Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

19.2R1-S5: Software Release Notification for JUNOS Software Version 19.2R1-S5

0

0

Article ID: TSB17859 TECHNICAL_BULLETINS Last Updated: 19 Sep 2020Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 19.2R1-S5 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 19.2R1-S5 is now available.

19.2R1-S5 - List of Fixed issues
PR Number Synopsis Category: EX2300/3400 PFE
1525373 "Drops" and "Dropped packets" counters in the output by "show interface extensive" are double counting.
Product-Group=junos
"show interface ..." command shows wrong values for the "Drops" and "Drop Packet" counters. The actual value is half of the display values.
PR Number Synopsis Category: common or misc area for SRX product
1490181 SRX1500 and SRX4K devices might boot up with rescue configuration after a power outage occurs
Product-Group=junos
After a power outage occurs, SRX1500 and SRX4K devices might load rescue configuration in order to boot up successfully.
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1448649 Junos OS BFD sessions with authentication might flap after a certain period of time
Product-Group=junos
In the scenario where BFD session authentication is configured, after a certain period of time, BFD sessions flaps may be seen, this will cause the neighbor to be down.
PR Number Synopsis Category: Border Gateway Protocol
1481641 Junos OS and Junos OS Evolved: RPD crash due to specific BGP UPDATE packets (CVE-2020-1644)
Product-Group=junos
On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt of a specific BGP UPDATE packet causes an internal counter to be incremented incorrectly, which over time can lead to the routing protocols process (RPD) crash and restart. Please refer to https://kb.juniper.net/JSA11032 for more information.
1482209 BGP multi-pathed traffic might not fully load-balanced for a while after adding a new path for load sharing
Product-Group=junos
On all Junos platforms with the BGP-ECMP (Equal Cost Multi-Path) scenario, if adding a new path for load sharing, the traffic might not fully load-balanced for a while. The worst-case scenario is much traffic moving to the new path and lead to a link oversubscription.
1487893 If a manually configured rib-group or automatically generated rib-group (through family inet labeled-unicast resolve-vpn) is used to copy inet.0 (IP routing table) routes to inet.3 (MPLS routing table), the process rpd might continuously generate soft core files after protocols bgp path-selection always-compare-med is configured.
Product-Group=junos
If a manually configured rib-group or automatically generated rib-group (through family inet labeled-unicast resolve-vpn) is used to copy inet.0 (IP routing table) routes to inet.3 (MPLS routing table), the process rpd might continuously generate soft core files after protocols bgp path-selection always-compare-med is configured.
1497721 Junos OS: Receipt of certain genuine BGP packets from any BGP Speaker causes RPD to crash. (CVE-2020-1640)
Product-Group=junos
An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon allows an attacker to crash RPD thereby causing a Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11024 for more information.
PR Number Synopsis Category: MPC5/6E pfe microcode software
1453575 The FPC might crash due to the memory corruption in JNH pool
Product-Group=junos
On all Trio-based platforms, after the restart of the fabric plane, the FPC might crash due to memory corruption in the JNH pool.
1478392 MPCs might stop when there is bulk route update failure in a corner case.
Product-Group=junos
On all MPCs and certain MICs, if there are events like interface flaps, the routes learned over that interface might get retracted and deleted by the routing protocols. Because of this issue, when bulk route update failure happens, either some next hops are unable to be reached or certain next hops are still reachable incorrectly, and the line card might crash in a corner case. It is a rare timing issue.
PR Number Synopsis Category: MX Platform SW - Power Management
1501108 MX2020/MX2010 might continuously log "pem_tiny_power_remaining:" in chassisd log
Product-Group=junos
On MX2020/MX2010, the "pem_tiny_power_remaining" message might be continuously logged in chassisd log.
PR Number Synopsis Category: QFX Control Plane VXLAN
1441047 The specific source ports of UDP packet are dropped on EVPN or VXLAN setup.
Product-Group=junos
On QFX5120 EVPN/VXLAN scenario, in a rare condition, the specific source-ports of UDP packets (41070 or 52870) are wrongly hitting wrong internal VXLAN implicit filter (system level and unable to configure), causing these two kinds of UDP packet loss/service degradation on UDP service.
PR Number Synopsis Category: Express PFE FW Features
1420057 On the PTX5000 line of routers, the show filter index < number> counter vty command displays values as zero at 28-02-HOSTBOUND_NDP_DISCARD_TERM. The counter does not increase for the NDP packets. The issue is only with the show filter index command, which is a debug tool in vty. This issue has no impact on the NDP functionality for the user traffic.
Product-Group=junos
VTY command "show filter index < number> counter" showes values as zero at 28-02-HOSTBOUND_NDP_DISCARD_TERM on PTX5000 platform. Basically, the counter does not increase for NDP packets. The issue is only with "show filter index", which is a debug tool in VTY. This issue has no impact on NDP functionality for user traffic. There are no issues with NDP functionality and DDOS for NDP is also working,
PR Number Synopsis Category: Express ASIC interface
1511492 Unable to bring the ports up when plugging the optic QSFP-100GBASE-LR4-T2 (740-061409) to PTX3000 or PTX5000
