generated traffic
1538340 On the QFX5100-48T, interfaces are not created after 10g channel-speed is applied across the 48 to 53 ports.
Product-Group=junos
After channelizing port 48 through 53 and channel speed, the interfaces are down on QFX5100-48T platform. This issue causes interfaces are deleted and traffic might be dropped.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1465183 PEM is not present spontaneously on QFX5210
Product-Group=junosvae
On QFX5210 platforms, due to a firmware issue on the power supplies (PEMs) of the switch, the routing engine may spontaneously misread the status registers of a power supply. This produces erroneous messages of PEM not present. Although the power supply is present and can deliver power, the system may then deactivate the power supply believing it not to be present.
1508611 The fxpc may crash and restart with a fxpc core file created while installing the image through ZTP.
Product-Group=junos
On QFX5100/EX4600 Series platforms, the fxpc may crash sometimes while installing an image through ZTP.
1520956 On the QFX5100 device, the cprod process timeout triggers high CPU utilization.
Product-Group=junos
In QFX5100, you might get into a high CPU (CPU running at 100%) situation when a "cprod" command timed out.
PR Number Synopsis Category: QFX platform optics related issues
1382803 On the QFX5110 switches, the FEC error count does not get updated.
Product-Group=junos
On QFX5110, interface FEC counter does not work though FEC function has been supported. Added stats counter support through this PR.
PR Number Synopsis Category: QFX PFE Class of Services
1430173 The CoS rewrite rules applied under an aggregated Ethernet interface might not take effect after NSSU.
Product-Group=junos
On QFX 5K platform, Class of Service (CoS) rewrite rules applied under an Aggregated Ethernet (AE) interface might not take effect after Non-Stop Software Upgrade (NSSU). In the end, packets could not enter into correct queues for sending.
PR Number Synopsis Category: Filters
1514710 In the VXLAN configuration, the firewall filters might not be loaded into the TCAM with the following message due to TCAM overflow after upgrading to Releases 18.1R3-S1, 18.2R1, and later : DFWE ERROR DFW: Cannot program filter.
Product-Group=junos
n QFX5000/EX4600 platforms with VxLAN scenario, firewall filters loading failure might happen due to Ternary Content Addressable Memory(TCAM) overflow, which may cause traffic impact if the Junos version is upgraded to 18.1R3-S1 / 18.2R1 or higher. This is because IPACL VxLAN filter is introduced on that releases to replace regular IPACL for VxLAN VLANs. And after upgrade, IPACL VxLAN filter needs more entries in TACM compared with regular IPACL, which makes TCAM to overflow, and even traffic will be impacted.
1558320 Firewall filter might fail to work on QFX5K platforms
Product-Group=junos
On QFX5K platforms, if per ifl-filtering on regular VLAN is configured with no match conditions then destination port matching condition may fail to match intended packets.
PR Number Synopsis Category: QFX L2 PFE
1385954 The following error message is generated while booting: CMQFX: Error requesting SET BOOLEAN, illegal setting 66.
Product-Group=junos
The following log may be generated at booting up. >> Feb 10 02:15:26 jtac-qfx5100-48s-6q-r2373 : %PFE-3: fpc0 CMQFX: Error requesting SET BOOLEAN, illegal setting 66. This is a cosmetic log and you can ignore the log safely.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1484440 IRB MAC is not programmed in hardware when the MAC persistence timer expires.
Product-Group=junos
On QFX5XXX/EX46XX virtual chassis platforms with GRES, if an IRB interface is configured with members across master and backup REs, and when mac-persistence-timer expires, the new MAC address of the IRB interface might not be programmed in hardware, which might result in failure on protocols and traffic.
1512175 The DHCP traffic might not be forwarded correctly when DHCP sends unicast packets.
Product-Group=junos
On EX4600/QFX5K platforms, DHCP unicast packets are getting dropped in the device due to DHCP relay filters which are getting installed during the init time without any DHCP configuration.
