Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Resolved Issues for QFX5110 and QFX5200 Switches

 

This section lists the issues fixed in the Junos OS 15.1X53 releases.

For the most complete and latest information about known Junos OS defects, use the Juniper online Junos Problem Report Search application.

Resolved Issues: Release 15.1X53-D237

General Routing

  • ERSPAN traffic is not tagged when the output interface is a trunk port. PR1418162

Resolved Issues: Release 15.1X53-D236

General Routing

  • A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all QFX Series devices in a Virtual Chassis configuration. For more information, see https://kb.juniper.net/JSA10906 for details. PR1351411

  • On QFX Series switches except for the QFX10000, if host-destined packets (that is, the destination address belongs to the device) come from the interface on which the log or syslog action is configured for the ingress filter, (for example, filter <> term <> then log/syslog), such packets might not be dropped and might reach the Routing Engine unexpectedly. PR1379718

  • In an Open vSwitch Database (OVSDB) environment with solid-state drive (SSD) installed on the backup Routing Engine side, the master Routing Engine copies /var/db/ovsdatabase to the backup Routing Engine in very short intervals (for example, every 10 seconds), and the backup Routing Engine might write the whole ovsdatabase file to the SSD frequently. Therefore, the SSD lifetime might be short because the higher number of read/write operations exceeds a certain allowed limit. As a result, an SSD card failure might be observed. PR1381888

  • DMA failure errors might occur when the cache flushes or the cache is full, which might stop the device from accepting SSH credentials and also cause the Virtual Chassis stops responding. PR1383608

  • During the Zero Touch Provisioning (ZTP) process, the default route is being cleaned up by code. As a result, if a static default route is configured in the initial configuration (configuration file downloaded from the file server for ZTP), the route fails to work. This might lead to ZTP failure or a device access issue after ZTP. PR1387724

  • On QFX Series switches, when power budgeting is executed, the log message PEM power status has changed, run power budget again might be seen. PR1388479

  • On QFX Series switches (except for the QFX10000), interfaces with 100G-AOC (active optic cable with embedded transceivers) might be down. The description of the affected AOC is QSFP28-100G-AOC (for example, QSFP28-100G-AOC-1M, QSFP28-100G-AOC-3M). PR1389478

  • sdk-vmmd might consistently write to the memory. PR1393044

  • On the QFX5110 and QFX5200, traffic initiated from a server connected to an interface is dropped at the interface if the interface configuration is changed from family ethernet-switching with VXLAN to family inet. PR1399733

Infrastructure

  • When a specific BGP flow specification (flowspec) configuration is enabled and when a BGP packet meeting a specific term in the flowspec configuration is received, a reachable assertion failure occurs, causing the rpd process to crash and generate a core. For more information, see: https://kb.juniper.net/JSA10902. PR1116761

Layer 2 Features

  • A denial-of-service (DoS) vulnerability in BGP in Junos OS is configured as a VPLS PE that allows an attacker to craft a specific BGP message to cause the rpd process to crash and restart. While rpd restarts after the crash, repeated crashes can result in an extended DoS condition. For more details, see https://kb.juniper.net/JSA10912. PR1352498

  • On QFX5110 and QFX5200 in Virtual-Chassis and RTG scenario, if the RTG (redundant trunk group) interface flaps on VC master, RTG MAC refresh packets will be sent out from all the ports which is belong to the same VLAN. Normally, the MAC refresh packets are used to refresh MAC entries on the peer L2 device connected to the RTG ports. PR1389695

Layer 3 Features

  • If certain VTY commands keep running, the QFX5110's or QFX5200's Packet Forwarding Engine might crash because of microkernel memory leak. PR1389444

  • QFX5200 switches might not able to send out control plane traffic to the peering device alone because of the following error message: Failed to allocate 16384 DMA memory. PR1406242

Security

  • The OpenSSL project has published security advisories for vulnerabilities resolved in the OpenSSL library on April 16, 2018, and June 12, 2018. See https://kb.juniper.net/JSA10919 for more details. PR1380686

Resolved Issues: Release 15.1X53-D235

Class of Service (CoS)

