Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

19.4R3-S3: Software Release Notification for JUNOS Software Version 19.4R3-S3

1

0

Article ID: TSB18042 TECHNICAL_BULLETINS Last Updated: 11 May 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 19.4R3-S3 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 19.4R3-S3 is now available.

19.4R3-S3 - List of Fixed issues
PR Number Synopsis Category: EX2300/3400 PFE
1548159 Classifier is not programmed in the hardware and error logs may be seen in syslog
Product-Group=junos
On EX platforms except EX4300, when configuring Q-in-Q with vlan-id-list, classifier is not programmed and error logs "Setting vlan id failed" may be seen. All the packet entering this interface will not classify the packets to designated egress queue, but to the default queue. If the default queue is in congestion, traffic with video or voice service may be impacted.
PR Number Synopsis Category: QFX Multichassis Link Aggregrate
1562535 MAC address entry issue might be observed after the MC-LAG interface.
Product-Group=junos
On all junos platforms with high scale setup (for ex: 40 mac per 3000 vlan), MAC address entry issue might be seen after MC-LAG interface failover/failback few times. Some MAC entry remains as DR after failover and these stale entries might cause service disruptions.
PR Number Synopsis Category: QFX PFE L2
1550918 Traffic may be forwarded incorrectly on an interface having VXLAN enabled and "hold-time up xxx" statement configured
Product-Group=junos
If an interface is configured with "hold-time up xxx" statement and has VXLAN enabled, after interface flaps, traffic coming from this interface (such as ARP traffic) may be forwarded even it's not changed to the "up" state.
1574435 On QFX5K switches, software forwarded VXLAN decapsulated packets can have illegal length
Product-Group=junos
On QFX5K switches, software forwarded VXLAN decapsulated packets (i.e. STP, DHCP etc) received on a VTEP interface might be forwarded with illegal length. During decapsulation the packet length might not be adjusted to the length on the inner payload and packet would get forwarded by adding trailer for the remaining length.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1568533 The untagged packets might not work on EX Series platforms.
Product-Group=junos
On EX/QFX5K platforms, if 'flexible-vlan-tagging', 'vlan-id-list' and 'native-vlan-id' are configured on the interface in SP style, the untagged packets that need to be egressed from this interface might be dropped by the peer device.
1573411 The GRE egress traffic might not be forwarded between the different routing-instances
Product-Group=junos
In the GRE tunnel with the routing-instances scenario, if the next-hop of GRE tunnel destination is learned from the different routing-instance (e.g. the next-hop is learned via leaked route), it might be rejected to be installed into the routing table. Then, the egress GRE traffic will not be forwarded via the egress physical interface, the GRE traffic across the different routing-instances might not be forwarded.
PR Number Synopsis Category: MX Layer 2 Forwarding Module
1571970 In the VXLAN scenario, the locally originated packets have UDP source port 0.
Product-Group=junos
On all platforms with VXLAN, locally originated packets have UDP source port 0 while the transit packets have the correct UDP source ports of non-zero. There is no service impact.
PR Number Synopsis Category: Australia related infrastructure software
1501752 Continuous l2ald and L2ALM log messages seen on nodes of chassis cluster of SRX5000
Product-Group=junos
On some JunOS SR releases continuous l2ald and L2ALM log messages are seen in chassis cluster setup of SRX5000 Series. The issue may cause a memory leak and drain the heap memory on card.
PR Number Synopsis Category: BBE database related issues
1554539 During ISSU, BNG losses subscriber sessions without sending the Session Stop message but stay in authd.
Product-Group=junos
When a SDB service session is created and requested to be replicated on the master RE during a full SDB resync like ISSU or VC global switchover, the replication request may be dropped due to a bug in the repd logic attempting to determine if the new service session will be picked up and replicated as part of the full SDB resync.
PR Number Synopsis Category: BBE interface related issues
1518543 On the MX960 routers, the show interfaces redundancy rlt0 statement shows current status as primary down as FPC is still in the Ready state after rlt failover (restart FPC).
Product-Group=junos
Issue happens only with specific RLT interface configuration followed by FPC restart. In this PR, GRES was done when FPC was doing the interface cleanup after FPC restart. Amount of time taken for interface cleanup on FPC depends on scale. If GRES is done before FPC comes to clean state, backup RE may not be in sync with master. Which may cause interface states inconsistent after GRES. This is a negative scenario of testing.
1527343 L2TP subscribers might fail to establish a session on the MX Series device if the CPE is a virtual host
Product-Group=junos
L2TP subsribers might fail to establish sessions with MX device which is configured as L2TP LNS. This happens when the subscriber customer premises equipment host (CPE) is a virtual setup.
1577007 Commit failure-error: Modified IFD "ae0" is in use by targeted BBE subscriber, commit denied - mtu config changed (1522), (1514)
Product-Group=junos
Commit failure-error: Modified IFD "ae0" is in use by targeted BBE subscriber, commit denied - mtu config changed (1522), (1514). The commit check error might be observed when targeted-distribution is configured for Subscriber Management associated with ae interfaces.
