Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

20.2R3-S1: Software Release Notification for JUNOS Software Version 20.2R3-S1

0

0

Article ID: TSB18052 TECHNICAL_BULLETINS Last Updated: 14 Jun 2021Version: 3.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 20.2R3-S1 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

NOTE: 1. Due to software defects, we do not provide SRX1500 with this release
NOTE: 2. Due to EVPN/VXLAN software defects, Junos 20.2R3-S1 software images for the QFX5000s, the EX4600, and the EX4650 are not recommended for EVPN/VXLAN deployment.

Junos Software service Release version 20.2R3-S1 is now available.

20.2R3-S1 - List of Fixed issues

PR Number Synopsis Category: EX4300 PFE
1576022 DHCP packets with source IP as link-local address are dropped in EX4300
Product-Group=junos
On EX4300 Series switches with Multicast Listener Discovery (MLD) snooping enabled, when DHCP packets with source IP as link-local address are sent across EX4300, they will get dropped.
PR Number Synopsis Category: EX2300/3400 PFE
1548159 Classifier is not programmed in the hardware and error logs may be seen in syslog
Product-Group=junos
On EX platforms except EX4300, when configuring Q-in-Q with vlan-id-list, classifier is not programmed and error logs "Setting vlan id failed" may be seen. All the packet entering this interface will not classify the packets to designated egress queue, but to the default queue. If the default queue is in congestion, traffic with video or voice service may be impacted.
PR Number Synopsis Category: MX Services URL filter
1584377 Traffic might not get filtered properly when security-intelligence profile is configured on the MX platforms
Product-Group=junos
On MX platforms running Junos, traffic might not get filtered as per whitelist and blacklist. The issue happens while deactivating and activating the security-intelligence profile when web-filtering is configured on the box. During this, the whitelist and blacklist files from PE are not being added to the PFE filter causing the issue.
PR Number Synopsis Category: QFX Access control list
1576168 The DHCP packets might be dropped by the QFX5000 in the Static VXLAN scenario
Product-Group=junos
In the Static VXLAN with the QFX5000 scenario, the QFX5000 acted as the leaf device (also, functions as a VETP). If the DHCP packets are passed over the VXLAN tunnels between the VTEPs, it might be assigned the wrong classid in the VFI (Virtual Forwarding Instance) during the VXLAN tunnel termination operation, then the DHCP packets might be filtered wrongly by PFE and might be dropped after that.
PR Number Synopsis Category: QFX PFE CoS
1585361 [cos] [filter] Nautilus : :: [PRedator] Dscp classifier doesn't work and all packets are sent to single queue
Product-Group=junos
in QFX5K platform, When L3 interface with multiple IFLs is deleted and re-configured with custom classifier, queue classification will not work and traffic will take best-effort queue.
PR Number Synopsis Category: QFX PFE L2
1574435 On the QFX5000, software-forwarded VXLAN de-encapsulated packets have illegal length.
Product-Group=junos
On QFX5K switches, software forwarded VXLAN decapsulated packets (i.e. STP, DHCP etc) received on a VTEP interface might be forwarded with illegal length. During decapsulation the packet length might not be adjusted to the length on the inner payload and packet would get forwarded by adding trailer for the remaining length.
1582473 MAC addresses learnt from MC-LAG client device might keep flapping between the ICL interface and MC-AE interface after one child link in MC-AE interface is disabled
Product-Group=junos
On QFX/EX series products using Broadcom chip based PFE (i.e., QFX3500/QFX3600/QFX5100/QFX5110/QFX5120/QFX5200/QFX5210/EX4300/EX4600/EX4650), if Multichassis link aggregation group (MC-LAG) is configured, and the interchassis link (ICL) interface is a physical interface instead of an aggregated Ethernet (AE) interface, after one of the child links in Multichassis Aggregated Ethernet (MC-AE) interface on one of MC-LAG peers is disabled, the MAC addresses learnt from MC-LAG client device might keep flapping between the ICL interface and MC-AE interface. It could cause traffic drop when MAC addresses are learnt on ICL interface. This issue is only exposed in Junos release having the code change in PR 1504586 (which is fixed in Junos: 17.3R3-S9 17.4R3-S3 18.1R3-S11 18.2R3-S6 18.3R3-S3 18.4R2-S6 18.4R3-S6 19.1R3-S2 19.2R3 19.3R3 19.4R3 20.1R2 20.2R2 20.3R1 20.3X75-D10 20.4R1) but not having fix of PR 1582473.
