Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

19.4R3-S2: Software Release Notification for JUNOS Software Version 19.4R3-S2

0

1

Article ID: TSB17993 TECHNICAL_BULLETINS Last Updated: 15 Mar 2021Version: 3.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 19.4R3-S2 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

NOTE: There is an on-going investigation of a report that a software defect introduced by PR1512919 causes interfaces on the "Type-6 Ethernet PIC" - "T6E-PIC", or PTX1000-72Q to become inactive in 19.4R3-S2. If you have a PTX1000-72Q or a PTX3000/5000 with the "T6E-PIC" - such as the P3-10-U-QSFP28, P3-15-U-QSFP28, or P3-24-U-QSFP28 - we don't recommend that you upgrade to this software release at this time.

 

Junos Software service Release version 19.4R3-S2 is now available.

19.4R3-S2 - List of Fixed issues
PR Number Synopsis Category: Marvell based EX PFE L3
1546036 JDI-RCT: EX 4300 VC/VCF : Observing HEAP malloc(0) detected
Product-Group=junosvae
This stack trace is a debug log generated when SDK code invokes malloc with the size as 0 while destroying a multicast entry. Such usage of malloc in the SDK code is a Day-1 behavior and has no functional impact. This debug log has been introduced in the latest release and is not harmful. Users can ignore this log.
1557229 Traffic related to IRB interface might be dropped when mac-persistence-timer expires.
Product-Group=junos
On EX3400/EX4400/EX4300MP virtual chassis (VC) platforms, if the IRB interface is configured with members across master and backup VC, the new MAC address of the IRB interface might not be programmed in hardware after mac-persistence-timer expires. This might result in all traffic related to the IRB interface be dropped.
PR Number Synopsis Category: Cassis XQ related issues
1464297 On the MX960 router, the following error message might be observed: SCHED L4NP[0] Parity errors.
Product-Group=junos
This PR along with an earlier PR1232952 address the issue completely, so JUNOS version in question should have fix for these two PRs to address this issue completely.
PR Number Synopsis Category: NFX Series Platform Software
1508580 Errors on vjunos0 Regarding TSensor related to PR 1362108
Product-Group=junosvae
False positive TSensor errors are reported on vjunos0
PR Number Synopsis Category: QFX PFE L2
1566850 On EX4650-48Y/QFX5120 platforms, packets with VLAN id 0 are dropped
Product-Group=junos
On EX4650-48Y/QFX5120 platforms, packets with VLAN id 0 are dropped
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1558189 On the QFX5110-32Q device, the following syslog error message is observed after loading the NC T5 EVPN VXLAN configuration: BCM-L2,pfe_bcm_l2_sp_bridge_port_tpid_set() Config TPID New/Old (8100:8100) Other-Tpid's ba49, 4aa0, 80f.
Product-Group=junos
Handling of debug log related to TPID updates
1568159 The dcpfe process might crash when the size of the Local Bias Filter Bitmap string exceeds 256 characters.
Product-Group=junos
On QFX5K platforms with EVPN-VXLAN, the dcpfe process may crash when the size of the Local Bias Filter Bitmap string exceeds 256 characters.
PR Number Synopsis Category: ACX Services feature
1559690 On the ACX5048 router, the fxpc process generates core file on the analyzer configuration.
Product-Group=junos
In analyzer configuration, if the route to the monitoring server (output ip-address) is reachable with unilist NH fxpc crashes while programming the next-hop in the hardware. It is taken care through this PR that this scenario is handled and crash is avoided while NH programming.
PR Number Synopsis Category: BBE routing
1556980 The Framed Route installed for a Demux Interface has no MAC Address
Product-Group=junos
On MX platforms with Broadband Edge(BBE) scenario, traffic sent to/transit via Framed-Route might be dropped, as there is no MAC associated with Framed-Route on the Demux Interface if "qualified-next-hop" is configured in dynamic-profile access route.
PR Number Synopsis Category: MIBs related to BBE
1535754 Snmp mib walk for jnxSubscriber OIDs returns General error
Product-Group=junos
Snmp mib walk for jnxSubscriber OIDs returns General error
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1474521 The BFD session might get stuck in the Init or Down state after the BFD session flaps.
Product-Group=junos
On all Junos platforms, a BFD session configured with authentication may get stuck in init or down state after BFD session flap. This issue happens due to internal software logic error.
1558102 BGP LU session flap might be seen with AIGP used scenario
Product-Group=junos
On all QFX5K platforms with L3VPN and BGP LU (Labeled Unicast) setup, the BGP neighbor relationship might flap, which might cause traffic loss, if it receives new routes with AIGP (Accumulated Interior Gateway Protocol) information.
PR Number Synopsis Category: Border Gateway Protocol
1483097 The BGP RPKI ROA withdrawal might lead to an unexpected BGP route flap.
Product-Group=junos
Originally, when an RPKI RTR server or an RPKI Validator withdraws ROAs they are marked as "stale" and then flushed when the garbage collection timer runs out. For the short period of time, this might result in incorrect validation status. If there's an ingress BGP policy which suppresses routes with validation status of invalid, the affected routes are deleted locally (as well as withdrawn from its neighbors). Later, when the withdrawn ROA is flushed, the validation state of the routes are corrected to unknown and the routes are re-installed and re-advertised. With this fix, the withdrawn ROAs are deleted from the validation database immediately, so that the affected routes transition to unknown state directly resulting in no route flaps.
1538956 After the peer is moved out of the protection group, the path protection is not removed from the PE device. Multipath route is still present.
Product-Group=junos
After move peer out of protection group, path protection not removed from the PE router -- Multipath route still present
1562090 BGP routes might be stuck in routing table with "Accepted DeletePending" state when the BGP peering session goes down.
Product-Group=junos
If BGP route flap damping is enabled and some routes received from a BGP peering session are hidden due to damping, the routes which are stored in the route list after the damped routes might be stuck in routing table with "Accepted DeletePending" state and not be removed when the BGP peering session goes down.
PR Number Synopsis Category: Virtual-chassis platform/chassisd infrastructure PRs for MX
1552588 The VCP port is marked as administratively down on the wrong MX-VC member.
Product-Group=junos
On MX/EX/QFX platforms with Virtual Chassis (VC) scenario, some interfaces might be shutdown unexpectedly, which might cause traffic to be interrupted if there is an error generated on an FPC. The reason is that after an ASIC error, the IFD down messages is not sent to the local chassis master where the error was reported, instead, it will be sent to the master of the Virtual Chassis, so that another interface with the same Slot/PIC/Port number will be shutdown as well.
