Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

20.2R2-S2: Software Release Notification for JUNOS Software Version 20.2R2-S2



Article ID: TSB17981 TECHNICAL_BULLETINS Last Updated: 22 Feb 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
Alert Description:
Junos Software Service Release version 20.2R2-S2 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts

Junos Software service Release version 20.2R2-S2 is now available.

20.2R2-S2 - List of Fixed issues
PR Number Synopsis Category: EX4300 VC implementation
1526493 EX4300-48MP device might go out of service during a software upgrade operation
On EX4300-48MP platform, when a software upgrade operation is issued, the storage available for the Junos virtual Machine(VM), at the hypervisor level, can fall low. This can result in the Junos VM going into a hung or paused state. A reboot of the device is required to restore service on the device.
PR Number Synopsis Category: MX Layer 2 Forwarding Module
1546631 MAC learning issue might happen when EVPN-VXLAN is enabled.
On MX platform, with Ethernet VPN and Virtual Extensible LANs (EVPN-VXLAN) implemented, Address Resolution Protocol (ARP) requests received on VXLAN tunnel endpoint (VTEP) might not forward to customer edge (CE) side or Proxy ARP role on VTEP might not work properly. This issue could happen when knob 'no-arp-suppression' is disabled under EVPN instance combined with static VXLAN implementation. Please refer to workaround provided when this issue hit.
PR Number Synopsis Category: MIBs related to BBE
1535754 Snmp mib walk for jnxSubscriber OIDs returns General error
Snmp mib walk for jnxSubscriber OIDs returns General error
PR Number Synopsis Category: Border Gateway Protocol
1541768 The rpd process generates the core file at gp_rtarget_tsi_update,bgp_rtarget_flash_rt,bgp_rtarget_flash.
If RTarget module tries to take an access of the active route which does not exist (since NextHop is not resolved), a reference is taken on the non-existent active route, and rpd crashes.
1557604 Multipath info still shown for BGP route even after disabling interface for one path
Multipath info still shown for BGP route even after disabling interface for one path
PR Number Synopsis Category: MX Platform SW - Mastership Module
1557413 ISSU may be aborted on MX devices for version 20.2R2-S1
On MX480/960/2010 platforms and version 20.2R2-S1 ISSU maybe aborted in below 2 cases: 1.ISSU from other branches to 20.2R2-S1 2.ISSU from 20.2R2-S1 to other branches.
PR Number Synopsis Category: EVPN ELAN/E-TREE
1555679 The ARP packets from the CE device are added with VLAN tag if the VLAN-ID is configured in the EVPN routing instance.
On the ACX5448/ACX710 series platforms working as PEs in an EVPN scenario, if 'vlan-id none' is configured for an EVPN routing instance, ARP packets received from CEs or hosts within this EVPN instance may not be encapsulated properly on the ACX devices, causing failed traffic connectivity between CEs/hosts.
1559084 On the ACX5448 router, the unicast packets from the CE devices might be forwarded by the PE devices with additional VLAN tag if IRB is used.
On ACX5448 in EVPN-MPLS scenario with IRB configured, if vlan-id none is configured in the EVPN instance, when unicast packets from CE to remote CE are received at ACX5448, additional VLAN tag is added by ACX5448 while forwarding the same on the core link. There is traffic loss due to this issue.
PR Number Synopsis Category: Firewall Module
1521325 The TCP packet might be dropped if syn-proxy protection is enabled.
On SRX series devices, if TCP SYN flood protection is enabled with TCP SYN Proxy and the 3rd and 4th packet from the client arrive at the same time, then it can cause an SEQ error that may break the TCP connection.
PR Number Synopsis Category: IPSEC/IKE VPN
1530684 On all SRX Series devices using IPsec with NAT traversal, MTU size for the external interface might be changed after IPsec SA is re-established.
On all SRX series devices using IPsec with NAT Traversal, MTU size might be changed to a lower value for the ike external interface after IPsec SA is re-established.
PR Number Synopsis Category: PFE infra to support jvision
