Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

20.2R2-S3: Software Release Notification for JUNOS Software Version 20.2R2-S3



Article ID: TSB18021 TECHNICAL_BULLETINS Last Updated: 26 Mar 2021Version: 1.0
Alert Type:
PSN - Product Support Notification
Product Affected:
Alert Description:
Junos Software Service Release version 20.2R2-S3 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts

Junos Software service Release version 20.2R2-S3 is now available.

20.2R2-S3 - List of Fixed issues

PR Number Synopsis Category: QFX L3 data-plane/forwarding
1568533 The untagged packets might not work on EX/QFX5K platforms
On EX/QFX5K platforms, if 'flexible-vlan-tagging', 'vlan-id-list' and 'native-vlan-id' are configured on the interface in SP style, the untagged packets that need to be egressed from this interface might be dropped by the peer device.
PR Number Synopsis Category: ACX Services feature
1520305 On the ACX500-I router, the show services session count does not work as expected.
Configuring stateful-firewall filter will lead to traffic drop & firewall session counters will not be incremented. This is seen only in new SDk 6.5.16 releases. Issue will be fixed in 20.1R3.
PR Number Synopsis Category: the SMGD redundancy plugin in SMGD
1567735 Need to allow Tunnel Interface as the peer-address for ALQ
The ALQ session between the two routers is expecting to have a controlled source and destination address (peer config in both end). To be able to control what this address is used as source on a router with multiple routed interfaces, a good technique is to use a directly connected interface for this communication. In the case where the routers are not directly connected a tunnel interface is equally good technique. But the ALQ need to be allowed to use this. This PR fix this.
PR Number Synopsis Category: Border Gateway Protocol
1556271 6PE prefixes might not be removed from RIB upon reception of withdrawal from a BGP neighbor when RIB sharding is enabled.
On all Junos platforms with 6PE scenario, 6PE prefix announcements and withdrawals might be incongruent when BGP RIB sharding feature is enabled. It could be seen when the prefix hashing results for Multiprotocol Reachable NLRI and Multiprotocol Unreachable NLRI (Network Layer Reachability Information) attributes, which leads to "stale" routes in RIB (Routing Information Base). Traffic loss will be observed when packets forward to the "stale" routes.
1557604 Multipath info still shown for BGP route even after disabling interface for one path
Multipath info still shown for BGP route even after disabling interface for one path
1560827 All L3VPN route ages reset when adding or deleting a VRF
When a VRF is added or deleted a route re-evalutation is performed against all VPN routes to support color-based protocol next hop resolution. During this process the color parameters for routes in the VPN table are being updated even if there is no change to the route's color community. This results in the route age of the routes in the VPN route table restting. This PR optimizes the re-evaluation process so that the route parameters will not be updated unless necissary.
PR Number Synopsis Category: MX Platform SW - Environment Monitoring
1551760 "LCM Peer Absent" might be seen on the MX204/MX10003 platforms
On all TVP platforms, a major alarm of "LCM Peer Absent" might be seen.
PR Number Synopsis Category: MX Platform SW - Mastership Module
1524390 "No response from the other routing engine for the last 2 seconds" triggers "SNMP trap generated: Fru Offline" messages
When there is congestion on a Master RE due to several reasons "ex) a bunch of Route update, Sync issue between REs, FIB/PFE update and so on", due to congestion situation, Master RE sometime could lose KA info from Backup RE. When Master RE chassisd does not receive KA info for certain duration, it makes RE info invalid and raises the OFFLINE_TRAP.
PR Number Synopsis Category: CoS support on DNX
1570899 Untagged traffic might be incorrectly queued and marked to different COS queues on ACX5448 and ACX710 platforms
On ACX5448 and ACX710 platforms with fixed classification configured on the interface, untagged traffic might be incorrectly queued and marked to different Class of Service(CoS) queues. This leads to traffic impact.
PR Number Synopsis Category: ACX Platform with DNX chipset RFC2544
1571975 ACX5448: RFC2544 reflector feature could not work on a higher port
On ACX5448 platforms, which are working as an RFC2544 reflector, the port will not reflect the actual packets when enabling this feature on a higher port (i.e., xe-0/0/21 to xe-0/0/47 or et-0/1/0 to et-0/1/3).
PR Number Synopsis Category: JUNOS Dynamic Profile Configuration Infrastructure
1526934 Family IPv6 is not coming up for L2TP subscriber when additional attributes are not passed in the Framed-IPv6-Route VSA.
