Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

19.3R3-S4: Software Release Notification for JUNOS Software Version 19.3R3-S4

0

0

Article ID: TSB18178 TECHNICAL_BULLETINS Last Updated: 01 Oct 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 19.3R3-S4 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Risk Risk Description
Low/Notification - No defined time impact to take action Software Release Notification
Impact Impact Description
Low/Notification - Monitor the situation but no action needed Software Release Notification

Solution:

Junos Software service Release version 19.3R3-S4 is now available.

19.3R3-S4 - List of Fixed issues
PR Number Synopsis Category: EX4300 PFE
1601005 The VRRP packets might not be forwarded when "mac-move-limit" knob is configured
Product-Group=junos
On EX4300 platforms, if the device worked as a layer 2 transit switch between VRRP routers and the knob "mac-move-limit" is configured, the VRRP packets might not be forwarded after clearing ethernet-switching table.
1602399 Adding ae configuration without child member may cause MAC/ARP learning issues
Product-Group=junos
On EX4300 series platforms, addition of no child lag into VSTP/RSTP instance with VSTP being disabled for all other ports in the same VLAN may cause traffic loss on ports which are part of the VLAN.
PR Number Synopsis Category: EX4300 COS implementation
1608306 The dcpfe process might crash and generate core on EX4300 platform
Product-Group=junos
On EX4300 platform, the dcpfe process that handles packet forwarding might crash if the mge-* interfaces are configured with CoS (Class-of-Service) and scheduler port-speed is non-zero wile shaping rate becomes 0.
PR Number Synopsis Category: Marvell based EX PFE ACL
1611480 The fxpc process might crash and generate core
Product-Group=junos
On EX4600/QFX5K platforms, the fxpc process might crash and generate core when router-advertisement-guard is configured under DHCP (Dynamic Host Configuration Protocol) forwarding-options.
PR Number Synopsis Category: EX2300/3400 PFE
1598346 The backup VC member may not learn mac-address on a master after removing a VLAN unit from the SP style AE interface which is part of multiple VLAN units
Product-Group=junos
On EX2300/3400/4300MP/4400 and QFX5100/5110/5200 VC platforms, if removing a VLAN unit from the SP style AE interface which is part of multiple VLAN units, the backup member might not learn mac-address on a master and start processing packet to that mac as unknown unicast. In this case, flooding will happen in the VLAN which might cause traffic loss due to the limited bandwidth.
1610253 DHCP packets might be received and then returned back to DHCP relay through the same interface on EX2300/EX3400/EX4300/QFX VC platforms
Product-Group=junos
On EX2300/EX3400/EX4300/QFX Virtual Chassis (VC) platforms which are connected to Dynamic Host Configuration Protocol (DHCP) server via DHCP relay, if the interface connected with DHCP relay is located on non master node, and the interface has the knob "dhcp-security" enabled under vlan, when the DHCP packets are received via DHCP relay and then need to be send out within the affected vlan through the same interface, the DHCP packets might get returned back to DHCP relay, instead of being dropped. Due to this issue, it might lead to Media Access Control (MAC) address move on DHCP relay and therefore bring potential risk of service impact.
PR Number Synopsis Category: NFX Layer 2 Features Software
1592019 Unable to configure ports on firewall filter of NFX devices
Product-Group=junos
On NFX platforms, commit error may be seen when configuring firewall filter with destination-port and/or source-port match conditions for ethernet-switching family
PR Number Synopsis Category: Accounting Profile
1521223 Logical interface statistcs for as(aggregated sonet) are displayed double value then expected.
Product-Group=junos
On MX series with Junos 16.2 or later version, when using as(aggregated sonet) interface, logical interface statistcs for member links of as interface are displayed double value then expected
PR Number Synopsis Category: "agentd" software daemon
1584357 ATT VAN: jsd process hogging CPU
Product-Group=junos
Race condition in Jsd if jinsightd tries to reconnect quickly. This race condition is in Grpc stack which can not handle if the client shutdowns the socket followed by close.