PR Number Synopsis Category: MX Platform SW - UI management
1537194 The chassisd memory leak might cause traffic loss
Product-Group=junos
On MX/PTX platforms with 18.1 or higher release, chassisd memory leak may be caused by configuration commit. When chassisd consumes ~3.4GB of memory it may crash, chassisd crash may cause GRES or/and FPC restart. If GRES is enabled, commits are being synchronized between REs, so backup RE chassisd may suffer from memory leak too.
PR Number Synopsis Category: MX-ELM l2ng stormcontrol
1552815 The knob 'action-shutdown' of storm control does not work for ARP broadcast packets
Product-Group=junos
With knob 'action-shutdown' configured in storm control scenario, the interface will not go to shutdown state if ARP storm exceeds the configured limit. The excess packets will be dropped normally.
PR Number Synopsis Category: Device Configuration Daemon
1530935 Backup RE or backup node may stuck in bad status with improper "backup-router" configuration
Product-Group=junos
If the backup-router destination is configured the same IP address of an interface and a rib-group is configured to push this interface route from the default routing table to the other tables, after system reboots, backup-router destination configuration may be produced early before this IFA (IP address of an interface) configuration, which causes failure on the backup RE (In a Dual REs scenario) or backup node (In a cluster/VC scenario) when processing the rib-group configuration, then the backup RE or backup node may work in a bad status, impacting it to acquire the mastership.
PR Number Synopsis Category: Firewall Filter
1547184 All traffic would be dropped on AE bundle without VLAN configuration if bandwidth-percent policer is configured
Product-Group=junos
On MX platforms, if bandwidth-percent policer is applied on an AE bundle on which no VLAN is configured, all traffic on the AE bundle would be dropped. This issue could occur in both scenarios where the policer is applied through a firewall filter or the policer is applied to IFL directly.
PR Number Synopsis Category: EVPN control plane issues
1540788 The rpd memory leak might occur when changing EVPN configuration
Product-Group=junos
On all Junos platforms that support EVPN, once any EVPN configuration is changed, rpd memory leak might be seen. If the change is rapid and frequent, rpd memory will exhaust which results in rpd core or restart.
1546992 The rpd crash might be seen after adding route-target on a dual-RE system under EVPN multihoming scenario
Product-Group=junos
On dual-RE platforms with EVPN multihoming scenario enabled, the rpd process might crash when VRF rt-target add and at the same time some networking events that trigger interface down/delete. The routing protocols are impacted, and traffic disruption will be seen due to the loss of routing information.
PR Number Synopsis Category: Lagavulin PFE tracking
1552623 "show pfe route summary hw" shows random high free and 'Used' column for 'IPv6 LPM(< 64)' routes
Product-Group=junos
For routes <= or > 64 bit mask, after route delete from hardware or during overflow handling of routes from host to LPM table, there was an issue with accounting whereby an incorrect large value showed up in the route summary calculation. Affected platform: QFX5200-32C-32Q and EX4400-48F.
PR Number Synopsis Category: Express pfe ddos protection feature
1433259 Unable to change DDoS protocol TTL values under PTX10000
Product-Group=junosvae
Changing DDoS TTL protocols values in PTX10000 is not supported.
PR Number Synopsis Category: Express PFE L2 fwding Features
1561084 When configuring static MAC and static ARP on the EVPN core aggregate interface the underlay NH programming might not be updated in the PFE
Product-Group=junos
After installing static MAC/ARP into the core underlay link and reverting the configuration, the Next Hop (NH) in PFE might still point to the configured MAC address. It might cause traffic blackholing towards the CE.
PR Number Synopsis Category: SRX1500 platform software
1552820 On SRX1500, SRX-SFP-1GE-T(Part#740-013111) for a copper cable might be corrupted after reboot
Product-Group=junosvae
On SRX1500, SRX-SFP-1GE-T(Part#740-013111) for a copper cable might be corrupted after reboot.
PR Number Synopsis Category: jdhcpd daemon
1565540 jnxJdhcpLocalServerMacAddress (.1.3.6.1.4.1.2636.3.61.61.1.4.3) returns incorrect format of MAC address
Product-Group=junos
Due to the improper data type is assigned for the MAC address in the code, jnxJdhcpLocalServerMacAddress (.1.3.6.1.4.1.2636.3.61.61.1.4.3) returns incorrect format of MAC address.
PR Number Synopsis Category: interfaces and zones for junos js software
1553888 The speed mismatch error is seen while trying to commit reth0 with gigether-options
Product-Group=junos
When an existing reth configuration is updated so that the existing member interfaces are removed and new member interfaces are added, the commit would fail if the speed of the new member interfaces are different from the speed of the old member interfaces.
PR Number Synopsis Category: Firewall Policy
1454907 Traffic might be dropped when policies are changed in SRX Series devices
Product-Group=junos
If a huge number of policies are configured on SRX Series devices and some policies are changed, the traffic that matches the changed policies might be dropped.
1527570 Traffic might be dropped when policies are changed in SRX Series devices.
Product-Group=junos
If some policies are changed on SRX Series devices, the traffic that matches new and existing policies might be dropped.
1549366 Global policies working with multi-zones cause high PFE CPU utilization
Product-Group=junos
On SRX Series devices, a higher CPU utilization than normal might be observed, which might cause performance to decline rapidly if global policies are used and zones are declared explicitly in those policies.
1558382 On SRX5K platforms, the secondary node might get stuck in performing ColdSync after a reboot, upgrade or if ISSU is performed
Product-Group=junos
On SRX5000 line of devices, the secondary node might get stuck in performing ColdSync after a reboot.
1558827 The traffic may be dropped due to inserting one global policy above others on SRX platforms
Product-Group=junos
On SRX Series devices, when inserting one global policy (including adding, deleting or reordering a policy) above others, swapping policies will happen on the global policies after the inserted policy. At this time, the swapped global policies might not be found during the first path search. In this case, the traffic used to initiate a session creation that matched these undetected policies might be dropped, but the retransmission packets will pass successfully.