PR Number Synopsis Category: the SMGD redundancy plugin in SMGD
1567735 Need to allow the tunnel interface as the peer-address for ALQ.
Product-Group=junos
The ALQ session between the two routers is expecting to have a controlled source and destination address (peer config in both end). To be able to control what this address is used as source on a router with multiple routed interfaces, a good technique is to use a directly connected interface for this communication. In the case where the routers are not directly connected a tunnel interface is equally good technique. But the ALQ need to be allowed to use this. This PR fix this.
PR Number Synopsis Category: Border Gateway Protocol
1542123 Traffic loss might be seen in the next-hop-based dynamic tunnels of the Layer 3 VPN scenario after changing the dynamic-tunnel preference.
Product-Group=junos
In the BGP signaling for next-hop-based dynamic tunnels (MPLS-over-UDP tunnel and MPLS-over-GRE tunnel) of L3VPN scenario, if changing dynamic-tunnel preference (e.g. the preference of GRE tunnel is configured higher than UDP tunnel, and vice versa) not apply to all of L3VPN instance, the advertised encapsulation tunnel information might be inconsistent between the sender side and receiver side, after that, the dynamic tunnels might not be shifted between the GRE tunnel and UDP tunnel, the traffic loss might happen on these tunnels.
1554569 The BGP session neighbor shutdown configuration does not effect the non-established peer.
Product-Group=junos
BGP neighbor shutdown configuration "set protocols bgp group <*> neighbor xx.xx.xx.xx shutdown" does not take effect on non-established peer.
1560827 All the Layer 3 VPN route resets when a VRF is added or removed.
Product-Group=junos
After configuring a new VRF or performing GRES, VPN routes in bgp.l3vpn.0 table might be refreshed. There is unexpected packet loss when this issue happens.
1576959 BGP session flap might be observed after the Routing Engine switchovers when the VRRP virtual address is used as the local address for the BGP session
Product-Group=junos
On all Junos platforms with dual REs, when VRRP virtual address is used as the local address for the BGP session, after RE switchover, BGP session flaps might be seen. It is because when an established BGP session is synced to the backup RE, it uses the local address from the master RE to find the if-address pointer on the backup RE. However, after RE switchover, the new master RE will always choose the primary address to locate the interface address pointer. In this case, master RE might flap the BGP session as it finds the local address is different from the primary address.
PR Number Synopsis Category: Captive Portal, Content Delivery Daemon, and Service Plugin
1527602 The cpcdd process might generate core file after upgrading to Junos OS Release 19.4 and later.
Product-Group=junos
On MX-Series platforms, the cpcdd (Captive Portal Content Delivery) might crash when there is an upgrade from Junos 19.3 or older to 19.4 or newer, because there is a difference in the structure alignment between the release.
PR Number Synopsis Category: bras licensing prs
1563975 The enforce-strict-scale-limit-license configuration enforces subscriber license incorrectly in the ESSM subscriber scenario.
Product-Group=junos
In Extensible Subscriber Services Manager (ESSM) subscriber scenario, the "enforce-strict-scale-limit-license" configuration enforces subscriber license incorrectly, after high churn of ESSM subscribers login/logout, the subscribers could not able to login.
1573289 Scale-subscriber license might be not updated properly on the backup RE which leads to "License grace period for feature scale-subscriber(44) is about to expire" alarm after GRES
Product-Group=junos
In a rare scenario spurious scale-subscriber license violation may be raised on the new backup Routing Engine shortly after GRES switchover. It will lead to "License grace period for feature scale-subscriber(44) is about to expire" alarm if another GRES switchover is performed.
PR Number Synopsis Category: MX Platform SW - FRU Management
1572778 On the MX960 routers, the Require a Fan Tray upgrade alarm is raised when the top Fan Tray 0 is removed, even though the enhanced Fan Tray is already used.
Product-Group=junos
"Require a Fan Tray upgrade" alarm is raised on MX960 when Top Fan Tray 0 is removed, although Enhanced Fan Tray is already used.
PR Number Synopsis Category: MX Platform SW - Power Management
1545838 FPC(s) may not boot-up on MX960/EX9214 in a certain condition
Product-Group=junos
On MX960/EX9214 platforms with high-capacity/normal-capacity power supplies, FPC(s) may fail to come online when the corresponding power is restored afterward but not present during the power-up stage.
PR Number Synopsis Category: Enhanced Broadband Edge support for cos
1582356 bbe-smgd process on both routing engines may crash due to a rare timing issue after logout of subscribers over pseudowire
Product-Group=junos
In subscriber over MPLS pseudowire scenario, bbe-smgd process on both routing engines may crash due to a rare timing issue after subscriber logout. Output of "show system core-dumps routing-engine both" will indicate presence of bbe-smgd core dumps on both routing engines.
PR Number Synopsis Category: Express pfe ddos protection feature
1547032 OSPFv3 session may keep flapping and OSPFv3 hellos might be dropped in the host-path
Product-Group=junos
On QFX10008/QFX10016/QFX10002-36Q/QFX10002-72Q platforms, the OSPFv3 sessions might keep flapping and the hello packets maybe dropped in the host path. This might happen with high amount of control traffic with OSPFv3 protocol configured. This is because OSPFv3 hello packets are not proper classified going to the unclassified DDOS queue.
