Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

19.3R3-S3: Software Release Notification for JUNOS Software Version 19.3R3-S3

0

0

Article ID: TSB18116 TECHNICAL_BULLETINS Last Updated: 25 Jul 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 19.3R3-S3 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 19.3R3-S3 is now available.

19.3R3-S3 - List of Fixed issues

PR Number Synopsis Category: EX4300 PFE
1595797 The Egress RACL Firewall filter might not get programmed correctly on EX4300 platforms
Product-Group=junos
On EX4300 platforms, the Egress RACL(Routed ACLs) Firewall filter might not get programmed correctly, if there is any modification made in the filter which is already attached to an interface and it is the only filter in the group. The traffic through the interface will be impacted.
1597548 Broadcast traffic might be discarded when a firewall filter is applied to the loopback interface
Product-Group=junos
On EX4300 platforms, when a firewall filter for broadcast traffic with discard action policer is applied to the loopback interface, all broadcast packets (including Layer 2 forwarding packets, such as DHCP discover packets) that match this filter rule might be dropped.
1598251 VLAN tagged traffic might be dropped with service provider style configuration
Product-Group=junos
On EX4300 platforms with both enterprise style and service provider style configurations, an interface with enterprise style IFL and flexible-vlan-tagging configured, VLAN tagged traffic might be dropped due to incorrect programming in the system.
PR Number Synopsis Category: EX4300 Filters implementation
1578859 EX4300MP - DCPFE core is observed with mac based vlan scale config
Product-Group=junos
DCPFE core will be seen with mac based vlan scale config after interface flap
PR Number Synopsis Category: Marvell based EX PFE L2
1579293 Some MAC addresses might not be aged out on EX4300 platforms
Product-Group=junos
On EX4300 platforms, when the number of MAC addresses learned in the system is close to the MAC limit of 65535, some MAC addresses might not be aged out even if the traffic stops and aging timeout occurs. It is a rare issue and hard to be reproduced.
PR Number Synopsis Category: EX2300/3400 PFE
1586341 DSCP Rewriting might fail to work on EX2300
Product-Group=junos
On EX2300-48 platforms with dual tags VLAN used, DSCP Rewriting might not work when QinQ traffic sent across different chip units (in Ex2300 one PFE has 2 chip units).
1592096 "show pfe filter hw" may generate "ERROR (dfw): Unknown group id: 21" message.
Product-Group=junos
When an interface is assigned to ethernet-switching family, the default-denied COS filter is automatically assigned. However, Group ID was not defined internally and caused the Error message when "show pfe filter hw" command is executed. You can ignore the message safely.
PR Number Synopsis Category: EX2300/3400 platform
1539933 The POE might fail on EX platforms due to a rare timing issue in the VC scenario
Product-Group=junos
On EX platforms with Virtual Chassis (VC) scenario, Power over Ethernet (POE) might not be detected and hence might fail to work on VC members. This happens when there is a CPU spike on master (for example 70% or above) and if a VC member gets rebooted or a new member joins VC. It is a rare timing issue and hard to reproduce.
PR Number Synopsis Category: MPC3/4/5/6E XQ Software
1464297 On the MX960 router, the following error message might be observed: SCHED L4NP[0] Parity errors.
Product-Group=junos
This PR along with an earlier PR1232952 address the issue completely, so JUNOS version in question should have fix for these two PRs to address this issue completely.
PR Number Synopsis Category: QFX PFE CoS
1581187 The Buffer allocation for VCP ports might not get released in PFE after physically moving the port location
Product-Group=junos
After physical movement of the VCP interface from one port to another port without deleting VCP configuration from CLI, the buffer allocation for VCP ports not getting released in PFE.
1585361 The dscp classifier does not work and all packets are sent to a single queue.
Product-Group=junos
On the QFX5000 line of switches, when a Layer 3 interface with multiple logical interfaces is deleted and re-configured with custom classifier, queue classification will not work and traffic will take best-effort queue.