  • On switches with copper SFPs, the CoS buffer-partition percentage might not take effect if the auto-negotiation is configured. PR1368534

Interfaces and Chassis

  • The dcd process might crash when an invalid IP/mask is learned from DHCP server. The dcd process might crash causing issues under logical interface hierarchy such as, IP address cannot be installed on a logical interface. PR1082817

Platform and Infrastructure

  • On a QFX5110 or QFX5200 switch, FPC might go offline intermittently when a burst of IPv6 BFD and BGP packets get flooded. An FXPC core file is also generated. PR1371400

Software Installation and Upgrade

  • QFX5110 or QFX5200 running Junos OS Release 15.1X53-D231 or 15.1X53-D232 might not boot after a power outage or power is turned off after issuing the request system halt command. PR1349852

  • When native-vlan-id is configured for aggregated Ethernet LACP session to multihomed server goes down if you have irb.0 configured. This causes incorrect parameters being pushed to Packet Forwarding Engine. As a result, LACP PDUs does not egress correctly. PR1369424

Resolved Issues: Release 15.1X53-D234

Class of Service (CoS)

  • You cannot filter packets with DST IP as 224/4 and DST MAC = QFX_intf_mac on a loopback interface using a single match condition for source address 224.0.0.0/4. PR1354377

Interfaces and Chassis

  • On QFX Series switches, issuing the show interfaces extensive command or polling SNMP OID ifOutDiscards provides a drop count of zero. PR1071379

  • If customer virtual local area network (CVLAN) range 16 (for example, vlan-id-list 30-45) is configured in a Q-in-Q (that is, 802.1ad) scenario, all the 16 VLANs might not pass traffic. PR1345994

  • The show chassis firmware U-Boot version command output shows malformed encoded characters such as root@host# run show chassis firmware Part Type Version FPC 0 U-Boot \x06 °À\x04. PR1358274

  • On QFX5200/QFX5110 switches with aggregated Ethernet interface configured, the GTP (GPRS Tunnel Protocol) traffic cannot be hashed correctly when transmitted through the aggregated Ethernet interface. PR1361379

Layer 2 Features

  • On QFX5110/QFX5200 switches, removing all the Virtual Extensible Local Area Network (VXLAN) configuration, might cause the fxpc process to crash. PR1345231

  • On QFX5110 and QFX5200 platforms, a DHCP packet might be forwarded by an MSTP blocked port if the "dhcp-security group * overrides no-option82" is enabled, which might lead to MAC flapping and form a loop. PR1345610

  • IS-IS packets received with the ALL-IS MAC address and EtherType as 0x8870 are dropped by the QFX5110 or QFX5200. PR1368913

MPLS

  • If the P/PE router is configured with no-decrement-ttl, RPD sends the NO_PROPAGATE_TTL flag even for the tunnel transit case. Changes done in the Packet Forwarding Engine module to ignore this configuration statement for PROTO_TAG case, so that TTL value is not decremented in transit nodes. PR1366804

Routing Protocols

  • On QFX Series switches, if equal-cost routes are flapping, some unilist next hops might not be deleted, even if they are not referenced. This might result in overrunning the ECMP group limit and failing to install new next-hops. PR1096600

Resolved Issues: Release 15.1X53-D233

Hardware

  • On QFX5200 systems connected using QSFP+4x10G-IR (PSM4 optical transceivers), the interfaces do not link because of a timing issue. When a port is channelized, the link goes down and the optical speed is set before the interface comes up. PR1307400

EVPN

  • On all QFX Series platforms that support Ethernet VPN (EVPN) and Virtual Extensible LAN (VXLAN) feature, some vlan bridges and the Virtual Tunnel End Point (VTEP) bindings might be lost if a vlan or some vlans are deleted or deactivated from a vlan range. As a result, the EVPN Type3 route might not be advertised for these affected vlans. This issue might lead to these vlans being unable to receive broadcast, unknown, and multicast (BUM) traffic from remote Aggregation Device (AD). PR1298659

  • Given three leaf VTEPs: two remote VTEPs and one local VTEP, the programming for a MAC address might become mis-programmed on the local VTEP. This might happen when a MAC address in the EVPN database moves from remote VTEP (VTEP #1) to a local VTEP (VTEP #2) and then to a different remote VTEP (VTEP #3). The programming for the MAC address on the device with VTEP #2 still points to remote VTEP #1. It might not be updated with the correct VTEP where the MAC address has moved (VTEP #3). PR1335431

Infrastructure

  • On QFX5110 and QFX5200 switches without DHCP/BOOTP configuration, if IRB interface is configured without an IP address, then the device cannot transmit the bootstrap protocol (BOOTP) packet received with the destination MAC-address of the switch correctly. PR1259544

Interfaces and Chassis

  • On QFX5110 and QFX5200 switches in multicast scenario, when upstream interface gets flap on non-DR router, the traffic might not be forwarded to downstream multicast receiver. PR1250737

  • On QFX5110 switches, the optic interface still transmits power even it has been administratively shutdown. PR1318997

  • ifinfo core files might be created on QFX5110. PR1324326

Layer 2 Features

  • On QFX5110/QFX5200 platforms with igmp-snooping enabled (by default), and the device works as an intermediate L2 switch, if IPv6 Neighbor Advertisement (NA)/Neighbor Solicitation (NS) packets of Neighbor Discovery (ND) with IPv6 solicited-node multicast address (ff02:0:0:0:0:1::ffXX:XXXX) as the destination address are received, it might be dropped. PR1278987

  • On all Junos OS platforms, Management Daemon (MGD) might panic after modifying AE members under "ethernet-switching vlan". After MGD panic, the remote session might be terminated. PR1325736

  • On QFX5110 or QFX5200 platforms, when configuring Class of service (CoS), the fixed classifier does not work if it is attached to an Aggregated Ethernet (AE) interface, the packets do not enter the queue referred by the fixed classifier. PR1326108

  • The number of samples expected which is based on the actual traffic-rate and configured sample-rate might not match with the actual number of samples that the sflow agent sends to the collector. PR1381378

MPLS

  • When performing traceroute to a remote host for an MPLS (Multiprotocol Label Switching) label-switched path signaled by the LDP (Label Distribution Protocol), the rpd process might crash. PR1299026

  • The show mpls container-lsp output might not show any egress LSP until the Enhanced FRR is enabled for these egress LSPs.

Multicast

  • On QFX5110 and QFX5200 switches, if Protocol Independent Multicast (PIM) source-specific multicast (SSM) is used, IPv6 multicast traffic from the source might be 100% dropped. PR1292519

Network Management and Monitoring

  • On a QFX5110 switch in a scaled configuration, an updated sFlow sample might not be updated in the packet capture at the collector. PR1233498

Platform and Infrastructure

  • A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges. Refer to JSA10803 for further details. PR1149652

  • On QFX5110-32C switches, throughput as per RFC 2544 is not 100% for some of the frame sizes when the switch is configured with mixed 10/40/100G speed ports. It is fine when tested individually with 10-Gigabit, 40-Gigabit, and 100-Gigabit Ethernet ports separately. PR1256671

  • C0 management port does not come up with both SFP QFX-SFP-1GE-T and QFX-SFP-1GE-SX C1. It works fine with both SFP and also generic Ethernet RJ-45 manangement port comes up fine. PR1298876

  • When an QSFP+4x10G-IR (PSM4 optical transceiver) is connected between a QFX5200 and a PTX5000, the interfaces do not link because of a timing issue. When a port is channelized, the link goes down and the optical speed is set before the interface comes up. PR1307400

  • On QFX Series platforms with MC-LAG enabled, if "redundancy-group-id-list" is not configured under ICCP, upgrading might encounter commit failure during bootup. PR1311009

  • On QFX5110 and QFX5200 platforms, transit traffic over GRE tunnels might hit CPU and trigger a DDoS violation on L3NHOP if deleting specific route for GRE tunnel destination IP. As a workaround, please restart Packet Forwarding Engine process.PR1315773

