Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

20.4R2-S1: Software Release Notification for JUNOS Software Version 20.4R2-S1

0

0

Article ID: TSB18103 TECHNICAL_BULLETINS Last Updated: 07 Jul 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 20.4R2-S1 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 20.4R2-S1 is now available.

20.4R2-S1 - List of Fixed issues

PR Number Synopsis Category: EX2300/3400 platform
1539933 The POE might fail on EX platforms due to a rare timing issue in the VC scenario
Product-Group=junos
On EX platforms with Virtual Chassis (VC) scenario, Power over Ethernet (POE) might not be detected and hence might fail to work on VC members. This happens when there is a CPU spike on master (for example 70% or above) and if a VC member gets rebooted or a new member joins VC. It is a rare timing issue and hard to reproduce.
PR Number Synopsis Category: QFX Access control list
1576168 The QFX5000 line of switches might drop the DHCP packets in the static VXLAN scenario
Product-Group=junos
In the Static VXLAN with the QFX5000 scenario, the QFX5000 acted as the leaf device (also, functions as a VETP). If the DHCP packets are passed over the VXLAN tunnels between the VTEPs, it might be assigned the wrong classid in the VFI (Virtual Forwarding Instance) during the VXLAN tunnel termination operation, then the DHCP packets might be filtered wrongly by PFE and might be dropped after that.
PR Number Synopsis Category: QFX PFE L2
1563171 On the QFX5110-32Q line of switches, LACP does not come up in the Non-Oversubscribed mode for a set of ports.
Product-Group=junos
On QFX5110-32Q in Non-oversubscribed mode, LACP might not come up when ports 20 to 23 are used. This might cause traffic drop on lanes 1,2 and 3 of ports 20-23.
1582473 MAC addresses learnt from the MC-LAG client device might keep flapping between the ICL interface and MC-AE interface after one child link in the MC-AE interface is disabled.
Product-Group=junos
On QFX/EX series products using Broadcom chip based PFE (i.e., QFX3500/QFX3600/QFX5100/QFX5110/QFX5120/QFX5200/QFX5210/EX4300/EX4600/EX4650), if Multichassis link aggregation group (MC-LAG) is configured, and the interchassis link (ICL) interface is a physical interface instead of an aggregated Ethernet (AE) interface, after one of the child links in Multichassis Aggregated Ethernet (MC-AE) interface on one of MC-LAG peers is disabled, the MAC addresses learnt from MC-LAG client device might keep flapping between the ICL interface and MC-AE interface. It could cause traffic drop when MAC addresses are learnt on ICL interface. This issue is only exposed in Junos release having the code change in PR 1504586 (which is fixed in Junos: 17.3R3-S9 17.4R3-S3 18.1R3-S11 18.2R3-S6 18.3R3-S3 18.4R2-S6 18.4R3-S6 19.1R3-S2 19.2R3 19.3R3 19.4R3 20.1R2 20.2R2 20.3R1 20.3X75-D10 20.4R1) but not having fix of PR 1582473.
PR Number Synopsis Category: Border Gateway Protocol
1585321 The rpd crash might be seen when BGP RPKI session record-lifetime is configured less than the hold-time
Product-Group=junos
In BGP RPKI (Resource Public Key Infrastructure) scenario, if the session record-lifetime is configured less than the hold-time, the record-lifetime for route validation (RV) might expire while the session is still up, which will cause the rpd crash.
PR Number Synopsis Category: bras licensing prs
1573289 Scale-subscriber license might be not updated properly on the backup RE which leads to "License grace period for feature scale-subscriber(44) is about to expire" alarm after GRES
Product-Group=junos
In a rare scenario spurious scale-subscriber license violation may be raised on the new backup Routing Engine shortly after GRES switchover. It will lead to "License grace period for feature scale-subscriber(44) is about to expire" alarm if another GRES switchover is performed.
PR Number Synopsis Category: Device Configuration Daemon
1581877 20.4R2:Tenant: Facing configuration check-out failed with error message: identical local address found on rt_inst [default], intfs
Product-Group=junos
When the interface configured under tenant instance and an interface configured under default routing instance have identical local address. While trying to delete tenant, the interface under it is getting added to default routing instance, which is causing commit check error for identical local address under same routing instance. As a workaround, commit full instead of commit when deleting tenant instance.
PR Number Synopsis Category: Configd, ffp issues
1534858 The firewall filter for both IPv4 and IPv6 might not work when it is applied through apply-groups.
Product-Group=junos
On Junos OS Evolved PTX devices, the firewall filter for both IPv4 and IPv6 does not work when it is applied through apply-groups on the subinterface
PR Number Synopsis Category: mgd, ddl, odl infra issues
1582916 Issues seen with scp
Product-Group=junos
scp doesn't work from cli. Users can use 'file copy' cli command instead of scp cli command as a workaround.
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1570757 The dev-longevity l2ald process generates the core file at l2ald_next_bd_member.
Product-Group=junos
A core may be seen when global level telemetry sensor is enabled and data streamed every 1 sec.
PR Number Synopsis Category: EX4400 platform
1573889 EX4400: Mgmt LEDs are not working as per expectations
Product-Group=junos
Below is the status of management LED when speed is set to: 1. 10m - Activity LED is not blinking when ping/traffic is runnig (instead it is remaining steady GREEN) 2. 100m - Activity LED is blinking without any ping/traffic.
PR Number Synopsis Category: Express PFE L2 fwding Features
1572238 DCI traffic loss of 100% observed in transit spine devices
Product-Group=junos
On QFX10K platforms with central routing mode of EVPN-VXLAN (Leaf - Spine) + DCI (MPLS) + EVPN-VXLAN (Spine - Leaf) scenario, traffic between DCI might be dropped on the Spine device of another DC. The reason is, the ethernet header has been stripped after removing MPLS label for IP lookup, which leads to an overwrite payload of the packet and the traffic drop with IPv4 checksum failure.
PR Number Synopsis Category: Express ASIC platform
1585594 JDI-RCT: T/PTX: "Failed to get pechip handle for chip 0" and "prds_encap_sample_flood_lpbk_desc_install: Egress NH descriptor install OK for Flabel 7808" errors seen during bringup
Product-Group=junos
Fix is needed in the release
PR Number Synopsis Category: IDP attack detection in the subscriber qmodules
1588450 Application-identification related signatures might not get triggered
Product-Group=junos
On SRX-Series devices, some of the application-identification(appid) related signatures might not get triggered when there is an update of IDP signature package/application-identification version to 3372.
PR Number Synopsis Category: Category for JET(JUNOS Extension Toolkit) related issues
1592542 GRPC connections stuck on ESTABLISHED with no active collector
Product-Group=junos
In a lossy network, if the peer end (grpc collector/client) gets closed the TCP sessions are held in established state in the Device. The issue is not seen in a normal network, and the issue seen only where there are high packet drops in the network.
PR Number Synopsis Category: IPSEC/IKE VPN
1596103 The kmd process might crash when VPN peer initiates using source-port other than 500
Product-Group=junos
On SRX Series devices, when site-to-site IPsec VPN is configured with traffic-selectors, if the VPN peer initiates an IKE negotiation using source-port other than 500, and at the same time, the IPsec IKE rekey (For the same VPN tunnel as the previous VPN peer initiates) occurs on the SRX device, the kmd process might crash.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1595203 In QFx10K platforms with evpn-vxlan with shared-tunnel config, when there is bgp flap or restart of l2ald info logs appear in vty.
Product-Group=junos
In QFx10K platforms with evpn-vxlan with shared-tunnel config, when there is bgp flap or restart of l2ald, following info logs appear in fpc vty. [LOG: Info] GENCFG_PMAC from pmac gencfg handler These appear once per vtep so if there are large number of vteps in the system there will be large number of messages.
PR Number Synopsis Category: Issues related to Junos licensing infrastructure
1582704 Node locked license addition fails in EVO
Product-Group=junos
Adding node locked license fails in EVO with error: License validation failed. License addition failed due to invalid license.
1583438 QFX5200-32C | Reset JBS, JAS, JPS definition to align with new license model
Product-Group=junos
We migrated the licensing paradigm for certain QFX5000 devices. However, some of these devices also had legacy licenses. With a goal that customers upgrading from previous Junos OS releases to these Junos OS releases and see zero friction, we have mapped legacy licenses in the code to align with the Juniper Agile Licensing model. This mapping allows customers to continue to use their legacy licenses. QFX5000-35-JBS expanded to provide features: FBF CFM VRRP QINQ MC_LAG TIMING IGMP PIM GRE_TUNNEL RIP OSPF SWITCHING_VC INMON_SFLOW QFX5000-35-JAS expanded to provide features: BGP IS-IS FBF CFM VRRP QINQ VXLAN PCEP MC_LAG ESI_LAG TIMING ETHERNET_OAM EVPN_VXLAN IGMP PIM GRE_TUNNEL STATIC_MPLS RIP OSPF SWITCHING_VC INMON_SFLOW QFX5000-35-JPS expanded to provide features: BGP IS-IS FBF CFM VRRP QINQ L3VPN VXLAN PCEP MC_LAG ESI_LAG TIMING ETHERNET_OAM LDP RSVP L2_CIRCUIT EVPN_VXLAN IGMP EVPN_MPLS EVPN_SR PIM GRE_TUNNEL STATIC_MPLS RIP OSPF SWITCHING_VC INMON_SFLOW
1583439 QFX5120-48Y | QFX5110-32Q/48S | Reset PFL, AFL definition to align with new license model
Product-Group=junos
We migrated the licensing paradigm for certain QFX5000 devices. However, some of these devices also had legacy licenses. With a goal that customers upgrading from previous Junos OS releases to these Junos OS releases and see zero friction, we have mapped legacy licenses in the code to align with the Juniper Agile Licensing model. This mapping allows customers to continue to use their legacy licenses. QFX5000-C1-PFL expanded to provide features: BGP IS-IS FBF CFM VRRP QINQ VXLAN PCEP MC_LAG ESI_LAG TIMING ETHERNET_OAM EVPN_VXLAN IGMP PIM GRE_TUNNEL STATIC_MPLS RIP OSPF SWITCHING_VC INMON_SFLOW QFX5000-C1-AFL expanded to provide features: BGP IS-IS FBF CFM VRRP QINQ L3VPN VXLAN PCEP MC_LAG ESI_LAG TIMING ETHERNET_OAM LDP RSVP L2_CIRCUIT EVPN_VXLAN IGMP EVPN_MPLS EVPN_SR PIM GRE_TUNNEL STATIC_MPLS RIP OSPF SWITCHING_VC INMON_SFLOW
1589920 QFX5120-48Y (Stage 1), QFX5110-32Q and QFX5110-48S (Stage 2) | Allow default license for FBF, CFM, VRRP, QINQ, MC_LAG, TIMING, IGMP, PIM, GRE_TUNNEL, RIP, OSPF, VC, SFLOW
Product-Group=junos
Hawk NPI migrated the licensing paradigm for certain QFX5K devices. However, some of these devices were sold without licenses. With a goal that customers upgrading from old-Junos release to Hawk enable Junos release, see zero friction, licenses for the below features are made available by default. FBF CFM VRRP QINQ MC_LAG TIMING IGMP PIM GRE_TUNNEL RIP OSPF SWITCHING_VC INMON_SFLOW Applicable to QFX5120-48Y (Stage 1), QFX5110-32Q and QFX5110-48S (Stage 2)
PR Number Synopsis Category: Category for tracking Olympus-MX issues
1561188 SPC3 is not supported on MX in 21.1R1 and 20.4R2 for deployment.
Product-Group=junos
SPC3 is not supported on MX in 21.1R1 and 20.4R2 for deployment.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1563647 Memory corruption of any binary in /usr/bin/ or /usr/sbin/ may be triggered when a recovery snapshot is being copied to the OAM volume
Product-Group=junos
Memory corruption of a binary from /usr/bin/ or /usr/sbin/ directory can occur if such binary is invoked when a recovery snapshot creation is in progress. The exact symptoms will be different depending on the exact binary and JUNOS version - some programs will show an error, and some programs will crash every time it is executed. Such memory corruption will be persistent until the affected Routing Engine is restarted. Please refer to TSB17954 (https://kb.juniper.net/TSB17954) for further details.
1579331 EX4400: Under some conditions, the FPGA reset reason may be incorrectly shown in console logs as 0.
Product-Group=junos
EX4400: Under some special conditions, such as boot from OAM volume following a graceful/warm reboot, the FPGA reset reason incorrectly shown in console logs as 0.
PR Number Synopsis Category: QFX L2 PFE
1580114 The dcpfe process crashes while checking the virtual tunnel-nh packet status.
Product-Group=junos
vty show commands are executed in different context than pfeman. There is a possibility that data might be changed/deleted in pfeman context which might trigger a crash during show command execution.
1586537 Inter and intra VNI traffic drop may occur in spine with EVPN-VxLAN CRB configuration
Product-Group=junos
On QFX5k platforms, intra & inter VNI traffic may be dropped on spine in VxLAN CRB scenario due to wrong vlan tag sent by the device, outgoing packet may not hit the required dynamic filter to update the vlan tag.
PR Number Synopsis Category: QFX EVPN / VxLAN
1561588 Dcpfe process might crash on after committing EVPN-VXLAN profile configuration and ARP resolution may fail causing traffic issues.
Product-Group=junos
Dcpfe process might crash on after committing EVPN-VXLAN profile configuration and ARP resolution may fail causing traffic issues.
1577183 The OSPF session over IRB might not come up in the EVPN-VXLAN scenario
Product-Group=junos
In EVPN/VXLAN scenario with OSPF configured over the IRB, OSPF sessions might not get established due to connectivity issues.
1593950 The dcpfe process might crash in EVPN-VxLAN scenario
Product-Group=junos
On QFX5k platforms with EVPN-VxLAN, the dcpfe core may be observed in one of the LEAF devices in steady state after performing 'clear ethernet-switching table' on remote SPINE device in.
PR Number Synopsis Category: KRT Queue issues within RPD
1582226 The process rpd may stuck in 100% due to race condition
Product-Group=junos
There is a defect on the code for the processing of route entries between RE and FPC, it is due to incorrect operations of two internal threads in a race condition, resulting in a tight loop on code and high rpd CPU usage.
PR Number Synopsis Category: ZT/YT pfe infra issues
1593083 Low priority host bound traffic may starve or delay processing of high priority host bond traffic.
Product-Group=junos
Low priority host bound traffic may starve or delay processing of high priority host bond traffic. Issue is applicable only on those FPCs which support AFT.
PR Number Synopsis Category: Configuration management, ffp, load action
1577626 Apply-paths might cause validation failures during JUNOS upgrade
Product-Group=junos
On SRX-Series devices with apply-path configuration, during upgrade the validation might fail.
PR Number Synopsis Category: usf ams related issues
1596976 CGNAT MX SPC3 AMS warm-standby 1:1 redundancy problem with CLI CPU statistics lost data after PIC failover.
Product-Group=junos
CGNAT MX SPC3 AMS warm-standby 1:1 redundancy problem with CLI CPU statistics lost data after PIC failover. show services service-sets cpu-usage - Does not display service sets show services sessions utilization - Missing session count, the rates and CPU values.
 

20.4R2-S1 - List of Known issues

PR Number Synopsis Category: QFX L3 data-plane/forwarding
1529240 [evpn_vxlan] [default_switch_instance] PFE error message seen on qfx5120-48y: BRCM-VIRTUAL,brcm_vxlan_riot_destroy_nh(),1494:Failed to delete egr_if(400138) err-Operation still running
Product-Group=junos
Sometimes when we perform "deactivate protocols bgp" on the QFX5k RIOT devices, we may see "BRCM-VIRTUAL,brcm_vxlan_riot_destroy_nh(),1494:Failed to delete egr_if(400138) err-Operation still running" error messages during arp_ndp clean up stage and these are harmless.
1582713 Encapsulation and Decapsulation of Vxlan Traffic fails leading to traffic Drop
Product-Group=junos
Encapsulation and Decapsulation of Vxlan Traffic fails due to network port creation failure, leading to traffic Drop on qfx5120-48ym-8c devices.
PR Number Synopsis Category: MX Layer 2 Forwarding Module
1584737 The l2ald process might crash on changing the routing-instance
Product-Group=junos
On all Junos platforms, the l2ald crash could be observed on changing the routing-instance from VPLS to L2VPN, with same routing-instance name is being used for both L2VPN and VPLS.
PR Number Synopsis Category: Express PFE including evpn, vxlan
1550700 On the QFX10000 devices, only untagged traffic flows through the ethernet-bridge interface.
Product-Group=junos
When ethernet-bridge configuration on an interface on QFX1000X series, only untagged BUM/directed traffic will flow through the interface. Tagged traffic will be dropped with dlu.vlan_tag_lkup_miss trapcode.
1572876 DCPFE/FPC crash may be observed on the QFX10000 series platforms if ARP MAC move happens
Product-Group=junos
On the QFX10000 series platforms with EVPN-VXLAN setup, ARP MAC move between local side and remote side or moving from a MAC-VRF table to the default switch table may cause DCPFE/FPC to crash.
PR Number Synopsis Category: Express PFE L2 fwding Features
1574594 JDI-RCT : QFX 10008 :: evpn-dhcp :: ksyncd core is hit at ../../../../../../src/junos/usr.sbin/ksyncd/ksyncd_msg.c when rebooting the box with evpn-vxlan configurations
Product-Group=junos
ksyncd core may be hit when we reboot node with EVPN VXLAN configurations on QFX10008/16 platforms
PR Number Synopsis Category: PTP related issues.
1592234 Need to allow SyncE and PTP configurations during ISSU upgrade
Product-Group=junos
Currently, SyncE configurations are allowed during ISSU but trigger a warning since SyncE state may not be maintained during ISSU. PTP configurations however need to be deactivated, else the ISSU will be aborted.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1597479 QFX10002: dcpfe core is observed after booting the device with EVPN-VXLAN configs
Product-Group=junos
QFX10002: dcpfe core is observed after booting the device with EVPN-VXLAN configs
PR Number Synopsis Category: QFX L2 PFE
1579614 BUM traffic from AR-LEAF does not display the correct count in the output of the show interfaces vtep extensive command.
Product-Group=junos
Sometimes the "show interfaces vtep extensive" command does not display the correct statistics with the AR-REPLICATOR functionality on QFX5Ks
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1569879 On the QFX5110-32Q, L2_mac_scaling_inter_pod traffic drop is observed with evpn-vxlan-type-5 base configurations.
Product-Group=junos
vport's refcnt will not be proper with stale entries seen sometimes due to out of order messages for AE interfaces when deletion/addition sequence is done multiple times.
PR Number Synopsis Category: QFX EVPN / VxLAN
1550305 Traffic not load balanced by EX4300-48MP and EX4300-VC over ESI links with evpn_vxlan configured.
Product-Group=junos
Traffic does not get load balanced by QFX10K to all the PE devices in the core which share a ESI links with EVPN_VXLAN configured.
1560038 On the QFX5110 line of switches, the untagged traffic routed over native-vlan might be dropped.
Product-Group=junos
On QFX5110 platforms in VXLAN Layer3 Gateway scenario, untagged traffic routed over native-vlan-id interface might be dropped.
1570689 Unexpected multicast traffic streams after enabling EVPN is observed.
Product-Group=junos
BUM traffic replication over VTEP is sending out more packets than expected and there seems to be a loop also in the topology.
 
Modification History:
First publication 2021-07-07
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search