Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

19.2R1-S2: Software Release Notification for JUNOS Software Version 19.2R1-S2

0

0

Article ID: TSB17691 TECHNICAL_BULLETINS Last Updated: 02 Dec 2019Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, MX, EX, PTX, QFX, vMX, vRR, NFX, SRX, vSRX
Alert Description:
Junos Software Service Release version 19.2R1-S2 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 19.2R1-S2 is now available.

19.2R1-S2 - List of Fixed issues

PR Number Synopsis Category:Marvell based EX PFE L2
1463318 The traffic dropped on EX4300-48MP device acting as a leaf in Layer 2 IP fabric EVPN VXLAN environment
 
On EX4300-48MP device acting as a leaf in Layer 2 IP fabric EVPN VXLAN environment, the 100% traffic drop might be seen if unplug cable connected to the et interface and plug it back.
PR Number Synopsis Category:EX2300 & EX3400 VC
1463635 The VC function may be broken after upgrading on EX2300/EX3400 platforms
 
On EX2300/EX3400 platforms, if the Direct Attach Copper (DAC) cable is used on a VC port and made by TE connectivity, the status of VC port may be detected as "Absent" after upgrading the device to 19.2+, as a result, the VC function may be broken.
PR Number Synopsis Category:QFX L3 data-plane/forwarding
1443507 IPv6 connectivity between MC-LAG peers might fail when multiple IRB interfaces are present
 
On all Junos platforms which are enabled with MultiChassis Link Aggregation Group (MC-LAG), if there are multiple Integrated Routing and Bridging (IRB) interfaces present, and the Inter Chassis Link (ICL) is also connected over an IRB interface, when both MC-LAG peers have not learnt link-local addresses and IPv6 ping is firstly initiated from the remote peer, the Neighbor Solicitation (NS) packet might take ICL path and couldn't get answered properly.
PR Number Synopsis Category:This is for Hw & Sw issues which are special for SPC3 car
1429899 Packet loss by FPGA backpressure on SPC3
 
On SRX5000 Series devices with an SPC3 card, sometimes very small amount of packet loss is observed.
PR Number Synopsis Category:accounting profile bugs
1452363 The pfed might crash and not be able to come up on the PTX or TVP platforms
 
The flow label statistics are retrieved periodically by pfed for PTX or TVP platforms, if the statistics reply becomes very big number, the pfed might crash hence affecting traffic.
PR Number Synopsis Category:JUNOS kernel/ukernel changes for ACX
1460391 ACX5K: SNMP mib walk for jnxOperatingTemp not returning anything for FPC in new versions.
 
ACX5K: SNMP mib walk for jnxOperatingTemp not returning anything for FPC in new versions.
PR Number Synopsis Category:Miscellaneous PFE on ACX
1407098 high CPU for fxpc processes with class-of-service changes on AE interfaces.
 
high CPU for fxpc processes with class-of-service changes on AE interfaces.
PR Number Synopsis Category:"agentd" software daemon
1401817 The na-grpcd log file is not rotated and keeps growing until RE is out of disk space
 
In JET/Telemetry scenario, the Telemetry log file is not rotated and keep growing until Routing Engine (RE) is out of disk space, this might cause unexpected impact of RE, and eventually lead to RE crash. The fix has now been provided to set max allowable size to 50M and once the file reaches its max size, it will get rotated and compressed.
1427726 When installing YANG package without "proxy-xml" knob, the cli environment could not working well
 
In the normal YANG module code flow, it was not being checked if it is a xmlproxy YANG module. If installing the xmlproxy YANG package without the "proxy-xml" knob, CLI environment might not work as expected.
1433378 The gNMI 'set' RPC with 'replace' field does not work and the mgd-api crashes
 
When gNMI 'set' RPC is executed from gNMI clients with 'replace' field, The mgd-api process crashes. All other fields with 'set' RPC work fine. Issue is only when 'replace' field exists in request.
PR Number Synopsis Category:MX Layer 2 Forwarding Module
1459833 False warning message seen on commit (commit check) "warning: vxlan-overlay-load-balance configuration for forwarding options has been changed....." after upgrade to 19.2R2-S1.4
 