1512712 The output of the show chassis forwarding-options command displays incorrect display issue, Virtual Chassis environment, and configured num-65-127-prefix values.
Product-Group=junos
Display issue, In a Virtual Chassis environment, Configured num-65-127-prefix value is shown incorrect for the command O/P "show chassis forwarding-options" for the FPC which is not local (Backup and line card members of the VC)
1539278 ARP request may be dropped in leaf in EVPN-VXLAN scenario
Product-Group=junosvae
In EVPN-VXLAN scenario, ARP requests may be droppped in leaf while sending intervlan traffic. Configuring more than 1250 vxlan vlans in a single commit on QFX 5120, would result in hash collision, leading to BD(Bridge Domain) creation failures for few vlans.
PR Number Synopsis Category: QFX EVPN / VxLAN
1510794 On the QFX5000 line of switches, multicast traffic loss is observed due to few multicast routes missing in the spine node.
Product-Group=junos
In an EVPN-VXLAN scenario with scaled snooping configuration(for example, 100 vlan's with snooping enabled), traffic drops might be observed for multicast groups in few vlan's when "clear bgp sessions" is performed on all Spine devices.
PR Number Synopsis Category: KRT Queue issues within RPD
1542280 The KRT queue might get stuck after RE switchover
Product-Group=junos
On all Junos platforms with dual Routing Engines (REs), if RE switchover happens while the rpd process on backup RE (new master RE) is reading routes from kernel, some error might happen in a very rare timing condition, and the Kernel Routing Table (KRT) queue might get stuck due to this issue.
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1242589 In a BGP or MPLS scenario, changing events about the next hop interface MPLS family might cause the route to be in the Dead state
Product-Group=junos
In a BGP or MPLS scenario, if the next-hop type of label route is indirect, then the following changing events about the next-hop interface MPLS family might cause the route to be in the Dead state, and the route remains in that state even when the family MPLS is again activated: Deactivating and activating the interface family mpls. Deleting and adding back the interface family mpls. Changing maximum labels for the interface. When a labeled route is resolved over an interface, that interface must have family mpls configured for the route to be successfully resolved. Otherwise, the route does not get resolved.
PR Number Synopsis Category: show route table commands, tracing, and syslog facilities
1421076 The rpd crash might occur when modifying the prefix-list from IPv4 to IPv6 or vice versa
Product-Group=junos
On all Junos platforms, the rpd crash might be observed while modifying the prefix-list address from IPv4 to IPv6 (or IPv6 to IPv4) using 'replace-pattern'. This issue happens only when the policy has 'then next policy' term configured. Configuration Example: set policy-options prefix-list xyz x.x.x.x/x ----> IPv4 address configured set policy-options policy-statement abc term PREF from prefix-list xyz set policy-options policy-statement abc term PREF then next policy ---->'then next policy' configured set policy-options policy-statement abc term END then reject commit In the above scenario, if a terminating action is used for term PREF (such as 'then accept' or 'then reject') the core is not seen. [edit policy-options prefix-list xyz] replace pattern x.x.x.x/x with xx:x::/x ----> Change IPv4 to IPv6 using 'replace pattern' commit
1425515 The RPD scheduler slips might be observed upon executing the show route resolution extensive 0.0.0.0/0 | no-more command if the number of routes in the system is large (several millions).
Product-Group=junos
If a system has a lot of routes (several millions) then RPD scheduler slips could happen upon executing 'show route resolution extensive 0.0.0.0/0 | no-more' CLI command. The following message will be syslogged upon the slip: > rpd[4885]: %DAEMON-3-JTASK_SCHED_SLIP: 8 sec scheduler slip, user: 8 sec 645210 usec, system: 0 sec, 0 usec
PR Number Synopsis Category: Resource Reservation Protocol
1505834 The rpd process might crash with RSVP configured in a rare timing case.
Product-Group=junos
On all Junos platforms running with the Resource Reservation Protocol (RSVP) configured, when some socket error happens, RSVP might be unable to send messages. However, the counter for sent messages has already been increased due to the software design defect. The wrong counter might lead to the rpd process crash. It's a rare timing issue that might be more likely to happen in a scaled scenario.