PR Number Synopsis Category: Border Gateway Protocol
1581578 BGP replication might be stuck in rare and timing conditions
Product-Group=junos
On all Junos/Junos Evolved platforms with Dual Routing Engines, BGP Nonstop-Routing replication might be stuck in a rare and timing case. BGP session(s) on Master Routing Engine is stuck at "SoWait" state, and BGP session(s) on Backup Routing Engine cannot sync with the Master. From the BGP Peer side, the BGP session(s) will break after hold-time expiry (90 seconds by default). This defect could be seen after the following series of events happen. * BGP NSR replication starts while Master RE (BGP session) is busy reading packets (i.e., Protocol Data Unit). * Master RE (BGP Session) requests to stop reading at PDU boundary. * While BGP session on Master RE is waiting to read complete packet (remaining bytes), the TCP sync connection (between Master and Backup BGP) flaps (i.e., PDU boundary is NOT read before the flap).
1583630 On rare occasion, RPD core may be observed on backup RE after loading a new image
Product-Group=junos
A BGP core may be seen after loading a new image on the backup RE. This is a timing issue and these 3 events need to happen for this core 1) an interface flap 2) a peer over this interface has not been synced with master 3) BGP triggers multipath calculation before the sync and use route that has not been marked for delete from this peer as a multipath contributor
PR Number Synopsis Category: Virtual-chassis platform/chassisd infrastructure PRs for MX
1569556 JDI-RCT:M/Mx: not able to set member-id as RE is in synching mode forever when its having invalid VC data( error: Command aborted. VC configuration synch to backup RE in progress, try after 120 secs. )
Product-Group=junos
New SCB cards may have uninitialized VC Data Blocks, preventing setting the member-id when configuring as a MX-VC for the first time.
1587499 Unable to configure pseudowire interface on an MX10003 in virtual chassis mode
Product-Group=junos
An MX10003 in virtual chassis (VC) mode, configuring a pseudowire interface over a logical tunnel (LT) or a redundant logical tunnel (RLT) results in a commit error that states that the anchor point interface is not configured, even when the LT or RLT interface is operationally up. The issue is not present on MX10003 in non-VC mode.
PR Number Synopsis Category: Enhanced Broadband Edge support for cos
1582356 The bbe-smgd crash might be seen after subscriber log out due to a rare timing issue on MX platforms
Product-Group=junos
On MX platforms with subscribers over the MPLS pseudowire scenario and CoS (Class of Service) configured, the bbe-smgd process might crash on both routing engines due to a rare timing issue after subscriber logout or when FPC reboot is performed on the device.
PR Number Synopsis Category: JUNOS Dynamic Profile Configuration Infrastructure
1584457 After performing NSSU, "timeout waiting for response from fpc0 " error message is seen while checking version detail
Product-Group=junos
After NSSU or Image upgrade to 21.1R1, show version details fails with "timeout waiting for response from"
PR Number Synopsis Category: EVPN control plane issues
1570883 The multicast traffic loss might be seen in EVPN-VXLAN scenario with CRB multicast snooping
Product-Group=junos
On MX and EX92 platforms, if multicast packet replication occurs in IRB egress interface in EVPN-VXLAN scenario with CRB multicast snooping, the ether-type of the inner VXLAN packet is getting changed. It might cause multicast traffic loss and VXLAN traffic flooding.
