Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

19.4R3-S6: Software Release Notification for JUNOS Software Version 19.4R3-S6

0

0

Article ID: TSB18183 TECHNICAL_BULLETINS Last Updated: 12 Oct 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 19.4R3-S6 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Risk Risk Description
Low/Notification - No defined time impact to take action Software Release Notification
Impact Impact Description
Low/Notification - Monitor the situation but no action needed Software Release Notification

Solution:

Junos Software service Release version 19.4R3-S6 is now available.

19.4R3-S6 - List of Fixed issues
PR Number Synopsis Category: EX4300 PFE
1602399 Adding ae configuration without child member may cause MAC/ARP learning issues
Product-Group=junos
On EX4300 series platforms, addition of no child lag into VSTP/RSTP instance with VSTP being disabled for all other ports in the same VLAN may cause traffic loss on ports which are part of the VLAN.
PR Number Synopsis Category: EX4300 COS implementation
1608306 The dcpfe process might crash and generate core on EX4300 platform
Product-Group=junos
On EX4300 platform, the dcpfe process that handles packet forwarding might crash if the mge-* interfaces are configured with CoS (Class-of-Service) and scheduler port-speed is non-zero wile shaping rate becomes 0.
PR Number Synopsis Category: Marvell based EX PFE ACL
1611480 The fxpc process might crash and generate core
Product-Group=junos
On EX4600/QFX5K platforms, the fxpc process might crash and generate core when router-advertisement-guard is configured under DHCP (Dynamic Host Configuration Protocol) forwarding-options.
PR Number Synopsis Category: EX2300/3400 PFE
1610253 DHCP packets might be received and then returned back to DHCP relay through the same interface on EX2300/EX3400/EX4300/QFX VC platforms
Product-Group=junos
On EX2300/EX3400/EX4300/QFX Virtual Chassis (VC) platforms which are connected to Dynamic Host Configuration Protocol (DHCP) server via DHCP relay, if the interface connected with DHCP relay is located on non master node, and the interface has the knob "dhcp-security" enabled under vlan, when the DHCP packets are received via DHCP relay and then need to be send out within the affected vlan through the same interface, the DHCP packets might get returned back to DHCP relay, instead of being dropped. Due to this issue, it might lead to Media Access Control (MAC) address move on DHCP relay and therefore bring potential risk of service impact.
PR Number Synopsis Category: NFX Layer 2 Features Software
1592019 Unable to configure ports on firewall filter of NFX devices
Product-Group=junos
On NFX platforms, commit error may be seen when configuring firewall filter with destination-port and/or source-port match conditions for ethernet-switching family
PR Number Synopsis Category: HW Board, FPGA, CPLD issues
1593025 Multiple crashes with toe_interrupt_errors might be observed
Product-Group=junos
Multiple FPC crashes with toe_interrupt_errors might be observed when TOE memory read with parity err.
PR Number Synopsis Category: "agentd" software daemon
1584357 There is a race condition in jsd if jinsightd tries to reconnect quickly
Product-Group=junos
There is a race condition in jsd if jinsightd tries to reconnect quickly. This race condition is in the gRPC stack, which cannot handle if the client shut downs the socket followed by close.
PR Number Synopsis Category: BBE GRES related issues
1610476 The authd process and RADIUS might have stale L2BSA subscriber entries
Product-Group=junos
In subscriber management scenario, if JSU package for Broadband Edge Subscriber Management daemon (bbe-smgd) is installed on backup RE when it is syncing subscriber information from master then the authd process and RADIUS might have stale Layer 2 Bit Stream Access (L2BSA) subscriber entries which might cause subscribers logout and re-login.
1616611 The Dual RE system might not be GRES ready after backup RE reboot in a subscriber management environment
Product-Group=junos
On MX platforms in a high scaled subscriber management scenario, the system might not go GRES ready after Backup RE reboot. This impacts the GRES functionality.
PR Number Synopsis Category: BBE interface related issues
1616454 "show subscribers accounting-statistics ", "show services l2tp session interface asi0.xx statistics". may not work on LNS with asi- interfaces.
Product-Group=junos
In a subscriber management environment, CLI commands "show subscribers accounting-statistics ", "show services l2tp session interface asi0.xx statistics" may not work on LNS with asi- interface.(Aggregated service interface)
PR Number Synopsis Category: BBE Lawful Intercept related issues
1578162 The bbe-smgd process crash might be seen when the radius server sends multiple CoA
Product-Group=junos
On MX platforms with subscriber services enabled, the bbe-smgd process might crash when LI (Traffic mirroring action) for PPPoE interface is disabled/enabled using CoA.
PR Number Synopsis Category: Border Gateway Protocol
1446499 The command "show task replication" might show BGP replication complete even before BGP NSR replication is completed
Product-Group=junos
The command "show task replication" might show BGP replication complete before NSR replication is finished.
1481933 Multiple rpd soft-cores may occur when the same prefix is learned from multiple BGP peers
Product-Group=junos
In a BGP scenario, when the local router receives BGP updates with the same prefix from different BGP peers in a certain order with certain set of attributes, at this point a continuous soft-core may appear, but it allows the running rpd to continue. The act of taking a soft-core will put some CPU utilization for the time of taking the soft-core.
1556210 The rpd core might occur when BGP origin validation trace is enabled with scaled routes
Product-Group=junos
On all Junos OS and Junos OS Evolved platforms, with BGP origin validation traceoption is configured, if scaled routes (more than 5M) are added/withdrawn, rpd core might occur and BGP peers might flap.
1585321 The rpd process might crash when BGP RPKI session record-lifetime is configured less than the hold-time
Product-Group=junos
In BGP resource public key infrastructure (RPKI) scenario, if the session record-lifetime is configured less than the hold-time, the record-lifetime for route validation (RV) might expire while the session is still up, which cause rpd to crash.