After upgrading to 19.2R2-S1.4 below false-positive commit warning is seen even though there is no config change under 'forwarding-options vxlan-overlay-load-balance' # commit and-quit re0: [edit] 'forwarding-options' warning: vxlan-overlay-load-balance configuration for forwarding options has been changed. A system reboot is mandatory. Please reboot *ALL* routing engines NOW. Continuing without a reboot might result in unexpected system behavior. configuration check succeeds re1: configuration check succeeds commit complete re0: commit complete Exiting configuration mode
PR Number Synopsis Category:common or misc area for SRX product
1437098 LACP traffic distributed evenly on ingress child links but not on egress links
 
On SRX5k with SPC3 and SRX4600 platforms, the distribution of traffic over Link Aggregation (LAG) member ports does not take into account layer 4 port information.
PR Number Synopsis Category:Border Gateway Protocol
1351639 The rpd crashes in JunOS 16.1 or higher during BGP convergence
 
In JunOS 16.1 or higher, during BGP convergence, the input/output thread constructing the outgoing BGP PDU and manipulating the path attributes before hand-off the data to the socket. If this PDU length is zero, it will trigger an assertion and routing-protocol demon is restarting.
1382892 The rpd might crash under a rare condition if GR helper mode is triggered
 
When graceful restart is configured on the BGP peer device, if the peer device initiate new TCP connection when there is an existing TCP connection for the BGP session, send OPEN message and this new TCP connection also get torn down immediately after establishment/sending of OPEN message. The rpd might crash.
1412538 BGP might stuck in Idle state when the peer triggers a GR restart event
 
When NSR (nonstop-routing) is enabled in local device and BGP GR (Graceful-Restart) is enabled in peer device, if the peer triggers a GR restart (it is usually caused by some failure in peer or the peer restarts rpd, etc), some BGP sessions might stuck in Idle state. The reason is that when the GR restart happens, the device is still doing the initial sync to the backup RE of the previous sessions, so some BGP sessions might stuck in Idle state because the router does not complete the process (the initial sync of the data set to the backup).
PR Number Synopsis Category:MX Platform SW - FRU Management
1442138 The chassisd is unable to power off a faulty FPC after RE switchover which leading to chassisd restart loop
 
In the MX router with a faulty (e.g. hardware error) FPC (Flexible PIC Concentrator) installed, performing RE (Routing Engine) switchover or restarting chassisd which may cause chassisd restart loop. This issue will cause traffic lose completely.
PR Number Synopsis Category:MX Platform SW - Mastership Module
1424187 The system does not reboot or halt as configuration when encountering the disk error
 
When the system encounters disk error or halted system (ex. memory leak), the chassisd might go in hung state with the blow error messages even though "disk-failure-action reboot" or "disk-failure-action halt" is configured.
PR Number Synopsis Category:MX Platform SW - UI management
1411062 Slow SNMP response time on entityMIB might be seen in the fully loaded setup with many SFPs
 
In the fully loaded setup with many SFPs, some SNMP queries might experience response delay due to higher priority daemons utilizing CPU resources.
PR Number Synopsis Category:Device Configuration Daemon
1409535 Unrelated AE interfaces might go down if committing configuration changes
 
On all Junos platforms, if VRRP is running upon AE interfaces while committing any configuration changes related to AE interfaces, unrelated AE interfaces might go down.
PR Number Synopsis Category:L3 V4 V6 etc support for DNX
1426734 [ARP] RLI:39207:RIO-X:SKU ACX5448-D: 96K ARPs are getting populated but only 47K NH entries are present. So around 50% packet drop is observed.
 