PR Number Synopsis Category: EX4400 platform
1573889 EX4400: Mgmt LEDs are not working as per expectations
Product-Group=junos
Below is the status of management LED when speed is set to: 1. 10m - Activity LED is not blinking when ping/traffic is runnig (instead it is remaining steady GREEN) 2. 100m - Activity LED is blinking without any ping/traffic.
PR Number Synopsis Category: Express ASIC interface
1578511 Traffic loss might be observed on the PTX5000 platform
Product-Group=junos
On PTX5000 with '15x100GE/15x40GE/60x10GE QSFP28' PIC on FPC type 3, when the port is configured in 4x10G mode (using QSFP+) and one of the 10G channels detected a clear of Rx LOS (Loss Of Signal), the traffic might be dropped on all the four 10G channels.
PR Number Synopsis Category: IDP attack detection in the subscriber qmodules
1588450 Application-identification related signatures might not get triggered
Product-Group=junos
On SRX-Series devices, some of the application-identification(appid) related signatures might not get triggered when there is an update of IDP signature package/application-identification version to 3372.
PR Number Synopsis Category: Interface Information Display
1561065 The input errors counter command on the monitor interface command does not work
Product-Group=junos
"Input errors" counter on "monitor interface" CLI not working. After fixing this issue, 'Input errors' shows sum of all input errors. This is a common issue of ge-/xe-/et interfaces.
PR Number Synopsis Category: Internet Group Management Protocol
1586631 The rpd process might crash after committing with the configured static group 224.0.0.0
Product-Group=junos
On all Junos and EVO platforms, the rpd process crash may occur instead of showing commit configuration failure and generating an error log when an invalid static group 224.0.0.0 is configured under the IGMP protocol.
PR Number Synopsis Category: ISIS routing protocol
1571395 There might be 10 seconds delay to upload the LSP on the point-to-point interface if rpd is restarted on its direct neighbor
Product-Group=junos
On Junos and Junos Evolved Series platforms with ISIS overload timeout configured, when rpd is restarted on its direct neighbor, there may be 10 seconds delay to upload the LSP on point-to-point interfaces.
PR Number Synopsis Category: Platform infra to support jvision
1580120 MX-VC: gRPC based /components/ sensor output is missing lot of data
Product-Group=junos
/components sensor not emitting complete data due to collateral which is specific to MX-VC chassis.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1584874 Bridge domain names information is not displayed properly in "show bridge statistics instance".
Product-Group=junos
Under the conditions of the bridge domains in the virtual-switch type instance having "vlan-id-list", Bridge domain names information is not displayed properly in "show bridge statistics instance".
1584876 After changing configuration, "show bridge statistics" shows extreme larger value.
Product-Group=junos
When the same bridge setting is changed from default-instance to logical-system as it is, "show bridge statistics" may show extreme larger value.
PR Number Synopsis Category: lacp protocol
1551925 AE interface flap might be seen during NSSU
Product-Group=junos
On the EX2300/EX3400/EX4400 platforms, AE (Aggregate Ethernet) interface flap might be seen during NSSU (Nonstop Software Upgrade) for AE with LACP (Link Aggregation Control Protocol) configured. The issue results in traffic outage and flaps in other protocols (e.g. OSPF) running over this AE.
PR Number Synopsis Category: lldp sw on MX platform
1591387 The LLDP packet might loss on the EX-4300MP platform if configuring LLDP on the management interface
Product-Group=junosvae
On the EX-4300MP platform, if configuring LLDP on the management interface, the management interface will not transmit any LLDP PDUs to the peer. This issue might cause LLDP packet loss.
PR Number Synopsis Category: MPC11 ULC fabric software related issues.
1565223 On the MX2010 or MX2020 routers, the following error message might be observed after switchover with GRES/NSR: CHASSISD_IPC_FLUSH_ERROR.
Product-Group=junos
On MX2010/MX2020 with the MPC11E line card used, the IPC communication between the new master RE and MPC11E might become broken after switchover with GRES/NSR.