In DHCP/PPP Subscriber scenario with IPv6 dynamic-profile configured, all the additional attributes (route prefix, next-hop, metric, preference, tag) for IPv6 access route must be fully specified in dynamic-profile and passed via RADIUS server, otherwise family inet6 might not come up.
PR Number Synopsis Category: mgd, ddl, odl infra issues
1529989 The config under groups stanza is not inherited properly
If there is the same configuration stanza across different groups or one of them is in groups, config may not be inherited as expected.
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1562925 The 'global-mac-ip-table-aging-time' changed from higher to lower value might not take effect
when change 'global-mac-ip-table-aging-time' from a higher value to a lower value, the change might not take effect, the mac-ip learned before the changes is still use the older higher time to be effective. After that everything will work as expected.
PR Number Synopsis Category: Express pfe ddos protection feature
1547032 OSPFv3 session may keep flapping and OSPFv3 hellos might be dropped in the host-path
On QFX10008/QFX10016/QFX10002-36Q/QFX10002-72Q platforms, the OSPFv3 sessions might keep flapping and the hello packets maybe dropped in the host path. This might happen with high amount of control traffic with OSPFv3 protocol configured. This is because OSPFv3 hello packets are not proper classified going to the unclassified DDOS queue.
PR Number Synopsis Category: Express ASIC interface
1512919 Error messages "t6e_dfe_tuning_state:et-6/0/0 - Failed to dfe tuning count 10" might be seen after links flap
On the PTX3000/PTX5000 platforms with t6e-pic installed, the interface may fail to perform DFE tuning after link flaps on those PICs. Because of this, the interface may be stuck in down status.
PR Number Synopsis Category: SRX4100/SRX4200 platform software
1547953 On vSRX2.0, vSRX3.0, SRX1500, SRX4100, SRX4200, SRX4600 running chassis cluster in Junos OS Release 18.3 or later releases, multiple messages of "LCC: ch_cluster_lcc_set_context:564: failed to lock chassis_vmx mutex 11" are generated in the chassisd log file. These messages may recur after every few seconds and they do not have any impact on system operation.
On vSRX2.0, vSRX3.0, SRX1500, SRX4100, SRX4200, SRX4600 running Chassis Cluster in Junos 18.3 or later, multiple messages of "LCC: ch_cluster_lcc_set_context:564: failed to lock chassis_vmx mutex 11" are generated in the chassisd log file. These messages may reoccur after every few seconds and they do not have any impact on system operation.
PR Number Synopsis Category: IDP policy
1543571 Need syslog to indicate signature download completion
<29>1 2020-10-04T22:41:50.822-07:00 dpidev-siege-05 idpd 2639 IDP_SECURITY_DOWNLOAD_RESULT [junos@2636. status="Done;Successfully downloaded from( Version info:3320(Fri Oct 2 05:22:33 2020 UTC, Detector=12.6.160200828)"] security package download result(Done;Successfully downloaded from( Version info:3320(Fri Oct 2 05:22:33 2020 UTC, Detector=12.6.160200828))
PR Number Synopsis Category: jdhcpd daemon
1554992 DHCP packet drop may be seen when DHCP relay is configured on leaf device
DHCP Offers are getting dropped with send error counter incrementing. This is specifically seen in a RI to RI environment where the client and server are reachable in different routing-instances.
1568344 The Option 82 information would be incorrectly cleared by DHCP Relay Agent
In DHCP Relay scenario with ALQ and BLQ applied, the Option 82 information defined in DHCP Discover packet from DHCP client would be incorrectly cleared by DHCP Relay Agent. The DHCP server would not accept such packet and DHCP binding would fail. BLQ (Bulk Leasequery) configuration is mandatory for configuring ALQ (Active Leasequery), and the knobs "overrides always-write-option-82" and "relay-option-82 circuit-id" are mandatory for BLQ. Therefore above mentioned two knobs are mandatory for ALQ. With the fix of this PR, the configuration check is removed for Active Leasequery based Bulk Leasequery. In other words, knobs "overrides always-write-option-82" and "relay-option-82 circuit-id" are no longer mandatory for ALQ based BLQ. For regular Bulk Leasequery (no ALQ between Relay Agent and DHCP server) this check is still retained.
PR Number Synopsis Category: JFlow bug tracker for SRX platforms
1567871 The flowd might crash and generates a core dump if Jflow V9 is configured
On all SRX platforms, if Jflow V9 is configured, the flowd process might crash. This rare issue may cause traffic loss.