Due to BCM sdk design, EEDB hardware entry is not freed for unicast next-hop creation. This leads to resource leakage and is not allowing to higher scale.
PR Number Synopsis Category:EA chips SW
1407506 FPC crash and slow convergence upon HMC Fatal error condition when inline-jflow is used
 
On MX platforms using MPC7E, MPC8E, MPC9E, MX10k-LC2101 or MX10003, when inline-jflow application is used, Fatal error on Hybrid Memory Cube (HMC) will perform "disable-pfe" action. Since Jflow records are hosted on the HMC memory partition, reading and writing to the HMC memory might trigger FPC crash and high FPC CPU utilization, causing slow convergence (adding/deleting routes or nexthops) for other PFEs on the same FPC carrier.
PR Number Synopsis Category:EA ucode SW issues
1422464 PFE wedge may be observed after performing the command "show forwarding-options load-balance ..."
 
On MX platform, performing the command "show forwarding-options load-balance ..." may cause PFE wedge after some number of attempts (<200 in test), if the option "destination-address" of the command matches the default route with "discard" action, this is because a defect code causing internal flow errors is involved in that scenario.
PR Number Synopsis Category:Express PFE FW Features
1433648 Traffic drop might occur on PTX during filter change operation
 
On PTX platforms, the device may fail to clean up old entries during filter change operation. Hence transit packets might get dropped on PFE. This is a timing issue.
PR Number Synopsis Category:Express PFE including evpn, vxlan
1454603 QFX10002-60c: EVPN-VXLAN: MAC+IP Count is shown as Zero
 
EVPN-VXLAN: MAC+IP Count may be shown as Zero in the output of CLI show ethernet-switching global-information on Xellent (QFX10002-60c)
PR Number Synopsis Category:PTX Express ASIC interface
1422535 4x10G interfaces on PTX3000/PTX5000 FPC type 3 might not come up after frequently flap for a large amount of time
 
On PTX3000/PTX5000 platforms with FPC3, if remote-connected interface continuously flaps for a large amount of time, the 4x10G interfaces on FPC3 might get down and never come up. The probability of occurrence increases with the number of continuous flaps.
PR Number Synopsis Category:IDP policy
1437569 The flowd/srxpfe process crashes and generates a core dump
 
On all SRX and vSRX platforms, the flowd/srxpfe process may crash and generate a core dump when upgrading the security package manually.
PR Number Synopsis Category:Kernel software for AE/AS/Container
1445428 Detached LACP member link gets LACP State as enabled in PFE when switchover because of device reboot
 
If particular set of events happened the status for detached LACP link may get turned on in PFE which may later create traffic blackholing for transit traffic.
PR Number Synopsis Category:ISIS routing protocol
1430581 The next-hop of IPv6 route remains empty when a new ISIS link comes up
 
In a scenario with ISIS running single spf (shortest-path-first) for IPv4 and IPv6, i.e. the multi-topology is not enabled, when a new ISIS link comes up, IFA (interface address) for IPv4 comes up quickly and the route is installed, but IFA for IPv6 is not up quickly due to DAD (Duplicate Address Detection) is enabled by default. Therefore, after spf calculation, the next-hop list for IPv6 remains empty for about 11 seconds, so, ISIS ends up with deleting the route.
1455994 Prefix SID conflict might be observed in ISIS
 
In an ISIS segment routing scenario, prefix SID(Segment Identifier) might conflict for internal prefixes. When ISIS L2 to L1 route leaking policy is used after NSR(Nonstop active Routing), it is observed that the L1/L2 router appears to be leaking some prefixes twice, second time setting SID and all flags to 0 due to which all the SIDs have conflicting values as '0' which might cause traffic loss.
PR Number Synopsis Category:Flow Module
1421497 The after-NAT IP fragment packet might be dropped by firewall filter
 
If firewall filter is configured on incoming interface that only allow pre-NAT IP packet, the after-NAT fragment packet might be dropped by firewall filter.
1426090 SRX5000 in Mixed-mode: Failed to clear sessions on SPC2 with error message "error: usp_ipc_client_recv_:ipc_pipe_read() failed read timed out after 5 second(s)"
 
