Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

19.3R2-S3: Software Release Notification for JUNOS Software Version 19.3R2-S3

0

0

Article ID: TSB17806 TECHNICAL_BULLETINS Last Updated: 16 Jun 2020Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VMX, VRR, and VSRX platforms
Alert Description:
Junos Software Service Release version 19.3R2-S3 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 19.3R2-S3 is now available.

19.3R2-S3 - List of Fixed issues

PR Number Synopsis Category: Marvell based EX PFE L2
1452738 The l2ald and eventd are hogging 100% after issuing "clear ethernet-switching table" command
Product-Group=junos
The l2ald and eventd processes are hogging 100% after "clear ethernet-switching table" command is issued and also the continuous syslog errors "l2ald[18605]: L2ALD_IPC_MESSAGE_INVALID: Invalid message received (message type 0, subtype 0): null message" are observed.
PR Number Synopsis Category: NFX Series Platform Software
1459885 VMhost mapping changes for a particular NIC should be done by first deleting the vmost mapping and then configuring the new mapping
Product-Group=junosvae
On NFX150 devices, when you need to change the vmhost mappings of a particular NIC or NICs, you must delete the existing vmhost mapping and commit the configuration. Now you can configure the new mappings for the respective NICs. You cannot change the NIC vmhost mappings in the same commit to delete and add a new mapping to the heth NICs.
PR Number Synopsis Category: QFX PFE L2
1481031 Connectivity is broken through LAG due to members configured with hold-time and force-up
Product-Group=junos
Connectivity through link aggregation group bundle could break after there is a flap event on the physical ports when one physical member interface is configured with hold-time and the other member interface is having LACP force-up feature configured.
1499422 The FPC will go down when 100G link comes up on the network port of the QFX5110-48S device
Product-Group=junos
On the QFX5110-48S device running on Junos 19.3R2-S2, 18.2R3-S3 or 18.2R3-S4, the FPC will go down when the 100G link comes up on the network port. This leads to FPC up and down every 90 seconds. During the problem state running CLI "show chassis fpc detail" will not yield any output for upto 90sec. user@device> show chassis fpc detail. <-------- Empty Once FPC state transition back to online state, the 100G transceivers gets detected and fpc flap is seen again. This behavior is seen continuously as long as 100G transceivers remain connected to the QFX device in question. If 100G interfaces gets disabled from CLI or physically removed from the QFX switch, the FPC flap will no longer be seen. Note: This issue is not applicable when 100G-QSFP is used as a VCP port on QFX5110-48S.
PR Number Synopsis Category: Border Gateway Protocol
1487893 The process rpd may generate soft cores after "always-compare-med" is configured for BGP path-selection
Product-Group=junos
If a manually configured RIB group or an automatically generated RIB group (through "family inet labeled-unicast resolve-vpn") is used to copy inet.0 (IP routing table) routes to inet.3 (MPLS routing table), the rpd process might continuously generate soft core files after "protocols bgp path-selection always-compare-med" is configured.
PR Number Synopsis Category: QFX xSTP Control Plane related
1475854 NFX350: when xSTP protocols are enabled on 'interface all', it would run on 'vlan-tagging'/'flexible-vlan-tagging' l3 interfaces as well leading to blocking of sxe interface.
Product-Group=junos
If any xSTP protocol is enabled on interface all, it gets enabled on l3 interfaces which are enabled with 'vlan-tagging'/'flexible-vlan-tagging'. So, if you have a config like below, where sxe and l3 vlan-tagged interface is part of same BD, it would lead to loop, resulting in blocking of sxe interface. set interfaces sxe-0/0/0 unit 0 family ethernet-switching vlan members 100 set interfaces ge-1/0/1 vlan-tagging set interfaces ge-1/0/1 unit 100 vlan-id 100 set interfaces ge-1/0/1 unit 100 family inet address 100.100.100.100/24 set vmhost virtualization-options interfaces ge-1/0/1 mapping interface hsxe0
