Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

20.3R3-S1: Software Release Notification for JUNOS Software Version 20.3R3-S1

0

0

Article ID: TSB18165 TECHNICAL_BULLETINS Last Updated: 15 Sep 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 20.3R3-S1 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Risk Risk Description
Low/Notification - No defined time impact to take action Software Release Notification
Impact Impact Description
Low/Notification - Monitor the situation but no action needed Software Release Notification

Solution:

Junos Software service Release version 20.3R3-S1 is now available.

20.3R3-S1 - List of Fixed issues

PR Number Synopsis Category: EX4300 PFE
1597548 Broadcast traffic might be discarded when a firewall filter is applied to the loopback interface
Product-Group=junos
On EX4300 platforms, when a firewall filter for broadcast traffic with discard action policer is applied to the loopback interface, all broadcast packets (including Layer 2 forwarding packets, such as DHCP discover packets) that match this filter rule might be dropped.
1601005 The VRRP packets might not be forwarded when "mac-move-limit" knob is configured
Product-Group=junos
On EX4300 platforms, if the device worked as a layer 2 transit switch between VRRP routers and the knob "mac-move-limit" is configured, the VRRP packets might not be forwarded after clearing ethernet-switching table.
1602399 Adding ae configuration without child member may cause MAC/ARP learning issues
Product-Group=junos
On EX4300 series platforms, addition of no child lag into VSTP/RSTP instance with VSTP being disabled for all other ports in the same VLAN may cause traffic loss on ports which are part of the VLAN.
PR Number Synopsis Category: EX4300 Filters implementation
1578859 The dcpfe crash is observed on Junos QFX/EX platforms
Product-Group=junos
On Junos QFX/EX platforms, the dcpfe crash may be seen. This is due to the interface flaps that on which a large number of mac-based VLAN clients registered. When it happens, the dcpfe crash, and the PFE(Packet Forwarding Engine) will restart, then all the traffic related to the PFE may be dropped. After that, the PFE could be self-recovery.
PR Number Synopsis Category: EX4300 Layer 2 implementation
1592133 The DHCP relay may not work if it connects with the server via type 5 route which with AE interface as the underlay interface
Product-Group=junos
On EX4300MP platforms, if an AE interface is configured as the underlay interface for the type 5 route that is used to connect the DHCP relay and server, the DHCP relay might not work which will result in the DHCP client failing to obtain an IP address.
PR Number Synopsis Category: Marvell based EX PFE ACL
1611480 The fxpc process might crash and generate core
Product-Group=junos
On EX4600/QFX5K platforms, the fxpc process might crash and generate core when router-advertisement-guard is configured under DHCP (Dynamic Host Configuration Protocol) forwarding-options.
PR Number Synopsis Category: EX2300/3400 PFE
1594353 Storm control profile might not be applied on EX2300 platforms
Product-Group=junos
On EX2300 platforms, storm control profile might not be applied hence there might be CPU high usage or packets loss issues on the device if there is large amount of broadcast or unknown unicast packets arriving the device.
1598346 The backup VC member may not learn mac-address on a master after removing a VLAN unit from the SP style AE interface which is part of multiple VLAN units
Product-Group=junos
On EX2300/3400/4300MP/4400 and QFX5100/5110/5200 VC platforms, if removing a VLAN unit from the SP style AE interface which is part of multiple VLAN units, the backup member might not learn mac-address on a master and start processing packet to that mac as unknown unicast. In this case, flooding will happen in the VLAN which might cause traffic loss due to the limited bandwidth.
1610253 DHCP packets might be received and then returned back to DHCP relay through the same interface on EX2300/EX3400/EX4300/QFX VC platforms
Product-Group=junos
On EX2300/EX3400/EX4300/QFX Virtual Chassis (VC) platforms which are connected to Dynamic Host Configuration Protocol (DHCP) server via DHCP relay, if the interface connected with DHCP relay is located on non master node, and the interface has the knob "dhcp-security" enabled under vlan, when the DHCP packets are received via DHCP relay and then need to be send out within the affected vlan through the same interface, the DHCP packets might get returned back to DHCP relay, instead of being dropped. Due to this issue, it might lead to Media Access Control (MAC) address move on DHCP relay and therefore bring potential risk of service impact.
PR Number Synopsis Category: NFX Layer 2 Features Software
1592019 Unable to configure ports on firewall filter of NFX devices
Product-Group=junos
On NFX platforms, commit error may be seen when configuring firewall filter with destination-port and/or source-port match conditions for ethernet-switching family
PR Number Synopsis Category: L2NG bug tracking
1582989 The srxpfe process might crash on SRX1500
Product-Group=junos
On SRX1500 platforms with AE interface configured, if the IRB interface is also configured and enabled, the srxpfe process might crash.
PR Number Synopsis Category: Accounting Profile
1521223 Logical interface statistcs for as(aggregated sonet) are displayed double value then expected.
Product-Group=junos
On MX series with Junos 16.2 or later version, when using as(aggregated sonet) interface, logical interface statistcs for member links of as interface are displayed double value then expected
PR Number Synopsis Category: ACX Interfaces IFD, IFL, vlans, and BRCM init
1606424 The FEB (Forwarding Engine Board) might crash on ACX1000/ACX1100/ACX2000/ACX2100/ACX4000 platforms
Product-Group=junos
On ACX1000/ACX1100/ACX2000/ACX2100/ACX4000 platforms if using Junos release 17.4R3-S1, 20.1R1 and subsequent releases, when PTP is configured the FEB (Forwarding Engine Board) might crash which cause interfaces to be disappeared.
PR Number Synopsis Category: MPC Fusion SW
1602939 The PFE might be disabled by a detected major CMERROR event while ungracefully removing the MIC from MPC2E-3D-NG/MPC3E--3D-NG
Product-Group=junos
On MPC2E-3D-NG/MPC3E--3D-NG with the certain chipset based MIC (like 20x1G MIC and 2x10G MIC), the PFE may be disabled while ungracefully removing the MIC from the MPC (e.g. without taking the MIC offline from CLI or with a MIC button).
PR Number Synopsis Category: Application Quality of Experience
1599191 The flowd process might crash in AppQoE scenarios
Product-Group=junos
On SRX Series devices or NFX Series devices with AppQoE (Application Quality of Experience) configured, in a race condition that a data session is destroyed but passive probing for that session is occurring concurrently, the flowd process might crash.
PR Number Synopsis Category: BBE GRES related issues
1610476 The authd process and RADIUS might have stale L2BSA subscriber entries
Product-Group=junos
In subscriber management scenario, if JSU package for Broadband Edge Subscriber Management daemon (bbe-smgd) is installed on backup RE when it is syncing subscriber information from master then the authd process and RADIUS might have stale Layer 2 Bit Stream Access (L2BSA) subscriber entries which might cause subscribers logout and re-login.
