Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

19.2R3-S2: Software Release Notification for JUNOS Software Version 19.2R3-S2

0

0

Article ID: TSB18033 TECHNICAL_BULLETINS Last Updated: 28 Apr 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 19.2R3-S2 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 19.2R3-S2 is now available.

19.2R3-S2 - List of Fixed issues
PR Number Synopsis Category: EX4300 PFE
1545530 Junos OS: EX4300: FPC crash upon receipt of specific frames on an interface without L2PT or dot1x configured (CVE-2021-0242)
Product-Group=junos
A vulnerability due to the improper handling of direct memory access (DMA) buffers on EX4300 switches on Juniper Networks Junos OS allows an attacker sending specific unicast frames to trigger a Denial of Service (DoS) condition by exhausting DMA buffers, causing the FPC to crash and the device to restart. The DMA buffer leak is seen when receiving these specific, valid unicast frames on an interface without Layer 2 Protocol Tunneling (L2PT) or dot1x configured. Interfaces with either L2PT or dot1x configured are not vulnerable to this issue. Please refer to https://kb.juniper.net/JSA11135 for more information.
1548858 The targeted-broadcast feature might not work after a reboot.
Product-Group=junos
On EX4300 Series platforms, the targeted-broadcast feature may not work after a reboot. It can be seen that no target-broadcast packets are received on the targeted-broadcast interface.
PR Number Synopsis Category: Marvell based EX PFE L3
1557229 Traffic related to IRB interface might be dropped when mac-persistence-timer expires.
Product-Group=junos
On EX3400/EX4400/EX4300MP virtual chassis (VC) platforms, if the IRB interface is configured with members across master and backup VC, the new MAC address of the IRB interface might not be programmed in hardware after mac-persistence-timer expires. This might result in all traffic related to the IRB interface be dropped.
PR Number Synopsis Category: EX2300/3400 PFE
1543181 The Slaac-Snoopd child process generates core file upon multiple switchovers on the Routing Engine.
Product-Group=junos
Slaac-Snoopd core in the child process of slaac-snoopd daemon is seen when Old Master transition to Master happens again. It means when RE has undergone 2 switchovers starting from Mastership role and again regaining the Mastership role after second switchover, slaac-snoopd core in the child process of slaac-snoopd daemon is observed. However it was observed that the core has no impact on base functionality of slaac-snoopd daemon.
1556198 Traffic might be dropped when a firewall filter rule uses 'then vlan' as the action.
Product-Group=junos
If a firewall filter is configured with the action 'then vlan' on EX and QFX platforms, some of the traffic that matches the firewall filter might be dropped.
PR Number Synopsis Category: EX2300/3400 platform
1535106 EX2300/EX3400 : RTC ERROR and SETTIME failed messages is seen
Product-Group=junos
On EX2300 and EX3400 series, you may observe RTC ERROR and SETTIME failed message sometimes without trigger.
PR Number Synopsis Category: QFX PFE L2
1543169 The dcpfe process might crash when IFD continuously attaching and detaching
Product-Group=junos
On QFX5K/QFX3600/EX4600 platforms, memory leak might happen when the IFD is continuously attaching and detaching. The dcpfe might crash if the device is running out of memory. Traffic loss might be seen during the dcpfe crash and restart.
1550918 Traffic may be forwarded incorrectly on an interface having VXLAN enabled and "hold-time up xxx" statement configured
Product-Group=junos
If an interface is configured with "hold-time up xxx" statement and has VXLAN enabled, after interface flaps, traffic coming from this interface (such as ARP traffic) may be forwarded even it's not changed to the "up" state.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1558189 On the QFX5110-32Q device, the following syslog error message is observed after loading the NC T5 EVPN VXLAN configuration: BCM-L2,pfe_bcm_l2_sp_bridge_port_tpid_set() Config TPID New/Old (8100:8100) Other-Tpid's ba49, 4aa0, 80f.
Product-Group=junos
Handling of debug log related to TPID updates
1568159 The dcpfe process might crash when the size of the Local Bias Filter Bitmap string exceeds 256 characters.
Product-Group=junos
On QFX5K platforms with EVPN-VXLAN, the dcpfe process may crash when the size of the Local Bias Filter Bitmap string exceeds 256 characters.
1568533 The untagged packets might not work on EX Series platforms.
Product-Group=junos
On EX/QFX5K platforms, if 'flexible-vlan-tagging', 'vlan-id-list' and 'native-vlan-id' are configured on the interface in SP style, the untagged packets that need to be egressed from this interface might be dropped by the peer device.
PR Number Synopsis Category: "agentd" software daemon
1447665 Streaming telemtry subscription is not working for read-only user
Product-Group=junos
When local user on JunOS router is configured with read-only class as: set system login user test_user class read-only streaming telemetry subscription is not possible. The telemetry client will report an error as: rpc error: code = Unknown desc = Authorization failed subscribe returns, reconnecting after 10s
PR Number Synopsis Category: MX Layer 2 Forwarding Module
1548124 The l2ald process might crash due to next-hop issue in the EVPN-MPLS.
Product-Group=junos
In the EVPN-MPLS scenario, if the flood next-hop info is updated with the stale Multicast Composite Netxthop (MCNH), the memory corruption might happen on l2ald (Layer 2 Address Learning Daemon) process, then l2ald might crash and the ingress L2-BUM-flooded traffic might be impacted.