1589141 The rpd might crash in BGP multipath scenario if interface for a single hop EBGP peer goes down
Product-Group=junos
In BGP multipath scenario, if an interface for a single hop EBGP peer goes down, the rpd might crash on the backup RE. If NSR switchover is performed, the rpd crash might be observed on the newly master RE, hence there may be traffic impact.
1601163 Some routes might get incorrectly programmed in the forwarding table in the kernel with next-hop installed as DEAD
Product-Group=junos
On all platforms with high-scaled routes scenario, after Flexible PIC Concentrator (FPC) restart some routes might get incorrectly programmed in the forwarding table in the kernel with next-hop installed as "dead". This would lead to traffic impact. This is a timing issue.
1611070 The rpd may crash after a commit if there are more than one address in the same address ranges configured under 'bgp allow'
Product-Group=junos
If the 'bgp allow' feature is used and there are more than one address in the same address range, the rpd may crash on a commit with such configuration. And the subsequent commits related to BGP configuration change can cause rpd to crash as well.
PR Number Synopsis Category: BBE Remote Access Server
1530820 The BNG authd process memory leak might happen after the subscriber logout
Product-Group=junos
In Gx-Plus for Provisioning Subscribers scenario, if the Gx-Plus thresholds are meet or exceed, the Gx-Plus usage notification messages (CCR-U) that contain the usage report for the statistics might be sent to the Policy Control and Charging Rules Function (PCRF). But if these thresholds CCR-U timeout and the subscriber sessions logout before the CCR-U resend, the allocated diameter message for the subscriber session might not timeout and the memory for these subscriber sessions might not be freed, it might cause the stale subscriber session to be left in the memory forever by the Gx-Plus services and BNG authd process memory leak (above 3%) might happen for each failed attempt to send the stale Gx-Plus threshold updates. In case that the memory leak of the BNG authd process keeps increasing gradually many and many times (depends on the sizeable number of subscribers), the login/logout/audit services might not work for the subscriber, the BNG wire-line BRAS subscribers might off-line, and out of services.
1600655 Subscribers might be stuck in terminated state when the radius server is unreachable
Product-Group=junos
In subscriber scenario, if RADIUS accounting backup is configured and the radius server is unavailable for more than 30 minutes, some subscribers might be stuck in terminated state and cannot be recovered even if the radius server is reachable.
1609403 Prefix duplication errors might occur for DHCPv6 over PPPoE subscribers
Product-Group=junos
On MX platforms with DHCPv6 (Dynamic Host Configuration Protocol) over PPPoE (Point-to-Point Protocol over Ethernet) configured in BBE(Broadband Edge) environment, where the PPPoE sessions have delegated IPv6 prefix assigned from a local pool, when a DHCP session comes up over the PPPoE leading to a change to the PPPoE session's address, an address-change notification would be triggered. The processing of this notification by general-authentication-service would result in wrong marking of the delegated IPv6 prefix as available. Once this happens, DHCP service might re-assign the same prefixes which would be rejected because of IP duplication.
1612196 DHCP session fails with CLI knob 'session-limit-per-username'
Product-Group=junos
On all Junos platforms with DHCP (Dynamic Host Configuration Protocol) over PPPoE (Point-to-Point Protocol over Ethernet) and 'session-limit-per-username' configured, if either interface or access configuration is modified while DHCP sessions are logged in, any new DHCP (v4/v6/PD/NA) session without authentication that uses the same access profile cannot log in.
PR Number Synopsis Category: Class of Service
1599024 Child mgd processes might get stuck when multiple sessions continuously ask for interface information
Product-Group=junos
When running NETCONF or any such session, querying interface information in XML format, and having such multiple sessions (around 50-60) continuously asking for interface information, the child mgd process might get stuck. If more than one (at least 4-5) child mgd processes get stuck, the mgd process will stop functioning, which may cause any new configuration to not take effect.
PR Number Synopsis Category: Enhanced Broadband Edge support for cos
1607056 New subscribers might not connect due to the CR-Features service object missing on FPC
Product-Group=junos
On all MX platforms, in a subscriber management environment, new subscribers might not connect if CoS (Class of service) CR-features (Classifier Rewrite) are used by the VBF (Variable Based Flow) service. The reference count mismatching between RE (Routing Engine) and VBF is caused by VBF flow VAR CHANGE failure.
1613126 Traffic loss might be observed due to the shaping rate be adjusted incorrectly in a subscriber environment on MX platforms
Product-Group=junos
On MX platforms with subscriber management enabled, if Class of service (CoS) adjustment based on DHCP tags and Point-to-Point Protocol Over Ethernet (PPPoE) Intermediate Agent (IA) tags are enabled, and a first subscriber that triggered the creation of the interface set is Dynamic Host Configuration Protocol (DHCP), statically configured shaping rate for the parent interface set may be incorrectly adjusted to a very low value. In this case, traffic loss might be observed.
PR Number Synopsis Category: QFX Control Plane VXLAN
1520688 The local PE does not remove VNI flood information even though it does not receive VXLAN message from remote PE
Product-Group=junos
On all Junos platforms, the local PE does not remove VNI flood information when the remote PE deletes the VXLAN VLAN and all belonged CE interfaces.
PR Number Synopsis Category: Device Configuration Daemon
1553148 The dcd process might leak memory on pushing the configuration to the ephemeral database.
Product-Group=junos
The dcd (device control daemon) memory leak issue could be observed on all Junos platforms, on pushing the scaled routing-instance configuration with bridge-domain stanza into the Ephemeral database.
1569399 ,Traffic might be interrupted while adding xe-/ge- interfaces as member of aggregated Ethernet interface bundle
Product-Group=junos
On all Junos platforms, if a xe- or ge- interface has the "set interfaces disable" configuration, the interface is added as a member of an aggregated Ethernet interface bundle, and "delete interfaces disable" command is committed, then in some rare scenario it might result in vmcore and cause the system to reboot. This leads to traffic impact. After vmcore, system boots up and comes to normal state.
