In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway address (VGA) is configured on a PE, a traffic loop may occur upon receipt of specific IP multicast traffic. The traffic loop will cause interface traffic to increase abnormally, ultimately leading to a Denial of Service (DoS) in packet processing. The following command could be used to monitor the interface traffic: user@junos> monitor interface traffic Interface Link Input packets (pps) Output packets (pps) et-0/0/1 Up 6492089274364 (70994959) 6492089235319 (70994956) et-0/0/25 Up 343458103 (1) 156844 (0) ae0 Up 9132519197257 (70994959) 9132519139454 (70994956) This issue affects Juniper Networks Junos OS on QFX Series: all versions before 17.3R3-S10; 17.4 versions before 17.4R2-S12, 17.4R3-S3; 18.1 versions before 18.1R3-S11; 18.2 versions before 18.2R3-S6; 18.3 versions before 18.3R3-S4; 18.4 versions before 18.4R2-S5, 18.4R3-S5; 19.1 versions before 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions before 19.2R1-S5, 19.2R3-S1; 19.3 versions before 19.3R2-S5, 19.3R3; 19.4 versions before 19.4R2-S2, 19.4R3; 20.1 versions before 20.1R2; 20.2 versions before 20.2R1-S2, 20.2R2.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
juniper junos 17.3 |
||
juniper junos 17.4 |
||
juniper junos 18.1 |
||
juniper junos 18.2 |
||
juniper junos 18.3 |
||
juniper junos 18.4 |
||
juniper junos 19.1 |
||
juniper junos 19.2 |
||
juniper junos 19.3 |
||
juniper junos 19.4 |
||
juniper junos 20.1 |
||
juniper junos 20.2 |
Vulmon