Knowledge Search


×
 

19.2R1-S1: Software Release Notification for Junos Software Service Release version 19.2R1-S1

  [TSB17630] Show Article Properties


Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, MX, EX, PTX, QFX, vMX, vRR, NFX, SRX, vSRX
Alert Description:
Junos Software Service Release version 19.2R1-S1 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 19.2R1-S1 is now available.

PRs found and not fixed in 19.2R1-S1

PR Number Synopsis Description
1456212 Routing Daemon cores when trying to successively clear IGP database Multiple non-stop attempts to clear IGP database can result in routing daemon core when locally computed SRTE LSPs are configured in the order of thousands
     

 

The following are incremental changes in 19.2R1-S1.

 
PR Number Synopsis Description
1386255

CLI "show chassis errors active detail" not supported for QFK5K platforms.

The "show chassis errors active detail" command does not support QFK5000 platform. It will be hidden and taken care in other opened scopes.

1389607

With large number of IPSec tunnels established, few tunnels may fail during rekey negotiation if SRX initiates the rekey.

On SRX5400, SRX5600, SRX5800 devices with SPC3, with large number of IPSec tunnels established, few tunnels may fail during rekey negotiation if SRX initiates the rekey.

1401718

Link Fault Signaling (LFS) not working on ACX5448 10/40/100GbE interfaces

Link Fault Signaling (LFS) feature is not supported on ACX5448 10/40/100GbE interfaces.

1411610

Parity error might cause FPC alarm

The parity errors related to static memory areas in the XQ chip can be corrected by writing back the scheduling node configuration again. This part was missing and as a result we used to generate alarm for every such occurrence.

1412463

Error logs might be observed after performing ISSU

On MX platform with MPC2E-NG-2Q/MPC3E-NG-3Q, after performing ISSU, the error logs might be observed and the interfaces queue statistics on the affected MPC might stop incrementing.

1420762

The iked process might crash when IKE and IPsec SA rekey happens simultaneously

On SRX5000 Series devices with SPC3 (The third generation SPC card) installed, the iked process might crash when IKE and IPsec Security Association (SA) rekey happens simultaneously.

1424937

IPsec packet throughput might be impacted if NAT-T is configured and the fragmentation operation of post-fragment happens

On all SRX platforms, if VPN IPsec is configured with NAT-T (Network Address Translation-Traversal), post-fragment of ESP packet may occur. This might impact performance due to the fragmentation operation. Post-fragment of ESP packet can be avoided by adjusting the MTU of the st0 interface.

1428094

PTX10K/LC1101: when an interface is configured with jumbo frames support (e.g. MTU = 9216), the effective MTU size for locally sourced traffic is 24 bytes less than the expected value

PTX10K/LC1101: when an interface is configured with jumbo frames support (e.g. MTU = 9216), the effective MTU size for locally sourced egress traffic is 24 bytes less than the expected value. This issue is confined to locally originated traffic only and does not affect transit traffic.

1429181

The PICs might go offline and split-brain might be seen when interrupt storm happens on internal ethernet interface em0/em1

On SRX5400, SRX5600, SRX5800 platforms with chassis cluster scenario, the PICs might go offline and split-brain (both the active and passive firewalls claim master at the same time) might be seen when interrupt storm happens on internal ethernet interface em0/em1. The issue might result in complete service outage.

1429506

DHCP-relay may not work in an EVPN-VxLAN scenario

On QFX10000 platform with an EVPN-VxLAN setup, DHCP-relay may not work if the DHCP server is reached via the routes learnt through EVPN type-5 routes.

1429712

The LACP interface might flap if performing a failover

On SRX4600 platform with LACP configured, in a rare condition, if RG0 failover the interface flap might happen. This issue might cause traffic interrupted.

1430187

REST API does not work on lower-end SRX platforms

REST API does not work on lower-end SRX platforms

1430878

With CNH for 6PE, MPLS EXP rewrite rule for non-VPN IPv4 over MPLS traffic might not work

On platforms that use Trio PFE (MX/EX9200/T4000), when Chained Composite Next-Hop for 6PE is configured, Class of Service MPLS EXP rewrite rule for non-VPN IPv4 over MPLS traffic ('protocol mpls-inet-both-non-vpn') may not work when a BGP 6PE route using the same MPLS LSP (same BGP next-hop) exists. This happens after the MPLS LSP next-hop is re-programmed, e.g. due to the network convergence.