PR Number Synopsis Category: Border Gateway Protocol
1556656 Route validation states might flip between VALID/INVALID/UNKNOWN in some corner case
Product-Group=junos
In BGP Resource Public Key Infrastructure (RPKI) Origin Validation Scenario, in certain corner case, if there are periodic SerialNotifies received from the RPKI server then some ROA's that are stable in the RPKI cache server are deleted in Juniper router and then are relearned after some time. Due to this route validation state might flap and cause traffic impact.
1585321 The rpd crash might be seen when BGP RPKI session record-lifetime is configured less than the hold-time
Product-Group=junos
In BGP RPKI (Resource Public Key Infrastructure) scenario, if the session record-lifetime is configured less than the hold-time, the record-lifetime for route validation (RV) might expire while the session is still up, which will cause the rpd crash.
1592123 The rpd crash might be seen if BGP peer flaps
Product-Group=junos
On all Junos platforms, when a BGP peer flaps, if the received routes are changed by the BGP process from active to inactive while cleaning up these received routes, the rpd crash might be seen.
1607777 With rib-sharding enabled any commit will flap all BGP sessions with 4 byte peer-as (AS number 65536 or greater)
Product-Group=junos
On all Junos platforms, if both rib-sharding and 4-byte peer-as (AS number 65536 or greater) are configured then BGP peers with 4-byte peer-as might flap whenever any configuration change occurs.
PR Number Synopsis Category: BBE Remote Access Server
1600655 Subscribers might be stuck in terminated state when the radius server is unreachable
Product-Group=junos
In subscriber scenario, if RADIUS accounting backup is configured and the radius server is unavailable for more than 30 minutes, some subscribers might be stuck in terminated state and cannot be recovered even if the radius server is reachable.
1609403 Prefix duplication errors might occur for DHCPv6 over PPPoE subscribers
Product-Group=junos
On DHCPv6(Dynamic Host Configuration Protocol) over PPPoE(Point-to-Point Protocol over Ethernet) scenario, where the PPPoE sessions have delegated IPv6 prefix assigned from a local pool, when a DHCP session comes up over the PPPoE leading to a change to the PPPoE session?s address, an address-change notification would be triggered. The processing of this notification by general-authentication-service would result in wrong marking of the delegated IPv6 prefix as available. Once this happens, DHCP service might re-assign the same prefixes which would be rejected because of IP duplication.
1612196 DHCP session fails with CLI knob 'session-limit-per-username'
Product-Group=junos
On all Junos platforms with DHCP (Dynamic Host Configuration Protocol) over PPPoE (Point-to-Point Protocol over Ethernet) and 'session-limit-per-username' configured, if either interface or access configuration is modified while DHCP sessions are logged in, any new DHCP (v4/v6/PD/NA) session without authentication that uses the same access profile cannot log in.
PR Number Synopsis Category: MX Platform SW - Mastership Module
1570841 PDB pull or synchronization might fail during ISSU
Product-Group=junos
On M/MX/EX92XX/T series platforms, when ISSU is performed from any lower version to 21.1 or higher, the PDB( Profile DataBase) pull or synchronization might not happen and new subscribers can fail to login.
PR Number Synopsis Category: Class of Service
1599024 Child mgd processes may get stuck when multiple sessions continuously asking for interface information
Product-Group=junos
When running netconf or any such session and querying interface information in XML format and having such multiple sessions (around 50-60) continuously asking for interface information may cause the child mgd process to get stuck, and if more than one (at least 4-5) child mgd processes gets stuck, the mgd will stop functioning, which may cause any new configuration to not take effect.
PR Number Synopsis Category: Enhanced Broadband Edge support for cos
1607056 New subscribers might not connect due to the CR-Features service object missing on FPC
Product-Group=junos
On all MX platforms, in a subscriber management environment, new subscribers might not connect if CoS (Class of service) CR-features (Classifier Rewrite) are used by the VBF (Variable Based Flow) service. The reference count mismatching between RE (Routing Engine) and VBF is caused by VBF flow VAR CHANGE failure.
PR Number Synopsis Category: Class of service in forwarding daemon
1599857 Traffic loss might be observed if per-unit-scheduler is configured on AE interface
Product-Group=junos
On all Junos platforms with per-unit-scheduler support, when per-unit-scheduler is configured on AE interface, after cosd restart or NSR switchover, unbind/bind of scheduler over child interface of AE might occur. In NSR switchover scenario, traffic loss may be seen.
PR Number Synopsis Category: QFX Access Control related
1522469 MPPE-Send or Recv-key attribute is not extracted correctly by dot1xd.
Product-Group=junos
dynamic-cak scenario will be impacted as MPPE-Send-Key and MPPE-Recv-Key, received from radius as part of Access-accept are not getting extracted by dot1xd and so macsec session is not getting triggered.
1574480 Private VLAN configuration might fail in certain scenario
Product-Group=junos
On all Junos platforms if 802.1X authentication is configured globally using the set protocol dot1x interface all command and if trunk interface is configured with vlans then Private VLAN configuration might fail.
1587837 Process dot1xd crash might be seen and re-authentication may be needed on EX9208 platform
Product-Group=junos
On EX9208 platform with fusion scenario where around 30,000 mac-radius authenticated sessions are established, process dot1xd might crash and the users may need to have re-authentication due to relevant memory not getting freed when dot1x is deleted on any interface, which causes a memory leak and leads the crash.
1594224 Clients authentication failure might occur due to dot1x daemon memory leak
Product-Group=junos
On all Junos platforms supporting dot1x daemon, when the switchover is performed in a VC (Virtual Chassis) with two members might cause dot1x daemon memory leak, as a result when memory consumption is high (~75 to 90 percent), it might lead to clients authentication failure.
PR Number Synopsis Category: Device Configuration Daemon
1587552 The dcd process crash might be seen after performing RE switchover/reboot/management interface configuration change
Product-Group=junos
On all Junos platforms, the device control process (dcd) process crash might be seen after performing RE switchover or reboot the device or management interface configuration change due to memory corruption triggered by a code in the Junos kernel.
1601566 The dcd process might crash and FPC might be stuck in ready state on MX platforms
Product-Group=junos
On MX platforms in Junos Fusion scenario, if targeted-distribution is configured for AE/vlan-demux/PPPoE interfaces whose underlying legs are on FPC numbers greater than 32 (for ex: ge-101/0/0) then the dcd process might crash and FPC might be stuck in ready state.
1602656 The AE interface might flap upon configuration changes
Product-Group=junos
On Junos Fusion system with MX/EX as Aggregation Devices, the 100G AE interfaces might flap upon unrelated configuration changes.
1608281 Memory leak on dcd process occurs when committing configuration changes on any interfaces in a setup with AMS interface configured
Product-Group=junos
With aggregated multiservices interface (AMS) configured, the memory leak on dcd daemon occurs when making configuration changes on any interface. The leak rate is slow and depends on the scale of the IFLs on AMS interfaces (e.g. if there are 8 AMS physical interfaces with 8000 logical interfaces, the leak is about 5MB on each commit), which may lead to dcd crash.
PR Number Synopsis Category: CoS support on DNX
1588860 FPC crash might be observed if "drop-profiles" is configured on ACX710
Product-Group=junos
On ACX710, if "drop-profiles" is configured for scheduler-map which is then applied to interfaces, the FPC might crash hence there is traffic loss.
