Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles20.2R2-S2: Software Release Notification for JUNOS Software Version 20.2R2-S2
Junos Software service Release version 20.2R2-S2 is now available.
20.2R2-S2 - List of Fixed issues| PR Number | Synopsis | Category: EX4300 VC implementation |
|---|---|---|
| 1526493 | EX4300-48MP device might go out of service during a software upgrade operation Product-Group=junosvae |
On EX4300-48MP platform, when a software upgrade operation is issued, the storage available for the Junos virtual Machine(VM), at the hypervisor level, can fall low. This can result in the Junos VM going into a hung or paused state. A reboot of the device is required to restore service on the device. |
| PR Number | Synopsis | Category: MX Layer 2 Forwarding Module |
| 1546631 | MAC learning issue might happen when EVPN-VXLAN is enabled. Product-Group=junos |
On MX platform, with Ethernet VPN and Virtual Extensible LANs (EVPN-VXLAN) implemented, Address Resolution Protocol (ARP) requests received on VXLAN tunnel endpoint (VTEP) might not forward to customer edge (CE) side or Proxy ARP role on VTEP might not work properly. This issue could happen when knob 'no-arp-suppression' is disabled under EVPN instance combined with static VXLAN implementation. Please refer to workaround provided when this issue hit. |
| PR Number | Synopsis | Category: MIBs related to BBE |
| 1535754 | Snmp mib walk for jnxSubscriber OIDs returns General error Product-Group=junos |
Snmp mib walk for jnxSubscriber OIDs returns General error |
| PR Number | Synopsis | Category: Border Gateway Protocol |
| 1541768 | The rpd process generates the core file at gp_rtarget_tsi_update,bgp_rtarget_flash_rt,bgp_rtarget_flash. Product-Group=junos |
If RTarget module tries to take an access of the active route which does not exist (since NextHop is not resolved), a reference is taken on the non-existent active route, and rpd crashes. |
| 1557604 | Multipath info still shown for BGP route even after disabling interface for one path Product-Group=junos |
Multipath info still shown for BGP route even after disabling interface for one path |
| PR Number | Synopsis | Category: MX Platform SW - Mastership Module |
| 1557413 | ISSU may be aborted on MX devices for version 20.2R2-S1 Product-Group=junos |
On MX480/960/2010 platforms and version 20.2R2-S1 ISSU maybe aborted in below 2 cases: 1.ISSU from other branches to 20.2R2-S1 2.ISSU from 20.2R2-S1 to other branches. |
| PR Number | Synopsis | Category: EVPN ELAN/E-TREE |
| 1555679 | The ARP packets from the CE device are added with VLAN tag if the VLAN-ID is configured in the EVPN routing instance. Product-Group=junos |
On the ACX5448/ACX710 series platforms working as PEs in an EVPN scenario, if 'vlan-id none' is configured for an EVPN routing instance, ARP packets received from CEs or hosts within this EVPN instance may not be encapsulated properly on the ACX devices, causing failed traffic connectivity between CEs/hosts. |
| 1559084 | On the ACX5448 router, the unicast packets from the CE devices might be forwarded by the PE devices with additional VLAN tag if IRB is used. Product-Group=junos |
On ACX5448 in EVPN-MPLS scenario with IRB configured, if vlan-id none is configured in the EVPN instance, when unicast packets from CE to remote CE are received at ACX5448, additional VLAN tag is added by ACX5448 while forwarding the same on the core link. There is traffic loss due to this issue. |
| PR Number | Synopsis | Category: Firewall Module |
| 1521325 | The TCP packet might be dropped if syn-proxy protection is enabled. Product-Group=junos |
On SRX series devices, if TCP SYN flood protection is enabled with TCP SYN Proxy and the 3rd and 4th packet from the client arrive at the same time, then it can cause an SEQ error that may break the TCP connection. |
| PR Number | Synopsis | Category: IPSEC/IKE VPN |
| 1530684 | On all SRX Series devices using IPsec with NAT traversal, MTU size for the external interface might be changed after IPsec SA is re-established. Product-Group=junos |
On all SRX series devices using IPsec with NAT Traversal, MTU size might be changed to a lower value for the ike external interface after IPsec SA is re-established. |
| PR Number | Synopsis | Category: PFE infra to support jvision |
| 1547698 | SENSOR APP DWORD leak is observed during the period of churn for routes bound to the sensor group. Product-Group=junos |
SENSOR APP DWORD leak observed during the period of churn for routes bound to Sensor group. Sensor types that are affected are Segment Routing, Segment Routing-TE, LDP and RSVP LSPs. |
| PR Number | Synopsis | Category: Issues related to Junos licensing infrastructure |
| 1558017 | Licenses for features VRRP, CFM, QINQ, VXLAN, MCLAG, ESI-LAG, LFM/ethernet-oam might incorrectly show as invalid licenses Product-Group=junos |