1587552 The dcd process might crash after performing Routing Engine switchover/reboot/management interface configuration change
Product-Group=junos
On all Junos platforms, the device control process (dcd) process might crash after performing Routing Engine switchover, rebooting the device, or a management interface configuration change due to memory corruption triggered by a code in the Junos kernel.
1591032 The dcd process crash might be observed after removing AE IFL from the targeted distribution database
Product-Group=junos
On the MX platforms, the dcd internal data structure of the distribution bundle might get corrupt after removing the AE IFL (logical interface) of members of a targeted IFLset (logical interface set) from the targeted distribution database. Later the dcd process will crash when it accesses the corrupted entry.
1602656 The AE interface might flap upon configuration changes
Product-Group=junos
On Junos Fusion system with MX/EX as Aggregation Devices, the 100G AE interfaces might flap upon unrelated configuration changes.
1608281 Memory leak on dcd process occurs when committing configuration changes on any interfaces in a setup with AMS interface configured
Product-Group=junos
With aggregated multiservices interface (AMS) configured, the memory leak on dcd daemon occurs when making configuration changes on any interface. The leak rate is slow and depends on the scale of the IFLs on AMS interfaces (e.g. if there are 8 AMS physical interfaces with 8000 logical interfaces, the leak is about 5MB on each commit), which may lead to dcd crash.
PR Number Synopsis Category: Firewall Filter
1601761 The snmpwalk may not get polling the mib for dual-stack interface
Product-Group=junos
On all Junos devices, the snmpwalk may not work for on dual-stack interface if the interface filter name is the same for input list filters.
PR Number Synopsis Category: dns-proxy feature
1607867 DNS proxy functionality might not work on VRRP interfaces
Product-Group=junos
On all SRX platforms, if DNS proxy is enabled on VRRP interfaces, then DNS proxy functionality might fail to work.
PR Number Synopsis Category: Covers Application classification workflows apart from custo
1595310 When JDPI inspection-limits are reached, under certain circumstances, classification details were not propagated to interested Layer-7 Services, such as IDP.
Product-Group=junos
When JDPI inspection-limits are reached, under certain circumstances, classification details were not propagated to interested Layer-7 Services, such as IDP.
PR Number Synopsis Category: JUNOS Dynamic Profile Configuration Infrastructure
1607494 Commit related to dynamic profile configuration changes might fail upon executing "request vmhost reboot routing-engine both" on MX platforms
Product-Group=junos
On all MX platforms that support the VMHost routing engine, upon executing the command "request vmhost reboot routing-engine both" any commit related to dynamic-profile changes might fail.
PR Number Synopsis Category: Express PFE L2 fwding Features
1594255 ARP entry might be found missing intermittently post FPC reboot
Product-Group=junos
On some QFX series, using Ethernet Virtual Private Network (EVPN) with Virtual Extensible LAN protocol (VXLAN) when the Flexible PIC Concentrator (FPC) is rebooted, in rare occasions some of the Address Resolution Protocol (ARP) entries might be found missing intermittently on the FPC rebooted spine leading to intermittent connectivity issues.
PR Number Synopsis Category: Enhanced Broadband Edge support for firewall
1570536 The bbe-smgd process might crash after committing several thousand addresses in a filter term
Product-Group=junos
In Next Generation Subscriber Management (Tomcat) scenario with Parameterized Filter configured, if commit several thousand addresses (more than 3200) in a filter term, the bbe-smgd process might continuously crash when subscribers try to login constantly.
PR Number Synopsis Category: idp flow creation, deletion,notification, session mgr intfce
1614013 High RE CPU usage occurs when routing-instance is configured under security idp security-package hierarchy level
Product-Group=junos
On all SRX Series devices, when routing-instance is configured under security idp security-package hierarchy level, several unexpected situations might occur, such as High Routing Engine (RE) CPU usage caused by the idpd process, the idpd process crash, IDP security-package update failure.
PR Number Synopsis Category: IDP SSL related bugs
1513335 Traffic might not pass when SSL and IDP configuration is enabled on SRX platforms
Product-Group=junos
On SRX platforms, traffic might not pass due to global memory overflow in IDP (Intrusion Detection and Prevention) when SSL (secure sockets layer) and IDP configuration is enabled.
PR Number Synopsis Category: Internet Group Management Protocol
1607493 Multicast traffic might be duplicated on subscriber interface on MX platforms
Product-Group=junos
On MX platforms with distributed IGMP enabled, if a non-bbe junos interface joins the same multicast group as the subscriber interface followed by GRES/NSR switchover, then multicast traffic might be duplicated on subscriber interface.
PR Number Synopsis Category: Kernel software for AE/AS/Container
1456785 Kernel crash might be seen when micro BFD configuration is applied to a LAG interface
Product-Group=junos
On all Junos platforms, when micro BFD (Bidirectional Forwarding Detection) configuration is applied to a LAG interface with many child links, in this scenario, kernel crash might be observed causing the device reboot.
1592456 Routing Engine kernel might crash due to IFL of aggregated interface adding failure in Junos kernel
Product-Group=junos
In a rare case, the logical interface (IFL) of an aggregated interface (e.g., AE, RLT, RVT, AF, AMS, RLSQ interface etc.) might fail to be added to Junos kernel. In this case, the Routing Engine kernel might crash with vmcore file generated. The IFL of aggregated interface adding failure in Junos kernel could happen in cases like failure of multicast filter list initialization or DCD sending an invalid vlan-id or memory allocation error etc.
PR Number Synopsis Category: Integrated Routing & Bridging (IRB) module
1567723 MAC addresses might not be relearned successfully after MAC address age timeout
Product-Group=junos
On all L2NG platforms, MAC address entries might be smaller in the MAC table than in the ARP table, this because some of MAC addresses are not relearned successfully after MAC address age timeout. This issue will cause traffic loss for non-existing MAC entries.
