Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

20.1R3-S1: Software Release Notification for JUNOS Software Version 20.1R3-S1

0

0

Article ID: TSB18160 TECHNICAL_BULLETINS Last Updated: 03 Sep 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 20.1R3-S1 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Risk Risk Description
Low/Notification - No defined time impact to take action Software Release Notification
Impact Impact Description
Medium - Risk of service interruption Software Release Notification

Solution:

Junos Software service Release version 20.1R3-S1 is now available.

20.1R3-S1 - List of Fixed issues

PR Number Synopsis Category: EX4300 PFE
1515234 DHCP binding does not happen after GRES.
Product-Group=junosvae
After GRES, interfaces may flap due to which DHCP bindings may be lost.
1595797 The Egress RACL Firewall filter might not get programmed correctly on EX4300 platforms
Product-Group=junos
On EX4300 platforms, the Egress RACL(Routed ACLs) Firewall filter might not get programmed correctly, if there is any modification made in the filter which is already attached to an interface and it is the only filter in the group. The traffic through the interface will be impacted.
1597548 Broadcast traffic might be discarded when a firewall filter is applied to the loopback interface
Product-Group=junos
On EX4300 platforms, when a firewall filter for broadcast traffic with discard action policer is applied to the loopback interface, all broadcast packets (including Layer 2 forwarding packets, such as DHCP discover packets) that match this filter rule might be dropped.
1598251 VLAN tagged traffic might be dropped with service provider style configuration
Product-Group=junos
On EX4300 platforms with both enterprise style and service provider style configurations, an interface with enterprise style IFL and flexible-vlan-tagging configured, VLAN tagged traffic might be dropped due to incorrect programming in the system.
1601005 The VRRP packets might not be forwarded when "mac-move-limit" knob is configured
Product-Group=junos
On EX4300 platforms, if the device worked as a layer 2 transit switch between VRRP routers and the knob "mac-move-limit" is configured, the VRRP packets might not be forwarded after clearing ethernet-switching table.
1602399 Adding ae configuration without child member may cause MAC/ARP learning issues
Product-Group=junos
On EX4300 series platforms, addition of no child lag into VSTP/RSTP instance with VSTP being disabled for all other ports in the same VLAN may cause traffic loss on ports which are part of the VLAN.
PR Number Synopsis Category: EX4300 Filters implementation
1578859 The dcpfe crash is observed on Junos QFX/EX platforms
Product-Group=junos
On Junos QFX/EX platforms, the dcpfe crash may be seen. This is due to the interface flaps that on which a large number of mac-based VLAN clients registered. When it happens, the dcpfe crash, and the PFE(Packet Forwarding Engine) will restart, then all the traffic related to the PFE may be dropped. After that, the PFE could be self-recovery.
PR Number Synopsis Category: EX2300/3400 PFE
1576715 Protocol convergence between end nodes might fail when L2PT is enabled on transit switch
Product-Group=junos
In a Q-in-Q setup, when Layer2 Protocol Tunneling (L2PT) is enabled on a transit switch then protocol convergence between end nodes might fail and packets might be dropped. This leads to packets loss finally.
1594353 Storm control profile might not be applied on EX2300 platforms
Product-Group=junos
On EX2300 platforms, storm control profile might not be applied hence there might be CPU high usage or packets loss issues on the device if there is large amount of broadcast or unknown unicast packets arriving the device.
1598346 The backup VC member may not learn mac-address on a master after removing a VLAN unit from the SP style AE interface which is part of multiple VLAN units
Product-Group=junos
On EX2300/3400/4300MP/4400 and QFX5100/5110/5200 VC platforms, if removing a VLAN unit from the SP style AE interface which is part of multiple VLAN units, the backup member might not learn mac-address on a master and start processing packet to that mac as unknown unicast. In this case, flooding will happen in the VLAN which might cause traffic loss due to the limited bandwidth.
PR Number Synopsis Category: NFX Layer 2 Features Software
1592019 Unable to configure ports on firewall filter of NFX devices
Product-Group=junos
On NFX platforms, commit error may be seen when configuring firewall filter with destination-port and/or source-port match conditions for ethernet-switching family
PR Number Synopsis Category: QFX PFE CoS
1585361 DSCP classifier might not work properly on QFX5K platforms
Product-Group=junos
On QFX5K platforms, if L3 interface with more than one IFLs is deleted and re-configured with a custom classifier, the queue classification based on DSCP(Differentiated Services Code Point) might not work properly and traffic might take the best-effort queue which could impact the traffic.
PR Number Synopsis Category: QFX PFE L2
1582473 MAC addresses learnt from the MC-LAG client device might keep flapping between the ICL interface and MC-AE interface after one child link in the MC-AE interface is disabled.
Product-Group=junos
On QFX/EX series products using Broadcom chip based PFE (i.e., QFX3500/QFX3600/QFX5100/QFX5110/QFX5120/QFX5200/QFX5210/EX4300/EX4600/EX4650), if Multichassis link aggregation group (MC-LAG) is configured, and the interchassis link (ICL) interface is a physical interface instead of an aggregated Ethernet (AE) interface, after one of the child links in Multichassis Aggregated Ethernet (MC-AE) interface on one of MC-LAG peers is disabled, the MAC addresses learnt from MC-LAG client device might keep flapping between the ICL interface and MC-AE interface. It could cause traffic drop when MAC addresses are learnt on ICL interface. This issue is only exposed in Junos release having the code change in PR 1504586 (which is fixed in Junos: 17.3R3-S9 17.4R3-S3 18.1R3-S11 18.2R3-S6 18.3R3-S3 18.4R2-S6 18.4R3-S6 19.1R3-S2 19.2R3 19.3R3 19.4R3 20.1R2 20.2R2 20.3R1 20.3X75-D10 20.4R1) but not having fix of PR 1582473.
PR Number Synopsis Category: L2NG bug tracking
1582989 The srxpfe process might crash on SRX1500
Product-Group=junos
On SRX1500 platforms with AE interface configured, if the IRB interface is also configured and enabled, the srxpfe process might crash.
PR Number Synopsis Category: Accounting Profile
1521223 Logical interface statistcs for as(aggregated sonet) are displayed double value then expected.
Product-Group=junos
On MX series with Junos 16.2 or later version, when using as(aggregated sonet) interface, logical interface statistcs for member links of as interface are displayed double value then expected
PR Number Synopsis Category: "agentd" software daemon
1587956 The na-grpc process crash might be seen and existing telemetry connections will be disconnected
Product-Group=junos
On all Junos and EVO platforms, when there is a congestion on the link where telemetry streams are connected, then in a race conditions, there can be na-grpcd core and telemetry service will be impacted as na-grpcd will take a minute to come back online.
PR Number Synopsis Category: MPC Fusion SW
1586403 Traffic drop after enabling flexible-queuing-mode on MPC2E linecards
Product-Group=junos
MPC2E NG PQ & Flex Q with MACsec dropping 50 percent of traffic after enabling flexible-queuing-mode on both 1G and 10G.Changed the port speed for MACSEC MIC from 1G to 10G to increase the XQIF queue size to 32. On MX platform with MPC2E NG line cards and MACSEC MIC, traffic drop of about 50 percent may be seen when flexible-queueing-mode is enabled and a traffic is sent at the rate of more than 5Gbps.
