Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

19.1R3-S5: Software Release Notification for JUNOS Software Version 19.1R3-S5

0

0

Article ID: TSB18026 TECHNICAL_BULLETINS Last Updated: 16 Apr 2021Version: 2.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 19.1R3-S5 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 19.1R3-S5 is now available.

19.1R3-S5 - List of Fixed issues
PR Number Synopsis Category: Marvell based EX PFE L3
1546036 EX 4300 VC/VCF : Observing HEAP malloc(0) detected.
Product-Group=junosvae
This stack trace is a debug log generated when SDK code invokes malloc with the size as 0 while destroying a multicast entry. Such usage of malloc in the SDK code is a Day-1 behavior and has no functional impact. This debug log has been introduced in the latest release and is not harmful. Users can ignore this log.
1557229 Traffic related to IRB interface might be dropped when mac-persistence-timer expires.
Product-Group=junos
On EX3400/EX4400/EX4300MP virtual chassis (VC) platforms, if the IRB interface is configured with members across master and backup VC, the new MAC address of the IRB interface might not be programmed in hardware after mac-persistence-timer expires. This might result in all traffic related to the IRB interface be dropped.
PR Number Synopsis Category: EX2300/3400 PFE
1556198 Traffic might be dropped when a firewall filter rule uses 'then vlan' as the action.
Product-Group=junos
If a firewall filter is configured with the action 'then vlan' on EX and QFX platforms, some of the traffic that matches the firewall filter might be dropped.
PR Number Synopsis Category: EX2300/3400
1535106 EX2300/EX3400 : RTC ERROR and SETTIME failed messages is seen
Product-Group=junos
On EX2300 and EX3400 series, you may observe RTC ERROR and SETTIME failed message sometimes without trigger.
1563192 On EX3400VC line of switches, the DAEMON-7-PVIDB throws syslog messages for every 12 to 14 minutes after you upgrade to Junos OS Release 19.1R3-S3.
Product-Group=junos
debug logs are added as part of syslog
PR Number Synopsis Category: MX XQ related issues
1464297 On the MX960 router, the following error message might be observed: SCHED L4NP[0] Parity errors.
Product-Group=junos
This PR along with an earlier PR1232952 address the issue completely, so JUNOS version in question should have fix for these two PRs to address this issue completely.
PR Number Synopsis Category: NFX Series Platform Software
1529939 Error messages FAILED(-1) read of SFP eeprom for port might be seen
Product-Group=junosvae
On NFX-series and MX150 devices the following error messages are seen in the messages log file for the interfaces that have SFP installed in them: fpc0 FAILED(-1) read of SFP eeprom for port: 13
PR Number Synopsis Category: qfx-sw-mclag
1562535 MAC address entry issue might be seen after MC-LAG interface failover/failback
Product-Group=junos
On all junos platforms with high scale setup (for ex: 40 mac per 3000 vlan), MAC address entry issue might be seen after MC-LAG interface failover/failback few times. Some MAC entry remains as DR after failover and these stale entries might cause service disruptions.
PR Number Synopsis Category: PFE L2
1550918 Traffic may be forwarded incorrectly on an interface having VXLAN enabled and "hold-time up xxx" statement configured
Product-Group=junos
If an interface is configured with "hold-time up xxx" statement and has VXLAN enabled, after interface flaps, traffic coming from this interface (such as ARP traffic) may be forwarded even it's not changed to the "up" state.
PR Number Synopsis Category: All issues related to L3 data-plane/forwarding
1568159 The dcpfe process might crash when the size of the Local Bias Filter Bitmap string exceeds 256 characters.
Product-Group=junos
On QFX5K platforms with EVPN-VXLAN, the dcpfe process may crash when the size of the Local Bias Filter Bitmap string exceeds 256 characters.
1568533 The untagged packets might not work on EX Series platforms.
Product-Group=junos
On EX/QFX5K platforms, if 'flexible-vlan-tagging', 'vlan-id-list' and 'native-vlan-id' are configured on the interface in SP style, the untagged packets that need to be egressed from this interface might be dropped by the peer device.
PR Number Synopsis Category: accounting profile bugs
1563641 Config archive transfer-on-commit fails when running 18.2R3-S6.5
Product-Group=junos
RI name array is not initialised properly in PFED. Hence RI name is not populated properly in the cfg_file due to this the archival is not getting pushed during commit.