PR Number Synopsis Category: Device Configuration Daemon
1467855 When Configure ESI on a physical interface, traffic drop will be seen if disabling logical interface under physical interface.
Product-Group=junos
When EVPN setup in MPLS Active/Active (A/A) or VxLAN A/A enviroment, if Ethernet Segment Identifier (ESI) is configured on a physical interface (IFD) of multi-homed PE, Designated Forwarder (DF) election will not happen when the logical interface (IFL) under the IFD disabled. At a result, this issue will cause traffic drop.
PR Number Synopsis Category: EVPN control plane issues
1485377 The ARP entry is gone from kernel after adding and deleting the virtual-gateway-address
Product-Group=junos
On MX/QFX10002/QFX10008/QFX10016 devices within an EVPN-MPLS active-active multi-homing mode, when adding and deleting the virtual-gateway-address, the ARP entry to CE might disappear from the kernel.
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1484296 Dead next-hops might flood in a rare scenario after remote PEs are bounced
Product-Group=junos
On all Junos platforms with EVPN-MPLS scenario, due to a timing condition, dead next-hops might flood after remote PEs are bounced. This will affect BUM traffic flooding to remote EVPN PEs.
PR Number Synopsis Category: ISSU related issues for MMx
1476505 Traffic drop might be observed while performing ISSU on MX2020/MX2010/MX960 platforms
Product-Group=junos
On MX2020/MX2010/MX960 platforms, a traffic loss during the ISSU procedure might be observed, and the duration of traffic loss can be 30 seconds or more, it depends upon the number of FPCs in chassis.
PR Number Synopsis Category: Flow Module
1507865 SOF asymmetric scenario not working phase-1 solution
Product-Group=junos
In the previous design, if SPU receives a packet from a different NP then route gives. (For example, SPU receives a packet from NP#2, while route shows the packet should come in from NP#1). Then we will convert the SOF session to normal session. And all the following packets will be processed at SPU. After this change, if SPU receives a packet from a different NP then route gives. We will install NP SOF session to the NP where the packets come from. (For example, if route shows the packet should come in from NP#1, however, packets come in from NP#2, we will install NP SOF session to NP#2.) And we will switch NP SOF session to the NP where the packets come from if they come in a different NP after sometime. (For example, if at the beginning, packets from in from NP#2, we will install NP SOF session to NP#2. After several minutes, due to upstream device route change, packets start to come in from NP#3. Then we will delete NP SOF session from NP#2, and install NP SOF session to NP#3). However, if packets come in from different NPs at the same time. Due to sequence check cannot be performed at more than 1 NP, we will convert the SOF session to normal session. (For example, if packets come in from NP#2 and NP#3 at the same time, due to NP#2 and NP#3 cannot share packet sequence number, we will convert the SOF session to normal session, and all the following packets will be processed at SPU.)
PR Number Synopsis Category: JSR Infrastructure
1503636 SRX1500 factory default configuration have ge-0/0/0 and ge-0/0/15 are set with family inet dhcp
Product-Group=junosvae
SRX1500 factory default configuration have ge-0/0/0 and ge-0/0/15 are set with family inet dhcp
PR Number Synopsis Category: Security platform jweb support
1499280 Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services
Product-Group=junos
Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services (CVE-2020-1631). Refer to https://kb.juniper.net/JSA11021 for more information.
PR Number Synopsis Category: PFE infra to support jvision
1456275 Queue data might be missing from path '/interfaces/interface/state'
Product-Group=junos
On subscribing to '/interfaces/interface/state/' it might get subscribed to '/junos/system/linecard/interface/traffic/' internally, instead of '/junos/system/linecard/interface/queue/' which might impact traffic.
PR Number Synopsis Category: Platform infra to support jvision
1497343 The MPC10E line card might restart with sensord crash on it due to a timing issue