1516657 The rpd scheduler might slip after the link flaps.
Product-Group=junos
On all Junos platforms with RSVP-TE configured, when a transit router carries a large number of LSP's (for example, 60k and higher) and all those LSPs undergo FRR (for example, when link carrying large number of LSP's flap) then, the rpd scheduler might slip and LDP session tear down might be observed after the link flap.
PR Number Synopsis Category: SNMP Infrastructure (snmpd, mib2d)
1446675 The Wrong Type error message might be seen for the hrProcessorFrwID object.
Product-Group=junos
Currently, the object of hrProcessorFrwID is using Integer type and this is causing NMS warnings as below: host:~ root# snmpwalk -v2c -c jtac xx.xx.xx.xx .1.3.6.1.2.1.25.3.3.1.1 HOST-RESOURCES-MIB::hrProcessorFrwID.0 = Wrong Type (should be OBJECT IDENTIFIER): INTEGER: 0 HOST-RESOURCES-MIB::hrProcessorFrwID.1 = Wrong Type (should be OBJECT IDENTIFIER): INTEGER: 1 HOST-RESOURCES-MIB::hrProcessorFrwID.2 = Wrong Type (should be OBJECT IDENTIFIER): INTEGER: 2 HOST-RESOURCES-MIB::hrProcessorFrwID.3 = Wrong Type (should be OBJECT IDENTIFIER): INTEGER: 3 This will be changed to OCTET STRING OBJECT IDENTIFIER. But, since enterprise OID specific to the CPU is not available, the object value will always be set to the default of 0.0.
PR Number Synopsis Category: platform related PRs on SRX branch platforms
1512810 Junos OS: SRX Series: A logic error in BIND can be used to trigger a Denial of Service (DoS) (CVE-2020-8617)
Product-Group=junos
A vulnerability in BIND code, used in Juniper Networks Junos OS on SRX Series devices, which checks the validity of messages containing TSIG resource records can be exploited by an attacker to trigger an assertion failure in tsig.c, resulting in a Denial of Service (DoS). Refer to https://kb.juniper.net/JSA11091 for more information.
PR Number Synopsis Category: SSL Proxy functionality on JUNOS
1467856 Junos OS: NFX Series, SRX Series: PFE may crash upon receipt of specific packet when SSL Proxy is configured. (CVE-2021-0206)
Product-Group=junos
A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to send a specific packet causing the packet forwarding engine (PFE) to crash and restart, resulting in a Denial of Service (DoS). By continuously sending these specific packets, an attacker can repeatedly disable the PFE causing a sustained Denial of Service (DoS). Refer to https://kb.juniper.net/JSA11096 for more information.
PR Number Synopsis Category: MX10002 Fabric s/w defects
1428854 On MX10003 platform, fabric drops might be seen when two FPCs come online together.
Product-Group=junos
On MX10003 platform, when two FPCs come online together, the fabric links between FPCs might not be initialized, all traffic go through the fabric between FPC0 and FPC1 might be dropped.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1431198 Error might occur when you use a script to load the configuration.
Product-Group=junos
Multiple deletion of a non-existing configuration statement produces errors through RPC load-configuration.
1489575 Previous configuration may still take effect after "rollback rescue" is performed
Product-Group=junos
When adding new configuration and using "rollback rescue", it is found that even though this configuration has been removed it is still functional.
1519337 Junos OS: Command injection vulnerability in 'request system software' CLI command (CVE-2021-0219)
Product-Group=junos
A command injection vulnerability in install package validation subsystem of Juniper Networks Junos OS that may allow a locally authenticated attacker with privileges to execute commands with root privilege. To validate a package in Junos before installation, an administrator executes the command 'request system software add validate-on-host' via the CLI. An attacker with access to this CLI command may be able to exploit this vulnerability. Please refer to https://kb.juniper.net/JSA11109 for more information.