PR Number Synopsis Category: BBE Autoconfigured DVLAN related issues
1541796 Subscriber might not come up on some dynamic VLAN ranges in a subscriber management environment.
Product-Group=junos
On the MX series platforms, if dynamic VLAN ranges are configured more than 32 on an interface, subscriber may only come up on the first 32 dynamic VLAN ranges of that interface.
PR Number Synopsis Category: BBE database related issues
1554539 During ISSU, BNG losses subscriber sessions without sending the Session Stop message but stay in authd
Product-Group=junos
When a SDB service session is created and requested to be replicated on the master RE during a full SDB resync like ISSU or VC global switchover, the replication request may be dropped due to a bug in the repd logic attempting to determine if the new service session will be picked up and replicated as part of the full SDB resync.
PR Number Synopsis Category: BBE Layer-2 Bitstream Access
1551207 The PPPoE subscribers might fail to login.
Product-Group=junos
In Broadband Network Gateway (BNG) scenario where Layer-2 Bitstream Access (L2BSA) and PPPoE subscribers are working on the same interface/VLAN, PPPoE subscribers login may get stuck in a pending state, if the IN-FLIGHT flag of L2BSA is not cleared after its Port-Up packet is rejected by RADIUS, and during this process, another Port-Up for the same access-loop arrives.
PR Number Synopsis Category: BBE routing
1556980 The framed route installed for a demux Interface has no MAC address.
Product-Group=junos
On MX platforms with Broadband Edge(BBE) scenario, traffic sent to/transit via Framed-Route might be dropped, as there is no MAC associated with Framed-Route on the Demux Interface if "qualified-next-hop" is configured in dynamic-profile access route.
PR Number Synopsis Category: MIBs related to BBE
1535754 Snmp mib walk for jnxSubscriber OIDs returns a general error.
Product-Group=junos
Snmp mib walk for jnxSubscriber OIDs returns General error
PR Number Synopsis Category: BBE Statistics daemon & libraries
1516728 Used-service-unit of the CCR-U has output-bytes counter zero.
Product-Group=junos
The Used-Service-Unit AVP of the first CCR-U triggered after quota expiry of CC-Total-Octets, contain CC-Output-Octets =0, although the the subscriber has traffic consumption in both input and output directions. However the subsequent CCR-U's triggered after quota expiry contains appropriate values for CC-Output-Octets, CC-Input-Octets and CC-Total-Octets.
PR Number Synopsis Category: Border Gateway Protocol
1532414 Transit labels for Layer 3 VPN routes are pushed momentarily to the MPLS.0 table.
Product-Group=junos
In L3VPN scenario with in-line RR (Route Reflector) which has an export policy with next-hop self to advertise all transit L3VPN routes to its clients and also uses route-target family, the undesired L3VPN routes may be pushed to FIB (Forwarding Information Base) after enabling/disabling route-target family on the RR or a new BGP peer joins a group with 'next-hop self'.
1545837 BGP flap and rpd crash might be observed.
Product-Group=junos
On all Junos platforms with 'output-queue-priority expedited update-tokens' configured, rpd crash might be seen upon BGP flap.
PR Number Synopsis Category: Track PRs in BGP Flow Spec area & is part of BGP inside RPD.
1537085 Junos OS: A specific BGP VPNv6 flowspec message causes routing protocol daemon (rpd) process to crash with a core (CVE-2021-0236)
Product-Group=junos
Due to an improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved the Routing Protocol Daemon (RPD) service, upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, crashes and restarts causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11131 for more information.
PR Number Synopsis Category: PFE SW evo-pfemand,packet-io on BRCM platforms running EVO
1545455 The chip on FPC linecard might crash when the system reboots.
Product-Group=junos
On the FPCs with Broadcom chip, if the jinsightD (health-mon) is not disabled ("set system processes health-mon disable"), the FPC might crash during the system booting. Traffic loss is seen during the FPC crash and restart.
PR Number Synopsis Category: Virtual-chassis platform/chassisd infrastructure PRs for MX
1552588 The VCP port is marked as administratively down on the wrong MX-VC member.
Product-Group=junos
On MX/EX/QFX platforms with Virtual Chassis (VC) scenario, some interfaces might be shutdown unexpectedly, which might cause traffic to be interrupted if there is an error generated on an FPC. The reason is that after an ASIC error, the IFD down messages is not sent to the local chassis master where the error was reported, instead, it will be sent to the master of the Virtual Chassis, so that another interface with the same Slot/PIC/Port number will be shutdown as well.
PR Number Synopsis Category: MX Platform SW - UI management
1537194 The chassisd memory leak might cause traffic loss.
Product-Group=junos
On MX/PTX platforms with 18.1 or higher release, chassisd memory leak may be caused by configuration commit. When chassisd consumes ~3.4GB of memory it may crash, chassisd crash may cause GRES or/and FPC restart. If GRES is enabled, commits are being synchronized between REs, so backup RE chassisd may suffer from memory leak too.
PR Number Synopsis Category: MX-ELM l2ng stormcontrol
1552815 The statement 'action-shutdown' of storm control does not work for ARP broadcast packets.
Product-Group=junos
With knob 'action-shutdown' configured in storm control scenario, the interface will not go to shutdown state if ARP storm exceeds the configured limit. The excess packets will be dropped normally.
PR Number Synopsis Category: QFX Control Plane VXLAN
1548415 Junos OS: Remote code execution vulnerability in overlayd service (CVE-2021-0254)
Product-Group=junos
A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering a partial Denial of Service (DoS) condition, or leading to remote code execution (RCE). Continued receipt and processing of these packets will sustain the partial DoS. Please refer to https://kb.juniper.net/JSA11147 for more information.