PR Number Synopsis Category: Express PFE L2 fwding Features
1534340 The dcpfe process might crash and cause FPC to restart due to the traffic burst
Product-Group=junos
The dcpfe process might crash on the QFX10002-60C/PTX10002-60C platform and might lead to FPC restart causing traffic loss. This issue is seen during traffic bursts on the device.
PR Number Synopsis Category: idp flow creation, deletion,notification, session mgr intfce
1521682 The flowd or srxpfe process might generate core files during the idpd process commit.
Product-Group=junos
On all SRX platforms, there is chance of core dump on PFE, if "delete security idp" command is issued from CLI while already an idpd process commit is in progress. The core might be produced due to memory corruption on the PFE. There is no check for IDPD status (Ready or Commit) while unloading running policy on issuing "delete security idp". This leads to out of sync message processing on PFE when already a commit is in progress and "delete security idp" is issued. This is a rare issue.
PR Number Synopsis Category: IDP on logical system
1561298 The idpd process might stop when committing IDP configuration under logical systems and tenant systems during RGs failover.
Product-Group=junos
On SRX Series devices, if there are a considerable number of Logical-systems/Tenants configured. The idpd process might crash if the IDP-related configuration under Logical-systems/Tenants is changed and committed repeatedly during Redundancy Groups(RGs) failover. It is suggested not to modify and commit the IDP-related configuration in that situation.
PR Number Synopsis Category: Kernel software for AE/AS/Container
1582060 Changing bandwidth statement does not take affect for SNMP ifHigSpeed oid until a PSX interface is disable/enabled
Product-Group=junos
Changing bandwidth statement does not take affect for SNMP ifHigSpeed oid until a PSX interface is disable/enabled
PR Number Synopsis Category: jdhcpd daemon
1554992 DHCP packet drop might be seen when the DHCP relay is configured on a leaf device.
Product-Group=junos
DHCP Offers are getting dropped with send error counter incrementing. This is specifically seen in a RI to RI environment where the client and server are reachable in different routing-instances.
PR Number Synopsis Category: jl2tpd daemon
1581096 IWF AVP value may not be reflected properly on LTS
Product-Group=junos
In L2TP scenario when MX router functions as LTS (L2TP Tunnel Switch), if ICRQ with IWF AVP is received from LAC (L2TP Access Concentrator), IWF AVP set to 1 will be sent to LNS (L2TP Network Server) instead of IWF AVP value that was received from LAC.
PR Number Synopsis Category: Firewall Policy
1576038 Traffic loss might be seen when a big number of applications or addresses is referenced by one policy.
Product-Group=junos
On all SRX platforms, when a big number of applications or addresses is referenced by one policy (e.g. 3k applications) that causes IPC (Inter Process Communications between RE and PFE) fragmentation, policy out-of-sync might be seen. The issue results in the policy work incorrectly and traffic loss might be seen.
PR Number Synopsis Category: IPSEC/IKE VPN
1522931 IPsec traffic might get dropped after RG0 failover.
Product-Group=junos
IPsec traffic might get dropped after RG0 failover.
1565132 When there are multiple IPsec SA, backup SA start IPsec rekey.
Product-Group=junos
On all SRX platform, when there are multiple IPsec SA for single IPsec tunnel, backup SA start ipsec rekey and multiple IPsec SA condition remains for a long time.
1571105 SPI mismatch caused by simultaneous rekeys under kmd stress.
Product-Group=junos
On the SRX Series platforms with IPsec configured, when kmd has high stress due to enabling traceoption, SPI mismatch might be seen under back2back rekeys. This can lead to incoming traffic cannot be decrypted on the target tunnel.
PR Number Synopsis Category: lacp protocol
1551925 OSPF and OSPF3 adjacency uptime is more than expected after NSSU upgrade and outage is higher than the expected.
Product-Group=junos
Few AE interface flap could be seen during NSSU for AE with LACP configured. LACP remains detached state on child interface even if link is up after FPC upgrade during NSSU. This can result in traffic outage and flaps in other protocols running over this AE.
PR Number Synopsis Category: Issues related to Junos licensing infrastructure
1519672 During an upgrade, system displays the following incorrect license warnings when utilizing licensable features even if the license is present on the device: requires 'idp-sig' license
Product-Group=junos
During an upgrade, system would display incorrect license warnings when utilizing licensable features such as 'warning: requires 'idp-sig' license' even if the license is present on the device. This issue is applicable to other Junos devices.
PR Number Synopsis Category: lldp sw on MX platform
1528856 The l2cpd process might crash when removing LLDP on an aggregated Ethernet interface.
Product-Group=junos
On all Junos platforms, if Link Layer Discovery Protocol(LLDP) is enabled on 'interface all' and some AE interface at the same time, the Layer 2 Control Protocol process (l2cpd) might crash when lldp is removed from the AE interface. The l2cpd crash might affect all the protocols running under it (such as X-STP, LLDP, ERP, MVRP, etc.).
1576721 The LLDP neighbor information displays hex string instead of chassis ID when subtype 1 is used.
Product-Group=junos
LLDP neighbor information displays hex format instead of chassis ID when interoperating with some other vendors' devices which use subtype 1 in chassis-id.
PR Number Synopsis Category: MPC11 ULC interface software related issues.
