Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

19.2R1-S4: Software Release Notification for JUNOS Software Version 19.2R1-S4

0

0

Article ID: TSB17753 TECHNICAL_BULLETINS Last Updated: 19 Mar 2020Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, MX, EX, PTX, QFX, vMX, vRR, NFX, SRX, vSRX
Alert Description:
Junos Software Service Release version 19.2R1-S4 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 19.2R1-S4 is now available.

19.2R1-S4 - List of Fixed issues
PR Number Synopsis Category: EX2300/3400 platform
1477165 EX3400 me0 interface might remain down
Product-Group=junos
The me0 interface of EX3400 does not come up when connected to 100m speed interface.
PR Number Synopsis Category: Border Gateway Protocol
1396344 Processing a large scale as-path regex will cause the flap of the route protocols
Product-Group=junos
When 'as-path-group' is configured under BGP, if a configuration with a large scale as-path regex is committed, the route protocols flap might be seen.
1466734 The configured BGP damping policy might not take effect after BGP is disabled and then enabled followed by "commit"
Product-Group=junos
The configured BGP damping policy might not take effect when BGP is disabled and then enabled followed by a "commit" CLI, only the default damping policy is in effect. However, if the BGP is disabled and enabled followed by a "commit full" CLI then both default damping and configured damping policy are both in effect.
1473351 Removing cluster from BGP group might cause prolonged convergence time
Product-Group=junos
Cluster removal from BGP group might lead to a state where each subsequent change to BGP configuration will trigger import policy reevaluation causing prolonged convergence time of several minutes. This might result in a traffic loss.
1481589 The rpd process might crash with BGP multipath and route withdraw occasionally
Product-Group=junos
In BGP multipath scenario on all Junos platforms, if original active/best BGP multipath routes got flapped occasionally, some routes, which are changed from best routes to alternative now, are removed from the BGP multipath route list, but its multipath flag are not cleared, due to some temporarily incorrect route reorder in BGP. And when the currently active route got withdrawn for some reason, and the original best routes again become the best routes then rpd might hit an assert and crash.
1487691 High CPU utilization might be observed when the outgoing BGP updates are sending slowly
Product-Group=junos
On all Junos platforms with the BGP routing protocols, the rpd process might go into a high CPU utilization causing slow network convergence. If a BGP peer is receiving and processing BGP updates slowly, this may cause the BGP output queue of the sending BGP peer to be full. When the queue is full it causes high CPU utilization of the BGP IO thread (bgpio, it is part of the rpd daemon) on the sending BGP peer. This defect could cause network-wide slow BGP network convergence. (See also https://kb.juniper.net/TSB17725)
PR Number Synopsis Category: Cassis pfe microcode software
1459698 Traffic blackholing upon interface flap after DRD auto-recovery
Product-Group=junos
An interface stops forwarding traffic when MX software triggers a "DRD reorder timeout recovery" event follows by an interface flap on the same XMCHIP. When the logic is triggered, you will see a "cmtfpc_xmchip_drd_reorder_id_timeout_callback" message in the PFE syslog messages. This issue affects XM based MPCs (3E 4E 5E 6E 2E-NG 3E-NG).
PR Number Synopsis Category: OpenSSH and related subsystems
1454177 SSH login might fail if a user account exists in both local database and RADIUS or TACACS+
Product-Group=junos
SSH login from an automation tool to the Junos device might not be successful if the username is configured both as a local user and on remote RADIUS/TACACS server, and using authentication method 'password'.
PR Number Synopsis Category: Firewall Filter
1466698 An output bandwidth-percent policer with logical-bandwidth-policer applied to an AE bundle along with an output-traffic-control-profile has incorrect effective policing rate
Product-Group=junos
On MX platforms, for an AE bundle of at least two members hosted at two different FPCs, if the AE interface is with CoS output-traffic-control-profile of shaping-rate and with the output filter of policer with logical-bandwidth-policer and bandwidth-percent, the AE interface might have incorrect effective output policing rate.