PR Number Synopsis Category: Jflow and sflow on MX
1550603 The adapted sample rate might be reset to the configured sample rate without changing the sampling rate information in sFlow datagrams after enabling sFlow technology on a new interface
For the platforms supporting single sample rate per line card (i.e. MX Series routers and EX9200 switches), the actual (effective) sample rate of all the interfaces on a single FPC will be set to the sample rate with the lowest value if the configured or adapted sample rate are different among the interfaces enabled sFlow technology on this FPC. So, after the adaptive sampling event happens and the adapted sample rate (It has value great than the configured sample rate) is used for the interfaces on a FPC, if enabling sFlow technology on a new interface on the same FPC, the actual (effective) sample rate for the existing interfaces will be changed to the configured sample rate. However, the "Adapted sample rate" in "show sflow interface" CLI command and the "Sampling rate" in sampling information of the sFlow datagrams still shows the previous adapted sample rate. The inconsistency between flow information and actual sample rate might cause issues on the collector side.
PR Number Synopsis Category: "ifstate" infrastructure
1484322 The SNMP index in the Packet Forwarding Engine reports as 0, causing sFlow to report either IIF or OIF (not both) as 0 in the sFlow record data at the collector.
The SNMP index for bundle interface might become zero in PFE after restarting the FPC. This could cause the sflow records to have either "input interface value" (IIF) or "output interface value" (OIF) as 0 value.
1545463 Continuous rpd errors might be seen and new routes will fail to be programmed by rpd
In case of high route churn in the network, all kuackmem (Kernel ACK mechanism) entries may be exhausted as a result of a rare timing issue and any new routes will fail to get programmed by rpd.
PR Number Synopsis Category: TCP/UDP transport layer
1552603 The BGP session replication might fail to start after the session crashes on the backup Routing Engine.
On certain Junos platforms with Dual-REs (platforms capable of installing Junos packages with name format as "junos*install"), BGP replication may fail to start under GRES/NSR setup after a crash on backup Routing Engine. NSR starts un-replicating the socket since backup Routing Engine is no longer present. Massive unreplicated request leads to memory buffer getting full with multiple BGP sessions (e.g., 20 BGP peers). Hence BGP unreplicated request returned with an error. Besides, the kernel is left with stale data. It does not allow the JSR (Juniper Socket Replication, BGP in this case) when backup RE comes up due to the stale data. BGP-NSR (Nonstop Routing) is broke under the conditions. Traffic outage will be observed after performing GRES.
PR Number Synopsis Category: Filters
1558320 Firewall filter might fail to work on QFX5K platforms
On QFX5K platforms, if per ifl-filtering on regular VLAN is configured with no match conditions then destination port matching condition may fail to match intended packets.
PR Number Synopsis Category: QFX EVPN / VxLAN
1555835 Traffic might not passed due to the addition of the VLAN tag 2 while passing through the Virtual Chassis port.
When ingress and egress interfaces are in different FPC on QFX5120VC with OVSDB vxlan, the VLAN tag 2 might be added automatically and the peer device drops it.
PR Number Synopsis Category: KRT Queue issues within RPD
1539601 The rpd memory leak might be observed on the backup Routing Engine due to link flaps
On all junos platforms with dual REs, rpd memory leak may be seen when an AE member interface flaps or immediate restart of master RE. The memory leak was observed be around 32 bytes per session, the leak is only seen when AE have more than 8 legs.
PR Number Synopsis Category: RPD policy options
1523891 The policy configuration might be mismatched between the rpd and mgd process when deactivate policy-options prefix-list is involved in the configuration sequence.
If "deactivate policy-options prefix-list" is involved in configuration sequence along with other policy configurations, the mgd process might not notify the rpd process about the policy configuration changes after committing the configuration. This can cause the policy configuration to be out-of-synchronization between policy database used by rpd and configuration database used by mgd. Due to the missing policy entries in policy database, later the rpd might crash when accessing these entries via CLI command like "show policy".
PR Number Synopsis Category: SW PRs for SCBE3 related kernel drivers
1564539 MX platforms with MX-SCBE3 may reboot continuously.
A recent change in the kernel boot loader causes a system with MX-SCBE3 to experience the Routing Enginne's kernel memory corruption which causes the system to reboot continuously.