PR Number Synopsis Category: IPSEC/IKE VPN
1546537 After IPsec tunnel using policy-based VPN is overwritten by another VPN client, traffic using this IPsec tunnel will be dropped.
Product-Group=junos
On all SRX platforms, traffic using Policy-based IPsec tunnel might be dropped after the Policy-based VPN tunnel is overwritten by another VPN client.
1550232 Traffic goes through policy-based IPsec tunnel might be dropped after RG0 failover
Product-Group=junos
On branch SRX series devices in a chassis cluster, when policy-based IPSec VPN is configured and the IPSec SA's lifetime is about to expire in a few minutes, the traffic might be dropped in the VPN tunnel after an RG0 failover.
1564444 A session might be closed when the session is created during the IPsec rekey
Product-Group=junos
A session might be closed when the session is generated during IPsec rekey. It might cause the traffic drop on SRX platforms.
PR Number Synopsis Category: Kernel MX virtual-chassis PRs
1514583 Not able to forward traffic to VCP FPC after the MX Virtual Chassis reboots, FPC reboots, or adding VCP link.
Product-Group=junos
When rebooted MXVC or FPC rebooted or adding VCP link, there is timing issue when DEVRT updates coming in before the VCP IFD add messages in some FPCs that caused next hop mis-programming on these specific FPCs. Can check by: request pfe execute command "show jnh 0 vc state 0" target member1-fpcX request pfe execute command "show jnh 0 vc state 1" target member0-fpcX And will see invalid slot id = 255 . And we have to reboot specific to let FPCs next hop programming correct. Per this PR, re-designed Kernel part to parse the VC internal device route message from VCCPD and guarantee that VCP- interface messages are always sent to Ukernel/PFE first, then followed by VC internal device route message.
PR Number Synopsis Category: Layer 2 Control Module
1517458 The l2cpd might crash if the ERP is deleted after the switchover
Product-Group=junos
In VC (Virtual Chassis) setup with ERP (Ethernet Ring Protection) is configured and GRES(Graceful Routing Engine Switchover) and NSB (Non Stop Bridging) are not configured, after the RE (Routing Engine) switchover, the l2cpd might crash if the ERP is deleted on the new master. The layer 2 control protocols might be impacted during the crash and restart.
1561235 The l2cpd core might be seen on reboot
Product-Group=junos
When xSTP is used, the l2cpd core might be seen on reboot. This will be a one-time core and will not impact on functionality.
PR Number Synopsis Category: Multiprotocol Label Switching
1504916 The auto-bandwidth feature might not work correctly in an MPLS scenario.
Product-Group=junos
On all Junos platforms with MPLS RSVP-TE enabled, the LSP path calculated as per the auto-bandwidth adjustment might not take into effect after the rsvp-error-hold-time, as the re-optimization is happening for the current bandwidth instead of the requested bandwidth(calculated by auto-bandwidth). This issue could occur due to the inconsistency in RSVP-TED and sometimes due to a timing issue or unavailability of the bandwidth.
PR Number Synopsis Category: Multicast Routing
1555518 Sending multicast traffic to downstream receiver on Trio based Virtual Chassis platforms might fail.
Product-Group=junos
On Trio based Virtual Chassis (VC) platform, when there are multicast tunneled packets being received, which come into the Virtual Chassis Ports (VCP) and then pop out of the tunnel, if the VCP ports and the interfaces where multicast packets enter/leave the router are located on the same Packet Forwarding Engine (PFE), it might fail in sending multicast traffic to downstream receiver due to this issue.
PR Number Synopsis Category: Fabric Manager for MX
1482124 Fabric healing logic incorrectly makes all MPC line cards go offline in the MX2000 router while the hardware fault is located on one specific MPC line card slot.
Product-Group=junos
In specific MPC hardware failure conditions within the MX2K platform, fabric healing will attempt to auto-heal the fault location in 3 phases to prevent traffic blackholing. If under such fault conditions only destination timeouts are reported without corresponding link errors, the fabric healing process might restart all MPCs in phase-2 in an auto-healing attempt and if the error condition appears again within 10 minutes the last phase-3 might offline all MPCs in the system. MX2K platform exposure with SFB2, SFB3. With SFB installed only if 'set chassis fabric disable-grant-bypass' is configured.
PR Number Synopsis Category: MX104 Software - Chassis Daemon
1534281 The interface with the "pic-mode 10GE" configuration may not come up if upgrading to 18.4R3-S4 or later versions
Product-Group=junos
On MX80/104 platforms with MIC-MACSEC-20GE used, if upgrading to 18.4R3-S4 or later versions while configuring the "pic-mode 10GE" on the interface, the interface might not come up.
PR Number Synopsis Category: MX10K platform
1569167 agent sensor - "__default_fabric_sensor__" seems to be partly applied to some FPCs, which caused zero payload issue - "AGENTD received empty payload for pfe sensor __default_fabric_sensor__"
Product-Group=junos
PR 1507864 had fixed the invalid data exported from PFE (empty payload), which could be ignored. However, the system logs this event as an error. The fix changed the event as an info.
PR Number Synopsis Category: MX2010 platform software
1433522 SFBs will go to "check state" and PFE raise major errors CM_CMERROR_FABRIC_SELFPING in MX2K, if we Offline the SFB while it is in online process
Product-Group=junos
Offline event while online sequence in the process, will potentially causing the SFB2 training failures. The customers will see all SFBs are in "check state" and the installed FPCs will raise a major alarm of 0x2e0006 "fabric self ping blackhole".
PR Number Synopsis Category: Kernel Composite Next Hop (composite / l3vpn) Infrastructure
1548545 The kernel crash with core file might be seen if churn happens for a flood composite NH
Product-Group=junos
After continuous churn happens for a flood composite NH, the kernel crash might be seen.
PR Number Synopsis Category: "ifstate" infrastructure
1545463 Continuous rpd errors might be seen and new routes will fail to be programmed by rpd
Product-Group=junos
In case of high route churn in the network, all kuackmem (Kernel ACK mechanism) entries may be exhausted as a result of a rare timing issue and any new routes will fail to get programmed by rpd.