1485719 pic_get_port_name_from_plugin: PIC: chassisd event keeps on flooding continuously
Product-Group=junos
chassisd log file gets flooded with event pic_get_port_name_from_plugin events continuously.
PR Number Synopsis Category: For multicast snooping on MX
1583207 With IGMP snooping implemented, there is unexpected jitter issue that could cause traffic loss
Product-Group=junos
On all Junos platforms running 19.4R1 onward, with IGMP snooping implemented, there is unexpected more than 1 second for network convergence. The reason of the issue is that multicast route is not installed into Kernel Routing table (KRT) and synchronized efficiently. This issue could cause jitter problem and initial traffic loss. Please refer to Workaround to avoid this issue.
PR Number Synopsis Category: Jflow and sflow on MX
1550603 The adapted sample rate might get reset to the configured sample rate without changing the sampling rate information in sFlow datagrams after enabling sFlow technology on a new interface.
Product-Group=junos
For the platforms supporting single sample rate per line card (i.e. MX Series routers and EX9200 switches), the actual (effective) sample rate of all the interfaces on a single FPC will be set to the sample rate with the lowest value if the configured or adapted sample rate are different among the interfaces enabled sFlow technology on this FPC. So, after the adaptive sampling event happens and the adapted sample rate (It has value great than the configured sample rate) is used for the interfaces on a FPC, if enabling sFlow technology on a new interface on the same FPC, the actual (effective) sample rate for the existing interfaces will be changed to the configured sample rate. However, the "Adapted sample rate" in "show sflow interface" CLI command and the "Sampling rate" in sampling information of the sFlow datagrams still shows the previous adapted sample rate. The inconsistency between flow information and actual sample rate might cause issues on the collector side.
PR Number Synopsis Category: Neo Interface
1541382 With hold time configuration, the ge Interfaces remain down on reboot.
Product-Group=junos
With hold time configuration, GE Interfaces from MPC cards which use MIC driver (such as MPC2E/3E NG, MPC Type 1, MPC Type 2) may go down.
PR Number Synopsis Category: Track Mt Rainier RE platform software issues
1570135 The log message "/tmp//mpci_info: No such file or directory :error[1]" might be seen on VM Host platform
Product-Group=junos
The log message "/tmp//mpci_info: No such file or directory :error[1]" might be seen on VM Host platform. It is a rare issue.
PR Number Synopsis Category: OS IPv4/ARP/ICMPv4
1564323 "Last flapped" timestamp for interface fxp0 gets reset every time "monitor traffic interface fxp0" is executed
Product-Group=junos
"Last flapped" timestamp for interface fxp0 gets reset every time "monitor traffic interface fxp0" is executed.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1579331 EX4400: Under some conditions, the FPGA reset reason may be incorrectly shown in console logs as 0.
Product-Group=junos
EX4400: Under some special conditions, such as boot from OAM volume following a graceful/warm reboot, the FPGA reset reason incorrectly shown in console logs as 0.
PR Number Synopsis Category: "ifstate" infrastructure
1547164 Backup Routing Engine vmcore might be seen due to the absence of the next-hop acknowledgement infra.
Product-Group=junos
On all Junos platforms with dual RE, during internal testing of rigorous interface flaps, after several iterations (100s), once a vmcore was reported on Backup RE. The vmcore analysis pointed to rnh_index_alloc panic on the backup RE which is potentially caused due to the absence of NH ACK Infra on the device.
PR Number Synopsis Category: Kernel Multicast Infrastructure
1569957 FPC might crash in a multicast scenario
Product-Group=junos
On EX/PTX platforms with AE bundle interface(s), FPC crash might be seen after GRES. It might be seen when the device is configured with a multicast scenario (composite Next-Hops for multicast routes are present over AE child links. After child member(s) of AE interface flapped, there is a sync issue between master Routing-Engine and backup Routing-Engine, which caused the FPC crash.
PR Number Synopsis Category: Kernel Stats Infrastructure
1522561 OID ifOutDiscards reports zero and sometimes shows valid value.
Product-Group=junos
OID ifOutDiscards reports zero and sometimes shows valid value. user@router> show snmp mib get ifOutDiscards.514 | refresh 3 ---(refreshed at 2020-07-10 12:54:07 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:10 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:13 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:16 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:19 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:22 IST)--- ifOutDiscards.514 = 241974 ---(refreshed at 2020-07-10 12:54:25 IST)--- ifOutDiscards.514 = 241974 ---(refreshed at 2020-07-10 12:54:28 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:31 IST)--- ifOutDiscards.514 = 0
PR Number Synopsis Category: OSPF routing protocol
1561207 Duplicate LSP nexthop is shown on inet.0, inet.3 and mpls.0 route table when ospf traffic-engineering shortcuts and mpls bgp-igp-both-ribs are enabled.
Product-Group=junos
mpls.0 and inet.3 LDP routes showed duplicate RSVP LSP nexthops when "protocols mpls traffic-engineering bgp-igp-both-ribs" and "protocols ospf traffic-engineering shortcuts" were configured.