PR Number Synopsis Category: BBE GRES related issues
1610476 The authd process and RADIUS might have stale L2BSA subscriber entries
Product-Group=junos
In subscriber management scenario, if JSU package for Broadband Edge Subscriber Management daemon (bbe-smgd) is installed on backup RE when it is syncing subscriber information from master then the authd process and RADIUS might have stale Layer 2 Bit Stream Access (L2BSA) subscriber entries which might cause subscribers logout and re-login.
PR Number Synopsis Category: BBE interface related issues
1525036 Problem with static VLAN deletion with active subscribers and the FPC might be stuck at the Ready state during restart.
Product-Group=junos
In subscriber brought up over static VLAN scenario on MX platforms, during the restart process, some resources are stuck in the FPC and the FPC is never able to reach online state but stuck at Ready state. The fix is to make sure the device control daemon deletes the static VLAN interface only after the dependency table associated with the static VLAN interface are resolved/removed.
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1474521 The BFD session might get stuck in the Init or Down state after the BFD session flaps.
Product-Group=junos
On all Junos OS platforms, a BFD session configured with authentication may get stuck in init or down state after BFD session flap. This issue happens due to internal software logic error.
1516556 The remaining BFD sessions of the aggregated Ethernet interface flap continuously if one of the BFD sessions is deleted.
Product-Group=junos
On QFX10000 platforms, if multiple sub-interfaces of the same Aggregated Ethernet (AE) interface belong to different routing instances, and these sub-interfaces are configured with the same IP address and configured with separate Bidirectional Forwarding Detection (BFD) sessions, the remaining BFD sessions will flap continuously if one of these BFD sessions is deleted.
PR Number Synopsis Category: Border Gateway Protocol
1446499 The command "show task replication" might show BGP replication complete even before BGP NSR replication is completed
Product-Group=junos
The command "show task replication" might show BGP replication complete before NSR replication is finished.
1601163 Some routes might get incorrectly programmed in the forwarding table in the kernel with next-hop installed as DEAD
Product-Group=junos
On all platforms with high-scaled routes scenario, after Flexible PIC Concentrator (FPC) restart some routes might get incorrectly programmed in the forwarding table in the kernel with next-hop installed as "dead". This would lead to traffic impact. This is a timing issue.
1611070 The rpd may crash after a commit if there are more than one address in the same address ranges configured under 'bgp allow'
Product-Group=junos
If the 'bgp allow' feature is used and there are more than one address in the same address range, the rpd may crash on a commit with such configuration. And the subsequent commits related to BGP configuration change can cause rpd to crash as well.
PR Number Synopsis Category: BBE Remote Access Server
1609403 Prefix duplication errors might occur for DHCPv6 over PPPoE subscribers
Product-Group=junos
On MX platforms with DHCPv6(Dynamic Host Configuration Protocol) over PPPoE(Point-to-Point Protocol over Ethernet) configured in BBE(Broadband Edge) environment, where the PPPoE sessions have delegated IPv6 prefix assigned from a local pool, when a DHCP session comes up over the PPPoE leading to a change to the PPPoE session?s address, an address-change notification would be triggered. The processing of this notification by general-authentication-service would result in wrong marking of the delegated IPv6 prefix as available. Once this happens, DHCP service might re-assign the same prefixes which would be rejected because of IP duplication.
1612196 DHCP session fails with CLI knob 'session-limit-per-username'
Product-Group=junos
On all Junos platforms with DHCP (Dynamic Host Configuration Protocol) over PPPoE (Point-to-Point Protocol over Ethernet) and 'session-limit-per-username' configured, if either interface or access configuration is modified while DHCP sessions are logged in, any new DHCP (v4/v6/PD/NA) session without authentication that uses the same access profile cannot log in.
PR Number Synopsis Category: QFX Access Control related
1574480 Private VLAN configuration might fail in certain scenario
Product-Group=junos
On all Junos platforms if 802.1X authentication is configured globally using the set protocol dot1x interface all command and if trunk interface is configured with vlans then Private VLAN configuration might fail.
