ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX

Junos Software Service Release version 19.4R2-S3 is now available for download from the Junos software download site
Download Junos Software Service Release:

1. Go to Junos Platforms - Download Software page
2. Input your product in the "Find a Product" search box
3. From the Type/OS drop-down menu, select Junos SR
4. From the Version drop-down menu, select your version
5. Click the Software tab
6. Select the Install Package as need and follow the prompts

Junos Software service Release version 19.4R2-S3 is now available.

19.4R2-S3 - List of Fixed issues

PR Number	Synopsis	Category: JUNOS kernel/ukernel changes for ACX
1481151	Memory utilization enhancement is needed. Product-Group=junos	RPD memory chunk size is optimized for ACX platform to reduce the memory foot print.
PR Number	Synopsis	Category: Sflow on qfx10k/ptx series PRs for defect & enhancement req
1521732	Output interface index in SFLOW packet is zero when transit traffic is observed on the IRB interface with VRRP enabled Product-Group=junos	When VRRP is enabled on IRB interface and SFLOW is enabled on QFX10000 Series platforms, output interface Index in SFLOW packet will be zero for the traffic destined to VRRP MAC address.
PR Number	Synopsis	Category: Multicast for L3VPNs
1546739	MVPN multicast route entry may not be properly updated with actual downstream interfaces list Product-Group=junos	In multicast VPN RPT-SPT mode with both locally and remotely connected receivers, the multicast forwarding entry related to the actual downstream interfaces may not be properly updated. The issue may happen when multicast forwarding entry is created by locally connected PIM receiver, followed by remote receiver and after local receiver decides to prune its membership in that multicast group.
PR Number	Synopsis	Category: vMX Data Plane Issues
1544856	The riot forwarding daemon crash might be observed on vMX based platforms configured with IRB interface Product-Group=junos	On vMX based platforms enabled with IRB interface, the riot forwarding daemon crash might be observed which could lead to traffic loss.
PR Number	Synopsis	Category: Protocol Independant Multicast
1501722	The rpd process might crash in a multicast scenario with BGP configured. Product-Group=junos	In multicast scenario with BGP configured, when a new BGP link is brought up (such as, after updating specific BGP policies), which changes the RPF neighbor information and this update causes the rpd core to happen. The issue is seen only while updating RPF neighbor information and not seen while building it for the first time.
PR Number	Synopsis	Category: KRT Queue issues within RPD
1493963	The rpd process generates a core dumps Product-Group=junos	On EVO platforms running BGP with knob 'route-record' or sampling, the rpd might crash if BGP paths exceed around 5600K.
PR Number	Synopsis	Category: RPD route tables, resolver, routing instances, static routes
1507638	On all Junos OS dual-Routing Engine GRES or NSR enabled routers, the rpd process might crash on a new primary Routing Engine if the Routing Engine switchover occurs right after massive routing-instance deletion. Product-Group=junos	On all Junos platforms, if GRES and NSR are enabled at a dual-RE router and if RE switchover happens (either manually or due to some other reasons) right after deleting a big number of routing instances, then rpd at a new primary RE could crash once. Once a new primary RPD crashed, it will restart by itself.
PR Number	Synopsis	Category: IPSEC functionality on M/MX/T ser
1544794	CMVTS:mspmand cored at pconn_client_try_connect (clnt=0x10064ae00) at ../../../../../src/junos/lib/libconn/pconn_conn.c:2155 Product-Group=junos	During activate/deactivate of interfaces multiple times, sometimes mspmand may core in pconn library because of NULL pointer access. The service pic will auto-recover after a reboot.
PR Number	Synopsis	Category: Trio pfe bridging, learning, stp, oam, irb software
1506861	The MEP session on the aggregated Ethernet interface might not come up if OAM runs with PPM mode by default. Product-Group=junos	On MX platform running with enhance IP mode or enhanced ethernet mode, also, Operation, Administration and Maintenance (OAM) is enabled with Periodic Packet Management (PPM) mode by default, maintenance association end point (MEP) session might be failed to create. In the end, network connection failure might not be efficiently monitored. This is functional impact.
1542211	Trio-based FPC might crash when the underlying layer 2 interface for ARP over IRB interface is changed from physical interface to LSI interface Product-Group=junos	This issue applies to a Trio-based FPC using the integrated routing and bridging (IRB) interface with a VPLS instance using the label-switched interface (LSI) to provide VPLS functionality. The FPC may restart unexpectedly. The restart is triggered when the underlying layer-2 interface for ARP over IRB interface changes from the physical interface to the LSI interface.
PR Number	Synopsis	Category: VSRX platform software
1524243	The control link may be broken when there is excessive traffic load on the control link in vSRX cluster deployment Product-Group=junosvae	In the vSRX2.0 cluster running on KVM, when there is excessive traffic load on the control link (em0 link), the error message kernel: em0: watchdog timeout on queue 0 might be shown in the syslog. This interruption might cause the cluster control link to fail and dynamic routing protocols not to work properly.