PR Number Synopsis Category: JUNOS kernel/ukernel changes for ACX
1481151 Memory utilization enhancement is needed.
Product-Group=junos
RPD memory chunk size is optimized for the ACX platform to reduce the memory footprint.
PR Number Synopsis Category: L3 V4, V6, etc support for ACX 500,1k,2k,4k,5k series
1547901 PTP slave might discard the PTP packets from master when MPLS explicit-null is configured
Product-Group=junos
On ACX1k/2k/4k/500 platforms configured as PTP slave, if the PTP master is reachable over LSP path and explicit null is configured, then packets will dropped in the slave PFE and PTP status will be in Free run state.
PR Number Synopsis Category: Category for Services feature on ACX series of platforms
1559690 The fxpc(dc-pfe) process crash may be seen on ACX5048/5096 with analyzer configuration
Product-Group=junos
On ACX5048/5096 platforms with analyzer configuration, the fxpc (dc-pfe) will crash if the route to the monitoring server (output ip-address) resolves to unilist next-hop.
PR Number Synopsis Category: Australia related infrastructure software
1501752 Continuous l2ald and L2ALM log messages seen on nodes of chassis cluster of SRX5000
Product-Group=junos
On some JunOS SR releases continuous l2ald and L2ALM log messages are seen in chassis cluster setup of SRX5000 Series. The issue is cosmetic.
PR Number Synopsis Category: BBE database related issues
1554539 During ISSU BNG losses subscriber sessions without sending Session Stop but stay in authd
Product-Group=junos
When a SDB service session is created and requested to be replicated on the master RE during a full SDB resync like ISSU or VC global switchover, the replication request may be dropped due to a bug in the repd logic attempting to determine if the new service session will be picked up and replicated as part of the full SDB resync .
PR Number Synopsis Category: BBE subscriber routing related issues
1556980 The Framed Route installed for a Demux Interface has no MAC Address
Product-Group=junos
On MX platforms with Broadband Edge(BBE) scenario, traffic sent to/transit via Framed-Route might be dropped, as there is no MAC associated with Framed-Route on the Demux Interface if "qualified-next-hop" is configured in dynamic-profile access route.
PR Number Synopsis Category: Bi Directional Forwarding Detection
1518106 The BFD sessions might flap continuously after disruptive switchover followed by GRES.
Product-Group=junos
Disruptive switchover (no GRES or NSR configured) can lead to stale PPM entries programmed on the new master Routing Engine. If both GRES and NSR are activated after disruptive switchover and then a GRES switchover is performed, BFD sessions might flap continuously.
1558102 BGP LU session flap might be seen with AIGP used scenario
Product-Group=junos
On all QFX5K platforms with L3VPN and BGP LU (Labeled Unicast) setup, the BGP neighbor relationship might flap, which might cause traffic loss, if it receives new routes with AIGP (Accumulated Interior Gateway Protocol) information.
PR Number Synopsis Category: Border Gateway Protocol
1492743 The BGP route-target family might prevent the route reflector from reflecting Layer 2 VPN and Layer 3 VPN routes.
Product-Group=junos
If the user only sets protocols bgp local-as <> without configuring routing-options autonomous-system <> or having a different autonomous-system number than local-as, the iBGP Route-Reflector (RR) will treat the route-target (RT) routes from iBGP neighbor PEs as an external prefix, and by default, the external peer number is limited to one for a given Route Target, in this case, the Route-Reflector might not reflect L2VPN and L3VPN prefixes to some iBGP clients advertised the same RT prefixes.
1541768 The rpd might crash when the active route does not exist
Product-Group=junos
If RTarget module tries to take an access of the active route which does not exist (since NextHop is not resolved), a reference is taken on the non-existent active route, and rpd crashes.
1554569 The BGP session neighbor shutdown configuration does not effect the non-established peer.
Product-Group=junos
BGP neighbor shutdown configuration "set protocols bgp group <*> neighbor xx.xx.xx.xx shutdown" does not take effect on non-established peer.
PR Number Synopsis Category: bras licensing prs
1563975 The "enforce-strict-scale-limit-license" configuration enforces subscriber license incorrectly in ESSM subscriber scenario
Product-Group=junos
In Extensible Subscriber Services Manager (ESSM) subscriber scenario, the "enforce-strict-scale-limit-license" configuration enforces subscriber license incorrectly, after high churn of ESSM subscribers login/logout, the subscribers could not able to login.