1547698 SENSOR APP DWORD leak is observed during the period of churn for routes bound to the sensor group.
SENSOR APP DWORD leak observed during the period of churn for routes bound to Sensor group. Sensor types that are affected are Segment Routing, Segment Routing-TE, LDP and RSVP LSPs.
PR Number Synopsis Category: Issues related to Junos licensing infrastructure
1558017 Licenses for features VRRP, CFM, QINQ, VXLAN, MCLAG, ESI-LAG, LFM/ethernet-oam might incorrectly show as invalid licenses
In Release 20.2, some features will show up as a licensed feature. Customer would see alarms, commit warnings and "show system license" output as below. However, there would be no functional impact. admin@QFX5120> show system license License usage: Licenses Licenses Licenses Expiry Feature name used installed needed esi-lag 1 0 1 invalid
PR Number Synopsis Category: MPC11 ULC fabric software related issues.
1546449 Plane offline IPC of chassisd may time out on MX devices with MPC11E linecards
On MX2010/MX2020 with MPC11E linecards, plane offline IPC event might be stuck and the line cards may restart. This issue may happen if there is a run time CRC error on Cascaded PFE and when both the planes associated with the link fault are made offline.
PR Number Synopsis Category: Issues related to PKI daemon
1525924 Certificate validation might fail when OCSP is used and the OCSP server is a dual-stack device.
When IPSec and PKI are used on SRX platforms, two VPN peers are using OCSP and the OCSP server is dual-stack device, if revocation check is configured for certificate, the certificate validation might fail and the IPSec tunnel is not established.
PR Number Synopsis Category: vMX Platform Infrastructure related issue tracking
1548422 Traffic with jumbo frame may be discarded on the vMX platforms
On the VMX platforms which are installed on ESXI 6.7 with vmxnet3 driver, traffic with jumbo frame (Packets with MTU more than 1500) may be discarded upon receiving.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1481143 Chassisd cores might happen on backup RE after commit on QFX10Ks due to CHASSISD_MAIN_THREAD_STALLED for 200 seconds
Chassisd cores might happen on the backup RE after commit on QFX10K8/16s due to CHASSISD_MAIN_THREAD_STALLED for 200 seconds.
1558407 Amber LEDs seen for fan modules in QFX5120 after upgrade to 20.2R1
QFX5120-48Y after upgrade 20.2R1 -- and later releases -- the fan modules' Amber LEDs are on continuously even if there is no fault in the fans.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1539654 Cannot take RSI properly due to Authentication error
On QFX10k and PTX10k series which is running on 20.X release, cannot collect RSI properly due to authentication error.
PR Number Synopsis Category: Filters
1472206 On the QFX5000 line of switches, the egress ACL filter entries is only 512 in Junos OS Release 19.4R1.
On QFX5K platforms with 19.4R1 release, the Egress ACL filter entries will be only 512 instead of 1022. If we configure an Egress PACL/RACL/VACL filter more than 512 terms, the filter might not be installed.
PR Number Synopsis Category: SW PRs for SCBE3 fabric
1553641 The fabric errors are observed and the FPC processes might get offlined with SCBE3, MPC3E-NG, or MPC3E and MPC7 or MPC10 in the increased-bandwidth fabric mode.
On MX240/MX480/MX960 platforms, with default "increased-bandwidth" fabric mode and SCBE3, if we have MPC3 or MPC3-NG exist on the system along with high bandwidth MPC, during high traffic situation or bursty traffic through the fabric towards MPC3/MPC3-NG. MX fabric might report unreachable destination condition and causes fabric healing to trigger in. This issue is exacerbated when having MPC7 or MPC10 line cards installed due to high fabric bandwidth that can be generated.
PR Number Synopsis Category: usf inline feature related issues
1547647 The nsd daemon may crash after configuring the inline NAT in USF mode
On MX240/480/960 platforms, the nsd daemon might crash after configuring the inline NAT in USF mode. This might be caused due to the new memory debugging framework introduced in NSD daemon to track allocated or free memory.