PR Number Synopsis Category: Protocol Independant Multicast
1500125 Some PIM join or prune packets might not be processed in the first attempt in the scaling scenario where the PIM routers establish neighborship and immediately join the multicast group
Product-Group=junos
On all Junos platforms with scaling MVPN scenario, some PIM Join/Prune messages may not be processed for the first attempt. For instance, a dedicated PIM router receives more than 2500 PIM hello packets from the new neighbors, followed by PIM Join packets for the same multicast group in a very short period of time.
1542573 Continuous rpd crash might be observed if a static group is added to protocol PIM.
Product-Group=junos
when the static group is configured under protocols pim, continuous rpd crash might happen, which will eventually cause rpd to be down. Please use IGMPv3 static join instead if not otherwise instructed to avoid this issue.
PR Number Synopsis Category: JRR - VRR running on SRX4200
1582038 JRR200: Option-60 (Vendor-Class-Identifier) is not sent during ZTP
Product-Group=junos
The factory default config on JRR200 doesn't have vendor-id option configured on the interfaces (em0; em2-em9) and as a result DHCP option 60 doesn't get sent out to the DHCP/ZTP server during the ZTP process.
PR Number Synopsis Category: PTP related issues.
1557758 Packets corruption on 100G or 40G interface are configured with protocol PTP.
Product-Group=junos
On MX Platform with any of these linecards -MPC9E/JNP10K-LC2101/JNP10003-LC2103/MX204-MPC, Packets corruption might occur with enabling PTP(Protocol Time protocol) on 100G/40G interfaces mapped to Channelized MAC.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1567037 On the QFX5100 device, the following internal comment is displayed: Placeholder for QFX platform configuration.
Product-Group=junos
On EX4600 and QFX5100 platform, internal comment 'Placeholder for QFX platform config' may be seen on show config output.
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1512203 Channelized interfaces might fail to come up.
Product-Group=junos
On QFX5210 platform with knob "auto-speed-detection" enabled (enabled by default), some interfaces might stay in down state due to improper channelization by the device.
PR Number Synopsis Category: QFX platform optics related issues
1561181 The tunable optics SFP+-10G-T-DWDM-ZR doesn't work on EX/QFX devices
Product-Group=junos
On EX4600/EX4650/QFX5110 devices with tunable optics SFP+-10G-T-DWDM-ZR used, the configured wavelength value does not take effect when connecting two EX/QFX across a mux (multiplexer) using tunable optics SFP+-10G-T-DWDM-ZR.
PR Number Synopsis Category: QFX L2 PFE
1558128 The MAC addresses learned in a Virtual Chassis may fail aging out in MAC scaling environment
Product-Group=junos
On EX23xx/EX34xx/EX4300/EX46xx/series and QFX5xxx Series platforms, the MAC addresses may fail aging out under an environment Virtual chassis where a large number of MAC addresses are learned. This issue was observed with mac entries 280000 in the Virtual chassis devices.
1564020 On EX4650/QFX5120 platforms, "storm control" with IRB interface might not work correctly
Product-Group=junos
On EX4650/QFX5120 platforms, "storm-control" might not work as expected if adding an IRB interface to a VLAN where "storm-control" is enabled. This defect could be seen when a destination IP of the stream's route is in a resolve state.
PR Number Synopsis Category: RPD Interfaces related issues
1526481 The following error message is observed during GRES if an IRB interface is configured without a profile: RPD_DYN_CFG_GET_PROF_NAME_FAILED.
Product-Group=junos
In DHCP subscriber scenario, if IRB interface is configured under dhcp-local-server without dynamic-profile, the DHCP process might be abnormal after GRES or restart rpd and cause DHCP subscribers unable to login.
PR Number Synopsis Category: KRT Queue issues within RPD
1539601 The rpd memory leak might be observed on the backup Routing Engine due to the flapping of the link.
Product-Group=junos
On all Junos platforms with dual REs, rpd memory leak may be seen when an AE member interface flaps or immediate restart of master RE. The memory leak was observed be around 32 bytes per session, the leak is only seen when AE have more than 8 legs.
PR Number Synopsis Category: RPD policy options
1583535 bbe-smgd - dymanic-profile NACK due to config error reading address mask prefix-length in policy-options/policy-statement
Product-Group=junos
bbe-smgd fails when reading configuration for address mask prefix-length when configured in a policy-statment, causing the service-profile to fail.
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1514966 Traffic might be silently discarded when the BGP route gets deleted, which is part of multipath.
Product-Group=junos
On Junos and Junos EVO platforms, when BGP "multipath" and "multipath-resolve" enabled, if the route R1 's PNH(protocol next-hop) resolves over BGP multipath route, the route R1 could recursive resolution over BGP multipath, when one of the multipath route deleted, the R1 route couldn't resolve to other active multipath routes, so the traffic will be lost.
PR Number Synopsis Category: show route table commands, tracing, and syslog facilities
1565425 The KRT log file might continue to grow after removing the KRT log configuration
Product-Group=junos
If kernel routing table (KRT) trace logs are configured and later removed, they will remain active and KRT logs will still be written to the configured files.
PR Number Synopsis Category: SW PRs for SCBE3 related kernel drivers
1564539 MX platforms with MX-SCBE3 may reboot continuously.
Product-Group=junos
A recent change in the kernel boot loader causes a system with MX-SCBE3 to experience the Routing Enginne's kernel memory corruption which causes the system to reboot continuously.