PR Number Synopsis Category: QFX Control Plane VXLAN
1520688 The local PE does not remove VNI flood information even though it does not receive VXLAN message from remote PE
Product-Group=junos
On all Junos platforms, the local PE does not remove VNI flood information when the remote PE deletes the VXLAN VLAN and all belonged CE interfaces.
PR Number Synopsis Category: Device Configuration Daemon
1501414 Some of the logical interfaces might not come up with the configured vlan-bridge encapsulation.
Product-Group=junos
On all Junos platforms, some logical interfaces(IFLs) under a physical interface(IFD) might not come up after performing "commit", If configuring multiple logical interfaces under the same interface for different services at once and one of these IFLs is a vlan-bridge encapsulation which is neither in any bridge domain nor in any evpn/virtual-switch routing-instance. In this case, process dcd will stop further checking the rest of statements for the other IFLs under that interface, which eventually causes this part of configuration not to take effect.
1553148 The dcd process might leak memory on pushing the configuration to the ephemeral database.
Product-Group=junos
The dcd (device control daemon) memory leak issue could be observed on all Junos platforms, on pushing the scaled routing-instance configuration with bridge-domain stanza into the Ephemeral database.
1608281 Memory leak on dcd process occurs when committing configuration changes on any interfaces in a setup with AMS interface configured
Product-Group=junos
With aggregated multiservices interface (AMS) configured, the memory leak on dcd daemon occurs when making configuration changes on any interface. The leak rate is slow and depends on the scale of the IFLs on AMS interfaces (e.g. if there are 8 AMS physical interfaces with 8000 logical interfaces, the leak is about 5MB on each commit), which may lead to dcd crash.
PR Number Synopsis Category: dns-proxy feature
1607867 DNS proxy functionality might not work on VRRP interfaces
Product-Group=junos
On all SRX platforms, if DNS proxy is enabled on VRRP interfaces, then DNS proxy functionality might fail to work.
PR Number Synopsis Category: EX4400 platform
1603602 NSSU performed with MACsec configuration might result in fxpc core
Product-Group=junos
On EX4300-MP, EX4400 and NFX350 platforms, when NSSU (Nonstop Software Upgrade) is performed with a VC (Virtual Chassis) setup and MACsec (Media Access Control Security) configuration, the fxpc might core in the backup RE, which in-turn could lead to NSSU failure and traffic impact in the cored FPC (Flexible PIC Concentrator).
PR Number Synopsis Category: Express PFE L2 fwding Features
1594255 ARP entry might be found missing intermittently post FPC reboot
Product-Group=junos
On some QFX series, using Ethernet Virtual Private Network (EVPN) with Virtual Extensible LAN protocol (VXLAN) when the Flexible PIC Concentrator (FPC) is rebooted, in rare occasions some of the Address Resolution Protocol (ARP) entries might be found missing intermittently on the FPC rebooted spine leading to intermittent connectivity issues.
PR Number Synopsis Category: idp flow creation, deletion,notification, session mgr intfce
1614013 High RE CPU usage occurs when routing-instance is configured under security idp security-package hierarchy level
Product-Group=junos
On all SRX Series devices, when routing-instance is configured under security idp security-package hierarchy level, several unexpected situations might occur, such as High Routing Engine (RE) CPU usage caused by the idpd process, the idpd process crash, IDP security-package update failure.
PR Number Synopsis Category: IDP policy
1599954 IDP policy compilation is not happening when a commit check is issued prior to a commit
Product-Group=junos
On SRX platforms, IDP policy compilation is not loaded when a commit check command is run before commit command.
PR Number Synopsis Category: Signature Database
1615985 IDP signature install taking longer time
Product-Group=junos
IDP signature install is taking longer time on SRX Branch platforms
PR Number Synopsis Category: IDP SSL related bugs
1513335 Traffic might not pass when SSL and IDP configuration is enabled on SRX platforms
Product-Group=junos
On SRX platforms, traffic might not pass due to global memory overflow in IDP (Intrusion Detection and Prevention) when SSL (secure sockets layer) and IDP configuration is enabled.