On the SRX5000 with SPC2 and RE3 mixed mode used, clearing sessions on SPC2 may fail.
1433336 VPN traffic fails after primary node reboot or power off
 
On SRX platforms, IPSec tunnel is set up on chassis cluster, traffic pass through IPSec tunnel on the active node. IPSec traffic cannot pass through on backup node after reboot the active node.
PR Number Synopsis Category:JSR Application Services
1460035 srxpfe lcore-slave core dump
 
Corrupted or Malformed HTTP long (over 64K bytes) message hits security policy which is attached on ICAP Redirect policy. Corrupted memory is freed.
PR Number Synopsis Category:IPSEC/IKE VPN
1423821 AVPN:Traffic Selector:IKEv2:SPC3/SPC2:Configuration-change:Old tunnel entries are also seen when new tunnel negotiation happens from peer device after change in ike gateway configuration at peer side.
 
On SRX5k (SPC3/SPC2) series, when a duplicate user (same user with different ip address but same ike-id) comes in, in some cases, old ike sa entries don't get deleted right away.
1431265 SPC3:IPSEC: tunnel doesn't come up after changing configs from ipv4 to ipv6 tunnels in the script with "gateway lookup failed" error
 
On SRX5000 Series devices with SPC3 card plugged in, sometimes VPN tunnel does not come up after changing configuration from IPv4 to IPv6 tunnels.
1432434 P1 config delete message is not sent on loading baseline config if there has been a prior change in vpn config
 
The P2 object sharing from ikemd was always incrementing ref_count even for P2 modify/edit and this was causing problem while deleting the P2 followed by P1 object as ref_count was always +ve when checked even if all P2s are deleted. This was leading to undesirable consequences like iked core.
1433424 19.2 IPsec VPN - ipsec sa in and out key sequence number update missing with cold-sync(secondary node reboot)
 
In a chassis cluster, ESP or AH packet sequence number is not synchronized to the backup node after the backup node is rebooted.
1433568 IPsec VPN - Anti-replay: sequence number reset to zero while recovering SA after SPC3 or flowd crash/reboot
 
There is a product limitation on SRX devices, when PFE reboots, the SA is re-installed from iked but the sequence numbers and anti-replay bitmap is not restored. These will be reset to 0.
1443560 The iked crashes on SRX5K with SPC3 when IPSec VPN/IKE is configured
 
When IPsec VPN or IKE is configured on SRX5400, SRX5600, and SRX5800 platforms with SPC3, the IKE process stops and new IPsec VPN tunnel cannot be established until the IKE process is restored automatically.
1449296 Sometimes old SAs are not deleted after rekey and the number of IPSec tunnels shows up more than the configured tunnels
 
On SRX5000 series with SPC3 card, sometimes old SAs are not deleted after rekey and the number of ipsec tunnels shows up more than the configured tunnels
1455389 The VPN flaps on the primary node after a reboot of the secondary node
 
The VPN may flap on the primary node after a reboot of the secondary node when DPD is configured in the IPSec VPN.
PR Number Synopsis Category:Layer 2 Circuit issues
1418870 The rpd crash might be seen if l2circuit/local-switching connections flap continuously
 
On all Junos platforms, if there are multiple interfaces configured under a single l2circuit/local-switching, and each of these interfaces has a description field configured under them, when l2circuit/local-switching connections flapping continuously, memory usage increment might happen, eventually, it will result in rpd crash because of running out of memory.
PR Number Synopsis Category:Layer2 forwarding on EX/NTF/PTX/QFX
1445720 The l2ald might crash when FPC is restarted
 
On the restart of FPC, in some rare conditions the l2ald process crashes. The crash occurs when a line-card interface gets mapped to two internal indexes one of which is invalid and flood next-hop still includes the invalid index. The issue affects all the Junos platforms.
PR Number Synopsis Category:Multiprotocol Label Switching
1427414 MPLS LSP auto-bandwidth stats miscalculations may lead to high bandwidth reservation
 