PR Number Synopsis Category: ISIS routing protocol
1526447 The IS-IS LSP database synchronization issue might be seen while using the flood-group feature
Product-Group=junos
On all Junos platform, when flood-group is configured on interface under isis, if isis LSPs time out and then come up, the device sends only self-generated LSPs and doesn't increment the LSP updates received from neighbor which flapped. This is causing LSP database out of synchronization issue.
PR Number Synopsis Category: jdhcpd daemon
1583445 The subscriber login might fail on backup BNG running ALQ and Redundancy Services will not be available
Product-Group=junos
On MX Platforms running Junos, the subscriber login might fail on backup BNG (Broadband Network Gateway) running ALQ (Active Leasequery), if authentication is dependent on relay-agent-remote-id. In the issue state, the Redundancy Services will not be available for these DHCP Clients.
PR Number Synopsis Category: Juniper Device Manager User Interface includes cli, mgmt
1559402 The subscriber management infrastructure daemon (smid) process might be stuck at 100%
Product-Group=junos
After performing GRES (Graceful Routing Engine Switchover) switchover several times, the smid process might be stuck at 100% on QFX/MX platforms.
PR Number Synopsis Category: jl2tpd daemon
1601886 "show services l2tp tunnel extensive", "show services l2tp session extensive" commands provide incorrect outputs on LTS
Product-Group=junos
In a subscriber management environment CLI commands "show services l2tp tunnel extensive" and "show services l2tp session extensive" provide incorrect outputs on LTS (L2TP tunnel switch).
PR Number Synopsis Category: Adresses NAT/NATLIB issues found in JSF
1542797 High Control-Plane CPU may be seen for uspinf process on SRX5K routing engine
Product-Group=junos
When running NAT pool related command at high rate, multiple instances of uspinfo process may cause high CPU on control plane
PR Number Synopsis Category: User Firewall related issues
1605933 Memory leak at the useridd process might be observed when Integrated User Firewall is configured
Product-Group=junos
On SRX-Series devices having Integrated User Firewall enabled with Active Directory as the authentication source, memory leak might be observed at the useridd process.
PR Number Synopsis Category: IPSEC/IKE VPN
1530684 On all SRX Series devices using IPsec with NAT traversal, MTU size for the external interface might be changed after IPsec SA is re-established.
Product-Group=junos
On all SRX series devices using IPsec with NAT Traversal, MTU size might be changed to a lower value for the ike external interface after IPsec SA is re-established.
1596103 The kmd process might crash when VPN peer initiates using source-port other than 500
Product-Group=junos
On SRX Series devices, when site-to-site IPsec VPN is configured with traffic-selectors, if the VPN peer initiates an IKE negotiation using source-port other than 500, and at the same time, the IPsec IKE rekey (For the same VPN tunnel as the previous VPN peer initiates) occurs on the SRX device, the kmd process might crash.
1604039 Tail drops might occur on SRX Series devices if shaping-rate is configured on st-interface
Product-Group=junos
On the branch SRX platforms, if shaping-rate is set on the st-interface, the maximum traffic rate might not reach shaping-rate, or there might be tail drops during traffic burst.
1605634 Traffic might be dropped in a corner case of IPsec VPN scenario on SRX5000 platforms with SPC3 installed
Product-Group=junos
On SRX5000 platforms with SPC3 installed and IP security (IPsec) Virtual Private Network (VPN) tunnels configured, if the gcm cipher (e.g. aes-128-gcm and aes-256-gcm) is used as the encryption algorithm, when the Internet Key Exchange Daemon (iked) process restore (e.g. caused by redundancy group 0 failover) happens, the iked process might get a wrong key being restored into the memory. After that, once there is Packet Forwarding Engine (PFE) reset/restart before the IKE Security Association (SA) rekey, traffic drop might happen due to this issue.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1596483 Mcscnoopd might crash during deleting/adding layer-2 forwarding configuration after performing ISSU
Product-Group=junos
In layer-2 forwarding configuration with ISSU scenario, Gencfg provides a generic way for applications to store interface state information (blobs) which needs to be sent to PFE/PIC/REs/daemons. In some rare cases, after performing ISSU, the Gencfg key (handed/generated by the kernel, a kind of layer-2 token) info might be inconsistent between the l2ald and master/backup kernel due to the state sync issue, then the Gencfg might send the blobs with this wrong key to the kernel during adding/deleting the layer-2 forwarding configuration. Then the kernel might return the wrong messages (e.g. next-hop lookup) to mcsnoopd, this will cause mcsnoopd to crash, the services/functions based on multicast will be impacted.
PR Number Synopsis Category: lacp protocol
1599029 Uneven traffic distribution might be observed between member links of LAG
Product-Group=junos
On PTX Series routers with LAG scenario where a prefix is advertised by two devices that are connected to the same upstream device, if the traffic with explicit null MPLS label from the upstream device to this prefix is shifted away from one of the devices by any means (like withdrawing the route advertising or disconnecting all its LAG links to the upstream device), the uneven traffic distribution might be seen on a few member links of the LAG on another device. This is due to an improper hash algorithm for LAG, which might cause performance degradation.
PR Number Synopsis Category: Label Distribution Protocol
1582037 Sub-optimal routing issues might be seen in case LDP route with multiple next-hops
Product-Group=junos
In the case of the LDP route with multiple next-hops, the last NH weight in table mpls.0 is not set properly when the total number of LDP NHs is multiple of 8 + 1, e.g., 9, 17. This might lead to some backup route active as the primary path, which might result in a traffic loop.
PR Number Synopsis Category: Port-based link layer security services and protocols that a
1502946 The MACSEC decryption failures might be counted as input errors (CRC errors).
Product-Group=junos
On MX platforms where JNP-MIC1-MACSEC/MIC-MACSEC-MRATE MIC are used, disabling/deleting MACSEC on an interface on the mentioned MIC might cause CRC/framing errors increment when there is traffic flowing through the interface. With this PR fix, any packet that fails MACSEC decryption will get dropped in MACSEC device itself which is sitting on the MIC and will not get forwarded to host ASIC. As a result, after this fix, CRC/framing error counters will not increase for frames that fail MACSEC decryption.