PR Number Synopsis Category: Internet Group Management Protocol
1607493 Multicast traffic might be duplicated on subscriber interface on MX platforms
Product-Group=junos
On MX platforms with distributed IGMP enabled, if a non-bbe junos interface joins the same multicast group as the subscriber interface followed by GRES/NSR switchover, then multicast traffic might be duplicated on subscriber interface.
PR Number Synopsis Category: interfaces and zones for junos js software
1553888 The speed mismatch error is seen while trying to commit reth0 with gigether-options.
Product-Group=junos
When an existing reth configuration is updated so that the existing member interfaces are removed and new member interfaces are added, the commit would fail if the speed of the new member interfaces are different from the speed of the old member interfaces.
PR Number Synopsis Category: IPSEC/IKE VPN
1605634 Traffic might be dropped in a corner case of IPsec VPN scenario on SRX5000 platforms with SPC3 installed
Product-Group=junos
On SRX5000 platforms with SPC3 installed and IP security (IPsec) Virtual Private Network (VPN) tunnels configured, if the gcm cipher (e.g. aes-128-gcm and aes-256-gcm) is used as the encryption algorithm, when the Internet Key Exchange Daemon (iked) process restore (e.g. caused by redundancy group 0 failover) happens, the iked process might get a wrong key being restored into the memory. After that, once there is Packet Forwarding Engine (PFE) reset/restart before the IKE Security Association (SA) rekey, traffic drop might happen due to this issue.
PR Number Synopsis Category: Kernel MX virtual-chassis PRs
1480404 All VCP interfaces might go down after performing back-to-back VC switchover
Product-Group=junos
In an MXVC setup with large scale configurations, after performing 3~4 times back-to-back virtual-chassis switchover, all of the VCP interfaces will come down, leading to all of the FPCs reboot on the new VCMM, till all of the FPCs finish rebooting, the VC will come back to normal.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1596483 Mcscnoopd might crash during deleting/adding layer-2 forwarding configuration after performing ISSU
Product-Group=junos
In layer-2 forwarding configuration with ISSU scenario, Gencfg provides a generic way for applications to store interface state information (blobs) which needs to be sent to PFE/PIC/REs/daemons. In some rare cases, after performing ISSU, the Gencfg key (handed/generated by the kernel, a kind of layer-2 token) info might be inconsistent between the l2ald and master/backup kernel due to the state sync issue, then the Gencfg might send the blobs with this wrong key to the kernel during adding/deleting the layer-2 forwarding configuration. Then the kernel might return the wrong messages (e.g. next-hop lookup) to mcsnoopd, this will cause mcsnoopd to crash, the services/functions based on multicast will be impacted.
PR Number Synopsis Category: PTX1000 platform
1598873 The interface with the QSA adapter used may not come up on the PTX platforms
Product-Group=junos
On all PTX platforms with the QSA adapter used for 10G/1G SFP optics, the adapter might not be initialized properly and hence the SFP optics will not be identified. When this happens, the port will not come up.
PR Number Synopsis Category: MX104 Software - Kernel
1607282 In subscriber management scenario, under a rare condition, the RE reboots and generates a vmcore
Product-Group=junos
In subscriber management scenario, under a rare condition, the kernel might crash at very rare condition due to a null pointer check when an entry lookup is performed.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1602005 Upgrade might fail when upgrading from legacy release
Product-Group=junos
On all platforms (For SRX, only SRX5k with RE-1800x4) while directly upgrading from Junos with FreeBSD 6 (e.g. 15.1X49 or before) to the affected releases, the system will check the USB connection. The upgrading will fail if there is no USB device detected during the upgrading process.
