Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

20.4R3-S1: Software Release Notification for JUNOS Software Version 20.4R3-S1

0

0

Article ID: TSB18212 TECHNICAL_BULLETINS Last Updated: 05 Jan 2022Version: 2.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 20.4R3-S1 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Risk Risk Description
Low/Notification - No defined time impact to take action Software Release Notification
Impact Impact Description
Low/Notification - Monitor the situation but no action needed Software Release Notification

Solution:

Junos Software service Release version 20.4R3-S1 is now available.

20.4R3-S1 - List of Fixed issues

PR Number Synopsis Category: EX4300 PFE
1623429 Route leak from master routing-instance to custom routing-instance failure occurs for local interface
Product-Group=junos
Local interface(e.g..lo0.0) is configured under master routing-instance and leaked the route to another routing-instance.
PR Number Synopsis Category: EX4300 VC implementation
1593795 On the EX4300-48MP Virtual Chassis, the backup Routing Engines clear the reporting alarm for a PEM failure intermittently for a missing power source.
Product-Group=junos
The PEM failure alarm for a missing power source on an EX4300 VC is incorrectly being toggled on the Backup RE.
PR Number Synopsis Category: QFX PFE MPLS
1616878 Traffic loss seen on QFX5k after STP topology change
Product-Group=junos
On QFX5k running Junos, when two switches are connected to each other over redundant links with STP (Spanning Tree Protocol) enabled and MPLS (Multiprotocol Label Switching) is configured on an IRB (Integrated Routing and Bridging) interface, complete loss of traffic is observed when one of the link flaps or is disabled.
PR Number Synopsis Category: CoS support on ACX
1620137 Traffic might get equally load-balanced irrespective of the scheduler configuration
Product-Group=junos
On legacy ACX platforms, when HQOS(Hierarchical Quality of Service) is configured on physical interface and TCP(Traffic Control Profile) is attached to an IFL(logical interface) that has scheduler-map with transmit-rate configured in percent without guaranteed-rate configuration, traffic would be equally load-balanced, and not based on the configured transmit-rate.
PR Number Synopsis Category: "agentd" software daemon
1590432 Non zero values might be displayed against the drop field in ?show network-agent statistics? CLI post switchover scenarios.
Product-Group=junos
In case of switchover scenarios, if the collector which was connected to older master, tries to connect to new master immediately, non-zero values could be seen in drops field for ?show network-agent statistics? CLI. These are not actual packet drops. Each packet sent as part of streaming data would contain a header which would have a meta information of the packet contents. One such field in the header indicates the current packets sequence number. This is a monotonically increasing number for each packet from a producer of telemetry data. During switchover cases, collectors may receive initial packets with a higher sequence number which could get reset to 0 after sometime. Due to this pattern, the cli would show non zero values against drops field. Note: These are not actual packet drops and there is no functionality impact. However it is not expected to see further increase in this value shown against the drops field.
PR Number Synopsis Category: Application Quality of Experience
1621495 The flowd process might crash on SRX/NFX in AppQoE scenarios
Product-Group=junos
On SRX1500/SRX380/SRX300/SRX320/SRX340/SRX345/SRX4200/SRX4600/SRX550/NFX150/NFX250 Series devices with Application Quality of Experience (AppQoE) configured, in a race condition that a short live data session is destroyed but passive probing is happening for that session concurrently, this condition may cause the flowd process to crash.
PR Number Synopsis Category: BBE GRES related issues
1610476 The authd process and RADIUS might have stale L2BSA subscriber entries
Product-Group=junos
In subscriber management scenario, if JSU package for Broadband Edge Subscriber Management daemon (bbe-smgd) is installed on backup RE when it is syncing subscriber information from master then the authd process and RADIUS might have stale Layer 2 Bit Stream Access (L2BSA) subscriber entries which might cause subscribers logout and re-login.
1616611 The Dual RE system might not be GRES ready after backup RE reboot in a subscriber management environment
Product-Group=junos
On MX platforms in a high scaled subscriber management scenario, the system might not go GRES ready after Backup RE reboot. This impacts the GRES functionality.
PR Number Synopsis Category: BBE interface related issues
1616454 "show subscribers accounting-statistics ", "show services l2tp session interface asi0.xx statistics". may not work on LNS with asi- interfaces.
Product-Group=junos
In a subscriber management environment, CLI commands "show subscribers accounting-statistics ", "show services l2tp session interface asi0.xx statistics" may not work on LNS with asi- interface.(Aggregated service interface)
1624772 The AE member link might not be correctly populated on the PFE after FPC restart on MX series platforms
Product-Group=junos
After FPC restart, the Aggregated Ethernet (AE) member link might not be populated on the PFE when using AE interfaces in dynamic profiles having targeted-distribution enabled on MX series platforms in subscriber environment.
PR Number Synopsis Category: Border Gateway Protocol
1611070 The rpd may crash after a commit if there are more than one address in the same address ranges configured under 'bgp allow'
Product-Group=junos
If the 'bgp allow' feature is used and there are more than one address in the same address range, the rpd may crash on a commit with such configuration. And the subsequent commits related to BGP configuration change can cause rpd to crash as well.
1616931 Excessive logging of RPD_RV_INVALID_ENTRY messages
Product-Group=junos
Every time a BGP policy evaluates RPKI status of a prefix as INVALID, a syslog message is printed.