PR Number Synopsis Category: QFX PFE L2
1574435 On the QFX5000 line of switches, software forwarded VXLAN decapsulated packets contains illegal length.
Product-Group=junos
On the QFX5000 line of switches, software-forwarded VXLAN de-encapsulated packets (such as STP and DHCP) received on a VTEP interface might be forwarded with illegal length. During de-encapsulation, the packet length might not be adjusted to the length on the inner payload. The packet gets forwarded by adding trailer for the remaining length.
1582473 MAC addresses learnt from the MC-LAG client device might keep flapping between the ICL interface and MC-AE interface after one child link in the MC-AE interface is disabled.
Product-Group=junos
On QFX/EX series products using Broadcom chip based PFE (i.e., QFX3500/QFX3600/QFX5100/QFX5110/QFX5120/QFX5200/QFX5210/EX4300/EX4600/EX4650), if Multichassis link aggregation group (MC-LAG) is configured, and the interchassis link (ICL) interface is a physical interface instead of an aggregated Ethernet (AE) interface, after one of the child links in Multichassis Aggregated Ethernet (MC-AE) interface on one of MC-LAG peers is disabled, the MAC addresses learnt from MC-LAG client device might keep flapping between the ICL interface and MC-AE interface. It could cause traffic drop when MAC addresses are learnt on ICL interface. This issue is only exposed in Junos release having the code change in PR 1504586 (which is fixed in Junos: 17.3R3-S9 17.4R3-S3 18.1R3-S11 18.2R3-S6 18.3R3-S3 18.4R2-S6 18.4R3-S6 19.1R3-S2 19.2R3 19.3R3 19.4R3 20.1R2 20.2R2 20.3R1 20.3X75-D10 20.4R1) but not having fix of PR 1582473.
PR Number Synopsis Category: BBE database related issues
1592889 Any mmcq based services might crash due to shared memory queues issue happens in a rare condition
Product-Group=junos
In the shared memory queues (mmcq) scenario (e.g. Enhanced Subscriber Management and Next Generation Broadband-Edge Statistics in this case). The BBE statistics are mapped and queued on the shared memory, in a very rare case, if the allocated mmcq of the selected data is disorderly, the improper BBE statistics might be sent/took for the subscriber services, then the bbe-smgd/bbe-statsd might crash. Also, all these kinds of the crash might continue due to the persistence of shared memory values, then the mmcq based services will not work until performing GRES or rebooting the RE.
PR Number Synopsis Category: BBE interface related issues
1577289 Traffic loss might be seen when subscriber service over AE bundle interface(s)
Product-Group=junos
On MX platforms with subscriber scenario, traffic loss might be seen if configuring dynamic-profile over AE bundle interface(s) (several thousand subscribers upon on the ports). This defect could be seen when changing AE child links while the kernel is busy deleting the old AE link members, and not pseudo ifl (logical interface) with new AE member links.
PR Number Synopsis Category: Border Gateway Protocol
1581578 BGP replication might be stuck in rare and timing conditions
Product-Group=junos
On all platforms with dual Routing Engines running Junos OS or Junos OS Evolved, BGP Nonstop-Routing replication might be stuck in a rare and timing case. BGP session(s) on the primary Routing Engine are stuck in "SoWait" state, and BGP session(s) on the backup Routing Engine cannot sync with the primary Routing Engine. From the BGP peer side, the BGP session(s) will break after hold-time expiry (90 seconds by default). This defect could be seen after the following series of events happen. * BGP NSR replication starts while primary Routing Engine (BGP session) is busy reading packets (i.e. protocol data unit). * Primary Routing Engine (BGP session) requests to stop reading at PDU boundary. * While BGP session on primary Routing Engine is waiting to read complete packet (remaining bytes), the TCP sync connection (between primary and backup BGP) flaps (i.e., PDU boundary is NOT read before the flap).
PR Number Synopsis Category: Express Broadway PFE L3
1584042 The packets might be dropped by PFE of PTX5000 after changing the queue of IEEE-802.1ad classifier on FPC-PTX-P1-A or FPC2-PTX-P1A
Product-Group=junos
In the PTX5000 with behavior aggregate (BA) classification scenario, the COS queue-num 3 is applied to TTL packets by default. If the IEEE-802.1ad classifier is configured for the packets which are mapped to the CoS output queue-num 3 (The PFE internal hostbound queue classification code-points=1100), in a very rare case, if some TTL expired packets are passed via the other interfaces which are also mapped to the same hostbound queue (in this case, queue 3), the packets will be dropped by PFE because of some TTL expiry packets in the same queue.