PR Number Synopsis Category: Multicast for L3VPNs
1597387 The rpd process might crash if the interface goes down in the BGP-MVPN scenario
Product-Group=junos
In GTM (Global Table Multicast) with BGP-MVPN (Border Gateway Protocol - Multicast VPN) scenario, if the default route and the source route are going through the same interface and this interface goes down, the MVPN RPF (Reverse-path Forwarding) evaluation might be stuck in a recursive loop trying to find the next-hop which has an rt-import community. This could lead to stack overflow and memory corruption, eventually leading to rpd crash. Traffic loss might be seen during the rpd crash and restart.
PR Number Synopsis Category: MX104 Software - Kernel
1607282 In subscriber management scenario, under a rare condition, the RE reboots and generates a vmcore
Product-Group=junos
In subscriber management scenario, under a rare condition, the kernel might crash at very rare condition due to a null pointer check when an entry lookup is performed.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1602005 Upgrade might fail when upgrading from legacy release
Product-Group=junos
On all platforms (For SRX, only SRX5k with RE-1800x4) while directly upgrading from Junos with FreeBSD 6 (e.g. 15.1X49 or before) to the affected releases, the system will check the USB connection. The upgrading will fail if there is no USB device detected during the upgrading process.
PR Number Synopsis Category: Kernel Multicast Infrastructure
1555274 Multicast traffic in MVPN setup might be blackholed on some PTX platforms acting as transit LSR
Product-Group=junos
On PTX3000/PTX5000/PTX10008/PTX10016 platforms in MVPN setup with aggregated Ethernet(AE) having 2 interfaces on 2 different PFE's, if protocol status of one AE member interface goes down (mBFD Down or disabling lacp on the peer), but physical state remains Up, multicast traffic might be blackholed.
PR Number Synopsis Category: JUNOS Network App Infrastructure (for ping, traceroute, etc)
1582529 If committing 'source-address routing-instance' and then delete 'source-address ' in private edit mode, commit fails with warning message
Product-Group=junos
On all Junos platforms with private edit mode enabled, if you commit the statement 'source-address< address> routing-instance' and then delete 'source-address
', the commit fails with warning message: 'warning: patch removes statement that is not empty'.
PR Number Synopsis Category: Kernel socket data replication issues for protocols that use
1545143 The kernel crash might happen if NSR is enabled
Product-Group=junos
On all Junos platforms with NSR enabled, on the master RE, restart sequence: restart LACP  ==>  restart LDP  ==> restart OSPF  ==>  restart BGP ==>  restart RPD may cause a kernel crash.
PR Number Synopsis Category: PTP related issues.
1618929 Clocking Solution: clksyncd crashes with 1pps output and PTP/Hybrid configured by default post upgrade to affected release.
Product-Group=junos
With 1pps measurement port output and PTP/Hybrid mode configured by default during bootup, clksyncd may crash and dump a core.
PR Number Synopsis Category: QFX L2 PFE
1417546 Either unicast RPF in the Strict mode or ICMP redirect does not work.
Product-Group=junos
On QFX5110 and QFX5120 platforms, either unicast RPF in strict mode or ICMP redirect does not work properly.
1602914 Traffic drop might be observed on QFX5K platforms in virtual chassis scenario when firewall filter is configured
Product-Group=junos
On QFX5k platforms in the Virtual chassis scenario, when the firewall filter is applied over the AE interface and AE is having only one child member from FPC0 and there are no child members from FPC1, all the packets flowing through backup FPC will be dropped.
1607249 LLDP packets received on VxLAN enabled port might be flooded unexpectedly
Product-Group=junos
If Link Layer Discovery Protocol (LLDP) packets are received on Virtual Extensible LAN (VxLAN) enabled port, these LLDP packets might be flooded unexpectedly. The issue could make LLDP session keep swapping. As a result, services like Power over Ethernet (PoE) etc might be affected.
PR Number Synopsis Category: qfx-sw-mclag
1605234 MAC move may be seen between the ICL and MC-LAG interface if adding/removing VLANs on the ICL interface
Product-Group=junos
On QFX/EX platforms with MC-LAG used, if adding/removing VLANs on the ICL (the interchassis link) interface which is used to forward data packets link between two MC-LAG peers, a continuous MAC move might be seen between the ICL and MC-LAG interface. When this happens, it will cause traffic drop due to the flooding as a consequence of the MAC moves.
PR Number Synopsis Category: QFX EVPN / VxLAN
1561588 Dcpfe process might crash on after committing EVPN-VXLAN profile configuration and ARP resolution may fail causing traffic issues.
Product-Group=junos
Dcpfe process might crash on after committing EVPN-VXLAN profile configuration and ARP resolution may fail causing traffic issues.
PR Number Synopsis Category: QFX5100 Interface related issues
1555741 The Virtual Chassis Port (VCP) might not come up after upgrading to 18.4R2-S4 or later releases on EX4600 or QFX5100 platform
Product-Group=junos
In EX4600 or QFX5100 with the Virtual Chassis (VC) scenario, if the QSFP+-40G-LR4/LX4/BXSR is used as the Virtual Chassis Port (VCP), it might come up against the optical signal strength issue accidentally after upgrading to 18.4R2-S4 or later releases. Then the VCP might be brought down by the physical port driver randomly and not come up again. The functionality of VC or the Virtual Chassis Fabric (VCF) might be impacted.
PR Number Synopsis Category: RPD Interfaces related issues
1594981 The label field for the EVPN Type 1 route is set to 1
Product-Group=junos
In the EVPN/VXLAN scenario, the label field for Type-1 route is not required but it is assigned 1 instead of 0, which is in conflict with the RFC7432.
PR Number Synopsis Category: KRT Queue issues within RPD
1582226 The rpd process may be stuck in 100% due to race condition
Product-Group=junos
The rpd process may be stuck in 100% due to a race condition. There is a defect on the code for the processing of route entries between Routing Engine and FPC. This is due to incorrect operations of two internal threads in a race condition, resulting in a tight loop on code and high rpd CPU usage.