PR Number Synopsis Category: Bug and Review Tracking for Segment routing traffic eng
1474397 Dynamic SR-TE tunnels do not get automatically recreated at the new master Routing Engine after the Routing Engine switchover.
Dynamic SR-TE tunnels does not get automatically re-created at new master after RE switch-over.
PR Number Synopsis Category: ZT/YT pfe firewall software
1576695 MPC crash might be seen when 'next-ip' action is used for filter-based forwarding
On MX platforms with MPC10/MPC11 line cards, the MPC crash might be seen when Filter-based forwarding (FBF) is configured with 'next-ip' action.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1560788 The BUM frame might be duplicated on Aggregate device if Extended-port on Satellite device is AE
On the Fusion AD (Aggregate Device), the BUM frame might be duplicated if the Extended-port on the SD (Satellite Device) is an aggregate ethernet.
PR Number Synopsis Category: DDos Support on MX
1562474 DHCPv4 request packets might be wrongly dropped when DDOS attack happens
On MX platform, T4000 platform and EX9200 platform, end-users or end-hosts might not get an IPv4 address from Dynamic Host Configuration Protocol (DHCP) server when Distributed Denial-of-Service (DDOS) attack is happened on DHCP rebind packets or renew packets. In the end, end-users or end-hosts could not access into network after lease time of the IPv4 address expired.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1543037 The license errors may get returned on backup RE when trying to commit the configuration
On all Junos platforms, when trying to commit the configuration, license errors may get returned on backup RE even though the license is installed correctly. This issue doesn't have any service impact.
PR Number Synopsis Category: usf inline feature related issues
1547647 The nsd daemon may crash after configuring the inline NAT in USF mode
On MX240/480/960 platforms, the nsd daemon might crash after configuring the inline NAT in USF mode. This might be caused due to the new memory debugging framework introduced in NSD daemon to track allocated or free memory.

20.2R2-S3 - List of Known issues

PR Number Synopsis Category: ACX L2 related features
1565642 ACX5048: Entry for mac address from which no traffic is seen for mac age timer does not age out if there is active traffic destined for this mac
As per the current code, ACX would not delete a mac address from the mac table there is- (a) traffic destined to the mac address or (b) traffic sourced from the mac address or (c) both Fix of this PR will allow ACX to only look at (b) traffic sourced from mac address before deleting the mac address entry from mac table. So, if there is no traffic sourced from the mac for an interval of mac aging timer, the mac would be deleted from the mac table at the end of mac aging timer with out taking into account the traffic destined to the mac address.
PR Number Synopsis Category: PTX Chassis Manager
1439929 FPC reboot may be observed in the events of jlock hog more than 5s
On PTX1000 platform, in case of a jlock hog lasts for more than 5 seconds, FPC reboot might be seen.
PR Number Synopsis Category: ChassisD changes specific for DNX series.
1538869 On the ACX5448 router, unexpected behavior of the show chassis network-services command is observed.
The cli output of chassis network-services is not reflecting the configured mode though the configured mode is correctly programmed in Kernel. With the fix of the PR the same is addressed. labroot@acx5448l> show configuration chassis network-services enhanced-ip; labroot@acx5448> show chassis network-services Network Services Mode: IP labroot@acx5448> start shell % sysctl -a | grep netsvc net.netsvc: 2 % exit exit
PR Number Synopsis Category: SRX1500 platform software
1546132 SRX1500 reports fan(s) running at over speed
SRX1500 may report intermittent cosmetic fan alarms
PR Number Synopsis Category: Interface Information Display
1561065 "Input errors" counter on "monitor interface" CLI does not work
"Input errors" counter on "monitor interface" CLI not working. After fixing this issue, 'Input errors' shows sum of the all input errors. This is a common issue of ge-/xe-/et interfaces.
PR Number Synopsis Category: MX Inline Jflow
1489121 AFT : NH learning knob is enabled by default in MPC10 and MPC11 irrespective of the knob configuration
NH learning knob is enabled by default in MPC10 and MPC11 irrespective of the knob configuration. The disabling will have no effect on the knob functionality.
PR Number Synopsis Category: uboot & loader for DCG TOR and CB
1536799 Software recovery or installation using the Bootable USB Flash Drive option might fail
Using "Bootable USB Flash Drive" to recover/install software may fail on the platforms with releases starting from 19.3, after power cycle (off/on).
