Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Open Issues

Learn about open issues in this release for EX Series switches.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

EVPN

  • On all Junos OS platforms with EVPN-VxLAN scenario, the number of MAC-IP binding counters might reach the limit when MAC-IP is moved between interfaces. Since MAC-IP counters are not decremented when entry is deleted due to this defect, repeated moves will result in a limit (default value is 1024) that will be reached even though there are fewer entries. Meanwhile, traffic loss could be seen. PR1591264

  • On all Junos OS platforms traffic loss might be seen if an aggregated Ethernet bundle interface with ESI is disabled on master Routing Engine followed by a Routing Engine switchover. PR1597300

General Routing

  • On the EX9214 device, if the MACsec-enabled link flap after reboot, the following error messgae appears:

    PR1448368
  • The show pfe filter hw filter-name does not retrieve the Packet Forwarding Engine program. PR1495712

  • On the EX4300-48MP line of switches, the reboot time, FPC and interface uptimes are degraded by 20 percent when compared to Junos OS Releases 19.1R3, 19.2R2, and 19.4R2. PR1514364

  • On EX Series line of switches with Virtual Chassis (VC) scenario, Power over Ethernet (POE) might not be detected and hence might fail to work on VC members. This happens when there is a CPU spike on master (for example, 70 percent or above) and if a VC member gets rebooted or a new member joins VC. It is a rare timing issue and hard to reproduce. PR1539933

  • The rpd process might crash and generate a core file when the telemetry data for a streamed node is deleted during a network churn. The same node is being walked or rendered for the sensor. In this corner case the rendering and deletion of a particular node occurs at the same instance. This issue can occur only in case of an unstable network. PR1552816

  • On the EX4400 line of switches, the following error messages appears when the software is upgraded.

    PR1557468
  • On EX Series and EX Series VC platforms, post Routing Engine switchover, MAC address is configured to IRB interface (for example, set interface irb.500 mac 00:11:22:33:44:55) on new master Routing Engine, then the new master Routing Engine might crash or go into DB mode. PR1565213

  • Traffic drops during ISSU due to flapping of the LAG interface flap. PR1569578<xref

  • On a EX4400 VC, the SNMP MIB object jnRedundencySwitchOverCount will display the number of times the mastership of the Routing Engine that is changed between master and backup roles. This counter will not be reset to 0 when entire VC is rebooted. The count displayed under "jnRedundencySwitchOverCount" will be the cumulative value of the switchover events. PR1570359

  • On the EX4600-40F line of switches, EVPN_VXLAN get unexpected multicast traffic streams after enabling EVPN. PR1570689

  • On all Junos OS platforms, traffic loss might be observed because of the rare timing issue when performing frequent Interface Bridge Domain (IFBD) configuration modifications. This behavior is seen when the Packet Forwarding Engine receives out-of-order IFBD(s) from Routing Engine and might lead to the fxpc process crash and traffic drop. PR1572305

  • The dcpfe process generates a core file with a MAC based VLAN scale configuration after the interface flaps. PR1578859

  • On the EX Series platforms, a few 40G ports might not be channelized successfully and might stay down after upgrading host OS along with Junos OS using ZTP or doing manually through CLI. PR1582105

  • USB boots on upgrading to Junos OS Release 21.2R1 and gets stuck in windriver mode. PR1582592

  • On a EX4400 VC with 4 members, log messages related to fan settings will be saved in chassis traceoptions file at every 5 second interval. Though there is no implication of these messages, the chassis trace log files will get overwritten with these logs at a faster rate. Log messages which will be written into the chassis traceoptions file. Fan id: 0, setting=3 val=0 Fan id: 1, setting=3 val=0 PR1594446

  • On EX4400 platforms, if image upgrade is attempted using non-stop software upgrade, an error message "error: syntax error: request-package-validate" will be reported as the CLI output. The error does not have any impact on the non-stop software upgrade process. PR1596955

  • On all Junos OS platforms with EVPN-VxLAN environment, when MAC/IP is moved from one Ethernet segment identifier (ESI) to another ESI from the same peer, the MAC/IP withdraw route might not be sent to the remote Virtual Tunnel End Point (VTEP), only MAC withdraw route is sent to the remote VTEP. PR1597391

  • EX4400 platforms have a Cloud LED on the front panel to indicate onboarding of the device to cloud (day0) and management after onboarding (day1). If MIST is used as a management entity in cloud, then the cloud LED displays green in situations where device has lost connectivity to cloud. This is because, MIST is using outbound SSH for management. This behavior is not applicable to any other management entity that uses outbound https and LED that displays appropriate states to indicate the loss on connection to cloud. PR1598948

  • On the EX4400 Virtual Chassis operating with scaled configurations and traffic, the line card console might fail to redirect to the current virtual chassis master member. User will be logged into line card and not all cli functionality will be available on the line card. Use the request session member <virtual_chassis_member_id> command from line card cli prompt to login to virtual chassis member cli. PR1599625

  • On EX2300, after Virtual Chassis split and restore, L2/L3 unicast/multicast partial traffic loss might be observed. PR1600309