PR Number Synopsis Category: "ifstate" infrastructure
1547164 Backup Routing Engine vmcore might be seen due to the absence of the next-hop acknowledgement infra.
Product-Group=junos
On all Junos platforms with dual Routing Engines, after hundreds of rigorous interface flaps, a vmcore might be seen on the backup Routing Engine. The vmcore analysis pointed to rnh_index_alloc panic on the backup Routing Engine, which could be due to the absence of next-hop ACK infra on the device.
PR Number Synopsis Category: JUNOS Network App Infrastructure (for ping, traceroute, etc)
1582529 If committing 'source-address routing-instance' and then delete 'source-address ' in private edit mode, commit fails with warning message
Product-Group=junos
On all Junos platforms with private edit mode enabled, if you commit the statement 'source-address< address> routing-instance' and then delete 'source-address
', the commit fails with warning message: 'warning: patch removes statement that is not empty'.
PR Number Synopsis Category: Kernel Stats Infrastructure
1522561 OID ifOutDiscards reports zero and sometimes shows valid value.
Product-Group=junos
On the EX and QFX platforms, the SNMP ifOutDiscards OID may occasionally show "0" zero value and sometimes show valid value.
PR Number Synopsis Category: Paradise pfe ddos protection feature
1578579 TACACS traffic might be dropped
Product-Group=junos
On PTX Series routers and QFX Series switches, the traffic from TACACS port 49 might not be classified into a proper DDoS queue. When the issue happens, it might cause the unclassified traffic to get dropped when the CPU utilization is very high.
PR Number Synopsis Category: QFX access control list
1583440 Firewall filter not programmed after deleting a large filter and adding a new one in a single commit on QFX5K platforms
Product-Group=junos
On QFX5k platforms, if a large filter that is applied to one or more interfaces is deleted and another large filter is applied in a single commit, both filters need to exist at the same time in Ternary Content-Addressable Memory (TCAM) for a brief period. If the size of both filters combined is bigger than the available TCAM space, the second filter will not be programmed in hardware, and functionality expected from the filters will not be available. This is a hardware limitation and this software fix only adds additional syslogs to indicate that the firewall is not programmed.
1592463 The IPv4 fragmented packets might be broken if PTP transparent clock is configured
Product-Group=junos
On QFX5K platforms with PTP transparent clock enabled, the IPv4 fragmented packets of UDP datagram might be broken by PTP in some rare scenario, and the corrupted packets will be a part of the payload.
1606256 Multicast streams may stop flooding in VXLAN setup
Product-Group=junos
In VXLAN with multicast used scenario, multicast traffic might not get flooded if the multicast IP is in one of the IP range (224.0.0.32 - 224.0.0.255). This is because a newly introduced dynamic filter only works for non-VxLAN traffic.
PR Number Synopsis Category: QFX L2 PFE
1580352 DHCP packets might be dropped if dynamic filter 'dyn-dhcpv4_v6_trap' is applied on the interface
Product-Group=junos
DHCP packets might be dropped when dynamic filter 'dyn-dhcpv4_v6_trap' is applied and software-based learning CLI is enabled on the interface.
1596643 "fpc0 bcm pkt reinsert failed" log written in the log messages in an aggressive way
Product-Group=junos
The error messages will be seen if the impacted switch found connected to another one through a trunk connection in which all Vlans are allowed, the impacted switch receives VSTP packets for non-configured VLANs. Those messages are informative messages and will be harmless.
1600892 Two copies of broadcast ARP packets are sending to the other VTEPs
Product-Group=junos
On EX2300/3400/4300/46XX and QFX5000 Series platforms in EVPN/VXLAN scenario, the L2 Leaf devices might send two copies of broadcast ARP packets to other VTEPs.
1602914 Traffic drop might be observed on QFX5K platforms in virtual chassis scenario when firewall filter is configured
Product-Group=junos
On QFX5k platforms in the Virtual chassis scenario, when the firewall filter is applied over the AE interface and AE is having only one child member from FPC0 and there are no child members from FPC1, all the packets flowing through backup FPC will be dropped.
