Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

19.2R3-S3: Software Release Notification for JUNOS Software Version 19.2R3-S3

0

0

Article ID: TSB18134 TECHNICAL_BULLETINS Last Updated: 05 Aug 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 19.2R3-S3 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Risk Risk Description
Low/Notification - No defined time impact to take action Software Release Notification
Impact Impact Description
Low/Notification - Monitor the situation but no action needed Software Release Notification

Solution:

Junos Software service Release version 19.2R3-S3 is now available.

19.2R3-S3 - List of Fixed issues

PR Number Synopsis Category: EX4300 PFE
1515234 DHCP binding does not happen after GRES.
Product-Group=junosvae
After GRES, interfaces may flap due to which DHCP bindings may be lost.
PR Number Synopsis Category: Virtual-chassis platform/chassisd infrastructure PRs for MX
1587499 Unable to configure pseudowire interface on an MX10003 in virtual chassis mode
Product-Group=junos
An MX10003 in virtual chassis (VC) mode, configuring a pseudowire interface over a logical tunnel (LT) or a redundant logical tunnel (RLT) results in a commit error that states that the anchor point interface is not configured, even when the LT or RLT interface is operationally up. The issue is not present on MX10003 in non-VC mode.
PR Number Synopsis Category: QFX Access Control related
1587837 Process dot1xd crash might be seen and re-authentication may be needed on EX9208 platform
Product-Group=junos
On EX9208 platform with fusion scenario where around 30,000 mac-radius authenticated sessions are established, process dot1xd might crash and the users may need to have re-authentication due to relevant memory not getting freed when dot1x is deleted on any interface, which causes a memory leak and leads the crash.
PR Number Synopsis Category: Express PFE CoS Features
1588514 There might be higher latency in traffic flow than configured or default value
Product-Group=junos
On PTX5000 and PTX10003 platforms, higher latency than configured or default value might be observed in the traffic passing through the device. This issue is seen as the VOQ (Virtual output queue) size is not correctly set in ASIC.
PR Number Synopsis Category: ISIS routing protocol
1542932 ISIS route convergence from L1 to L2 might take more than 10 minutes
Product-Group=junos
As design of ISIS, if a prefix is received from both L1 and L2, the prefix from L1 has priority and will be installed into routing table. If the L1 prefix is withdrawn, route convergence occurs immediately and the L2 prefix is installed into routing table instead in a very short time. The traffic destined to the prefix will not be impacted in this condition. However if this issue is hit, the route convergence from L1 to L2 might take more than 10 minutes, the route of the prefix does not exist in routing table during this period, and the traffic destined to the prefix will lose completely.
PR Number Synopsis Category: jdhcpd daemon
1594371 jdhcpd core dump post Junos upgrade to 18.4R3-S4.2
Product-Group=junos
Post Junos upgrade to 18.4R3-S4.2, sometimes jdhcpd core dump can be observed with dhcp process restarts and there's no service impacts.
PR Number Synopsis Category: High Availability/NSRP/VRRP
1591559 Security policies might not be synced to all PFEs (Packet Forwarding Engine) post upgrade
Product-Group=junos
On SRX-Series devices configured in chassis-cluster, after ISSU (in-service software upgrade) when there is any policy or ipid related events/config change, the security policies might not sync to all the PFEs.
PR Number Synopsis Category: Security platform jweb support
1511853 Junos OS: J-Web allows a locally authenticated attacker to escalate their privileges to root. (CVE-2021-0278)
Product-Group=junos
An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated attacker to escalate their privileges to root over the target device. Please refer to https://kb.juniper.net/JSA11182 for more information.
PR Number Synopsis Category: Layer 2 Control Module
1583092 The l2ald crash if a specific naming format is applied between a vlan-range and a single vlan
Product-Group=junos
On all L2NG platforms (EX2300/EX3400/EX4300/EX4600/EX9200/QFX3500/QFX3600/QFX5100/QFX10000 etc.) with 'vlan-range' configured, if a single vlan is defined with the format [previously_defined_vlan_range_name]-vlan-[any_string_value]. When an interface already assinged to the vlan-range is trying to be assinged to the single vlan, the layer2 address learning daemon (l2ald) might crash.
PR Number Synopsis Category: Label Distribution Protocol
1529944 The rpd may crash if deactivating the routing-instance with LDP configured
Product-Group=junos
On all Junos platforms with LDP configured in the routing-instance, rpd might crash if deactivating the routing-instance which has IPv4 address routes of LDP.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1579331 EX4400: Under some conditions, the FPGA reset reason may be incorrectly shown in console logs as 0.
Product-Group=junos
EX4400: Under some special conditions, such as boot from OAM volume following a graceful/warm reboot, the FPGA reset reason incorrectly shown in console logs as 0.
PR Number Synopsis Category: QFX EVPN / VxLAN
1582017 The traffic may not be load-balanced properly in an EVPN overlay-ecmp setup
Product-Group=junos
On QFX5100/QFX5110/QFX5120/QFX5130 and EX4300/EX4600/EX4650 devices with overlay-ecmp configuration for EVPN-VxLAN, the traffic might not get load-balanced correctly when multi traffic streams with different source address are sent across the fabric.
PR Number Synopsis Category: SW PRs for SCBE3 related kernel drivers
1564539 MX platforms with MX-SCBE3 may reboot continuously
Product-Group=junos
A recent change in the kernel boot loader causes a system with MX-SCBE3 to experience the Routing Enginne's kernel memory corruption which causes the system to reboot continuously.
PR Number Synopsis Category: Issues with load balancing next hop for services SDG
1567568 TLB composite NH is installed incorrectly in other routing-instances
Product-Group=junos
On all MX platforms using MS-MIC/MS-MPC/MX-SPC3 service card with Traffic Load Balancer (TLB) used, TLB composite Next Hop is incorrectly installed in other routing-instances after traffic-dird daemon restart/RE restart/GRES, which might cause VIP routes missing so that TLB service will not function properly.
PR Number Synopsis Category: SRX-1RU platfom related protocol, QoS, filtering features et
1585698 The 1G interfaces might not come up after device reboot
Product-Group=junos
On SRX4600 devices, in some cases 1GbE SFP optical interfaces might not come up and disabling dfe tuning failed is displayed in the logs.
 