With auto-bandwidth configured for Resource Reservation Protocol (RSVP) Label Switched Path (LSP), when current stats collected are lower than previous values, the current stats is used to calculate rate and the rate can be skewed, hence large bandwidth might be wrongly reserved for the LSP. If there is no sufficient resources (e.g. bandwidth, alternative path) in the network, other LSPs might be torn down, or might not go up.
1433857 Restart Routing might cause RPD core while GRES and NSR enabled
 
restart-routing command on Master RE might cause a core dump on Backup RE, while having GRES and NSR enabled.
PR Number Synopsis Category:Multi Protocol Label Switch OAM
1436373 The rpd might crash after executing 'ping mpls ldp'
 
In LDP to BGP-LU stitching scenario, when BGP route goes down, MPLS ping is done before that route is pulled out of the routing table, the rpd will crash.
PR Number Synopsis Category:Track veHostd, vmm-sdk issues on Mt Rainier RE
1448413 vehostd Application failed Minor alarm
 
Automatic restart of vehostd might fail and the following Minor alarm is seen with 'show system alarms' or 'show chassis alarms'. VMHost RE 0 host vehostd Application failed or VMHost RE 1 host vehostd Application failed The process can be restarted manually in affected releases. After the fix of this PR, the process restart is handled properly.
PR Number Synopsis Category:FreeBSD Kernel Infrastructure
1425608 The kernel crashes when removing mounted USB while a file is being copied to it
 
If pulling out a USB storage device from the system while files are being copied, the kernel panics and the system restarts.
1433224 The operations on console might not work if the knob "system ports console log-out-on-disconnect" is configured
 
With the knob "system ports console log-out-on-disconnect" configured, if executing some operations on console, the console operations might fail to work properly.
1442376 EX2300 platforms might stop forwarding traffic or responding to console
 
On EX2300/EX2300-C platforms, if Junos software is with FreeBSD kernel version 11 with the build date on or after 2019-02-12, the switch may stop forwarding traffic or responding to console. Power cycle of switch would recover the issue.
PR Number Synopsis Category:"ifstate" infrastructure
1437762 The CPU utilization on a daemon might keep around 100% or backup RE might crash in race conditions
 
The CPU utilization on a daemon might keep around 100% or backup RE might crash in race conditions (it may get hit or triggered at times by some churn in the system, no specific trigger).
PR Number Synopsis Category:Protocol Independant Multicast
1434347 Removing MVPN configuration from an vrf instance may result in rpd core as it is considered as a catastrophic change for routing daemon
 
Removing MVPN configuration from an vrf instance may result in rpd core as it is considered as a catastrophic change for routing daemon.
PR Number Synopsis Category:Issues related to PKI daemon
1465966 Loading CA certificate causes the process pkid crash
 
If a CA certificate includes CRL URL that doesn't has "/" separate URL from the "hostname:port" section, when SRX load it, pkid core dump might happen and any service rely on CA will be affected.
PR Number Synopsis Category:Periodic Packet Management Daemon
1448670 The connection between ppmd(RE) and ppman(FPC) might get lost due to session timeout
 
Under certain circumstances such as JUNOS VM freeze at the Routing Engine, ppmd to ppman connection might be closed if the session timeout is greater than 3 seconds in either direction. This might lead to flapping of distributed ppm protocol adjacency such as lacp/mBFD.
PR Number Synopsis Category:PTP related issues.
1453531 PTP out of sync when HWDB is not accessible during initialization
 
On all Junos platforms, due to a software defect, sometimes the HWDB (an internal database) might not accessible during initialization, causing the IEEE 1588 flood token not installed properly, which is leading to PTP synchronization issues in case of multi-line cards scenario.
PR Number Synopsis Category:Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1426737 The dcpfe/PFE might not start on AS7816-64X and QFX5K TVP platform devices
 
The dcpfe/PFE might not start on AS7816-64X and QFX5K TVP platform devices which results in all the interfaces going down.
1453821 "show chassis led" shows wrong status
 