1602939 The PFE might be disabled by a detected major CMERROR event while ungracefully removing the MIC from MPC2E-3D-NG/MPC3E--3D-NG
Product-Group=junos
On MPC2E-3D-NG/MPC3E--3D-NG with the certain chipset based MIC (like 20x1G MIC and 2x10G MIC), the PFE may be disabled while ungracefully removing the MIC from the MPC (e.g. without taking the MIC offline from CLI or with a MIC button).
PR Number Synopsis Category: BBE dynamic profile related issues
1587792 The bbe-smgd might crash if the staled ACI based subscribers are not cleaned up properly
Product-Group=junos
In the BBE based with ACI (Agent Circuit Identifier) VLAN Interface Sets scenario, the ACI VLAN ifl/iflset pointer should be freed properly after performing the clean-up operation of the subscriber sessions (e.g. logging out the subscribers, and so on). But, in some corner cases, if the ACI VLAN ifl/iflset pointer gets freed well before performing the clean-up operation, it might become the invalid one in the system. Then the bbe-smgd might crash since the subscriber sessions try to access this kind of invalid pointer.
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1522261 BFD with authentication for BGP flaps after GRES or NSR switchover on the NG-RE and SCBE2 setup.
Product-Group=junos
On the devices with NG-RE (Next Generation Routing Engine) and SCBE2 (Enhanced Switch Control Board), when BFD authentication for BGP is enabled, the BFD may flap after the NG-RE switchover. The switchover should be GRES or NSR switchover. After the flap, the device could be self recovery.
PR Number Synopsis Category: Border Gateway Protocol
1581578 BGP replication might be stuck in rare and timing conditions
Product-Group=junos
On all platforms with dual Routing Engines running Junos OS or Junos OS Evolved, BGP Nonstop-Routing replication might be stuck in a rare and timing case. BGP session(s) on the primary Routing Engine are stuck in "SoWait" state, and BGP session(s) on the backup Routing Engine cannot sync with the primary Routing Engine. From the BGP peer side, the BGP session(s) will break after hold-time expiry (90 seconds by default). This defect could be seen after the following series of events happen. * BGP NSR replication starts while primary Routing Engine (BGP session) is busy reading packets (i.e. protocol data unit). * Primary Routing Engine (BGP session) requests to stop reading at PDU boundary. * While BGP session on primary Routing Engine is waiting to read complete packet (remaining bytes), the TCP sync connection (between primary and backup BGP) flaps (i.e., PDU boundary is NOT read before the flap).
1582506 The rpd crash may be seen if next-hop self is used without using extended-nexthop and the routing table has IPv4 routes with IPv6 nexthops
Product-Group=junos
On all Junos and Junos EVO platforms, if "extended-nexthop" is used in BGP scenario, an IPv4 route with IPv6 next-hop may be received, when this route is advertised to a peer without "extended-nexthop" enabled, and if next-hop self export policy is configured towards the peer, the rpd might crash, and the rpd might not start after multiple coredumps.
1589141 The rpd might crash in BGP multipath scenario if interface for a single hop EBGP peer goes down
Product-Group=junos
In BGP multipath scenario, if an interface for a single hop EBGP peer goes down, the rpd might crash on the backup RE. If NSR switchover is performed, the rpd crash might be observed on the newly master RE, hence there may be traffic impact.
1592123 The rpd crash might be seen if BGP peer flaps
Product-Group=junos
On all Junos platforms, when a BGP peer flaps, if the received routes are changed by the BGP process from active to inactive while cleaning up these received routes, the rpd crash might be seen.
1592550 The traffic might get blackholed or forwarded through not-best path in BGP setup
Product-Group=junos
On all Junos and EVO platforms, the traffic might get blackholed or forwarded through not-best path when an iBGP route (that by default uses indirect nexthop) is forced to use 'discard' (or some other non-indirect) nexthop through policy by matching some specific BGP attribute (example, a specific community) and later when the iBGP route is updated (for example, remove the specific community) so that it transitions to use indirect nexthop.
PR Number Synopsis Category: Virtual-chassis platform/chassisd infrastructure PRs for MX
1569556 JDI-RCT:M/Mx: not able to set member-id as RE is in synching mode forever when its having invalid VC data( error: Command aborted. VC configuration synch to backup RE in progress, try after 120 secs. )
Product-Group=junos
New SCB cards may have uninitialized VC Data Blocks, preventing setting the member-id when configuring as a MX-VC for the first time.
PR Number Synopsis Category: Class of service in forwarding daemon
1599857 Traffic loss might be observed if per-unit-scheduler is configured on AE interface
Product-Group=junos
On all Junos platforms with per-unit-scheduler support, when per-unit-scheduler is configured on AE interface, after cosd restart or NSR switchover, unbind/bind of scheduler over child interface of AE might occur. In NSR switchover scenario, traffic loss may be seen.
PR Number Synopsis Category: QFX Access Control related
1574480 Private VLAN configuration might fail in certain scenario
Product-Group=junos
On all Junos platforms if 802.1X authentication is configured globally using the set protocol dot1x interface all command and if trunk interface is configured with vlans then Private VLAN configuration might fail.
1587837 Process dot1xd crash might be seen and re-authentication may be needed on EX9208 platform
Product-Group=junos
On EX9208 platform with fusion scenario where around 30,000 mac-radius authenticated sessions are established, process dot1xd might crash and the users may need to have re-authentication due to relevant memory not getting freed when dot1x is deleted on any interface, which causes a memory leak and leads the crash.
PR Number Synopsis Category: QFX Control Plane VXLAN
1584595 MAC address of the end-host is wrongly programmed in forwarding table after ESI failover
Product-Group=junos
End-hosts might not communicate via Ethernet VPN with Virtual Extensible LAN encapsulation (EVPN-VxLAN) domain after Ethernet Segment Identifier (ESI) failover. This issue affects QFX5000 platforms only. Please refer to restoration steps when this issue is encountered.
PR Number Synopsis Category: QFX xSTP Control Plane related
1592264 xSTP might not get configured when enabled on a interface with SP style configuration on all platforms
Product-Group=junos
On all Junos and EVO platforms, if xSTP is enabled on interface with service provider(SP) style configuration and the interface has multiple IFLs(units) each having different families then xSTP might not be configured on the interface and commit might fail with the following error message: "XSTP : Interface <> is not enabled for Ethernet Switching"
PR Number Synopsis Category: Device Configuration Daemon
1591032 The dcd process crash might be observed after removing AE IFL from the targeted distribution database
Product-Group=junos
On the MX platforms, the dcd internal data structure of the distribution bundle might get corrupt after removing the AE IFL (logical interface) of members of a targeted IFLset (logical interface set) from the targeted distribution database. Later the dcd process will crash when it accesses the corrupted entry.
1601566 The dcd process might crash and FPC might be stuck in ready state on MX platforms
Product-Group=junos
On MX platforms in Junos Fusion scenario, if targeted-distribution is configured for AE/vlan-demux/PPPoE interfaces whose underlying legs are on FPC numbers greater than 32 (for ex: ge-101/0/0) then the dcd process might crash and FPC might be stuck in ready state.
1602656 The AE interface might flap upon configuration changes
Product-Group=junos
On Junos Fusion system with MX/EX as Aggregation Devices, the 100G AE interfaces might flap upon unrelated configuration changes.