1588439 The rpd crash might be observed on the router running a scaled setup
Product-Group=junos
On all Junos platforms, in a rare scenario with scaled routing set up, the kernel memory might get full, which could lead to the rpd crash. There will be service impact and it will get recover automatically after the crash. When the rpd crashes, the core files (or dump files) can be seen by executing CLI command "show system core-dumps". user@hostname> show system core-dumps -rw-rw- - - - 1 root field /var/tmp/rpd.core<*>.gz
PR Number Synopsis Category: RPD policy options
1565629 The rpd might crash when the deletion of routing table occurs
Product-Group=junos
The rpd might crash when the deletion of routing table occurs.
PR Number Synopsis Category: Resource Reservation Protocol
1555774 A new LSP might not be up even if bypass LSP is up and setup-protection is configured.
Product-Group=junos
When a bypass LSP is protecting the link or node in RSVP scenario, a new LSP may not go up even if "setup-protection" is configured and RSVP signals the LSP through the bypass LSP.
PR Number Synopsis Category: RPD API infrastructure
1607185 TCP traffic might be dropped on source port range 512 to 767 when the FlowSpec IPv6 filter is configured
Product-Group=junos
In the BGP FlowSpec scenario, the IPv6 filter matching icmp-type 2 only drops TCP traffic on source port range 512 to 767.
PR Number Synopsis Category: IPSEC functionality on M/MX/T ser
1557216 Script fails while committing the IPSec authentication configuration as the algorithm statement is missing.
Product-Group=junos
On all Junos platforms except MX Series routers and SRX Series devices with FIPS mode enabled, the manual IPsec functionality might not work because no authentication algorithm is configurable for IPsec.
PR Number Synopsis Category: SNMP Infrastructure (snmpd, mib2d)
1575790 Slow memory leak could be observed for snmpd process
Product-Group=junos
On all Junos platforms, the SNMP functionality is implemented as a distributed agent using Agent Extensibility (AGENTX) protocol and if there is a AGENTX request timeout happen between snmp and any other sub-agent, the snmpd would leak 24bytes of memory. The memory leak would be very slow and might not happen very frequently. However, in worst scenario it could lead to crash of the snmpd process.
1606600 SNMP reflects outdated ARP entries
Product-Group=junos
When the ARP entry gets removed in the ARP table, and if there is a presence of a static route referring to the removed NH IP, the refcount will not be 0. In that case, the kernel will not send a DELETE message to mib2d. As a result, SNMP still has the ARP entry even after it's expired in the ARP cache.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1617830 Traceroute packets might get dropped in SFW service-set when other service-sets with asymmetric traffic processing are also enabled on the same MS-MIC/MS-MPC
Product-Group=junos
When there are service-sets which are configured with knob "enable-asymmetric-traffic-processing" along with other CGNAT(carrier grade NAT) or SFW(stateful firewall) service-set, traceroute packets might get dropped on those even when the ICMP works for ping operation or otherwise. This can happen on ms- interfaces, i.e. on MX devices where multiservices-MPC (modular PIC concentrators) like MS-MPC or MS-MIC are installed. The initiator of the traceroute will not receive any error messages informing them about the failure.
PR Number Synopsis Category: SFW, CGNAT on MS-MIC/MS-MPC (XLP)
1581231 Memory leak might happen due to stale NAT64 entries
Product-Group=junos
Stale Network Address Translation (NAT) 64 entries could be created if bogus IPv6 addresses match NAT64 rules. Memory space might not be successfully released when this issue happens. This issue only takes effect on Junos platforms.
1602528 Jflow-syslog for CGNAT might use 0x0000 in IPV4 Identification field for all fragments
Product-Group=junos
On all MX platforms with MS-MPC using Jflow logging, Jflow-syslog for CGNAT might use 0x0000 in IPv4 identification fields for all fragments when the Jflow-syslog packets undergo fragmentation. This issue might impact the flow monitoring.
PR Number Synopsis Category: MX10002 Platform SW - Platform s/w defects
1587694 PEM capacity shows incorrectly on MX10003 platform
Product-Group=junosvae
On MX10003 platform, PEM capacity may be incorrectly shown by CLI command 'show chassis power' after a PEM swap.
PR Number Synopsis Category: SRX-1RU platfom datapath SW defects
1583127 Packet drop or srxpfe coredump might be observed due to Glacis FPGA limitation
Product-Group=junos
On SRX4600, due to Glacis FPGA (Field Programmable Gate Array) limitation in out of order processing, packet drop or srxpfe coredump might be observed.
PR Number Synopsis Category: SRX-1RU platfom related protocol, QoS, filtering features et
1613475 Interface might not come up when 10G port is connected to 1G SFP
Product-Group=junos
On SRX4600, when you connect a 1G SFP (Small form-factor pluggables) to the 10G port the interface might not come up.
PR Number Synopsis Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1523362 MX104 experienced afeb0 core dump in Nextgen Stats related to subscriber management environment.
Product-Group=junos
MX104 experienced afeb0 core dump in Nextgen Stats related to subscriber management environment.
1609844 The single-vlan tagged subscribers might fail to reconnect through dynamic-vlan over PS interface
Product-Group=junos
In the auto-sensed vlan subscriber created on PS interface scenario, if the auto-configure is used on PS ifd (pseudowire physical interface) and the ifl (logical interface) of it, the Junos next-hop (JNH) might not be properly installed for the new requested tagged vlan after deleting the PS ifl or clearing the subscriber's sessions. It might not be recreated single-vlan tag while bringing up the subscribers again, then the access services crossing dynamic-vlan might be unavailable on the PS ifd/ifl.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1606731 The FPC might crash if 'flow-table-size' is configured on MX platforms
Product-Group=junos
On MX platforms, if knob 'set chassis fpc slot-number inline-services flow-table-size' or 'set chassis fpc slot-number inline-services flex-flow-sizing' is configured, the FPC might crash.