PR Number Synopsis Category: For multicast snooping on MX
1583207 With IGMP snooping implemented, there is unexpected jitter issue that could cause traffic loss
Product-Group=junos
On all Junos platforms running 19.4R1 onward, with IGMP snooping implemented, there is unexpected more than 1 second for network convergence. The reason of the issue is that multicast route is not installed into Kernel Routing table (KRT) and synchronized efficiently. This issue could cause jitter problem and initial traffic loss. Please refer to Workaround to avoid this issue.
PR Number Synopsis Category: Multicast for L3VPNs
1579963 The rpd might crash in the NG-MVPN scenario on all Junos/Evo platforms
Product-Group=junos
The routing process (rpd) might crash and generate core-dumps in Next Generation Multicast Virtual Private Network (NG-MVPN) environment configured with 'convert-sa-to-msdp' knob which converts source active from MVPN routes to MSDP SA. The crash might be triggered under rare circumstances when a delete is requested for locally originated MSDP source active (SA) but the SA is already deleted.
PR Number Synopsis Category: OS IPv4/ARP/ICMPv4
1564323 "Last flapped" timestamp for interface fxp0 gets reset every time "monitor traffic interface fxp0" is executed
Product-Group=junos
"Last flapped" timestamp for interface fxp0 gets reset every time "monitor traffic interface fxp0" is executed.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1563647 Memory corruption of any binary in /usr/bin/ or /usr/sbin/ may be triggered when a recovery snapshot is being copied to the OAM volume
Product-Group=junos
Memory corruption of a binary from /usr/bin/ or /usr/sbin/ directory can occur if such binary is invoked when a recovery snapshot creation is in progress. The exact symptoms will be different depending on the exact binary and JUNOS version - some programs will show an error, and some programs will crash every time it is executed. Such memory corruption will be persistent until the affected Routing Engine is restarted. Please refer to TSB17954 (https://kb.juniper.net/TSB17954) for further details.
1579331 EX4400: Under some conditions, the FPGA reset reason may be incorrectly shown in console logs as 0.
Product-Group=junos
EX4400: Under some special conditions, such as boot from OAM volume following a graceful/warm reboot, the FPGA reset reason incorrectly shown in console logs as 0.
PR Number Synopsis Category: analyzer on QFX 5100,5200, 5110
1580473 When having analyzers mapped to channelized port then the mirror may not happen properly
Product-Group=junosvae
On AS7816-64X/QFX51xx/QFX52xx Series platforms, the analyzer may not work properly when port channelization is done after the analyzer configuration and with these newly created ports new analyzer is created.
1589579 Port-Mirror : When delete AE member(s) then its NOT getting deleted (mirror trunk group) in the hardware for Analyzer input AE
Product-Group=junos
When member interface from AE is deleted and if that AE interface is input to analyzer session, mirroring will continue to happen for the removed member interface also.
PR Number Synopsis Category: QFX L2 PFE
1580114 The dcpfe process crashes while checking the virtual tunnel-nh packet status.
Product-Group=junos
vty show commands are executed in different context than pfeman. There is a possibility that data might be changed/deleted in pfeman context which might trigger a crash during show command execution.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1587609 Packet DMA memory leak might be seen in EVPN-VXLAN scenario after receiving some packets
Product-Group=junos
On QFX platforms, in EVPN-VXLAN scenario, packet DMA memory leak might be seen after receiving some packets. When the leak is up to 99%, it will cause protocols to stop working.
PR Number Synopsis Category: RPD policy options
1583535 bbe-smgd - dymanic-profile NACK due to config error reading address mask prefix-length in policy-options/policy-statement
Product-Group=junos
bbe-smgd fails when reading configuration for address mask prefix-length when configured in a policy-statment, causing the service-profile to fail.
PR Number Synopsis Category: show route table commands, tracing, and syslog facilities
1565425 The KRT log file might continue to grow after removing the KRT log configuration
Product-Group=junos
If kernel routing table (KRT) trace logs are configured and later removed, they will remain active and KRT logs will still be written to the configured files.
PR Number Synopsis Category: SW PRs for SCBE3 related kernel drivers
1564539 MX platforms with MX-SCBE3 may reboot continuously.
Product-Group=junos
A recent change in the kernel boot loader causes a system with MX-SCBE3 to experience the Routing Enginne's kernel memory corruption which causes the system to reboot continuously.
PR Number Synopsis Category: IPSEC functionality on M/MX/T ser
1557216 On the EX4300 device, script fails while committing the IPSec authentication configuration as the algorithm statement is missing.
Product-Group=junos
On all Junos platforms except MX/SRX with FIPS mode enabled, the manual IPsec functionality might not be working as no authentication algorithm is configurable for IPsec.
PR Number Synopsis Category: Issues related to Snorkel Interfaces
1573209 CFP unplugged message is not logged in Junos OS Release 17.3 and later.
Product-Group=junos
CFP unplugged message is not logged in Junos OS Release 17.3 and later.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1569894 The mspmand process might crash if the packet flow-control issue occurs on MS-MPC/MS-MIC.
Product-Group=junos
In MX platforms with MS-MPC/MS-MIC scenario, the Packet Ordering Engine (POE) recovery operation will control the right packet descriptor of packet flow and detect jbuf (memory) leak. But, if some rare race conditions happen during this time, this kind of flow-control operation might cause the mspmand to crash. Then, MS-MPC/MS-MIC might restart.
PR Number Synopsis Category: SRX-1RU platfom related protocol, QoS, filtering features et
1585698 The 1G interfaces might not come up after device reboot
Product-Group=junos
On SRX4600 devices, in some cases 1GbE SFP optical interfaces might not come up and disabling dfe tuning failed is displayed in the logs.
PR Number Synopsis Category: Trio LU, IX, QX, MQ chip drivers, ucode & related SW
1570631 pfe err-jnh_physmem_add_resvd_to_cntr(18014): PFE 0 jnh_app 0x08020860, add ox00080000 from 0x00b00000-0x00b80000 to baMask 0x1.
Product-Group=junos
FPC reports following error log messages. pfe err-jnh_physmem_add_resvd_to_cntr(18014): PFE 0 jnh_app 0x08020860, add ox00080000 from 0x00b00000-0x00b80000 to baMask 0x1.
PR Number Synopsis Category: Trio pfe stateless firewall software
1586817 FPC crash might be observed in a scaled firewall configuration on MX/PTX/QFX series platforms
Product-Group=junos
On MX/PTX/QFX series platforms running Junos, traffic loss might be observed in a scaled firewall filter configuration setup due to FPC crash. When the issue occurs, a core file is generated which could be checked using the CLI command 'show system core-dumps'. host@device> show system core-dumps -rw-r--r-- 1 root wheel 89322187 /var/crash/core-NGMPC0.gz.core.0 ----> Core file
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1571439 On all EX9200 platforms with EVPN-VXLAN configured, the next-hop memory leak in MX Series ASIC happens whenever there is a route churn for remote MAC-IP entries learned bound to the IRB interface in EVPN-VXLAN routing instance. When the ASIC's next-hop memory partition exhausted the FPC might reboot.
Product-Group=junos
On all MX/EX92xx platforms with EVPN-VXLAN configured, the NH (Next-Hop) memory leak in Trio ASIC happens whenever there is a route churn for remote MAC-IP entries learned bound to the IRB interface in EVPN-VXLAN routing-instance. When the ASIC's NH memory partition exhausted (free% NH memory is close to 20% or below) the FPC might reboot.
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1560772 Interface not able to send/receive packets after repeated link flaps on MPC10/11E
Product-Group=junos
On all Junos platforms with MPC10E/11E linecards, repeated link flaps on an interface could result in complete traffic stall (packets no longer going out the interface).
1569829 MPC10 : user.info packetio: [Info] RESOLVER:HOLD: Resolve to hold nh:776 not found in the database
Product-Group=junos
Next-hop type "hold", "resolve" are seen during ARP resolution process. RESOLVER:HOLD: Resolve to hold nh:XXXX not found in the database is an informational message during this process. With the fix of the PR these logs severity is changed to debug level from information.
1577611 When line card is booted on RE1 being Master, Nextgen stats failed to fetch the value of backup mac address correctly
Product-Group=junos
When line card is booted on RE1 being Master, Nextgen stats module failed to fetch the value of RE0 mac address correctly. So subscriber interim stats reporting will be impacted (for the subscriber on the push cards i.e. MPC3 NG, MPC5, MPC7 onwards) when a GRES is performed.
PR Number Synopsis Category: Authentication, Authorization, Accounting, PAM (RADIUS/tacplus)
1530106 Ex3400 VC - Console access on backup VC member is not allowed
Product-Group=junos
Console login on a Virtual Chassis backup member might not be permitted if unreachable DNS name-server is configured on the box. DNS name resolution checks if the host is valid for login or not. If the DNS server configured on the box is not reachable, the user is not allowed on the Virtual Chassis while trying to access it from the console of the backup member.
PR Number Synopsis Category: Configuration management, ffp, load action
1577626 Apply-paths might cause validation failures during JUNOS upgrade
Product-Group=junos
On SRX-Series devices with apply-path configuration, during upgrade the validation might fail.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1559786 It fails if the xml output from command "request vmhost mode test | display xml rpc" is picked and used in netconf
Product-Group=junos
On vmhost platforms, if the xml output from command "request vmhost mode test | display xml rpc" is picked and used in netconf, it will fail. set vmhost mode custom test layer-3-infrastructure cpu count MIN set vmhost mode custom test layer-3-infrastructure memory size MIN set vmhost mode custom test nfv-back-plane cpu count MIN set vmhost mode custom test nfv-back-plane memory size MIN set vmhost mode custom test vnf cpu count MIN
PR Number Synopsis Category: PTX/QFX10002/8/16 specific software components
1576521 On the MX10016 routers, when the Fan X Failed alarm is cleared in the Fan Tray 1, the Fan/Blower OK SNMP traps are generated for the Fan Tray 0 [Fan 31 - 41] and Fan Tray 1 [Fan 11 - 41].
Product-Group=junos
On MX10016, when "Fan Tray 1 Fan Failed" alarm is Cleared, "Fan/Blower OK" snmp traps are generated for Fan Tray 0 [Fan 31 - 41] and Fan Tray 1 [Fan 11 - 41].
 

20.2R3-S1 - List of Known issues

PR Number Synopsis Category: EX4300 PFE
1595797 Firewall filter might not get programmed correctly on EX4300 platforms
Product-Group=junos
On EX4300 platforms, the firewall filter might not get programmed correctly, if there is any modification made in the filter which is already attached to an interface and it is the only filter in the group. The traffic through the interface will be impacted.
PR Number Synopsis Category: Control Plane and Infrastructure for the Junos Fusion Enterprise
1188254 Junos Fusion Enterprise: LLDP might stop working if manually deactivated and reactivated
Product-Group=junos
On a Junos Fusion Enterprise, LLDP might stop working if it is reenabled after being manually disabled.
PR Number Synopsis Category: Border Gateway Protocol
1579225 Dynamic tunnels are still up after deactivating the BGP nexthop type UDP policy.
Product-Group=junos
The BGP signaled dynamic tunnels remain in an established state and don't go down after deactivating the BGP export policy which contains next-hop and tunnel community information from the remote end.
1594626 The routing process may crash due to memory corruption while processing BGP multipath route
Product-Group=junos
The rpd process may experience a crash due to memory corruption while processing BGP multipath route. It has a traffic impact.
1594664 The rpd process might crash when executing the SNMP get command to fetch the MPLS L3VPN MIBs
Product-Group=junos
On both Junos and EVO platforms with MPLS (Multiprotocol Label Switching) L3VPN (Layer 3 Virtual Private Network) used, the rpd process might crash when executing the SNMP (Simple Network Management Protocol) get command for specific objects of MPLS L3VPN MIBs (e.g. "show snmp mib get mplsL3VpnVrfRteXCPointer<>"). Traffic loss might be seen during the rpd process crash and restart.
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1586402 The BUM traffic might lose after triggering NSR in EVPN-MPLS or EVPN-ETREE scenario
Product-Group=junos
In EVPN-MPLS or EVPN-ETREE scenario, the EVPN allocates an IM label (Inclusive multicast route labels) per VLAN, and the IM labels including the EVI name and VLAN ID are mirrored to the standby RE (routing engine). If disabling/enabling NSR or switching RE mastership with NSR, the l2ad activated in the new master RE might not create the IM next-hop and locally-learned MAC addresses along with new underlay MPLS next-hop created by rpd for the remote EVPN PE, then the remote EVPN PE might be missed from the flood next-hop group on the EVPN instances, it might cause the BUM traffic to lose between the EVPN PEs.
PR Number Synopsis Category: Express PFE including evpn, vxlan
1590919 [evpn_vxlan] [evpn_instance] QFX10002 :: JUNOS:JDI_REGRESSION:PROTOCOLS:SWITCHING:QFX-EVPN_VXLAN: Traffic loss seen after loading EVPN configuration
Product-Group=junos
Release note needed.
PR Number Synopsis Category: FIPS related issues
1569412 [ipsec] [ipsectag] mx480 :: FIPS :: IPSEC security-associations not established, Observed packet loss
Product-Group=junos
DEV needs provide release note.
PR Number Synopsis Category: Security platform jweb support
1594366 [J-Web] zone info disappears when functional zone is configured
Product-Group=junos
zone info is not listed at configuration menu on J-Web, if functional zone is configured without any option.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1560588 IGMP joins where there are more than expected value while verifying the IGMP snooping membership in the CE router.
Product-Group=junos
VE & CE mesh groups are default mesh groups created for a given Routing instance. On vlan/bridge-domain add, flood tokens and routes are created for both VE and CE mesh-group/flood-group. Ideally, VE mesh-group doesn't require on a CE router where IGMP is enabled on CE interfaces. Trinity based CE boxes have unlimited capacity of tokens, so this would not be a major issue.
PR Number Synopsis Category: lacp protocol
1461581 The LACP force-up and EVPN core isolation features are not supported together.
Product-Group=junos
In an EVPN multihomed active-active scenario, when LACP is enabled on PE-CE child member links, LACP force-up feature should not be enabled in conjunction with EVPN core isolation feature (enabled by default) because it is currently not supported in this scenario as these two features are contradictory in terms of action they take.
PR Number Synopsis Category: Multicast for L3VPNs
1591228 The ddos-protection reason "packets failed the multicast RPF check" may be seen in NG-MVPN scenario with GRE transport
Product-Group=junos
In Next Generation Multicast VPN scenario where GRE is used as a transport and router receives high amount of traffic via Inclusive PMSI without active multicast subscribers, the ddos-protection may be violated with "packets failed the multicast RPF check" reason.
PR Number Synopsis Category: Issues related to PKI daemon
1549954 PKI CMPv2 client certificate enrolment does not work on SRX when using root-CA.
Product-Group=junos
The PKI CMPv2 (RFC 4210) client certificate enrolment does not properly work on SRX Series devices when using root-CA.
PR Number Synopsis Category: vMX Platform Infrastructure related issue tracking
1575328 On the MX150 routers, the interface might take a long time to power down while rebooting, powering-off, halting, or upgrading.
Product-Group=junos
On MX150 devices, while performing reboot/power-off/halt/software upgrade with/without reboot the interfaces might take a long time to powerdown.