PR Number Synopsis Category: Express PFE FW Features
1432116 The FPC might crash when a firewall filter is modified
Product-Group=junos
In QFX10K/PTX series platforms, if a firewall filter with multiple match conditions is configured on interfaces which are Up and the firewall filter is modified (either a new action is added or the condition is added/removed etc.), the FPC might crash and restart. It might affect the service/traffic.
1462634 The sample/syslog/log action in output firewall filter with packet of size less than 128 might cause ASIC wedge (all packet loss) on PTX platforms
Product-Group=junos
On PTX platforms, if output firewall filter is configured with sample/syslog/log action, the host interface might get wedged for packets with lengths 0-128 including Layer 3 headers.
PR Number Synopsis Category: PTX Express ASIC interface
1412126 PTX interface stays down after maintenance
Product-Group=junos
On PTX3000/PTX5000 linecard (QSFP28-100GBASE-LR4) interface may stay down after software upgrade. Issue is usually observed on links connected to another vendors equipment.
PR Number Synopsis Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip
1418192 The rpd process may crash if restarting the rpd or deactivating "logical-system"
Product-Group=junos
The rpd process might generate a core file when the user intentionally restarts the rpd or deactivates logical-system.
PR Number Synopsis Category: Kernel software for AE/AS/Container
1441772 On PTX/QFX AE outgoing traffic might be dropped after changes are made to AE
Product-Group=junos
On PE-chip based PTX/QFX platforms (including PTX1K/3K/5K/10K series, QFX10K series), if CoS IEEE-802.1 rewrite rule is configured and bound to the AE interface, traffic going out the AE interface might get dropped after changes are made to AE, due to nexthop install failure on ingress PFEs.
PR Number Synopsis Category: ISIS routing protocol
1455432 The rpd might crash continuously due to memory corruption in ISIS setup
Product-Group=junos
With ISIS configured and in a very rare case, memory corruption may occur, this may cause rpd crash continuously.
PR Number Synopsis Category: ISSU related issues for MMx
1476505 Dark window size is more than expected, lost 31.0872721524375 seconds of traffic
Product-Group=junos
In MX2K chassis with multiple line cards (XM and EA based) and SFB2 fabric, we may see a longer traffic drops in the order of 30 seconds depending on the number of line-cards in the chassis
PR Number Synopsis Category: PFE infra to support jvision
1456275 Queue data might be missing from path '/interfaces/interface/state'
Product-Group=junos
On subscribing to '/interfaces/interface/state/' it might get subscribed to '/junos/system/linecard/interface/traffic/' internally, instead of '/junos/system/linecard/interface/queue/' which might impact traffic.
PR Number Synopsis Category: Layer 2 Control Module
1469635 Memory leak on l2cpd process might lead to l2cpd crash
Product-Group=junos
On all Junos platforms with l2cpd (Layer-2 control protocols) daemon, committing configuration changes which are processed by l2cpd (e.g., flexible-vlan-tagging, stacked-vlan-tagging, vlan-tagging, family ethernet-switching) might cause marginally memory leak. Committing the l2cpd processed configuration changes in a successive manner might cause the memory resource exhaustion (Some operations have the same effect as the committing action, e.g., bouncing a vlan-tagged interface in a successive way). Eventually, it could result in the l2cpd process crash.
PR Number Synopsis Category: lldp sw on MX platform
1460347 Multiple leaf's and prefixe's missing when LLDP neighbor added after the streaming started at global level
Product-Group=junos
Many attributes are not notified as part of LLDP on-change event when a new neighbor is learnt
PR Number Synopsis Category: mc-ae interface
1447693 The l2ald might fail to update composite NH
Product-Group=junos
This is a timing issue where the l2ald receive underlay NH from rpd as part of LSI IFF ADD (VPLS core NH) and creates flood NH. Due to a flap at local IFL or core (VPLS etc.), the l2ald receives multiple LSI IFF Add and Delete in some order. In some sequence where rpd delete underlay NH from Kernel Forwarding table but the l2ald still create flood NH with this underlay NH, because IFF delete is yet to be received at the l2ald, so l2ald might fail to update Composite NH. This is generic L2 issue and can happen without mc-ae.