PR Number Synopsis Category: Device Configuration Daemon
1530935 Backup RE or backup node may stuck in bad status with improper "backup-router" configuration
Product-Group=junos
Redundant group 1+ may report Interface Monitor failure if backup router destination prefix is configured same as interface IP address.
1539991 The logical interface might flap after the addition or deletion of the native VLAN configuration.
Product-Group=junos
On EX/QFX platforms, the unrelated logical interface on a physical interface would flap when adding or deleting native VLAN configuration on the physical interface.
PR Number Synopsis Category: dhcpd daemon
1542400 DHCP discover packet might be dropped if the DHCP inform packet is received first.
Product-Group=junos
On all Junos and EVO platforms, when devices are configured as DHCP relay agent, if DHCP discover packet is received immediately after DHCP inform packet in the same session, the DHCP discover packet might be dropped. This issue will impact subscriber login and it can be recovered automatically.
PR Number Synopsis Category: Ethernet OAM (LFM)
1529209 Junos OS: ethtraceroute Local Privilege Escalation vulnerabilities in SUID binaries (CVE-2021-0255)
Product-Group=junos
A local privilege escalation vulnerability in ethtraceroute Ethernet OAM utility of Juniper Networks Junos OS may allow a locally authenticated user with shell access to escalate privileges and write to the local filesystem as root. Please refer to https://kb.juniper.net/JSA11175 for more information.
PR Number Synopsis Category: EVPN control plane issues
1521526 ARP table might not be updated after VMotion or network loop is performed.
Product-Group=junos
On all Junos platforms with EVPN configured, the ARP table might not get updated. This issue happens after performing VMotion in a network or having a network loop.
1547275 VLAN ID information is missed while installing the EVPN route from the BGP Type 2 Route after modifying a routing-instance from instance-type EVPN to instance-type virtual-switch.
Product-Group=junos
VLAN ID information might be missing while installing the EVPN route from the BGP Type 2 Route after modifying a routing-instance from "instance-type evpn" to "instance-type virtual-switch". As a result, the data traffic sent via these EVPN routes doesn't push vlan-id in the inner Ethernet Header. This might result in traffic getting discarded on the remote PE.
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1535515 All the ARP reply packets toward some address are flooded across the entire fabric.
Product-Group=junos
In the EVPN-VXLAN scenario, if the spine has irb and the leaves don't have irb, and the leaves have multi-home interfaces, the ARP reply packets flooding across the entire fabric might be seen.
PR Number Synopsis Category: Lagavulin PFE tracking
1552623 "show pfe route summary hw" shows random high free and 'Used' column for 'IPv6 LPM(< 64)' routes
Product-Group=junos
For routes <= or > 64 bit mask, after route delete from hardware or during overflow handling of routes from host to LPM table, there was an issue with accounting whereby an incorrect large value showed up in the route summary calculation. Affected platform: QFX5200-32C-32Q and EX4400-48F.
PR Number Synopsis Category: Express PFE L2 fwding Features
1551305 The interface filter with source-port 0 matches everything instead of port 0.
Product-Group=junos
On QFX10K/PTX5K platforms, interface filter with source-port 0 is matching any UDP packets with destination port 4789, instead of source port 0, which has an impact on VXLAN traffic.
1561084 When configuring static MAC and static ARP on the EVPN core aggregate interface the underlay NH programming might not be updated in the PFE
Product-Group=junos
After installing static MAC/ARP into the core underlay link and reverting the configuration, the Next Hop (NH) in PFE might still point to the configured MAC address. It might cause traffic blackholing towards the CE.
PR Number Synopsis Category: Express PFE L3 Multicast
1567353 QFX[10002]Discrepancy in inet.1 vs pfe reported multicast routes.
Product-Group=junos
On QFX10k multicast counter in PFE were getting incremented even in case of handling IFL NULL error events. Though routes are not getting installed in the hardware because IFL is not up but still counters were getting incremented. This behavior is incorrect and is being modified through JUNOS.
PR Number Synopsis Category: IDP on logical system
1561298 The idpd process might crash when committing IDP configuration under LSYS/Tenants during RGs failover
Product-Group=junos
On SRX Series devices, if there are a considerable number of Logical-systems/Tenants configured. The idpd process might crash if the IDP-related configuration under Logical-systems/Tenants is changed and committed repeatedly during Redundancy Groups(RGs) failover. It is suggested not to modify and commit the IDP-related configuration in that situation.
PR Number Synopsis Category: jdhcpd daemon
1564434 Junos OS: Receipt of malformed DHCPv6 packets causes jdhcpd to crash and restart. (CVE-2021-0240)
Product-Group=junos
On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, the Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash if a malformed DHCPv6 packet is received, resulting in a restart of the daemon. The daemon automatically restarts without intervention, but continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Please refer to https://kb.juniper.net/JSA11168 for more information.
PR Number Synopsis Category: JSR Infrastructure
1484872 JFlow/IPFix - tracking pr for fixing crash when sampling is more than 65535
Product-Group=junos
There was a crash when setting the sampling rate more than 65535, this is since fixed. set forwarding-options sampling instance s1 input rate 70000
PR Number Synopsis Category: Firewall Policy
1576038 Traffic loss might be seen when a big number of applications or addresses is referenced by one policy
Product-Group=junos
On all SRX platforms, when a big number of applications or addresses is referenced by one policy (e.g. 3k applications) that causes IPC (Inter Process Communications between RE and PFE) fragmentation, policy out-of-sync might be seen. The issue results in the policy work incorrectly and traffic loss might be seen.