1607311 Multicast traffic is dropped when forwarded over VPLS via IRB
Product-Group=junos
On MX platform working as PE in MVPN, when traffic is received (from core) on upstream multicast LSI interface and then forwarded over VPLS via IRB interface, the packets are forwarded without vlan-tags, which leads to traffic drop at the remote VPLS PE (due to missing vlan-tags).
PR Number Synopsis Category: Trio pfe sampling, services plumbing
1482683 Traffic loss might be observed due to FPC crash on MX Series routers and the EX9200 line of switches
Product-Group=junos
On MX Series routers with an MPC7E/8E/9E line card, or an equivalent line card installed in the EX9200 line of switches, the FPC might crash in a rare scenario. When this issue occurs, traffic/service might get impacted.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1555685 The chassisd core dump might be observed if PIC number 2 or 3 is used on MX204
Product-Group=junos
On MX204, if PIC number 2 or 3 is used for an interface under groups, the chassisd process might crash.
1586229 Fix fast-diff to detect the change when a deactivated delta-list element is deleted
Product-Group=junos
Fix fast-diff to detect the change when a deactivated delta-list element is deleted
1605897 Invalid JSON and xml output format for command like "show system resource-monitor ifd-cos-queue-mapping fpc x | display [json|xml]"
Product-Group=junos
The JSON and xml output format for command like "show system resource-monitor ifd-cos-queue-mapping fpc x | display [json|xml]" is not correct. The "Error: Duplicate key" error can be seen when doing the validation.
PR Number Synopsis Category: VMHOST platforms software
1547669 WR Linux 6 platforms and WR Linux 9 platforms might be stuck after upgrading or downgrading image version and restarting the device
Product-Group=junos
On Wind River Linux 6 (WR Linux 6) platforms and WR Linux 9 platforms using VMHOST based routing engine (RE), device might be stuck after upgrading image or downgrading image and reload the device. There is service impact if this issue happens.
1571753 Packets with the MAC address of eth0 and macvlan0@eth0 interface might be sent out to the management interface on VMHOST platform with NG-RE
Product-Group=junos
On VMHost platform with NG-RE, the physical management interface is virtualized and mapped to fxp0 interface in Junos (Guest OS), eth0 and macvlan0@eth0 interface in host OS. Currently, IPv6 is enabled by default on eth0 and macvlan0@eth0 interface on host OS. During system bootup or the management interface coming up, the management interface (i.e., eth0 and macvlan0@eth0 interface) on the host OS might respond to IPv6 Neighbor Discovery protocol packets. It could cause the upstream router to learn the MAC address of eth0 and macvlan0@eth0 interface instead of fxp0 interface in Junos. In certain deployments (based on the upstream router configurations), the upstream router might disable the access to fxp0 interface.
PR Number Synopsis Category: usf nat related issues
1601890 Traffic might be dropped at NAT gateway if EIM is enabled
Product-Group=junos
With Network Address Translation (NAT) and Endpoint-independent Mapping (EIM) enabled, traffic unsupported by EIM might not be translated due to packets injected back to NAT gateway. When this issue happens, EIM unsupported traffic could be dropped. Also, the issue could cause looping at NAT gateway. In the end, looping occurred at NAT gateway affects device performance.
 

19.4R3-S6 - List of Known issues
PR Number Synopsis Category: BGP Openconfig and Sensor
1505425 The rpd process might crash in case of a network churn when the telemetry streaming is in progress
Product-Group=junos
On all Junos OS platforms with the Juniper Telemetry Interface configured, the rpd might crash when there is telemetry streaming is in progress and meanwhile there is a network churn. This is a timing issue, and the rpd recovers automatically.
PR Number Synopsis Category: Firewall Filter
1471310 Firewall filter monitoring using SNMP might not provide accurate results
Product-Group=junos
On all Junos except MX platforms, the firewall filter monitoring using SNMP OID 1.3.6.1.4.1.2636.3.5.2.1.6 might not provide the entire output of configured filters, when configured filters are using actions or matches that are not supported by the compiled filters. Below is the list of actions and matches that are not supported by the compiled filters: actions: "then policy map", "clear-policy-map", "then encapsulate/decapsulate" matches: "payload-protocol", "gre-key", "flex-offset range/prefix", "policy-map"
1514141 The system-generated name of the resulting concatenated filter from firewall filter list is same for different families
Product-Group=junos
The system-generated name of the concatenated filter from the firewall filter list is the same for different families. This will not cause any issue on CLI. However, if the firewall filter telemetry data is streamed via Junos Telemetry Interface (JTI), it might cause confusion on collector side because the firewall filter list for different families will be treated as one filter. In particular, if firewall filters having same firewall filter counter (or policer) name are used in firewall filter list for different families, the incorrect statistics might be seen on collector because the firewall filter counter (or policer) name for different families cannot be distinguished on collector side.
PR Number Synopsis Category: Express PFE FW Features
1420560 The firewall counter for lo0 interface might not increase
Product-Group=junos
The firewall counter for lo0 does not increase on PTX if lo0 filter family any is configured.
PR Number Synopsis Category: to track replication related interface bugs
1606779 When MTU is configured on an interface a rare ifstate timing issue could occur at a later point resulting in ksyncd process crash on backup RE
Product-Group=junos
On all Junos platforms with MTU and xSTP configured on an interface, a rare ifstate timing issue could occur at a later point resulting in ksyncd process crash on backup RE. When ksyncd crashes on backup RE, a live kernel core is also dumped on both the REs.