PR Number Synopsis Category: ACX LAG infrastructure
1589168 Traffic might get forwarded through the member links in down state after new member links are added to AE interface on ACX710/ACX5400
Product-Group=junos
On ACX5400 (i.e., ACX5448/ACX5448-D/ACX5448-M) and ACX710 Universal Metro Routers, if some existing member links within an aggregated Ethernet (AE) interface are in down state, after adding new member links into the AE interface, traffic might get forwarded through the member links in down state and cause traffic drop.
PR Number Synopsis Category: OAM support on DNX
1526283 The aggregated Ethernet interface might not come up with LFM configured after reboot.
Product-Group=junos
On the ACX5448 platform, the AE interface might not come up with the OAM link fault management (LFM) action "link-down" configured after reboot.
PR Number Synopsis Category: JUNOS Dynamic Profile Configuration Infrastructure
1607494 Commit error: foreign file propagation (ffp) failed, reported for any type of change to dynamic-profiles.
Product-Group=junos
Commit error: foreign file propagation (ffp) failed, reported for any type of change to dynamic-profiles.
PR Number Synopsis Category: EVPN control plane issues
1594326 Transit Traffic gets dropped post disabling one of the PE-CE link on a remote Multi-Home PE in EVPN-MPLS A-A setup with Dynamic-List NextHop configured
Product-Group=junos
In an EVPN A/A ESI multihoming scenario with dynamic list next hop (DLNH)configured,when one of the multihomed CE-PE links goes down on remote MH-PEs, then traffic loss might be seen.
1597300 Traffic loss might be seen if AE bundle interface with ESI is disabled on master RE followed by a RE switchover
Product-Group=junos
On all Junos platforms traffic loss might be seen if AE bundle interface with ESI is disabled on master RE followed by a RE switchover.
1600653 The device announces router-mac, target, and EVPN VXLAN community to BGP IPv4 NLRI
Product-Group=junos
On all Junos platforms, when L3VPN interoperates with EVPN(Ethernet VPN) VXLAN(Virtual Extensible LAN) instance, the device announces router-mac, target, and EVPN VXLAN community to BGP IPv4 NLRI(Network Layer Reachability Information) which is not the right routing table. As a result, the traffic to the L3VPN will be dropped.
PR Number Synopsis Category: EX4400 PFE software
1603015 On EX4400 dot1x authentication may not work on EVPN/xlan enabled endpoints.
Product-Group=junos
On EX4400 dot1x authentication may not work on EVPN/xlan enabled endpoints. The issue is due to EAPOL packets received on VxLAN ports are not processed in hostpath.
PR Number Synopsis Category: Express PFE MPLS Features
1601360 The l2circuit packets with destination mac 01:00:0c:cc:cc:cd may get punted
Product-Group=junos
On PTX platforms, any packet with destination mac-address 01:00:0c:cc:cc:cd in the l2circuit may get dropped. The destination mac-address 01:00:0c:cc:cc:cd is the multicast mac of PVST and RPVST, the STP fails in the customer network due to which the entire traffic is down.
PR Number Synopsis Category: SRX1500 platform software
1606293 When the tap mode is enabled, the packet on ge-0/0/0 is dropped on RX side
Product-Group=junos
On SRX-series devices, if an interface other than ge-0/0/0 is configured as a TAP interface, all traffic through ge-0/0/0 is dropped.
PR Number Synopsis Category: IDP attack detection in the subscriber qmodules
1598867 Custom attack IDP policies might fail to compile
Product-Group=junos
On SRX-Series devices, custom attack IDP policies might fail to apply and compile.
PR Number Synopsis Category: IDP policy
1599954 IDP policy compilation is not happening when a commit check is issued prior to a commit
Product-Group=junos
On SRX platforms, IDP policy compilation is not loaded when a commit check command is run before commit command.
1601380 The srxpfe might crash while the IDP security package contains a new detector
Product-Group=junos
On all SRX platforms, the srxpfe process might crash and generate a core dump while installing the IDP security package which has the new detector version.
PR Number Synopsis Category: Signature Database
1594283 IDP signature DB update fails
Product-Group=junos
On SRX Branch platforms, it is unable to use latest signature pack due to IDP DB failing to update.
PR Number Synopsis Category: Internet Group Management Protocol
1607493 Multicast traffic might be duplicated on subscriber interface on MX platforms
Product-Group=junos
On MX platforms with distributed IGMP enabled, if a non-bbe junos interface joins the same multicast group as the subscriber interface followed by GRES/NSR switchover, then multicast traffic might be duplicated on subscriber interface.
PR Number Synopsis Category: Integrated Routing & Bridging (IRB) module
1565213 The new master RE post switchover might go into DB mode (or crash) on EX platforms
Product-Group=junos
On EX and EX-VC platforms, if post routing engine switchover, MAC address is configured to IRB interface (for ex: set interface irb.500 mac 00:11:22:33:44:55) on new master RE, then the new master RE might crash or go into DB mode.
PR Number Synopsis Category: ISIS routing protocol
1613384 RPD may core if TI-LFA or MLA feature ends up having more than 5 SIDs in the SRV6 SIDs stack.(SR-MPLS is not impacted).
Product-Group=junos
RPD may core if TI-LFA or MLA feature ends up having more than 5 SIDs in the SRV6 SIDs stack.(SR-MPLS is not impacted).
PR Number Synopsis Category: jdhcpd daemon
1590421 The DHCP ALQ Queue may get stuck causing subscriber flap
Product-Group=junos
On MX platforms with DHCP ALQ, the ALQ(Active Lease Query) TCP Queue may get stuck. This may cause the subscribers from Backup BNG(Broadband Network Gateway) not to be able to sync with Master BNG and eventually causing the subscribers in Master to start going down and result in a major outage.
PR Number Synopsis Category: jl2tpd daemon
1595088 Creating an ASI interface on MX platforms might lead to vmcore
Product-Group=junos
On all MX platforms, creating an ASI (Aggregated Inline Service Interface) IFD (Physical Interface) and shortly using the command "show interface asi details / statistics / extensive" before the PFE queue stats memory is allocated for the interface, might result in vmcore and could also lead to complete service impact.
PR Number Synopsis Category: Adresses ALG issues found in JSF
1598017 ALG traffic might be dropped
Product-Group=junos
On SRX-Series devices, ALG traffic might be dropped when incoming packet contains "HTTP/" and "rn" characters in data or NAT slipstream packets.
PR Number Synopsis Category: Application aware Quality-of-Service
1597875 The flowd core may be seen if the AppQOS module receiving two packets of a session
Product-Group=junos
On SRX platforms, during the parallel processing of packets of a session by the AppQOS module, the AppQOS module doesn't handle this properly and result in flowd core which impacts all services.
PR Number Synopsis Category: Flow Module
1583214 Multicast traffic drop may occur on TAP interface on SRX devices
Product-Group=junos
On SRX-series devices configured in tap-mode, a memory leak may occur when non-unicast traffic (e.g Multicast) arrives on a Tap interface. This can lead to the device being unable to process traffic after some time.