1607249 LLDP packets received on VxLAN enabled port might be flooded unexpectedly
Product-Group=junos
If Link Layer Discovery Protocol (LLDP) packets are received on Virtual Extensible LAN (VxLAN) enabled port, these LLDP packets might be flooded unexpectedly. The issue could make LLDP session keep swapping. As a result, services like Power over Ethernet (PoE) etc might be affected.
PR Number Synopsis Category: qfx-sw-mclag
1605234 MAC move may be seen between the ICL and MC-LAG interface if adding/removing VLANs on the ICL interface
Product-Group=junos
On QFX/EX platforms with MC-LAG used, if adding/removing VLANs on the ICL (the interchassis link) interface which is used to forward data packets link between two MC-LAG peers, a continuous MAC move might be seen between the ICL and MC-LAG interface. When this happens, it will cause traffic drop due to the flooding as a consequence of the MAC moves.
PR Number Synopsis Category: RPD Interfaces related issues
1594981 The label field for the EVPN Type 1 route is set to 1
Product-Group=junos
In the EVPN/VXLAN scenario, the label field for Type-1 route is not required but it is assigned 1 instead of 0, which is in conflict with the RFC7432.
PR Number Synopsis Category: Shard routing infrastructure within RPD
1613104 Memory might be exhausted when both the BGP rib-sharding and the BGP ORR(Optimal
Product-Group=junos
On all MX series platforms with 64-bit RPD, when the BGP ORR is enabled together with the BGP rib-sharding, memory utilization might keep increasing when IGP routes are changing. Eventually, this might lead to memory depletion and a service impact.
PR Number Synopsis Category: RPD API infrastructure
1607185 TCP traffic might be dropped on source port range 512 to 767 when the FlowSpec IPv6 filter is configured
Product-Group=junos
In the BGP FlowSpec scenario, the IPv6 filter matching icmp-type 2 only drops TCP traffic on source port range 512 to 767.
PR Number Synopsis Category: SNMP Infrastructure (snmpd, mib2d)
1606600 SNMP reflects outdated ARP entries
Product-Group=junos
When the ARP entry gets removed in the ARP table, and if there is a presence of a static route referring to the removed NH IP, the refcount will not be 0. In that case, the kernel will not send a DELETE message to mib2d. As a result, SNMP still has the ARP entry even after it's expired in the ARP cache.
PR Number Synopsis Category: SFW, CGNAT on MS-MIC/MS-MPC (XLP)
1598720 The packet loop might be seen after receiving the PCP request packets which are destined to softwire concentrator address
Product-Group=junos
On MX platforms with MS-MPC/MS-PIC, the packet loop might be seen after receiving the PCP Mapping request packets to service-set where pcp rule is not configured and the packet loop might cause high CPU utilization.
PR Number Synopsis Category: Trio pfe stateless firewall software
1586817 FPC might crash in a scaled firewall configuration
Product-Group=junos
On MX/PTX/QFX series platforms running Junos, traffic loss might be observed in a scaled firewall filter configuration setup due to FPC crash. When the issue occurs, a core file is generated which could be checked using the CLI command 'show system core-dumps'. host@device> show system core-dumps -rw-r--r-- 1 root wheel 89322187 /var/crash/core-NGMPC0.gz.core.0 ----> Core file
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1606731 The FPC might crash if 'flow-table-size' is configured on MX platforms
Product-Group=junos
On MX platforms, if knob 'set chassis fpc slot-number inline-services flow-table-size' is configured, the FPC might crash.
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1462219 CCL: LAG traffic load balance on failed child links more than 6% among child link (18.2X75-D50.6/.8)
Product-Group=junos
The amount of LAG load balancing traffic going through each member link may deviate more than 6%. This issue is introduced by the fix for PR1435322.
1558899 Some transmitting packets may get dropped due to the "disable-pfe" action is not invoked when the fabric self-ping failure is detected
Product-Group=junos
On the Trio-based line card with more than one PFEs, if there is a fabric self-ping failure detected on one of the PFE, the chassisd will disable all the IFD (physical interfaces) associated with the PFE to prevent blackhole and report a major CMERROR. Because the affected PFE is still active, and some applications (like BFD over AE across multiple FPCs/PFEs) are still using the PFE to transmit packets, the packets will get dropped due to all interfaces being disabled.