1431206

SW:Rio-X NPI:Platforms: ACX5448-D Interfaces support:after chassis control restart load balancing on the child interfaces of ae interface stops

L4 Hashing will work for both IPv4 & IPv6 packets, if any one of the two CLIs is enabled. To disable L4 hashing for any one of IPV4 or IPV6, both CLIs needs to be in disabled state. CLIs for reference, set forwarding-options hash-key family inet layer-4 set forwarding-options hash-key family inet6 layer-4

1432293

Incorrect MAC count with "show evpn/bridge statistics"

After a mac move from local interface to a remote mac, "show bridge/evpn statistics" command reports the wrong number of MACs learned on an interface. "show bridge/evpn mac-table count" provides the accurate number of MACs learnt

1432398

"show isis adjacency extensive" output is missing state transition details

CLI command 'show isis adjacency extensive' output in text format is missing some details from the adjacency transition log. The output in XML format is still correct.

1432432

Flood of messages "vhostd_mq_send_to_junos: Connected to JUNOS server after 1 attempts" in vmhost logs

Excessive "vhostd_mq_send_to_junos" message may be printed continuously in the vmhost syslog file on MX routers with RE-S-X6-64G. These messages are non-impact to the system. However, they may contribute to excessive disk activities.

1433355

NATT-PMI: P1/P2 SAs are deleted after RG0 failover.

Additional IKE trace messages are added to provide more information to help troubleshooting P1/P2 SAs processing.

1433918

Ping fails over Type-5 tunnel on IRB interfaces under EVPN-VXLAN scenario

On EVPN-VXLAN scenario with Type-5 route used, if ping Type-5 destinations over IRB interfaces, it might fail and packets are all dropped.

1434137

The kmd log shows resource temporarily unavailable repeatedly and VPNs might be down

On SRX platforms with lots of IPsec VPN tunnels configured (e.g., 6700 IPsec VPN tunnels configured on SRX5400), after system bootup (system reboot or upgrading), the kmd on Routing Engine and iked on Services Processing Unit (SPU) repeatedly generates "ipc_pipe_write:353 num_sent=-1 errno=35 Resource temporarily unavailable" and certain IPsec VPN tunnels might be temporarily down.

1434757

Intermittent packets drop might be observed if IPsec is configured

On all SRX platforms with Junos 18.2R1 onwards, if IPsec VPN is configured, intermittent packets drop might be seen.

1434900

ACX5448 forward small packets(less than 64 bytes including padding) if egress link is 40G/100G causing remote interface drop as runts.

ACX5448 forward small packets(less than 64 bytes including padding) if egress link is 40G/100G causing remote interface drop as runts.

1435277

traffic drop when session key roll-over between primary & fallback for more than 10 times

When disable-preceding-key is configured and session key rollover between primary & fallback for more than 10 times customer might see traffic drop with following error "out of KI-nextPN entries" but macsec session recovers correctly with expected primary/fallback key session. Working on a fix.

1435298

With SR enabled 6PE next-hop is not installed

With "no-ipv6-routing" enabled under isis, inet6.3 table was not getting created, which affected 6PE and 6VPE scenarios.

1435687

The second IPSec ESP tunnel might not be able to establish between two IPv6 IKE peers

On SRX5400/5600/5800 platforms acting as a middle device between Internet Key Exchange (IKE) peers, it is not able to establish more than one Encapsulating Security Payload (ESP) session between two IPv6 IKE peer if the IKE ALG is enabled on the middle SRX device.

1435700

SPC3 / SRX fragments egress VPN traffic earlier than required by ingress packet sizes

VPN overhead calculation is going wrong on SPC3 due to using wrong spu-id API. Fixed this issue by calling common API for spc2 and spc3 to get SPU-id without core-id.

1435955

The interface using LACP flaps when RE is busy

On SRX4100, SRX4200 and SRX4600 platforms, if LACP is configured on the reth interfaces and chassis cluster is used, the interface using LACP flaps when RE is busy. This issue causes traffic gets dropped for around one second.

1436223

i40e NVM upgrade support for EX9200 platform

Added support for i40e NVM upgrade in EX9208 in JUNOS Software releases

1436720

Packet reorder does not work when sending traffic over IPsec tunnel

If IPSec is configured on vSRX,SRX4K,SRX5K platforms, SRX device will do post-fragment when traffic pass through IPSec tunnel. Then VPN packets might be sent out-of-order to peer device, which causes packets get dropped.

1437108

BGP route next-hop can be incorrect in some scenarios with PIC edge configuration

BGP route next-hop can be incorrect in some scenarios with PIC edge configuration

1438747

Frequent issuance of command "show class-of-service spu statistics" cause rtlogd busy.

frequent issuance of command "show class-of-service spu statistics" can cause rtlogd busy, which can temporarily impact snmp retrieval.

