Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

20.2R3-S3: Software Release Notification for JUNOS Software Version 20.2R3-S3

0

0

Article ID: TSB18208 TECHNICAL_BULLETINS Last Updated: 30 Nov 2021Version: 2.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 20.2R3-S3 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Risk Risk Description
Low/Notification - No defined time impact to take action Software Release Notification
Impact Impact Description
Low/Notification - Monitor the situation but no action needed Software Release Notification

Solution:

NOTE: Due to an issue in which a QFX5120 may drop certain packets when processing between VRFs, we do not recommend deploying 20.3R2-S3 on a QFX5120 and EX4650. New images will be available with the fix for this issue. We are tracking this issue via PR1634121.

Junos Software service Release version 20.2R3-S3 is now available.

20.2R3-S3 - List of Fixed issues

PR Number Synopsis Category: Marvell based EX PFE ACL
1611480 The fxpc process might crash and generate core
Product-Group=junos
On EX4600/QFX5K platforms, the fxpc process might crash and generate core when router-advertisement-guard is configured under DHCP (Dynamic Host Configuration Protocol) forwarding-options.
PR Number Synopsis Category: EX2300/3400 PFE
1602003 On EX2300 VC platforms ARP might not get resolved
Product-Group=junos
On EX2300/2300MP VC platforms with 2 menbers, after adding L3 interface, on the other FPC ARP is not getting resolved, which might lead to traffic drop.
1610253 DHCP packets might be received and then returned back to DHCP relay through the same interface on EX2300/EX3400/EX4300/QFX VC platforms
Product-Group=junos
On EX2300/EX3400/EX4300/QFX Virtual Chassis (VC) platforms which are connected to Dynamic Host Configuration Protocol (DHCP) server via DHCP relay, if the interface connected with DHCP relay is located on non master node, and the interface has the knob "dhcp-security" enabled under vlan, when the DHCP packets are received via DHCP relay and then need to be send out within the affected vlan through the same interface, the DHCP packets might get returned back to DHCP relay, instead of being dropped. Due to this issue, it might lead to Media Access Control (MAC) address move on DHCP relay and therefore bring potential risk of service impact.
PR Number Synopsis Category: NFX Layer 2 Features Software
1592019 Unable to configure ports on firewall filter of NFX devices
Product-Group=junos
On NFX platforms, commit error may be seen when configuring firewall filter with destination-port and/or source-port match conditions for ethernet-switching family
PR Number Synopsis Category: HW Board, FPGA, CPLD issues
1593025 Multiple crashes with toe_interrupt_errors might be observed
Product-Group=junos
Multiple FPC crashes with toe_interrupt_errors might be observed when TOE memory read with parity err.
PR Number Synopsis Category: "agentd" software daemon
1571999 gRPC session hanging in CLOSED state
Product-Group=junos
On all platforms supporting JET and Telemetry, some gRPC sessions are hanging in CLOSED state.
1589103 The jsd process crash might be seen in a rare condition in a telemetry scenario
Product-Group=junos
On Junos platforms with telemetry implemented, the JET service process (jsd) might crash if tracing is enabled for libgrpc while the collector continues to flap.
1593113 The TCP connections to the telemetry server might be stuck in "CLOSE_WAIT" status
Product-Group=junos
On all Junos and EVO platforms running in Junos Telemetry Interface (JTI) scenario, when there is constant flapping of the telemetry collectors using gRPC, an open source framework for handling remote procedure calls based on TCP, it might lead to the TCP connections to the telemetry server being stuck in "CLOSE_WAIT" status, and impact telemetry function eventually.
PR Number Synopsis Category: MPC Fusion SW
1579173 High FPC CPU usage might be seen when signal on the link is unstable
Product-Group=junos
When MPC2E-NG/MPC3E-NG line cards and 4x10G MIC are used, MAC interrupt was enabled even if Interface Device (IFD) is down. Therefore, when there are some instability signals on the link, although the interface is in down status, high FPC CPU usage might still be seen due to MAC REMOTE FAULT alarms keeps coming.
PR Number Synopsis Category: chassisd related issues common for high-end SRX platforms, e
1596118 Delay might be observed between Services Processing Card(SPC) failing and failover to other node
Product-Group=junos
On SRX-Series devices with SPC3, when SPC3 fails in specific circumstances, there might be delay observed in failover to other node.
PR Number Synopsis Category: BBE GRES related issues
1610476 The authd process and RADIUS might have stale L2BSA subscriber entries
Product-Group=junos
In subscriber management scenario, if JSU package for Broadband Edge Subscriber Management daemon (bbe-smgd) is installed on backup RE when it is syncing subscriber information from master then the authd process and RADIUS might have stale Layer 2 Bit Stream Access (L2BSA) subscriber entries which might cause subscribers logout and re-login.
1616611 The Dual RE system might not be GRES ready after backup RE reboot in a subscriber management environment
Product-Group=junos
On MX platforms in a high scaled subscriber management scenario, the system might not go GRES ready after Backup RE reboot. This impacts the GRES functionality.
PR Number Synopsis Category: BBE interface related issues
1581260 vmcore might be seen after adding/deleting the IFL of the static interface in the Next Generation Subscriber Management subscriber scenario
Product-Group=junos
In MX with the Next Generation Subscriber Management subscriber over the static interface scenario, the traffic over the IFL (logical interface) of the static interface (e.g. static demux interface) will be handled by subscriber Variable Based Flow (VBF) application for the high forwarding performance on PFE. In some rare cases, if IFL is deleted/created while some output flow calling on it, some order/sequence issues might happen during making these changing operations via bbe-smgd/dcd. Then the related interface state information (blobs) pushed via Gencfg to PFEs/PICs/REs/daemons will be handled wrongly by VBF, where the forwarding flow will be dropped, and Kernel crash (vmcore) will be seen along with it.
1616454 "show subscribers accounting-statistics ", "show services l2tp session interface asi0.xx statistics". may not work on LNS with asi- interfaces.
Product-Group=junos
In a subscriber management environment, CLI commands "show subscribers accounting-statistics ", "show services l2tp session interface asi0.xx statistics" may not work on LNS with asi- interface.(Aggregated service interface)
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1589765 The multi-hop BFD session may flap if the RSI (Request Support Information) collection command is executed
Product-Group=junos
On QFX10002 platforms, the multi-hop BFD session might flap if collecting RSI or some other outputs (such as show interface or configuration). It is caused by the missing BFD packets because the PPMAN thread is not scheduled within the BFD timers which are 300 milliseconds with a multiplier of 3.
PR Number Synopsis Category: Border Gateway Protocol
1556656 Route validation states might flip between VALID/INVALID/UNKNOWN in some corner case
Product-Group=junos
In BGP Resource Public Key Infrastructure (RPKI) Origin Validation Scenario, in certain corner case, if there are periodic SerialNotifies received from the RPKI server then some ROA's that are stable in the RPKI cache server are deleted in Juniper router and then are relearned after some time. Due to this route validation state might flap and cause traffic impact.
1585321 The rpd process might crash when BGP RPKI session record-lifetime is configured less than the hold-time
Product-Group=junos
In BGP resource public key infrastructure (RPKI) scenario, if the session record-lifetime is configured less than the hold-time, the record-lifetime for route validation (RV) might expire while the session is still up, which cause rpd to crash.
1587879 Wrong BGP next hop advertisement in Layer 3 VPN scenario
Product-Group=junos
On all platforms running Junos OS and Junos OS Evolved with BGP Layer 3 VPN enabled, when the local Provider Edge (PE) device establishes iBGP peer with remote PE via loopback address and eBGP peer with local customer edge (CE) device, if remote PE's loopback address happens to match the link subnet address of local PE-CE, the PE incorrectly advertises the VPN route with remote PE's loopback as the next hop. The next hop should be unchanged. This could cause traffic loss on local CE.