PR Number Synopsis Category: KRT Queue issues within RPD
1501817 Traffic might get dropped or discarded in the fast-reroute scenario
In the platform using INH (indirect next hop, such as Unilist) as route next hop type for multiple paths scenario (such as BGP PIC or ECMP), the session fast-reroute might be enabled in Packet Forwarding Engines (PFEs). When the version-id of session-id of INH is above 256, the PFE might not respond to session update, which might cause the session-id permanently to be stuck with the weight of 65535 in PFE. It might lead PFE to have a different view of Unilist against load-balance selectors. Then either the BGP PIC or the ECMP-FRR might not work properly and traffic might be dropped or silently discarded.
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1534455 Some routes might get incorrectly programmed in the forwarding table in the kernel which is no longer present in rpd.
In a scaled routes scenario, if there is any route change operation when the system is under memory pressure, the rpd might change a route entry but the same is not conveyed to the kernel. This causes a mismatch between routes in rpd and kernel leading to traffic blackhole for the mismatched route entries that are incorrectly programmed in the kernel.
PR Number Synopsis Category: Resource Reservation Protocol
1576979 With local reversion ON, there is a possibility of transit router not informing headend of RSVP disabled link when link is flapped more than once.
With local reversion ON, there is a possibility of transit router not informing headend of RSVP disabled link when link is flapped more than once. Work around is to remove local-reversion configuration.
PR Number Synopsis Category: SW PRs for SCBE3 fabric
1573360 The fabric errors are observed and the FPC processes might get offline with SCBE3, MPC3E-NG, or MPC3E and MPC7 or MPC10 in the increased-bandwidth fabric mode
On MX240/MX480/MX960 platforms, with default "increased-bandwidth" fabric mode and SCBE3, if MPC3/MPC3-NG exist on the system along with high bandwidth MPC, during high traffic situation or traffic burst through the fabric towards MPC3/MPC3-NG. MX fabric might report unreachable destination condition and causes fabric healing to trigger in. This issue is exacerbated when having MPC7 or MPC10 line cards installed due to the high fabric bandwidth that can be generated. Please refer to TSB17936 ( for further details.
PR Number Synopsis Category: Issues related to Snorkel Interfaces
1573209 CFP "unplugged" message is not logged in Junos 17.3 onwards
CFP "unplugged" message is not logged in Junos 17.3 onwards
PR Number Synopsis Category: MPC7/8/9 Interface Issues
1473280 The "Failed to complete DFE tuning" syslog messages may appear on MX
Even with the fix for PR 1463015, the "Failed to complete DFE tuning" syslog may appear. This message has no functional impact and can be ignored.
PR Number Synopsis Category: ZT/YT pfe infra issues
1575138 [MPC10] - Traffic drops while routing from MPC10 to other type of MPC when configured with WAN-PHY mode on the "other" MPCs
A router will drop traffics when using "wan-phy" mode on a router with MPC10E mixed with other types of MPC -- such as MPC3E. This issue affects JUNOS software versions prior to 20.1R1.
PR Number Synopsis Category: Trio pfe qos software
1538960 Major error "XQ_CMERROR_SCHED_L3_PERR_ERR" might cause PFE(s) to disable
On EX9200 platforms with EX9200-6QS/MX platforms with MPC2E/3E/5E(Q)/SRX5K platforms with MPC3, PFE(s) on that FPC(s) might be disabled due to a major alarm "XQ_CMERROR_SCHED_L3_PERR_ERR". Without the fix, this major alarm triggered "disable-pfe" action. This defect could be seen if there is a parity error in the L3 node static memory.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1525824 The following error message is observed when alarms after interface reset: 7836 ifl 567 chan_index 8 NOENT & jnh_ifl_topo_handler_pfe(13015): ifl=567 err=1 updating channel table nexthop.
When the VRRP MACs will be deleted, the VRRP feature will be disabled from the IFL. We are seeing this issue as part of deletion of VRRP feature. During VRRP feature disable process, Ifl_entry should be present. But here we can see that ifl delete has been happened first and then VRRP feature disable is happening. To avoid this, implementing precheck for the ifl_entry and also will be cleaning up the vrrp entry as part of sw_entry and hw_entry deletion.
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1560772 JDI-RCT: Some BFD sessions get stuck in down/init state after iterative operations triggers on DUT
Some combination of interfaces and protocols configuration removal and application could result in Tx traffic getting stalled on a MPC10E interface. NOTE: issue has not fully been root-caused. Only when the issue has been fully resolved will there be additional release notes.
Modification History:
First publication 2021-03-26
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search