PR Number Synopsis Category: BBE Remote Access Server
1609403 Prefix duplication errors might occur for DHCPv6 over PPPoE subscribers
Product-Group=junos
On MX platforms with DHCPv6 (Dynamic Host Configuration Protocol) over PPPoE (Point-to-Point Protocol over Ethernet) configured in BBE(Broadband Edge) environment, where the PPPoE sessions have delegated IPv6 prefix assigned from a local pool, when a DHCP session comes up over the PPPoE leading to a change to the PPPoE session's address, an address-change notification would be triggered. The processing of this notification by general-authentication-service would result in wrong marking of the delegated IPv6 prefix as available. Once this happens, DHCP service might re-assign the same prefixes which would be rejected because of IP duplication.
PR Number Synopsis Category: Enhanced Broadband Edge support for cos
1613126 Traffic loss might be observed due to the shaping rate be adjusted incorrectly in a subscriber environment on MX platforms.
Product-Group=junos
On MX platforms with subscriber management enabled, if Class of service (CoS) adjustment based on DHCP tags and Point-to-Point Protocol Over Ethernet (PPPoE) Intermediate Agent (IA) tags are enabled, and a first subscriber that triggered the creation of the interface set is Dynamic Host Configuration Protocol (DHCP), statically configured shaping rate for the parent interface set may be incorrectly adjusted to a very low value. In this case, traffic loss might be observed.
PR Number Synopsis Category: CFM
1619231 OAM CFM adjacency is not forming on EX4300.
Product-Group=junos
Due to the HW programming error, CFM sessions gets failed.
PR Number Synopsis Category: QFX xSTP Control Plane related
1592264 xSTP might not get configured when enabled on a interface with SP style configuration on all platforms
Product-Group=junos
On all Junos and EVO platforms, if xSTP is enabled on interface with service provider(SP) style configuration and the interface has multiple IFLs(units) each having different families then xSTP might not be configured on the interface and commit might fail with the following error message: "XSTP : Interface <> is not enabled for Ethernet Switching"
PR Number Synopsis Category: Device Configuration Daemon
1569399 ,Traffic might be interrupted while adding xe-/ge- interfaces as member of aggregated Ethernet interface bundle
Product-Group=junos
On all Junos platforms, if a xe- or ge- interface has the "set interfaces disable" configuration, the interface is added as a member of an aggregated Ethernet interface bundle, and "delete interfaces disable" command is committed, then in some rare scenario it might result in vmcore and cause the system to reboot. This leads to traffic impact. After vmcore, system boots up and comes to normal state.
1599266 Duplicate source and destination pair check is done only across same tunnel encapsulation type for FTI
Product-Group=junos
When configuring multiple flexible tunnel interface (FTI) tunnels, the source and destination address pair needs to be unique only among the FTI tunnels of the same tunnel encapsulation type. Prior to this PR, the source and destination address pair had to be unique among all the FTI tunnels regardless of the tunnel encapsulation type.
1602656 The AE interface might flap upon configuration changes
Product-Group=junos
On Junos Fusion system with MX/EX as Aggregation Devices, the 100G AE interfaces might flap upon unrelated configuration changes.
1611098 [interface] [platformtag] mx960 : :: PDT - MX960 : seeing dcd[40867]: %DAEMON-5: lo0 family maximum labels is non-adjustable in syslog messages
Product-Group=junos
When "maximum-labels" under mpls family is not specified in the configuration, DCD tries to set the value internally to 3 as default while parsing the configuration. While processing the parsed configuration, it is seen that setting or changing "maximum-labels" attribute is not allowed for lo0 interfaces. Hence the setting the default value is skipped and a syslog is printed.
1621482 Delay in application of CLI configuration by DCD when ae interface members are configured via JET API.
Product-Group=junos
The issue is seen in a very specific case where ae interface members are configured via JET API. In this case, the cli configuration will have a delay in the processing.
PR Number Synopsis Category: dns-proxy feature
1607867 DNS proxy functionality might not work on VRRP interfaces
Product-Group=junos
On all SRX platforms, if DNS proxy is enabled on VRRP interfaces, then DNS proxy functionality might fail to work.
PR Number Synopsis Category: DNX platform MPLS FRR features
1621425 On ACX5448 and ACX710 platforms with L3VPN scenarios after multiple core link or protocol flaps, the errors may be observed
Product-Group=junos
On the ACX5448 and ACX710 platforms running with L3VPN service, After multiple core link or protocol flaps, the following errors could be seen which will result in repeated L3VPN service Unilist next-hop install and uninstall in HW.
PR Number Synopsis Category: Covers Application classification workflows apart from custo
1608915 On All SRX devices that use Layer 7 inspection like ipd or APPId, a coredump may be seen in rare situations
Product-Group=junos
AppID is double freeing the memory during appsigpack switch in a corner case which is causing the core. This double free can also happen without appsigpack switch in a rare corner case.
PR Number Synopsis Category: EVO L2 Control Protocols Support
1592473 The L2cpd-agent may go unresponsive after starting telemetry service
Product-Group=junos
On Junos Evolved platforms, the L2cpd-agent may go unresponsive after starting telemetry service if LLDP/STP is configured.
PR Number Synopsis Category: Express PFE including evpn, vxlan
1612871 Continous FPC crash and dcpfe core might be seen on QFX10002-60C and PTX10002-60c platforms
Product-Group=junos
On QFX10002-60C and PTX10002-60c platforms in a scaled EVPN-VXLAN environment (for eg : More than 3k VLANS without Assisted Replication (AR) or more than 2k VLANS with AR), continous FPC crash and dcpfe core might be observed.
PR Number Synopsis Category: Express pfe Mclag
1610173 Continuous L3 traffic drop might be observed with MC-LAG configuration on QFX10K platforms
Product-Group=junos
On QFX10K platforms with MC-LAG configured, When trying to add or remove the MC-LAG configuration continuous L3 traffic drop might be observed which might not be recovered.