PR Number Synopsis Category: SW PRs for SCBE3 fabric
1573360 Fabric errors are observed and FPC processes might get offline when the MPC3-NG/MPC3E/SRX5K-IOC2 line cards are installed along with the MPC7/MPC10/SRX5K-IOC04 and SCBE3/SCB4 line cards operating in an increased-bandwidth fabric mode.
Product-Group=junos
On MX240/MX480/MX960 and SRX5600/SRX5800 platforms, with default "increased-bandwidth" fabric mode on SCBE3 or SCB4, if MPC3/MPC3-NG or SRX5K-IOC2 exist on the system along with high bandwidth MPC/IOC, during high traffic situation or traffic burst through the fabric towards MPC3/MPC3-NG/SRX5K-IOC2, the fabric plane may report unreachable destination condition and causes fabric healing to trigger. This issue is exacerbated when having MPC7, MPC10 or SRX5K-IOC4 line cards installed due to the higher fabric bandwidth potential. Please refer to TSB17936 (https://kb.juniper.net/TSB17936) for further details.
PR Number Synopsis Category: IPSEC functionality on M/MX/T ser
1544800 The kmd process might crash when the interface flaps
Product-Group=junos
On all Junos platforms that enable IPSec tunnel, when interface flapping, kmd might crash and cause IPsec traffic loss. When kmd crashes, the established IPsec tunnel will not be affected, unless the IPsec SA re-negotiate happens to take place during the kmd restarting. For new establishing IPSec tunnel, it cannot be established until kmd comes back up automatically.
PR Number Synopsis Category: Issues related to Snorkel Interfaces
1573209 CFP unplugged message is not logged in Junos OS Release 17.3 and later.
Product-Group=junos
CFP unplugged message is not logged in Junos OS Release 17.3 and later.
PR Number Synopsis Category: platform related PRs on SRX branch platforms
1572920 Traffic going through the VRRP interface might be dropped when VRRP enabled IRB interface goes down.
Product-Group=junos
On the SRX platform with multiple IRB interfaces belong to the same VRRP group ID, when one of the IRB interfaces down, it might cause traffic disruption going through Virtual IP (VIP) on another IRB interface.
PR Number Synopsis Category: MX10003/MX204 MPC defects tracking
1567797 On the MX204 routers, FPC might display high CPU utilization because of the JGCI background thread that runs for a long period.
Product-Group=junos
On the MX204 platform, the FPC CPU may show high CPU utilization after Junos 19.4. This because the JGCI background thread is taking a longer CPU cycle as I2C is operating at a lower speed. This issue may cause other control packets or traffic to be delayed or dropped.
PR Number Synopsis Category: Trio LU, IX, QX, MQ chip drivers, ucode & related SW
1570631 pfe err-jnh_physmem_add_resvd_to_cntr(18014): PFE 0 jnh_app 0x08020860, add ox00080000 from 0x00b00000-0x00b80000 to baMask 0x1.
Product-Group=junos
FPC reports following error log messages. pfe err-jnh_physmem_add_resvd_to_cntr(18014): PFE 0 jnh_app 0x08020860, add ox00080000 from 0x00b00000-0x00b80000 to baMask 0x1.
1573920 cassxr_err_addr(8593): Uninitialized Read Error @ EDMEM[0x7cb601b0]
Product-Group=junos
FPC reports following error log messages cassxr_err_addr(8593): Uninitialized Read Error @ EDMEM[0x7cb601b0]
PR Number Synopsis Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1574383 Slow FPC heap memory leak might be triggered by flapping the subscribers terminated over multiple pseudowires.
Product-Group=junos
In subscriber over MPLS pseudowire scenario, FPC heap memory leak may be triggered when all subscribers over a pseuodwire flap at the same time. FPC heap memory leak will be seen on all FPCs except the FPC that hosts the anchor PFE for the pseudowire which is used by the flapping subscribers.
PR Number Synopsis Category: Trio pfe qos software
1538960 The following major error message might cause the Packet Forwarding Engine(s) to disable: XQ_CMERROR_SCHED_L3_PERR_ERR.
Product-Group=junos
On EX9200 platforms with EX9200-6QS, MX Series platforms with MPC2E/3E/5E(Q), and SRX5000 Series platforms with MPC3, the Packet Forwarding Engine on that FPC might be disabled due to a major alarm: "XQ_CMERROR_SCHED_L3_PERR_ERR". Without the fix, this major alarm triggered "disable-pfe" action. This defect could be seen if there is a parity error in the Layer 3 node static memory.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1501656 PE-CE OAM CFM might have issues in the aggregated Ethernet interface.
Product-Group=junos
On MX/EX92XX platforms, if CFM is enabled on AE interface between CE and PE Devices when the PE router is coming up after upgrade reboot, the CFM adjacency does not transit to "ok" state on CCC-Down interface and it stays in "start" state. Then, if the CCC-Down interface transits to Up and back to CCC-Down again, for example, due to EVPN designated forwarder (DF) switchovers, this CCC-Down interface transits to Link-Layer-Down state forever and subsequent DF switchovers do not have any effect.