"show chassis led" status outputs may not proper along with some port status
1456742 The laser from the 10G SFP+ interface is still on when the interface is disabled or the device is rebooted
 
On the QFX5210 platform, the laser is still emitting from 10G SFP+ port even though the interface is disabled or the device is rebooted. It will cause the peer's interface is still up and might impact traffic.
1456742 The laser from the 10G SFP+ interface is still on when the interface is disabled or the device is rebooted
 
On the QFX5210 platform, the laser is still emitting from 10G SFP+ port even though the interface is disabled or the device is rebooted. It will cause the peer's interface is still up and might impact traffic.
1458514 QFX5210 : LED does not light on port 64 and 65 after upgraded to 19.2R1.
 
On QFX5210, physical LED does not light on port 64 and 65 though traffic is passing through.
PR Number Synopsis Category:QFX platform optics related issues
1402127 QSFP-100GBASE-SR4/LR4 might take a long time to come up after disabling interface or reboot
 
On QFX5110 platform with QSFP-100GBASE-SR4/LR4 port used, after disabling an 100G port and then enable the port again, or reboot the device, there is a long time delay (5-15 minutes) before the ports come up.
PR Number Synopsis Category:QFX L3 data-plane/forwarding
1452433 There might be interface reachability issues on AS7816
 
On AS7816 devices loaded with Juniper NOS, the interface might not be reachable and the protocols (e.g. bgp, ospf etc) will not come up. The AS7816 device comes up with 1024 MAC addresses. The issue is due to the NOS is not able to read and interpret the MAC address on the interface.
PR Number Synopsis Category:RPD Next-hop issues including indirect, CNH, and MCNH
1424819 The rpd keeps crashing after changing configuration
 
In the ECMP (Equal-Cost Multipath) environment with existing more than 8 multipath for a given route, changing configuration (e.g. delete routing protocol IGP or LSP) is trying to delete a software structure which was already corrupted sometime earlier due to memory corruption, and this may cause the rpd to keep crashing. This issue applies to all types of nexthops with multipath.
1458595 The rpd crash might be seen if BGP route is resolved over same prefix protocol next-hop in inet.3 table which has both RSVP and LDP routes
 
In race condition, if BGP route is resolved over same prefix protocol next-hop in inet.3 table which has both RSVP and LDP routes, when the RSVP and LDP routes are flapping (firstly these routes are down and then up), the BGP route will be re-resolved, and then the rpd crash might be seen.
1460786 IPv6 Prefix might be hidden when received over IPv4 BGP session
 
When labeled-IPv6 and non-labeled IPV6 prefixes are received with the same protocol nexthop and the outgoing interface does not have MPLS family enabled, the IPv6 non-labeled route will be in inactive state and remains in hidden state.
1461980 The rpd might crash after committing dynamic-tunnel-anchor-pfe knob
 
On the MX platform, the rpd might crash if "dynamic-tunnel-anchor-pfe" is configured.
PR Number Synopsis Category:RPD route tables, resolver, routing instances, static routes
1412667 The L3VPN link protection doesn't work after flapping the CE facing interface
 
Provider Edge Link Protection in Layer 3 VPNs doesn't recover after flapped the CE facing interface.
1431227 IPv6 aggregate routes are hidden
 
IPv6 aggregate routes get hidden in the routing table until the rpd is restarted in some rare situations.
1442952 The rpd might crash with SRTE configuration change
 
In BGP segment routing traffic engineering (SRTE) scenario, process rpd might crash when knob "extended-nexthop-color" is added or removed from the BGP configuration.
1459384 The rpd memory leak might be observed on backup routing engine due to BGP flap
 
In a BGP scenario when certain routes are flapping frequently, it could lead to rpd memory leak on backup Routing Engine. The rpd might crash and restart once the rpd runs out of memory for certain junos releases.
PR Number Synopsis Category:jflow/monitoring services
1414568 The SRRD might crash when memory corruption occurs
 
The SSRD (sampling Route-Record Daemon) process may restarts when it can not allocate memory.
1439630 Sampling might return incorrect ASN for BGP traffic
 
In a BGP scenario with sampling enabled, incorrect ASN (autonomous system number) might be returned for the traffic originated from an internal prefix. This is because some AS paths and routes don't hold the latest information in the message buffers that srrd (sampling route-record daemon) uses to send to the clients.
PR Number Synopsis Category:SSL Proxy functionality on JUNOS
1430277 Memory issue due to SSL proxy whitelist or whitelist URL category.
 