PR Number Synopsis Category: FIB telemetry daemon
1619011 Support whole (atomic) updates at CNHG level.
Product-Group=junos
1. As per current implementation, on-change updates for the below entities are already being sent as a whole (with both updated and unchanged leaves bundled together): - ipv4-entry - ipv6-entry - label-entry - next-hop - next-hop-group (without conditional) 2. As per current implementation, the only exception was for on-change update of next-hop-group (conditional) entity, in cases such as below: - interface being associated with a classifier - interface being removed from a classifier - dscp value mapping in a classifier changes In the current PR, we will be taking care of point 2 also to make it similar to 1.
PR Number Synopsis Category: ACX500/1000/2000/4000 timing software
1570310 PTP device is stuck in ACQUIRING state
Product-Group=junos
The Precision Time Protocol (PTP) clock might fail to be locking and stuck in acquiring state at clock servo.
PR Number Synopsis Category: Signature Database
1615985 IDP signature install taking longer time
Product-Group=junos
IDP signature install is taking longer time on SRX Branch platforms
PR Number Synopsis Category: Kernel software for AE/AS/Container
1539537 The stats of aggregated Ethernet interfaces might show incorrect value if performing SNMP polling and "show interfaces ae#" either via CLI or NETCONFat the same time
Product-Group=junos
When running continuous sync ("show interfaces ae# extensive") and async (SNMP polling) queries on aggregated Ethernet interface in parallel, spikes in aggregated Ethernet interface framing errors counter might be observed between correct values.
PR Number Synopsis Category: jdhcpd daemon
1583445 The subscriber login might fail on backup BNG running ALQ and Redundancy Services will not be available
Product-Group=junos
On MX Platforms running Junos, the subscriber login might fail on backup BNG (Broadband Network Gateway) running ALQ (Active Leasequery), if authentication is dependent on relay-agent-remote-id. In the issue state, the Redundancy Services will not be available for these DHCP Clients.
PR Number Synopsis Category: Flow Module
1620803 Cleartext fragments are not processed by flow
Product-Group=junos
On all SRX platforms, cleartext fragments are not processed by flow when GPRS tunneling protocol (GTP) or Stream Control Transmission Protocol (SCTP) fragment traffic passing through an IPSec tunnel.
PR Number Synopsis Category: User Firewall related issues
1605933 Memory leak at the useridd process might be observed when Integrated User Firewall is configured
Product-Group=junos
On SRX-Series devices having Integrated User Firewall enabled with Active Directory as the authentication source, memory leak might be observed at the useridd process.
PR Number Synopsis Category: IPSEC/IKE VPN
1601047 Wrong st0 IFL deletion at spoke when multiple VPNs negotiate same destination address as TS
Product-Group=junos
The general trigger is when multiple VPNs configured have the traffic selectors which have same remote-ip/subnet. And if one of the tunnels go down the wrong st0 route gets deleted.
PR Number Synopsis Category: Security platform jweb support
1611448 j-web error: "your session has expired. click ok to re-login" when using root user
Product-Group=junos
Resolved the problem when using the root user in J-web, where after accessing J-web menus, the error "your session has expired. click ok to re-login" may be seen.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1596483 Mcscnoopd might crash during deleting/adding layer-2 forwarding configuration after performing ISSU
Product-Group=junos
In layer-2 forwarding configuration with ISSU scenario, Gencfg provides a generic way for applications to store interface state information (blobs) which needs to be sent to PFE/PIC/REs/daemons. In some rare cases, after performing ISSU, the Gencfg key (handed/generated by the kernel, a kind of layer-2 token) info might be inconsistent between the l2ald and master/backup kernel due to the state sync issue, then the Gencfg might send the blobs with this wrong key to the kernel during adding/deleting the layer-2 forwarding configuration. Then the kernel might return the wrong messages (e.g. next-hop lookup) to mcsnoopd, this will cause mcsnoopd to crash, the services/functions based on multicast will be impacted.
1599094 The l2ald process may crash due to memory leak when all active interfaces in a VLAN are unstable
Product-Group=junos
When none of the constituent active interfaces on a VLAN is stable, memory leak may occur which might eventually lead l2ald to crash. No memory leak will be seen if one or some constituent interfaces are flapping but the VLAN has at least one active stable interface overall.
1602244 In a very rare case, the l2ald core dump file is seen when EVPN(mac-vrf) uses IPv4 underlay
Product-Group=junos
On all Junos and EVO platforms, when an EVPN(mac-vrf) is configured to use IPv4 underlay, in a very rare case core(l2ald - Layer 2 Address Learning Daemon) is seen when interface related configuration is deleted.
1615269 The l2ald process might crash in EVPN scenario
Product-Group=junos
On all MX and QFX platforms, memory corruption might happen when the IRB interface configuration is changed or MAC is added/deleted from VLAN MAC list of a Bridge Domain in an Ethernet Virtual Private Network (EVPN) scenario. The l2ald process crashes and multiple cores are generated. This is a rare issue and it recovers automatically.
PR Number Synopsis Category: lldp sw on MX platform
1617151 Memory leak may be seen when LLDP is configured
Product-Group=junos
On all Junos and Evo platforms, there is a one-shot timer created for LLDP (Link Layer Discovery Protocol), which may not get freed before creating the new one-shot timer because of which there is 160 bytes of leak every minute. This gradual memory leak in l2cpd may lead to l2cpd process crash. This may impact traffic only if protocols other than LLDP (example xSTP) are also running along with LLDP.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1602005 Upgrade might fail when upgrading from legacy release
Product-Group=junos
On all platforms while directly upgrading from Junos with FreeBSD 6 (e.g. 15.1X49 or before) to the affected releases, the system will check the USB connection. The upgrading will fail if there is no USB device detected during the upgrading process.