 

---

19.4R2-S3 - List of Known issues

PR Number	Synopsis	Category: NFX Series Platform Software
1462556	Junos OS: NFX350: Password hashes stored in world-readable format (CVE-2020-1669) Product-Group=junos	The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. Refer to https://kb.juniper.net/JSA11066 for more information.
PR Number	Synopsis	Category: QFX L3 data-plane/forwarding
1500508	On the QFX5100 Virtual Chassis or Virtual Chassis fan, traffic loss on multiple traffic streams is observed after reboot and the interfaces of the Virtual Chassis node flaps. Product-Group=junos	On QFX5100 VC/VCF : Observing traffic loss on multiple traffic streams after reboot and flapping the interfaces of the VC node
PR Number	Synopsis	Category: ACX Services feature
1504717	Observed core-ripsaw-node-aftd-expr on ACX6360 Product-Group=junos	Argus/Capella support is limited to 19.4R2-S2
PR Number	Synopsis	Category: Border Gateway Protocol
1538956	[bgp] [VMX Regressions: After move peer out of protection group, path protection not removed from the PE router -- Multipath route still present] Product-Group=junos	After move peer out of protection group, path protection not removed from the PE router -- Multipath route still present
PR Number	Synopsis	Category: Device Configuration Daemon
1407295	Both nodes in the SRX Series chassis cluster go into DB mode after downgrading to Junos OS Release 18.1. Product-Group=junosvae	Both nodes in the SRX cluster went into db mode after downgrading to 18.1 when the vlan-tagging configured on reth interfaces, but vlan-id is not configured
PR Number	Synopsis	Category: Covers Application classification workflows apart from custo
1545580	AppID : Need syslog to indicate signature download completion Product-Group=junos	PR - 1550350 to track it, please refer to it.
PR Number	Synopsis	Category: mgd, ddl, odl infra issues
1522339	Compressed /var/log/ creation through file archive compress might fail on certain PTX platforms running Junos Evolved. Product-Group=junos	Compressed /var/log/ creation via "file archive compress" might fail on certain PTX platforms running Junos Evolved.
PR Number	Synopsis	Category: Express PFE FW Features
1420560	On the PTX3000 routers, the firewall counter for lo0 does not increment. Product-Group=junos	Issue will not be fixed in 19.1 release, will be fixed in subsequent releases.
PR Number	Synopsis	Category: Fabric Manager for MX
1482124	Fabric healing logic incorrectly makes all MPC line cards go offline in the MX2000 router while the hardware fault is located on one specific MPC line card slot. Product-Group=junos	In specific MPC hardware failure conditions within the MX2K platform, fabric healing will attempt to auto-heal the fault location in 3 phases to prevent traffic blackholing. If under such fault conditions only destination timeouts are reported without corresponding link errors, the fabric healing process might restart all MPCs in phase-2 in an auto-healing attempt and if the error condition appears again within 10 minutes the last phase-2 might offline all MPCs in the system.
PR Number	Synopsis	Category: KRT Queue issues within RPD
1505769	Traffic flow might be blocked if MTU configured under IFD is greater than MTU configured under IFF Product-Group=junos	On EVO platforms, if MTU configured under physical interface (IFD) is greater than MTU configured under same interface with family inet or family inet6 (IFF), aftmand might have catastrophic event. In the end, no traffic could be forwarded by aftmand. Please make sure IFD MTU need to be configured with smaller value than IFF MTU.
PR Number	Synopsis	Category: Trio pfe bridging, learning, stp, oam, irb software
1533857	FPC crash might be observed when the ASIC's NH memory exhausted in the EVPN-MPLS scenario Product-Group=junos	On all MX/EX92xx platforms with EVPN-MPLS configured, NH (Next-Hop) memory leak in Trio ASIC happens whenever there is a route churn for remote MAC-IP entries learned bound to the IRB interface in EVPN-MPLS routing-instance. When the ASIC's NH memory partition exhausted (free% NH memory is close to 20% or below), which will result in the line card to reboot.

First publication 2020-11-23