1601163 Some routes might get incorrectly programmed in the forwarding table in the kernel with next-hop installed as DEAD
Product-Group=junos
On all platforms with high-scaled routes scenario, after Flexible PIC Concentrator (FPC) restart some routes might get incorrectly programmed in the forwarding table in the kernel with next-hop installed as "dead". This would lead to traffic impact. This is a timing issue.
1611070 The rpd may crash after a commit if there are more than one address in the same address ranges configured under 'bgp allow'
Product-Group=junos
If the 'bgp allow' feature is used and there are more than one address in the same address range, the rpd may crash on a commit with such configuration. And the subsequent commits related to BGP configuration change can cause rpd to crash as well.
1616931 Excessive logging of RPD_RV_INVALID_ENTRY messages
Product-Group=junos
Every time a BGP policy evaluates RPKI status of a prefix as INVALID, a syslog message is printed.
PR Number Synopsis Category: BBE Remote Access Server
1609403 Prefix duplication errors might occur for DHCPv6 over PPPoE subscribers
Product-Group=junos
On MX platforms with DHCPv6 (Dynamic Host Configuration Protocol) over PPPoE (Point-to-Point Protocol over Ethernet) configured in BBE(Broadband Edge) environment, where the PPPoE sessions have delegated IPv6 prefix assigned from a local pool, when a DHCP session comes up over the PPPoE leading to a change to the PPPoE session's address, an address-change notification would be triggered. The processing of this notification by general-authentication-service would result in wrong marking of the delegated IPv6 prefix as available. Once this happens, DHCP service might re-assign the same prefixes which would be rejected because of IP duplication.
1612196 DHCP session fails with CLI knob 'session-limit-per-username'
Product-Group=junos
On all Junos platforms with DHCP (Dynamic Host Configuration Protocol) over PPPoE (Point-to-Point Protocol over Ethernet) and 'session-limit-per-username' configured, if either interface or access configuration is modified while DHCP sessions are logged in, any new DHCP (v4/v6/PD/NA) session without authentication that uses the same access profile cannot log in.
PR Number Synopsis Category: MX Platform SW - Mastership Module
1570841 PDB pull or synchronization might fail during ISSU
Product-Group=junos
On M/MX/EX92XX/T series platforms, when ISSU is performed from any lower version to 21.1 or higher, the PDB( Profile DataBase) pull or synchronization might not happen and new subscribers can fail to login.
PR Number Synopsis Category: Class of Service
1599024 Child mgd processes might get stuck when multiple sessions continuously ask for interface information
Product-Group=junos
When running NETCONF or any such session, querying interface information in XML format, and having such multiple sessions (around 50-60) continuously asking for interface information, the child mgd process might get stuck. If more than one (at least 4-5) child mgd processes get stuck, the mgd process will stop functioning, which may cause any new configuration to not take effect.
PR Number Synopsis Category: Enhanced Broadband Edge support for cos
1607056 New subscribers might not connect due to the CR-Features service object missing on FPC
Product-Group=junos
On all MX platforms, in a subscriber management environment, new subscribers might not connect if CoS (Class of service) CR-features (Classifier Rewrite) are used by the VBF (Variable Based Flow) service. The reference count mismatching between RE (Routing Engine) and VBF is caused by VBF flow VAR CHANGE failure.
1613126 Traffic loss might be observed due to the shaping rate be adjusted incorrectly in a subscriber environment on MX platforms
Product-Group=junos
On MX platforms with subscriber management enabled, if Class of service (CoS) adjustment based on DHCP tags and Point-to-Point Protocol Over Ethernet (PPPoE) Intermediate Agent (IA) tags are enabled, and a first subscriber that triggered the creation of the interface set is Dynamic Host Configuration Protocol (DHCP), statically configured shaping rate for the parent interface set may be incorrectly adjusted to a very low value. In this case, traffic loss might be observed.
PR Number Synopsis Category: CFM
1619231 OAM CFM adjacency is not forming on EX4300.
Product-Group=junos
Due to the HW programming error, CFM sessions gets failed.
PR Number Synopsis Category: Device Configuration Daemon
1555861 Block duplicate IP across different ifls inside same routing instance
Product-Group=junos
Same IP address cannot be configured on different logical interfaces from different physical interfaces in the same routing instance, including the master routing instance. If user has configured the same IP address on two logical interfaces inside the same routing instance, commit error is shown.
1569399 ,Traffic might be interrupted while adding xe-/ge- interfaces as member of aggregated Ethernet interface bundle
Product-Group=junos
On all Junos platforms, if a xe- or ge- interface has the "set interfaces disable" configuration, the interface is added as a member of an aggregated Ethernet interface bundle, and "delete interfaces disable" command is committed, then in some rare scenario it might result in vmcore and cause the system to reboot. This leads to traffic impact. After vmcore, system boots up and comes to normal state.
1594356 Removing the configuration from interface stanza may cause the dcpfe process to crash
Product-Group=junos
On PTX5000/QFX10000 series, the apply-groups configuration would take effect on the interface when there is an explicit configuration for the interface under the interfaces configuration stanza. The deletion of the last explicit configuration from the interface will cause the removal of all bindings/configs that configured via "apply-groups". It may cause the dcpfe process to crash and the FPC to reload.
1599266 Duplicate source and destination pair check is done only across same tunnel encapsulation type for FTI
Product-Group=junos
When configuring multiple flexible tunnel interface (FTI) tunnels, the source and destination address pair needs to be unique only among the FTI tunnels of the same tunnel encapsulation type. Prior to this PR, the source and destination address pair had to be unique among all the FTI tunnels regardless of the tunnel encapsulation type.
1602656 The AE interface might flap upon configuration changes
Product-Group=junos
On Junos Fusion system with MX/EX as Aggregation Devices, the 100G AE interfaces might flap upon unrelated configuration changes.
PR Number Synopsis Category: dns-proxy feature
1607867 DNS proxy functionality might not work on VRRP interfaces
Product-Group=junos
On all SRX platforms, if DNS proxy is enabled on VRRP interfaces, then DNS proxy functionality might fail to work.
PR Number Synopsis Category: Alias for DHCP issue on DNX based platform.
1605854 ACX5448/710 platforms running DHCP relay will not process packets arriving over MPLS
Product-Group=junos
ACX5448/710 platforms running DHCPv4 relay will not process packets received from the DHCP server if they arrive over MPLS core. Hence the DHCP reply packet from the server is not reaching the client.
PR Number Synopsis Category: DNX platform MPLS FRR features
1621425 In L3VPN scenario with ACX5448 after multiple core link flaps the following errors could be seen dnx_nh_unilist_install_multipath: Failed to create shadow obj 0x20017ff0 for NH 766(FEC 0x2000109f) unilist nh 2097161. Error -14(No resources for operation)
Product-Group=junos
In L3VPN scenario with ACX5448 after multiple core link flaps the following errors could be seen dnx_nh_unilist_install_multipath: Failed to create shadow obj 0x20017ff0 for NH 766(FEC 0x2000109f) unilist nh 2097161. Error -14(No resources for operation).
PR Number Synopsis Category: Covers Application classification workflows apart from custo
1608915 On All SRX devices that use Layer 7 inspection like ipd or APPId, a coredump may be seen in rare situations
Product-Group=junos
AppID is double freeing the memory during appsigpack switch in a corner case which is causing the core. This double free can also happen without appsigpack switch in a rare corner case.