PR Number Synopsis Category: Kernel MPLS / Tag / P2MP Infrastructure
1473274 The CPU usage of rpd or kernel process might be stuck at 100% while the high number of SNMP polling requests occurs
Product-Group=junos
CPU utilization for rpd or kernel process might be increased to 100% due to high scale of SNMP polling requests.
PR Number Synopsis Category: Issues related to PKI daemon
1549954 PKI CMPv2 client certificate enrolment does not work on SRX when using root-CA.
Product-Group=junos
The PKI CMPv2 (RFC 4210) client certificate enrolment does not properly work on SRX Series devices when using root-CA.
PR Number Synopsis Category: Periodic Packet Management Daemon
1599751 rpd core might be observed due to memory corruption
Product-Group=junos
On all Junos and Evo devices, when connection between Internal Junos Modules (Routing Module & Periodic Packet Manager Module) resets, data structure representing that connection is not completely reset/freed. Due to this next time, when the connection is re-established, there is a possibility of re-using the old/stale data structure and this could lead to memory corruption and thereby rpd core.
PR Number Synopsis Category: PTP related issues.
1618929 The clksyncd might crash and PTP/SyncE might not work
Product-Group=junos
On MX240/MX480/MX960 with 1pps measurement port output and PTP/Hybrid mode configured by default during bootup, clksyncd may crash and dump a core. This issue will cause the PTP/SyncE to not work if the problematic configuration is present.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1584902 The QFX5k/10k device might get hanged after reboot for sometime
Product-Group=junosvae
On QFX5k/10K switches, during reboot in certain instances the device may get into a state where Junos virtual machine hangs until the NMI is triggered and reboots fully. The system recovers after ~30 mins.
PR Number Synopsis Category: QFX5K hostpath
1610295 MAC move or MAC flap may be triggered in the QFX5k VC environment
Product-Group=junos
On all QFX5k platforms with VC (Virtual-Chassis) setup, IGMP (Internet Group Management Protocol) control packet received on a port in the backup (backup-RE) unit is forwarded back to the same port whereas split horizon is not working. Due to this, we might observe MAC (Media Access Control) move or flap. The workaround is to change the mastership between FPCs.
PR Number Synopsis Category: QFX L2 PFE
1614767 On QFX5K VLAN firewall filter is not deleted in PFE after configuration change
Product-Group=junos
For VLAN based firewall filters configured on QFX5K series platforms, when replacing a firewall filter with another one, the previous filter might not be deleted in the Packet Forwarding Engine (PFE) after the configuration change, hence leading to traffic not being filtered as expected.
PR Number Synopsis Category: QFX5100 Interface related issues
1555741 The Virtual Chassis Port (VCP) might not come up after upgrading to 18.4R2-S4 or later releases on EX4600 or QFX5100 platform
Product-Group=junos
In EX4600 or QFX5100 with the Virtual Chassis (VC) scenario, if the QSFP+-40G-LR4/LX4/BXSR is used as the Virtual Chassis Port (VCP), it might come up against the optical signal strength issue accidentally after upgrading to 18.4R2-S4 or later releases. Then the VCP might be brought down by the physical port driver randomly and not come up again. The functionality of VC or the Virtual Chassis Fabric (VCF) might be impacted.
PR Number Synopsis Category: QFX5100 Virtual Chassis
1619997 Disabled VCP (Virtual chassis port) will be UP after the optic on it is reseated
Product-Group=junos
On all EX and QFX platforms, disabled VCP(Virtual Chassis Port) using the command "request virtual-chassis vc-port set interface vcp-xx/xx/xx disable member XX" will be up after the optic on it is reseated. It should keep disabling VC on the port. After it is UP and then a Master switchover is performed, the port will be disabled.
PR Number Synopsis Category: Indirect nexthop routing infrastructure
1613723 The process rpd might crash in BGP rib-sharding scenario
Product-Group=junos
In all Junos and Junos Evolve platforms, rpd crash might be seen when BGP rib-sharding is enabled and it may affect services/traffic.
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1584322 QFX5K series - Show route detail might not show Next-hop type IPoIP Chained comp nh in the output (Display only - no operation impact)
Product-Group=junos
In QFX5K, in some releases (20.3X75-D40 and between 21.1R1 to 21.1R3, 21.3R1), the show route detailed output may not display the IPoIP next-hop type composite in the cli. There is no operational impact and NH structure is correct in the non-detailed output and in the PFE.
PR Number Synopsis Category: RPD policy options
1600544 The configuration check would fail if more than 8 FCs are configured and CBF is enabled
Product-Group=junos
In EVO platforms the configuration check would fail if more than 8 FCs are configured and CBF is enabled. EVO can support upto 16 FCs with CBF. So 'max-forwarding-classes' platform-parameters knob is added to the default-config for EVO platforms.
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1599084 IPv4 static route might still forward traffic unexpectedly even when the static route configuration has already been deleted
Product-Group=junos
On all Junos and EVO platforms with "static defaults" configured under "routing-options" hierarchy, if IPv4 static route configuration is added, and then deleted, the IPv4 static route will not be removed from routing table and still forward traffic unexpectedly due to this issue.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1617830 Traceroute packets might get dropped in SFW service-set when other service-sets with asymmetric traffic processing are also enabled on the same MS-MIC/MS-MPC
Product-Group=junos
When there are service-sets which are configured with knob "enable-asymmetric-traffic-processing" along with other CGNAT(carrier grade NAT) or SFW(stateful firewall) service-set, traceroute packets might get dropped on those even when the ICMP works for ping operation or otherwise. This can happen on ms- interfaces, i.e. on MX devices where multiservices-MPC (modular PIC concentrators) like MS-MPC or MS-MIC are installed. The initiator of the traceroute will not receive any error messages informing them about the failure.
PR Number Synopsis Category: SFW, CGNAT on MS-MIC/MS-MPC (XLP)
1606687 Random IP assignment might be done on MX platforms configured with PCP and DS-Lite
Product-Group=junos
On all MX platforms with MS-MPC or MS-MIC cards and PCP (Port Control Protocol) DS-Lite (Dual Stack -lite) configured with APP (Address Pooling Paired) and PBA (Port Block Allocation), when the PCP client is requesting for a specific external port and specific external IP is not requested, the external IPv4 address might be randomly assigned from any IP pool despite the APP configuration.
PR Number Synopsis Category: SRX5XX platform
1575231 The fxp0 interface of an SRX550 in cluster might become unreachable from an external network
Product-Group=junos
On SRX550 configured with chassis cluster, fxp0 interfaces might not be reachable from external management interface when the fxp0 and redundant Ethernet(reth) interfaces are in separate routing instances. This is because there is no ARP entry for the reth interface in fxp0 ARP table. As a result of this, SRX cluster cannot be accessed from an external management network.
PR Number Synopsis Category: Stout cards (MPC8, MPC9) fabric issues
1617469 MPC8E in 1.6T bandwidth mode may not work correctly
Product-Group=junos
If MPC8E is set in 1.6T bandwidth mode, it may not work correctly and the end result is that the MPC8E will not be able to see 1.6T throughput (as configured) and will see fabric drops at higher traffic rates. The 1.6T bandwidth fabric parameters are not getting applied to SFBs.
PR Number Synopsis Category: ZT/YTpfe bridging, learning, stp, oam, irb software
1561934 ARP resolution failure may occur in EVPN-VxLAN scenario
Product-Group=junos
On EX92xx/MX platforms with MPC10/11E installed, when a VxLAN bridge domain with "vlan-id none" is configured, ARP resolution from CE will have issues. ARP reply packets will carry an extra invalid VLAN tag.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1606731 The FPC might crash if 'flow-table-size' is configured on MX platforms
Product-Group=junos
On MX platforms, if knob 'set chassis fpc slot-number inline-services flow-table-size' or 'set chassis fpc slot-number inline-services flex-flow-sizing' is configured, the FPC might crash.
PR Number Synopsis Category: Junos Automation, Commit/Op/Event and SLAX
1604622 File download using "request system download" might fail
Product-Group=junos
On a EX4400 device, any files scheduled for download using the cli command "request system download" might fail due to error. The files can be downloaded using normal ftp/scp commands on the device.
PR Number Synopsis Category: Configuration management, ffp, load action
1601159 The commitd core file may be observed after committing some configuration change
Product-Group=junos
On all Junos platforms, if juniper.db size is more than 700 MB and commitd is invoked, it causes the device to generate a core file (or dump file).
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1600435 The dfwc and dcd processes may crash when a commit-check is performed after a previously terminated (with ctrl+c) commit-check
Product-Group=junos
During performing commit-check for the firewall and interface related configurations, if an operator uses the ctrl+c to abort it, the dfwc and dcd may crash after performing another commit-check. This issue will happen only with those daemons that follow the message-based commit-check model (such as dfwc, dcd, rdmd and fwa), and has no impact on other daemons.
PR Number Synopsis Category: usf ha related issues
1618360 The traffic loss might be seen after cleaning the large-scaled NAT sessions in MS-SPC3 based Next Gen Services Inter-Chassis Stateful High Availability scenario
Product-Group=junos
In MX-SPC3 with Next Gen Services Inter-Chassis Stateful High Availability scenario, the NAT (e.g. NAT64 in this issue) might be deployed on dual-MX chassis. In the case of the large-scale (about 5~6 million) synced NAT sessions, the Stateful Synchronization function will not sync and clear all cleared sessions on the backup MX chassis, the stale sessions might be stuck in the backup MX chassis while clearing all the sessions in master MX chassis. After switching over the master-ship between the redundant MX chassis, the NAT traffic will be dropped due to these staled deleted sessions.
PR Number Synopsis Category: usf nat related issues
1601890 Traffic might be dropped at NAT gateway if EIM is enabled
Product-Group=junos
With Network Address Translation (NAT) and Endpoint-independent Mapping (EIM) enabled, traffic unsupported by EIM might not be translated due to packets injected back to NAT gateway. When this issue happens, EIM unsupported traffic could be dropped. Also, the issue could cause looping at NAT gateway. In the end, looping occurred at NAT gateway affects device performance.
1612555 The B4 client traffic will be dropped on MX-SPC3 based AFTR in DS-Lite with EIM activated CGNAT scenario
Product-Group=junos
In MX-SPC3 with Dual-Stack Lite (DS-Lite) scenario, the IPv4 client will use Basic Bridging BroadBand (B4) to pass through IPv4-over-IPv6 tunnels to cross an IPv6 access network to reach a Carrier-grade NAT (CGNAT) network behind the Address Family Transition Router (AFTR). In case of the Endpoint independent mapping (EIM) is activated for CGNAT, the DS-Lite encapsulated IPIP packets might not be identified by EIM for some reason, and the NAT rule might not be found properly by MX-SPC3 of AFTR for the mapping traffic. After that, the DS-Lite tunnels/NAT sessions between the B4 and AFTR might not be established successfully since the DS-Lite/NAT packets might be dropped on AFTR, the IP flow from the B4 client will be impacted.
1620421 JDI_BBE_REGRESSIONS :: MX480 :: Observed Output drop packet while verifying Services PCEF Subscribers
Product-Group=junos
Packet drop happening due to the NAT checks the EIM supported protocols on non NAT flows as well.
 

20.4R3-S1 - List of Known issues

 
PR Number Synopsis Category: EX platform-side analytics
1614098 JUNOS:JDI_FT_REGRESSION:PROTOCOLS:SWITCHING:ZTP: After performing zeroize factory default configuration does not show appropriate interface in the device
Product-Group=junos
After performing ZTP, default configuration under ge-0/0/* will be missing in EX4600 product.
PR Number Synopsis Category: EX4300 PFE
1409946 EX4300 /17.3R3-S2 / CFM session down on EX4300 while shows up on peer
Product-Group=junos
On EX4300 CFM across inet is not qualified. For now this is supported only family Ethernet-switching. This would be addressed as a ER.
PR Number Synopsis Category: SPC3 HW and SW Issues
1625579 The flowd process lost heartbeat for 45 consecutive seconds without alarm raised
Product-Group=junos
On SRX5K platforms with SPC3 card used, if the flowd process lost heartbeat for 45 consecutive seconds, all FPCs might reboot. However, the device marks the flowd process as down without alarm raised, the failover does not happen right away. Traffic loss might be seen due to this issue. Fix raises alarm at earlier stage. If cluster, there will be sooner failover.
PR Number Synopsis Category: Fireall support for ACX
1630280 ACX5048 filters reporting TCAM errors are not installed in h/w after the upgrade from 17.4R2-S8 to 20.4R3
Product-Group=junos
This changes increase the number of family inet arp policers to 64 entries. TCAM resource shortage errors can be seen if there are more than 32 IFLs with configured arp policer.
PR Number Synopsis Category: "agentd" software daemon
1623510 MPC10E 3D MRATE-10xQSFPP core | Coredump has been created on FPC base-os
Product-Group=junos
aft-sysinfo core is seen on MPC10 and MPC11 FPCs
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1618118 (Inline and distributed) BFD overlay sessions flap with underlay interface flap
Product-Group=junos
on certain conditions where underlay session flapped due to interface down event, it may possible to see the flap in overlay bfd session due to delay in route install to reach the packet to the neighbor.
PR Number Synopsis Category: Border Gateway Protocol
1622769 When "no-install" knob is enabled under "family inet labeled-unicast", VPNv4 Route Reflector hides the VPNv4 routes that are resolved via BGP-LU
Product-Group=junos
When "no-install" knob is enabled under "family inet labeled-unicast", VPNv4 Route Reflector hides the VPNv4 routes that are resolved via BGP-LU. Enabling "no-install for BGP-LU AFI/SAFI is not best practice, use "family inet labeled-unicast rib inet.3" instead.
1625396 [rpd] [rpdtag] : mx960 :: PDT: MX960 : RPD Process CPU observed consistent > 80% on MX960 in 20.4R3-S1 daily CI build - 20.4I-20211003_junos_204_r3_s1.0.0429
Product-Group=junos
When we have high scale, the Openconfig telemetry sensor /bgp-rib/ used in periodic streaming will cause high cpu usage by RPD.
1626367 Time delay to export prefixes to BGP neighbors might occur post applying peer-specific BGP export policies
Product-Group=junos
On all Junos and EVO Platforms, when BGP export policies were changed from deny all to the peer-specific export policies, it might take several hours for the RPD/BGP to finish the export evaluation.
PR Number Synopsis Category: CFM
1536417 FPC might core if CFM flap trap monitor feature in use
Product-Group=junos
FPC might core if flap-trap-monitor feature under "set protocols oam ethernet cfm performance-monitoring sla-iterator-profiles" is used and performance monitoring flap occurs.
PR Number Synopsis Category: EVPN control plane issues
1600600 I-ESI modification workflow on DC-GW
Product-Group=junos
Modifying the I-ESI value is traffic effecting event. If this must be done then follow the below steps in order to avoid this PR 1) deactivate interconnect stanza for the routing-instance in question 2) Modify the I-ESI value 3) activate the interconnect stanza
1610432 MAC-IP move across L2-DCI is not updated in MAC-IP table of the GW nodes for vlans that have translate VNI configuration
Product-Group=junos
This problem happens only with translation VNI when mac moved one from DC1 to DC2. VM move across DC where there is not translate VNI configuration in the interconnect works as designed
1626120 EVPN routes not advertised successfully upon activating or applying EVPN instance configuration
Product-Group=junos
On a JUNOS or EVO based platform, when EVPN instance configuration is applied, routing-process would add routes to be advertised to .evpn.0 RIB (show route table .evpn.0), but they wouldn't been seen by other PEs or route-reflectors (show route table bgp.evpn.0). And so destinations behind the PE might not be reachable.
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1609322 Few ARP/ND/MAC entries for Vlans are missing with MAC-VRF configuration
Product-Group=junos
In all Junos and Evo platforms, in EVPN-VXLAN scenario, with "proxy-macip-advertisement" knob configured, few ARP/ND/MAC entries may get missing.
1614245 QFX 10K8: EVPN-VXLAN : Ultimate (qfx10008) device, going to db> prompt
Product-Group=junos
On dual RE QFX10K box with MAC VRF config and GRES enabled, backup RE gets crashed on config commits. Some times the issue is seen on switchovers as well. We should keep GRES disabled with MAC VRF config on QFX10K dual RE box to avoid hitting this issue.