PR Number Synopsis Category: Multiprotocol Label Switching
1457681 The rpd crash may be observed with traceoption enabled in MPLS
Product-Group=junos
On all Junos platforms, If the traceoption is enabled in MPLS and SNMP polling is going on, and during route lookup match a given route which one is neither router next-hop nor chain next-hop, then rpd crash may be observed. The rpd crash may cause all the routing protocols adjacencies to be reestablished.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1439906 FPC might reboot if jlock hog occurs on all Junos VM based platforms
Product-Group=junos
On a JUNOS VM using TSC clocking from the host system, "jlock hog" messages may be seen. This may lead to FPCs reboot.
PR Number Synopsis Category: IPv6/ND/ICMPv6 issues
1439844 DHCPv6 relay binding is not up when integrated routing and bridging(IRB) interface enabling DHCPv6 Snooping and Neighbor Discovery Inspection (NDI) simultaneously on EX9200
Product-Group=junos
In DHCPv6 relay scenario, when DHCPv6 snooping and NDI enable simultaneously on IRB interface on EX9200, DHCPv6 relay binding is not up.
PR Number Synopsis Category: Kernel socket data replication issues for protocols that use
1472519 The kernel may crash and vmcore may be observed after configuration change is committed
Product-Group=junos
On all Junos platforms, after committing the configuration change (e.g. removal of protocols like mpls, isis, ldp from the interfaces), then the kernel may crash and vmcore may be observed. This issue also may cause protocol adjacency failure.
PR Number Synopsis Category: OSPF routing protocol
1452118 The TI-LFA backup path for adj-sid is broken in OSPF
Product-Group=junos
The TI-LFA (Topology-Independent Loop-Free Alternate) backup path for adj-sid is broken in OSPF where the shortest path to the node opposite the adj-sid is not the one hop path over the interface indicated by the adj-sid. If the backup path is broken when the primary path fails, it will cause traffic loss.
PR Number Synopsis Category: PE based L3 software
1434567 IPv6 neighbor solicitation packets getting dropped on PTX
Product-Group=junos
In IPv6 scenario on PTX platforms (including PTX3K/5K with FPC3, PTX1K, PTX10K), when a parity error which is due to hardware error occurs on FPC, the neighbor solicitation (NS) packets might get dropped. It will cause IPv6 neighbor discovery failure, and no relevant alarms or logs are reported during the issue.
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1465302 The physical interface of AE (Aggregated Ethernet) might take time to come up after disable/enable
Product-Group=junos
On Junos platforms, the physical interface of AE might come up after a long delay (4 mins) if there are millions of bgp routes learnt on the device. This delay is happening because PFE Manager thread is busy processing the routing updates from RE. These routing updates are the result of AE interface going down at the first step of disabling the interface.
1480480 The remaining interface may be still in downstate even the number of channelized interfaces is no more than 5
Product-Group=junos
On the QFX5210-64C platforms, after reverting the number of channelized interfaces less than 6 per pipe, the remaining interfaces of the pipe may have a chance to be still in downstate, the expected behaviour is the port to be up automatically after the above changes.
1480480 The remaining interface may be still in downstate even the number of channelized interfaces is no more than 5
Product-Group=junosvae
On the QFX5210-64C platforms, after reverting the number of channelized interfaces less than 6 per pipe, the remaining interfaces of the pipe may have a chance to be still in downstate, the expected behaviour is the port to be up automatically after the above changes.