1608281 Memory leak on dcd process occurs when committing configuration changes on any interfaces in a setup with AMS interface configured
Product-Group=junos
With aggregated multiservices interface (AMS) configured, the memory leak on dcd daemon occurs when making configuration changes on any interface. The leak rate is slow and depends on the scale of the IFLs on AMS interfaces (e.g. if there are 8 AMS physical interfaces with 8000 logical interfaces, the leak is about 5MB on each commit), which may lead to dcd crash.
PR Number Synopsis Category: Firewall Filter
1514141 The system-generated name of the resulting concatenated filter from firewall filter list is same for different families
Product-Group=junos
The system-generated name of the concatenated filter from the firewall filter list is the same for different families. This will not cause any issue on CLI. However, if the firewall filter telemetry data is streamed via Junos Telemetry Interface (JTI), it might cause confusion on collector side because the firewall filter list for different families will be treated as one filter. In particular, if firewall filters having same firewall filter counter (or policer) name are used in firewall filter list for different families, the incorrect statistics might be seen on collector because the firewall filter counter (or policer) name for different families cannot be distinguished on collector side.
1601761 The snmpwalk may not get polling the mib for some IFLs
Product-Group=junos
On Junos and Junos Evolved platforms, the snmpwalk may not work for some IFLs if the interface filter name is the same for input list filters.
PR Number Synopsis Category: ACX LAG infrastructure
1589168 Traffic might get forwarded through the member links in down state after new member links are added to AE interface on ACX710/ACX5400
Product-Group=junos
On ACX5400 (i.e., ACX5448/ACX5448-D/ACX5448-M) and ACX710 Universal Metro Routers, if some existing member links within an aggregated Ethernet (AE) interface are in down state, after adding new member links into the AE interface, traffic might get forwarded through the member links in down state and cause traffic drop.
PR Number Synopsis Category: Covers Application classification workflows apart from custo
1573157 The srxpfe/flowd process might crash when Sky-ATP is used
Product-Group=junos
On all SRX Series devices with Sky-ATP used, the srxpfe/flowd process might crash. This issue happens only if the RTCOM session also ends up being processed by JDPI due to policy. Note, RTCOM is used by UTM, RTlog (Security log), and SkyATP services. And, Juniper Networks Deep Packet Inspection (JDPI) module (Decoder) is used by AppSecure services, APBR, SecIntel, etc.
PR Number Synopsis Category: Junos Evolved socket replication
1558814 EVO-NSR: BGP NSR : RPD Core seen after RE switchover
Product-Group=junos
The core is seen when "traceoptions" config is enabled with high scale, and routing is restarted/exiting with the knob being set.
PR Number Synopsis Category: EVPN control plane issues
1594326 Transit Traffic gets dropped post disabling one of the PE-CE link on a remote Multi-Home PE in EVPN-MPLS A-A setup with Dynamic-List NextHop configured
Product-Group=junos
In an EVPN A/A ESI multihoming scenario with dynamic list next hop (DLNH)configured,when one of the multihomed CE-PE links goes down on remote MH-PEs, then traffic loss might be seen.
1597300 Traffic loss might be seen if AE bundle interface with ESI is disabled on master RE followed by a RE switchover
Product-Group=junos
On all Junos platforms traffic loss might be seen if AE bundle interface with ESI is disabled on master RE followed by a RE switchover.
PR Number Synopsis Category: EX Chassis chassism/chassisd
1556558 FPC with power related faults might get on-lined again once Fabric Healing has off-lined the FPC
Product-Group=junos
In rare cases of power related failures on the FPC, Fabric Healing will detect and try to heal this fault condition by performing an offline/online FPC event. If the same FPC fails again within 10 minute period, fabric auto-healing attempt is considered failing and the FPC will get off-lined to avoid further operational impact. If during the power offline event, the faulty FPC gets disconnected ungracefully due to the hardware power fault, the FPC might attempt an on-lined request again after 5 minutes. There may be traffic impact due to this issue.
PR Number Synopsis Category: EX4400 PFE software
1603015 On EX4400 dot1x authentication may not work on EVPN/xlan enabled endpoints.
Product-Group=junos
On EX4400 dot1x authentication may not work on EVPN/xlan enabled endpoints. The issue is due to EAPOL packets received on VxLAN ports are not processed in hostpath.
PR Number Synopsis Category: Express pfe Mclag
1594573 The existing ECMP route traffic may be dropped if configuring a static ECMP route with the same number of next-hops as the existing ECMP route
Product-Group=junos
If a static ECMP route is configured with the same number of next-hops as the existing ECMP route and each member's next-hop is reachable over the same IRB as the existing route, the existing ECMP route traffic might be dropped.
PR Number Synopsis Category: Express PFE MPLS Features
1508644 Traffic loss may be observed in a MPLS scenario
Product-Group=junos
when a route resolves over a comp NH and its target NH is also resolves over another comp NH, the order of labels pushed may not be correct.
PR Number Synopsis Category: IDP attack detection in the subscriber qmodules
1598867 Custom attack IDP policies might fail to compile
Product-Group=junos
On SRX-Series devices, custom attack IDP policies might fail to apply and compile.
PR Number Synopsis Category: IDP policy
1599954 IDP policy compilation is not happening when a commit check is issued prior to a commit
Product-Group=junos
On SRX platforms, IDP policy compilation is not loaded when a commit check command is run before commit command.
1601380 The srxpfe might crash while the IDP security package contains a new detector
Product-Group=junos
On all SRX platforms, the srxpfe process might crash and generate a core dump while installing the IDP security package which has the new detector version.
PR Number Synopsis Category: IDP SSL related bugs
1513335 Traffic might not pass when SSL and IDP configuration is enabled on SRX platforms
Product-Group=junos
On SRX platforms, traffic might not pass due to global memory overflow in IDP (Intrusion Detection and Prevention) when SSL (secure sockets layer) and IDP configuration is enabled.
PR Number Synopsis Category: Kernel software for AE/AS/Container
1592456 RE kernel might crash due to IFL of aggregated interface adding failure in Junos kernel
Product-Group=junos
In a rare case, the logical interface (IFL) of aggregated interface (e.g., AE, RLT, RVT, AF, AMS, RLSQ interface etc.) might fail to be added to Junos kernel. In this case, the RE kernel might crash with vmcore file generated. The IFL of aggregated interface adding failure in Junos kernel could happen in cases like failure of multicast filter list initialization or DCD sending an invalid vlan-id or memory allocation error etc.
PR Number Synopsis Category: Integrated Routing & Bridging (IRB) module
1565213 The new master RE post switchover might go into DB mode (or crash) on EX platforms
Product-Group=junos
On EX and EX-VC platforms, if post routing engine switchover, MAC address is configured to IRB interface (for ex: set interface irb.500 mac 00:11:22:33:44:55) on new master RE, then the new master RE might crash or go into DB mode.
PR Number Synopsis Category: jdhcpd daemon
1590421 The DHCP ALQ Queue may get stuck causing subscriber flap
Product-Group=junos
On MX platforms with DHCP ALQ, the ALQ(Active Lease Query) TCP Queue may get stuck. This may cause the subscribers from Backup BNG(Broadband Network Gateway) not to be able to sync with Master BNG and eventually causing the subscribers in Master to start going down and result in a major outage.
1594371 jdhcpd core dump post Junos upgrade to 18.4R3-S4.2
Product-Group=junos
Post Junos upgrade to 18.4R3-S4.2, sometimes jdhcpd core dump can be observed with dhcp process restarts and there's no service impacts.