PR Number Synopsis Category: EX driver issues
1600291 The SFP-T port might stop forwarding traffic on EX4600 platforms
Product-Group=junos
On EX4600, after performing an upgrade, the peer device is rebooted, the peer interface is disabled/enabled or rebooting EX4600, then the SFP-T port on EX4600 might remain in up state but could not forward traffic.
PR Number Synopsis Category: Express PFE including evpn, vxlan
1596462 The DCI InterVNI and IntraVNI traffic might black-holed in gateway node due to the tagged underlay interfaces
Product-Group=junos
On QFX10K platforms with EVPN-VXLAN to EVPN-VXLAN DCI interconnect deployment, the Data Center Interconnect (DCI) InterVNI and IntraVNI traffic black-hole might be seen in gateway node due to the tagged underlay interfaces.
1601961 InterDC traffic loss might be seen in MAC-VRF EVI with trap stats "dlu.ucode.discard "
Product-Group=junos
On QFX10002/10008 platforms, when WAN-RT (Route Target) is modified for MAC-VRF (Virtual Routing and Forwarding) EVI(EVPN Instance), about 1% of InterDC L3 traffic may get black-holed for the MAC-VRF EVI, with trap stats "dlu.ucode.discard". This happens because the original VNI (Virtual Network Identifier) of the Bridge Domain is sent in the VXLAN(Virtual Extensible Local Area Network) header. However, instead of the original VNI the translated VNI should be sent for correct traffic propagation.
1615253 [evpn_vxlan] [type-5]: Traffic received on type-5 tunnel on Spine are not forwarded out to leaf after modifying lo0 interface IP on QFX10k.
Product-Group=junos
In EVPN-VXLAN scenario, with type-5 routes installed on QFX10K platforms as spine in setup, traffic drop can be seen after modifying the lo0 interface on the spine on the fly, as PFE expect sequence of tunnel/vtep up/down events in specific order but this does not happen always when lo0 is changes on the fly which leads to type-5 route installation issue in PFE causing traffic drops.
PR Number Synopsis Category: jdhcpd daemon
1625617 The rpd scheduler might continuously slip after GRES when there are 7k DHCP clients in a subscriber management environment
Product-Group=junos
On the MX10008 platform with larger subscribers management, when it is configured as a DHCP (Dynamic Host Configuration Protocol) server having 7k DHCP clients binding, the commit can become very slow. After doing GRES (Graceful Routing Engine Switchover), the rpd may continuously run high CPU and scheduler slips for 20 minutes and may cause protocol flaps.
PR Number Synopsis Category: Flow Module
1624041 VLAN tagged packets might be dropped at TAP mode enabled interface
Product-Group=junos
On SRX4600 and SRX5000 (like SRX5400, SRX5600 and SRX5800) series platforms, if the interface is enabled with Terminal Access Point (TAP) mode, VLAN tagged packets from a mirror interface of switch might be dropped. When this issue happens, transit traffic going through the switch might not be analyzed.
PR Number Synopsis Category: interfaces and zones for junos js software
1610639 The transit counter did not support on SRX4600.
Product-Group=junos
The transit counter did not support on SRX4600. SRX4600 FPC 0 REV 03 711-065484 CAHA9003 SRX4600 SPM <<< SPC function FPC 1 REV 03 711-065676 CAHA9459 SRX4600 MPC <<< IOC function The high-end SRX architecture (SRX4600 and SRX5K) is a distribution systems include IOC and SPC separate FPC (hardware) running different software. IOC can not identify that the packet should go to-RE (local count) or not (transit count). Only the flowd running on SPU/SPC can tell if the packet to-RE or not. With the architecture, the statistics count can not provide the transit counters.
PR Number Synopsis Category: IPSEC/IKE VPN
1608290 Loss of Group VPN PUSH ACK messages from group members to the key server
Product-Group=junos
In certain cases, the PUSH ACK message from the group member to the group key server may be lost. The group member can still send rekey requests for the TEK SAs before the hard lifetime expiry. Only if the key server sends any new PUSH messages to the grooup members, those updates would not be received by the group member since the key server would have removed the member from registered members list.
PR Number Synopsis Category: Security platform jweb support
1628649 [J-web] AM/PM time format is displayed in Customize for Last field at Monitor > Logs > All Events
Product-Group=junos
On SRX series platform, AM/PM time format is displayed in Customize for Last field at Monitor > Logs > All Events (Japanese J-web only)
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1611154 IRB ARP/ND entries missing in GW nodes and traffic black-hole after modify WAN-RD or WAN-RT of EVPN VXLAN DCI routing instance
Product-Group=junos
After modifying WAN-RT or WAN-RD, in scaled setup, some of the IRB ARP/ND entries are missing.
1617182 when DC interconnect is deactivated some remote IRB ND entries are missing when proxy-macip-advertisement is present
Product-Group=junos
With proxy-mac-advertisement knob configured, and if DC interconnect is deactivated for a VNI/VLAN, then some remote IRB ND entries are missing from mac-ip table/ND table. No traffic loss is observed.
PR Number Synopsis Category: SW PRs for MPC10E PlatformD
1555802 Fabric self ping failure might be reported from MPC10 when MPC CPU is busy
Product-Group=junos
Fabric self ping failure might be reported from MPC10 when MPC CPU is busy. This may trigger follow up actions which may take the Packet Forwarding Engines on the MPC out of service.
PR Number Synopsis Category: MX Timing software
1442055 PTP packets dropped depending on multicast configuration
Product-Group=junos
PTP master and PTP slave port configuration only accepts PTP packets with multicast MAC address according to the port settings If forwardable multicast is configured, only PTP packets with forward-able MAC address is accepted, non-forwardable is dropped. link-local multicast is configured, only PTP packets with non-forwardable MAC address is accepted, forwardable is dropped.