PR Number Synopsis Category: MX Platform SW - Environment Monitoring
1551760 The "LCM Peer Absent" alarm might be seen on TVP based platforms.
Product-Group=junosvae
On all TVP platforms, a major alarm of "LCM Peer Absent" might be seen.
PR Number Synopsis Category: MX-ELM l2ng stormcontrol
1552815 The statement 'action-shutdown' of storm control does not work for ARP broadcast packets.
Product-Group=junos
With knob 'action-shutdown' configured in storm control scenario, the interface will not go to shutdown state if ARP storm exceeds the configured limit. The excess packets will be dropped normally.
PR Number Synopsis Category: Device Configuration Daemon
1530935 Backup RE or backup node may stuck in bad status with improper "backup-router" configuration
Product-Group=junos
Redundant group 1+ may report Interface Monitor failure if backup router destination prefix is configured same as interface IP address.
PR Number Synopsis Category: Layer 3 forwarding, both v4+v6
1477261 Junos OS: ACX5448, ACX710: BFD sessions might flap due to high rate of transit ARP packets (CVE-2021-0216)
Product-Group=junos
A vulnerability in Juniper Networks Junos OS running on the ACX5448 and ACX710 platforms may cause BFD sessions to flap when a high rate of transit ARP packets are received. This, in turn, may impact routing protocols and network stability, leading to a Denial of Service (DoS) condition. Please refer to https://kb.juniper.net/JSA11118 for more information.
PR Number Synopsis Category: EVPN control plane issues
1546992 The rpd process might crash after adding route-target on a dual-Routing Engine system under the EVPN multihoming scenario.
Product-Group=junos
On dual-RE platforms with EVPN multihoming scenario enabled, the rpd process might crash when VRF rt-target add and at the same time some networking events that trigger interface down/delete. The routing protocols are impacted, and traffic disruption will be seen due to the loss of routing information.
PR Number Synopsis Category: PRs for Lagavulin PFE tracking
1552623 "show pfe route summary hw" shows random high free and 'Used' column for 'IPv6 LPM(< 64)' routes
Product-Group=junos
For routes <= or > 64 bit mask, after route delete from hardware or during overflow handling of routes from host to LPM table, there was an issue with accounting whereby an incorrect large value showed up in the route summary calculation. Affected platform: QFX5200-32C-32Q and EX4400-48F.
PR Number Synopsis Category: Express PFE L2 fwding Features
1561084 When configuring static MAC and static ARP on the EVPN core aggregate interface the underlay NH programming might not be updated in the PFE
Product-Group=junos
After installing static MAC/ARP into the core underlay link and reverting the configuration, the Next Hop (NH) in PFE might still point to the configured MAC address. It might cause traffic blackholing towards the CE.
PR Number Synopsis Category: PRs for forge platform software issue
1552820 On SRX1500, SRX-SFP-1GE-T(Part#740-013111) for a copper cable might be corrupted after reboot.
Product-Group=junosvae
On SRX1500, SRX-SFP-1GE-T(Part#740-013111) for a copper cable might be corrupted after reboot.
PR Number Synopsis Category: IDP on logical system
1561298 The idpd process might crash when committing IDP configuration under LSYS/Tenants during RGs failover
Product-Group=junos
On SRX Series devices, if there are a considerable number of Logical-systems/Tenants configured. The idpd process might crash if the IDP-related configuration under Logical-systems/Tenants is changed and committed repeatedly during Redundancy Groups(RGs) failover. It is suggested not to modify and commit the IDP-related configuration in that situation.
PR Number Synopsis Category: jdhcpd daemon
1564434 Junos OS: Receipt of malformed DHCPv6 packets causes jdhcpd to crash and restart. (CVE-2021-0240)
Product-Group=junos
On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, the Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash if a malformed DHCPv6 packet is received, resulting in a restart of the daemon. The daemon automatically restarts without intervention, but continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Please refer to https://kb.juniper.net/JSA11168 for more information.
PR Number Synopsis Category: JFlow bug tracker for SRX platforms
1567871 The flowd might crash and generates a core dump if Jflow V9 is configured
Product-Group=junos
On all SRX platforms, if Jflow V9 is configured, the flowd process might crash. This rare issue may cause traffic loss.