PR Number Synopsis Category: JUNOS Dynamic Profile Configuration Infrastructure
1607494 Commit related to dynamic profile configuration changes might fail upon executing "request vmhost reboot routing-engine both" on MX platforms
Product-Group=junos
On all MX platforms that support the VMHost routing engine, upon executing the command "request vmhost reboot routing-engine both" any commit related to dynamic-profile changes might fail.
PR Number Synopsis Category: EVPN control plane issues
1586246 After device reboot in EVPN-VxLAN setup with graceful restart, EVPN routes are not advertised to EVPN peers until rpd is up for 180 seconds
Product-Group=junos
When GR is enabled for EVPN-VxLAN, after a system reboot, routes in .evpn.0 are not advertised to EVPN peers until rpd is up for 180 seconds, which might lead to an additional traffic drop for around 2 minutes.
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1591264 Traffic loss might be seen under EVPN-VxLAN scenario when MAC-IP moves from one CE interface to another
Product-Group=junos
On all Junos/Junos Evolved platforms with EVPN-VxLAN scenario, the number of MAC-IP binding counters may reach the limit when MAC-IP is moved between interfaces. Since MAC-IP counters are not decremented when entry is deleted due to this defect, repeated moves will result in a limit (default value is 1024) that will be reached even though there are fewer entries. Meanwhile, traffic loss could be seen.
PR Number Synopsis Category: Express PFE L2 fwding Features
1594255 ARP entry might be found missing intermittently post FPC reboot
Product-Group=junos
On some QFX series, using Ethernet Virtual Private Network (EVPN) with Virtual Extensible LAN protocol (VXLAN) when the Flexible PIC Concentrator (FPC) is rebooted, in rare occasions some of the Address Resolution Protocol (ARP) entries might be found missing intermittently on the FPC rebooted spine leading to intermittent connectivity issues.
1603444 Unicast DHCP packets might get flooded when DHCP relay is configured in non-default routing-instance
Product-Group=junos
On QFX10K platforms supporting DHCP (Dynamic Host Configuration Protocol) protocol, when relay is configured in non-default routing instance and DHCP renew process is triggered due to lease time expiry, renew packets might get flooded to all members in vlan instead of unicast forwarding.
PR Number Synopsis Category: SRX1500 platform software
1606293 When the tap mode is enabled, the packet on ge-0/0/0 is dropped on RX side
Product-Group=junos
On SRX-series devices, if an interface other than ge-0/0/0 is configured as a TAP interface, all traffic through ge-0/0/0 is dropped.
PR Number Synopsis Category: idp flow creation, deletion,notification, session mgr intfce
1614013 High RE CPU usage occurs when routing-instance is configured under security idp security-package hierarchy level
Product-Group=junos
On all SRX Series devices, when routing-instance is configured under security idp security-package hierarchy level, several unexpected situations might occur, such as High Routing Engine (RE) CPU usage caused by the idpd process, the idpd process crash, IDP security-package update failure.
PR Number Synopsis Category: Signature Database
1615985 IDP signature install taking longer time
Product-Group=junos
IDP signature install is taking longer time on SRX Branch platforms
1623857 Appid DB update failing to download when used via IDP offline method
Product-Group=junos
IDPD will not core when wrong package in given for offline download and it will do two level of validation. 1. Look for mandatory file in offline downloaded Package. 2. Secpack having manifest files which contains the list of files to be expected in package. So this fix is based on above file if package is missing any file from manifest file list then package will be considered as bad package.
PR Number Synopsis Category: Internet Group Management Protocol
1607493 Multicast traffic might be duplicated on subscriber interface on MX platforms
Product-Group=junos
On MX platforms with distributed IGMP enabled, if a non-bbe junos interface joins the same multicast group as the subscriber interface followed by GRES/NSR switchover, then multicast traffic might be duplicated on subscriber interface.
PR Number Synopsis Category: MX Inline Jflow
1482683 Traffic loss might be observed due to FPC crash on MX Series routers and the EX9200 line of switches
Product-Group=junos
On MX Series routers with an MPC7E/8E/9E line card, or an equivalent line card installed in the EX9200 line of switches, the FPC might crash in a rare scenario. When this issue occurs, traffic/service might get impacted.
PR Number Synopsis Category: ISIS routing protocol
1583484 Process rpd crash might be seen in certain ISIS scenario
Product-Group=junos
On all platforms with ISIS scenario, rpd might crash and restart if a route needs recursive lookup over an IPv6 tunnel for a next-hop and the resolved route contains a community of IPv4 over v6 Tunnel Type or the next-hop is an MPLS GRE/UDP tunnel. So in such above situations, with every periodic SPF (default timer is 15 mins) an extra refcount gets incremented and then every network topology change a refcount is incremented. Eventually rpd crashes when the refcount exceeds 32-bit number. So it takes 25-27 weeks for rpd to crash in most networks.
PR Number Synopsis Category: jdhcpd daemon
1583310 There is ALQ synchronization issue on master BNG and backup BNG with loss of subscriber session redundancy via PS interface
Product-Group=junos
When Dynamic Host Configuration Protocol (DHCP) subscriber is implemented and DHCP relay is enabled, Active Leasequery (ALQ) details might not be synchronized between primary Broadband Network Gateway (BNG) and backup BNG via a Pseudowire Subscriber (PS) interface. This issue could cause loss of redundancy for subscriber session. As a result, network convergence is inefficient if there is failure on primary BNG.
1583445 The subscriber login might fail on backup BNG running ALQ and Redundancy Services will not be available
Product-Group=junos
On MX Platforms running Junos, the subscriber login might fail on backup BNG (Broadband Network Gateway) running ALQ (Active Leasequery), if authentication is dependent on relay-agent-remote-id. In the issue state, the Redundancy Services will not be available for these DHCP Clients.
PR Number Synopsis Category: Juniper Device Manager User Interface includes cli, mgmt
1559402 The subscriber management infrastructure daemon (smid) process might be stuck at 100%
Product-Group=junos
After performing GRES (Graceful Routing Engine Switchover) switchover several times, the smid process might be stuck at 100% on QFX/MX platforms.
PR Number Synopsis Category: Flow Module
1580444 Session using custom application might timeout when RG1 failover occurs
Product-Group=junos
On SRX-Series devices, when RG-1 failover occurs, the sessions using custom applications with inactivity timeout value greater than 12000 seconds might timeout.
PR Number Synopsis Category: High Availability/NSRP/VRRP
1606643 RG0 failover impacts service traffic
Product-Group=junos
When manual RG0 failover is executed, new RG1 primary may lost the connectivity with other nodes PFE. It leads RG1 failover after manual RG0 failover and caused unexpected service traffic impact.
PR Number Synopsis Category: Firewall Policy
1579425 High CPU usage might be seen on some SRX platforms
Product-Group=junos
On SRX300/320/340/345/380/550M platforms with Advanced Anti-Malware (AAMW) enabled, high CPU spike might be observed. This issue might cause device performance degradation.
PR Number Synopsis Category: User Firewall related issues
1589108 The jsqlsyncd process files generation might cause device to panic crash after upgrade
Product-Group=junos
On SRX-Series devices configured in high-availability, after upgrade jsqlsyncd process files might get generated which might result in device panic crash.
1605933 Memory leak at the useridd process might be observed when Integrated User Firewall is configured
Product-Group=junos
On SRX-Series devices having Integrated User Firewall enabled with Active Directory as the authentication source, memory leak might be observed at the useridd process.