PR Number Synopsis Category: Junos Automation, Commit/Op/Event and SLAX
1604622 File download using "request system download" might fail
Product-Group=junos
On a EX4400 device, any files scheduled for download using the cli command "request system download" might fail due to error. The files can be downloaded using normal ftp/scp commands on the device.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1605897 Invalid JSON and xml output format for command like "show system resource-monitor ifd-cos-queue-mapping fpc x | display [json|xml]"
Product-Group=junos
The JSON and xml output format for command like "show system resource-monitor ifd-cos-queue-mapping fpc x | display [json|xml]" is not correct. The "Error: Duplicate key" error can be seen when doing the validation.
 

19.3R3-S4 - List of Known issues
PR Number Synopsis Category: Firewall Filter
1471310 Firewall filter monitoring using SNMP might not provide accurate results
Product-Group=junos
On all Junos except MX platforms, the firewall filter monitoring using SNMP OID 1.3.6.1.4.1.2636.3.5.2.1.6 might not provide the entire output of configured filters, when configured filters are using actions or matches that are not supported by the compiled filters. Below is the list of actions and matches that are not supported by the compiled filters: actions: "then policy map", "clear-policy-map", "then encapsulate/decapsulate" matches: "payload-protocol", "gre-key", "flex-offset range/prefix", "policy-map"
PR Number Synopsis Category: Layer 3 forwarding, both v4+v6
1380145 On the ACX5448 router, latency is observed for the host-generated ICMP traffic.
Product-Group=junos
The "ping" command on an ACX device may show variable latency values. This is expected for host-generated ICMP traffic due to the design of the PFE queue polling the packets from ASIC.
PR Number Synopsis Category: QFX L2 PFE
1417546 Either unicast RPF in the Strict mode or ICMP redirect does not work.
Product-Group=junos
On QFX5110 and QFX5120 platforms, either unicast RPF in strict mode or ICMP redirect does not work properly.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1477603 The unexpected next-hop might be seen after route deleted
Product-Group=junos
On QFX5000/EX4600 Series platforms with "instance-import", deleting route which has "next-table" used might result in unexpected route next-hop.
PR Number Synopsis Category: QFX EVPN / VxLAN
1554389 Wrong ARP reply might be sent via AE interface on QFX5000 series platforms
Product-Group=junos
Wrong Address Resolution Protocol (ARP) reply might be sent by QFX5000 series platforms when the ARP request packet is received via an Aggregated Ethernet (AE) interface. This issue affects QFX5000 series platforms running Junos image only. Please refer to workaround to avoid this issue.
PR Number Synopsis Category: RPD policy options
1596436 BGP import policy is not applied to all the routes when CCNH inet6 is enabled
Product-Group=junos
BGP import policy might be not applied to all the routes when CCNH inet6 is configured.
PR Number Synopsis Category: All Asgard Platform Related Issues
1335526 The ppmd process might crash after an upgrade on SRX platforms
Product-Group=junos
On SRX platforms with Bidirectional Forwarding Detection (BFD) enabled for multiple protocols (such as OSPF, ISIS, BGP, PIM), the ppmd process might crash after an upgrade.
PR Number Synopsis Category: ZT/YTpfe bridging, learning, stp, oam, irb software
1601065 Duplicate Address Detection(DAD) flags can be seen for IRB interfaces after configuration removal and restoration which may lead to blocking the traffic
Product-Group=junos
On MX platforms using MPC10 and MPC11E line cards with IPV6 configured,Duplicate address detection flags are seen for IRB interfaces. This happens when a device is configured with multiple member L2 interfaces and IRB interfaces, with one or two L2 interfaces going into STP blocked state. This issue can cause potential service impact on the device.
Modification History:
First publication 2021-10-01
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search