PR Number Synopsis Category: Firewall Policy
1549366 Global policies working with multi-zones cause high CPU utilization
Product-Group=junos
On SRX Series devices, a higher CPU utilization than normal might be observed, which might cause performance to decline rapidly if global policies are used and zones are declared explicitly in those policies.
PR Number Synopsis Category: IPSEC/IKE VPN
1545916 The flowd process might crash during IPsec SA renegotiation on SRX5000 Series devices
Product-Group=junos
On SRX5000 Series devices with IPsec VPN configured running on Junos OS 18.2R1 or above, during IPsec Security Association (SA) renegotiation, a timing issue that the VPN packets refer to an invalid key might occur, which results in the flowd process crash.
1550232 Traffic goes through policy-based IPsec tunnel might be dropped after RG0 failover.
Product-Group=junos
On branch SRX series devices in a chassis cluster, when policy-based IPSec VPN is configured and the IPSec SA's lifetime is about to expire in a few minutes, the traffic might be dropped in the VPN tunnel after an RG0 failover.
1564444 A session might be closed when the session is created during the IPsec rekey.
Product-Group=junos
A session might be closed when the session is generated during IPsec rekey. It might cause the traffic drop on SRX platforms.
1571105 SPI mismatch caused by simultaneous rekeys under kmd stress
Product-Group=junos
On the SRX Series platforms with IPsec configured, when kmd has high stress due to enabling traceoption, SPI mismatch might be seen under back2back rekeys. This can lead to incoming traffic cannot be decrypted on the target tunnel.
PR Number Synopsis Category: Layer 2 Control Module
1561235 The l2cpd core might be seen on reboot
Product-Group=junos
When xSTP is used, the l2cpd core might be seen on reboot. This will be a one-time core and will not impact on functionality.
PR Number Synopsis Category: lldp sw on MX platform
1528856 The l2cpd process might crash when removing LLDP on an aggregated Ethernet interface.
Product-Group=junos
On all Junos platforms, if Link Layer Discovery Protocol(LLDP) is enabled on 'interface all' and some AE interface at the same time, the Layer 2 Control Protocol process (l2cpd) might crash when lldp is removed from the AE interface. The l2cpd crash might affect all the protocols running under it (such as X-STP, LLDP, ERP, MVRP, etc.).
PR Number Synopsis Category: Multiprotocol Label Switching
1457681 TRUE POC: rpd core files are generated with SNMP polling.
Product-Group=junos
On all Junos platforms, If the traceoption is enabled in MPLS and SNMP polling is going on, and during route lookup match a given route which one is neither router next-hop nor chain next-hop, then rpd crash may be observed. The rpd crash may cause all the routing protocols adjacencies to be reestablished.
PR Number Synopsis Category: MQTT protocol, Mosquitto Broker and Client API
1522265 Junos OS: Receipt of specific packets could lead to Denial of Service in MQTT Server (CVE-2021-0229)
Product-Group=junos
An uncontrolled resource consumption vulnerability in Message Queue Telemetry Transport (MQTT) server of Juniper Networks Junos OS allows an attacker to cause MQTT server to crash and restart leading to a Denial of Service (DoS) by sending a stream of specific packets. Please refer to https://kb.juniper.net/JSA11124 for more information.
PR Number Synopsis Category: MX104 Software - Chassis Daemon
1453893 FPC/PFE crash may happen with ATM MIC installed in the FPC.
Product-Group=junos
FPC crash on MX240 and MX2020 routers or Packet Forwarding Engine crash on MX104 routers might happen when the MIC-3D-8OC3-2OC12-ATM is installed and ATM interface is configured.
PR Number Synopsis Category: Kernel Composite Next Hop (composite / l3vpn) Infrastructure
1548545 The kernel crash with core file might be seen if churn happens for a flood composite next hop.
Product-Group=junos
After continuous churn happens for a flood composite next hop, the kernel crash might be seen.
PR Number Synopsis Category: Category for ifstate infrastructure issues
1545463 Continuous rpd errors might be seen and new routes will fail to be programmed by rpd
Product-Group=junos
In case of high route churn in the network, all kuackmem (Kernel ACK mechanism) entries may be exhausted as a result of a rare timing issue and any new routes will fail to get programmed by rpd.