PR Number Synopsis Category: IPSEC/IKE VPN
1596103 The kmd process might crash when VPN peer initiates using source-port other than 500
Product-Group=junos
On SRX Series devices, when site-to-site IPsec VPN is configured with traffic-selectors, if the VPN peer initiates an IKE negotiation using source-port other than 500, and at the same time, the IPsec IKE rekey (For the same VPN tunnel as the previous VPN peer initiates) occurs on the SRX device, the kmd process might crash.
1605634 Traffic might be dropped in a corner case of IPsec VPN scenario on SRX5000 platforms with SPC3 installed
Product-Group=junos
On SRX5000 platforms with SPC3 installed and IP security (IPsec) Virtual Private Network (VPN) tunnels configured, if the gcm cipher (e.g. aes-128-gcm and aes-256-gcm) is used as the encryption algorithm, when the Internet Key Exchange Daemon (iked) process restore (e.g. caused by redundancy group 0 failover) happens, the iked process might get a wrong key being restored into the memory. After that, once there is Packet Forwarding Engine (PFE) reset/restart before the IKE Security Association (SA) rekey, traffic drop might happen due to this issue.
PR Number Synopsis Category: PFE infra to support jvision
1475478 Inaccurate allocated memory for 'nh' and 'dfw_rulemask' under kernel might be observed
Product-Group=junos
Kernel allocated memory (in bytes) for 'nh' and 'dfw_rulemask' might not be accurately represented by the FPC memory sensor. Memory corruption under kernel will occur which means free memory is more than allocated and current allocation is negative. There is no functional impact only ukernel statistics issue.
PR Number Synopsis Category: Layer 2 Control Module
1589216 The l2cpd process might crash
Product-Group=junos
When an interface is not configured with 'loop-detect', and then the command "clear loop-detect statistics interface NAME" for is issued for this interface, the l2cpd process might crash.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1596483 Mcscnoopd might crash during deleting/adding layer-2 forwarding configuration after performing ISSU
Product-Group=junos
In layer-2 forwarding configuration with ISSU scenario, Gencfg provides a generic way for applications to store interface state information (blobs) which needs to be sent to PFE/PIC/REs/daemons. In some rare cases, after performing ISSU, the Gencfg key (handed/generated by the kernel, a kind of layer-2 token) info might be inconsistent between the l2ald and master/backup kernel due to the state sync issue, then the Gencfg might send the blobs with this wrong key to the kernel during adding/deleting the layer-2 forwarding configuration. Then the kernel might return the wrong messages (e.g. next-hop lookup) to mcsnoopd, this will cause mcsnoopd to crash, the services/functions based on multicast will be impacted.
1599094 The l2ald process may crash due to memory leak when all active interfaces in a VLAN are unstable
Product-Group=junos
When none of the constituent active interfaces on a VLAN is stable, memory leak may occur which might eventually lead l2ald to crash. No memory leak will be seen if one or some constituent interfaces are flapping but the VLAN has at least one active stable interface overall.
1615269 The l2ald process might crash in EVPN scenario
Product-Group=junos
On all MX and QFX platforms, memory corruption might happen when the IRB interface configuration is changed or MAC is added/deleted from VLAN MAC list of a Bridge Domain in an Ethernet Virtual Private Network (EVPN) scenario. The l2ald process crashes and multiple cores are generated. This is a rare issue and it recovers automatically.
PR Number Synopsis Category: lacp protocol
1599029 Uneven traffic distribution might be observed between member links of LAG
Product-Group=junos
On PTX Series routers with LAG scenario where a prefix is advertised by two devices that are connected to the same upstream device, if the traffic with explicit null MPLS label from the upstream device to this prefix is shifted away from one of the devices by any means (like withdrawing the route advertising or disconnecting all its LAG links to the upstream device), the uneven traffic distribution might be seen on a few member links of the LAG on another device. This is due to an improper hash algorithm for LAG, which might cause performance degradation.
PR Number Synopsis Category: Label Distribution Protocol
1530503 [all] MX480 : mx480 :: Following GRES, router never becomes gres-ready again, LDP protocol replication not completed, state is InProgress
Product-Group=junos
LDP protocol sync between master and standby REs not complete sometimes after SWO or RPD restart on standby-RE.
PR Number Synopsis Category: PTX1000 platform
1530529 PTX1000 might become unreachable with no console access after performing vmhost reboot post image upgrade
Product-Group=junosvae
After performing vmhost reboot post image upgrade on PTX1000, in a rare condition, the switch fabric chip might not come out of the reset mode due to an initialization problem. On PTX1000, the switch fabric chip is one of the essential devices which need to be active before the JUNOS VM is initialized. Since the switch fabric chip is still in reset mode, the JUNOS VM fails to be launched. As per design, once the JUNOS VM launching is triggered, the console will get associated with the JUNOS VM. Because JUNOS VM has failed to be launched, there would be no access on the console at this point.
PR Number Synopsis Category: MX104 Software - Kernel
1607282 In subscriber management scenario, under a rare condition, the RE reboots and generates a vmcore
Product-Group=junos
In subscriber management scenario, under a rare condition, the kernel might crash at very rare condition due to a null pointer check when an entry lookup is performed.
PR Number Synopsis Category: MX10K platform
1597066 Major alarms on all FPCs in chassis might be seen after some time from bootup
Product-Group=junos
On MX10008/MX10016 platforms, the Flexible PIC Concentrator (FPCs) may get into Major alarm state which would mean Packet Forwarding Engine 0 (PFE0) disables operation after some days from start of the chassis, for instance bootup.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1551193 VM might crash if file is shared between host operating system and guest operating system using virtFS
Product-Group=junos
On Virtual Machines (VM) based platforms running Junos images, file might not be shared between host operating system and guest operating system via Virtual Filesystem (virtFS). When this issue happens, device might be restarted.
1563647 Memory corruption of any binary in /usr/bin/ or /usr/sbin/ may be triggered when a recovery snapshot is being copied to the OAM volume or system while it's in heavily stressed condition
Product-Group=junos
Memory corruption of a binary from /usr/bin/ or /usr/sbin/ directory can occur if such binary is invoked when a recovery snapshot creation is in progress. The exact symptoms will be different depending on the exact binary and JUNOS version - some programs will show an error, and some programs will crash every time it is executed. Such memory corruption will be persistent until the affected Routing Engine is restarted. Please refer to TSB17954 (https://kb.juniper.net/TSB17954) for further details. In addition to recovery snapshot, a device reboot could also be a possible trigger when the system is under heavier read operations across the mounted packages.
1602005 Upgrade might fail when upgrading from legacy release
Product-Group=junos
On all platforms while directly upgrading from Junos with FreeBSD 6 (e.g. 15.1X49 or before) to the affected releases, the system will check the USB connection. The upgrading will fail if there is no USB device detected during the upgrading process.
PR Number Synopsis Category: Kernel Multicast Infrastructure
1608311 Intermittent p2mp traffic drop might be seen in MVPN scenario
Product-Group=junos
On MX platforms that support enhanced IP, intermittent p2mp traffic drop might be seen in the case of MVPN with p2mp. When the multicast composite NH involves unicast NH pointing to pseudo interfaces like interface vt-, irb or lsi and the other unicast next-hop is spread across multiple line cards/PFEs, if a new member joins or an existing member leaves the multicast stream traffic drop might be seen.
PR Number Synopsis Category: PTP related issues.
1514066 Sometimes external 1 pps cTE is slightly above Class B requirement of the ITU-T G.8273.2 specification.
Product-Group=junos
On some boot, External 1PPS may see upto 22ns cTE, while the 2way TE stays within 20ns.