PR Number Synopsis Category: TCP/UDP transport layer
1552603 The BGP session replication might fail to start after the session crashes on the backup Routing Engine.
Product-Group=junos
On certain Junos platforms with Dual-REs (platforms capable of installing Junos packages with name format as "junos*install"), BGP replication may fail to start under GRES/NSR setup after a crash on backup Routing Engine. NSR starts un-replicating the socket since backup Routing Engine is no longer present. Massive unreplicated request leads to memory buffer getting full with multiple BGP sessions (e.g., 20 BGP peers). Hence BGP unreplicated request returned with an error. Besides, the kernel is left with stale data. It does not allow the JSR (Juniper Socket Replication, BGP in this case) when backup RE comes up due to the stale data. BGP-NSR (Nonstop Routing) is broke under the conditions. Traffic outage will be observed after performing GRES.
PR Number Synopsis Category: OSPF routing protocol
1543147 The metric of prefixes in intra-area-prefix LSA might be changed to 65535 when the metric of one of the OSPFv3 p2p interfaces is set to 65535
Product-Group=junos
When metric of one of the OSPFv3 p2p interfaces is set to 65535, metrics of some of prefixes in intra-area-prefixes LSA associated with p2p interface will be changed to 65535. This problem is seen only when metric of p2p interface was set to 65535. Metric value <= 65534 did not cause this problem. And problem will be seen, regardless of whether the p2p interface belongs to IPv4 or IPv6 realm. Non p2p interface is not affected by this problem.
1561414 Wrong SPF calculation might be observed for OSPF with ldp-synchronization hold-time configured after interface flap
Product-Group=junos
On all Junos platforms with LDP protocol configured on an interface, set the interface type p2p in OSPF and configure ldp-synchronization with hold-time for the same interface, after flapping the interface, the wrong SPF calculation due to pointing to the old link might happen and this might cause a routing loop and traffic outage.
PR Number Synopsis Category: PE based L3 software
1550632 The Neighbor Solicitation might be dropped from the peer device.
Product-Group=junos
The Neighbor Solicitation (NS) might be dropped after the IPv6 binding is flushed from the peer side. The ping to IPv6 peer fails due to the NS message not reach RE. Since ping doesn?t work between the connected interface, any kind of traffic sent towards QFX might also not work. It has a traffic impact.
PR Number Synopsis Category: vMX Platform Infrastructure related issue tracking
1531983 Configuring knob 'no-flow-control' under gigether-options does not work on MX150
Product-Group=junos
On MX150 platform, knob 'no-flow-control' under gigether-options does not work as expected. As a result, although 'no-flow-control' is enabled, MAC pause frames transmit counter increases for high rate input traffic. This affects throughput performance, because the sender stops sending traffic when receiving MAC pause frames from MX150.
1548422 Traffic with jumbo frame may be discarded on the vMX platforms
Product-Group=junos
On the VMX platforms which are installed on ESXI 6.7 with vmxnet3 driver, traffic with jumbo frame (Packets with MTU more than 1500) may be discarded upon receiving.
1559361 [MX150] Continuous license error "[licinfra_set_usage_nextgen_async:1733] Invalid input parameters".
Product-Group=junos
License error message "[licinfra_set_usage_nextgen_async:1733] Invalid input parameters" is generated continuously on MX150.
1568273 On MX150, "request system software add" CLI is disabled in 19.4R3-S1, 20.1R2, and 20.4R1
Product-Group=junos
On MX150, "request system software add" CLI is disabled in 19.4R3-S1, 20.1R2, and 20.4R1.
PR Number Synopsis Category: Periodic Packet Management Daemon
1490918 The ppmd core file generated after FPC restart
Product-Group=junos
On MX platform PPMD process may crash after FPC restart.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1481143 On the QFX10000 device, the chassisd process might generate core files on the backup Routing Engine after commit for 200 seconds due to the following error message: CHASSISD_MAIN_THREAD_STALLED.
Product-Group=junos
Chassisd cores might happen on the backup RE after commit on QFX10K8/16s due to CHASSISD_MAIN_THREAD_STALLED for 200 seconds.
PR Number Synopsis Category: analyzer on QFX 5100,5200, 5110
1557274 Traffic storm might be caused by analyzer due to link flapping
Product-Group=junos
On all Junos platforms with port mirroring analyzers configured, if multiple paths for the Analyzer IP configured and default route flaps then a traffic storm might be observed due to mirroring of traffic on the wrong port and analyzer might not work as expected.
1562607 Port mirroring might not work as expected on QFX5K platforms
Product-Group=junos
On QFX5K platforms, with native analyzer configured with input as vxlan vlans which has members as ae (LAG) interfaces (in both up and down state) and output as IP address, if any change is made in the configuration then port mirroring might fail to work.
PR Number Synopsis Category: Filters
1558320 Firewall filter might fail to work on QFX5K platforms
Product-Group=junos
On QFX5K platforms, if per ifl-filtering on regular VLAN is configured with no match conditions then destination port matching condition may fail to match intended packets.
PR Number Synopsis Category: QFX L2 PFE
1535555 The following Packet Forwarding Engine error message is observed in the BRCM-VIRTUAL,brcm_virtual_tunnel_port_create() ,489: Failed NW vxlan port token(45) hw-id(7026) status(Entry not found).
Product-Group=junos
On a QFX5110 or 5120, when the Type 5 tunnels are destroyed, sometime we can see error messages "brcm_virtual_tunnel_port_create() ,489:Failed NW vxlan port token(45) hw-id(7026) status(Entry not found)". There is no functionality impact due to this.
1564020 On EX4650/QFX5120 platforms, "storm control" with IRB interface might not work correctly
Product-Group=junosvae
On EX4650/QFX5120 platforms, "storm-control" might not work as expected if adding an IRB interface to a VLAN where "storm-control" is enabled. This defect could be seen when a destination IP of the stream's route is in a resolve state.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1560161 Few IPv6 ARP ND fails after loading the base configurations.
Product-Group=junos
On QFX5k platforms, when configuring a VLAN ID for a VxLAN, recommendation is to use VLAN ID of 3 or higher. If VLAN ID of 2 is used, replicated broadcast, multicast, and unknown unicast (BUM) packets for these VxLANs might be untagged, which in turn might result in the packets being dropped by a device that receives the packets.
PR Number Synopsis Category: QFX EVPN / VxLAN
1524955 Traffic loss may be observed on interfaces in a VXLAN environment
Product-Group=junos
On the QFX5K/EX4600 series platforms with VXLAN setup, if changing the VLAN (VXLAN enabled) configuration under an interface stanza from service provider style to enterprise style in a single commit without deactivating/activating the corresponding VLAN configuration under "vlans" stanza, traffic loss may be observed on the interface after the change.
1555835 Traffic might not passed due to the addition of the VLAN tag 2 while passing through the Virtual Chassis port.
Product-Group=junos
When ingress and egress interfaces are in different FPC on QFX5120VC with OVSDB vxlan, the VLAN tag 2 might be added automatically and the peer device drops it.
PR Number Synopsis Category: KRT Queue issues within RPD
1542280 The KRT queue might get stuck after RE switchover
Product-Group=junos
On all Junos platforms with dual Routing Engines (REs), if RE switchover happens while the rpd process on backup RE (new master RE) is reading routes from kernel, some error might happen in a very rare timing condition, and the Kernel Routing Table (KRT) queue might get stuck due to this issue.
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1561984 The rpd crash might be observed during processing huge amount of PIM prune messages
Product-Group=junos
In MVPN scenario, if huge amount of PIM prune messages (e.g. more than 3500 receivers for more than 3 multicast groups) are processed on a Junos device, the rpd crash might occur.
PR Number Synopsis Category: RPD policy options
1562867 Generate route goes to hidden state when protect core knob is enabled
Product-Group=junos
On all Junos platforms, if protect core knob is enabled under routing options then generate route might go into hidden state.
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1459384 An rpd memory leak might be observed on the backup Routing Engine due to BGP flap
Product-Group=junos
In a BGP scenario when certain routes are flapping frequently, it could lead to rpd memory leak on backup Routing Engine. The rpd might crash and restart once the rpd runs out of memory for certain junos releases.
PR Number Synopsis Category: Resource Reservation Protocol
1516657 The rpd scheduler might slip after the link flaps.
Product-Group=junos
On all Junos platforms with RSVP-TE configured, when a transit router carries a large number of LSP's (for example, 60k and higher) and all those LSPs undergo FRR (for example, when link carrying large number of LSP's flap) then, the rpd scheduler might slip and LDP session tear down might be observed after the link flap.
PR Number Synopsis Category: SW PRs for SCBE3 fabric
1553641 The fabric errors are observed and the FPC processes might get offlined with SCBE3, MPC3E-NG, or MPC3E and MPC7 or MPC10 in the increased-bandwidth fabric mode.
Product-Group=junos
On MX240/MX480/MX960 platforms, with default "increased-bandwidth" fabric mode and SCBE3, if we have MPC3 or MPC3-NG exist on the system along with high bandwidth MPC, during high traffic situation or bursty traffic through the fabric towards MPC3/MPC3-NG. MX fabric might report unreachable destination condition and causes fabric healing to trigger in. This issue is exacerbated when having MPC7 or MPC10 line cards installed due to high fabric bandwidth that can be generated.
1573360 SCB3E:Fabric errors on system with MPC3E and MPC4E/5E with Enhanced MX960 Backplane
Product-Group=junos
[TSB17936] SCB3E:Fabric errors on systems with MPC3E and MPC4E/5E with Enhanced MX960 Backplane
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1475948 The syslog reports simultaneous zone change reporting for all green, yellow, orange, and red zones for one or more service PICs.
Product-Group=junos
The router may report erroneous, simultaneous syslog messages for zone change reporting for all zones green, yellow, orange, red for one or more Service PICs. Nov 30 05:58:22.162 TestR1 : %DAEMON-4: (FPC Slot 2, PIC Slot 0) ms50 mspmand[233]: Entered red memory zone Nov 30 05:58:22.163 TestR1 : %DAEMON-4: (FPC Slot 2, PIC Slot 0) ms50 mspmand[233]: Entered orange memory zone Nov 30 05:58:22.163 TestR1 : %DAEMON-4: (FPC Slot 2, PIC Slot 0) ms50 mspmand[233]: Entered yellow memory zone Nov 30 05:58:22.163 TestR1 : %DAEMON-4: (FPC Slot 2, PIC Slot 0) ms50 mspmand[233]: Entered green memory zone The issue is a reporting error and has no functional effect on traffic. The issue is self-correcting. These errors can be appear in approximately every 49-50 days.
PR Number Synopsis Category: platform related PRs on SRX branch platforms
1542931 Tail drops might occur on branch SRX platforms if shaping-rate is configured on lt- interface
Product-Group=junos
On the branch SRX platforms, if shaping-rate greater than 2 Mbps and lower than 10Mbps is set on the lt- interface, the maximum traffic rate might not reach shaping-rate, or there might be tail drops during traffic burst.
PR Number Synopsis Category: All PRs related to platform SRX5XX
1539338 The firewall filter SA and DA tags are not in the log messages as expected in port details.
Product-Group=junos
SA,DA tag is not in the log messages as expected in port details
PR Number Synopsis Category: MPC7/8/9 chassis issues
1481879 Delay in disabling PFE might be seen on MX platforms with MPC7/8/9 and PTX series with PECHIP equipped FPCs inserted
Product-Group=junos
On MX240, MX480, MX960, MX2010, MX2020, platforms with MPC7/8/9 inserted, and PTX series with PECHIP equipped FPCs, if recovery code is triggered due to 'fatal' hardware error on the HMC, the HMC Fatal Error registers are dumped as part of the recovery code. This PR could cause delay in disabling PFE, which in turns delays traffic switch over to the redundant network interface.
PR Number Synopsis Category: Trio pfe qos software
1559018 IPv4 EXP rewrite might not work properly when inet6-vpn enabled
Product-Group=junos
With 6o4 MPLS VPN enabled, turning on core facing EXP/TOS rewrite feature might unexpectedly mark customer ipv4 traffic to EXP 0 and TOS 0. The issue only seen on back-to-back PE connection with Penultimate-hop-popping(PHP) scenario.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1564667 [EVPN-MPLS] - NH DWORD LEAK observed for MAC+IP route churn in the case of EVPN-MPLS having IRB_ARP_NDP NH type
Product-Group=junos
NH DWORD LEAK observed for MAC+IP route churn in the case of EVPN-MPLS having IRB_ARP_NDP NH type
PR Number Synopsis Category: DDos Support on MX
1562474 DHCPv4 request packets might be wrongly dropped when DDOS attack happens
Product-Group=junos
On MX platform, T4000 platform and EX9200 platform, end-users or end-hosts might not get an IPv4 address from Dynamic Host Configuration Protocol (DHCP) server when Distributed Denial-of-Service (DDOS) attack is happened on DHCP rebind packets or renew packets. In the end, end-users or end-hosts could not access into network after lease time of the IPv4 address expired.
PR Number Synopsis Category: Configuration mgmt, ffp, load-action, commit processing
1527848 Commit confirmed rollback does not work.
Product-Group=junos
On SRX Series devices, when the commit fails, the rollback of the previous commit might not happen which could impact the services. Ideally, a commit confirmed must be rolled back if there is no subsequent successful commit or commit check performed before the timer expires.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1531415 Commit may fail after Routing Engine switchover
Product-Group=junos
During the mgd initialization phase of Routing Engine switchover, if configuration changes are coming from the commit script, which leads to configuration going out of synchronization between master and backup, and then the next commit will fail.
1543037 The license errors may get returned on backup RE when trying to commit the configuration
Product-Group=junos
On all Junos platforms, when trying to commit the configuration, license errors may get returned on backup RE even though the license is installed correctly. This issue doesn't have any service impact.
1553577 The command "request system software validate on host" does not validate the correct configuration file
Product-Group=junos
When using the "request system software validate on host username ", please use the latest os-package on remote host for it to properly use the configuration file sent from the host whose configuration file is being validated.
1558808 outbound-ssh routing-instance shown as unsupported
Product-Group=junos
The outbound-ssh service has routing-instance configuration option, but it is hidden. If it is configured manually, it is shown as unsupported for the platform.
PR Number Synopsis Category: For GPRS security features on highend SRX series
1559802 SPU crash might be seen under GPRS Tunneling protocol scenario
Product-Group=junos
In SRX series devices, if mobile handover between SGSN/SGW more than once, and the last handover is GTPv1 to GTPv2 (3G -> LTE), then both cluster nodes may crash and cause a disruption in the traffic.
PR Number Synopsis Category: Virtual Router Redundancy Protocol
1550993 An irb interface which has large unit value over 32767 cannot be active group for inheriting VRRP.
Product-Group=junos
irb (integrated routing and bridging) interface can be set large unit value. The unit number can be set until 65534 for an irb interface. However if an irb interface which has large unit value over 32767 the irb cannot be active group for inheriting VRRP.
1558560 Junos device might send VRRP advertisement packets in VRRP init or idle state before startup-silent-period timer expiry after performing GRES on VRRP master device with NSR disabled
Product-Group=junos
If VRRP master device has dual Routing Engines (REs) and GRES enabled but nonstop-routing (NSR) disabled, after performing GRES, both REs will move to VRRP init then idle state and the new master RE will send VRRP advertisement packets in this stage before startup-silent-period timer expiry. Since the VRRP backup device can still receive the VRRP advertisement packets with higher priority, it will not transition to VRRP master state and hence cause the longer traffic downtime until the VRRP master device re-take the VRRP mastership after startup-silent-period timer expiry.
 

19.4R3-S2 - List of Known issues
PR Number Synopsis Category: NFX Series Platform Software
1508580 Errors on vjunos0 Regarding TSensor related to PR 1362108
Product-Group=junos
False positive TSensor errors are reported on vjunos0
PR Number Synopsis Category: QFX PFE L2
1550918 Traffic may be forwarded incorrectly on an interface having VXLAN enabled and "hold-time up xxx" statement configured
Product-Group=junos
If an interface is configured with "hold-time up xxx" statement and has VXLAN enabled, after interface flaps, traffic coming from this interface (such as ARP traffic) may be forwarded even it's not changed to the "up" state.
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1546566 After interface flap multiple times few bfd sessions fail to come tup and getting struck in init state
Product-Group=junos
After interface flap, multiple times few BFD sessions fail to come tup and getting struck in init state
PR Number Synopsis Category: Captive Portal, Content Delivery Daemon, and Service Plugin
1527602 The cpcdd process might generate core file after upgrading to Junos OS Release 19.4 and later.
Product-Group=junos
On MX-Series platforms, the cpcdd (Captive Portal Content Delivery) might crash when there is an upgrade from Junos 19.3 or older to 19.4 or newer, because there is a difference in the structure alignment between the release.
PR Number Synopsis Category: bras licensing prs
1563975 "enforce-strict-scale-limit-license" config enforces subscriber license incorrectly / PADS:"AC-System-Error - No resources"
Product-Group=junos
Subscribers (ESSM) trying to login to a BNG with "enforce-strict-scale-limit-license" knob enabled might be denied if the subscribers count comes above a certain number or after some cycles of login / logout churn. This count is cumulative and irrespective of previous subscriber logout, this means the count is not cleaned up after subscriber logout. This happens even when the license allows for 32000 subscribers (scale-subscriber license) and the count of current subscribers is lower than that. A PPPoE PADS with system error "No resources" will be seen on subscriber CPE side: 13:29:28.481059 Out PPPoE PADS [AC-System-Error "No resources"] If BBE-SMGD traceoptions are enabled, the following logs can be seen: Dec 18 13:25:49 count:32055 >= max cap:32000 Dec 18 13:25:49 Session create failed no license This problem occurs with ESSM subscribers only.
PR Number Synopsis Category: Host path software for ACX platform
1517420 Transit DHCP packets drop is seen on ACX5448
Product-Group=junos
On ACX5448 Series platforms, the transit DHCP packets drop is seen in the DHCP scenario.
PR Number Synopsis Category: DNX L2 related features
1526626 With the ACX5448 router with 1000 CFM, the CCM state does not go in the Ok state after loading the configuration or restarting the Packet Forwarding Engine.
Product-Group=junos
This issue is seen as sync was not maintained between ppmd, ppman and pfe.
PR Number Synopsis Category: Layer 3 forwarding, both v4+v6
1547713 The ACX5448 router as transit for the BGP labeled unicast drops traffic.
Product-Group=junos
If BGP Labeled Unicast (BGP-LU) is configured on an ACX5448/ACX710 product, which works as a transit node to exchange label information with other nodes, then traffic coming from one node and destinated to the other nodes may be discarded upon receiving.
PR Number Synopsis Category: EA chip ( MQSS SW issues )
1551353 The PFE might get disabled when major CMERROR due to the parity errors
Product-Group=junos
On MX platforms, the PFE (packet forwarding engine) might get disabled when the major CMERROR occurs due to the parity error in the DRD memory block's SRAM. This PR re-classified theses errors "Minor" to avoid the "disable-pfe" action and the operational outage.
PR Number Synopsis Category: Ethernet OAM (LFM)
1500048 The fpc process might crash in the inline mode with CFM configured.
Product-Group=junos
On the Junos platforms with inline mode CFM (Connectivity Fault Management) configured, if there are several CFM adjacencies flapping, due to the flaw in the CFM module to process the error-adjacencies messages, the FPC may crash alongside with NPC core-dump file generated. All services/traffic configured on the FPC will see outage till FPC recovers from an automatic reboot.
PR Number Synopsis Category: SRX4100/SRX4200 platform software
1534706 On SRX4100 and SRX4200 devices, four out of eight fans might not work.
Product-Group=junos
On SRX4100/4200 platforms, 4 out of 8 fans might not work if upgrading to 19.4R1 onwards. In this case, it might cause the device's temperature to get higher which eventually may cause traffic impact.
1547953 Continuous "LCC: ch_cluster_lcc_set_context:564: failed to lock chassis_vmx mutex 11" chassisd logs generated
Product-Group=junos
On vSRX2.0, vSRX3.0, SRX1500, SRX4100, SRX4200, SRX4600 running Chassis Cluster in Junos 18.3 or later, multiple messages of "LCC: ch_cluster_lcc_set_context:564: failed to lock chassis_vmx mutex 11" are generated in the chassisd log file. These messages may reoccur after every few seconds and they do not have any impact on system operation.
PR Number Synopsis Category: Kernel software for AE/AS/Container
1539537 AE interface framing errors might display increasing values before restoring correct value
Product-Group=junos
When we run continuous sync (show interfaces aex extensive) and async(SNMP polling) queries on AE interface in parallel, we may observe spikes in AE interface framing errors counter in between correct values.
PR Number Synopsis Category: jdhcpd daemon
1504931 The default-route might not be added to the Juniper device configured as the DHCPv4 client device
Product-Group=junos
If the Juniper device operates as a DHCPv4 client, the DHCPv4 client will request the configuration file from the DHCPv4 server on the network. But, sometimes, the DHCPv4 client might not get the default-route address due to the route addition issue happens on jdhcpd (Junos DHCP daemon), then the DHCPv4 client bound state might be wrong, also the default route might not be installed to the DHCPv4 client where the traffic loss might happen.
PR Number Synopsis Category: jl2tpd daemon
1493289 L2TP LNS: Subscriber that sends IRCQ that includes RFC5515 AVPs may fail to establish session
Product-Group=junos
In release 17.4 and forward, subscriber sessions on the LNS that send an ICRQ that includes RFC5515 AVPs may fail to establish a session. The client will receive a CDN error "receive-icrq-avp-missing-random-vector" in response.
PR Number Synopsis Category: Flow Module
1490878 The srxpfe may crash if a reboot or upgrade is performed.
Product-Group=junos
On vSRX (not vSRX3.0) platforms, the srxpfe might crash if a reboot or an upgrade is performed.
PR Number Synopsis Category: High Availability/NSRP/VRRP
1548173 Disabled node on SRX cluster sent out ARP request packets
Product-Group=junos
Disabled state node on an SRX cluster may send ARP requests when the primary of RG0 and 1 are on different nodes
PR Number Synopsis Category: all logging related bugs on srx platforms
1520071 FQDN-based security log stream does not dynamically update the IP address.
Product-Group=junos
RTLOG will leave FQDN in the configuration and query as needed (TTL expiration) and update the PFE
PR Number Synopsis Category: IPSEC/IKE VPN
1517262 The flowd might crash in IPsec VPN scenario
Product-Group=junos
On SRX platforms with IPsec VPN configured, the flowd might crash during the IPsec VPN rekey window. The traffic/service might be impacted if hitting this issue.
1522931 IPsec traffic may get dropped after RG0 failover.
Product-Group=junos
IPsec traffic might get dropped after RG0 failover.
1530684 On all SRX Series devices using IPsec with NAT traversal, MTU size for the external interface might be changed after IPsec SA is re-established.
Product-Group=junos
On all SRX series devices using IPsec with NAT Traversal, MTU size might be changed to a lower value for the ike external interface after IPsec SA is re-established.
1547863 On all SRX platforms, when changing the gateway for a non site-to-site vpn from ipv4 to ipv6, or from ipv6 to ipv4, the tunnels might fail
Product-Group=junos
On all SRX platforms, when changing the gateway for a non site-to-site vpn from ipv4 to ipv6, or from ipv6 to ipv4, the tunnels might fail due to a mismatch in traffic selectors. For non site-to-site vpns, the IP of the ike external-interface is not a part of the vpn configuration. Examples are ADVPN tunnels, dynamic tunnels, etc. The following messages will be seen in the logs: iked_pm_match_traffic_selectors_for_sa_cfg ikev2 in traffic selectors is local: ipv6(::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) Remote: ipv6(::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) iked_pm_match_traffic_selectors_for_sa_cfg Peer's proposed traffic selectors is his local: none() his remote: none() iked_pm_match_traffic_selectors_for_sa_cfg Peer's proposed ts_r local_in_ts: ipv6(::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) ts_i remote_in_ts: ipv6(::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) iked_pm_match_traffic_selectors_for_sa_cfg Configured traffic selectors is local: ipv4(0.0.0.0-255.255.255.255) Remote: ipv4(0.0.0.0-255.255.255.255) iked_pm_match_traffic_selectors traffic selectors propose: ipv6(::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) config: ipv4(0.0.0.0-255.255.255.255) first iked_pm_match_traffic_selectors no exact ts match Local traffic selectors do not match for sa-cfg IPSEC-VPN-SPOKE ipv6(::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) to ipv4(0.0.0.0-255.255.255.255)
PR Number Synopsis Category: Platform infra to support jvision
1526568 The MPC10E line card might crash with the sensord process generating a core file due to a timing issue
Product-Group=junos
If MPC10E is used in MX, the sensord running on PFE is used to stream telemetry data corresponding to CMError config sensor, CMError stats sensor etc. The J-Insight Fault Monitoring is enabled by default and it automatically subscribes to the CMError config sensor. The CMError config sensor is also able to be subscribed via Junos Telemetry Interface (JTI) by external user. In the current implementation, the update event of the CMError config sensor will be periodically sent to sensord with the frequency of 2 seconds even if no configuration change on these sensors. The frequent update of the CMError config sensor might cause the sensord to crash when it is not able to process the large-scale data. It is a timing issue which could happen in a system with a large-scale CMError config sensor leaves.