PR Number Synopsis Category: This PR category is for tracking only TCP/UDPtransport layer
1552603 The BGP session replication might fail to start after the session crashes on the backup Routing Engine.
Product-Group=junos
On certain Junos platforms with Dual-REs (platforms capable of installing Junos packages with name format as "junos*install"), BGP replication may fail to start under GRES/NSR setup after a crash on backup Routing Engine. NSR starts un-replicating the socket since backup Routing Engine is no longer present. Massive unreplicated request leads to memory buffer getting full with multiple BGP sessions (e.g., 20 BGP peers). Hence BGP unreplicated request returned with an error. Besides, the kernel is left with stale data. It does not allow the JSR (Juniper Socket Replication, BGP in this case) when backup RE comes up due to the stale data. BGP-NSR (Nonstop Routing) is broke under the conditions. Traffic outage will be observed after performing GRES.
PR Number Synopsis Category: OSPF routing protocol
1561414 Wrong SPF calculation might be observed for OSPF with ldp-synchronization hold-time configured after interface flap
Product-Group=junos
On all Junos platforms with LDP protocol configured on an interface, set the interface type p2p in OSPF and configure ldp-synchronization with hold-time for the same interface, after flapping the interface, the wrong SPF calculation due to pointing to the old link might happen and this might cause a routing loop and traffic outage.
PR Number Synopsis Category: MPLS Point-to-Multipoint TE
1415384 In a large scale P2MP deployment, LSPs may go down randomly across the network due to repeated make-before-break event happening in P2MP sub-lsps
Product-Group=junos
In a large-scale P2MP LSP deployment where one P2MP LSP can have 100s of sub-LSPs when a sub-LSP undergoes path change event ? due to interface flap, all the sub-LSPs of the same P2MP LSP have to undergo a make-before-break (MBB) event. By default, all the sub-LSPs have to complete the MBB event within the default timeout of 30 seconds. If there is a sub-LSP that is not able to complete its MBB event within this time frame, the software triggers all the sub-LSPs to restart the MBB event. This usually keeps happening in a cycle. Because of the cyclical nature of these MBB events, if the scale of the P2MP LSP is high, the internal RSVP-related tasks may not be able to keep up with the update processing on that node. Hence, the router will not be able to exchange the RSVP control messages with neighboring routers in a timely manner. This causes LSPs to go down. In a large-scale network involving full-mesh P2MP LSPs, the issue can move from one node to another node which results in LSPs going down randomly across the network. TSB17961 published for field notification
PR Number Synopsis Category: Express Paradise PFE L3 Features
1550632 The Neighbor Solicitation might be dropped from the peer device.
Product-Group=junos
The Neighbor Solicitation (NS) might be dropped after the IPv6 binding is flushed from the peer side. The ping to IPv6 peer fails due to the NS message not reach RE. Since ping doesn?t work between the connected interface, any kind of traffic sent towards QFX might also not work. It has a traffic impact.
PR Number Synopsis Category: vMX Platform Infrastructure related issue tracking
1548422 Traffic with jumbo frame may be discarded on the vMX platforms
Product-Group=junos
On the VMX platforms which are installed on ESXI 6.7 with vmxnet3 driver, traffic with jumbo frame (Packets with MTU more than 1500) may be discarded upon receiving.
PR Number Synopsis Category: PRs for PTP related issues.
1561372 PTP lock status gets stuck at the Acquiring state instead of the Phase Aligned state.
Product-Group=junos
In some cases the PTP slave port will stay in acquiring mode indefinitely, because the QFX is starting with EPOCH time Jan 1, 1970, and the time difference to the GM is too large for the servo algorithm. Fix is to start QFX at a time closer to the current NTP time.
PR Number Synopsis Category: QFX platform optics related issues
1561181 Tunable optics SFP+-10G-T-DWDM-ZR not working in EX4600
Product-Group=junos
In EX4600 with tunable optics SFP+-10G-T-DWDM-ZR, the configured wavelength value does not take effect.
PR Number Synopsis Category: PRs for analyzer on QFX 5100,5200, 5110
1557274 Traffic storm might be caused by analyzer due to link flapping
Product-Group=junos
On all Junos platforms with port mirroring analyzers configured, if multiple paths for the Analyzer IP configured and default route flaps then a traffic storm might be observed due to mirroring of traffic on the wrong port and analyzer might not work as expected.