1618929 The clksyncd might crash and PTP/SyncE might not work
Product-Group=junos
On MX240/MX480/MX960 with 1pps measurement port output and PTP/Hybrid mode configured by default during bootup, clksyncd may crash and dump a core. This issue will cause the PTP/SyncE to not work if the problematic configuration is present.
PR Number Synopsis Category: QFX platform fabric mgmt for Express ASIC chip
1575280 On the QFX10000 line of switches, a high rate of 802.3X pause frames are sent out of the Interfaces.
Product-Group=junos
On the QFX10000 line of switches, if the flow-control feature is enabled on interfaces and when congestion is detected, the corresponding ingress interfaces start sending 802.3X pause frames towards its network peer at an unexpected high rate.
PR Number Synopsis Category: QFX PFE Class of Services
1598678 On QFX5K series (QFX5100 , QFX5110, QFX5120, QFX5200 & QFX5210) platforms DDOS violations could be reported for IP multicast miss traffic (IPMCAST-MISS) incorrectly
Product-Group=junos
On QFX5K series (QFX5100 , QFX5110, QFX5120, QFX5200 & QFX5210) platforms DDOS violations could be reported for IP multicast miss traffic (CPU Queue 28) even though rate of IP multicast miss traffic is much lower than the configured ddos rate limit.
PR Number Synopsis Category: QFX5K hostpath
1610295 MAC move or MAC flap may be triggered in the QFX5k VC environment
Product-Group=junos
On all QFX5k platforms with VC (Virtual-Chassis) setup, IGMP (Internet Group Management Protocol) control packet received on a port in the backup (backup-RE) unit is forwarded back to the same port whereas split horizon is not working. Due to this, we might observe MAC (Media Access Control) move or flap. The workaround is to change the mastership between FPCs.
PR Number Synopsis Category: QFX L2 PFE
1602391 The egress interface of the GRE tunnel is not dynamically updated when the destination to tunnel changes
Product-Group=junos
In a GRE tunnel in a routing instances scenario, GRE has to be configured on a routing-instance (not the default one) and route leakage is configured between VRFs. When the destination to tunnel changes, the optimal nexthop in the vrf is not updated for the tunnel. The traffic cannot be forwarded out of the tunnel.
1607249 LLDP packets received on VxLAN enabled port might be flooded unexpectedly
Product-Group=junos
If Link Layer Discovery Protocol (LLDP) packets are received on Virtual Extensible LAN (VxLAN) enabled port, these LLDP packets might be flooded unexpectedly. The issue could make LLDP session keep swapping. As a result, services like Power over Ethernet (PoE) etc might be affected.
1614767 On QFX5K VLAN firewall filter is not deleted in PFE after configuration change
Product-Group=junos
For VLAN based firewall filters configured on QFX5K series platforms, when replacing a firewall filter with another one, the previous filter might not be deleted in the Packet Forwarding Engine (PFE) after the configuration change, hence leading to traffic not being filtered as expected.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1571471 The dcpfe crash is seen after running MC-LAG profile config
Product-Group=junos
The FPC/dcpfe crash may be seen after loading MC-LAG (Multichassis link aggregation groups) on all QFX5k platforms with BFD (Bidirectional Forwarding Detection used to detect link failures) configured. A MC-LAG is a type of link aggregation group with constituent ports that terminate on separate chassis, for providing redundancy in the event one of the chassis fails
1610093 Ping to lo0/IRB over Type-5 fails
Product-Group=junos
In an EVPN-VXLAN (spine-leaf) scenario, any route received as Type-5 may not be reachable. When we are pinging an IP learned over Type-5, the packet should be mapped to one of the IRB in that routing instance, else the packet is discarded. Fix is to use all the available routes in the routing instance for this mapping.
PR Number Synopsis Category: QFX EVPN / VxLAN
1554389 Wrong ARP reply might be sent via AE interface on QFX5000 series platforms
Product-Group=junos
Wrong Address Resolution Protocol (ARP) reply might be sent by QFX5000 series platforms when the ARP request packet is received via an Aggregated Ethernet (AE) interface. This issue affects QFX5000 series platforms running Junos image only. Please refer to workaround to avoid this issue.
1576775 Multicast Packets with TTL=1 are dropped on VXLAN enabled interface when igmp-snooping/MLD-snooping is enabled
Product-Group=junos
On QFX5100 platform with EVPN-VXLAN setup, IPv4/IPv6 Multicast traffic with TTL=1 might be dropped on VXLAN enabled interface when IGMP-snooping/MLD-snooping is enabled.
1593950 The dcpfe process might crash in EVPN-VxLAN scenario
Product-Group=junos
On QFX5k platforms with EVPN-VxLAN, the dcpfe core may be observed in one of the LEAF devices in steady state after performing 'clear ethernet-switching table' on remote SPINE device in.
PR Number Synopsis Category: QFX5100 Interface related issues
1555741 The Virtual Chassis Port (VCP) might not come up after upgrading to 18.4R2-S4 or later releases on EX4600 or QFX5100 platform
Product-Group=junos
In EX4600 or QFX5100 with the Virtual Chassis (VC) scenario, if the QSFP+-40G-LR4/LX4/BXSR is used as the Virtual Chassis Port (VCP), it might come up against the optical signal strength issue accidentally after upgrading to 18.4R2-S4 or later releases. Then the VCP might be brought down by the physical port driver randomly and not come up again. The functionality of VC or the Virtual Chassis Fabric (VCF) might be impacted.
PR Number Synopsis Category: QFX5100 Virtual Chassis
1619997 Disabled VCP (Virtual chassis port) will be UP after the optic on it is reseated
Product-Group=junos
On all EX and QFX platforms, disabled VCP(Virtual Chassis Port) using the command "request virtual-chassis vc-port set interface vcp-xx/xx/xx disable member XX" will be up after the optic on it is reseated. It should keep disabling VC on the port. After it is UP and then a Master switchover is performed, the port will be disabled.
PR Number Synopsis Category: QFX5200/5110/5120/5210 Interface
1605037 The carrier transition counter might not get incremented upon link flap after the reboot
Product-Group=junos
On all QFX platforms supporting auto-channelization, after reboot the carrier transition counter does not increment upon link flap.
PR Number Synopsis Category: Indirect nexthop routing infrastructure
1613723 The process rpd might crash in BGP rib-sharding scenario
Product-Group=junos
In all Junos and Junos Evolve platforms, rpd crash might be seen when BGP rib-sharding is enabled and it may affect services/traffic.
PR Number Synopsis Category: KRT Queue issues within RPD
1613160 IGP routing updates may be delayed to program in PFE after interface flaps in a scaled BGP routes environment
Product-Group=junos
When a large number of BGP routing updates (e.g. 2M BGP IPv4 routes and 500K BGP IPv6 routes) triggered by interface flapping are pushed to the PFE at the same time, the IGP routing updates may be delayed to program in PFE, which might cause the sessions (e.g. LDP, RSVP) that rely on IGP to flap.
PR Number Synopsis Category: Shard routing infrastructure within RPD
1613104 Memory might be exhausted when both the BGP rib-sharding and the BGP ORR (Optimal Route Reflection) enabled
Product-Group=junos
On all MX series platforms with 64-bit RPD, when the BGP ORR is enabled together with the BGP rib-sharding, memory utilization might keep increasing when IGP routes are changing. Eventually, this might lead to memory depletion and a service impact.
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1599084 IPv4 static route might still forward traffic unexpectedly even when the static route configuration has already been deleted
Product-Group=junos
On all Junos and EVO platforms with "static defaults" configured under "routing-options" hierarchy, if IPv4 static route configuration is added, and then deleted, the IPv4 static route will not be removed from routing table and still forward traffic unexpectedly due to this issue.