PR Number Synopsis Category: Virtual-chassis platform/chassisd infrastructure PRs for MX
1587499 Unable to configure pseudowire interface on an MX10003 in virtual chassis mode
Product-Group=junos
An MX10003 in virtual chassis (VC) mode, configuring a pseudowire interface over a logical tunnel (LT) or a redundant logical tunnel (RLT) results in a commit error that states that the anchor point interface is not configured, even when the LT or RLT interface is operationally up. The issue is not present on MX10003 in non-VC mode.
PR Number Synopsis Category: Enhanced Broadband Edge support for cos
1582356 The bbe-smgd crash might be seen after subscriber log out due to a rare timing issue on MX platforms
Product-Group=junos
On MX platforms with subscribers over the MPLS pseudowire scenario and CoS (Class of Service) configured, the bbe-smgd process might crash on both routing engines due to a rare timing issue after subscriber logout or when FPC reboot is performed on the device.
1591533 If the COS CR-features used by VBF service is configured, MPC may crash with subscriber
Product-Group=junos
On MX platforms with Next Generation Subscriber Management (Tomcat) enabled, if the COS CR-features (Classifier/Rewrite/Frag-map) are used by the VBF (Variable Based Flow) service, the MPC might crash in a rare case. The specific trigger is not known as this issue cannot be able to replicate.
PR Number Synopsis Category: QFX Access Control related
1587837 Process dot1xd crash might be seen and re-authentication may be needed on EX9208 platform
Product-Group=junos
On EX9208 platform with fusion scenario where around 30,000 mac-radius authenticated sessions are established, process dot1xd might crash and the users may need to have re-authentication due to relevant memory not getting freed when dot1x is deleted on any interface, which causes a memory leak and leads the crash.
1589678 Packet loss could be observed on dynamically assigning VoIP vlan
Product-Group=junos
On all Junos platforms, if the received dynamically assigned VoIP vlan is same as the configured static VoIP vlan, packet loss could be observed for the connected IP phone on re-authentication for the VoIP session.
PR Number Synopsis Category: MVRP
1582115 The voice VLAN might not get assigned to the access interface
Product-Group=junos
On all Junos platforms with Multiple VLAN Registration Protocol (MVRP) enabled, when VoIP is configured for the dynamically learned VLANs, the dynamically learned voice VLAN might not get attached to the access interface.
PR Number Synopsis Category: QFX xSTP Control Plane related
1592264 xSTP might not get configured when enabled on a interface with SP style configuration on all platforms
Product-Group=junos
On all Junos and EVO platforms, if xSTP is enabled on interface with service provider(SP) style configuration and the interface has multiple IFLs(units) each having different families then xSTP might not be configured on the interface and commit might fail with the following error message: "XSTP : Interface <> is not enabled for Ethernet Switching"
PR Number Synopsis Category: EA chip ( MQSS SW issues )
1556576 Junos OS: FPC may crash upon receipt of specific MPLS packet affecting Trio-based MPCs (CVE-2021-0288)
Product-Group=junos
If specific malformed MPLS packets are received, forwarding will stop on that Packet Forwarding Engine (PFE) and an MPC crash may result. Refer to https://kb.juniper.net/JSA11190 for more information.
PR Number Synopsis Category: EVPN control plane issues
1562160 The rpd might crash under EVPN-VPWS environment
Product-Group=junos
Within Ethernet VPN-Virtual Private Wire service (EVPN-VPWS) environment, if the interface assigned to VPWS instance is changed from single-homed access to multi-homed access, rpd might crash. Traffic could be self-recovered if rpd restart is success.
1570883 The multicast traffic loss might be seen in EVPN-VXLAN scenario with CRB multicast snooping
Product-Group=junos
On MX and EX92 platforms, if multicast packet replication occurs in IRB egress interface in EVPN-VXLAN scenario with CRB multicast snooping, the ether-type of the inner VXLAN packet is getting changed. It might cause multicast traffic loss and VXLAN traffic flooding.