1562607 Port mirroring might not work as expected on QFX5K platforms
Product-Group=junos
On QFX5K platforms, with native analyzer configured with input as vxlan vlans which has members as ae (LAG) interfaces (in both up and down state) and output as IP address, if any change is made in the configuration then port mirroring might fail to work.
PR Number Synopsis Category: Filters
1558320 Firewall filter might fail to work on QFX5K platforms
Product-Group=junos
On QFX5K platforms, if per ifl-filtering on regular VLAN is configured with no match conditions then destination port matching condition may fail to match intended packets.
PR Number Synopsis Category: PFE L2
1535555 The following Packet Forwarding Engine error message is observed in the BRCM-VIRTUAL: brcm_virtual_tunnel_port_create() ,489: Failed NW vxlan port token(45) hw-id(7026) status(Entry not found).
Product-Group=junos
On a QFX5110 or QFX5120, when the Type 5 tunnels are destroyed, sometime we can see error messages "brcm_virtual_tunnel_port_create() ,489:Failed NW vxlan port token(45) hw-id(7026) status(Entry not found)". There is no functionality impact due to this.
1564020 On EX4650/QFX5120 platforms, "storm control" with IRB interface might not work correctly
Product-Group=junosvae
On EX4650/QFX5120 platforms, "storm-control" might not work as expected if adding an IRB interface to a VLAN where "storm-control" is enabled. This defect could be seen when a destination IP of the stream's route is in a resolve state.
PR Number Synopsis Category: All issues related to L3 data-plane/forwarding
1560161 Few IPv6 ARP ND fails after loading the base configurations.
Product-Group=junos
On QFX5k platforms, when configuring a VLAN ID for a VxLAN, recommendation is to use VLAN ID of 3 or higher. If VLAN ID of 2 is used, replicated broadcast, multicast, and unknown unicast (BUM) packets for these VxLANs might be untagged, which in turn might result in the packets being dropped by a device that receives the packets.
PR Number Synopsis Category: PRs for PFE EVPN / VxLAN related issues on QFX5K
1524955 Traffic loss may be observed on interfaces in a VXLAN environment
Product-Group=junos
On the QFX5K/EX4600 series platforms with VXLAN setup, if changing the VLAN (VXLAN enabled) configuration under an interface stanza from service provider style to enterprise style in a single commit without deactivating/activating the corresponding VLAN configuration under "vlans" stanza, traffic loss may be observed on the interface after the change.
1555835 Traffic might not passed due to the addition of the VLAN tag 2 while passing through the Virtual Chassis port.
Product-Group=junos
When ingress and egress interfaces are in different FPC on QFX5120VC with OVSDB vxlan, the VLAN tag 2 might be added automatically and the peer device drops it.
PR Number Synopsis Category: KRT Queue issues within RPD stuck queue, retries due to erro
1542280 The KRT queue might get stuck after RE switchover
Product-Group=junos
On all Junos platforms with dual Routing Engines (REs), if RE switchover happens while the rpd process on backup RE (new master RE) is reading routes from kernel, some error might happen in a very rare timing condition, and the Kernel Routing Table (KRT) queue might get stuck due to this issue.
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1561984 The rpd crash might be observed during processing huge amount of PIM prune messages
Product-Group=junos
In MVPN scenario, if huge amount of PIM prune messages (e.g. more than 3500 receivers for more than 3 multicast groups) are processed on a Junos device, the rpd crash might occur.
PR Number Synopsis Category: Non protocols specific issues in RPD policy options, stateme
1562867 Generate route goes to hidden state when protect core knob is enabled
Product-Group=junos
On all Junos platforms, if protect core knob is enabled under routing options then generate route might go into hidden state.
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1482112 The rpd process might crash when deactivating logical systems.
Product-Group=junos
On all Junos platforms running with logical systems, if the logical systems get deactivated either by manually restarting the rpd process or by the deletion of the logical system configurations, the rpd process might crash in a race condition. It is a timing issue.
PR Number Synopsis Category: show route table commands, tracing, and syslog facilities an
1425515 The RPD scheduler slips might be observed upon executing the show route resolution extensive 0.0.0.0/0 | no-more command if the number of routes in the system is large (several millions).