PR Number Synopsis Category: High Availability/NSRP/VRRP
1591559 Security policies might not be synced to all PFEs (Packet Forwarding Engine) post upgrade
Product-Group=junos
On SRX-Series devices configured in chassis-cluster, after ISSU (in-service software upgrade) when there is any policy or ipid related events/config change, the security policies might not sync to all the PFEs.
PR Number Synopsis Category: IPSEC/IKE VPN
1586324 Memory leaks on the iked process on SRX5000 Series with SRX5K-SPC3 installed
Product-Group=junos
On SRX5000 Series with SRX5K-SPC3 installed, when IPsec VPN is configured, memory leaks might occur on the iked process.
1593408 The IPSec tunnel might not come up if configured with configuration payload in a certain scenario
Product-Group=junos
On all SRX/NFX350 platforms, if IPSec tunnels are configured with configuration payload VPN, they might not come up if the configured subnet mask on st0 is not equal to /8, /16 or /24.
1605634 Traffic might be dropped in a corner case of IPsec VPN scenario on SRX5000 platforms with SPC3 installed
Product-Group=junos
On SRX5000 platforms with SPC3 installed and IP security (IPsec) Virtual Private Network (VPN) tunnels configured, if the gcm cipher (e.g. aes-128-gcm and aes-256-gcm) is used as the encryption algorithm, when the Internet Key Exchange Daemon (iked) process restore (e.g. caused by redundancy group 0 failover) happens, the iked process might get a wrong key being restored into the memory. After that, once there is Packet Forwarding Engine (PFE) reset/restart before the IKE Security Association (SA) rekey, traffic drop might happen due to this issue.
PR Number Synopsis Category: Security platform jweb support
1602228 J-web application might crash with httpd core-dumps
Product-Group=junos
On SRX-Series devices, the J-web application might crash and generate httpd core-dumps when "set system no-compress-configuration-files" is configured.
1603993 Radius users might not be able to view/modify configuration via J-web
Product-Group=junos
On SRX-Series devices, when Radius server is used for authentication with login-class "Juniper-Local-User-Name" then users might not be able to view/modify configuration via J-web.
1604929 On all SRX platforms, some widgets in JWeb might not load properly for logical systems users
Product-Group=junos
On all SRX platforms, some widgets in JWeb might not load properly for logical systems users
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1584109 Layer-2 multicast VXLAN instance is down since local vtep ifl is not associated to EVPN instance
Product-Group=junos
Multicast VXLAN EVPN instance is down since local vtep ifl is not associated to EVPN instance post deactivate/activate of routing-instance.
1596229 The l2ald process might crash on all leaves and spines after a new leaf is added to the EVPN fabric
Product-Group=junos
On all Junos platforms, the l2ald process might crash on all leaves and spines after a new leaf was added to the EVPN fabric.
1596483 Mcscnoopd might crash during deleting/adding layer-2 forwarding configuration after performing ISSU
Product-Group=junos
In layer-2 forwarding configuration with ISSU scenario, Gencfg provides a generic way for applications to store interface state information (blobs) which needs to be sent to PFE/PIC/REs/daemons. In some rare cases, after performing ISSU, the Gencfg key (handed/generated by the kernel, a kind of layer-2 token) info might be inconsistent between the l2ald and master/backup kernel due to the state sync issue, then the Gencfg might send the blobs with this wrong key to the kernel during adding/deleting the layer-2 forwarding configuration. Then the kernel might return the wrong messages (e.g. next-hop lookup) to mcsnoopd, this will cause mcsnoopd to crash, the services/functions based on multicast will be impacted.
PR Number Synopsis Category: Label Distribution Protocol
1598174 The LDP replication session might not get synchronized when dual-transport is enabled
Product-Group=junos
On all Junos platforms with NSR configured, when "dual-tranport" is configured under protocols ldp and the inet-lsr-id/inet6-lsr-id is different from the router-id, the Label Distribution Protocol (LDP) replication session might not get synchronized and causing traffic loss during RE switchover.
1601854 VPLS connection might get down if knob "dual-transport" is configured
Product-Group=junos
On all Junos platforms with NSR configured, if knob "dual-transport" is configured under "protocols ldp" and the inet-lsr-id/inet6-lsr-id is different from the router-id, VPLS connection on peer device might get down and traffic loss would occur during RE switchover.
PR Number Synopsis Category: Issues related to Junos licensing infrastructure
1562700 21.1:Lagavulin: LICENSE_INVALID_FEATURE_ID syslog message is not being logged
Product-Group=junos
Release 20.3R2/20.3R3: If a license key has ONLY features that are not applicable on the platform (unknown features), the license key is rejected. If Key has one or more platform applicable features (known features) along with unknwon features, license key addition is successful with below warning for the unknown features: warning: JUNOS322716389: Ignoring unknown feature Note that this has been fixed to allow all valid legacy licenses (even keys with only unknown features) in all other releases as per scopes. Warning message will be seen.
PR Number Synopsis Category: Port-based link layer security services and protocols that a
1596755 Traffic loss might happen periodically in MACsec used setup if RE is working under a pressure situation
Product-Group=junos
On MX10003 platform with MACsec used scenario, traffic loss might happen periodically if RE is working under a pressure situation (rpd memory occupied around larger than 70%), which may cause the message of Secure Association Key (SAK) of MACsec to be vetoed by kernel that causes one of pair (RX/TX) Secure Association (SA) number missing. Moreover, the missing SA number is still available in the system, so whenever SA number is rollover to it (SA number is rollover between 0 to 3 ), traffic loss might happen due to invalid SA pair.
PR Number Synopsis Category: MX104 Software - Kernel
1607282 In subscriber management scenario, under a rare condition, the RE reboots and generates a vmcore
Product-Group=junos
In subscriber management scenario, under a rare condition, the kernel might crash at very rare condition due to a null pointer check when an entry lookup is performed.
PR Number Synopsis Category: TCP/UDP transport layer
1595649 Junos OS: Upon receipt of specific sequences of genuine packets destined to the device the kernel will crash and restart (vmcore) (CVE-2021-0283, CVE-2021-0284)
Product-Group=junos
A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). Please refer to https://kb.juniper.net/JSA11200 for more information.
PR Number Synopsis Category: OSPF routing protocol
1601187 The rpd process might be stuck at 100% in OSPFv3 scenario
Product-Group=junos
On all Junos and Evo platforms with OSPFv3 (Open Shortest Path First version 3) used, if there are multiple Router LSAs (Link-State Advertisement) from the same peer, the rpd process might be stuck at 100% during the Router LSAs update.
PR Number Synopsis Category: Express Chip L3 software
1593244 BFD session might flap during RE switchover
Product-Group=junos
On QFX10K platforms with GRES/NSR enabled, BFD session might flap during RE switchover. This issue has service impact.