PR Number Synopsis Category: IPSEC/IKE VPN
1545916 The flowd process might crash during IPsec SA renegotiation on SRX5000 Series devices
Product-Group=junos
On SRX5000 Series devices with IPsec VPN configured running on Junos OS 18.2R1 or above, during IPsec Security Association (SA) renegotiation, a timing issue that the VPN packets refer to an invalid key might occur, which results in the flowd process crash.
1550232 Traffic goes through policy-based IPsec tunnel might be dropped after RG0 failover.
Product-Group=junos
On branch SRX series devices in a chassis cluster, when policy-based IPSec VPN is configured and the IPSec SA's lifetime is about to expire in a few minutes, the traffic might be dropped in the VPN tunnel after an RG0 failover.
1564444 A session might be closed when the session is created during the IPsec rekey.
Product-Group=junos
A session might be closed when the session is generated during IPsec rekey. It might cause the traffic drop on SRX platforms.
PR Number Synopsis Category: PFE infra to support jvision
1547698 The SENSOR APP DWORD leak is observed during the period of churn for routes bound to the sensor group.
Product-Group=junos
SENSOR APP DWORD leak observed during the period of churn for routes bound to Sensor group. Sensor types that are affected are Segment Routing, Segment Routing-TE, LDP and RSVP LSPs.
PR Number Synopsis Category: Layer 2 Control Module
1561235 The l2cpd process might generate a core file on reboot.
Product-Group=junos
When xSTP is used, the l2cpd core might be seen on reboot. This will be a one-time core and will not impact on functionality.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1551025 The l2alm processes high CPU utilization might be observed in the EVPN-VXLAN environment.
Product-Group=junos
In the EVPN-VxLAN scenario, as part of fixing PR1535515, the mac-ip entry's aging timer is adjusted by plus 30 seconds. These changes expose an issue in ARP expiry handling and result in the l2alm process high CPU utilization. This issue may cause MAC learning issue even traffic loss.
PR Number Synopsis Category: lldp sw on MX platform
1528856 The l2cpd process might crash when removing LLDP on an aggregated Ethernet interface.
Product-Group=junos
On all Junos platforms, if Link Layer Discovery Protocol(LLDP) is enabled on 'interface all' and some AE interface at the same time, the Layer 2 Control Protocol process (l2cpd) might crash when lldp is removed from the AE interface. The l2cpd crash might affect all the protocols running under it (such as X-STP, LLDP, ERP, MVRP, etc.).
1538482 DUT did not receive the LLDP packet from phone.
Product-Group=junos
On EX4300 platforms, the LLDP (Link Layer Discovery Protocol) neighborship with the VoIP (Voice over Internet Protocol) phones can't be established when LLDP is configured on the PoE (Power over Ethernet) enabled port on EX4300 and connects to the VoIP Phone.
PR Number Synopsis Category: Multiprotocol Label Switching
1493721 The rpd process might crash in a rare condition under the SR-TE scenario.
Product-Group=junos
On all Junos OS platforms with distributed CSPF under SR-TE scenario, if you execute some operations like deactivate or activate SR protocols, restart routing, and so on, the rpd crash might be observed.
PR Number Synopsis Category: MQTT protocol, Mosquitto Broker and Client API
1522265 Junos OS: Receipt of specific packets could lead to Denial of Service in MQTT Server (CVE-2021-0229)
Product-Group=junos
An uncontrolled resource consumption vulnerability in Message Queue Telemetry Transport (MQTT) server of Juniper Networks Junos OS allows an attacker to cause MQTT server to crash and restart leading to a Denial of Service (DoS) by sending a stream of specific packets. Please refer to https://kb.juniper.net/JSA11124 for more information.
PR Number Synopsis Category: Multicast Routing
1555518 Sending multicast traffic to downstream receiver on Trio based Virtual Chassis platforms might fail.
Product-Group=junos
On Trio based Virtual Chassis (VC) platform, when there are multicast tunneled packets being received, which come into the Virtual Chassis Ports (VCP) and then pop out of the tunnel, if the VCP ports and the interfaces where multicast packets enter/leave the router are located on the same Packet Forwarding Engine (PFE), it might fail in sending multicast traffic to downstream receiver due to this issue.
PR Number Synopsis Category: Fabric Manager for MX
1535787 All SFBs might go offline due to fabric failure and fabric self-ping probes performing the disable-pfe action.
Product-Group=junos
When an MPC is removed without being taken offline, and the chassisd process is not able to process this event on the primary Routing Engine due to additional primary-role switch, and later the MPC that is pulled out of the slot is re-inserted, many Switch Fabric Boards (SFBs) might be offline due to max_total_cell_usage overflow condition on the xfchip. The MX2020 platform is not exposed to such an event if it has SFB2 or if "set chassis fabric disable-grant-bypass" is configured.
PR Number Synopsis Category: MX10K platform
1456253 On 4x1GE using QSFP28 optics, continuos logging in chassisd process occurs when speed 1g is configured: pic_get_nports_inst and ch_fru_db_key.
Product-Group=junos
On MX10008 and PTX10008, the continuous logging in the chassisd file might be seen.
PR Number Synopsis Category: OS IPv4/ARP/ICMPv4
1544398 The RP expired timer on the backup Routing Engine is not the same as the primary Routing Engine if the aging-timer is configured.