PR Number Synopsis Category: JFlow bug tracker for SRX platforms
1463689 The flowd might coredump frequently on SRX340
Product-Group=junos
On an SRX340 device with J-Flow version 9 configured, the flowd process might generate core files frequently when the device is busy.
PR Number Synopsis Category: Health-Monitoring related issues
1570526 The jinsightd process might be stuck with high CPU process utilization
Product-Group=junos
On the MX/PTX Series platforms, the jinsightd process might be stuck with high CPU process utilization if the services jinsightd is enabled in the Junos Telemetry Interface (JTI) scenario.
PR Number Synopsis Category: Application aware Quality-of-Service
1597875 The flowd core may be seen if the AppQOS module receiving two packets of a session
Product-Group=junos
On SRX platforms, during the parallel processing of packets of a session by the AppQOS module, the AppQOS module doesn't handle this properly and result in flowd core which impacts all services.
PR Number Synopsis Category: High Availability/NSRP/VRRP
1591559 Security policies might not be synced to all PFEs (Packet Forwarding Engine) post upgrade
Product-Group=junos
On SRX-Series devices configured in chassis-cluster, after ISSU (in-service software upgrade) when there is any policy or ipid related events/config change, the security policies might not sync to all the PFEs.
PR Number Synopsis Category: JSR Infrastructure
1555904 SPC3 might not come up after the system reboot
Product-Group=junos
On SRX-Series devices with SPC3, after the system reboot SPC3 might not come up.
PR Number Synopsis Category: Firewall Policy
1539980 The dns-name can't be resolved if customer-defined routing instance is configured under name-server
Product-Group=junos
On all SRX platforms, dns-name entries in policies might not be resolved if the routing instance is configured under a system name server.
PR Number Synopsis Category: IPSEC/IKE VPN
1574717 IKEv2 soft-lifetime timer might expire later than expected time
Product-Group=junos
On SRX-Series devices running new-iked, the soft-lifetime timer might expire later than expected time.
1586324 Memory leaks on the iked process on SRX5000 Series with SRX5K-SPC3 installed
Product-Group=junos
On SRX5000 Series with SRX5K-SPC3 installed, when IPsec VPN is configured, memory leaks might occur on the iked process.
PR Number Synopsis Category: Security platform jweb support
1592021 Junos OS: J-Web allows a locally authenticated attacker to escalate their privileges to root. (CVE-2021-0278)
Product-Group=junos
An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated attacker to escalate their privileges to root over the target device. Please refer to https://kb.juniper.net/JSA11182 for more information.
1602228 J-web application might crash with httpd core-dumps
Product-Group=junos
On SRX-Series devices, the J-web application might crash and generate httpd core-dumps when "set system no-compress-configuration-files" is configured.
1603993 Radius users might not be able to view/modify configuration via J-web
Product-Group=junos
On SRX-Series devices, when Radius server is used for authentication with login-class "Juniper-Local-User-Name" then users might not be able to view/modify configuration via J-web.
1604929 On all SRX platforms, some widgets in JWeb might not load properly for logical systems users
Product-Group=junos
On all SRX platforms, some widgets in JWeb might not load properly for logical systems users
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1568130 MAC addresses may not be installed in the EVPN MAC table due to route churn
Product-Group=junos
In an EVPN-MPLS scenario, MAC addresses may not be installed in the EVPN MAC table even though a valid type-2 route is present post route churn (e.g., BGP session flap).
PR Number Synopsis Category: Label Distribution Protocol
1598174 The LDP replication session might not get synchronized when dual-transport is enabled
Product-Group=junos
On all Junos platforms with NSR configured, when "dual-tranport" is configured under protocols ldp and the inet-lsr-id/inet6-lsr-id is different from the router-id, the Label Distribution Protocol (LDP) replication session might not get synchronized and causing traffic loss during RE switchover.
1601854 VPLS connection might get down if knob "dual-transport" is configured
Product-Group=junos
On all Junos platforms with NSR configured, if knob "dual-transport" is configured under "protocols ldp" and the inet-lsr-id/inet6-lsr-id is different from the router-id, VPLS connection on peer device might get down and traffic loss would occur during RE switchover.
PR Number Synopsis Category: Port-based link layer security services and protocols that a
1596755 Traffic loss might happen periodically in MACsec used setup if RE is working under a pressure situation
Product-Group=junos
On MX10003 platform with MACsec used scenario, traffic loss might happen periodically if RE is working under a pressure situation (rpd memory occupied around larger than 70%), which may cause the message of Secure Association Key (SAK) of MACsec to be vetoed by kernel that causes one of pair (RX/TX) Secure Association (SA) number missing. Moreover, the missing SA number is still available in the system, so whenever SA number is rollover to it (SA number is rollover between 0 to 3 ), traffic loss might happen due to invalid SA pair.
PR Number Synopsis Category: Multicast for L3VPNs
1537636 selective multicast tunnel(S-PMSI) to fails to come up due to incorrect community
Product-Group=junos
On all platforms with NG-MVPN setup, multicast traffic loss might happen due to the incorrect community used if MVPN is working in Inter-AS Option-C. This is because that the Receivers attached PE use the received Protocol NH of the Type-3 Leaf AD route as the community of its generated Type-4 AD route instead of the loopback IP. ( Only Option-C is affected, any others work fine )
PR Number Synopsis Category: MX10K platform
1490749 FPC went offline and dumped core when the PIC was offlined via CLI
Product-Group=junos
The QSFP based ports gets corrupted, due to SFPP detach procedure call for all ports on PIC while destroying ports for PIC offline. It seems the device was designed to be such that when destroying one port or QSFP, it ends up QSFP destroy for all ports.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1551193 VM might crash if file is shared between host operating system and guest operating system using virtFS
Product-Group=junos
On Virtual Machines (VM) based platforms running Junos images, file might not be shared between host operating system and guest operating system via Virtual Filesystem (virtFS). When this issue happens, device might be restarted.
1563647 Memory corruption of any binary in /usr/bin/ or /usr/sbin/ may be triggered when a recovery snapshot is being copied to the OAM volume or system while it's in heavily stressed condition.
Product-Group=junos
Memory corruption of a binary from /usr/bin/ or /usr/sbin/ directory can occur if such binary is invoked when a recovery snapshot creation is in progress. The exact symptoms will be different depending on the exact binary and JUNOS version - some programs will show an error, and some programs will crash every time it is executed. Such memory corruption will be persistent until the affected Routing Engine is restarted. Please refer to TSB17954 (https://kb.juniper.net/TSB17954) for further details. In addition to recovery snapshot, a device reboot could also be a possible trigger when the system is under heavier read operations across the mounted packages.
PR Number Synopsis Category: TCP/UDP transport layer
1557881 Junos OS: Upon receipt of specific sequences of genuine packets destined to the device the kernel will crash and restart (vmcore) (CVE-2021-0283, CVE-2021-0284)
Product-Group=junos
A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). Please refer to https://kb.juniper.net/JSA11200 for more information.
1595649 Junos OS: Upon receipt of specific sequences of genuine packets destined to the device the kernel will crash and restart (vmcore) (CVE-2021-0283, CVE-2021-0284)
Product-Group=junos
A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). Please refer to https://kb.juniper.net/JSA11200 for more information.