The SSL proxy config object is not released when a session is using a particular configuration object and an update is received for the same configuration object. The old configuration object should be released when the session closes which is not happening.
PR Number Synopsis Category:MPC7/8/9 chassis issues
1437855 The chassisd might crash after enabling hash-key
 
On all Junos platforms, if hash-key is enabled under chassis, packets might be dropped due to chassisd crash, even packets on other FPCs which the hash-key is disabled.
PR Number Synopsis Category:Trio pfe stateless firewall software
1442868 Some duplicate flowtap filters are programmed after the restart of dynamic-flow-capture
 
On MX platform with MPC10/MPC11, after restart of dynamic-flow-capture, duplicate flowtap filters are programmed.
1442868 Some duplicate flowtap filters are programmed after the restart of dynamic-flow-capture
 
On MX platform with MPC10/MPC11, after restart of dynamic-flow-capture, duplicate flowtap filters are programmed.
PR Number Synopsis Category:Trio pfe l3 forwarding issues
1432724 Output traffic statistics may be incorrect with RE generated traffic
 
Statistics of traffic generated by the Routing Engine on the MX platform is incorrect. The 'Output bytes' counter is off by 6 bytes per packet for outbound traffic going out of MPC1E/2E/3E/4E/5E/6E interfaces. The same issue is not seen on the TurboTx path with linux based FPCs - MPC7E/8E/9E and PTX FPC3
PR Number Synopsis Category:Junos Automation, Commit/Op/Event and SLAX
1445917 Python op scripts executed as user "nobody" if started from NETCONF session, not as logged in user, resulting in failing PyEZ connection to the device.
 
When executed over Junos CLI, Python op script is started as a separate process with the same user as the user which started the script.However, when the python op script is started from NETCONF session, the script started as a process from user "nobody". If the script is using PyEZ session to connect to the device and execute RPC commands, it will return the following error from Pyez: ConnectError(host: None, msg: user "nobody" does not have access privileges.). This is fixed by executing with the python op script with the same user as the user from the NETCONF session which invoked op script. This means that the behavior from CLI and NETCONF sessions are the same.
PR Number Synopsis Category:UI Infrastructure - mgd, DAX API, DDL/ODL
1431198 Error might be observed when using a script to load-configuration
 
Multiple delete of a non existing config statements produces errors via rpc load-configuration.
1445651 Junos 19.2 group level use of wildcard <*>
 
In Junos 19.2R1 the use of wildcard <*> is not an available option at the group level of the Junos CLI. This issue will be fixed in Junos 19.2R2 and releases going forward.
PR Number Synopsis Category:VSRX platform software
1454553 19.3R1: vSRX3.0 does not support AWS c4.L
 
vSRX3.0 in 19.3R1 cannot be launched on a VM with total memory less than 4G bytes. Since AWS C4.L has total 3.75G, vSRX3.0 in 19.3R1 release does not support C4.L.
PR Number Synopsis Category:ZT pfe firewall software
1465153 MPC10E may crash due to inconsistencies during firewall filter add/delete operations
 
MPC10E may crash due to inconsistencies during firewall filter add/delete operations and result in traffic blackhole
1465153 MPC10E may crash due to inconsistencies during firewall filter add/delete operations
 
MPC10E may crash due to inconsistencies during firewall filter add/delete operations and result in traffic blackhole
Modification History:
First publication date 2019-12-01
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search