Product-Group=junos
When plugging the optic QSFP-100GBASE-LR4-T2 (740-061409) to PTX3000 or PTX5000, the device displays a log message of "unsupported optic" and the interface will not be up.
PR Number Synopsis Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip
1472643 Performing back-to-back rpd restarts might cause rpd to crash
Product-Group=junos
On all Junos OS platforms, after performing back-to-back rpd restarts, rpd might crash. The rpd core may be observed after a timeout of 10 minutes.
PR Number Synopsis Category: Fast Ethernet interfaces
1436327 The control logical interface is not created along with physical interface by default on MX/EX/SRX
Product-Group=junos
The control logical interface (IFL unit is 16386) is not created along with physical interface (ge/xe/et) by default on MX/EX/SRX if IFL is not configured explicitly. This could lead the protocol (e.g. LLDP) using the control logical interface not working.
PR Number Synopsis Category: ISIS routing protocol
1452956 SPRING-LDP interoperability issues are observed with colocated SRMS+SR-client+LDP-stitching
Product-Group=junos
In SR to LDP interworking scenario, where SR domain is in Level 1 of IS-IS, Segment Routing Mapping Server (SR-MS) in Level 1/Level 2, and LDP domain in Level 2, if disable SR function under L2 of IS-IS on SR-MS, then all the L2 and L1 SR routes might be deleted on SR-MS (L1 SR routes should be kept), which might cause traffic loss.
1463650 IS-IS IPv6 multi-topology routes might flap every time when there is an unrelated commit under protocol stanza
Product-Group=junos
With multi-topology enabled in ISIS globally hierarchy level, if some ISIS interfaces don't have IPv6 address, all ISIS IPv6 routes flap when committing any change under protocol stanza (e.g. 'protocol pim traceoption').
PR Number Synopsis Category: JSR Infrastructure
1479156 The vSRX may restart unexpectedly
Product-Group=junos
The srxpfe process generates core files when a socket-open error occurs during the initialization phase. Self-healing takes place when the srxpfe reboots and starts processing traffic.
PR Number Synopsis Category: Label Distribution Protocol
1471191 The rpd process might crash during shutdown
Product-Group=junos
The rpd shutdown process such as clean up of scale configuration and rolling it back with LDP configured might cause rpd to crash. The rpd shutdown rarely happens during normal operation. It is widely used for testing purpose. The rpd crash may result in traffic loss.
PR Number Synopsis Category: Jflow and sflow on MX
1487876 Incorrect 'frame length' of 132 bytes might be captured in packet header
Product-Group=junos
On all MX/PTX5k/EX platforms with Trio based line cards, if a packet is send with more than 128 bytes it will always show incorrect "Frame length" of 132 bytes in raw packet header of sflow collector captured data.
PR Number Synopsis Category: DNS filtering on MX.
1474056 Junos OS: MX Series: Services card might restart when DNS filtering is enabled (CVE-2020-1645)
Product-Group=junos
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart. Refer to https://kb.juniper.net/JSA11028 for more information.
PR Number Synopsis Category: MX10K platform
1471372 Sudden FPC shutdown due to hardware failure or ungraceful removal of line card causes major alarms on unrelated remote FPCs
Product-Group=junos
On the MX10008/MX10016 platforms, If the FPC line card gets offline due to power failure or FPC Line card is removed from the chassis without prior offline of the card, other FPC line cards in the system will report fabric failures and fabric self-ping failures. The fabric self-ping failure will invoke disable-pfe action. Once PFE is disabled due to disable-pfe action, the line card needs to get restarted to recover. This issue will cause traffic loss.
PR Number Synopsis Category: Neo Interface
1453433 Interfaces shutdown by 'disable-pfe' action might not be up using MIC offline/online command
Product-Group=junos
On MX Series devices, MPC wedge might cause disable-pfe action. The disable-pfe action shuts down interfaces to avoid traffic being silently dropped. MIC bouncing (offline/online) operation brings WAN interfaces up, causing traffic to be dropped or silently discarded. Restoring the Packet Forwarding Engine entity upon disable-pfe action needs MPC restart.
PR Number Synopsis Category: OS IPv4/ARP/ICMPv4
1468183 Junos OS: Kernel crash (vmcore) or FPC crash due to mbuf leak (CVE-2020-1653)
Product-Group=junos
On Juniper Networks Junos OS devices, a stream of TCP packets sent to the Routing Engine (RE) may cause mbuf leak which can lead to Flexible PIC Concentrator (FPC) crash or the system to crash and restart (vmcore). Refer to https://kb.juniper.net/JSA11040 for more information.
1511833 The kernel may crash causing the router or the RE to reboot if making virtual IP related change
Product-Group=junos
On all Junos platforms with VRRP enabled, if delete and add any configuration which involves the virtual IP in the same commit, the kernel might crash. When this happens, the system or the RE will reboot.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1505864 The installation fails when upgrading from legacy Junos to specific BSDx based Junos
Product-Group=junos
The installation might fail when upgrading from legacy Junos (before Junos 15.1) to higher BSDx based Junos releases (Junos 15.1 and after).
1518898 The kernel might crash if a file/directory is accessed for the first time and is not created locally
Product-Group=junos
On the Junos with Virtual Filesystem (VirtFS), if a file/directory is accessed for the first time and is not created locally, the kernel might crash and generate a vmcore file. Junos might reboot due to this issue.
