Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

19.4R1-S2: Software Release Notification for JUNOS Software Version 19.4R1-S2

0

0

Article ID: TSB17807 TECHNICAL_BULLETINS Last Updated: 18 Jun 2020Version: 3.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, SRX, VRR, and VMX
Alert Description:
Junos Software Service Release version 19.4R1-S2 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 19.4R1-S2 is now available.

NOTE: NFX platforms are not supported in JUNOS version 19.4R1-S2

19.4R1-S2 - List of Fixed issues

PR Number Synopsis Category: QFX PFE L2
1441186 MAC learning might not work correctly on QFX5120
Product-Group=junosvae
On QFX5120, after deleting and reapplying configuration multiple times, MAC learning might not work correctly. It is a rare issue.
PR Number Synopsis Category: Layer 3 forwarding, both v4+v6
1485315 FPC might crash on ACX5448 platform
Product-Group=junos
On ACX5448 platform, Flexible PIC Concentrator (FPC) might crash during programming IP prefix on Packet Forwarding Engine (PFE) level.
PR Number Synopsis Category: Covers Application classification workflows apart from custo
1478608 The nsd process pause might be seen during device reboots if dynamic application groups are configured in policy.
Product-Group=junos
On SRX platforms, during reboot in some cases, the nsd daemon might crash if dynamic application groups are configured in policy. It might affect the APPID feature/service. The APPID feature identifies applications as constituents of application groups in TCP/UDP/ICMP traffic.
PR Number Synopsis Category: Security platform jweb support
1499280 Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services
Product-Group=junos
Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services (CVE-2020-1631). Refer to https://kb.juniper.net/JSA11021 for more information.
PR Number Synopsis Category: Platform infra to support jvision
1475036 Memory leak leading to MPC10E line card restart
Product-Group=junos
The "sensord" daemon on MPC10E linecards leaks memory at a rapid rate. The memory leak results in total memory exhaustion. Consequentially, all control traffic transiting all PFEs on the MPC10E stalls. Shortly after this stall the MPC10E may restart. If the MPC10E restarts there will be no core dump recorded. The rate of memory leak varies depending on the number of populated optics in the MPC10E and on the number of MPCs installed in the system. Typically the MPC10E will restart in this manner after 15 days of operation. [TSB17705]
1497343 The MPC10E line card might restart with sensord crash on it due to a timing issue
Product-Group=junos
The sensord daemon along with the sensor of "/junos/system/cmerror/configuration" is enabled by default on MPC10E no matter Junos Telemetry Interface (JTI) is configured or not. There is a use-after-free issue during processing CMError configuration data in sensord, which is a timing issue. This issue could cause sensord to crash and the related MPC10E line card to restart.
PR Number Synopsis Category: MPC11 ULC fabric software related issues.
1503605 MPC11 is not supported in 19.4 release
Product-Group=junos
MPC11 is not supported in 19.4 release
PR Number Synopsis Category: Category for tracking Olympus-MX issues
1472287 Junos VMhost upgrades might fail on MX240/MX480/MX960 platforms with NG-RE installed and USF mode enabled
Product-Group=junos
On multicore Next-Generation Routing Engines on MX240/MX480/MX960 platforms with USF (Universal Services Framework) mode enabled and USF based services configuration, subsequent Junos VMhost upgrade might fail with an error. The reason is that the NG-RE never support verification of optional packages, but as a feature, USF requires such verification as a necessity because USF is added as an optional package (feature). USF is a common services architecture for Router based services and the Security services. All the services/plugins from mspmand will be ported onto flowd to achieve this functionality.
PR Number Synopsis Category: vMX Platform Infrastructure related issue tracking
1491662 VFP VM becomes unresponsive following reboot of vMX
Product-Group=junos
In the XL710/X710 network interface cards (NIC) is used with the performance mode vMX scenario, the NIC driver is loaded to figure out NIC speed-related information on every restart or reboot of vMX. If the virtual forwarding plane (VFP) VM is continuously restarted, the NIC driver might be loaded repeatedly, it might cause the memory corruption which might lead VFP VM to become unstable, after that, the traffic loss might happen on VFP VM.
PR Number Synopsis Category: PTP related issues.
1442665 The interface may go into admin down state after FPC restart with PTP configuration enabled
Product-Group=junos