PR Number Synopsis Category: Related to sw defects for K2-RE
1497592 Backup Routing Engine reboots because of power cycle or failure when the offline and online operations are performed on CB1.
Product-Group=junos
After backup Routing Engine halt, CB1 goes offline and comes back online; this leads to the backup Routing Engine booting up, and it shows the reboot reason as "0x1:power cycle/failure." This issue is only for the RE reboot reason, and there is no other functional impact of this.
PR Number Synopsis Category: Resource Reservation Protocol
1576979 With the local reversion on, there is a possibility of the transit router not informing the headend of RSVP disabled link when the link flaps more than once.
Product-Group=junos
With local reversion ON, there is a possibility of transit router not informing headend of RSVP disabled link when link is flapped more than once. Work around is to remove local-reversion configuration.
PR Number Synopsis Category: Secure Web Proxy functionality on Junos
1589957 Pass-through traffic might fail post reboot when Secure Web Proxy is configured
Product-Group=junos
On SRX-Series devices, pass-through traffic on Secure Web Proxy may fail after rebooting the device.
PR Number Synopsis Category: SFW, CGNAT on MS-MIC/MS-MPC (XLP)
1593226 The TCP keepalive might not be processed by the private network host
Product-Group=junos
On MX platforms with MS-MPC and MS-MIC when tcp-tickle knob is enabled under services-options in DS-lite (Dual-Stack lite) with NAT scenario, the TCP keepalive might not be processed by the private network host and the purpose of TCP keepalive gets compromised.
PR Number Synopsis Category: ZT/YT pfe l3 forwarding issues
1586057 Unicast traffic over IRB interface may be wrongly routed due to stale PFE programming
Product-Group=junos
Traffic entering or leaving MPC10 may be wrongly routed due to stale PFE programming
PR Number Synopsis Category: Trio LU, IX, QX, MQ chip drivers, ucode & related SW
1573920 cassxr_err_addr(8593): Uninitialized Read Error @ EDMEM[0x7cb601b0]
Product-Group=junos
FPC reports following error log messages cassxr_err_addr(8593): Uninitialized Read Error @ EDMEM[0x7cb601b0]
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1556850 Upgrading the satellite devices might lead to some SDs to go in the SyncWait state.
Product-Group=junos
Upgrading satellite devices may lead to some SDs in SyncWait state. Cascade port flap not causing the issue.
PR Number Synopsis Category: Trio pfe mpls- lsps,rsvp,vpns- ccc, tcc software
1452864 Ferrari: BUD node replicating duplicate packets towards egress PE when we have S-RSVP-TE P2MP with vt interfaces
Product-Group=junos
Ferrari: BUD node replicating duplicate packets towards egress PE when we have S-RSVP-TE P2MP with vt interfaces
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1519367 Commit fails for the backup Routing Engine for the deactivated mpls lsp priority command
Product-Group=junos
When a user tries to deactivate the mpls related config, the commit fails on backup RE. Work-around details are provided in the corresponding section below.
PR Number Synopsis Category: Virtual Router Redundancy Protocol
1534835 IPv6 VRRP sessions are not established when Duplicate Address Detection (DAD) is enabled.
Product-Group=junos
On MX platforms with IPv6 VRRP sessions, the VRRP sessions are not established when Duplicate Address Detection (DAD) is enabled.
PR Number Synopsis Category: usf ams related issues
1596976 CGNAT MX SPC3 AMS warm-standby 1:1 redundancy problem with CLI CPU statistics lost data after PIC failover.
Product-Group=junos
CGNAT MX SPC3 AMS warm-standby 1:1 redundancy problem with CLI CPU statistics lost data after PIC failover. show services service-sets cpu-usage - Does not display service sets show services sessions utilization - Missing session count, the rates and CPU values.
 

 

Modification History:
2021-06-12 Update to add a Software RECALL notification QFX5000s, EX4600s, and EX4650 images.
2021-06-10 Modified to include a note that SRX1500 is not part of this release
First publication 2021-05-21
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search