PR Number Synopsis Category: "ifstate" infrastructure
1486161 Kernel core might be seen if deleting an ifstate
Product-Group=junos
On all Junos platforms, some operations such as configuration change might cause the state information to change and eventually cause the ifstate to be deleted. In a very rare case, deleting an ifstate (kernel state) might cause kernel core and Routing Engine restart. There is no specific trigger. This issue is reported by the configuration change.
PR Number Synopsis Category: TCP/UDP transport layer
1437257 The BGP session might flap after Routing Engine switchover is done simultaneously on both boxes of BGP peer in scaled BGP session setup.
Product-Group=junos
On all Junos platforms with GRES enabled, if BGP is configured with NSR and MD5 authentication in logical-systems, the BGP sessions might flap after performing Routing-Engine switchover simultaneously on both end of BGP peers.
PR Number Synopsis Category: vMX Platform Infrastructure related issue tracking
1491662 VFP VM becomes unresponsive following reboot of vMX
Product-Group=junos
In the XL710/X710 network interface cards (NIC) is used with the performance mode vMX scenario, the NIC driver is loaded to figure out NIC speed-related information on every restart or reboot of vMX. If the virtual forwarding plane (VFP) VM is continuously restarted, the NIC driver might be loaded repeatedly, it might cause the memory corruption which might lead VFP VM to become unstable, after that, the traffic loss might happen on VFP VM.
1493805 Viewing a large file from vFPC console may hog the console.
Product-Group=junos
Viewing a large file from vFPC console using "cat" application may hog the console.
PR Number Synopsis Category: QFX L2 PFE
1510329 ARP replies might be flooded through the EVPN-VXLAN network as unknown unicast ARP reply.
Product-Group=junos
The QFX5100/5110/5120/5200 platforms configured as EVPN-VxLAN leaf, the leaf will send periodic ARP requests to connected hosts to refresh the mac-ip entry when proxy-arp and suppression are enabled. These ARP replies are being processed by the leaf, however, they are also being flooded further through the EVPN-VxLAN network as unknown unicast ARP reply. This issue may decrease the bandwidth efficiency of the core network.
PR Number Synopsis Category: KRT Queue issues within RPD
1501817 Traffic might get dropped or discarded in the fast-reroute scenario
Product-Group=junos
In the platform using INH (indirect next hop, such as Unilist) as route next hop type for multiple paths scenario (such as BGP PIC or ECMP), the session fast-reroute might be enabled in Packet Forwarding Engines (PFEs). When the version-id of session-id of INH is above 256, the PFE might not respond to session update, which might cause the session-id permanently to be stuck with the weight of 65535 in PFE. It might lead PFE to have a different view of Unilist against load-balance selectors. Then either the BGP PIC or the ECMP-FRR might not work properly and traffic might be dropped or silently discarded.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1453811 Delay in freeing processed defragment buffers lead to prolonged flow control and might crash.
Product-Group=junos
On Juniper Networks Junos MX Series with service card configured, receipt of a stream of specific packets may crash the MS-PIC component on MS-MIC or MS-MPC. Refer to https://kb.juniper.net/JSA11037 for more information.
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1478279 FPC memory leak might occur after executing the show pfe route command
Product-Group=junos
On all Junos platforms, if the command "show pfe route " is executed to dump the Packet Forwarding Engine (PFE) routes, and then the routes get deleted by some events, for example, Virtual Routing and Forwarding (VRF) configuration removal or Border Gateway Protocol (BGP) flap, the FPC memory leak might happen due to this issue. In large scaled scenario, the memory leak will increase by large amount which might be easier to cause FPC crash.
PR Number Synopsis Category: PTX/QFX10002/8/16 specific software components
1452604 PLL errors might be seen after FPC reboots or restarts
Product-Group=junos
On MX10008/MX10016 platforms, when FPC reboot or restart by any means, PLL_CMERROR_MPC_LMK04906_WAN_LD and PLL_CMERROR_MPC_LMK04906_WAN_LOS errors might be seen shortly after the FPC comes back online.
1492996 The PIC number great than 4 will be missing from SNMP table entPhysicalTable
Product-Group=junos
Currently the maximum number of PICs is set to 4 in code for SNMP table entPhysicalTable. So, if the PIC number is great than 4 on some platform like JNP10K-LC2101 on MX10008, the PIC number great than 4 will be missing. This could cause SNMP table entPhysicalTable not matching with the PICs shown at "show chassis hardware".
PR Number Synopsis Category: Windsurf chassis software
1504867 Fan speed might toggle between full and normal on MX960 with Enhanced FRU
Product-Group=junos
On MX960 platforms with MPC5E, Enhanced FRU is having the same threshold setting for higher and lower temperatures which might cause fan speed to toggle between higher and normal speed.
PR Number Synopsis Category: ZT pfe l3 forwarding issues
1474160 An MPC11 crash might occur on the MX2000 platform using multi dimensional advanced scale configuration that has inline keep alive sessions
Product-Group=junos
On an MX2k platform, in a rare scenario, after loading a complex multiple dimensional configuration with scaled Inline KA sessions, an MPC11 crash might occur due to transient condition of change and add of Inline Keep alive sessions.
 