PR Number Synopsis Category: Express pfe Mclag
1594573 The existing ECMP route traffic may be dropped if configuring a static ECMP route with the same number of next-hops as the existing ECMP route
Product-Group=junos
If a static ECMP route is configured with the same number of next-hops as the existing ECMP route and each member's next-hop is reachable over the same IRB as the existing route, the existing ECMP route traffic might be dropped.
PR Number Synopsis Category: SRX1500 platform software
1546132 SRX1500 reports fans running at over speed.
Product-Group=junosvae
SRX1500 may report intermittent cosmetic fan alarms.
PR Number Synopsis Category: Signature Database
1594283 IDP signature DB update fails
Product-Group=junos
On SRX Branch platforms, it is unable to use latest signature pack due to IDP DB failing to update.
PR Number Synopsis Category: MX Inline Jflow
1588093 The Aftcore messages might be seen after the MPC10E/MPC11E line card comes up
Product-Group=junos
On MX platforms, the AftCore messages might be seen after the MPC10E/MPC11E line card comes up. These messages will not affect traffic forwarding and Jflow learning/export. But if the 'nexthop-learning' knob is configured, Jflow will not report the correct outgoing interface (OIF)/Gateway (GW) when the flow destination is reachable through multiple paths.
PR Number Synopsis Category: Integrated Routing & Bridging (IRB) module
1567723 MAC addresses might not be relearned successfully after MAC address age timeout
Product-Group=junos
On all L2NG platforms, MAC address entries might be smaller in the MAC table than in the ARP table, this because some of MAC addresses are not relearned successfully after MAC address age timeout. This issue will cause traffic loss for non-existing MAC entries.
PR Number Synopsis Category: jdhcpd daemon
1592552 The jdhcpd process might not respond to any Discover message when it is in "clients waiting to be restored" state
Product-Group=junos
On MX platforms, some subscribers might get stuck in "clients waiting to be restored" state after the jdhcpd process is restarted. When in this state, the jdhcpd doesn't respond to any new DHCP Discover/DHCPv6 Solicit for 30 mins.
PR Number Synopsis Category: Health-Monitoring related issues
1570526 The jinsightd process might be stuck with high CPU process utilization
Product-Group=junos
On the MX/PTX Series platforms, the jinsightd process might be stuck with high CPU process utilization if the services jinsightd is enabled in the Junos Telemetry Interface (JTI) scenario.
PR Number Synopsis Category: High Availability/NSRP/VRRP
1591559 Security policies might not be synced to all PFEs (Packet Forwarding Engine) post upgrade
Product-Group=junos
On SRX-Series devices configured in chassis-cluster, after ISSU (in-service software upgrade) when there is any policy or ipid related events/config change, the security policies might not sync to all the PFEs.
PR Number Synopsis Category: Security platform jweb support
1511853 Junos OS: J-Web allows a locally authenticated attacker to escalate their privileges to root. (CVE-2021-0278)
Product-Group=junos
An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated attacker to escalate their privileges to root over the target device. Please refer to https://kb.juniper.net/JSA11182 for more information.
1592021 Junos OS: J-Web allows a locally authenticated attacker to escalate their privileges to root. (CVE-2021-0278)
Product-Group=junos
An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated attacker to escalate their privileges to root over the target device. Please refer to https://kb.juniper.net/JSA11182 for more information.
PR Number Synopsis Category: Layer 2 Control Module
1583092 The l2ald crash if a specific naming format is applied between a vlan-range and a single vlan
Product-Group=junos
On all L2NG platforms (EX2300/EX3400/EX4300/EX4600/EX9200/QFX3500/QFX3600/QFX5100/QFX10000 etc.) with 'vlan-range' configured, if a single vlan is defined with the format [previously_defined_vlan_range_name]-vlan-[any_string_value]. When an interface already assinged to the vlan-range is trying to be assinged to the single vlan, the layer2 address learning daemon (l2ald) might crash.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1587610 The SNMP trap for MAC notifications may not be generated when an interface is added explicitly under switch-options
Product-Group=junos
On Junos L2NG EX platforms and QFX platforms, the SNMP trap may not be generated for MAC notifications if "set switch-options interface no-mac-notification" is configured first and an interface is added explicitly without no-mac-notification under switch-options hierarchy at last.
PR Number Synopsis Category: Label Distribution Protocol
1582037 Sub-optimal routing issues might be seen in case LDP route with multiple next-hops
Product-Group=junos
In the case of the LDP route with multiple next-hops, the last NH weight in table mpls.0 is not set properly when the total number of LDP NHs is multiple of 8 + 1, e.g., 9, 17. This might lead to some backup route active as the primary path, which might result in a traffic loop.
PR Number Synopsis Category: lldp sw on MX platform
1591387 The LLDP packet might loss on the EX-4300MP platform if configuring LLDP on the management interface
Product-Group=junosvae
On the EX-4300MP platform, if configuring LLDP on the management interface, the management interface will not transmit any LLDP PDUs to the peer. This issue might cause LLDP packet loss.
PR Number Synopsis Category: mc-ae interface
1583547 New added MC-LAGs do not come up after RE switchover
Product-Group=junos
In the MC-LAG scenario, after RE switchover on the peer node, due to a timing issue, new added MC-LAGs do not come up on the peer.
PR Number Synopsis Category: Multicast for L3VPNs
1591228 The ddos-protection reason "packets failed the multicast RPF check" may be seen in NG-MVPN scenario with GRE transport
Product-Group=junos
In Next Generation Multicast VPN scenario where GRE is used as a transport and router receives high amount of traffic via Inclusive PMSI without active multicast subscribers, the ddos-protection may be violated with "packets failed the multicast RPF check" reason.
PR Number Synopsis Category: MX10K platform
1490749 FPC went offline & dumped core, when the PIC was offlined via CLI
Product-Group=junos
The QSFP based ports gets corrupted, due to SFPP detach procedure call for all ports on PIC while destroying ports for PIC offline. It seems the device was designed to be such that when destroying one port or QSFP, it ends up QSFP destroy for all ports.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1563647 Memory corruption of any binary in /usr/bin/ or /usr/sbin/ may be triggered when a recovery snapshot is being copied to the OAM volume
Product-Group=junos
Memory corruption of a binary from /usr/bin/ or /usr/sbin/ directory can occur if such binary is invoked when a recovery snapshot creation is in progress. The exact symptoms will be different depending on the exact binary and JUNOS version - some programs will show an error, and some programs will crash every time it is executed. Such memory corruption will be persistent until the affected Routing Engine is restarted. Please refer to TSB17954 (https://kb.juniper.net/TSB17954) for further details.
PR Number Synopsis Category: TCP/UDP transport layer
1527246 During RE switchover the new master RE may suddenly crash
Product-Group=junos
Due to a rare problem in TCP socket replication between routing engines and md5 digest processing on the backup RE in NSR configuration, the new master RE may crash during RE switchover.
1595649 Junos OS: Upon receipt of specific sequences of genuine packets destined to the device the kernel will crash and restart (vmcore) (CVE-2021-0283, CVE-2021-0284)
Product-Group=junos
A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). Please refer to https://kb.juniper.net/JSA11200 for more information.
PR Number Synopsis Category: PTP related issues.
1575055 PTP might be stuck in Phase acquiring state after ISSU upgrade
Product-Group=junos
On MX platforms with MPC7/8/9/LC2101/LC2103 line cards or MX204/MX10003 platforms, PTP might fail and stuck in Phase acquiring state after an ISSU upgrade.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1593025 Multiple crashes with toe_interrupt_errors might be observed
Product-Group=junos
Multiple FPC crashes with toe_interrupt_errors might be observed when TOE memory read with parity err.
PR Number Synopsis Category: analyzer on QFX 5100,5200, 5110
1589579 When the deleted aggregated Ethernet interface is not getting deleted (mirror trunk group) in the hardware for the analyzer input aggregated Ethernet interface.
Product-Group=junos
When member interface from AE is deleted and if that AE interface is input to analyzer session, mirroring will continue to happen for the removed member interface also.
PR Number Synopsis Category: QFX L2 PFE
1597261 The interface might not be brought up when QinQ is configured
Product-Group=junos
The interface might not be brought up if Q-in-Q is configured on Broadcom chipset based QFX/EX platforms except EX2300 (The affected platforms: QFX3500/QFX3600/QFX5100/QFX5110/QFX5120/QFX5130/QFX5200/QFX5210/EX3400/EX4300/EX4600/EX4650).
PR Number Synopsis Category: QFX EVPN / VxLAN
1561588 Dcpfe process might crash on after committing EVPN-VXLAN profile configuration and ARP resolution may fail causing traffic issues.
Product-Group=junos
Dcpfe process might crash on after committing EVPN-VXLAN profile configuration and ARP resolution may fail causing traffic issues.
1582017 The traffic may not be load-balanced properly in an EVPN overlay-ecmp setup
Product-Group=junos
On QFX5100/QFX5110/QFX5120/QFX5130 and EX4300/EX4600/EX4650 devices with overlay-ecmp configuration for EVPN-VxLAN, the traffic might not get load-balanced correctly when multi traffic streams with different source address are sent across the fabric.
PR Number Synopsis Category: IPSEC functionality on M/MX/T ser
1557216 On the EX4300 device, script fails while committing the IPSec authentication configuration as the algorithm statement is missing.
Product-Group=junos
On all Junos platforms except MX/SRX with FIPS mode enabled, the manual IPsec functionality might not be working as no authentication algorithm is configurable for IPsec.
PR Number Synopsis Category: Issues with load balancing next hop for services SDG
1567568 TLB composite NH is installed incorrectly in other routing-instances
Product-Group=junos
On all MX platforms using MS-MIC/MS-MPC/MX-SPC3 service card with Traffic Load Balancer (TLB) used, TLB composite Next Hop is incorrectly installed in other routing-instances after traffic-dird daemon restart/RE restart/GRES, which might cause VIP routes missing so that TLB service will not function properly.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1569894 The mspmand process might crash if the packet flow-control issue occurs on MS-MPC/MS-MIC.
Product-Group=junos
In MX platforms with MS-MPC/MS-MIC scenario, the Packet Ordering Engine (POE) recovery operation will control the right packet descriptor of packet flow and detect jbuf (memory) leak. But, if some rare race conditions happen during this time, this kind of flow-control operation might cause the mspmand to crash. Then, MS-MPC/MS-MIC might restart.
PR Number Synopsis Category: SFW, CGNAT on MS-MIC/MS-MPC (XLP)
1574321 DS-Lite throughput degradation might be seen on MS-MPC
Product-Group=junos
On MX240, MX480, MX960, MX2008, MX2010 and MX2020 platforms with MS-MPC, when sending DS-Lite softwire session under heavy load in MS-MPC, throughput performance for DS-Lite in MS-MPC is dropped about 80 percent. Packets drop might be seen.
1593226 The TCP keepalive might not be processed by the private network host
Product-Group=junos
On MX platforms with MS-MPC and MS-MIC when tcp-tickle knob is enabled under services-options in DS-lite (Dual-Stack lite) with NAT scenario, the TCP keepalive might not be processed by the private network host and the purpose of TCP keepalive gets compromised.
PR Number Synopsis Category: MPC7/8/9 Interface Issues
1546704 The 40G or 100G interfaces might flap during ISSU if PTP is deactivated on the interfaces on MX/EX92 platforms
Product-Group=junos
On MX/EX92 platforms with MPC7/8/9 or similar chips, if PTP configuration was previously used and then deactivated for 40G or 100G interfaces, the interfaces might flap during ISSU.
PR Number Synopsis Category: Stout cards (MPC7, MPC8, MPC9) microkernel issues
1537869 Certain Linux based FPCs might reboot if TNP neighbor towards backup RE continuously flaps on dual-RE platforms
Product-Group=junos
On dual-RE platforms, if certain Linux based FPCs are installed, when TNP (Trivial Network Protocol) neighbor towards backup RE continuously flaps, FPC might reboot after GRES due to the TNP neighbor issue.
PR Number Synopsis Category: SRX-1RU platfom related protocol, QoS, filtering features et
1585698 The 1G interfaces might not come up after device reboot
Product-Group=junos
On SRX4600 devices, in some cases 1GbE SFP optical interfaces might not come up and disabling dfe tuning failed is displayed in the logs.