Product-Group=junos
The sensord daemon along with the sensor of "/junos/system/cmerror/configuration" is enabled by default on MPC10E no matter Junos Telemetry Interface (JTI) is configured or not. There is a use-after-free issue during processing CMError configuration data in sensord, which is a timing issue. This issue could cause sensord to crash and the related MPC10E line card to restart.
PR Number Synopsis Category: Label Distribution Protocol
1473846 JDI-RCT:M/Mx: errors continuously flooding in backup RE ( JTASK_IO_CONNECT_FAILED: RPDTM./var/run/rpdtmd_control: Connecting to 128.0,255.255,255.255,0.0.0.0,0.0.0.0, failed: No such file or directory )
Product-Group=junos
JDI-RCT:M/Mx: errors continuously flooding in backup RE ( JTASK_IO_CONNECT_FAILED: RPDTM./var/run/rpdtmd_control: Connecting to 128.0,255.255,255.255,0.0.0.0,0.0.0.0, failed: No such file or directory )
PR Number Synopsis Category: vMX Platform Infrastructure related issue tracking
1491662 VFP VM becomes unresponsive following reboot of vMX
Product-Group=junos
In the XL710/X710 network interface cards (NIC) is used with the performance mode vMX scenario, the NIC driver is loaded to figure out NIC speed-related information on every restart or reboot of vMX. If the virtual forwarding plane (VFP) VM is continuously restarted, the NIC driver might be loaded repeatedly, it might cause the memory corruption which might lead VFP VM to become unstable, after that, the traffic loss might happen on VFP VM.
PR Number Synopsis Category: QFX PFE Class of Services
1476829 QFX Platforms are exhibiting invalid PFE PG counter pairs to copy, src 0xfffff80, dst 0
Product-Group=junos
On QFX Series Switches one may see "invalid PFE PG counter pairs" errors might be displayed as a result of polling class of service-related SNMP OIDs. These messages might eventually lead to interface counters not being populated properly.
PR Number Synopsis Category: KRT Queue issues within RPD
1463302 MVPN traffic might be dropped after performing switchingover
Product-Group=junos
When multicast virtual private network (MVPN) and nonstop active routing (NSR+GRES ) configured, doing several consecutive switchovers after routing-instance (RI) removal/add might cause kernel routing table (KRT) to get stuck. MVPN routes could not be successfully installed into MVPN routing instance causing service disruption.
PR Number Synopsis Category: SNMP Infrastructure (snmpd, mib2d)
1497841 snmpv3 informs not working after restart
Product-Group=junos
snmpv3 informs not working after restart
PR Number Synopsis Category: platform related PRs on SRX branch platforms
1465199 Static route through dl0.0 interface is not active.
Product-Group=junos
On SRX320,SRX345 or SRX550m platforms with LTE Mini-PIM module installed, if configure a static route with the gateway IP address of d10 as next-hop and default route is configured, all traffic destined for the static route will fail to transmit to dl0 interface.
1496650 CSO 5.2 : ZTP : Phone client crash seen while doing SRX345 ZTP with CSO
Product-Group=junos
Phone Home client application may crash when no activation code or invalid activation code is entered and connection between phone home client and server is not stable during activation.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1488251 MAC learning under bridge-domain stops after MC-LAG interface flap
Product-Group=junos
MAC learning under bridge-domain over MC-LAG interface stops after MC-LAG interface flap
PR Number Synopsis Category: VSRX platform software
1499092 NFX250 cluster -> GWR upgrade failed from 15.1X49D172.1 to 19.3R2-S2.1 image
Product-Group=junos
NFX250 cluster -> GWR upgrade failed from 15.1X49D172.1 to 19.3R2-S2.1 image
PR Number Synopsis Category: Unified Services Framework
1491540 Multiple deactivating/activating security traceoptions along with clear single NAPT44 session might result in the flowd crash
Product-Group=junos
Multiple deactivating/activating security traceoptions along with clear single NAPT44 session might result in the flowd crash and generate the flowd core. When flowd crashes, it may cause temporary traffic interruption until the flowd process restored automatically.
 