  • On enhanced Layer 2 Software (ELS) platforms, VLAN or VLAN bridge might not be added or deleted if there is an IFBD hardware token limit exhaustion. It might not allow new IFBDs to be created or old IFBDs to be deleted. PR1325217

Routing Policy and Firewall Filters

  • On QFX Series switches, the command of showing policy which has parameter of "load-balance consistent-hash" might cause rpd to crash. PR1200997

  • Consistent load balancing minimizes flow remapping in an equal-cost multipath (ECMP) group. Previously on QFX5110/QFX5200 switches, the CLI command set policy-options policy-statement ECMP term 2 then load-balance consistent-hash hid the 'consistent-hash' attribute from the load-balance object. This issue has been fixed and the 'consistent-hash' attribute is now displayed. PR1322299

Routing Protocols

  • Following errors might occur in log messages because of an incorrect Broadcom variable initialisation: MMU_MTRO_EGRMETERINGCONFIG_MEM_PIPE3.mmu_sc0 failed(ERR) and MMU_MTRO_CONFIG_L0_MEM_PIPE0.mmu_sc0 failed(ERR). This needs to be corrected with the Broadcom recommended variable. These messages are not harmful and might not cause any impact to system behavior. PR1381790

  • On QFX5110 switches, if openflow is configured with interfaces and controller options, then the openflow session might flap constantly. This issue is caused by a malformed openflow response packet. PR1323273

  • On QFX Series platforms, in the scenario that MSTP, RSTP, and VSTP is configured to prevent Layer-2 network loop, loop, xSTP convergence might fail on the interface that is configured on the interface that configured with flexible-vlan-tagging and encapsulation extended-vlan-bridge. PR1179167

Resolved Issues: Release 15.1X53-D232

Infrastructure

  • On QFX5110 and QFX5200 switches, there is a memory leak in sysctl net.routetable/sysctl_rtsock(). PR1163782

  • On QFX5110 and QFX5200 switches, when console log-out-on-disconnect is enabled, system reboot or switchover can result in processes remaining in the wait state and failure of the syslog feature. PR1253544

Interfaces and Chassis

  • On a QFX5200, the fxpc process might crash when an SFP is inserted in a port configured with flexible-vlan-tagging or extended-vlan-bridge. PR1159156

  • On a QFX5200, a 100-gigabit interface might not come up if connecting to another vendor's switch or an MX Series router after an upgrade to 15.1X53-D210/15.1X53-D230. PR1292726

Network Management and Monitoring

  • After the rebooting of the Virtual Chassis, authentication of SNMPv3 users fails due to the change of the local engine ID. PR1256166

Port Security

  • On a QFX5110 and QFX5200, DHCP Discover/Offer packets might cause memory leaks and create jdhcpd core files. PR1273452

Software-Defined Networking

  • On QFX5110 and QFX5200 switches with EVPN-VXLAN, broadcast and multicast traffic might not be sent to other switches via VTEP interfaces. PR1293163

Resolved Issues: Release 15.1X53-D231

Authentication and Access Control

  • On QFX5110 and QFX5200 switches, the auditd daemon might crash after the configuration of tacplus-server is changed. PR1191527

  • On QFX Series switches, SSH key-based authentication is failing. PR1142992

Hardware

  • Fan LEDs on a QFX5200 may work in unexpected ways. PR1274312

Interfaces and Chassis

  • On a QFX5110 and QFX5200, removing force-up causes return-traffic to be dropped by the leaf. PR1264650

Layer 2 Features

  • QFX5110 generated an l2ald core dump for an unknown reason at: l2ald_mac_process_update_fwd_entry_mask, l2ald_mclag_update_change_for_learn_mask, logging, vlogging, vlogging_event. PR1264432

Layer 3 Features

  • On QFX Series, EBGP packets with ttl=1 and non-EBGP packets with ttl=1 go to the same queue. PR1227314

Network Management and Monitoring

  • On QFX5200, the error log ifd ifd-number; does not exist might appear during an SNMP query and the SNMP query might be delayed. PR1263794

Routing Policy and Firewall Filters

  • A firewall filter using deny-bgp from port bgp as a deny term blocks all TCP traffic on a QFX5110. PR1264373