PR Number Synopsis Category: Trio pfe qos software
1553961 FPCs may go to "ISSU error" state post performing enhanced ISSU
Product-Group=junos
On the MX series platforms running 20.1R1 onwards, performing enhanced ISSU may cause FPCs (having xq or qx chip like MPC1/MPC2/MPC2E-NG/MPC3E-NG/MPC5E/MPC6E) to run into "ISSU error" state.
PR Number Synopsis Category: Trio pfe stateless firewall software
1598830 The service filter might get wrongly programmed in PFE due to a rare timing issue in enhanced subscriber management environment
Product-Group=junos
In enhanced subscriber management environment, if a service filter is applied to a dynamic service set, the service filter instance will be created on Packet Forwarding Engine (PFE) based on the configured service filter template. If the configured service filter template is changed at the same time a service filter instance is instantiated, the service filter might get wrongly programmed in PFE due to a rare timing issue. This issue could cause the service failure.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1571439 On all EX9200 platforms with EVPN-VXLAN configured, the next hop memory leak in MX Series ASIC happens whenever there is a route churn for remote MAC-IP entries learned bound to the IRB interface in EVPN-VXLAN routing instance. When the ASIC's next hop memory partition is exhausted, the FPC might reboot.
Product-Group=junos
On all EX9200 switches and MX Series routers with EVPN-VXLAN configured, the next hop memory leak in Trio ASIC happens whenever there is a route churn for remote MAC-IP entries learned bound to the IRB interface in the EVPN-VXLAN routing-instance. When the ASIC's next hop memory partition is exhausted (free next hop memory is close to 20% or below), the FPC might reboot.
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1569047 Traffic loss might be observed when SCU accounting is configured and logical-systems is enabled
Product-Group=junos
On all Junos platforms with logical-systems enabled, when a source class usage(SCU) policy is configured on the main system while not on the logical-system, and if the logical-system comes up, the associated destination route in the SCU policy might not be installed. As a result, traffic destined to or passing through this IP address might get dropped. The example configuration for SCU accounting is below: set interfaces x/x/x unit 0 family inet accounting source-class-usage input set interfaces x/x/x unit 0 family inet accounting source-class-usage output
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1484801 Any change in the nested groups might not be detected on commit and does not take effect
Product-Group=junos
On all Junos platforms, if a group is inserted to another group, any change of the inner level group might not come into effect.
PR Number Synopsis Category: PTX/QFX100002/8/16 platform software
1555386 The LCMD process might consume memory until all of the free memory available to VMHOST gets exhausted
Product-Group=junosvae
On PTX10K, MX10K, and QFX10K (exception: MX10003, PTX10001, PTX10002, QFX10002, any Junos-EVO system are NOT affected), when the Linux Chassis Manager (LCMD) polls PSMs (Power Supply Modules), the memory used for that polling does not get freed. The amount of memory not being freed depends on the number of sensors (FPCs and PICs) installed in the chassis. The LCMD process will continue to consume memory until all of the free memory available to VMHOST has been exhausted. At that point, the LCMD restarts causing the Routing Engine's mastership switchover. (Please also see https://kb.juniper.net/TSB18061 for more details.)
PR Number Synopsis Category: virtualized services card (vMS-MPC)
1568694 SPC3 card interfaces are not created
Product-Group=junos
On MX, when plugged SPC3 card in the device, there is no SPC3 card interfaces created, and the related Next Gen Services may fail.
PR Number Synopsis Category: Virtual Router Redundancy Protocol
1578126 ARP resolution failure might occur during VRRP failover
Product-Group=junos
On Junos platforms with VRRP failover-delay configured, changing VRRP mastership might cause peer device to re-learn VIP ARP entry on old master interface due to timing issue.
 

19.3R3-S3 - List of Known issues

PR Number Synopsis Category: Firewall Filter
1514141 The system-generated name of the resulting concatenated filter from firewall filter list is same for different families
Product-Group=junos
The system-generated name of the concatenated filter from the firewall filter list is the same for different families. This will not cause any issue on CLI. However, if the firewall filter telemetry data is streamed via Junos Telemetry Interface (JTI), it might cause confusion on collector side because the firewall filter list for different families will be treated as one filter. In particular, if firewall filters having same firewall filter counter (or policer) name are used in firewall filter list for different families, the incorrect statistics might be seen on collector because the firewall filter counter (or policer) name for different families cannot be distinguished on collector side.