19.3R2-S3 - List of Known issues

PR Number Synopsis Category: Flow Module
1465944 Junos OS: High-End SRX Series: Multicast traffic might cause all FPCs to reset. (CVE-2020-1634)
Product-Group=junos
On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core. Refer to https://kb.juniper.net/JSA11014 for more information.
PR Number Synopsis Category: Layer 2 Control Module
1505710 The l2cpd crash might be seen if adding/deleting ERP config and then restart l2cpd
Product-Group=junos
Core files are generated if you add or delete ERP configuration multiple times and restarted l2cpd or rebooted the box. If this issue is happened, l2cpd does not recover again and generates core file continuously.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1484468 Packet loss might be observed after device rebooted or l2ald restarted in EVPN-MPLS scenario
Product-Group=junos
In EVPN-MPLS scenario, if the core-facing interface (mpls interface) and the CE-facing interface are on different PEs, and the traffic from core is not continuous and DMAC (Dynamic MAC) ages out, due to an incorrect flood next-hop programming across different PFEs, packet loss might be observed after device rebooted or l2ald restarted.
PR Number Synopsis Category: nano platform software
1477924 Observed messages "spmb0 cmty_sfb_temp_check: sfb[0] is powered OFF" & "spmb0 cmty_sfb_voltage_check_one: sfb[0] is powered OFF" are flooding even though SFBs are online in mx2010
Product-Group=junos
With JUNOS 19.3R2 and higher, syslogs such as "spmb0 cmty_sfb_temp_check: sfb[0] is powered OFF" & "spmb0 cmty_sfb_voltage_check_one: sfb[0] is powered OFF" are flooding even though SFB2s are online in MX2008/MX2010/MX2020
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1510224 Issuing the CLI command "request system zeroize" or upgrade on EX2300 may cause the console unresponsive
Product-Group=junos
Issuing the CLI command "request system zeroize" or upgrade on EX2300 may cause the console unresponsive.
PR Number Synopsis Category: QFX platform optics related issues
1436286 LASER TX remained enabled while interface is disabled using the Routing Engine CLI configuration.
Product-Group=junos
On QFX10008 and QFX10016 platforms with QFX10000-60S-6Q line card, the laser is still emitting while the interface is disabled using the RE CLI config. It will cause the peer's interface is still up and might impact traffic.
PR Number Synopsis Category: QFX L2 PFE
1500825 On QFX5100, ERPS may not work correctly
Product-Group=junos
On QFX5100, ERPS may not work correctly on branch which as 1473610 fix, due to stp instance programming failure in hardware.
PR Number Synopsis Category: MX10003/MX204 Platform SW - Chassisd s/w defects
1406952 MX10003 / MX204 cosmetic message: ALARMD_CONNECTION_FAILURE: after 60 attempts craftd connect returned error: Connection refused
Product-Group=junos
MX10003 / MX204 platform doesn't have craftd process but alarmd keeps on retrying to connect to it. As the connection keeps failing, alarmd logs error message for first 10 minutes. Later it keeps re-trying the connection attempt silently and endlessly every one second. Removing this connection attempt from alarmd process for unsupported platforms.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1505465 Traffic convergence failed with ICL failure case
Product-Group=junos
LACP state machine will not converge to CD on peer device, because of this, traffic drop is seen on DUT.
PR Number Synopsis Category: DDos Support on MX
1459605 ddos-protection doesn't stop logging when remote tracing enabled
Product-Group=junos
With ddos-protection enabled, ddos violation set/clear message will be logged into /var/log/messages by default. set system ddos-protection protocols icmp aggregate bandwidth 50 set system ddos-protection protocols icmp aggregate burst 50 set system ddos-protection protocols icmp aggregate recover-time 30 Sep 9 05:20:32.373 2019 router jddosd[17556]: %DAEMON-4-DDOS_PROTOCOL_VIOLATION_SET: Warning: Host-bound traffic for protocol/exception ICMP:aggregate exceeded its allowed bandwidth at fpc 1 for 6 times, started at 2019-09-09 05:20:31 UTC Sep 9 05:21:06.414 2019 router jddosd[17556]: %DAEMON-4-DDOS_PROTOCOL_VIOLATION_CLEAR: INFO: Host-bound traffic for protocol/exception ICMP:aggregate has returned to normal. Its allowed bandwith was exceeded at fpc 1 for 6 times, from 2019-09-09 05:20:31 UTC to 2019-09-09 05:20:36 UTC In case that remote tracing is enabled to send out trace log, ddos violation log should also be sent out to remote. set system tracing destination-override syslog host 10.10.10.10 However, sometimes the local logging will still be observed even with remote tracing enabled. That is because ddos-protection daemon only reads logging setting at daemon start. With the fix, the behavior will be changed to read logging setting in every commit.
Modification History:
2020-06-16 First Publication
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search