1557999 The SyncE transient response test fails
Product-Group=junos
The Sync-E to PTP transient simulated by Calnex Paragon Test equipment is not real network scenario. In real network deployment model typically there will be two Sync-E sources (Primary and Secondary) and switchover happens from one source to another source. MPCE7 would pass real network SyncE switchover and associated transient mask
1619910 [Clocking Solution]: High phase jump observed during slave clock fail-over from one line card to another
Product-Group=junos
Platforms MX240, MX480, MX960, MX2010,MX2020 and MX10003 have distributed timing architecture. PTP switchover from one linecard to another on these platforms will results in clock going to acquiring state on the new slave line card and hence high phase jump is expected.
PR Number Synopsis Category: Odin Timing software
1623952 [Clocking Solution]: ACX710 is moving to holdover for a brief time when changing from link-local to non-link-local in back to back scenario.
Product-Group=junos
Link Local change causes PTP stream to be recreated.On ACX710 , PTP stream recreation causes the corresponding servo APR stream to be recreated too , leading to the transient HO state.
PR Number Synopsis Category: PTP related issues.
1585529 PTP lock status set to INITIALIZING state for few seconds while deactivating the slave interface
Product-Group=junos
When the active slave interface is deactivated, the PTP lock status is set to 'INITIALIZING' state in 'show ptp lock-status' output for few seconds before BMCA chooses the next best slave interface. This is the day-1 behavior and there is no functional impact.
PR Number Synopsis Category: QFX access control list
1612628 Transit DHCP Offer Packets are being duplicated while routed at ERB Leaf (EVPN L2/L3 GW)
Product-Group=junos
QFX5k device, if used as transit device then duplicate DHCP packets may be seen.
PR Number Synopsis Category: QFX EVPN / VxLAN
1570689 Unexpected multicast traffic streams after enabling EVPN is observed.
Product-Group=junos
On QFX5K, in EVPN_VXLAN deployment, BUM traffic replication over VTEP may send out more packets than expected.
PR Number Synopsis Category: KRT Queue issues within RPD
1612387 The Routing protocol engine CPU is getting stuck at 100%
Product-Group=junos
ON the ACX710 the CPU of the routing protocol engine getting stuck at 100%, which leads to traffic impact
PR Number Synopsis Category: RPD policy options
1600544 The configuration check would fail if more than 8 FCs are configured and CBF is enabled
Product-Group=junos
In EVO platforms the configuration check would fail if more than 8 FCs are configured and CBF is enabled. EVO can support upto 16 FCs with CBF. So 'max-forwarding-classes' platform-parameters knob is added to the default-config for EVO platforms.
PR Number Synopsis Category: SRX branch platforms
1580667 [SRX] error message tcp_timer_keep:Local(0x81100001:60753) Foreign(0x8f100001:33010) is seen in messages log every 80 seconds
Product-Group=junos
On SRX series platform with Chassis Cluster, tcp_timer_keep:Local(0x81100001:60753) Foreign(0x8f100001:33010) is seen in messages log every 80 seconds.
PR Number Synopsis Category: ZT/YT pfe infra issues
1575138 [MPC10] - Traffic drops while routing from MPC10 to other type of MPC when configured with WAN-PHY mode on the "other" MPCs
Product-Group=junos
A router will drop traffics when using "wan-phy" mode on a router with MPC10E mixed with other types of MPC -- such as MPC3E. This issue affects JUNOS software versions prior to 20.1R1.
PR Number Synopsis Category: ZT/YT pfe firewall software
1604313 The firewall telemetry sensor output might fail to produce the right values (key-value pairs) at the collector
Product-Group=junos
On MX960 platform with MPC10/MPC11 line-card, the field numbers of firewall sensors from MPC10E might not align with other MPCs and Junos Telemetry Interface data model files. This might cause the server to be unable to parse firewall sensors from MPC10E.
1616067 No filter found error might be seen while deactivating filter attached to interface after MPC reboot
Product-Group=junos
On all MX series platforms with MPC10+, if filter is created with resolved filter and deactivating filter attached to interface after MPC reboot, no filter found error might be seen while device have multiple filters configured across different families. Due to this, filter might not be effective and that might lead to allow unnecessary traffic.
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1618391 A device which is configured IP interface(ip-x/x/x) cannot sent out encapsulated IPv4-over-IPv6 packets to a remote device in case of transit packets.
Product-Group=junos
Transit IPv4-over-IPv6 encapsulated packets cannot pass through using IP over IP interface(ip-x/x/x). This behavior has been seen in'transit' packets only.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1608718 In an SRX cluster with VPN configuration, primary node in cluster may generate kmd core files in a loop when a commit fails with "lock can not be taken on other node" followed by another commit.
Product-Group=junos
When a commit is failed due to "lock can not be taken on other node", "/var/etc/vpn_tunnel.id+" and other ffp(foreign file propagation) files are not getting cleaned up on srx cluster. In next commit, these stale ffp files are activated for use, it is resulting in discrepancy and resulting in assert failure in applications/KMD daemons. The problem moves to the secondary node if the failover is executed.
PR Number Synopsis Category: QFX RCB issues
1598814 EVPN-VXLAN:QFX10008: RE1 went to DB prompt when tried loading profile configs over LRM configs.
Product-Group=junos
Read write lock is not acquired during the sysctl invocation. The assert triggered in the interface state function call leads to RE1 going to debug (db>) prompt. This Assert crash issue was not fixed in 20.4R3, as the code changes are under review. It will be available in future required releases.
 
 
Modification History:
Re-issue 2022-01-05 to added PRs which were not documented
First publication 2021-11-29
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search