PR Number Synopsis Category: OSPF routing protocol
1592424 The remote LFA (loop-free-alternate) backup path might not be formed
Product-Group=junos
With OSPF remote LFA feature enabled, when ABR (area border router) with the primary interface and the secondary interface are in different OSPF areas, if the secondary interface is supposed to be chosen as part of the Remote-LFA path then the remote LFA backup path might not be formed.
1601187 The rpd process might be stuck at 100% in OSPFv3 scenario
Product-Group=junos
On all Junos and Evo platforms with OSPFv3 (Open Shortest Path First version 3) used, if there are multiple Router LSAs (Link-State Advertisement) from the same peer, the rpd process might be stuck at 100% during the Router LSAs update.
PR Number Synopsis Category: Express Chip L3 software
1593244 BFD session might flap during RE switchover
Product-Group=junos
On QFX10K platforms with GRES/NSR enabled, BFD session might flap during RE switchover. This issue has service impact.
PR Number Synopsis Category: PTP related issues.
1499815 Announce messages are transmitted out at the rate of 1pps instead of 8pps on PTP master port with G.8275.1 profile
Product-Group=junos
With G.8275.1 profile, when the PTP stream 4 is deleted/deactivated/disabled, the announce rate of all master ports of the same slot reduces from 8 pps to 1 pps thereby impacting downstream clients. Deactivate and activate PTP configuration to recover from the issue.
1592657 Using the BITS interface from backup RE for clock recovery might not work
Product-Group=junos
On MX platforms with dual Routing Engine (REs), with Graceful Routing Engine Switchover (GRES) enabled and in Precision Time Protocol (PTP) Hybrid mode, if using the building-integrated timing supply (BITS) interface from backup RE for clock recovery, that will not work.
PR Number Synopsis Category: QFX platform fabric mgmt for Express ASIC chip
1577315 The port might not get brought down immediately during some abnormal type of linecard reboot on QFX10K platforms
Product-Group=junos
On QFX10K platforms, if some system internal error is encountered (e.g. kernel software fault), it may result into some abnormal types of linecard reboot. The port might not get brought down immediately after the reboot start, and it will lead to traffic blackhole due to this issue.
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1548267 The 40GbE interface might be channelized after restarting the Virtual Chassis member.
Product-Group=junosvae
On QFX Series switches in a Virtual Chassis, if one Virtual Chassis member has a 40GbE channelized port, and the same port number interface in another Virtual Chassis member is non-channelized and has a fiber connection, the non-channelized interface will also be channelized after the Virtual Chassis member restarts. This might result in traffic loss on this interface.
1582105 Some 40G ports may not be channelized successfully on the QFX5100 platforms
Product-Group=junos
On the QFX5100 platforms, some 40G ports may not be channelized successfully and may stay down after upgrading host OS along with Junos OS using ZTP or doing manually via CLI.
PR Number Synopsis Category: QFX access control list
1583440 Firewall filter not programmed after deleting a large filter and adding a new one in a single commit on QFX5K platforms
Product-Group=junos
On QFX5k platforms, if a large filter that is applied to one or more interfaces is deleted and another large filter is applied in a single commit, both filters need to exist at the same time in Ternary Content-Addressable Memory (TCAM) for a brief period. If the size of both filters combined is bigger than the available TCAM space, the second filter will not be programmed in hardware, and functionality expected from the filters will not be available. This is a hardware limitation and this software fix only adds additional syslogs to indicate that the firewall is not programmed.
1592463 The IPv4 fragmented packets might be broken if PTP transparent clock is configured
Product-Group=junos
On QFX5K platforms with PTP transparent clock enabled, the IPv4 fragmented packets of UDP datagram might be broken by PTP in some rare scenario, and the corrupted packets will be a part of the payload.
1606256 Multicast streams may stop flooding in VXLAN setup
Product-Group=junos
In VXLAN with multicast used scenario, multicast traffic might not get flooded if the multicast IP is in one of the IP range (224.0.0.32 - 224.0.0.255). This is because a newly introduced dynamic filter only works for non-VxLAN traffic.
PR Number Synopsis Category: analyzer on QFX 5100,5200, 5110
1590150 VXLAN DDoS violation may occur when disabling the port mirror analyzer output interface
Product-Group=junosvae
On Junos QFX5200/QFX5210 platforms, when port mirror analyzer configured with output as AE(aggregated Ethernet) interface, and when disabling AE interface or removing the last member of the AE interface or AE interface going down, the packets getting mirrored to CPU VXLAN(Virtual Extensible LAN) queue for few seconds. The VXLAN DDOS(Denial-of-Service) violation may be seen, and the packet to CPU VXLAN queue may be affected by this issue.
PR Number Synopsis Category: DCBX
1554098 The interface might not come up with 1G optics.
Product-Group=junosvae
On QFX-5100-48s platforms, the interfaces might remain in down state after loading the QFX 5E Series image on the device. This issue is only observed with 1G optics(SFP-SX & SFP-LX10) and auto-negotiation setting enabled. The traffic through the affected interface will be lost.
PR Number Synopsis Category: QFX L2 PFE
1580352 DHCP packets might be dropped if dynamic filter 'dyn-dhcpv4_v6_trap' is applied on the interface
Product-Group=junos
DHCP packets might be dropped when dynamic filter 'dyn-dhcpv4_v6_trap' is applied and software-based learning CLI is enabled on the interface.
1596773 Traffic might be dropped after backup FPC is rebooted in a VC scenario
Product-Group=junos
If the egress firewall filter with policier is configured on the AE interface on QFX5K/EX46XX platforms, traffic might be dropped after the backup FPC is rebooted in a virtual chassis scenario.
1597261 The interface might not be brought up when QinQ is configured
Product-Group=junos
The interface might not be brought up if Q-in-Q is configured on Broadcom chipset based QFX/EX platforms except EX2300
1600892 Two copies of broadcast ARP packets are sending to the other VTEPs
Product-Group=junos
On EX2300/3400/4300/46XX and QFX5000 Series platforms in EVPN/VXLAN scenario, the L2 Leaf devices might send two copies of broadcast ARP packets to other VTEPs.
1602914 Traffic drop might be observed on QFX5K platforms in virtual chassis scenario when firewall filter is configured
Product-Group=junos
On QFX5k platforms in the Virtual chassis scenario, when the firewall filter is applied over the AE interface and AE is having only one child member from FPC0 and there are no child members from FPC1, all the packets flowing through backup FPC will be dropped.
1607249 LLDP packets received on VxLAN enabled port might be flooded unexpectedly
Product-Group=junos
If Link Layer Discovery Protocol (LLDP) packets are received on Virtual Extensible LAN (VxLAN) enabled port, these LLDP packets might be flooded unexpectedly. The issue could make LLDP session keep swapping. As a result, services like Power over Ethernet (PoE) etc might be affected.
PR Number Synopsis Category: qfx-sw-mclag
1605234 MAC move may be seen between the ICL and MC-LAG interface if adding/removing VLANs on the ICL interface
Product-Group=junos
On QFX/EX platforms with MC-LAG used, if adding/removing VLANs on the ICL (the interchassis link) interface which is used to forward data packets link between two MC-LAG peers, a continuous MAC move might be seen between the ICL and MC-LAG interface. When this happens, it will cause traffic drop due to the flooding as a consequence of the MAC moves.
PR Number Synopsis Category: QFX EVPN / VxLAN
1589702 LLDP packets drop on SP style interface for QFX devices
Product-Group=junos
On QFX platforms with VxLAN Ports configured in SP style, LLDP neighbor ship may not be formed due to wrong IFL allocation in hostpath. This can cause LLDP packet drops.
PR Number Synopsis Category: KRT Queue issues within RPD
1554981 The rpd process may crash if the BGP route is resolved over a tunnel
Product-Group=junos
On all Junos platforms, the rpd process might crash if the BGP route is resolved over the tunnel (e.g. IPIP, GRE, and UDP).
1572130 High CPU usage may occur on rpd for routes that use static subscriber
Product-Group=junos
On all Junos platforms in subscriber scenario, routes that use static subscriber demux or ge interfaces as qualified next-hop may be stuck due to the error "Destination address required" after GRES/ISSU. This may cause high CPU usage for rpd. The rpd restarts itself and system recovers automatically.
1588439 The rpd crash might be observed on the router running a scaled setup
Product-Group=junos
On all Junos platforms, in a rare scenario with scaled routing set up, the Kernel memory might get full which could lead to the rpd crash. There will be service impact and it will get recover automatically after the crash. When the rpd crash happens, the core-dump files could be seen by executing CLI command "show system core-dumps". user@hostname>show system core-dumps -rw-rw- - - - 1 root field /var/tmp/rpd.core<*>.gz
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1590638 The rpd might crash in scaled routing instances scenario
Product-Group=junos
On all Junos and Evo platforms, when scaling routing instances are added, routing daemon might crash and core after name index table space exhaustion. This might cause traffic loss.
PR Number Synopsis Category: Resource Reservation Protocol
1603613 RSVP detour LSP might fail to come up when an LSR in the detour path goes down
Product-Group=junos
In RSVP environment with fast-reroute enabled, when an LSR in a detour LSP goes down in particular scenario, the newly signaled detour path might be brought down and remain in incomplete state, due to a defect in RSVP-IO thread that it continues sending incorrect Path Refresh which brings down the detour path.
PR Number Synopsis Category: SW PRs for SCBE3 fabric
1593821 Fabric errors will be generated after swapping MPC10E with MPC7E in the same slot
Product-Group=junos
In MX240/MX480/MX960 routers with SCB3E scenario, if MPC7E is swapped with MPC10E in the same slot or the MPC10E is inserted into an empty slot, the fabric link-training for the line-card impacted will failure and fabric links will not come up. This will cause not be able to send traffic over fabric.
PR Number Synopsis Category: Secure Web Proxy functionality on Junos
1589957 Pass-through traffic might fail post reboot when Secure Web Proxy is configured
Product-Group=junos
On SRX-Series devices, pass-through traffic on Secure Web Proxy may fail after rebooting the device.
PR Number Synopsis Category: SNMP Infrastructure (snmpd, mib2d)
1606600 SNMP reflects outdated ARP entries
Product-Group=junos
When the ARP entry gets removed in the ARP table, and if there is a presence of a static route referring to the removed NH IP, the refcount will not be 0. In that case, the kernel will not send a DELETE message to mib2d. As a result, SNMP still has the ARP entry even after it's expired in the ARP cache.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1600619 The Multiservices card doesn't drop the TCP ACK packet received as a reply to the self-generated TCP keepalive
Product-Group=junos
On MX with Multiservices card (MS-PIC/MS-MPC) installed, when the user's TCP session is passing the Multiservices card, TCP tickle functionality tries to extend TCP session after the inactivity-timeout expires by sending self-generated TCP keepalive packets to both parts of TCP connection and expecting the TCP ACK to be seen from both parts. While the expected behavior is to drop that TCP ACK packet on Multiservices card upon receiving, it sends to another part of TCP connection, this causes confusion and inability to extend TCP session, and then causes impact on long-lived TCP sessions with low volume of traffic.
PR Number Synopsis Category: SFW, CGNAT on MS-MIC/MS-MPC (XLP)
1574321 DS-Lite throughput degradation might be seen on MS-MPC
Product-Group=junos
On MX240, MX480, MX960, MX2008, MX2010 and MX2020 platforms with MS-MPC, when sending DS-Lite softwire session under heavy load in MS-MPC, throughput performance for DS-Lite in MS-MPC is dropped about 80 percent. Packets drop might be seen.
1593226 The TCP keepalive might not be processed by the private network host
Product-Group=junos
On MX platforms with MS-MPC and MS-MIC when tcp-tickle knob is enabled under services-options in DS-lite (Dual-Stack lite) with NAT scenario, the TCP keepalive might not be processed by the private network host and the purpose of TCP keepalive gets compromised.
1598720 The packet loop might be seen after receiving the PCP request packets which are destined to softwire concentrator address
Product-Group=junos
On MX platforms with MS-MPC/MS-PIC, the packet loop might be seen after receiving the PCP Mapping request packets to service-set where pcp rule is not configured and the packet loop might cause high CPU utilization.
PR Number Synopsis Category: Remote Access VPN issues on SRX
1599398 httpd-gk core might be observed when ipsec vpn is configured
Product-Group=junos
On SRX-Series devices with ipsec vpn configured when vpn_config is NULL, httpd-gk core might be observed.
PR Number Synopsis Category: SSL Proxy functionality on JUNOS
1597111 The flowd might core dump if application-services security policy is configured
Product-Group=junos
On SRX platforms, the flowd might core dump if application-services security policy is configured. The traffic outage would occur if this issue is hit.
PR Number Synopsis Category: MPC7/8/9 Interface Issues
1546704 The 40G or 100G interfaces might flap during ISSU if PTP is deactivated on the interfaces on MX/EX92 platforms
Product-Group=junos
On MX/EX92 platforms with MPC7/8/9 or similar chips, if PTP configuration was previously used and then deactivated for 40G or 100G interfaces, the interfaces might flap during ISSU.
PR Number Synopsis Category: SRX-1RU platfom related protocol, QoS, filtering features et
1595462 Node1 fpc0(SPM) goes down after ISSU and RG0 failover
Product-Group=junos
On SRX TVP platforms, after ISSU (In-Service Software Upgrade), traffic outage might happen after RG0 failover from node0 to node1.
PR Number Synopsis Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1596645 Wrong Input/Output Octets and Packets in Interim-update may be observed if a subscriber is present in multiple PFE instances
Product-Group=junos
In Enhanced Subscriber Management environment with interim-update configured, if a subscriber is present over multiple PFE instances (e.g. configure subscriber interface over aggregated Ethernet bundle), which is hosting in Push-model MPC that supports Next-Gen Broadband-Edge Statistics (e.g. MPC2E-NG/MPC3E-NG, MPC5E/7E/8E/9E), the wrong Input/Output Octets and Packets count in Interim-update may be observed. Please note that this issue is only applicable for releases 20.1 and prior. The code was restructured on 20.2 and post, so the issue is no longer applicable.
PR Number Synopsis Category: Trio pfe stateless firewall software
1588708 The traffic might not failover with shared-bandwidth-policer enabled on AE
Product-Group=junos
On all MX platforms, when having a shared-bandwidth-policer attached to an AE interface as an interface policer, the traffic might not be policed as expected after AE child member link changes (add/delete/Up/Down). This is caused by missing interface policer update.