In JunOS PTP deployment, when configuring the AE child interface in the protocol PTP and after performing FPC restart, all of the interfaces on that FPC may be brought to admin down.
PR Number Synopsis Category: QFX PFE Class of Services
1476829 QFX Platforms are exhibiting invalid PFE PG counter pairs to copy, src 0xfffff80, dst 0
Product-Group=junos
On QFX Series Switches one may see "invalid PFE PG counter pairs" errors might be displayed as a result of polling class of service-related SNMP OIDs. These messages might eventually lead to interface counters not being populated properly.
PR Number Synopsis Category: Resource Reservation Protocol
1469567 Fast reroute detour next-hop down event might cause primary LSP down in particular scenario
Product-Group=junos
In detour protection scenario (Fast-reroute enabled in LSP) in which the incoming detour LSPs that arrives on the primary next-hop merge with the locally originated detour LSP, sometimes after detour LSP next-hop down event the node incorrectly chooses the primary nhop (next hop) as the detour nhop, as a result it could cause brief traffic loss (a few seconds).
PR Number Synopsis Category: SW PRs for SCBE3 fabric
1491968 FPCs might stay down or restart when swapping MPC7/8/9 with MPC10/11 or vice versa in the same slot
Product-Group=junos
In MX240/MX480/MX960 routers with SCB3E or MX2010/2020 with SFB3 scenario, if MPC7E/8E/9E is swapped with MPC10E/11E each other or vice versa in the same slot, the different encoding mode between two MPCs might cause SCB3E/SFB3 to not change the mode gracefully according to the new MPC type inserted. This causes fabric destination errors which can trigger fabric healing mechanisms and cause system-wide impact due to fabric planes and FPCs getting reset. [TSB17748]
PR Number Synopsis Category: Configuration mgmt, ffp, load-action, commit processing
1499265 The commit check might fail when adding IFL into a routing-instance which having no-normalization knob enabled under routing-instances stanza
Product-Group=junos
Due to the change in PR 1433542 (which is fixed in 18.3R3 18.4R3 19.1R2 19.2R2 19.3R1), if no-normalization knob is enabled under routing-instances stanza for a routing-instance, the commit check will fail after adding the logical interface (IFL) with any of the following knob into this routing-instance or adding any of the following knob into an existing IFL in this routing-instance. "vlan-id all", "vlan-id inner-all", "input-vlan-map", "output-vlan-map", "vlan-id-list", "vlan-id-range", "vlan-tags inner-list", "vlan-tags inner-range". Before the change in PR 1433542, these kinds of configuration could be committed successfully. So, this issue could affect the upgrade from a release without PR 1433542 to a release with PR 1433542 if these kinds of configuration have already been in configuration file before upgrade.
PR Number Synopsis Category: ZT pfe l3 forwarding issues
1473079 Some routes might not be installed into the FPC after it gets restarted
Product-Group=junos
On MX series routers, if the Flexible PIC Concentrator (FPC) restarts during the initial route download, some routes might not get installed into the AFT based card(MPC10 onward on MX devices). This issue is seen after the FPC comes up and any route that had changed during route download will come to PFE as a change route message. As that route is not yet installed, PFE will not be able to find that route and returns error saying "unable to find route entry to change".
1485942 MPC10E installed in FPC slot4 might drop host outbound traffic
Product-Group=junos
In the subscription management personality, if MPC10E is installed in FPC slot 4, it will not be initialized correctly. This can cause host outbound traffic getting dropped at the remote peer with destination address reject and protocol flaps. This is only applicable for JunOS version 19.4R1.
PR Number Synopsis Category: usf nat related issues
1469613 [USF-SPC3][USF-NAT]USF-SPC3:NAT: nsd core happens after committing the configuration successfully, if destination nat rule matches '0.0.0.0/X' destination address.
Product-Group=junos
If nat destination rule specifies any IPv4 address as in 0.0.0.0/0, then this core will now not happen. PRior to this fix, the core happens after config commit.
PR Number Synopsis Category: Unified Services Framework
1491540 Multiple deactivating/activating security traceoptions along with clear single NAPT44 session might result in the flowd crash
Product-Group=junos
Multiple deactivating/activating security traceoptions along with clear single NAPT44 session might result in the flowd crash and generate the flowd core. When flowd crashes, it may cause temporary traffic interruption until the flowd process restored automatically.
 