1529210 Junos OS: dexp Local Privilege Escalation vulnerabilities in SUID binaries (CVE-2021-0204)
Product-Group=junos
A sensitive information disclosure vulnerability in delta-export configuration utility (dexp) of Juniper Networks Junos OS may allow a locally authenticated shell user the ability to create and read database files generated by the dexp utility, including password hashes of local users. Please refer to https://kb.juniper.net/JSA11114 for more information.
1553577 The command "request system software validate on host" does not validate the correct configuration file
Product-Group=junos
When using the "request system software validate on host username ", please use the latest os-package on remote host for it to properly use the configuration file sent from the host whose configuration file is being validated.
PR Number Synopsis Category: PTX/QFX10002/8/16 specific software components
1398899 sib_jvision_property_get_generic: fru SIB <> no state error func messages are flooding in chassisd
Product-Group=junos
On QFX/PTX the following logs sib_jvision_property_get_generic: fru SIB <> no state error func messages are flooding in chassisd. There is no functional impact due to this messages.
PR Number Synopsis Category: VMHOST platforms software
1436968 Unknown SNMP trap (1.3.6.1.4.1.2636.3.69.1.0.0.1) sent on QFX5110 restart
Product-Group=junos
Unknown SNMP trap (1.3.6.1.4.1.2636.3.69.1.0.0.1) sent on QFX5110 restart.
PR Number Synopsis Category: VNID L2-forwarding on Trio
1517591 "no-arp-suppression" is required for MAC learning across the EVPN domain on the static VTEP
Product-Group=junos
On MX Series platform, with Ethernet VPN and Virtual Extensible LANs (EVPN-VXLAN) implemented, the Address Resolution Protocol (ARP) requests received on VXLAN tunnel endpoint (VTEP) might not forward to customer edge (CE) side or proxy ARP role on VTEP might not work properly. This issue might occur when the 'no-arp-suppression' configuration statement is disabled under EVPN instance combined with static VXLAN implementation. Please refer to the workaround provided when this issue hit.
 

18.4R2-S7 - List of Known issues
PR Number Synopsis Category: SFI Infra-structure
1485038 The following error message is observed continuously in AD with base configurations: IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) failed.
Product-Group=junos
EX "IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) error message is observed continuously in AD with base configurations.
PR Number Synopsis Category: QFX PFE L2
1551543 Traffic does not get load balanced by QFX5K platforms over ESI links with EVPN_VXLAN configured
Product-Group=junos
Traffic does not get load balanced by QFX5K platforms over ESI links with EVPN_VXLAN configured
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1407175 On the QFX-5100 Virtual Chassis or Virtual Chassis Fan, the following error is observed in the hardware with the mini-PDT base configurations: BRCM_NH-,brcm_nh_bdvlan_ucast_uninstall(), 128:l3 nh 6594 unintsall failed.
Product-Group=junos
On QFX5100 Virtual Chassis or Virtual Chassis fabric, when the mini-PDT-base configuration is issued, the following error message is seen in the hardware: BRCM_NH-,brcm_nh_bdvlan_ucast_uninstall(), 128:l3 nh 6594 unintsall failed. There is no functionality impact because of this error message.
1489374 Packets drop might be seen when multicast MAC with static ARP is configured on one IRB interface
Product-Group=junos
On EX2300/EX3400/EX4300/EX4600/QFX5K platforms, if multicast MAC with static ARP is configured on one IRB interface, the packets which destination is the IP address of static ARP might not get out of the interface. So traffic drop might be seen.
1555294 aggregated ethernet link-protection requires commit full to switchover or revert
Product-Group=junos
The aggregated ethernet link-protection feature makes use of a primary and backup link. When switching from primary, e.g. using request interface switchover ae0 or switching from backup to primary, e.g. using request interface revert ae0, it requires a commit full to switch the interface.