Product-Group=junos
If a system has a lot of routes (several millions) then RPD scheduler slips could happen upon executing 'show route resolution extensive 0.0.0.0/0 | no-more' CLI command. The following message will be syslogged upon the slip: > rpd[4885]: %DAEMON-3-JTASK_SCHED_SLIP: 8 sec scheduler slip, user: 8 sec 645210 usec, system: 0 sec, 0 usec
PR Number Synopsis Category: SW PRs for SCBE3 related kernel drivers
1564539 MX platforms with MX-SCBE3 may reboot continuously.
Product-Group=junos
A recent change in the kernel boot loader causes a system with MX-SCBE3 to experience the Routing Enginne's kernel memory corruption which causes the system to reboot continuously.
PR Number Synopsis Category: SW PRs for SCBE3 fabric
1553641 The fabric errors are observed and the FPC processes might get offlined with SCBE3, MPC3E-NG, or MPC3E and MPC7 or MPC10 in the increased-bandwidth fabric mode.
Product-Group=junos
On MX240/MX480/MX960 platforms, with default "increased-bandwidth" fabric mode and SCBE3, if we have MPC3 or MPC3-NG exist on the system along with high bandwidth MPC, during high traffic situation or bursty traffic through the fabric towards MPC3/MPC3-NG. MX fabric might report unreachable destination condition and causes fabric healing to trigger in. This issue is exacerbated when having MPC7 or MPC10 line cards installed due to high fabric bandwidth that can be generated.
PR Number Synopsis Category: This would be category for IPSEC functionality on M/MX/T ser
1456749 All the IPsec tunnels might be cleared when the clear command is executed for only one IPsec tunnel with specified service-set name.
Product-Group=junos
On M/MX platforms running in IP security Virtual Private Network (IPsec VPN) scenario, when the command "clear services ipsec-vpn ike security-associations service-set " is executed for only one IPsec tunnel with the specified service-set name, all the other IPsec tunnels might be cleared as well due to this issue.
1544794 The mspmand process might generate core file on activating or deactivating the interface
Product-Group=junos
On MX480 platforms with MS-MPC service card installed, the Multiservices PIC manager daemon(mspmand) might get crashed on activating/deactivating the interface aggressively, causing the restart of the service PIC and traffic interruption.
PR Number Synopsis Category: issues related to snorkel card
1573209 CFP unplugged message is not logged in Junos OS Release 17.3 and later.
Product-Group=junos
CFP "unplugged" message is not logged in Junos 17.3 onwards
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1475948 The syslog reports simultaneous zone change reporting for all green, yellow, orange, and red zones for one or more service PICs.
Product-Group=junos
The router may report erroneous, simultaneous syslog messages for zone change reporting for all zones green, yellow, orange, red for one or more Service PICs. Nov 30 05:58:22.162 TestR1 : %DAEMON-4: (FPC Slot 2, PIC Slot 0) ms50 mspmand[233]: Entered red memory zone Nov 30 05:58:22.163 TestR1 : %DAEMON-4: (FPC Slot 2, PIC Slot 0) ms50 mspmand[233]: Entered orange memory zone Nov 30 05:58:22.163 TestR1 : %DAEMON-4: (FPC Slot 2, PIC Slot 0) ms50 mspmand[233]: Entered yellow memory zone Nov 30 05:58:22.163 TestR1 : %DAEMON-4: (FPC Slot 2, PIC Slot 0) ms50 mspmand[233]: Entered green memory zone The issue is a reporting error and has no functional effect on traffic. The issue is self-correcting. These errors can be appear in approximately every 49-50 days.
PR Number Synopsis Category: platform related PRs on SRX branch platforms
1542931 Tail drops might occur on branch SRX platforms if shaping-rate is configured on lt- interface
Product-Group=junos
On the branch SRX platforms, if shaping-rate greater than 2 Mbps and lower than 10Mbps is set on the lt- interface, the maximum traffic rate might not reach shaping-rate, or there might be tail drops during traffic burst.
PR Number Synopsis Category: trinity pfe qos software
1538960 Major error "XQ_CMERROR_SCHED_L3_PERR_ERR" might cause PFE(s) to disable
Product-Group=junos
On EX9200 platforms with EX9200-6QS/MX platforms with MPC2E/3E/5E(Q)/SRX5K platforms with MPC3, PFE(s) on that FPC(s) might be disabled due to a major alarm "XQ_CMERROR_SCHED_L3_PERR_ERR". Without the fix, this major alarm triggered "disable-pfe" action. This defect could be seen if there is a parity error in the L3 node static memory.