In Release 20.2, some features will show up as a licensed feature. Customer would see alarms, commit warnings and "show system license" output as below. However, there would be no functional impact. admin@QFX5120> show system license License usage: Licenses Licenses Licenses Expiry Feature name used installed needed esi-lag 1 0 1 invalid |
| PR Number | Synopsis | Category: MPC11 ULC fabric software related issues. |
| 1546449 | Plane offline IPC of chassisd may time out on MX devices with MPC11E linecards Product-Group=junos |
On MX2010/MX2020 with MPC11E linecards, plane offline IPC event might be stuck and the line cards may restart. This issue may happen if there is a run time CRC error on Cascaded PFE and when both the planes associated with the link fault are made offline. |
| PR Number | Synopsis | Category: Issues related to PKI daemon |
| 1525924 | Certificate validation might fail when OCSP is used and the OCSP server is a dual-stack device. Product-Group=junos |
When IPSec and PKI are used on SRX platforms, two VPN peers are using OCSP and the OCSP server is dual-stack device, if revocation check is configured for certificate, the certificate validation might fail and the IPSec tunnel is not established. |
| PR Number | Synopsis | Category: vMX Platform Infrastructure related issue tracking |
| 1548422 | Traffic with jumbo frame may be discarded on the vMX platforms Product-Group=junos |
On the VMX platforms which are installed on ESXI 6.7 with vmxnet3 driver, traffic with jumbo frame (Packets with MTU more than 1500) may be discarded upon receiving. |
| PR Number | Synopsis | Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI |
| 1481143 | Chassisd cores might happen on backup RE after commit on QFX10Ks due to CHASSISD_MAIN_THREAD_STALLED for 200 seconds Product-Group=junos |
Chassisd cores might happen on the backup RE after commit on QFX10K8/16s due to CHASSISD_MAIN_THREAD_STALLED for 200 seconds. |
| 1558407 | Amber LEDs seen for fan modules in QFX5120 after upgrade to 20.2R1 Product-Group=junosvae |
QFX5120-48Y after upgrade 20.2R1 -- and later releases -- the fan modules' Amber LEDs are on continuously even if there is no fault in the fans. |
| PR Number | Synopsis | Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous) |
| 1539654 | Cannot take RSI properly due to Authentication error Product-Group=junosvae |
On QFX10k and PTX10k series which is running on 20.X release, cannot collect RSI properly due to authentication error. |
| PR Number | Synopsis | Category: Filters |
| 1472206 | On the QFX5000 line of switches, the egress ACL filter entries is only 512 in Junos OS Release 19.4R1. Product-Group=junosvae |
On QFX5K platforms with 19.4R1 release, the Egress ACL filter entries will be only 512 instead of 1022. If we configure an Egress PACL/RACL/VACL filter more than 512 terms, the filter might not be installed. |
| PR Number | Synopsis | Category: SW PRs for SCBE3 fabric |
| 1553641 | The fabric errors are observed and the FPC processes might get offlined with SCBE3, MPC3E-NG, or MPC3E and MPC7 or MPC10 in the increased-bandwidth fabric mode. Product-Group=junos |
On MX240/MX480/MX960 platforms, with default "increased-bandwidth" fabric mode and SCBE3, if we have MPC3 or MPC3-NG exist on the system along with high bandwidth MPC, during high traffic situation or bursty traffic through the fabric towards MPC3/MPC3-NG. MX fabric might report unreachable destination condition and causes fabric healing to trigger in. This issue is exacerbated when having MPC7 or MPC10 line cards installed due to high fabric bandwidth that can be generated. |
| PR Number | Synopsis | Category: usf inline feature related issues |
| 1547647 | The nsd daemon may crash after configuring the inline NAT in USF mode Product-Group=junos |
On MX240/480/960 platforms, the nsd daemon might crash after configuring the inline NAT in USF mode. This might be caused due to the new memory debugging framework introduced in NSD daemon to track allocated or free memory. |
| PR Number | Synopsis | Category: Bi Directional Forwarding Detection (BFD) |
|---|---|---|
| 1453705 | On the MX2010 Series routers, the BFD session on the IS-IS step up flaps during the ISSU - FRU upgrade stage. Product-Group=junos |
Bfd session flaps during ISSU only in mpc7e card(Bfd sessions from other cards of DUT to peer routers did not flap during ISSU). Issue is not seen frequently. |
| PR Number | Synopsis | Category: IDP policy |
| 1543571 | Need syslog to indicate signature download completion Product-Group=junos |
<29>1 2020-10-04T22:41:50.822-07:00 dpidev-siege-05 idpd 2639 IDP_SECURITY_DOWNLOAD_RESULT [junos@2636.1.1.1.2.136 status="Done;Successfully downloaded from(https://services.netscreen.com/cgi-bin/index.cgi). Version info:3320(Fri Oct 2 05:22:33 2020 UTC, Detector=12.6.160200828)"] security package download result(Done;Successfully downloaded from(https://services.netscreen.com/cgi-bin/index.cgi). Version info:3320(Fri Oct 2 05:22:33 2020 UTC, Detector=12.6.160200828)) |