PR Number Synopsis Category: QFX PFE Class of Services
1476829 QFX Platforms are exhibiting invalid PFE PG counter pairs to copy, src 0xfffff80, dst 0
Product-Group=junos
On QFX Series Switches the following logs might be displayed as a result of polling class of service related SNMP OIDs. These messages might eventually lead to interface counters not being populated properly. There is no other impact from these messages. Nov 19 07:00:07 switch kernel: et-0/0/33: invalid PFE PG counter pairs to copy, src 0xfffff8012285d720, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/36: invalid PFE PG counter pairs to copy, src 0xfffff800076df570, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/37: invalid PFE PG counter pairs to copy, src 0xfffff8012285d750, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/40: invalid PFE PG counter pairs to copy, src 0xfffff800076df480, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/44: invalid PFE PG counter pairs to copy, src 0xfffff800255374e0, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/45: invalid PFE PG counter pairs to copy, src 0xfffff800076df420, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/46: invalid PFE PG counter pairs to copy, src 0xfffff800076de390, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/47: invalid PFE PG counter pairs to copy, src 0xfffff800076df210, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/48: invalid PFE PG counter pairs to copy, src 0xfffff800076dff30, dst 0
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1441438 For a route received via EBGP the AIGP value may not be considered as expected
Product-Group=junos
This issue is related to BGP AIGP (accumulated IGP) feature. Normally, with AIGP enabled, BGP can select paths based on IGP metrics. This enables BGP to choose the shortest path between two nodes, even though the nodes might be in different ASs. But in some scenario where the same route is received from both IBGP and EBGP (the AIGP attribute is carried), the nexthop received over EBGP might not be resolved using the AIGP value. It means during the best-route selections, if the devices have to do tie-break in AIGP step then it may not work as expected. Thus the traffic might not go through the expected path.
1441550 The rpd may crash or consume 100% of CPU after flapping routes
Product-Group=junos
When flapping the existed flood nexthop type routes, it may cause rpd crash or consume 100% of CPU. This issue may cause routing protocols sessions/neighbors flap or traffic loss.
PR Number Synopsis Category: RPD policy options
1433615 Policy matching RD changes next-hop of the routes which do not carry RD
Product-Group=junos
If a policy-option with only conditions "from route-distinguisher" and "then next-hop a.b.c.d" is applied to BGP, the next hop for routes in the inet.0 might be set to this next hop a.b.c.d, even though these routes do not carry any route-distinguisher value (l3vpn.inet.0 is unaffected).
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1471968 The rpd might crash when both instance-import and instance-export policies containing "as-path-prepend" action
Product-Group=junos
On all Junos platforms, when an internally route-leaking between routing-instances using instance-import and instance-export policies and both policies containing "as-path-prepend" actions, if this as-path is referred by some route, the rpd might crash after these route change/delete (e.g. clearing bgp neighborship, changing BGP/policy config, etc.).
PR Number Synopsis Category: Resource Reservation Protocol
1445994 Traffic blackhole likely if two consecutive PLRs along the LSP perform local repair simultaneously under certain mis-configured conditions
Product-Group=junos
In RSVP environment with link or node protection deployed, if two consecutive PLRs (point of local repair) along the LSP perform local repair simultaneously and if backup LSP signaling between the downstream PLR & MP (merge point) pair fails due to any reason, then the backup LSP signaling between the upstream PLR & MP pair also does not succeed. Then due to a software defect the upstream PLR does not correctly clean up the LSP state and continues to send traffic into the backup LSP, resulting in traffic blackhole at the downstream PLR.
1476773 RSVP LSPs might not come up in scaled network with very high number of LSPs if NSR is used on transit router
Product-Group=junos
If NSR is enabled on transit router with scaled RSVP LSPs, RESV message might not be sent from transit router because the path messages replication on master RE does not complete in time. Hence RSVP LSPs might not come up with traffic impact.
PR Number Synopsis Category: RPD API infrastructure
1481953 The rpd may crash when executing "show route protocol l2-learned-host-routing" or "show route protocol rift" CLI command on a router
Product-Group=junos
On all Junos platforms, executing the CLI command of "show route protocol l2-learned-host-routing" or "show route protocol rift" on a router may cause the rpd crash if there is an active route in bgp.rtarget.0 routing table.