PR Number Synopsis Category: trinity pfe l3 forwarding issues
1562120 The interface statistics might be reported incorrectly if a large scale of interfaces is configured
Product-Group=junos
On the MX/EX92xx/SRX5x00 Trio based platforms, the interface statistics might be reported incorrectly if a large scale of interfaces is configured. In the adaptive load balance (ALB) use case, the ALB uses these statistics to determine the load-balancing between the member links of the AE bundle, if wrong interface statistics are used, the traffic imbalance on the egress interface will be observed.
PR Number Synopsis Category: DDos Support on MX PR category
1562474 DHCPv4 request packets might be wrongly dropped when DDOS attack happens
Product-Group=junos
On MX platform, T4000 platform and EX9200 platform, end-users or end-hosts might not get an IPv4 address from Dynamic Host Configuration Protocol (DHCP) server when Distributed Denial-of-Service (DDOS) attack is happened on DHCP rebind packets or renew packets. In the end, end-users or end-hosts could not access into network after lease time of the IPv4 address expired.
PR Number Synopsis Category: Issues related to mgd, DAX API, DDL/ODL infrastructure, Juno
1553577 The command "request system software validate on host" does not validate the correct configuration file
Product-Group=junos
When using the "request system software validate on host username ", please use the latest os-package on remote host for it to properly use the configuration file sent from the host whose configuration file is being validated.
PR Number Synopsis Category: av bugs
1557278 Stream buffer memory leak might happen when UTM is configured under unified policies.
Product-Group=junos
On all Junos platforms that support unified policies (layer 7 application), stream buffer memory leak might happen when Unified Threat Management (UTM) Antivirus Protection (AV)/ Antispam Filtering (AS)/Content Filtering (CF) is configured under unified policies. If the stream buffer memory is exhausted, traffic related to UTM will be affected.
PR Number Synopsis Category: We can use this category for Host protocols (LACP, LAG, ARP)
1354452 The mib2d process generates core file in mib2d_write_snmpidx at snmpidx_sync.c on both ADs while bringing up the base traffic profile.
Product-Group=junos
mib2d core in mib2d_write_snmpidx at snmpidx_sync.c on both ADs while bringing
PR Number Synopsis Category: Vale platform related issues.
1500418 PTX10008: FPC UKERN core dump is not transferred to RE in scaled setup.
Product-Group=junosvae
When a PTX10008 FPC creates a core file, the file may not be transferred to the Routing Engine.
1561980 An enhancement to enable watchdog petting log on PTX10K Line Cards
Product-Group=junosvae
An enhancement to enable watchdog petting log on line cards on QFX10XXX platforms. A quick note on watchdog timer: If all is well, a watchdog daemon process will consistently disarm the timer before it expires, and subsequently re-enable it; this is known as petting the dog. If the daemon does not disarm the watchdog timer (due to something having gone badly wrong), the watchdog timer expires and the system reboots.
PR Number Synopsis Category: For GPRS security features on highend SRX series
1559802 SPU crash might be seen under GPRS Tunneling protocol scenario
Product-Group=junos
In SRX series devices, if mobile handover between SGSN/SGW more than once, and the last handover is GTPv1 to GTPv2 (3G -> LTE), then both cluster nodes may crash and cause a disruption in the traffic.
PR Number Synopsis Category: Virtual Router Redundancy Protocol
1558560 Junos device might send VRRP advertisement packets in VRRP init or idle state before startup-silent-period timer expiry after performing GRES on VRRP master device with NSR disabled
Product-Group=junos
If VRRP master device has dual Routing Engines (REs) and GRES enabled but nonstop-routing (NSR) disabled, after performing GRES, both REs will move to VRRP init then idle state and the new master RE will send VRRP advertisement packets in this stage before startup-silent-period timer expiry. Since the VRRP backup device can still receive the VRRP advertisement packets with higher priority, it will not transition to VRRP master state and hence cause the longer traffic downtime until the VRRP master device re-take the VRRP mastership after startup-silent-period timer expiry.
 

19.1R3-S5 - List of Known issues (removed due to data inaccuracy)
Modification History:
2021-04-16 Update categories, removed "Known Issues" table due to data inaccuracy
First publication date 2021-04-14
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search