19.2R3-S3 - List of Known issues

PR Number Synopsis Category: Firewall Filter
1514141 The system-generated name of the resulting concatenated filter from firewall filter list is same for different families
Product-Group=junos
The system-generated name of the concatenated filter from the firewall filter list is the same for different families. This will not cause any issue on CLI. However, if the firewall filter telemetry data is streamed via Junos Telemetry Interface (JTI), it might cause confusion on collector side because the firewall filter list for different families will be treated as one filter. In particular, if firewall filters having same firewall filter counter (or policer) name are used in firewall filter list for different families, the incorrect statistics might be seen on collector because the firewall filter counter (or policer) name for different families cannot be distinguished on collector side.
PR Number Synopsis Category: track re issu control procedure bugs
1588636 Repd (replication daemon) core might be seen after ISSU upgrade
Product-Group=junos
On SRX platforms after performing an ISSU system upgrade from release A to Release B, the repd core might be seen on the primary node/master RE. There is a traffic loss of around 1 sec for the entire ISSU upgrade.
PR Number Synopsis Category: KRT Queue issues within RPD
1388119 During link flap, kernel veto messages are seen and traffic is being blackholed
Product-Group=junos
In JUNOS 16.1/later releases, when the quick interface "down/up" happens, IGP and BGP protocols perform RIB route-change, in some sceanrios we may observe rt_pfe_veto messages in syslog, due to slow PFE consumption, kernel will throttle RPD by sending ENOBUFS. In order to avoid this scenario we can configure in JUNOS the following values to the Kernel Routing Table IO: set routing-options krt-io-options work-queue-length high-threshold 250 set routing-options krt-io-options work-queue-length low-threshold 200 set routing-options krt-io-options tx-bulk-count 10 Important Notes: The above commands require RPD restart to take effect. When the "interface down" happens, IGP and BGP protocols perform RIB route-change. The IGP change is placed into a high priority queue and the exterior route change is placed into a low priority queue. For 64-bit systems, RPD workqueue size is 10000 and bulk count is 30. As a result, the head of line blocking for the IGP route change could potentially be up to 300000 rtsock requests, which causes the delay in FIB convergence for that particular prefix when the interface comes up immediately after interface down.
PR Number Synopsis Category: IPSEC functionality on M/MX/T ser
1557216 On the EX4300 device, script fails while committing the IPSec authentication configuration as the algorithm statement is missing.
Product-Group=junos
On all Junos platforms except MX/SRX with FIPS mode enabled, the manual IPsec functionality might not be working as no authentication algorithm is configurable for IPsec.
 
Modification History:
First publication 2021-08-05
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search