PR Number Synopsis Category: Border Gateway Protocol
1414121 On the QFX5100 line of switches, the BGP IPv4 or IPv6 convergence and the RIB installation or deletion time is reduced in Junos OS Releases 19.1R1, 19.2R1, 19.3R1, and 19.4R1.
Product-Group=junos
BGP IPv4 or IPv6 convergence and RIB install/delete time is degraded in Junos OS Releases 19.1R1, 19.2R1, 19.3R1, and 19.4R1.
1454198 The rpd scheduler slip for BGP GR might be up to 120 second after the peer goes down.
Product-Group=junos
In BGP GR (graceful-restart) scenario (graceful-restart is configured for BGP or GR-helper mode is enabled by default), when high-scale routes get learnt from one peer, the rpd scheduler slip might be up to 120s after that BGP peer flaps.
1456260 Packet drop and CPU spike on Routing Engine might be seen in certain conditions if labeled-unicast protection is enabled for a CsC-VRF peer.
Product-Group=junos
On all Junos OS platforms under carrier supporting carrier (CsC) scenario, when PE link protection (labeled-unicast protection) is enabled, after one of the redundant links between CsC-CE flap or RSVP-TE LSP re-route from the primary path happens, it might result in slow convergence issue. Packets drop and CPU spike on the Routing Engine might be seen during this period.
PR Number Synopsis Category: BGP Openconfig and Sensor
1505425 The rpd process might crash in case of a network churn when the telemetry streaming is in progress
Product-Group=junos
On all Junos OS platforms with the Juniper Telemetry Interface configured, the rpd might crash when there is telemetry streaming is in progress and meanwhile there is a network churn. This is a timing issue, and the rpd recovers automatically.
PR Number Synopsis Category: EA chip ( MQSS SW issues )
1444963 Routing Engine-generated jumbo frames might get dropped.
Product-Group=junos
RE generated jumbo frames might get dropped due to incorrect MTU setting on the internal switch
PR Number Synopsis Category: EVPN control plane issues
1546992 The rpd crash might be seen after adding route-target on a dual-RE system under EVPN multihoming scenario
Product-Group=junos
On dual-RE platforms with EVPN multihoming scenario enabled, the rpd process might crash when VRF rt-target add and at the same time some networking events that trigger interface down/delete. The routing protocols are impacted, and traffic disruption will be seen due to the loss of routing information.
PR Number Synopsis Category: Layer 2 Control Module
1561235 The l2cpd core might be seen on reboot
Product-Group=junos
When xSTP is used, the l2cpd core might be seen on reboot. This will be a one-time core and will not impact on functionality.
PR Number Synopsis Category: Multiprotocol Label Switching
1460283 The previously configured credibility preference is not considered by CSPF even though the configuration has been deleted or changed to prefer another protocol in the traffic engineering database.
Product-Group=junos
After configuring the credibility, the new credibility preference value will be stored internally and its not cleared or consider by the CSPF module, incase if the perviously configuration of "traffic-engineering credibility-protocol-preference" was deleted or if you configure "traffic-engineering credibility-protocol-preference" under another protocol (for example ISIS)
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1463802 The scheduled tasks might not be executed if the cron daemon goes down without restarting automatically.
Product-Group=junos
The service utility "cron" runs in the background and regularly checks /etc/crontab for tasks to execute and searches /var/cron/tabs for custom crontab files. These files are used to schedule tasks which "cron" runs at the specified times. "cron" daemon is started during boot. If for some reason, the "cron" process exits, the scheduled tasks will not be executed. "cron" was not restarted automatically and had to be started manually.
PR Number Synopsis Category: TCP/UDP transport layer
1437257 The BGP session might flap after Routing Engine switchover is done simultaneously on both boxes of BGP peer in scaled BGP session setup.
Product-Group=junos
On all Junos platforms with GRES enabled, if BGP is configured with NSR and MD5 authentication in logical-systems, the BGP sessions might flap after performing Routing-Engine switchover simultaneously on both end of BGP peers.