PR Number Synopsis Category: RPM and TWAMP
1434740 TWAMP session keep pending state when co-operate with non-Juniper device
Product-Group=junos
When Juniper device co-operate with non-Juniper device on TWAMP feature, two sides will keep pending state because of different timeout format.
PR Number Synopsis Category: PTX5000 Platform including chassisd, RE, CB, power management
1471178 A PTX5K SIB3 might fail to come up in slot 0 and/or slot 8 when RE1 is master.
Product-Group=junos
A PTX5K SIB3 might fail to come up in slot 0 and/or slot 8 when RE1 is master.
PR Number Synopsis Category: All PRs related to platform SRX5XX
1459037 SRX branches device might not be reachable when initiating offline command for PIC
Product-Group=junos
For the SRX branches, the device might not be reachable when offline command is initiated for the PIC (request chassis fpc offline slot xx). It is related to the behaviour of broadcom SDK version 6.5.x.
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1426727 Some CFM and BFD sessions might flap while collecting MPLS statistics
Product-Group=junos
On Junos-based platform with MPLS and MPLS statistics enabled as well as a CFM or BFD, when CFM with continuity-check interval less than 1000ms (e.g. 100ms) or BFD with minimum-interval less than 1000ms (e.g. 100ms), during the periodic MPLS statistics collection if there are a large number of next-hops (several thousand) related to MPLS forwarding, the transmission of the periodic CFM or BFD protocol packet may be delayed. It may cause some CFM or BFD sessions to expire on the remote side of the session due to timeout, which can further result in traffic drop due to CFM/BFD flapping.
PR Number Synopsis Category: Trio pfe microcode software
1409626 LACP DDOS policer is incorrectly triggered by other protocols traffic on all EX92XX/T4000 and MX platforms
Product-Group=junos
DDOS policer for LLDP/MVRP/Provider MVRP/dot1X is incorrectly identified as LACP DDOS violation on EX92xx/T4000 and MX series platforms. Issue can appear whenever there is an overflow of traffic from any of these protocols and triggers DDOS for LACP rather than the actual protocol.
PR Number Synopsis Category: Authentication, Authorization, Accounting, PAM (RADIUS/tacplus)
1478959 SSH login may hang and the TACAS plus server closes the connection without sending any authentication failure response
Product-Group=junos
On all Junos platforms, the SSH login session may hang if Junos device is sending an authentication request to the TACACS plus server with an incorrect secret and the TACAS plus server closes the connection without sending any authentication response.
PR Number Synopsis Category: Junos Automation, Commit/Op/Event and SLAX
1461021 Modifying the REST configuration might cause the system to become unresponsive
Product-Group=junos
When Representational State Transfer (REST) service configuration is modified, for example the REST service is configured and then deleted for multiple times, the system might become unresponsive, even to SSH and console. This issue has service impact.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1464439 The CPU utilization on mgd daemon might be stuck at 100% after the netconf session is interrupted by flapping interface
Product-Group=junos
If a netconf session is initiated over inband connection, the CPU utilization on mgd daemon might be stuck at 100% after the netconf session which is executing an RPC call for some commands gets interrupted by flapping interface. There is no impact observed to control-plane or forwarding-plane, the subsequent netconf session will continue to function.
PR Number Synopsis Category: PTX/QFX100002/8/16 platform software
1464119 FPC might restart during run time on PTX10K/QFX10K platforms
Product-Group=junos
On PTX10K/QFX10K platforms, FPC might restart if there is some corruption in BCM (Broadcom) switch (a small internal ethernet switch, instead of PFE engine) inside the FPC. It is a timing issue. The reason is that the PCIe speed configuration for BCM switch is not correct. And this issue is resolved in some FPC U-boot versions.
 
Modification History:
First publication 2020-03-19
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search