1533767 Packet Forwarding Engine errors or traps might be observed in the Layer 2 flooding scenarios.
Product-Group=junos
On Junos platforms with MPC1~4/MPC-3D-16XGE/T4000-FPC5/ EX9200-4QS/EX9200-2C-8XS/EX9200-MPC/EX9200-32XS/ SRX5K-SPC-4-15-320/SRX5K-MPC, when broadcast/multicast packets from access as transit traffic flooding in a bridge-domain (for example: multicast OSPF packets entering EVPN instance, these OSPF packets are being handled as transient packets), all packets except IPv6 NS (Neighbor Solicitation) might be dropped because of traps.
1554908 Traffic is not forwarded over IRB to a Layer 2 circuit on the lt interfaces.
Product-Group=junos
On trio based platforms, the IP traffic is not forwarded over IRB to l2circuit on lt interface (UNI) path scenario.
1560788 The BUM frame might be duplicated on an aggregate device if the extended-port on the satellite device is an aggregated Ethernet interface.
Product-Group=junos
On the Fusion AD (Aggregate Device), the BUM frame might be duplicated if the Extended-port on the SD (Satellite Device) is an aggregate ethernet.
1571439 On all EX9200 platforms with EVPN-VXLAN configured, the next-hop memory leak in MX Series ASIC happens whenever there is a route churn for remote MAC-IP entries learned bound to the IRB interface in EVPN-VXLAN routing instance. When the ASIC's next-hop memory partition exhausted the FPC might reboot.
Product-Group=junos
On all MX/EX92xx platforms with EVPN-VXLAN configured, the NH (Next-Hop) memory leak in Trio ASIC happens whenever there is a route churn for remote MAC-IP entries learned bound to the IRB interface in EVPN-VXLAN routing-instance. When the ASIC's NH memory partition exhausted (free% NH memory is close to 20% or below) the FPC might reboot.
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1569715 The MPLS traffic passed through the back-to-back PE topology might match the wrong CoS queue.
Product-Group=junos
In a scenario involving back-to-back PE routers with CoS configurations where the LDP or RSVP LSP will be single hop LSP due to penultimate hop popping (PHP) and a real outer label is not imposed. In such a scenario, the EXP bits in the inner label (the label corresponding to L2circuit, L2VPN, L3VPN etc) may not be propagated based on the configured EXP rewrite rule to the downstream router. This will result in traffic being classified incorrectly on the egress PE and the forwarding of traffic might occur in an incorrect queue.
1577611 When line card is booted on RE1 being Master, Nextgen stats failed to fetch the value of backup mac address correctly
Product-Group=junos
When line card is booted on RE1 being Master, Nextgen stats module failed to fetch the value of RE0 mac address correctly. So subscriber interim stats reporting will be impacted (for the subscriber on the push cards i.e. MPC3 NG, MPC5, MPC7 onwards) when a GRES is performed.
PR Number Synopsis Category: Authentication, Authorization, Accounting, PAM (RADIUS/tacplus)
1530106 Ex3400 VC - Console access on backup VC member is not allowed
Product-Group=junos
Console login on a Virtual Chassis backup member might not be permitted if unreachable DNS name-server is configured on the box. DNS name resolution checks if the host is valid for login or not. If the DNS server configured on the box is not reachable, the user is not allowed on the Virtual Chassis while trying to access it from the console of the backup member.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1459839 Configuration change might not be applied if the Ephemeral database is used.
Product-Group=junos
If Ephemeral DB is used, configuration change might not be applied on the device. In case of LDP configuration change, it might cause LDP session down hence affects traffic.
PR Number Synopsis Category: Virtual Router Redundancy Protocol
1512658 The vrrpd might crash when dual VLAN on VRRP interfaces is configured.
Product-Group=junos
If dual VLAN on VRRP interfaces is configured, multiple iteration of restarting chassisd, restart routing and interface bounce might lead to vrrpd crash.
PR Number Synopsis Category: usf inline feature related issues
1547647 The nsd daemon might crash after configuring the inline NAT in the USF mode.
Product-Group=junos
On MX240/480/960 platforms, the nsd daemon might crash after configuring the inline NAT in USF mode. This might be caused due to the new memory debugging framework introduced in NSD daemon to track allocated or free memory.
 

19.4R3-S3 - List of Known issues
PR Number Synopsis Category: ACX L2 related features
1565642 ACX5048: Entry for mac address from which no traffic is seen for mac age timer does not age out if there is active traffic destined for this mac
Product-Group=junos
As per the current code, ACX would not delete a mac address from the mac table there is- (a) traffic destined to the mac address or (b) traffic sourced from the mac address or (c) both Fix of this PR will allow ACX to only look at (b) traffic sourced from mac address before deleting the mac address entry from mac table. So, if there is no traffic sourced from the mac for an interval of mac aging timer, the mac would be deleted from the mac table at the end of mac aging timer with out taking into account the traffic destined to the mac address.
PR Number Synopsis Category: a20a40 specific issue
1578927 PEM fan alarms raised too late
Product-Group=junos
In some cases PEM fan alarms are delayed, or show up when the PEM input failure clears itself
PR Number Synopsis Category: Control Plane and Infrastructire for the B-54 program
1188254 Junos Fusion Enterprise: LLDP might stop working if manually deactivated and reactivated
Product-Group=junos
On a Junos Fusion Enterprise, LLDP might stop working if it is reenabled after being manually disabled.