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1548267 The 40G interface might be channelized after restarting the Virtual Chassis member.
Product-Group=junos
On QFX platforms with Virtual Chassis (VC) scenario, if one VC member has a 40G channelized port, and the same port number interface in another VC member is non-channelized and has a fiber connection, the non-channelized interface will also be channelized after the VC member restarts. This might result in traffic loss on this interface.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1560161 Few IPv6 ARP ND fails after loading the base configurations.
Product-Group=junos
On QFX5k platforms, when configuring a VLAN ID for a VxLAN, recommendation is to use VLAN ID of 3 or higher. If VLAN ID of 2 is used, replicated broadcast, multicast, and unknown unicast (BUM) packets for these VxLANs might be untagged, which in turn might result in the packets being dropped by a device that receives the packets.
PR Number Synopsis Category: QFX EVPN / VxLAN
1524955 Traffic loss may be observed on interfaces in a VXLAN environment
Product-Group=junos
On the QFX5K/EX4600 series platforms with VXLAN setup, if changing the VLAN (VXLAN enabled) configuration under an interface stanza from service provider style to enterprise style in a single commit without deactivating/activating the corresponding VLAN configuration under "vlans" stanza, traffic loss may be observed on the interface after the change.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1488251 MAC learning under bridge-domain stops after an MC-LAG interface flaps.
Product-Group=junos
MAC learning under bridge-domain over MC-LAG interface stops after an MC-LAG interface flaps.
1554908 Traffic is not forwarded over IRB to l2circuit on lt interfaces
Product-Group=junos
On trio based platforms, the IP traffic is not forwarded over IRB to l2circuit on lt interface (UNI) path scenario.
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1560438 MX960 unstable after injecting 2M routes in to VPN tables.
Product-Group=junos
When 2M VPN routes (1M v4 and 1M v6) are injected onto MX960, the MPC4E 3D FPCs show a heap utilization of 99%. The 99% heap utilization is however not seen on MPC7E. When the system is in this state, performing triggers such as link flap, config deactivate/ activate results in random traffic loss.
PR Number Synopsis Category: Junos Automation, Commit/Op/Event and SLAX
1501746 Python or Slax script might not be executed.
Product-Group=junos
On all Junos OS platforms, Python or SLAX script might not be successfully executed when the script is not present under hard disk path (/config/scripts) of the device combined with statement 'load-scripts-from-flash'. This is a regression issue.
PR Number Synopsis Category: Configuration management, ffp, load action
1427962 Changing nested apply-groups does not occur.
Product-Group=junos
When the nested apply-groups applied is deleting, the logical interface under the nested groups is not removed.
PR Number Synopsis Category: Configuration mgmt, ffp, load-action, commit processing
1500988 Slow response may be observed when performing "show | compare" or "commit check" etc action in a large-scale configuration environment
Product-Group=junos
In this problematic case, there is a large-scale configuration (like over 700k lines), it takes over 40s to finish and the CPU of mgd spikes to 100% when performing "show | compare" or "commit check" etc action with or without configuration change. The mgd will be back to normal after the command is finished. This issue will also affect contrail device discovery
PR Number Synopsis Category: Virtual Router Redundancy Protocol
1558560 Junos device might send VRRP advertisement packets in VRRP init or idle state before startup-silent-period timer expiry after performing GRES on VRRP master device with NSR disabled
Product-Group=junos
If VRRP master device has dual Routing Engines (REs) and GRES enabled but nonstop-routing (NSR) disabled, after performing GRES, both REs will move to VRRP init then idle state and the new master RE will send VRRP advertisement packets in this stage before startup-silent-period timer expiry. Since the VRRP backup device can still receive the VRRP advertisement packets with higher priority, it will not transition to VRRP master state and hence cause the longer traffic downtime until the VRRP master device re-take the VRRP mastership after startup-silent-period timer expiry.
 
Modification History:
First publication 2021-03-04
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search