PR Number Synopsis Category: RPD API infrastructure
1607185 TCP traffic might be dropped on source port range 512 to 767 when the FlowSpec IPv6 filter is configured
Product-Group=junos
In the BGP FlowSpec scenario, the IPv6 filter matching icmp-type 2 only drops TCP traffic on source port range 512 to 767.
PR Number Synopsis Category: RPM and TWAMP
1498758 hardware-timestamp is not working for rpm probes.
Product-Group=junos
hardware-timestamp is not working for rpm probes.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1617830 Traceroute packets might get dropped in SFW service-set when other service-sets with asymmetric traffic processing are also enabled on the same MS-MIC/MS-MPC
Product-Group=junos
When there are service-sets which are configured with knob "enable-asymmetric-traffic-processing" along with other CGNAT(carrier grade NAT) or SFW(stateful firewall) service-set, traceroute packets might get dropped on those even when the ICMP works for ping operation or otherwise. This can happen on ms- interfaces, i.e. on MX devices where multiservices-MPC (modular PIC concentrators) like MS-MPC or MS-MIC are installed. The initiator of the traceroute will not receive any error messages informing them about the failure.
PR Number Synopsis Category: SFW, CGNAT on MS-MIC/MS-MPC (XLP)
1581231 Memory leak might happen due to stale NAT64 entries
Product-Group=junos
Stale Network Address Translation (NAT) 64 entries could be created if bogus IPv6 addresses match NAT64 rules. Memory space might not be successfully released when this issue happens. This issue only takes effect on Junos platforms.
1602528 Jflow-syslog for CGNAT might use 0x0000 in IPV4 Identification field for all fragments
Product-Group=junos
On all MX platforms with MS-MPC using Jflow logging, Jflow-syslog for CGNAT might use 0x0000 in IPv4 identification fields for all fragments when the Jflow-syslog packets undergo fragmentation. This issue might impact the flow monitoring.
PR Number Synopsis Category: SRX branch platforms
1558438 The upgrade might fail when upgrading the image
Product-Group=junos
On branch SRX-Series devices, upgrade may fail
PR Number Synopsis Category: Stout card (MPC7) fabric issues
1594244 Packet drop may be seen when traffic is moving from one FPC to another FPC
Product-Group=junos
In the case of HMC failure, the packet drop might be seen if traffic is moving from one FPC to another FPC.
PR Number Synopsis Category: MX10003/MX204 Platform SW - Chassisd s/w defects
1575029 The chassisd process might have memory leak issue and crash in long term
Product-Group=junos
Starting 19.4, On MX204/MX10003 and SRX4600 platforms, the chassisd process on the primary Routing-Engine (RE) keep leaking memory when interface configuration/reconfigurations or change in PIC mode or port speed configuration is done. When chassisd memory usage reaches 3.5GB it may crash and trigger RE switchover. In some production cases, the RE switchover has triggered temporary traffic impact even on NSR/GRES enabled systems. The rate of memory leak is depending on how many optics/SFPs the system has. Rate of leak = 'Number of optics/SFPs under the system has' * 16Bytes per every 6 seconds.
PR Number Synopsis Category: SRX-1RU platfom datapath SW defects
1583127 Packet drop or srxpfe coredump might be observed due to Glacis FPGA limitation
Product-Group=junos
On SRX4600, due to Glacis FPGA (Field Programmable Gate Array) limitation in out of order processing, packet drop or srxpfe coredump might be observed.
PR Number Synopsis Category: SRX-1RU platfom related protocol, QoS, filtering features et
1613475 Interface might not come up when 10G port is connected to 1G SFP.
Product-Group=junos
On SRX4600, when you connect a 1G SFP (Small form-factor pluggables) to the 10G port the interface might not come up.
PR Number Synopsis Category: Trio LU, IX, QX, MQ chip drivers, ucode & related SW
1619111 Degraded traffic processing performance might be observed in case of processing very high PPS rate traffic
Product-Group=junos
MX-Series devices processing very high Packets per second (PPS) rate transit traffic might not show traffic processing performance enough and drop traffic.
PR Number Synopsis Category: Trio pfe qos software
1619630 CoS custom classifier might not work on logical interface
Product-Group=junos
On all MX series platforms, in a rare case when CoS classifier binding message received before logical interface family creation message to PFE, traffic might be classified with default classifier instead of custom classifier. Due to this, traffic may not be classified and mapped to the right Queue resulting in not right CoS treatment for the traffic.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1600030 There might be FPC core and packet drop in VxLAN-EVPN scenario
Product-Group=junos
On MX and EX9200 platforms with VxLAN-EVPN (Virtual Extensible LAN- Ethernet VPN ) scenario, when a local PE (Provider Edge) has to terminate two tunnels from same remote PE but on different VRFs, FPC (Flexible PIC Concentrators) coredump may be seen because of the deletion of the decapsulate prefix triggered by one tunnel deletion while it is still being used by other tunnel.
1606731 The FPC might crash if 'flow-table-size' is configured on MX platforms
Product-Group=junos
On MX platforms, if knob 'set chassis fpc slot-number inline-services flow-table-size' or 'set chassis fpc slot-number inline-services flex-flow-sizing' is configured, the FPC might crash.
1607311 Multicast traffic is dropped when forwarded over VPLS via IRB
Product-Group=junos
On MX platform working as PE in MVPN, when traffic is received (from core) on upstream multicast LSI interface and then forwarded over VPLS via IRB interface, the packets are forwarded without vlan-tags, which leads to traffic drop at the remote VPLS PE (due to missing vlan-tags).
PR Number Synopsis Category: Authentication, Authorization, Accounting, PAM (RADIUS/tacplus)
1620564 SRX Accounting and auditd process might not work on secondary node
Product-Group=junos
On SRX platforms, auditd process might not work in any of the cluster nodes except protocol master, hence accounting logs (login/logout/command execution logs) might not be sent to the configured authentication authorization and accounting (AAA) TACACS/RADIUS servers. The auditd process is responsible for accounting and hence this feature might be impacted.
PR Number Synopsis Category: Junos Automation, Commit/Op/Event and SLAX
1604622 File download using "request system download" might fail
Product-Group=junos
On a EX4400 device, any files scheduled for download using the cli command "request system download" might fail due to error. The files can be downloaded using normal ftp/scp commands on the device.
PR Number Synopsis Category: Configuration management, ffp, load action
1601159 The commitd core file may be observed after committing some configuration change
Product-Group=junos
On all Junos platforms, if juniper.db size is more than 700 MB and commitd is invoked, it causes the device to generate a core file (or dump file).
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1572768 MX10k8: Smaller config db size when compared to other platforms (MX10003 MX960)
Product-Group=junos
Smaller config db size is given when a tvp image is installed on boxes which can handle higher config db size. This is because the box becomes pvi-model platform as a result gets low size
PR Number Synopsis Category: Issues related to Logging/Tracing, errmsg, eventd infrastruc
1611504 Syslog not logging information on IPv4 post upgrade on PTX10008
Product-Group=junos
IPv4 Syslog does not log messages on the server after upgrading PTX10008 is upgrad to 20.2R3 when both IPv4and Ipv6 Hosts are configured under Syslog configuration.
PR Number Synopsis Category: PTX/QFX10002/8/16 specific software components
1599183 False fan failure alarm flaps (set and cleared) frequently
Product-Group=junosvae
Joule FTs on evo/Scapa has implemented dampening the zero speed failures. Vale/Junos will implement the same via this PR for joule FTs.