Product-Group=junos
If aging-timer is configured on master RE for an IRB interface, the ARP timer configuration is not synced properly to backup RE for the IRB interface. It might cause ARP storm after RE switchover.
1547583 An internal timer on the backup Routing Engine might cause an ARP storm upon GRES switchover on the new primary (old backup) Routing Engine.
Product-Group=junos
On all MX platforms with BNG (Broadband Network Gateway) scenario, an internal timer (re-ARP timer) on backup RE could cause an ARP storm upon GRES switchover since there are lots of arp timeout on the new master RE in 2 minutes. The re-ARP timer is one-tenth of the ARP aging timer (default ARP aging timer is 20 minutes, so 1/10 of 20 minutes is 2 minutes). The fix will automatically adjust the timer based on the scale and the configured aging time avoiding ARP storm on new master.
PR Number Synopsis Category: Kernel Composite Next Hop (composite / l3vpn) Infrastructure
1548545 The kernel crash with core file might be seen if churn happens for a flood composite next hop.
Product-Group=junos
After continuous churn happens for a flood composite next hop, the kernel crash might be seen.
PR Number Synopsis Category: TCP/UDP transport layer
1552603 The BGP session replication might fail to start after the session crashes on the backup Routing Engine.
Product-Group=junos
On certain Junos platforms with Dual-REs (platforms capable of installing Junos packages with name format as "junos*install"), BGP replication may fail to start under GRES/NSR setup after a crash on backup Routing Engine. NSR starts un-replicating the socket since backup Routing Engine is no longer present. Massive unreplicated request leads to memory buffer getting full with multiple BGP sessions (e.g., 20 BGP peers). Hence BGP unreplicated request returned with an error. Besides, the kernel is left with stale data. It does not allow the JSR (Juniper Socket Replication, BGP in this case) when backup RE comes up due to the stale data. BGP-NSR (Nonstop Routing) is broke under the conditions. Traffic outage will be observed after performing GRES.
PR Number Synopsis Category: PE based L3 software
1533814 QFX10k2 / Firewall log incorrectly populating from PFE
Product-Group=junos
When a multicast feed is received with TTL 1 on a QFX. There will be 2 copies of the packet sent to the host - one from the normal flow and another from the multicast module. This packet being sent from the multicast module had a sample class of 0 because of which it was getting logged in the firewall log. In order to resolve the issue engineering has modified the sample class of the multicast packet with ttl=1 so that it doesnt reflect in the firewall logs.
1550632 The Neighbor Solicitation might be dropped from the peer device.
Product-Group=junos
The Neighbor Solicitation (NS) might be dropped after the IPv6 binding is flushed from the peer side. The ping to IPv6 peer fails due to the NS message not reach RE. Since ping doesn?t work between the connected interface, any kind of traffic sent towards QFX might also not work. It has a traffic impact.
1569120 QFX10K: Firewall log incorrectly populating from PFE for IPv6 traffic
Product-Group=junos
IPv6 packets with TTL 1 was getting logged in firewall without any firewall configuration. There will be no impact on the traffic but the logs will be generated in "show firewall log" for the same traffic.
PR Number Synopsis Category: vMX Platform Infrastructure related issue tracking
1548422 Traffic with jumbo frame may be discarded on the vMX platforms
Product-Group=junos
On the VMX platforms which are installed on ESXI 6.7 with vmxnet3 driver, traffic with jumbo frame (Packets with MTU more than 1500) may be discarded upon receiving.
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1538340 On the QFX5100-48T, interfaces are not created after 10g channel-speed is applied across the 48 to 53 ports.
Product-Group=junos
After channelizing port 48 through 53 and channel speed, the interfaces are down on QFX5100-48T platform. This issue causes interfaces are deleted and traffic might be dropped.
1548267 The 40G interface might be channelized after restarting the Virtual Chassis member
Product-Group=junos
On QFX platforms with Virtual Chassis (VC) scenario, if one VC member has a 40G channelized port, and the same port number interface in another VC member is non-channelized and has a fiber connection, the non-channelized interface will also be channelized after the VC member restarts. This might result in traffic loss on this interface.
1560086 PRBS (psuedorandom binary sequence) test on the QFX5200 device fails for 100GbE interfaces with the default settings.
Product-Group=junos
PRBS (Pseudo Random Binary Sequence) test on QFX5200 platform fails for 100G interfaces with default settings
PR Number Synopsis Category: QFX platform optics related issues
1561181 Tunable optics SFP+-10G-T-DWDM-ZR not working in EX4600
Product-Group=junos
In EX4600 with tunable optics SFP+-10G-T-DWDM-ZR, the configured wavelength value does not take effect.
PR Number Synopsis Category: analyzer on QFX 5100,5200, 5110
1557274 Traffic storm might be caused by analyzer due to link flapping
Product-Group=junos
On all Junos platforms with port mirroring analyzers configured, if multiple paths for the Analyzer IP configured and default route flaps then a traffic storm might be observed due to mirroring of traffic on the wrong port and analyzer might not work as expected.
PR Number Synopsis Category: Filters
1558320 Firewall filter might fail to work on QFX5K platforms
Product-Group=junos
On QFX5K platforms, if per ifl-filtering on regular VLAN is configured with no match conditions then destination port matching condition may fail to match intended packets.
PR Number Synopsis Category: QFX L2 PFE
1535555 The following Packet Forwarding Engine error message is observed in the BRCM-VIRTUAL: brcm_virtual_tunnel_port_create() ,489: Failed NW vxlan port token(45) hw-id(7026) status(Entry not found).