1558377 MPC10E reporting ipc_pipe_get_packet() error fabric self ping blackhole
Product-Group=junos
MPC10E if you configure additional fabric service analytic sensors, sensord process might stop processing further fabric data from PlatformD and fills up all packet heap buffer. This results in fabric self-ping blackhole condition and disable-pfe action is executed. This can happen during commit of the new fabric sensors or at a later time.
PR Number Synopsis Category: Key Management Daemon
1477181 Phase 1 SA is migrated to new remote IP because of the source-address translation for the static NAT tunnel.
Product-Group=junos
On MX platforms with MS-MPC/MS-MIC, after the IPsec VPN tunnel is up, if the NATTed remote peer's IP address has been changed (e.g. NAT pool changed on peer), IKE SA might establish with an incorrect gateway, and kmd might crash frequently during this IKE SA IP migration.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1484468 Packet loss might be observed after device is rebooted or l2ald is restarted in EVPN-MPLS scenario.
Product-Group=junos
In EVPN-MPLS scenario, if the core-facing interface (mpls interface) and the CE-facing interface are on different PEs, and the traffic from core is not continuous and DMAC (Dynamic MAC) ages out, due to an incorrect flood next-hop programming across different PFEs, packet loss might be observed after device rebooted or l2ald restarted.
PR Number Synopsis Category: AgentSmith MPC Platform
1433948 On the MX Series platforms, if the clock frequency slowly changes on CB0 (slow drift), the clock source for MPC-3D-16XGE-SFPP might not be changed to CB1, which cause interfaces on it to go down and remain in the Down state.
Product-Group=junos
On MX Series platforms, if the clock frequency is slowly changing on CB0 (slow drift), the clock source for MPC-3D-16XGE-SFPP may not be changed to CB1, which will cause interfaces on it to go down and remain in the downstate.
PR Number Synopsis Category: Multicast for L3VPNs
1536903 The PIM (S,G) join state might stay forever when there are no MC receivers and source is inactive.
Product-Group=junos
The problem can be seen in MVPN ASM scenario on a PE which has local MC source and receivers and RP is remote. If all receivers stop joining the group and MC source stops transmitting, corresponding PIM (S,G) state may remain indefinitely despite that. Due to the problem a router will maintain extra PIM state. Service is not impacted.
PR Number Synopsis Category: IPv6/ND/ICMPv6 issues
1570999 RE0 REBOOTED WITH VMCORE DUMP @ip6_key_extract, calculate_route,ip6_recv_input
Product-Group=junos
The device crashes whenever there is a malformed IPV6 packet hitting it. Bad IPV6 packet meaning some IPv6 packet with invalid options, or if the length of the packet is less than minimum. RE is seen to reboot post the core dump.
PR Number Synopsis Category: OSPF routing protocol
1561207 Duplicate LSP nexthop is shown on inet.0, inet.3 and mpls.0 route table when ospf traffic-engineering shortcuts and mpls bgp-igp-both-ribs are enabled.
Product-Group=junos
mpls.0 and inet.3 LDP routes showed duplicate RSVP LSP nexthops when "protocols mpls traffic-engineering bgp-igp-both-ribs" and "protocols ospf traffic-engineering shortcuts" were configured.
PR Number Synopsis Category: show route table commands, tracing, and syslog facilities
1555866 Configuring HFRR i.e. link-protection on an interface may cause rpd to crash
Product-Group=junos
On MX/VMX/T/TX series platforms, if Host fast reroute (HFRR) is enabled on an interface, the ARP and FRR (BGP backup routes) routes will be added to RIB. Then changing this interface address and adding new ARP route within 10 seconds will cause the rpd to crash.
1574497 PIM rib-group failure to add in vrf - PIM: ribgroup vrf not usable in this context; all RIBs are not in instance
Product-Group=junos
PIM rib-group failure to add in vrf - PIM: ribgroup vrf not usable in this context; all RIBs are not in instance
PR Number Synopsis Category: Resource Reservation Protocol
1555774 A new LSP might not be up even if bypass LSP is up and "setup-protection" is configured
Product-Group=junos
When a bypass LSP is protecting the link or node in RSVP scenario, a new LSP may not go up even if "setup-protection" is configured and RSVP signals the LSP through the bypass LSP.
PR Number Synopsis Category: SW PRs for SCBE3 related kernel drivers
1564539 MX platforms with MX-SCBE3 may reboot continuously.
Product-Group=junos
A recent change in the kernel boot loader causes a system with MX-SCBE3 to experience the Routing Enginne's kernel memory corruption which causes the system to reboot continuously.
PR Number Synopsis Category: IPSEC functionality on M/MX/T ser
1456749 All the IPsec tunnels might be cleared when the clear command is executed for only one IPsec tunnel with specified service-set name.
Product-Group=junos
On M/MX platforms running in IP security Virtual Private Network (IPsec VPN) scenario, when the command "clear services ipsec-vpn ike security-associations service-set " is executed for only one IPsec tunnel with the specified service-set name, all the other IPsec tunnels might be cleared as well due to this issue.
1540538 The mspmand process leaks memory in relation to the MX telemetry reporting the following error message: RLIMIT_DATA exceed
Product-Group=junos
On MX platforms with MS-MPC/MS-MIC service card installed, the card might run out of memory due to process mspmand memory leak, which may cause traffic interruption if adding and/or deleting of telemetry sensor. This is because these operations will trigger the memory allocation for decoding configuration change messages and will not release the memory at the end of processing.
PR Number Synopsis Category: usf inline feature related issues
1547647 The nsd daemon may crash after configuring the inline NAT in USF mode
Product-Group=junos
On MX240/480/960 platforms, the nsd daemon might crash after configuring the inline NAT in USF mode. This might be caused due to the new memory debugging framework introduced in NSD daemon to track allocated or free memory.
 
Modification History:
First publication 2021-03-04
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search