PR Number Synopsis Category: VSRX platform software
1603199 Junos OS: When using J-Web with HTTP an attacker may retrieve encryption keys via Person-in-the-Middle attacks. (CVE-2021-31386)
Product-Group=junos
A Protection Mechanism Failure vulnerability in the J-Web HTTP service of Juniper Networks Junos OS allows a remote unauthenticated attacker to perform Person-in-the-Middle (PitM) attacks against the device. Refer to https://kb.juniper.net/JSA11254 for more information.
PR Number Synopsis Category: usf nat related issues
1601890 Traffic might be dropped at NAT gateway if EIM is enabled
Product-Group=junos
With Network Address Translation (NAT) and Endpoint-independent Mapping (EIM) enabled, traffic unsupported by EIM might not be translated due to packets injected back to NAT gateway. When this issue happens, EIM unsupported traffic could be dropped. Also, the issue could cause looping at NAT gateway. In the end, looping occurred at NAT gateway affects device performance.
1612555 The B4 client traffic will be dropped on MX-SPC3 based AFTR in DS-Lite with EIM activated CGNAT scenario
Product-Group=junos
In MX-SPC3 with Dual-Stack Lite (DS-Lite) scenario, the IPv4 client will use Basic Bridging BroadBand (B4) to pass through IPv4-over-IPv6 tunnels to cross an IPv6 access network to reach a Carrier-grade NAT (CGNAT) network behind the Address Family Transition Router (AFTR). In case of the Endpoint independent mapping (EIM) is activated for CGNAT, the DS-Lite encapsulated IPIP packets might not be identified by EIM for some reason, and the NAT rule might not be found properly by MX-SPC3 of AFTR for the mapping traffic. After that, the DS-Lite tunnels/NAT sessions between the B4 and AFTR might not be established successfully since the DS-Lite/NAT packets might be dropped on AFTR, the IP flow from the B4 client will be impacted.
 

20.2R3-S3 - List of Known issues

PR Number Synopsis Category: "agentd" software daemon
1598351 Subscriber management daemons might continuously core and shutdown with RE sensors invalid configured
Product-Group=junos
On all platforms support JTI (Junos telemetry interface), when 'set services analytics export-profile xxx format gpb-sdm' and 'set services analytics export-profile xxx transport tcp' are enabled on RE sensors, subscriber management related daemons (like authd, bbe-smgd, bbe-statsd, jdhcpd, smid) might continuously crash and core dumps are observed.
PR Number Synopsis Category: Border Gateway Protocol
1620463 The rpd may crash and restart when NSR is enabled
Product-Group=junos
On all Junos with NSR(nonstop routing) enabled the rpd crash and restart may occur when RPKI(Resource Public Key Infrastructure) records are being replicated between the primary and backup RE(Routing Engine) and some of the records are withdrawn over the RPKI session.
PR Number Synopsis Category: MX Platform SW - Power Management
1545838 FPC(s) may not boot-up on MX960/EX9214 in a certain condition
Product-Group=junos
On MX960/EX9214 platforms with high-capacity/normal-capacity power supplies, FPC(s) may fail to come online when the corresponding power is restored afterward but not present during the power-up stage.
PR Number Synopsis Category: MX Platform SW - ukern core dumps
1539305 On the MX2020 router, the next hops are less than a total of nhdb 4MPOST GRES.
Product-Group=junos
In scaled mx2020 router, with vrf localisation enabled, 4 million nexthop scale, 800k route scale. FPCs may go offline on GRES. Post GRES, router continues to report many fabric related CM_ALARMs. FPC may continue to reboot and not come online. Rebooting master and backup RE will help recover and get router back into stable state.
PR Number Synopsis Category: CFM
1536417 FPC might core if CFM flap trap monitor feature in use
Product-Group=junos
FPC might core if flap-trap-monitor feature under "set protocols oam ethernet cfm performance-monitoring sla-iterator-profiles" is used and performance monitoring flap occurs.
PR Number Synopsis Category: Firewall Filter
1471310 Firewall filter monitoring using SNMP might not provide accurate results
Product-Group=junos
On all Junos except MX platforms, the firewall filter monitoring using SNMP OID 1.3.6.1.4.1.2636.3.5.2.1.6 might not provide the entire output of configured filters, when configured filters are using actions or matches that are not supported by the compiled filters. Below is the list of actions and matches that are not supported by the compiled filters: actions: "then policy map", "clear-policy-map", "then encapsulate/decapsulate" matches: "payload-protocol", "gre-key", "flex-offset range/prefix", "policy-map"
PR Number Synopsis Category: Alias for DHCP issue on DNX based platform.
1590225 ACX5448/710 platforms running DHCP relay will not process packets arriving over MPLS with an explicit null label
Product-Group=junos
ACX5448/710 platforms running DHCP relay will not process packets received from the DHCP server if they arrive over MPLS with an explicit null label. Hence the DHCP reply packet from the server is not reaching the client.
PR Number Synopsis Category: EA chip ( MQSS SW issues )
1503705 Traffic blackhole due to not disable-pfe in case of FO/WO checksum errors
Product-Group=junos
On MX platforms with MPC7/8/9/10/11, MX204/10K, EX92 or SRX5k with IOC4, in case of FO/WO errors, CMERRORs should be invoked and Major Alarms should trigger disable-pfe action. However, this does not happen. The following fixed has been made: 1. If WO/FO packet errors are seen in the continuous 3 periodic polling and the error packet count exceeds the threshold, raise a MAJOR CMERROR.Otherwise, display a syslog message. 2. Add VTY commands to display the WO/FO packet error interrupts.
PR Number Synopsis Category: EVPN control plane issues
1600310 [evpn_vxlan] [evpn_instance] : mx960 ::JUNOS:JDI_FT_REGRESSION::VMX:Bridge mac-table learning entries are not as expected for EVPN-VXLAN-1 routing instance
Product-Group=junos
In a scenario with EVPN-VXLAN in the Datacenter and EVPN-MPLS is in the WAN and the stitching is done with an LT interface, then the bridge mac-table learning entries are not as expected for EVPN-VXLAN routing instance. This could occur after 'restart interface-control' is issued on gateways.
PR Number Synopsis Category: IPSEC/IKE VPN
1416334 19.1R1: ISSU: During ISSU from 18.4R1 to 19.1, traffic through IPSEC VPN fails.
Product-Group=junos
On SRX5400, SRX5600, and SRX5800 devices, during in-service software upgrade (ISSU), the IPsec tunnels flap, causing a disruption of traffic. The IPsec tunnels recover automatically after the ISSU process is completed.
PR Number Synopsis Category: PFE infra to support jvision
1485739 Subscribing to /linecard/packet/usage and triggering the UDP decoder, the hardware statistics are exported with improper hierarchy
Product-Group=junos
The wrong hardware stats might be seen when enabling CLI for hardware sensors along with telemetry.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1597391 The MAC/IP withdraw route may be suppressed by rpd in the EVPN-VxLAN scenario
Product-Group=junos
On all Junos and Junos Evolved platforms with EVPN-VxLAN environment, when MAC/IP is moved from one Ethernet segment identifier (ESI) to another ESI from the same peer, the MAC/IP withdraw route may not be sent to the remote Virtual Tunnel End Point (VTEP), only MAC withdraw route is sent to the remote VTEP.