1598830 The service filter might get wrongly programmed in PFE due to a rare timing issue in enhanced subscriber management environment
Product-Group=junos
In enhanced subscriber management environment, if a service filter is applied to a dynamic service set, the service filter instance will be created on Packet Forwarding Engine (PFE) based on the configured service filter template. If the configured service filter template is changed at the same time a service filter instance is instantiated, the service filter might get wrongly programmed in PFE due to a rare timing issue. This issue could cause the service failure.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1535063 BUM/multicast traffic will be discard when multicast/flood route with multiple next hops
Product-Group=junos
On all Junos platforms with certain linecards(such as MPC7/8/...12), when the multicast/flood route with multiple next hops in a large scale, the BUM(Broadcast, Unknown unicast, Multicast) and multicast traffic will be discard.
1568324 The L2TP tunnel might not work with filter-based encapsulation
Product-Group=junos
On all MX platforms, the L2TP tunnel will not work with filter-based encapsulation for the breakout interface. This issue is seen as the parsing logic in PFE (Packet forwarding engine) for getting the tunnel parameters could not handle breakout interface scenarios.
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1558899 Some transmitting packets may get dropped due to the "disable-pfe" action is not invoked when the fabric self-ping failure is detected
Product-Group=junos
On the Trio-based line card with more than one PFEs, if there is a fabric self-ping failure detected on one of the PFE, the chassisd will disable all the IFD (physical interfaces) associated with the PFE to prevent blackhole and report a major CMERROR. Because the affected PFE is still active, and some of the applications (like BFD over AE across multiple FPCs/PFEs) are still using the PFE to transmit packets, the packets will get dropped due to all interfaces being disabled.
1568944 Traffic might be dropped when the default route is changed in inet.0 table
Product-Group=junos
Traffic might be dropped on MX/EX92xx trinity platforms when the default route is changed in the inet.0 table. It might take 2-3 seconds to be updated in PFE. This issue can be recovered automatically.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1569903 During rare circumstances, the mgd process might crash and generate a core file on Junos devices connected with Contrail Service Orchestration (CSO)
Product-Group=junos
On all Junos devices connected with CSO, during rare circumstances which are get-configuration rpc and commit are run together, the mgd process might crash and generate a core.
PR Number Synopsis Category: Virtual Router Redundancy Protocol
1578126 ARP resolution failure might occur during VRRP failover
Product-Group=junos
On Junos platforms with VRRP failover-delay configured, changing VRRP mastership might cause peer device to re-learn VIP ARP entry on old master interface due to timing issue.
PR Number Synopsis Category: VSRX platform software
1564117 Fabric probe packets might be processed incorrectly when power-mode-ipsec (PMI) is enabled
Product-Group=junos
On SRX-Series devices with PMI enabled, the fabric probe packets used by HA (High-availability) control plane might be processed incorrectly.
PR Number Synopsis Category: usf ams related issues
1590890 NAT service might not happen after performing AMS switchover or deactivating/activating NAT service
Product-Group=junos
Network Address Translation (NAT) service might not take effect when executing Aggregated Multiservices Interface (AMS) switchover or bouncing NAT service. When this issue happens, duplicate NAT entries could happen. Possible restoration method is already provided. However, please arrange a maintenance window if AMS switchover or NAT service bouncing is necessary.
PR Number Synopsis Category: usf nat related issues
1598017 ALG traffic might be dropped
Product-Group=junos
On SRX-Series devices, ALG traffic might be dropped when incoming packet contains "HTTP/" and "rn" characters in data or NAT slipstream packets.
1599603 MX SPC3 applications for protocol ICMP is not detected and does not allow user to modify inactivity-timeout values.
Product-Group=junos
MX SPC3 applications for protocol ICMP is not detected and does not allow user to modify inactivity-timeout values.
 

20.1R3-S1 - List of Known issues

PR Number Synopsis Category: EX4300 Platform
1453107 High CPU utilization of pfex_junos process due to the "PoE Periodic" thread
Product-Group=junos
On EX4300 POE switches, the pfex process CPU utilization becomes high after 6-8 weeks. There is no functional impact.
PR Number Synopsis Category: Border Gateway Protocol
1515264 The BGP link-bandwidth of the non-multipath routes are included in an aggregation
Product-Group=junos
On all Junos platforms, if there are multiple routes to a destination and these routes are associated with the link-bandwidth extended community, the link-bandwidth of these routes will be aggregated even though they should not be. This occurs even if these routes are not participating in multipath (that is, BGP multipath is not enabled). Due to the incorrect aggregated link-bandwidth value, traffic load imbalance issue will be seen.
PR Number Synopsis Category: Device Configuration Daemon
1587552 The dcd process crash might be seen after performing RE switchover/reboot/management interface configuration change
Product-Group=junos
On all Junos platforms, the device control process (dcd) process crash might be seen after performing RE switchover or reboot the device or management interface configuration change due to memory corruption triggered by a code in the Junos kernel.
PR Number Synopsis Category: EA chip ( MQSS SW issues )
1551353 The Packet Forwarding Engine might get disabled when major CMERROR occurs due to the parity errors
Product-Group=junos
On MX/EX92xx platforms, the PFE (packet forwarding engine) might get disabled when the major CMERROR occurs due to the parity error in the DRD memory block's SRAM. This PR re-classified these errors "Minor" to avoid the "disable-pfe" action and the operational outage.
PR Number Synopsis Category: to track replication related interface bugs
1606779 When MTU is configured on an interface, a rare ifstate timing issue could occur at a later point resulting in ksyncd process crash on backup RE.
Product-Group=junos
When MTU is configured on an interface, a rare ifstate timing issue could occur at a later point resulting in ksyncd process crash on backup RE. When ksyncd crashes on backup RE, a live kernel core is also dumped on both the REs. There is no service impact due to this issue.
PR Number Synopsis Category: Firewall Network Address Translation
1406248 The nsd process crashes and creates coredump. This can impact transit traffic.
Product-Group=junos
If an application is configured in source/destination NAT rule, once this application is deleted or modified, the nsd process might crash and generate a coredump. This can lead to packet drops.
PR Number Synopsis Category: Firewall Policy
1582020 20.4R2:5K:POLICY:policy analysis report of different report types output is not coming as expected
Product-Group=junos
Policy Report out is not coming as expected due to this issue. From functionality point of view there is no impact on services running on data and policy lookup. So data-path services are not impacted.
1582344 20.4R2:SRX4200:policy report type with consolidation configured shows more consolidated policies than expected
Product-Group=junos
The issue is related to output of one of the CLI command where it display some additional then expected data. However it will not cause any issue with data path functionality on PFE. It's more like display issue.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1596483 JDI-RCT:M/Mx: Observed Mcscnoopd cores @ snp_token_db_gencfg_handler,krt_decode_gencfg,krt_ifstate_resync_read,krt_async_recv_ifstate_resync_phase
Product-Group=junos
Post In-Service Software Upgrade (ISSU) Issue will be seen on deleting and adding back sample config below. interfaces { ge-0/2/5 { flexible-vlan-tagging; encapsulation flexible-ethernet-services; gigether-options { ethernet-switch-profile { tag-protocol-id 0x0800; } } unit 1 { vlan-id 1; family inet { filter { input inet4filter; output inet4filter; } address 16.0.6.65/30; } family inet6 { filter { input inet6filter; output inet6filter; } address 2002:0000:0000:0000:0000:0000:1000:0641/126; } } } }
PR Number Synopsis Category: Multiprotocol Label Switching
1598207 Sometimes MPLS LSP may go down due to a timing issue when a protected link goes down
Product-Group=junos
When a protected link goes down, MPLS gets tunnel local repair message from RSVP and trigger CSPF computation. Next, MPLS gets link protection information through RRO notification. If MPLS receives TED notification first before RRO notification, then CSPF computation fails. Since the link protection flag is not set, MPLS thinks it is an unprotected link and brings down the LSP.