19.2R1-S5 - List of Known issues

PR Number Synopsis Category: Marvell based EX PFE L3
1462106 Error messages related to soft reset of port due to queue buffers being stuck could be seen on EX-4600-EX-4300 VC
Product-Group=junos
Error messages related to soft reset of port due to queue buffers being stuck could be seen on EX-4600-EX-4300 VC
PR Number Synopsis Category: MPC Fusion SW
1508794 A Regression issue introduced by PR1463859 causing WAN-PHY interface continuously flaps with default hold-time down of 0
Product-Group=junos
PR1463859 introduces a software defect that causes a 10GE interface to flap continuously when configuring with the WAN-PHY framing with the default "hold-down" timer (0). Once upgrading a router to an affected software release, the interface may flap continuously. This is not applicable to an interface with the default framing - LAN-PHY.
PR Number Synopsis Category: PFE Fusion software
1408947 Junos Fusion Enterprise: Observed Error jnh_dot1br_ktree_entry_create(1098): Entry Already Exists . Observing duplicate ECID values for cluster/extended ports on member ports of same cluster.
Product-Group=junosvae
When using EX9200 as the Aggregate Device (AD), you may see this error - "jnh_dot1br_ktree_entry_create(1098): Entry Already Exists" continuously. This caused by EX2300 Sattilite Devices (SDs) are having duplicate ECID values for the cluster/extended ports across members of same cluster devices
PR Number Synopsis Category: Firewall Filter
1524836 Firewall family inet filter enhanced-mode is not committing on MPC7E 100G port
Product-Group=junos
Once the enhanced-mode is enabled for the 100G ports, the system was not committing the change, and with this fix the issue is fixed and now working as expected.
PR Number Synopsis Category: Interface Information Display
1435416 The output of "show interfaces <>" command for AFT card might be different from legacy card
Product-Group=junos
Due to the fix of PR 1410464 (fixed on 19.1R2 19.2R1 19.3R1), output of below commands is changed on Advanced Forwarding Toolkit (AFT) cards. On legacy cards output remains the same. "show interfaces <> statistics" will display the input and output packets rate instead of input and output packets count. Below commands show the rate for Traffic statistics (total traffic) instead of Transit statistics. show interfaces <> statistics detail show interface <> extensive
1448090 The ifinfo daemon might crash on the execution of the show interface extensive command.
Product-Group=junos
On Junos devices, the CLI session might freeze and ifinfo daemon crashes on the execution of "show interface extensive" command. This issue is caused when the forwarding-class name is truncated due to its larger length and this truncated string is passed to the ifinfo.
PR Number Synopsis Category: IPSEC/IKE VPN
1517262 The flowd might crash in IPsec VPN scenario
Product-Group=junos
On SRX platforms with IPsec VPN configured, the flowd might crash during the IPsec VPN rekey window. The traffic/service might be impacted if hitting this issue.
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1461593 \More number of output packets are seen than expected when the ping function is performed.
Product-Group=junos
During host ping with gr- tunnel endpoint lt- interface termination, gr- interface input and lt- interface output counters come as (host path + transit counter).
 
Modification History:
First publication 2020-09-18
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search