PR Number Synopsis Category: Port-based link layer security services and protocols that a
1614966 dot1xd JTASK_SCHED_SLIP can be observed in scaling setup with macsec
Product-Group=junos
In a scaled setup with MACSEC enabled, FPC hog may be observed during convergence to cause dot1xd JTASK_SCHED_SLIP to trigger service impact on all traffic/protocol running on MACSEC MIC. In rare cases, FPC may get disconnect from RE due to extended hogging time. The affected HW includes but not limited to MACSEC-12xQSFPP-XGE-XLGE-CGE / MIC1-MACSEC The following are contributing factors: 1. Large RIB/FIB scale 2. Large amount of traffic across MACSEC MIC 3. Lots of route/next-hop churn 4. Aggressive sampling application along with firewall with log/syslog action
PR Number Synopsis Category: Interface related ISSU PRs on Mx-series
1480212 FPC may crash after performing ISSU on the device which equips the type of 3D 20x 1GE MIC
Product-Group=junos
On the MX platforms with the type of 3D 20x 1GE MIC installed, after performing ISSU (In-Service Software Upgrade), the FPC equipping the MIC may crash and interfaces stay down. Due to this issue, the traffic on the MIC will be impacted.
PR Number Synopsis Category: vMX Platform Infrastructure related issue tracking
1575328 On MX150 routers, the interface might take a long time to power down while rebooting, powering-off, halting, or upgrading.
Product-Group=junos
On MX150 routers, the interface might take a long time to power down while rebooting, powering-off, halting, or upgrading.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1477603 The unexpected next-hop might be seen after route deleted
Product-Group=junos
On QFX5000/EX4600 Series platforms with "instance-import", deleting route which has "next-table" used might result in unexpected route next-hop.
PR Number Synopsis Category: QFX EVPN / VxLAN
1554389 Wrong ARP reply might be sent via AE interface on QFX5000 series platforms
Product-Group=junos
Wrong Address Resolution Protocol (ARP) reply might be sent by QFX5000 series platforms when the ARP request packet is received via an Aggregated Ethernet (AE) interface. This issue affects QFX5000 series platforms running Junos image only. Please refer to workaround to avoid this issue.
PR Number Synopsis Category: RPD policy options
1596436 BGP import policy is not applied to all the routes when CCNH inet6 is enabled
Product-Group=junos
BGP import policy might be not applied to all the routes when CCNH inet6 is configured.
PR Number Synopsis Category: Resource Reservation Protocol
1603613 RSVP detour LSP might fail to come up when an LSR in the detour path goes down
Product-Group=junos
In a RSVP environment with fast-reroute enabled, when an LSR in a detour LSP goes down in particular scenario, the newly signaled detour path might be brought down and remain in incomplete state. This is due to a defect in RSVP-IO thread where it continues sending incorrect Path Refresh, which brings down the detour path.
PR Number Synopsis Category: All Asgard Platform Related Issues
1335526 The ppmd process might crash after an upgrade on SRX platforms
Product-Group=junos
On SRX platforms with Bidirectional Forwarding Detection (BFD) enabled for multiple protocols (such as OSPF, ISIS, BGP, PIM), the ppmd process might crash after an upgrade.
PR Number Synopsis Category: MX10003/MX204 Platform SW - Chassisd s/w defects
1567479 The chassisd crash might be seen on MX platforms
Product-Group=junos
On MX platforms, in a rare scenario, the addition and deletion of interfaces might cause an increase in chassisd memory which eventually leads to chassisd crash. The critical memory threshold is 2-3 GB when the issue is seen. The CLI command "show system processes extensive" could be used to monitor the memory usage of chassisd.
PR Number Synopsis Category: ZT/YTpfe bridging, learning, stp, oam, irb software
1601065 Duplicate Address Detection(DAD) flags can be seen for IRB interfaces after configuration removal and restoration which may lead to blocking the traffic
Product-Group=junos
On MX platforms using MPC10 and MPC11E line cards with IPV6 configured,Duplicate address detection flags are seen for IRB interfaces. This happens when a device is configured with multiple member L2 interfaces and IRB interfaces, with one or two L2 interfaces going into STP blocked state. This issue can cause potential service impact on the device.
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1604304 [interface] [generic] JUNOS: JDI_FT_REGRESSION:PLATFORM_PFE:ROUTING: Regression:VRF_LOCALIZATION:NPC core seen while testing second CE-FACING FPC bahavior in non_localization change
Product-Group=junos
In MX router with vrf localisation enabled, FPC can crash with truncated or incomplete coredump on config change operation.
PR Number Synopsis Category: Authentication, Authorization, Accounting, PAM (RADIUS/tacplus)
1581209 Syslog message " %AUTH-3: warning: can't get client address: Bad file descriptor" is displayed at Jweb login.
Product-Group=junos
On SRX series platform, "AUTH-3: warning: can't get client address: Bad file descriptor" is displayed in syslog message at Jweb login.
PR Number Synopsis Category: Junos Automation, Commit/Op/Event and SLAX
1604622 File download using "request system download" might fail
Product-Group=junos
On a EX4400 device, any files scheduled for download using the cli command "request system download" might fail due to error. The files can be downloaded using normal ftp/scp commands on the device.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1600435 The dfwc and dcd processes may crash when a commit-check is performed after a previously terminated (with ctrl+c) commit-check
Product-Group=junos
During performing commit-check for the firewall and interface related configurations, if an operator uses the ctrl+C to abort it, the dfwc and dcd may crash after performing another commit-check. This issue will happen only with those daemons that follow the message-based commit-check model (such as dfwc, dcd, rdmd and fwa), and has no impact on other daemons.
PR Number Synopsis Category: VMHOST platforms software
1544875 The VM host platform might get crashed continuously after performing upgrade/downgrade and booting up with the new image
Product-Group=junos
After performing upgrade/downgrade on VM host platform, during booting up with the new image, the Wind River Linux (WRL) kernel might go into a deadlock state due to a race condition in Advanced Configuration and Power Interface (ACPI) Component Architecture (ACPICA) module in Linux kernel. This issue could cause the system to get stuck in continuous crashing state. It is a rare timing issue and currently only seen on PTX1000 with WRL6 kernel based image during upgrade/downgrade between 17.4X5 and 18.2X75-D61.

 
Modification History:
First publication 2021-10-12
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search