PR Number Synopsis Category: SW PRs for MPC10E PlatformD
1548677 fpc3 Cannot scan phys_mem_size.out. Please collect /var/log/*.out (0;0xdd3f6ea0;-1) (posix_interface_get_ram_size_info): Unknown error: -1
Product-Group=junos
This log is harmless: Feb 27 20:26:40 xolo fpc3 Cannot scan phys_mem_size.out. Please collect /var/log/*.out (0;0xdd3f6ea0;-1) (posix_interface_get_ram_size_info): Unknown error: -1
PR Number Synopsis Category: MX10K platform
1569167 The agent sensor __default_fabric_sensor__ are partly applied to some FPCs, which causes zero payload issue AGENTD received empty payload for pfe sensor __default_fabric_sensor__.
Product-Group=junos
PR 1507864 had fixed the invalid data exported from PFE (empty payload), which could be ignored. However, the system logs this event as an error. The fix changed the event as an info.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1572963 The upgrading might fail when upgrading from Junos with FreeBSD 6
Product-Group=junos
On all platforms (For SRX, only SRX5k with RE-1800x4) while directly upgrading from Junos with FreeBSD 6 (e.g. 15.1X49 or before) to the affected releases, the system will check the USB connection. The upgrading will fail if there is no USB device detected during the upgrading process.
1579331 EX4400: Under some conditions, the FPGA reset reason may be incorrectly shown in console logs as 0.
Product-Group=junos
EX4400: Under some special conditions, such as boot from OAM volume following a graceful/warm reboot, the FPGA reset reason incorrectly shown in console logs as 0.
PR Number Synopsis Category: PTP related issues.
1561372 PTP lock status gets stuck at the Acquiring state instead of the Phase Aligned state.
Product-Group=junos
On QFX5110-48s and QFX5200-32Q, the PTP slave port might stay in Acquiring mode indefinitely, because the QFX is starting with EPOCH time January 1, 1970, and the time difference to the GM (Grand Master) is too large for the servo algorithm.
1583023 [timing] [hybrid] Hybrid over lag - Huge 1 PPS time error values seen for 1 gig interface on 20x1GE MIC
Product-Group=junos
On MX platforms with MPC2E/3E, T1,T4 and two way time error is meeting the required performance metrics but high 1pps error is observed. There is no impact on PTP (Precision Time Protocol) functionality.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1574779 Traffic loss might be observed due to faulty FPC on QFX10008/QFX10016 platform
Product-Group=junos
On QFX10008/QFX10016 platforms, if a faulty FPC (FPC with hardware problem) is present then traffic loss might be observed.
1584902 The QFX5k/10k device might get hanged after reboot for sometime
Product-Group=junosvae
On QFX5k/10K switches, during reboot in certain instances the device may get into a state where Junos virtual machine hangs until the NMI is triggered and reboots fully. The system recovers after ~30 mins.
PR Number Synopsis Category: QFX L2 PFE
1484336 The dcpfe might crash on platforms with auto-channelization enabled
Product-Group=junos
On QFX Series and EX Series switches with auto-channelization support, an optic speed mismatch connection might cause the auto-channelization to get into an infinite loop trying to match a proper speed. In this case, due to some memory leaks, the resources get exhausted, resulting in system crash. The traffic gets disrupted when the system dcpfe restarts.
1560086 On the QFX5200 line of switches, the pseudorandom binary sequence (PRBS) test fails for 100GbE interfaces with the default settings.
Product-Group=junos
On the QFX5200 line of switches, the pseudorandom binary sequence (PRBS) test fails for 100GbE interfaces with the default settings.
PR Number Synopsis Category: QFX EVPN / VxLAN
1565624 The mac address will point to incorrect interface after traffic is stopped and not aging out
Product-Group=junos
On QFX5k platforms, in evpn-vxlan scenario, when there is a mac move from vtep to local, the mac address will not be aged out after traffic with the same src mac is stopped, irb MAC from EVPN/VXLAN core device temporarily appears behind local ESI-LAG interface, local MAC table entry doesn't get expired. The mac address will be pointing to incorrect interface after traffic is stopped and not aging out.
PR Number Synopsis Category: RPD policy options
1596436 BGP import policy is not applied to all the routes when CCNH inet is enabled
Product-Group=junos
BGP import policy might be not applied to all the routes when CCNH is configured.
PR Number Synopsis Category: SNMP Infrastructure (snmpd, mib2d)
1606600 SNMP reflects outdated ARP entries
Product-Group=junos
When the ARP entry gets removed in the ARP table, and if there is a presence of a static route referring to the removed NH IP, the refcount will not be 0. In that case, the kernel will not send a DELETE message to mib2d. As a result, SNMP still has the ARP entry even after it's expired in the ARP cache.
PR Number Synopsis Category: SRX branch platforms
1580667 [SRX] error message tcp_timer_keep:Local(0x81100001:60753) Foreign(0x8f100001:33010) is seen in messages log every 80 seconds
Product-Group=junos
On SRX series platform with Chassis Cluster, tcp_timer_keep:Local(0x81100001:60753) Foreign(0x8f100001:33010) is seen in messages log every 80 seconds.
1581554 Traffic is dropped to/through VRRP virtual IP on SRX380
Product-Group=junos
On SRX380, when using Integrated routing and bridging (IRB) interface, Virtual Router Redundancy Protocol (VRRP) VIP (Virtual IP) is not responding to pings (with accept-data configured) and traffic is not routed through the configured VRRP VIP address
PR Number Synopsis Category: All Asgard Platform Related Issues
1335526 The ppmd process might crash after an upgrade on SRX platforms
Product-Group=junos
On SRX platforms with Bidirectional Forwarding Detection (BFD) enabled for multiple protocols (such as OSPF, ISIS, BGP, PIM), the ppmd process might crash after an upgrade.
PR Number Synopsis Category: ZT/YT pfe firewall software
1604313 The firewall telemetry sensor output might fail to produce the right values (key-value pairs) at the collector
Product-Group=junos
On MX960 platform with MPC10/MPC11 line-card, the field numbers of firewall sensors from MPC10E might not align with other MPCs and Junos Telemetry Interface data model files. This might cause the server to be unable to parse firewall sensors from MPC10E.
PR Number Synopsis Category: ZT/YTpfe bridging, learning, stp, oam, irb software
1561934 ARP resolution failure may occur in EVPN-VxLAN scenario
Product-Group=junos
On EX92xx/MX platforms with MPC10/11E installed, when a VxLAN bridge domain with "vlan-id none" is configured, ARP resolution from CE will have issues. ARP reply packets will carry an extra invalid VLAN tag.
PR Number Synopsis Category: Trio pfe stateless firewall software
1530160 DHCP-Relay : The offer message from the server reaching the relay agent ,However not forwarded to IRB's on which clients are connected.
Product-Group=junos
When the DHCP relay mode is configured as no-snoop, we are observing the offer gets dropped due to incorrect asic programming. This issue only affects while running DHCP relay on EVPN/VXLAN environment.
PR Number Synopsis Category: Authentication, Authorization, Accounting, PAM (RADIUS/tacplus)
1589953 The system generates an audit core file while changing TACACS and login user passwords
Product-Group=junos
The system might generate an audit core file (or dump file) while changing TACACS and login user passwords.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1626721 Junos upgrade may fail with error "configuration database size limit exceeded"
Product-Group=junos
On all Junos and Evo platforms, image validation during Junos upgrade may generate "configuration database size limit exceeded" error log resulting in upgrade failure.
PR Number Synopsis Category: PTX/QFX100002/8/16 interface software
1600768 CRC errors increase continuously after interface flap
Product-Group=junos
On PTX10008/PTX10016 devices with LC1101/LC1102/LC1103 line cards, interface flapping may cause the interface CRC errors increase continuously, then traffic loss might be seen. This is a rare timing issue.
Modification History:
First publication 2021-11-19
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search