PR Number Synopsis Category: Virtual-chassis platform/chassisd infrastructure PRs for MX
1587499 Unable to configure pseudowire interface on an MX10003 in virtual chassis mode
Product-Group=junos
An MX10003 in virtual chassis (VC) mode, configuring a pseudowire interface over a logical tunnel (LT) or a redundant logical tunnel (RLT) results in a commit error that states that the anchor point interface is not configured, even when the LT or RLT interface is operationally up. The issue is not present on MX10003 in non-VC mode.
PR Number Synopsis Category: Multiprotocol Label Switching
1575060 The LSP might fail to be established
Product-Group=junos
When ISIS-TE or OSPF-TE is enabled without admin-groups-extended-range/admin-groups-extended (which is configured under routing-options) or admin-group-extended configured, if receives the peer-router advertised the extended admin groups and then enable the config of admin-groups-extended-range/admin-groups-extended and admin-group-extended, some LSP with extended admin group constraints will fail to be established.
PR Number Synopsis Category: OS IPv4/ARP/ICMPv4
1462193 Vmcore may be dumped during ping execution with IPV4 or V6, when statsfilter is used
Product-Group=junos
There is a use-after-free situation happening in the system. Mbuf gets freed and is used by the stats-filter code. The fix is to free the mbuf after the STATS_FILTER code. The issue can be seen on the box when this feature enabled & statsfilter command is run, where we were trying to access an already freed mbuf. This is not supposed to crash the device. statsfilter -t IP -f src -s 1 We can enable it using statsfilter sysctl.But we can ensure that we will not hit such crash issues in version post 19.4. However it should be used properly.
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1560086 PRBS (psuedorandom binary sequence) test on the QFX5200 device fails for 100GbE interfaces with the default settings
Product-Group=junos
PRBS (Pseudo Random Binary Sequence) test on QFX5200 platform fails for 100G interfaces with default settings.
PR Number Synopsis Category: QFX L2 PFE
1564756 Outgoing BUM traffic may be dropped on GE interface with DLB configured on it
Product-Group=junos
On Broadcom based EX/QFX switches BUM traffic, outgoing from GE interface with DLB configured on it, may be dropped due to HW limitation on Broadcom chipset. Depending on junos release after applying DLB config to the GE port, corresponding IFD flap may be needed additionally to hit the issue.
PR Number Synopsis Category: QFX EVPN / VxLAN
1550305 Traffic not load balanced by EX4300-48MP and EX4300-VC over ESI links with evpn_vxlan configured.
Product-Group=junos
Traffic does not get load balanced by QFX10K to all the PE devices in the core which share a ESI links with EVPN_VXLAN configured.
PR Number Synopsis Category: Resource Reservation Protocol
1576979 With the local reversion on, there is a possibility of the transit router not informing the headend of RSVP disabled link when the link flaps more than once.
Product-Group=junos
With local reversion ON, there is a possibility of transit router not informing headend of RSVP disabled link when link is flapped more than once. Work around is to remove local-reversion configuration.
1581207 downgrade from from 19.4 above to 19.4 below junos fails validation at "rsvp interface update-threshold"
Product-Group=junos
The rsvp interface update threshold configuration syntax has changed from releases 19.4 to include curly braces are the threshold value. As such upgrading and downgrading between these two releases is not entirely automatic and now requires the user to delete this stanza if configured before the downgrade and then manually reconfigure. https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/update-threshold-edit-protocols-rsvp.html /config/juniper.conf:186:(30) invalid value at '{' [edit protocols rsvp interface et-0/0/0:0.0 update-threshold] 'update-threshold {' invalid value /config/juniper.conf:191:(1) invalid value at '}' [edit] '}' invalid value Validation failed
PR Number Synopsis Category: SRX Wifi
1569680 Wi-Fi mPIM on SRX Series devices is reaching out to NTP and DNS servers.
Product-Group=junos
When Wifi mPIM card get IP address, it could send NTP and DNS packets to JUNOS. In firmware 1.2.9 and 1.5.4, DNS and NTP in Wifi mPIM are disabled by default.
PR Number Synopsis Category: Stout card (MPC7) fabric issues
1561306 The BFD session goes down after ISSU switchover.
Product-Group=junos
JDI-RCT:M/Mx: Bfd session went down after switchover phase of ISSU
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1525594 The vmxt_lnx process generates core file at KtreeSpace::FourWayLeftAttachedNode::getNextDirty Trinity_Ktree::walkSubTree Trinity_Ktree::walkSubTree.
Product-Group=junos
On vMX, the blockpointer in the ktree is getting corrupted leading to core-file generation. There is no function impact such as fpc restart or system down and the issue is not seen in hardware setups.
PR Number Synopsis Category: Virtual Router Redundancy Protocol
1534835 IPv6 VRRP sessions are not established when Duplicate Address Detection (DAD) is enabled.
Product-Group=junos
On MX platforms with IPv6 VRRP sessions, the VRRP sessions are not established when Duplicate Address Detection (DAD) is enabled.
 
Modification History:
First publication 2021-05-10
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search