PR Number Synopsis Category: Phone-Home-Client Infrastructure
1601722 The upgrade using phone-home feature from 20.2 or earlier to 20.3 or later release will fail on EX2300/EX4650
Product-Group=junos
On EX2300/EX4650, if the system is upgraded from 20.2 or earlier release to 20.3 or later release, either using phone-home feature or when the system is in factory default state, the upgrade will fail with phone-home crash.
PR Number Synopsis Category: vMX Platform Infrastructure related issue tracking
1604554 Interface hold-time up does not work on vMX/MX150
Product-Group=junos
On vMX/MX150, when hold-up time is configured on an interface, if the interface goes from down to up, the up hold-time timer is triggered. But hold-time up does not work as the interface comes up immediately even the timer still does not expire.
PR Number Synopsis Category: PTP related issues.
1592657 Using the BITS interface from backup RE for clock recovery might not work
Product-Group=junos
On MX platforms with dual Routing Engine (REs), with Graceful Routing Engine Switchover (GRES) enabled and in Precision Time Protocol (PTP) Hybrid mode, if using the building-integrated timing supply (BITS) interface from backup RE for clock recovery, that will not work.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1598019 Dropping socket connection due to keepalive timer expiration with port 33015
Product-Group=junosvae
Dot1x is disabled for a platform but still, l2ald process trying to connect with dot1x due to that we are seeing Syslog messages continuously.
PR Number Synopsis Category: QFX platform fabric mgmt for Express ASIC chip
1577315 The port might not get brought down immediately during some abnormal type of linecard reboot on QFX10K platforms
Product-Group=junos
On QFX10K platforms, if some system internal error is encountered (e.g. kernel software fault), it may result into some abnormal types of linecard reboot. The port might not get brought down immediately after the reboot start, and it will lead to traffic blackhole due to this issue.
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1582105 Some 40G ports may not be channelized successfully on the QFX5100 platforms
Product-Group=junos
On the QFX5100 platforms, some 40G ports may not be channelized successfully and may stay down after upgrading host OS along with Junos OS using ZTP or doing manually via CLI.
PR Number Synopsis Category: QFX access control list
1583440 Firewall filter not programmed after deleting a large filter and adding a new one in a single commit on QFX5K platforms
Product-Group=junos
On QFX5k platforms, if a large filter that is applied to one or more interfaces is deleted and another large filter is applied in a single commit, both filters need to exist at the same time in Ternary Content-Addressable Memory (TCAM) for a brief period. If the size of both filters combined is bigger than the available TCAM space, the second filter will not be programmed in hardware, and functionality expected from the filters will not be available. This is a hardware limitation and this software fix only adds additional syslogs to indicate that the firewall is not programmed.
1592463 The IPv4 fragmented packets might be broken if PTP transparent clock is configured
Product-Group=junos
On QFX5K platforms with PTP transparent clock enabled, the IPv4 fragmented packets of UDP datagram might be broken by PTP in some rare scenario, and the corrupted packets will be a part of the payload.
1606256 Multicast streams may stop flooding in VXLAN setup
Product-Group=junos
In VXLAN with multicast used scenario, multicast traffic might not get flooded if the multicast IP is in one of the IP range (224.0.0.32 - 224.0.0.255). This is because a newly introduced dynamic filter only works for non-VxLAN traffic.
PR Number Synopsis Category: QFX L2 PFE
1580352 DHCP packets might be dropped if dynamic filter 'dyn-dhcpv4_v6_trap' is applied on the interface
Product-Group=junos
DHCP packets might be dropped when dynamic filter 'dyn-dhcpv4_v6_trap' is applied and software-based learning CLI is enabled on the interface.
1596773 Traffic might be dropped after backup FPC is rebooted in a VC scenario
Product-Group=junos
If the egress firewall filter with policier is configured on the AE interface on QFX5K/EX46XX platforms, traffic might be dropped after the backup FPC is rebooted in a virtual chassis scenario.
1597261 The interface might not be brought up when QinQ is configured
Product-Group=junos
The interface might not be brought up if Q-in-Q is configured on Broadcom chipset based QFX/EX platforms except EX2300 (The affected platforms: QFX3500/QFX3600/QFX5100/QFX5110/QFX5120/QFX5130/QFX5200/QFX5210/EX3400/EX4300/EX4600/EX4650).
1602391 The egress interface of the GRE tunnel is not dynamically updated when the destination to tunnel changes
Product-Group=junos
In a GRE tunnel in a routing instances scenario, GRE has to be configured on a routing-instance (not the default one) and route leakage is configured between VRFs. When the destination to tunnel changes, the optimal nexthop in the vrf is not updated for the tunnel. The traffic cannot be forwarded out of the tunnel.
1602811 Traffic loss might be seen in MC-LAG scenario on EX4600/QFX platforms
Product-Group=junos
On EX4600/QFX platforms running as the Multichassis Link Aggregation Group (MC-LAG) peers, if the knob "flexible-vlan-tagging" is configured on the interface connecting with the MC-LAG client device, one of MC-LAG peers is disabled and the corresponding interface on the DUT is flapped, then traffic loss might be seen on Interchassis Link (ICL) link.
1602914 Traffic drop might be observed on QFX5K platforms in virtual chassis scenario when firewall filter is configured
Product-Group=junos
On QFX5k platforms in the Virtual chassis scenario, when the firewall filter is applied over the AE interface and AE is having only one child member from FPC0 and there are no child members from FPC1, all the packets flowing through backup FPC will be dropped.
1607249 LLDP packets received on VxLAN enabled port might be flooded unexpectedly
Product-Group=junos
If Link Layer Discovery Protocol (LLDP) packets are received on Virtual Extensible LAN (VxLAN) enabled port, these LLDP packets might be flooded unexpectedly. The issue could make LLDP session keep swapping. As a result, services like Power over Ethernet (PoE) etc might be affected.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1594030 Packet drop might occur in ECMP next-hop flap scenario
Product-Group=junos
On all Broadcom based platforms, ECMP next-hop flaps or MTU size changes may result in the route pointing to 100004 on PFE level. When this issue happens any packet/traffic hitting this route may get dropped silently.
1610093 Ping to lo0/IRB over Type-5 fails
Product-Group=junos
In an EVPN-VXLAN (spine-leaf) scenario, any route received as Type-5 may not be reachable. When we are pinging an IP learned over Type-5, the packet should be mapped to one of the IRB in that routing instance, else the packet is discarded. Fix is to use all the available routes in the routing instance for this mapping.
PR Number Synopsis Category: qfx-sw-mclag
1605234 MAC move may be seen between the ICL and MC-LAG interface if adding/removing VLANs on the ICL interface
Product-Group=junos
On QFX/EX platforms with MC-LAG used, if adding/removing VLANs on the ICL (the interchassis link) interface which is used to forward data packets link between two MC-LAG peers, a continuous MAC move might be seen between the ICL and MC-LAG interface. When this happens, it will cause traffic drop due to the flooding as a consequence of the MAC moves.
PR Number Synopsis Category: QFX EVPN / VxLAN
1589702 LLDP packets drop on SP style interface for QFX devices
Product-Group=junos
On QFX platforms with VxLAN Ports configured in SP style, LLDP neighbor ship may not be formed due to wrong IFL allocation in hostpath. This can cause LLDP packet drops.
1595197 The re-installation of the Type-5 tunnels might fail in the EVPN-VXLAN scenario
Product-Group=junos
On QFX5110/QFX5120 platforms running EVPN-VXLAN (Ethernet Virtual Private Network - Virtual Extensible LAN), with type-2 and type-5 tunnels go to the same destination, the re-installation of the Type-5 tunnels will fail after any trigger causing the above tunnels reprogramming (e.g. clear BGP, interface flap). The issue results in traffic drop for the Type-5 tunnels.
1601949 On QFX5120-48y-8c, dc-pfe core observed while issuing "show pfe vxlan nh-usage" in ERB EMC scenario with ~6000 ARP entries
Product-Group=junos
dc-pfe core observed while issuing "show pfe vxlan nh-usage", if there are any VTEP tunnels reachable through unilist.
1604393 Duplicate packets may be seen during bringing up all the interfaces on the spine switch
Product-Group=junos
On the QFX5K platforms with EVPN-VxLAN configured, duplicate packets will be seen during bringing down and bringing up all the interfaces on the spine switch where type-2 and type-5 tunnels are established. This issue will persist for a short period until the spine installs the type-2 VTEP (VxLAN Tunnel End Point) towards the leaves.
PR Number Synopsis Category: QFX5100 Interface related issues
1555741 The Virtual Chassis Port (VCP) might not come up after upgrading to 18.4R2-S4 or later releases on EX4600 or QFX5100 platform
Product-Group=junos
In EX4600 or QFX5100 with the Virtual Chassis (VC) scenario, if the QSFP+-40G-LR4/LX4/BXSR is used as the Virtual Chassis Port (VCP), it might come up against the optical signal strength issue accidentally after upgrading to 18.4R2-S4 or later releases. Then the VCP might be brought down by the physical port driver randomly and not come up again. The functionality of VC or the Virtual Chassis Fabric (VCF) might be impacted.
PR Number Synopsis Category: Shard routing infrastructure within RPD
1613104 Memory might be exhausted when both the BGP RIB-sharding and the BGP ORR features are enabled.
Product-Group=junos
On all JUNOS platforms with 64-bit RPD, when the BGP ORR is enabled together with the BGP RIB sharding, memory utilization might keep increasing when IGP routes are changing. Eventually, this might lead to memory depletion and a service impact.
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1590638 The rpd might crash in scaled routing instances scenario
Product-Group=junos
On all Junos and Evo platforms, when scaling routing instances are added, routing daemon might crash and core after name index table space exhaustion. This might cause traffic loss.
1599084 IPv4 static route might still forward traffic unexpectedly even when the static route configuration has already been deleted
Product-Group=junos
On all Junos and EVO platforms with "static defaults" configured under "routing-options" hierarchy, if IPv4 static route configuration is added, and then deleted, the IPv4 static route will not be removed from routing table and still forward traffic unexpectedly due to this issue.
PR Number Synopsis Category: RPD API infrastructure
1607185 TCP traffic might be dropped on source port range 512 to 767 when the flowspec ipv6 filter is configured
Product-Group=junos
In the BGP flowspec scenario, the ipv6 filter matching icmp-type 2 only drops TCP traffic on source port range 512 to 767.
PR Number Synopsis Category: SW PRs for SCBE3 fabric
1593821 Fabric errors will be generated after swapping MPC10E with MPC7E in the same slot
Product-Group=junos
In MX240/MX480/MX960 routers with SCB3E scenario, if MPC7E is swapped with MPC10E in the same slot or the MPC10E is inserted into an empty slot, the fabric link-training for the line-card impacted will failure and fabric links will not come up. This will cause not be able to send traffic over fabric.
PR Number Synopsis Category: Secure Web Proxy functionality on Junos
1585542 Secure Web proxy continue sending DNS query for unresolved DNS entry even after the entry was removed
Product-Group=junos
On SRX series device, Secure Web proxy continue sending DNS query for unresolved DNS entry even after the entry was removed.
PR Number Synopsis Category: SNMP Infrastructure (snmpd, mib2d)
1606600 SNMP reflects outdated ARP entries
Product-Group=junos
When the ARP entry gets removed in the ARP table, and if there is a presence of a static route referring to the removed NH IP, the refcount will not be 0. In that case, the kernel will not send a DELETE message to mib2d. As a result, SNMP still has the ARP entry even after it's expired in the ARP cache.
PR Number Synopsis Category: SFW, CGNAT on MS-MIC/MS-MPC (XLP)
1574321 DS-Lite throughput degradation might be seen on MS-MPC
Product-Group=junos
On MX240, MX480, MX960, MX2008, MX2010 and MX2020 platforms with MS-MPC, when sending DS-Lite softwire session under heavy load in MS-MPC, throughput performance for DS-Lite in MS-MPC is dropped about 80 percent. Packets drop might be seen.
1598720 The packet loop might be seen after receiving the PCP request packets which are destined to softwire concentrator address
Product-Group=junos
On MX platforms with MS-MPC/MS-PIC, the packet loop might be seen after receiving the PCP Mapping request packets to service-set where pcp rule is not configured and the packet loop might cause high CPU utilization.
1602528 Jflow-syslog for CGNAT is using 0x0000 in IPV4 Identification field.
Product-Group=junos
Jflow-syslog for CGNAT is using 0x0000 in IPV4 Identification field. This might have issues for some jflow-syslog-collectors especially when jflow-syslog packets gets fragmented along the path to collector.
PR Number Synopsis Category: Remote Access VPN issues on SRX
1599398 httpd-gk core might be observed when ipsec vpn is configured
Product-Group=junos
On SRX-Series devices with ipsec vpn configured when vpn_config is NULL, httpd-gk core might be observed.
PR Number Synopsis Category: SRX branch platforms
1581554 Traffic is dropped to/through VRRP virtual IP on SRX380
Product-Group=junos
On SRX380, when using Integrated routing and bridging (IRB) interface, Virtual Router Redundancy Protocol (VRRP) VIP (Virtual IP) is not responding to pings (with accept-data configured) and traffic is not routed through the configured VRRP VIP address
PR Number Synopsis Category: SSL Proxy functionality on JUNOS
1597111 The flowd might core dump if application-services security policy is configured
Product-Group=junos
On SRX platforms, the flowd might core dump if application-services security policy is configured. The traffic outage would occur if this issue is hit.
PR Number Synopsis Category: SRX-1RU platfom related protocol, QoS, filtering features et
1595462 Node1 fpc0(SPM) goes down after ISSU and RG0 failover
Product-Group=junos
On SRX TVP platforms, after ISSU (In-Service Software Upgrade), traffic outage might happen after RG0 failover from node0 to node1.
PR Number Synopsis Category: ZT/YTpfe bridging, learning, stp, oam, irb software
1601065 Duplicate Address Detection(DAD) flags can be seen for IRB interfaces after configuration removal and restoration which may lead to blocking the traffic
Product-Group=junos
On MX platforms using MPC10 and MPC11E line cards with IPV6 configured,Duplicate address detection flags are seen for IRB interfaces. This happens when a device is configured with multiple member L2 interfaces and IRB interfaces, with one or two L2 interfaces going into STP blocked state. This issue can cause potential service impact on the device.
1601177 Traffic loss might be seen on MPC10E/MPC11E under EVPN scenario
Product-Group=junos
On MX platforms with MPC10E/MPC11E, traffic loss might be seen if deactivating Bridge-Domain and activating EVPN instance in a single commit. This defect could be seen when Bridge-Domain and EVPN instance sharing the same IRB logical interface.
PR Number Synopsis Category: ZT/YT pfe l3 forwarding issues
1576997 Traffic drop and the aftd process crash are seen on MPC10 line card
Product-Group=junos
On MX Series platforms with MPC10E used, if the service interface is used, the aftd process might crash and traffic dorp can be seen during interoperating with the service line card (e.g. MS-MPC).
PR Number Synopsis Category: Port-mirroring functionality on ZT/YT PFE
1560624 Filters are not allowed on family any port-mirroring destination interface
Product-Group=junos
The "no-filter-check" configuration for "family any" port-mirroring does not get committed, which prevents the mirror destination interface from forming an association with the filter. Actual mirroring functionality is not affected.
PR Number Synopsis Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1609844 The single-vlan tagged subscribers might fail to reconnect through dynamic-vlan over PS interface
Product-Group=junos
In the auto-sensed vlan subscriber created on PS interface scenario, if the auto-configure is used on PS ifd (pseudowire physical interface) and the ifl (logical interface) of it, the Junos next-hop (JNH) might not be properly installed for the new requested tagged vlan after deleting the PS ifl or clearing the subscriber's sessions. It might not be recreated single-vlan tag while bringing up the subscribers again, then the access services crossing dynamic-vlan might be unavailable on the PS ifd/ifl.
PR Number Synopsis Category: Trio pfe stateless firewall software
1598830 The service filter might get wrongly programmed in PFE due to a rare timing issue in enhanced subscriber management environment
Product-Group=junos
In enhanced subscriber management environment, if a service filter is applied to a dynamic service set, the service filter instance will be created on Packet Forwarding Engine (PFE) based on the configured service filter template. If the configured service filter template is changed at the same time a service filter instance is instantiated, the service filter might get wrongly programmed in PFE due to a rare timing issue. This issue could cause the service failure.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1568324 The L2TP tunnel might not work with filter-based encapsulation
Product-Group=junos
On all MX platforms, the L2TP tunnel will not work with filter-based encapsulation for the breakout interface. This issue is seen as the parsing logic in PFE (Packet forwarding engine) for getting the tunnel parameters could not handle breakout interface scenarios.
1607311 Multicast traffic is dropped when forwarded over VPLS via IRB
Product-Group=junos
On MX platform working as PE in MVPN, when traffic is received (from core) on upstream multicast LSI interface and then forwarded over VPLS via IRB interface, the packets are forwarded without vlan-tags, which leads to traffic drop at the remote VPLS PE (due to missing vlan-tags).
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1572768 MX10k8: Smaller config db size when compared to other platforms (MX10003 MX960)
Product-Group=junos
Smaller config db size is given when a tvp image is installed on boxes which can handle higher config db size. This is because the box becomes pvi-model platform as a result gets low size
PR Number Synopsis Category: Issues related to Logging/Tracing, errmsg, eventd infrastruc
1611504 Syslog not logging information on IPv4 post upgrade on PTX10008
Product-Group=junos
IPv4 Syslog does not log messages on the server after upgrading PTX10008 is upgrad to 20.2R3 when both IPv4and Ipv6 Hosts are configured under Syslog configuration.
PR Number Synopsis Category: Issues related to UI management in Logical Systems
1584850 Tenant_Systems:- "juniper.conf.gz" file creates with empty data when we create Tenant System .
Product-Group=junos
There is problem with one corner case, when Tenant_Systems:- "juniper.conf.gz" file creates with empty data when we create Tenant System .
PR Number Synopsis Category: Virtual Router Redundancy Protocol
1578126 ARP resolution failure might occur during VRRP failover
Product-Group=junos
On Junos platforms with VRRP failover-delay configured, changing VRRP mastership might cause peer device to re-learn VIP ARP entry on old master interface due to timing issue.
1595896 The VRRP host cannot be reached if native-vlan-id is configured
Product-Group=junos
When flexible-vlan-tagging is configured with native-vlan-id on VRRP host, the client can never reach the VRRP host. It has traffic impact as corresponding VRRP traffic will be dropped completely.
PR Number Synopsis Category: usf ams related issues
1590890 NAT service might not happen after performing AMS switchover or deactivating/activating NAT service
Product-Group=junos
Network Address Translation (NAT) service might not take effect when executing Aggregated Multiservices Interface (AMS) switchover or bouncing NAT service. When this issue happens, duplicate NAT entries could happen. Possible restoration method is already provided. However, please arrange a maintenance window if AMS switchover or NAT service bouncing is necessary.
PR Number Synopsis Category: usf nat related issues
1599603 MX SPC3 applications for protocol ICMP is not detected and does not allow user to modify inactivity-timeout values.
Product-Group=junos
MX SPC3 applications for protocol ICMP is not detected and does not allow user to modify inactivity-timeout values.
PR Number Synopsis Category: Unified Services Framework
1592706 The packet coming from the PS interface and forwarding to the SPC3 may be dropped
Product-Group=junos
On MX platforms with SPC3 used, if adding the PS interfaces on the RE after SPC3 is up and running, the packet from the PS interface and is sent to SPC3 for services like NAT/SFW/IDS, etc. might be dropped by SPC3.
 

20.3R3-S1 - List of Known issues

PR Number Synopsis Category: SFI Infra-structure
1548668 Unable to verify jais-7.0R3-THIN.0.tgz in the EX4600 device due to space issue.
Product-Group=junos
In ex4600 and qfx5100 non tvp platforms and on 20.4R2 release, the jais package installation may fail due to space issues in the root partition.
PR Number Synopsis Category: Firewall Filter
1601761 The snmpwalk may not get polling the mib for some IFLs
Product-Group=junos
On Junos and Junos Evolved platforms, the snmpwalk may not work for some IFLs if the interface filter name is the same for input list filters.
PR Number Synopsis Category: idp flow creation, deletion,notification, session mgr intfce
1614013 High RE CPU usage occurs when routing-instance is configured under security idp security-package hierarchy level
Product-Group=junos
On all SRX Series devices, when routing-instance is configured under security idp security-package hierarchy level, several unexpected situations might occur, such as High Routing Engine (RE) CPU usage caused by the idpd process, the idpd process crash, IDP security-package update failure.
PR Number Synopsis Category: Multiprotocol Label Switching
1598207 Sometimes MPLS LSP may go down due to a timing issue when a protected link goes down
Product-Group=junos
When a protected link goes down, MPLS gets tunnel local repair message from RSVP and trigger CSPF computation. Next, MPLS gets link protection information through RRO notification. If MPLS receives TED notification first before RRO notification, then CSPF computation fails. Since the link protection flag is not set, MPLS thinks it is an unprotected link and brings down the LSP.