Software-Defined Networking (SDN)

  • Data-plane VXLAN and OVSDB functionality is not supported in Junos OS Release 15.1X53-D230 on QFX5200 and QFX5110 platforms. PR1267489

Security

  • NTP.org and FreeBSD have published security advisories for vulnerabilities resolved in ntpd (NTP daemon). Server-side vulnerabilities are only exploitable on systems where NTP server is enabled within the [edit system ntp] hierarchy level. A summary of the vulnerabilities that may impact Junos OS is in JSA10776. Refer to JSA10776 for more information. PR1159544 , PR1234119

  • When an IPv6 node receives an ICMPv6 PTB (Packet Too Big) message with MTU < 1280, the node will emit atomic fragments. This behavior might result in denial of service attack. And please refer to JSA10780 for more information. PR1250832

Software Installation and Upgrade



  • On QFX5110 switches, the request system software rollback command is not available. PR1279767

Spanning-Tree Protocols

  • VSTP functionality is not working on QFX5110 switches in a hub scenario. PR1241456

  • QFX5110 and QFX5200 switches do not transfer BPDU packets though xSTP is disabled. PR1262847

Resolved Issues: Release 15.1X53-D230

Authentication and Access Control

  • On QFX5200-32C switches running Junos OS Release 15.1X53-D210, LLDP is not functional when it is configured on the management interface (em0). PR1227632

Infrastructure

  • Upon restarting rpd on a QFX5200-32C switch, you might observe a multicast traffic drop of about 30 seconds. PR1224639

  • For Junos OS Release 14.1R1 and later releases, when a broadcast packet is sent in a scenario of integrated routing and bridging (IRB) over Virtual Tunnel End Point (VTEP) over IRB, the packet is dropped in the kernel as it is looping due to a software issue. The error log message if_pfe_vtep_ttp_output: if_pfe_ttp_output failed with error 50 is observed when the issue occurs. PR1145358

Interfaces and Chassis

  • On QFX5200-32C switches, when you insert a JNP-QSFP-100G-SR4 optical transceiver into a 100 Gbps port, then channelize the 100 Gbps port and then delete the configuration, the port might go down. PR1159546

  • On QFX5200 switches, after multiple link flaps have occurred, randomly some aggregated Ethernet (ae) member links might remain in the detached state. PR1243421

  • On a QFX5200 switch with FEC support on a 100-gigabit port, if you channelize the 100-gigabit port into 25-gigabit or 50-gigabit ports, the FEC statistics are carried over to the first channelized port. PR1256221

Layer 2 Features

  • On QFX5110 switches, when the same VLAN tag ID is configured on the NNI and UNI interfaces belonging to the same bridge domain, the traffic on the NNI exits with a single tag instead of dual tags. As a workaround, use different VLAN tag IDs on the NNI and UNI interfaces. PR1192760

Network Management and Monitoring

  • In a sampling feature, certain scenarios force handling of the sampled packet at the interrupt context, which might corrupt the BMEB packet context and lead to BMEB FDB corruption. PR1156464

Resolved Issues: Release 15.1X53-D210

Firewall Filters

  • On a QFX5200 switch, if a firewall filter applied on a loopback interface is also applied to a management interface (em0), all traffic on the management interface is dropped by default. You must explicitly configure an accept term to allow traffic to the management interface. PR1225137

Interfaces and Chassis

  • On a QFX5200 switch, the show chassis led command displays incorrect status for the Link/Activity LED. For example, when an interface is administratively disabled, show chassis led shows the LED status as green even though the Link/Activity LED indicates that the port is disabled. PR1081459

MPLS

  • QFX5200 switches do not support having the same interface as part of both an MPLS configuration and a routing-instance configuration. When the same interface is configured for MPLS and for a routing instance, a commit does not work and an error occurs. PR1097427

Platforms and Chassis

  • On QFX5200 switches, periodic polling of fans occurs in intervals of less than a second. For some frequencies of polling, the presence of the fan module is not detected, and an alarm is logged. This alarm is corrected and cleared immediately in the next poll cycle. This behavior does not affect the working of the fans. PR1217426