PR Number Synopsis Category: MX10K platform
1592670 [rpm] [rpmtag] JUNOS: JDI_FT_REGRESSION:PLATFORM_PFE:ROUTING:100 % probe loss observed for rpm twamp client probe while testing TWAMP Client
Product-Group=junos
Release note needed.
PR Number Synopsis Category: vMX Data Plane Issues
1556719 The core.python2.7.mpc0 core file is observed while trying to integrate script in vZT.
Product-Group=junos
DEV needs to provide release note.
PR Number Synopsis Category: QFX L2 PFE
1417546 Either unicast RPF in the Strict mode or ICMP redirect does not work.
Product-Group=junos
On QFX5110 and QFX5120 platforms, either unicast RPF in strict mode or ICMP redirect does not work properly.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1477603 The unexpected next-hop might be seen after route deleted
Product-Group=junos
On QFX5000/EX4600 Series platforms with "instance-import", deleting route which has "next-table" used might result in unexpected route next-hop.
1594030 Packet drop might occur in ECMP next-hop flap scenario
Product-Group=junos
On all Broadcom based platforms, ECMP next-hop flaps or MTU size changes may result in the route pointing to 100004 on PFE level. When this issue happens any packet/traffic hitting this route may get dropped silently.
PR Number Synopsis Category: QFX MPLS PFE
1589840 The MPLS traffic might not be forwarded after the aggregate interface flap on EX4350/EX4650/QFX5120
Product-Group=junosvae
On the EX4350/EX4650/QFX5120 platform with MPLS, the traffic might not be forwarded after the aggregate interface flap.
PR Number Synopsis Category: QFX EVPN / VxLAN
1554389 Wrong ARP reply might be sent via AE interface on QFX5000 series platforms
Product-Group=junos
Wrong Address Resolution Protocol (ARP) reply might be sent by QFX5000 series platforms when the ARP request packet is received via an Aggregated Ethernet (AE) interface. This issue affects QFX5000 series platforms running Junos image only. Please refer to workaround to avoid this issue.
PR Number Synopsis Category: QFX VC Infrastructure
1559172 The VCF might become not stable
Product-Group=junos
When adding a new leaf to VCF of 12 members without setting its VC mode to 'fabric' on QFX5100 platforms, it might cause the VCF to become not stable.
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1547432 There might be traffic drop when ingress PFE is fast and egress PFE is slow to act for indirect nexthop change
Product-Group=junos
On all Junos and EVO platforms when next-hop gets added/changed to PFE (packet forwarding engine) and the same next-hop is also forwarding nexthop of an indirect route, if ingress PFE is fast and egress PFE is slow, then this will result in packet loss as ingress PFE being faster would have seen new FNH and also the indirect change. But egress PFE being slower would not have consumed indirect change yet.
PR Number Synopsis Category: RPD policy options
1596436 BGP route preference using PBR is not applied to all the routes when CCNH Inet6 is enabled
Product-Group=junos
BGP route preference using PBR might be not applied to all the routes when both CCNH inet6 and policy-based routing are configured. Some routes might change their route preferences.
PR Number Synopsis Category: Resource Reservation Protocol
1592884 [protocols_mpls] [rsvp] mx480 : :: [PRedator]: Observing Packet loss when primary link is enabled
Product-Group=junos
Release note needed.
PR Number Synopsis Category: Secure Web Proxy functionality on Junos
1588139 20.1R3:SRX-RIAD:vSRX3.0: Web-proxy: Getting UNKNOWN instead of HTTP-PROXY for application and UNKNOWN instead of GOOGLE-GEN in RT-FLOW close messages
Product-Group=junos
Web-proxy: Getting UNKNOWN instead of HTTP-PROXY for application and UNKNOWN instead of GOOGLE-GEN in RT-FLOW close messages These messages can be seen in the RT-flow close log and these are due to JDPI not engaged for the session. This may affect the app identification for the web-proxy session traffic.
PR Number Synopsis Category: security-intelligence feature on SRX
1591236 20.1R3 & 20.3R3: SecIntel:The issue (empty feed-name) starts with the hit returned from cache which points to the node with the parameter of feed-ID (2) inconsistent with the feeds-update (when it's 1). As a result the incorrect feed-ID points to the empty entry in the array of the feed-names.
Product-Group=junos
The issue (empty feed-name) starts with the hit returned from cache which points to the node with the parameter of feed-ID (2) inconsistent with the feeds-update (when it's 1). As a result the incorrect feed-ID points to the empty entry in the array of the feed-names. The cause of this issue under investigation.
PR Number Synopsis Category: SRX-1RU platfom datapath SW defects
1583127 Packet drop or srxpfe coredump might be observed due to Glacis FPGA limitation
Product-Group=junos
On SRX4600, due to Glacis FPGA (Field Programmable Gate Array) limitation in out of order processing, packet drop or srxpfe coredump might be observed.
PR Number Synopsis Category: Trio LU, IX, QX, MQ chip drivers, ucode & related SW
1568072 Reclassify the severity of the CMERROR "XMCHIP_CMERROR_DDRIF_PROTECT_WR_RD_SRAM_RUNN_CHKSUM" from major to minor
Product-Group=junos
On the MX/EX92xx/SRX platforms with XM chipset based line card installed, when the line card experiences the CMERROR "XMCHIP_CMERROR_DDRIF_PROTECT_WR_RD_SRAM_RUNN_CHKSUM", the disable-pfe action will be involved. This issue will cause the PFE to be disabled and traffic lost.
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1602357 Unbalanced egress traffic on AE interfaces and ECMP interfaces for AFT based MPC10/11 cards might be seen for the unbalanced unilist routes.
Product-Group=junos
If traffic ingresses an AFT based MPC (MPC10/11) and egresses an AE interface then traffic distribution across the members may be unbalanced And for ECMP traffic too, it may be unbalanced over unbalanced unilist routed members.
PR Number Synopsis Category: Trio pfe mpls- lsps,rsvp,vpns- ccc, tcc software
1568879 BFD may set the maximum weight to the AE interface and cause traffic blackholing
Product-Group=junos
In some rare scenarios, when the FPC encounters a transient/permanent HW error and all the interfaces are brought down but FPC is still online, the BFD may set the maximum weight to the AE interface and cause traffic blackholing.
PR Number Synopsis Category: Web-Management UI
1513612 On the EX2300 and EX3400 devices, installing J-Web application package might fail.
Product-Group=junos
On the EX2300/EX3400 platforms, J-Web application package may fail to be installed with the affected releases.
PR Number Synopsis Category: usf ams related issues
1597386 Traffic might be interrupted on changing configuration from AMS warm-standby to AMS deterministic NAT
Product-Group=junos
On all MX/SRX platforms, changing configuration AMS 1:1 warm-standby to load-balance or deterministic NAT may result in vmcore and cause traffic loss.
 
Modification History:
First publication 2021-09-02
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search