PR Number Synopsis Category: Used for tracking OVSDB software issues and features
1560408 On the MX240 routers, R0 overlay ping fails.
Product-Group=junos
There can be issue with ping overlay with certain tunnel-dst addresses like the one mentioned in this PR description. 10.255.0.139 when converted to network byte order hex decimal representation, 0x8B00FF0A is considered a -ve integer which causes the converted value to become garbled and hence ping failure with wrong (garbled) destination IP address. Any tunnel-dst IP address like a.b.c.X where X is 128 and greater will cause this issue.
PR Number Synopsis Category: QFX L2 PFE
1417546 Either unicast RPF in the Strict mode or ICMP redirect does not work.
Product-Group=junos
On QFX5110 and QFX5120 platforms, either unicast RPF in strict mode or ICMP redirect does not work properly.
1600892 Two copies of broadcast ARP packets are sending to the other VTEPs
Product-Group=junos
On EX2300/3400/4300/46XX and QFX5000 Series platforms in EVPN/VXLAN scenario, the L2 Leaf devices might send two copies of broadcast ARP packets to other VTEPs.
1602583 FPC down and dcpfe core dump may be seen in some cases
Product-Group=junos
On all Junos and Junos EVO platforms, there is a possibility that FPC might go down and dcpfe might crash.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1477603 The unexpected next-hop might be seen after route deleted
Product-Group=junos
On QFX5000/EX4600 Series platforms with "instance-import", deleting route which has "next-table" used might result in unexpected route next-hop.
1595823 IS-IS adjacency might fail to be formed if the MTU size of an IRB interface is configured with a value great than 1496 bytes
Product-Group=junos
On QFX/EX series switches with Broadcom chip as Packet Forwarding Engine (PFE), if IS-IS is enabled on an integrated routing and bridging (IRB) interface and the maximum transmission unit (MTU) size of the IRB interface is configured with a value great than 1496 bytes, the IS-IS hello (IIH) PDUs with jumbo frame size (i.e., great than 1496 bytes) might be dropped and not sent to the IS-IS neighbors. The following is the product list of QFX/EX series switches with Broadcom chip as PFE. QFX3500/QFX3600/QFX5100/QFX5110/QFX5120/QFX5130/QFX5200/QFX5210/QFX5220 EX2300/EX3400/EX4300/EX4600/EX4650
PR Number Synopsis Category: QFX MPLS PFE
1589840 The MPLS traffic might not be forwarded after the aggregate interface flap on EX4350/EX4650/QFX5120
Product-Group=junosvae
On the EX4350/EX4650/QFX5120 platform with MPLS, the traffic might not be forwarded after the aggregate interface flap.
PR Number Synopsis Category: QFX EVPN / VxLAN
1554389 Wrong ARP reply might be sent via AE interface on QFX5000 series platforms
Product-Group=junos
Wrong Address Resolution Protocol (ARP) reply might be sent by QFX5000 series platforms when the ARP request packet is received via an Aggregated Ethernet (AE) interface. This issue affects QFX5000 series platforms running Junos image only. Please refer to workaround to avoid this issue.
1560038 On the QFX5110 line of switches, the untagged traffic routed over native-vlan might be dropped.
Product-Group=junos
On QFX5110 platforms in VXLAN Layer3 Gateway scenario, untagged traffic routed over native-vlan-id interface might be dropped.
PR Number Synopsis Category: KRT Queue issues within RPD
1582226 The process rpd may be stuck in 100% due to race condition
Product-Group=junos
There is a defect on the code for the processing of route entries between RE and FPC, it is due to incorrect operations of two internal threads in a race condition, resulting in a tight loop on code and high rpd CPU usage.
PR Number Synopsis Category: RPD policy options
1596436 BGP import policy is not applied to all the routes when CCNH inet6 is enabled
Product-Group=junos
BGP import policy might be not applied to all the routes when CCNH inet6 is configured.
PR Number Synopsis Category: Resource Reservation Protocol
1603613 RSVP detour LSP might fail to come up when an LSR in the detour path goes down
Product-Group=junos
In RSVP environment with fast-reroute enabled, when an LSR in a detour LSP goes down in particular scenario, the newly signaled detour path might be brought down and remain in incomplete state, due to a defect in RSVP-IO thread that it continues sending incorrect Path Refresh which brings down the detour path.
PR Number Synopsis Category: Secure Web Proxy functionality on Junos
1580526 Unexpected behavior when web-proxy is configured with ssl-proxy
Product-Group=junos
With ssl-proxy configured along with web-proxy, the client session might not closed on the device even though proxy session ends gracefully.
1588139 20.1R3:SRX-RIAD:vSRX3.0: Web-proxy: Getting UNKNOWN instead of HTTP-PROXY for application and UNKNOWN instead of GOOGLE-GEN in RT-FLOW close messages
Product-Group=junos
Web-proxy: Getting UNKNOWN instead of HTTP-PROXY for application and UNKNOWN instead of GOOGLE-GEN in RT-FLOW close messages These messages can be seen in the RT-flow close log and these are due to JDPI not engaged for the session. This may affect the app identification for the web-proxy session traffic.
PR Number Synopsis Category: All Asgard Platform Related Issues
1335526 The ppmd process might crash after an upgrade on SRX platforms
Product-Group=junos
On SRX platforms with Bidirectional Forwarding Detection (BFD) enabled for multiple protocols (such as OSPF, ISIS, BGP, PIM), the ppmd process might crash after an upgrade.
PR Number Synopsis Category: Trio pfe stateless firewall software
1530160 DHCP-Relay : The offer message from the server reaching the relay agent ,However not forwarded to IRB's on which clients are connected
Product-Group=junos
When the DHCP relay mode is configured as no-snoop, we are observing the offer gets dropped due to incorrect asic programing.
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1602357 Unbalanced egress traffic on AE interfaces and ECMP interfaces for AFT based MPC10/11 cards might be seen for the unbalanced unilist routes.
Product-Group=junos
If traffic ingresses an AFT based MPC (MPC10/11) and egresses an AE interface then traffic distribution across the members may be unbalanced And for ECMP traffic too, it may be unbalanced over unbalanced unilist routed members.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1600435 The dfwc and dcd processes may crash when a commit-check is performed after a previously terminated (with ctrl+c) commit-check
Product-Group=junos
During performing commit-check for the firewall and interface related configurations, if an operator uses the ctrl+C to abort it, the dfwc and dcd may crash after performing another commit-check. This issue will happen only with those daemons that follow the message-based commit-check model (such as dfwc, dcd, rdmd and fwa), and has no impact on other daemons.
PR Number Synopsis Category: usf ams related issues
1597386 Traffic might be interrupted on changing configuration from AMS warm-standby to AMS deterministic NAT
Product-Group=junos
On all MX/SRX platforms, changing configuration AMS 1:1 warm-standby to load-balance or deterministic NAT may result in vmcore and cause traffic loss.
Modification History:
First publication 2021-09-15
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search