Product-Group=junos
On a QFX5110 or QFX5120, when the Type 5 tunnels are destroyed, sometime we can see error messages "brcm_virtual_tunnel_port_create() ,489:Failed NW vxlan port token(45) hw-id(7026) status(Entry not found)". There is no functionality impact due to this.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1484440 IRB MAC is not programmed in hardware when the MAC persistence timer expires.
Product-Group=junos
On QFX5XXX/EX46XX virtual chassis platforms with GRES, if an IRB interface is configured with members across master and backup REs, and when mac-persistence-timer expires, the new MAC address of the IRB interface might not be programmed in hardware, which might result in failure on protocols and traffic.
1512175 The DHCP traffic might not be forwarded correctly when DHCP sends unicast packets.
Product-Group=junos
On EX4600/QFX5K platforms, DHCP unicast packets are getting dropped in the device due to DHCP relay filters which are getting installed during the init time without any DHCP configuration.
1560161 Few IPv6 ARP ND fails after loading the base configurations.
Product-Group=junos
On QFX5k platforms, when configuring a VLAN ID for a VxLAN, recommendation is to use VLAN ID of 3 or higher. If VLAN ID of 2 is used, replicated broadcast, multicast, and unknown unicast (BUM) packets for these VxLANs might be untagged, which in turn might result in the packets being dropped by a device that receives the packets.
PR Number Synopsis Category: QFX EVPN / VxLAN
1524955 Traffic loss may be observed on interfaces in a VXLAN environment
Product-Group=junos
On the QFX5K/EX4600 series platforms with VXLAN setup, if changing the VLAN (VXLAN enabled) configuration under an interface stanza from service provider style to enterprise style in a single commit without deactivating/activating the corresponding VLAN configuration under "vlans" stanza, traffic loss may be observed on the interface after the change.
1555835 Traffic might not passed due to the addition of the VLAN tag 2 while passing through the Virtual Chassis port.
Product-Group=junos
When ingress and egress interfaces are in different FPC on QFX5120VC with OVSDB vxlan, the VLAN tag 2 might be added automatically and the peer device drops it.
PR Number Synopsis Category: QFX VC Infrastructure
1548079 On the QFX5100 Virtual Chassis, the backup Routing Engines clear the reporting alarm for a PEM failure intermittently for a missing power source.
Product-Group=junos
The PEM failure alarm for a missing power source on a QFX5100 VC is incorrectly being toggled on the Backup RE
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1534455 Some routes might get incorrectly programmed in the forwarding table in the kernel which is no longer present in rpd.
Product-Group=junos
In a scaled routes scenario, if there is any route change operation when the system is under memory pressure, the rpd might change a route entry but the same is not conveyed to the kernel. This causes a mismatch between routes in rpd and kernel leading to traffic blackhole for the mismatched route entries that are incorrectly programmed in the kernel.
PR Number Synopsis Category: RPD policy options
1523891 The policy configuration might be mismatched between the rpd and mgd process when deactivate policy-options prefix-list is involved in the configuration sequence.
Product-Group=junos
If "deactivate policy-options prefix-list" is involved in configuration sequence along with other policy configurations, the mgd process might not notify the rpd process about the policy configuration changes after committing the configuration. This can cause the policy configuration to be out-of-synchronization between policy database used by rpd and configuration database used by mgd. Due to the missing policy entries in policy database, later the rpd might crash when accessing these entries via CLI command like "show policy".
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1482112 The rpd process might crash when deactivating logical systems.
Product-Group=junos
On all Junos platforms running with logical systems, if the logical systems get deactivated either by manually restarting the rpd process or by the deletion of the logical system configurations, the rpd process might crash in a race condition. It is a timing issue.
PR Number Synopsis Category: SW PRs for SCBE3 related kernel drivers
1564539 MX platforms with MX-SCBE3 may reboot continuously.
Product-Group=junos
A recent change in the kernel boot loader causes a system with MX-SCBE3 to experience the Routing Enginne's kernel memory corruption which causes the system to reboot continuously.
PR Number Synopsis Category: IPSEC functionality on M/MX/T ser
1540538 The mspmand process leaks memory in relation to the MX Series telemetry reporting the following error message: RLIMIT_DATA exceed.
Product-Group=junos
On MX platforms with MS-MPC/MS-MIC service card installed, the card might run out of memory due to process mspmand memory leak, which may cause traffic interruption if adding and/or deleting of telemetry sensor. This is because these operations will trigger the memory allocation for decoding configuration change messages and will not release the memory at the end of processing.
PR Number Synopsis Category: Trio pfe qos software
1538960 The following major error message might cause the Packet Forwarding Engine(s) to disable: XQ_CMERROR_SCHED_L3_PERR_ERR.
Product-Group=junos
On EX9200 platforms with EX9200-6QS/MX platforms with MPC2E/3E/5E(Q)/SRX5K platforms with MPC3, PFE(s) on that FPC(s) might be disabled due to a major alarm "XQ_CMERROR_SCHED_L3_PERR_ERR". Without the fix, this major alarm triggered "disable-pfe" action. This defect could be seen if there is a parity error in the L3 node static memory.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1542211 Trio-based FPC might crash when the underlying Layer 2 interface for ARP over IRB interface is changed from the physical interface to the LSI interface.