1438847

18.2X41.13-SPC3-CCL:Decryption traffic doesnt take PMI path after ipsec rekey (initiated by peer) when loopback interface is configured as external interface.

After an IPSec flow going through a rekey event, the IPSec flow were decapsulated via the normal path instead of going through the PMI path.

1439518

RIO:ACX5448:DHCP Packets not Transparent over L2CIRCUIT

Transit DHCP packets are not punted to CPU and are transparently passthrough.

1440677

Performance improvements were made to Screens which benefit multi-socket systems

Performance improvements were made to Screens which benefit multi-socket systems like the SRX 4200, SRX 4600, and SPC3's.

1441226

Support inspection for pass-throughs IPIP tunnel traffic on TAP mode

SRX platform. Capabilities are added to support inspection for pass-throughs IPIP tunnel traffic on TAB mode

1441234

18.2x41 SPC3 & SPC2 mixed mode : SPC2 wrongly forwarded packet to SPC3 core0 and core14, see core0 and core14 back pressure detected.

In Mix-mode, when packets are forwarded from SPC2 to SPC3, in some condition, packet might wrongly forwarded to SPC3 core0 and core14, then causing the packet drop.

1441464

ATT Whitebox : Mac+IP routes are not consistent // ATTip46103

Mac+IP routes are consistent when MAC aged out.

1442901

ACX5448: Pkt buffer error from PFE leading to memory leak when IGMP is sent from NNI AC in L2circuit & VPLS

In an ACX5448 platforms, when the PFE failed to allocate packet buffer, portion of packet memories may not be freed.

1443222

RTSP resource session is not found during NAT64 static mapping

On all SRX platforms, when using NAT64 translation, RTSP uses a wrong string to re-write the message payload, which may result in the message being dropped in a remote device.

1443353

The cfmd process might crash after a restart on Junos 17.1R1 and above

On MX platforms running Junos 17.1R1 and above, when enhanced-ip mode and CFM centralized mode ("no-aggregate-delegate-processing" konb is configured for CFM) are used , after a cfmd restart (e.g. device cold start/restart, RE switchover), the cfmd process might crash and could not run anymore.

1443489

Non-Designated port is not moving to backup Port role

Once VSTP has converged, if there is a VSTP config change and then BPDU might not be flooded due to which port role might be incorrect state in the adjacent switches. There is no loop created in the network.

1444730

The IPsec VPN traffic drop might be seen on SRX platforms with NATT scenario

On SRX platforms, when NATT (NAT-Traversal) is used for an IPsec VPN tunnel, the traffic through the tunnel may stop forwarding after a rekey. Below is the rekey explanation. In IPsec VPN, the keys are directional, one for incoming traffic and the other for outgoing traffic and a pair of keys are installed to data-plane. There is a transition time for both the peer devices to switch to new keys. So sometime both new and old keys exist together. Each device is set their own timer (implementation specific) to switch to the new keys (mainly for outgoing traffic, incoming traffic can come on any of the keys). Old keys need to be there until they get deleted by whoever initiates rekey. Devices switch to new keys when activation timer expires or the peer device start sending traffic with new keys. If devices switch to new keys with a timer then outgoing traffic starts using new keys but the peer device could keep sending with old keys until it switches to new keys.

1446035

SRX300, interface LED does not work in 19.2R1

On SRX300, interface LED does not work in 19.2R1 although the interface works absolutely fine. This is a cosmetic issue. This issue is fixed in 19.2R2 onwards.

1448161

LACP cannot work with "encapsulation flexible-ethernet-services" configuration

On SRX550M devices, when encapsulation flexible-ethernet-services is configured together with LACP protocol on AE interfaces, the interface does not come up.

1448395

The flowd process crashes when SRX5K devices work at SPC3 mix mode with 1 SPC3 card/7 SPC2 cards

When NAT is used on SRX5K (SRX5400, SRX5600 and SRX5800 devices work at SPC3 mix mode with 1 SPC3 card/7 SPC2 cards), it might cause the flowd process crash and traffic impact.

1448722

SPC3 Talus FPGA stuck on 0x3D/0x69 golden version

In SRX5000 series with SPC3, at the first bootup after a Junos upgrade, if the SPC3 FPGA upgrade gets interrupted for example by another reboot, the FPGA upgrade may persistently fail and fallback to an older FPGA image (0x3D/0x69), which may cause the SPC3 card to come online, but not process traffic. The system alarm 'Talus version mismatch' will be raised in this case.

Modification History:
First publication 2019-09-06
Related Links: