Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

19.4R3-S4: Software Release Notification for JUNOS Software Version 19.4R3-S4

1

0

Article ID: TSB18086 TECHNICAL_BULLETINS Last Updated: 10 Jun 2021Version: 2.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 19.4R3-S4 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 19.4R3-S4 is now available.

19.4R3-S4 - List of Fixed issues
PR Number Synopsis Category: EX4300 PFE
1595797 Firewall filter might not get programmed correctly on EX4300 platforms
Product-Group=junos
On EX4300 platforms, the firewall filter might not get programmed correctly, if there is any modification made in the filter which is already attached to an interface and it is the only filter in the group. The traffic through the interface will be impacted.
PR Number Synopsis Category: QFX PFE CoS
1585361 [cos] [filter] QFX5K Dscp classifier doesn't work and all packets are sent to a single queue
Product-Group=junos
With the QFX5K platform, When the L3 interface with multiple IFLs is deleted and re-configured with a custom classifier, queue classification will not work and traffic will take the best-effort queue.
PR Number Synopsis Category: QFX PFE L2
1582473 MAC addresses learnt from MC-LAG client device might keep flapping between the ICL interface and MC-AE interface after one child link in MC-AE interface is disabled
Product-Group=junos
On QFX/EX series products using Broadcom chip based PFE (i.e., QFX3500/QFX3600/QFX5100/QFX5110/QFX5120/QFX5200/QFX5210/EX4300/EX4600/EX4650), if Multichassis link aggregation group (MC-LAG) is configured, and the interchassis link (ICL) interface is a physical interface instead of an aggregated Ethernet (AE) interface, after one of the child links in Multichassis Aggregated Ethernet (MC-AE) interface on one of MC-LAG peers is disabled, the MAC addresses learnt from MC-LAG client device might keep flapping between the ICL interface and MC-AE interface. It could cause traffic drop when MAC addresses are learnt on ICL interface. This issue is only exposed in Junos release having the code change in PR 1504586 (which is fixed in Junos: 17.3R3-S9 17.4R3-S3 18.1R3-S11 18.2R3-S6 18.3R3-S3 18.4R2-S6 18.4R3-S6 19.1R3-S2 19.2R3 19.3R3 19.4R3 20.1R2 20.2R2 20.3R1 20.3X75-D10 20.4R1) but not having fix of PR 1582473.
PR Number Synopsis Category: BBE database related issues
1592889 Any mmcq based services might crash due to shared memory queues issue happens in a rare condition
Product-Group=junos
In the shared memory queues (mmcq) scenario (e.g. Enhanced Subscriber Management and Next Generation Broadband-Edge Statistics in this case). The BBE statistics are mapped and queued on the shared memory, in a very rare case, if the allocated mmcq of the selected data is disorderly, the improper BBE statistics might be sent/took for the subscriber services, then the bbe-smgd/bbe-statsd might crash. Also, all these kinds of the crash might continue due to the persistence of shared memory values, then the mmcq based services will not work until performing GRES or rebooting the RE.
PR Number Synopsis Category: BBE interface related issues
1581260 hitting with vmcore.0 at 0xffffffff80443eef in kern_reboot
Product-Group=junos
Problem happens due to improper cleanup of reference count, hold on interface. Reference count are added on logical interfaces, so dependencies gets cleaned up properly. we could see "DCD_CONFIG_WRITE_FAILED" error messages flooding in /var/log/messages when problem gets hit.
PR Number Synopsis Category: Border Gateway Protocol
1594626 The routing process may crash due to memory corruption while processing BGP multipath route
Product-Group=junos
The rpd process may experience a crash due to memory corruption while processing BGP multipath route. It has a traffic impact.
PR Number Synopsis Category: jdhcpd daemon
1592552 The jdhcpd process might not respond to any Discover message when it is in "clients waiting to be restored" state
Product-Group=junos
On MX platforms, some subscribers might get stuck in "clients waiting to be restored" state after the jdhcpd process is restarted. When in this state, the jdhcpd doesn't respond to any new DHCP Discover/DHCPv6 Solicit for 30 mins.
PR Number Synopsis Category: Security platform jweb support
1594366 [J-Web] zone info disappears when functional zone is configured
Product-Group=junos
zone info is not listed at configuration menu on J-Web, if functional zone is configured without any option.
1594913 [J-Web] services are not displayed at security policies under logical-system
Product-Group=junos
Services are not listed at configuration menu at Jweb below. Configure > Security Services > Security Policy > Rules
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1584874 Bridge domain names information is not displayed properly in "show bridge statistics instance".
Product-Group=junos
Under the conditions of the bridge domains in the virtual-switch type instance having "vlan-id-list", Bridge domain names information is not displayed properly in "show bridge statistics instance".
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1563647 Memory corruption of any binary in /usr/bin/ or /usr/sbin/ may be triggered when a recovery snapshot is being copied to the OAM volume
Product-Group=junos
Memory corruption of a binary from /usr/bin/ or /usr/sbin/ directory can occur if such binary is invoked when a recovery snapshot creation is in progress. The exact symptoms will be different depending on the exact binary and JUNOS version - some programs will show an error, and some programs will crash every time it is executed. Such memory corruption will be persistent until the affected Routing Engine is restarted. Please refer to TSB17954 (https://kb.juniper.net/TSB17954) for further details.
PR Number Synopsis Category: analyzer on QFX 5100,5200, 5110
1589579 Port-Mirror : When delete AE member(s) then its NOT getting deleted (mirror trunk group) in the hardware for Analyzer input AE
Product-Group=junos
When member interface from AE is deleted and if that AE interface is input to analyzer session, mirroring will continue to happen for the removed member interface also.
PR Number Synopsis Category: Secure Web Proxy functionality on Junos
1589957 Pass-through traffic might fail post reboot when Secure Web Proxy is configured
Product-Group=junos
On SRX-Series devices, pass-through traffic on Secure Web Proxy may fail after rebooting the device.
PR Number Synopsis Category: SFW, CGNAT on MS-MIC/MS-MPC (XLP)
1593226 The TCP keepalive might not be processed by the private network host
Product-Group=junos
On MX platforms with MS-MPC and MS-MIC when tcp-tickle knob is enabled under services-options in DS-lite (Dual-Stack lite) with NAT scenario, the TCP keepalive might not be processed by the private network host and the purpose of TCP keepalive gets compromised.
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1560772 Interface not able to send/receive packets after repeated link flaps on MPC10/11E
Product-Group=junos
On all Junos platforms with MPC10E/11E linecards, repeated link flaps on an interface could result in complete traffic stall (packets no longer going out the interface).
PR Number Synopsis Category: usf service set related issues
1583534 SNMP SysObjectID.0 is empty with enabled unified-services
Product-Group=junos
On MX series SNMP SysObjectID.0 has empty value if unified-services is enabled
 

19.4R3-S4 - List of Known issues
PR Number Synopsis Category: SFI Infra-structure
1485038 The following error message is observed continuously in AD with base configurations: IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) failed.
Product-Group=junos
EX 9251 Summit-B54 : "IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) error message is observed continuously in AD with base configurations.
PR Number Synopsis Category: Virtual-chassis platform/chassisd infrastructure PRs for MX
1569556 JDI-RCT:M/Mx: not able to set member-id as RE is in synching mode forever when its having invalid VC data( error: Command aborted. VC configuration synch to backup RE in progress, try after 120 secs. )
Product-Group=junos
New SCB cards may have uninitialized VC Data Blocks, preventing setting the member-id when configuring as a MX-VC for the first time.
PR Number Synopsis Category: Firewall Network Address Translation
1406248 The nsd process crashes and creates coredump. This can impact transit traffic.
Product-Group=junos
If an application is configured in source/destination NAT rule, once this application is deleted or modified, the nsd process might crash and generate a coredump. This can lead to packet drops.
PR Number Synopsis Category: Security platform jweb support
1597221 [J-Web] a custom application name contains "any" is listed under Pre-defined Applications
Product-Group=junos
In J-Web, custom application info is usually listed under "Custom-Applications". However, if the application name contains "any", it is listed under "Pre-defined Applications".
PR Number Synopsis Category: Secure Web Proxy functionality on Junos
1585542 Secure Web proxy continue sending DNS query for unresolved DNS entry even after the entry was removed
Product-Group=junos
On SRX series device, Secure Web proxy continue sending DNS query for unresolved DNS entry even after the entry was removed.
PR Number Synopsis Category: SSL Proxy functionality on JUNOS
1587149 On SRX-Series devices, the protocol-version command which controls TLS-versions (1.1, 1.2, 1.3, etc) within SSL-Proxy has been unhidden.
Product-Group=junos
On SRX-Series devices, the protocol-version command which controls TLS-versions (1.1, 1.2, 1.3, etc) within SSL-Proxy has been unhidden.
PR Number Synopsis Category: SRX-1RU infrastructure SW defects
1596438 srxpfe process might restart on high-end SRX with a core-dump and showing FPC0 Offline if unsupported configuration is used
Product-Group=junos
if unsupported interface-level configuration "targeted-broadcast" is used on high-end SRX, after system reboot, srxpfe process might restart generating a core-dump and showing FPC0 "Offline"
PR Number Synopsis Category: ZT/YT pfe l3 forwarding issues
1586057 Unicast traffic over IRB interface may be wrongly routed due to stale PFE programming
Product-Group=junos
Modification History:
First publication 2021-06-10
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search