| PR Number | Synopsis | Category: High Availability/NSRP/VRRP |
| 1548173 | Disabled node on SRX cluster sent out ARP request packets Product-Group=junos |
Disabled state node on an SRX cluster may send ARP requests when the primary of RG0 and 1 are on different nodes |
| PR Number | Synopsis | Category: all logging related bugs on srx platforms |
| 1520071 | FQDN-based security log stream does not dynamically update the IP address. Product-Group=junos |
RTLOG will leave FQDN in the configuration and query as needed (TTL expiration) and update the PFE |
| PR Number | Synopsis | Category: IPv6/ND/ICMPv6 issues |
| 1570999 | RE0 REBOOTED WITH VMCORE DUMP @ip6_key_extract, calculate_route,ip6_recv_input Product-Group=junos |
The device crashes whenever there is a malformed IPV6 packet hitting it. Bad IPV6 packet meaning some IPv6 packet with invalid options, or if the length of the packet is less than minimum. RE is seen to reboot post the core dump. |
| PR Number | Synopsis | Category: JUNOS Network App Infrastructure (for ping, traceroute, etc) |
| 1463622 | The cosmetic error messages of NTP time synchronization might be seen during device booting Product-Group=junos |
In NTP with the boot-server scenario, when the router or switch boots, the NTP daemon sends ntpdate request to poll the configured NTP boot-server to determine the local date and time. If the ntpdate is not activated correctly while the device is booting, the ntpdate might not work successfully. Then, some cosmetic error messages of time synchronization might be seen, but there is no impact with time update because the NTP daemon will update the time eventually. |
| PR Number | Synopsis | Category: Issues related to PKI daemon |
| 1560374 | High CPU usage on pkid process might be seen when the device is unable to connect to a particular CRL URL Product-Group=junos |
On all SRX platforms, if the device is unable to connect to a particular CA certificate CRL URL then high CPU usage on pkid process might be observed. |
| PR Number | Synopsis | Category: MPC7/8/9 Interface Issues |
| 1473280 | The following error message might appear: Failed to complete DFE tuning. This error message has no functional impact and can be ignored. Product-Group=junos |
Even with the fix for PR 1463015, the "Failed to complete DFE tuning" syslog may appear. This message has no functional impact and can be ignored. |
| PR Number | Synopsis | Category: SRX-1RU platfom related protocol, QoS, filtering features et |
| 1569471 | For SRX4200 to enable GRE queuing need to enable tunnel-queuing Product-Group=junos |
For SRX4200 to enable GRE queuing need to enable tunnel-queuing |
| PR Number | Synopsis | Category: ZT/YTpfe bridging, learning, stp, oam, irb software |
| 1435855 | Layer 2 over GRE is not supported in Junos OS Release 19.3R1. Even though, the configuration gets committed, the feature does not work. Product-Group=junos |
On MPC10E 3D MRATE-15xQSFPP, L2 over GRE is not supported. Although the configuration gets committed, the feature does not work. |
| PR Number | Synopsis | Category: UI Infrastructure - mgd, DAX API, DDL/ODL |
| 991081 | The configuration change on Backup RE cannot be synchronized while deleting inactivated interfaces/routing-instances from master Product-Group=junos |
In the dual Routing Engine scenario, the backup Routing Engine does not sync up the configuration change while deleting an inactivated interface/routing-instances from the master. So after the operation, the inactivated interface/routing-instances still exists on the backup Routing Engine. |
| 1543037 | The license errors may get returned on backup RE when trying to commit the configuration Product-Group=junos |
On all Junos platforms, when trying to commit the configuration, license errors may get returned on backup RE even though the license is installed correctly. This issue doesn't have any service impact. |
| PR Number | Synopsis | Category: Virtual Router Redundancy Protocol |
| 1558560 | Junos device might send VRRP advertisement packets in VRRP init or idle state before startup-silent-period timer expiry after performing GRES on VRRP master device with NSR disabled Product-Group=junos |
If VRRP master device has dual Routing Engines (REs) and GRES enabled but nonstop-routing (NSR) disabled, after performing GRES, both REs will move to VRRP init then idle state and the new master RE will send VRRP advertisement packets in this stage before startup-silent-period timer expiry. Since the VRRP backup device can still receive the VRRP advertisement packets with higher priority, it will not transition to VRRP master state and hence cause the longer traffic downtime until the VRRP master device re-take the VRRP mastership after startup-silent-period timer expiry. |
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search