Product-Group=junos
This issue applies to a Trio-based FPC using the integrated routing and bridging (IRB) interface with a VPLS instance using the label-switched interface (LSI) to provide VPLS functionality. The FPC may restart unexpectedly. The restart is triggered when the underlying layer-2 interface for ARP over IRB interface changes from the physical interface to the LSI interface.
1560788 The BUM frame might be duplicated on an aggregate device if the extended-port on the satellite device is an aggregated Ethernet interface.
Product-Group=junos
On the Fusion AD (Aggregate Device), the BUM frame might be duplicated if the Extended-port on the SD (Satellite Device) is an aggregate ethernet.
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1562120 The interface statistics might be reported incorrectly if a large scale of interfaces is configured
Product-Group=junos
On the MX/EX92xx/SRX5x00 Trio based platforms, the interface statistics might be reported incorrectly if a large scale of interfaces is configured. In the adaptive load balance (ALB) use case, the ALB uses these statistics to determine the load-balancing between the member links of the AE bundle, if wrong interface statistics are used, the traffic imbalance on the egress interface will be observed.
PR Number Synopsis Category: DDos Support on MX
1562474 The DHCPv4 request packets might be wrongly dropped when DDoS attack occurs.
Product-Group=junos
On MX platform, T4000 platform and EX9200 platform, end-users or end-hosts might not get an IPv4 address from Dynamic Host Configuration Protocol (DHCP) server when Distributed Denial-of-Service (DDOS) attack is happened on DHCP rebind packets or renew packets. In the end, end-users or end-hosts could not access into network after lease time of the IPv4 address expired.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1553577 The request system software validate on host command does not validate the correct configuration file.
Product-Group=junos
When using the "request system software validate on host username ", please use the latest os-package on remote host for it to properly use the configuration file sent from the host whose configuration file is being validated.
PR Number Synopsis Category: Antivirus UTM issue
1557278 Stream buffer memory leak might happen when UTM is configured under unified policies.
Product-Group=junos
On all Junos platforms that support unified policies (layer 7 application), stream buffer memory leak might happen when Unified Threat Management (UTM) Antivirus Protection (AV)/ Antispam Filtering (AS)/Content Filtering (CF) is configured under unified policies. If the stream buffer memory is exhausted, traffic related to UTM will be affected.
PR Number Synopsis Category: For GPRS security features on highend SRX series
1559802 SPU crash might be seen under GPRS Tunneling protocol scenario
Product-Group=junos
In SRX series devices, if mobile handover between SGSN/SGW more than once, and the last handover is GTPv1 to GTPv2 (3G -> LTE), then both cluster nodes may crash and cause a disruption in the traffic.
PR Number Synopsis Category: Virtual Router Redundancy Protocol
1558560 Junos device might send VRRP advertisement packets in the VRRP Init or Idle state before startup-silent-period timer expiry on the VRRP primary device with NSR disabled after GRES.
Product-Group=junos
If VRRP master device has dual Routing Engines (REs) and GRES enabled but nonstop-routing (NSR) disabled, after performing GRES, both REs will move to VRRP init then idle state and the new master RE will send VRRP advertisement packets in this stage before startup-silent-period timer expiry. Since the VRRP backup device can still receive the VRRP advertisement packets with higher priority, it will not transition to VRRP master state and hence cause the longer traffic downtime until the VRRP master device re-take the VRRP mastership after startup-silent-period timer expiry.
 

19.2R3-S2 - List of Known issues
PR Number Synopsis Category: ACX L2 related features
1565642 ACX5048: Entry for mac address from which no traffic is seen for mac age timer does not age out if there is active traffic destined for this mac
Product-Group=junos
As per the current code, ACX would not delete a mac address from the mac table there is- (a) traffic destined to the mac address or (b) traffic sourced from the mac address or (c) both Fix of this PR will allow ACX to only look at (b) traffic sourced from mac address before deleting the mac address entry from mac table. So, if there is no traffic sourced from the mac for an interval of mac aging timer, the mac would be deleted from the mac table at the end of mac aging timer with out taking into account the traffic destined to the mac address.
PR Number Synopsis Category: Control Plane and Infrastructire for the B-54 program
1188254 Junos Fusion Enterprise: LLDP might stop working if manually deactivated and reactivated
Product-Group=junos
On a Junos Fusion Enterprise, LLDP might stop working if it is reenabled after being manually disabled.
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1518106 The BFD sessions might flap continuously after disruptive switchover followed by GRES.
Product-Group=junos
Disruptive switchover (no GRES or NSR configured) can lead to stale PPM entries programmed on the new master Routing Engine. If both GRES and NSR are activated after disruptive switchover and then a GRES switchover is performed, BFD sessions might flap continuously.
PR Number Synopsis Category: Express pfe ddos protection feature
1547032 OSPFv3 session may keep flapping and OSPFv3 hellos might be dropped in the host-path
Product-Group=junos
On QFX10008/QFX10016/QFX10002-36Q/QFX10002-72Q platforms, the OSPFv3 sessions might keep flapping and the hello packets maybe dropped in the host path. This might happen with high amount of control traffic with OSPFv3 protocol configured. This is because OSPFv3 hello packets are not proper classified going to the unclassified DDOS queue.
PR Number Synopsis Category: SRX1500 platform software
1546132 SRX1500 reports fan(s) running at over speed
Product-Group=junosvae
SRX1500 may report intermittent cosmetic fan alarms.