1528403 Junos OS: User-defined ARP Policer isn't applied on Aggregated Ethernet (AE) interface until firewall process is restarted (CVE-2021-0289)
Product-Group=junos
When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer. Please refer to https://kb.juniper.net/JSA11191 for more information.
PR Number Synopsis Category: Layer 3 forwarding, both v4+v6
1380145 On the ACX5448 router, latency is observed for the host-generated ICMP traffic.
Product-Group=junos
This ping latency behavior is expected for host generated ICMP traffic due to the design of PFE queue polling the packets from ASIC. lab@jtac-acx5448> ping 10.0.0.4 PING 10.0.0.4 (10.0.0.4): 56 data bytes 64 bytes from 10.0.0.4: icmp_seq=0 ttl=63 time=8.994 ms 64 bytes from 10.0.0.4: icmp_seq=1 ttl=63 time=49.370 ms 64 bytes from 10.0.0.4: icmp_seq=2 ttl=63 time=47.348 ms 64 bytes from 10.0.0.4: icmp_seq=3 ttl=63 time=45.411 ms <<< 64 bytes from 10.0.0.4: icmp_seq=4 ttl=63 time=106.449 ms <<< 64 bytes from 10.0.0.4: icmp_seq=5 ttl=63 time=79.697 ms <<< 64 bytes from 10.0.0.4: icmp_seq=6 ttl=63 time=37.489 ms <<< 64 bytes from 10.0.0.4: icmp_seq=7 ttl=63 time=31.436 ms << 64 bytes from 10.0.0.4: icmp_seq=8 ttl=63 time=35.460 ms << 64 bytes from 10.0.0.4: icmp_seq=9 ttl=63 time=77.198 ms << ^C --- 10.0.0.4 ping statistics --- 10 packets transmitted, 10 packets received, 0% packet loss round-trip min/avg/max/stddev = 8.994/51.885/106.449/26.824 ms
PR Number Synopsis Category: track re issu control procedure bugs
1588636 Repd (replication daemon) core might be seen after ISSU upgrade
Product-Group=junos
On SRX platforms after performing an ISSU system upgrade from release A to Release B, the repd core might be seen on the primary node/master RE. There is a traffic loss of around 1 sec for the entire ISSU upgrade.
PR Number Synopsis Category: Multiprotocol Label Switching
1598207 Sometimes MPLS LSP may go down due to a timing issue when a protected link goes down
Product-Group=junos
When a protected link goes down, MPLS gets tunnel local repair message from RSVP and trigger CSPF computation. Next, MPLS gets link protection information through RRO notification. If MPLS receives TED notification first before RRO notification, then CSPF computation fails. Since the link protection flag is not set, MPLS thinks it is an unprotected link and brings down the LSP.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1594030 Packet drop might occur in ECMP next-hop flap scenario
Product-Group=junos
On all Broadcom based platforms, ECMP next-hop flaps or MTU size changes may result in the route pointing to 100004 on PFE level. When this issue happens any packet/traffic hitting this route may get dropped silently.
PR Number Synopsis Category: Resource Reservation Protocol
1576979 With the local reversion on, there is a possibility of the transit router not informing the headend of RSVP disabled link when the link flaps more than once.
Product-Group=junos
With local reversion ON, there is a possibility of transit router not informing headend of RSVP disabled link when link is flapped more than once. Work around is to remove local-reversion configuration.
PR Number Synopsis Category: ZT/YT pfe l3 forwarding issues
1586057 Unicast traffic over IRB interface may be wrongly routed due to stale PFE programming
Product-Group=junos
Traffic entering or leaving MPC10 may be wrongly routed due to stale PFE programming
PR Number Synopsis Category: Trio pfe stateless firewall software
1487937 loss of traffic on switchover when using filter applied on IFL
Product-Group=junos
Due to software implementation firewall filter is re-applied duration graceful switchover (GRES). This may lead to short disruption during when the filter is not applied provoking side effects like drop of traffic.
 
Modification History:
First publication date 2021-07-25
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search