  • There is a remote possibility that during many reboots, the Junos VM goes into a state where NMI is needed to continue the reboot. There is no workaround for this and a subsequent reboot does not seem to hit this issue. PR1601867

  • On a EX4400 VC, when inband management IRB interface is not assigned with IP address or there is no DNS configured on the device, the cloud LED will display the pattern for "NO_CLOUD_RESPONSE" state of instead of NO-IP-Addr" or NO-DNS". This issue will not be observed on a standalone EX4400. PR1602664

  • On EX4400 dot1x authentication might not work on EVPN/VXLAN enabled endpoints. The issue is due to EAPOL packets received on VxLAN ports are not processed in hostpath. PR1603015

  • When a EX4400 Virtual Chassis is operating under scaled configurations and stressed traffic, a fxpc core file might be observed during any mastership switchover event. PR1603602

  • A EX4400 POE model supplies power over ethernet to connected powered devices. Whenever POE firmware needs to be upgraded, the following CLI should be used for upgrading the POE firmware. request system firmware upgrade poe fpc-slot fpc-slot poe-bt-firmware. The poe-bt-firmware statement is mandatory. If upgrade is triggered using "request system firmware upgrade poe fpc-slot fpc-slot", then the output of firmware upgrade process using "show poe controller" will show that the firmware upgrade process is stuck in SW_DOWNLOAD phase forever and the power may not be supplied to the PD's during this state. PR1606276

Infrastructure

  • A double free vulnerability in the software forwarding interface daemon (sfid) process of Juniper Networks Junos OS allows an adjacently-connected attacker to cause a Denial of Service (DoS) by sending a crafted ARP packet to the device. See https://kb.juniper.net/JSA11162PR1497768

  • When receives a unicast EAPOL (0x888e) with vlan588 tag at ae1 in this example, the packet is forwarded to ae0 without changing the vlanID to 3054. set vlans vlan588 vlan-id 588 set vlans vlan588 interface ae1.0 set vlans vlan588 interface ae0.0 mapping 3054 swap PR1580129

  • On a EX4400 device, the cli command "show system processes detail" will not display CPU details under the CPU column. This issue is fixed from software version 21.3R1 onwards. PR1588150

  • On a EX4400 device, a cloud LED on the device indicates the phone home client states and device connectivity state with the cloud. When the grpc application is configured with non-root user, then the cloud LED will not display any pattern related to day1 states. The LED pattern will still be displaying the previous day0 state as applicable. PR1589321

  • EX2300, EX2300-MP, and EX3400 do not take kernel core file to internal storage on panic with Junos 21.2R1. PR1600442

Interfaces and Chassis

  • On Junos platforms with VRRP failover-delay configured, changing VRRP mastership might cause peer device to re-learn VIP ARP entry on old master interface due to timing issue. PR1578126

Junos XML API and Scripting

  • On a EX4400 device, any files scheduled for download using the cli command request system download might fail due to error. The files can be downloaded using normal ftp/scp commands on the device. PR1604622

Platform and Infrastructure

  • When the dhcp relay mode is configured as no-snoop, the offer gets dropped due to incorrect ASIC programing. PR1530160

  • On EX9200 line of switches, FPC gets restarted and thereby disrupting traffic when there is an out-of-order filter state. This issue might be seen only in back-to-back GRES in more than 40 to 50 iterations. PR1579182

  • On EX4300 POE switches, the pfex process CPU utilization becomes high after 6-8 weeks. There is no functional impact. PR1453107

  • A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). Refer to https://kb.juniper.net/JSA11200 for more information. PR1557881

  • On EX9200 platforms, FPC gets restarted and thereby disrupting traffic when there is an out-of-order filter state and its terms, this issue might be seen only in back-to-back GRES in more than 40 to 50 iterations. PR1579182

  • On EX4300 platforms, when a firewall filter for broadcast traffic with discard action policer is applied to the loopback interface, all broadcast packets (including Layer 2 forwarding packets, such as DHCP discover packets) that match this filter rule might be dropped. PR1597548

  • On EX4300 platforms with both enterprise style and service provider style configurations, an interface with enterprise style logical interfaces and flexible-vlan-tagging configured, VLAN tagged traffic might be dropped due to incorrect programming in the system. PR1598251

  • When a EX4400 Virtual Chassis is scaled with different features configurations and device is stressed with traffic, device might not respond for CLI commands for a short period of time and a vmcore might be reported at that time. Once VM core is saved, device will continue to operate normally. PR1599498

  • When Slaac-Snooping is enabled in VLAN, it is observed that sometimes due to the socket connection failure in Slaac-Snoopd daemon the DAD packet transmission from switch towards the client fails over the vtep interface. The DAD packet is intended to provoke NA response from CLIENT in order to renew the lease timer of the Global IPv6 entry in the switch and due to the DAD tx failure the Global IPv6 entry learnt over vtep interface is removed from slaac-snooping binding table on the switch. The Global IPv6 entry will get relearnt upon getting another DAD or NS packet from CLIENT in future. PR1603269