19.4R1-S2 - List of Known issues

PR Number Synopsis Category: Junos Fusion Infrastructure
1454335 SDPD core found @ vfpc_all_eports_deletion_complete vfpc_dampen_fpc_timer_expiry
Product-Group=junos
SDPD core found @ vfpc_all_eports_deletion_complete vfpc_dampen_fpc_timer_expiry on following triggers 1) Delete and add same SD device with some attribute change in single commit 2) Interchange slot id between two SD devices in single commit
PR Number Synopsis Category: Device Configuration Daemon
1477084 A stale IP address might be seen after a specific order of configuration changes under logical-systems scenario
Product-Group=junos
On all Junos platforms with logical-systems setup, a local IP address may not be cleaned properly and become stale after a specific order of configuration changes as follows. This defect is found in 19.4R1 onwards. { set logical-systems JNPR interfaces ge-0/0/0 unit 0 family inet address 10.10.10.1/24 commit deactivate logical-systems JNPR interfaces ge-0/0/0 unit 0 family inet set interfaces ge-0/0/0 unit 0 family inet address 10.10.10.10/24 commit }
PR Number Synopsis Category: Flow-tap software
1472109 "flow-tap" add function may not be working after the "dynamic flow capture services" process restarted
Product-Group=junos
If the "dynamic flow capture services" process (DFCD) restarts, a request to add an additional flow filter by the mediation device will not be installed. This causes incomplete flow information sending to the content destination.
PR Number Synopsis Category: Flow Module
1465944 Junos OS: High-End SRX Series: Multicast traffic might cause all FPCs to reset. (CVE-2020-1634)
Product-Group=junos
On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core. Refer to https://kb.juniper.net/JSA11014 for more information.
PR Number Synopsis Category: IPSEC/IKE VPN
1481625 20.1TOT : SRX4200 : SNP [Regressions] : IPSEC_Tunnels per second (TPS) : In srx4200 Observing 35 % drop in all TPS cases (all encrypted algorithm's) in the latest 20.1I-20200103.0.1100 build
Product-Group=junosvae
In SRX4200, the IPSEC Tunnels per second rate drops by 35% in this release as compared to 19.4R1
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1475851 [Tencent] ULC-30Q28 FPC major error after system boot up or fpc restart
Product-Group=junos
FPC is reporting Major Error because of SHUTDOWN ERI failure during BIST with repair on HMC having FW version >= 0x9c. BIST with repair is incorporated during boot up, so this Major Error will be reported during boot up having FW>=0x9c on HMC. During debugging, its found that this ERI is getting issued even before the HMC was brought up which is resulting into this Error. So added bringup steps for HMC before the BIST procedure starts as done for vale-ptx.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1502867 Interface on MPC7/8/9 configured with vlan-tags outer 88a8 sends out 8100.
Product-Group=junos
On MPC7/8/9, an interface configured with vlan-tags outer 88a8 sends out 8100. In this scenario, IP traffic arrives at PE router, gets destination route from irb interface inside a VPLS instance, and then forwards to CE device. The CE facing interface is configured with vlan-tags outer 88a8, but sends traffic out with 8100. Note that traffic originating from the IRB is sent out correctly.
PR Number Synopsis Category: Unified Services Framework
1453502 Add 'syslog' config knob to stateful firewall rule then condition
Product-Group=junos
Basically achieves parity with prior MX feature. More details as follows: Prior implementation: -- whenever syslog with 'sfw category" is configured, the device will send SFW logs for all sessions. This modified implementation: -- whenever syslog with 'sfw category" is configured, the device will send SFW logs, only for those sessions that match a certain policy and the 'sfw' log is configured under policy config Advantages: The SFW logs can be enabled more granularly with this fix. The SFW logs are generated only if the stateful-firewall rule then condition specifies 'log sfw'. For example, the following knob generates SFW logs only when that rule is hit: -- "set services policies stateful-firewall-rule sfw_rule_1 policy sfw_policy_1 then log sfw" If SFW logs are required for all sessions, then this knob has to be configured for all policy configurations.
1475220 Stateful firewall rule configuration deletion might lead to memory leak.
Product-Group=junos
On MX240/MX480/MX960 and SRX platforms, when the SFW rule (Stateful Firewall Rules) configuration deletion occurs, user heap memory increases and memory leak might take place.
PR Number Synopsis Category: usf traffic load balancing relared issues
1499655 After GRES, Some of the Vrirtual Services are not UP.
Product-Group=junos
After GRES, Some of the Vrirtual Services are not UP.
Modification History:
2020-06-18 Update to add PR1473079 into the fixed section. Previously, though the fix is in its release-note entry was not available
2020-06-16 First publication
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search