PR Number Synopsis Category: SRX4100/SRX4200 platform software
1547953 On vSRX2.0, vSRX3.0, SRX1500, SRX4100, SRX4200, SRX4600 running chassis cluster in Junos OS Release 18.3 or later releases, multiple messages of "LCC: ch_cluster_lcc_set_context:564: failed to lock chassis_vmx mutex 11" are generated in the chassisd log file. These messages may recur after every few seconds and they do not have any impact on system operation.
Product-Group=junos
On vSRX2.0, vSRX3.0, SRX1500, SRX4100, SRX4200, SRX4600 running Chassis Cluster in Junos 18.3 or later, multiple messages of "LCC: ch_cluster_lcc_set_context:564: failed to lock chassis_vmx mutex 11" are generated in the chassisd log file. These messages may reoccur after every few seconds and they do not have any impact on system operation.
PR Number Synopsis Category: Firewall Policy
1454907 Traffic might be dropped when policies are changed in SRX Series devices
Product-Group=junos
If a huge number of policies are configured on SRX Series devices and some policies are changed, the traffic that matches the changed policies might be dropped.
PR Number Synopsis Category: Layer 2 Control Module
1532992 On the EX4300 device, complete traffic drop is observed when the MSTP edge port is configured over the access and QinQ ports.
Product-Group=junos
On all Junos and EVO platforms, in a QinQ environment, if xSTP is enabled on interface having logical interface with vlan-id-list configured then it will only run on those logical interfaces whose vlan-id range includes native-vlan-id configured and all others will in discarding state. This might lead to traffic drop.
PR Number Synopsis Category: Microkernel for neo mpc
1538131 JDI-RCT:M/Mx: NPC crashed @ cmtfpc_mic_neo_state_check (mic_env=< optimized out>, mic_slot=< optimized out>) at ../../../../src/pfe/common/applications/cmt/jam/cmtfpc_pic_npc_jam.c:4808
Product-Group=junos
This issue is due to Thread hogging for 2.5s after ISR registration during ISSU done phase causing a core at FPC. FPC will get rebooted with ISR registration again during normal init. This issue is specific to "3D 20x 1GE(LAN)-E,SFP" and "3D 20x 1GE(LAN)-EH,SFP" MIC types.
PR Number Synopsis Category: vMX Platform Infrastructure related issue tracking
1553001 SSH keys are changed after JUNOS upgrade on MX150
Product-Group=junos
SSH keys are changed after JUNOS upgrade on MX150
PR Number Synopsis Category: QFX EVPN / VxLAN
1550305 Traffic not load balanced by EX4300-48MP and EX4300-VC over ESI links with evpn_vxlan configured.
Product-Group=junos
Traffic does not get load balanced by QFX10K to all the PE devices in the core which share a ESI links with EVPN_VXLAN configured.
PR Number Synopsis Category: uboot & loader for DCG TOR and CB
1536799 Software recovery or installation using the Bootable USB Flash Drive option might fail
Product-Group=junosvae
Using "Bootable USB Flash Drive" to recover/install software may fail on the platforms with releases starting from 19.3, after power cycle (off/on).
PR Number Synopsis Category: show route table commands, tracing, and syslog facilities
1574497 PIM rib-group fails to be added in VRF.
Product-Group=junos
PIM rib-group failure to add in vrf - PIM: ribgroup vrf not usable in this context; all RIBs are not in instance
PR Number Synopsis Category: Issues common to all Tornado mics
1563732 Non Ethernet MICs may not come up on SCBE3
Product-Group=junos
By default, SCBE works in hyper mode, with hyper mode in place, all non ethernet MIC won't come online https://www.juniper.net/documentation/en_US/junos/topics/concept/forwarding-options-hyper-mode-overview.html CLI output will show the MIC "not supported" even through MIC/MPC are compatible: > show chassis fpc pic-status Slot 1 Online MPC2E NG HQoS PIC 0 Present MIC-3D-4OC3OC12-1OC48- Not Supported PIC 2 Present MIC-3D-8OC3OC12-4OC48- Not Supported
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1525594 The vmxt_lnx process generates core file at KtreeSpace::FourWayLeftAttachedNode::getNextDirty Trinity_Ktree::walkSubTree Trinity_Ktree::walkSubTree.
Product-Group=junos
Issue is seen only in VMX setups with the blockpointer in the ktree infra is getting corrupted leading to core file generation. There is no function impact such as fpc restart or system down and the issues won't be observed in hardware setups.
PR Number Synopsis Category: DDos Support on MX
1512033 Junos OS: MX Series: DDoS LACP violation upon receipt of specific layer 2 frames in EVPN-VXLAN deployment (CVE-2021-0228)
Product-Group=junos
An improper check for unusual or exceptional conditions vulnerability in Juniper Networks MX Series platforms with Trio-based MPC (Modular Port Concentrator) deployed in (Ethernet VPN) EVPN-(Virtual Extensible LAN) VXLAN configuration, may allow an attacker sending specific Layer 2 traffic to cause Distributed Denial of Service (DDoS) protection to trigger unexpectedly, resulting in traffic impact. Continued receipt and processing of this specific Layer 2 frames will sustain the Denial of Service (DoS) condition. An indication of compromise is to check DDOS LACP violations: user@device> show ddos-protection protocols statistics brief | match lacp This issue only affects the MX Series platforms with Trio-based MPC. No other products or platforms are affected. Refer to https://kb.juniper.net/JSA11123 for more information.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1452136 The mgd might crash when you use the replace pattern command.
Product-Group=junos
When you use the "replace pattern" command to replace the name in the apply-group, the mgd crashes.
Modification History:
First publication 2021-04-28
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search