20.2R2-S2 - List of Known issues
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1453705 On the MX2010 Series routers, the BFD session on the IS-IS step up flaps during the ISSU - FRU upgrade stage.
Bfd session flaps during ISSU only in mpc7e card(Bfd sessions from other cards of DUT to peer routers did not flap during ISSU). Issue is not seen frequently.
PR Number Synopsis Category: IDP policy
1543571 Need syslog to indicate signature download completion
<29>1 2020-10-04T22:41:50.822-07:00 dpidev-siege-05 idpd 2639 IDP_SECURITY_DOWNLOAD_RESULT [junos@2636. status="Done;Successfully downloaded from( Version info:3320(Fri Oct 2 05:22:33 2020 UTC, Detector=12.6.160200828)"] security package download result(Done;Successfully downloaded from( Version info:3320(Fri Oct 2 05:22:33 2020 UTC, Detector=12.6.160200828))
PR Number Synopsis Category: High Availability/NSRP/VRRP
1548173 Disabled node on SRX cluster sent out ARP request packets
Disabled state node on an SRX cluster may send ARP requests when the primary of RG0 and 1 are on different nodes
PR Number Synopsis Category: all logging related bugs on srx platforms
1520071 FQDN-based security log stream does not dynamically update the IP address.
RTLOG will leave FQDN in the configuration and query as needed (TTL expiration) and update the PFE
PR Number Synopsis Category: IPv6/ND/ICMPv6 issues
1570999 RE0 REBOOTED WITH VMCORE DUMP @ip6_key_extract, calculate_route,ip6_recv_input
The device crashes whenever there is a malformed IPV6 packet hitting it. Bad IPV6 packet meaning some IPv6 packet with invalid options, or if the length of the packet is less than minimum. RE is seen to reboot post the core dump.
PR Number Synopsis Category: JUNOS Network App Infrastructure (for ping, traceroute, etc)
1463622 The cosmetic error messages of NTP time synchronization might be seen during device booting
In NTP with the boot-server scenario, when the router or switch boots, the NTP daemon sends ntpdate request to poll the configured NTP boot-server to determine the local date and time. If the ntpdate is not activated correctly while the device is booting, the ntpdate might not work successfully. Then, some cosmetic error messages of time synchronization might be seen, but there is no impact with time update because the NTP daemon will update the time eventually.
PR Number Synopsis Category: Issues related to PKI daemon
1560374 High CPU usage on pkid process might be seen when the device is unable to connect to a particular CRL URL
On all SRX platforms, if the device is unable to connect to a particular CA certificate CRL URL then high CPU usage on pkid process might be observed.
PR Number Synopsis Category: MPC7/8/9 Interface Issues
1473280 The following error message might appear: Failed to complete DFE tuning. This error message has no functional impact and can be ignored.
Even with the fix for PR 1463015, the "Failed to complete DFE tuning" syslog may appear. This message has no functional impact and can be ignored.
PR Number Synopsis Category: SRX-1RU platfom related protocol, QoS, filtering features et
1569471 For SRX4200 to enable GRE queuing need to enable tunnel-queuing
For SRX4200 to enable GRE queuing need to enable tunnel-queuing
PR Number Synopsis Category: ZT/YTpfe bridging, learning, stp, oam, irb software
1435855 Layer 2 over GRE is not supported in Junos OS Release 19.3R1. Even though, the configuration gets committed, the feature does not work.
On MPC10E 3D MRATE-15xQSFPP, L2 over GRE is not supported. Although the configuration gets committed, the feature does not work.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
991081 The configuration change on Backup RE cannot be synchronized while deleting inactivated interfaces/routing-instances from master
In the dual Routing Engine scenario, the backup Routing Engine does not sync up the configuration change while deleting an inactivated interface/routing-instances from the master. So after the operation, the inactivated interface/routing-instances still exists on the backup Routing Engine.
1543037 The license errors may get returned on backup RE when trying to commit the configuration
On all Junos platforms, when trying to commit the configuration, license errors may get returned on backup RE even though the license is installed correctly. This issue doesn't have any service impact.
PR Number Synopsis Category: Virtual Router Redundancy Protocol
1558560 Junos device might send VRRP advertisement packets in VRRP init or idle state before startup-silent-period timer expiry after performing GRES on VRRP master device with NSR disabled
If VRRP master device has dual Routing Engines (REs) and GRES enabled but nonstop-routing (NSR) disabled, after performing GRES, both REs will move to VRRP init then idle state and the new master RE will send VRRP advertisement packets in this stage before startup-silent-period timer expiry. Since the VRRP backup device can still receive the VRRP advertisement packets with higher priority, it will not transition to VRRP master state and hence cause the longer traffic downtime until the VRRP master device re-take the VRRP mastership after startup-silent-period timer expiry.

Modification History:
First publication 2021-02-19
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search