Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

19.3R2-S7: Software Release Notification for JUNOS Software Version 19.3R2-S7

0

0

Article ID: TSB18159 TECHNICAL_BULLETINS Last Updated: 03 Sep 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 19.3R2-S7 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Risk Risk Description
Low/Notification - No defined time impact to take action Software Release Notification
Impact Impact Description
Medium - Risk of service interruption Software Release Notification

Solution:

Junos Software service Release version 19.3R2-S7 is now available.

19.3R2-S7 - List of Fixed issues

PR Number Synopsis Category: Border Gateway Protocol
1483097 The BGP RPKI ROA withdrawal might lead to an unexpected BGP route flap.
Product-Group=junos
Originally, when an RPKI RTR server or an RPKI Validator withdraws ROAs they are marked as "stale" and then flushed when the garbage collection timer runs out. For the short period of time, this might result in incorrect validation status. If there's an ingress BGP policy which suppresses routes with validation status of invalid, the affected routes are deleted locally (as well as withdrawn from its neighbors). Later, when the withdrawn ROA is flushed, the validation state of the routes are corrected to unknown and the routes are re-installed and re-advertised. With this fix, the withdrawn ROAs are deleted from the validation database immediately, so that the affected routes transition to unknown state directly resulting in no route flaps.
1487486 The rpd might crash with BGP RPKI enabled in a race condition.
Product-Group=junos
On all Junos platforms with BGP PRKI (Resource Public Key Infrastructure) scenario, if NSR is enabled and scale routes and ROAs exist, in a very rare case, the ROA (route origin authorization) might be withdrawn before replicating to the backup RE when ROA changes happen, which results in the rpd crash.
1517498 The rpd might crash after deleting and re-adding a BGP neighbor.
Product-Group=junos
In BGP scenario on all Junos platforms, after deleting and re-adding a BGP neighbor, the rpd might crash due to a rare timing issue.
1519245 The leaf statement of either "prefix-limit" or "accept-prefix-limit" for BGP might be inconsistent on the REs
Product-Group=junos
When NSR is configured and the leaf statement (such as "teardown" with "idle-timeout") is configured for BGP "prefix-limit" or "accept-prefix-limit", changing the value of leaf statement (such as "teardown") might lead to the inconsistent configuration between the master RE and backup RE. Then the wrong value might be used by the configured services after the RE switchover.
1545837 If output-queue-priority expedited update-tokens is configured, rpd might crash might upon BGP flapping.
Product-Group=junos
On all Junos platforms with 'output-queue-priority expedited update-tokens' configured, rpd crash might be seen upon BGP flap.
1548517 BGP convergence delay may occur in a scale BGP setup
Product-Group=junos
For devices with many BGP groups and high output work, even if a policy to not advertise the routes is configured, the system can be slow to remove the routes from the rib and withdraw the prefix from the peer, which might cause BGP convergence delay.
1556210 The rpd core might occur when BGP origin validation trace is enabled with scaled routes
Product-Group=junos
On all Junos OS and Junos OS Evolved platforms, with BGP origin validation traceoption is configured, if scaled routes (more than 5M) are added/withdrawn, rpd core might occur and BGP peers might flap.
1567182 The rpd process might crash when there is BGP session re-establishing or flapping
Product-Group=junos
On all Junos platforms when graceful restart helper is used, the rpd process might crash when there is BGP session re-establishing or flapping. Traffic loss might be seen during the rpd crash.
PR Number Synopsis Category: Class of Service
1568661 FPC crash might be observed after the "show class-of-service" command
Product-Group=junos
When "show class-of-service scheduler-resources fpc" is issued, the FPC might crash and the core-dump is generated.
PR Number Synopsis Category: Ethernet OAM (LFM)
1529209 Junos OS: ethtraceroute Local Privilege Escalation vulnerabilities in SUID binaries (CVE-2021-0255)
Product-Group=junos
A local privilege escalation vulnerability in ethtraceroute Ethernet OAM utility of Juniper Networks Junos OS may allow a locally authenticated user with shell access to escalate privileges and write to the local filesystem as root. Please refer to https://kb.juniper.net/JSA11175 for more information.
PR Number Synopsis Category: Kernel software for AE/AS/Container
1466531 The following error message is observed after GRES: [user.err aftd-trio: [Error] IF:Unable to add member to aggregate member list, member already exists, aggIflName:ps1.0 memberIflName:lt-3/0/0.32767].
Product-Group=junos
The following syslog error messages are harmless and expected during FPC offline/restart scenarios with PS-RLT configuration, with and without link protection. Nov 12 15:02:00 cleansing kernel: lag_remove_link_from_stack_bundle: vid 0x0 delete failed for ifl lt-3/0/0.32767 with err=2 Nov 12 15:02:00 cleansing kernel: lag_remove_link_from_stack_bundle: vid 0x1 delete failed for ifl lt-3/0/0.32767 with err=2 Nov 12 15:02:43 cleansing kernel: lag_remove_link_from_stack_bundle: vid 0x1 delete failed for ifl lt-5/0/0.32767 with err=2 Nov 12 15:02:43 cleansing kernel: lag_remove_link_from_stack_bundle: vid 0x0 delete failed for ifl lt-5/0/0.32767 with err=2 Nov 12 15:02:43 cleansing kernel: lag_lp_handle_event: LP event = 6, child lt-5/0/0 err = 22 The following syslog error messages are harmless and expected during ISSU or GRES or FPC offline/online scenarios. Nov 12 15:08:37 cleansing fpc3 user.err aftd-trio: [Error] IF:Unable to add member to aggregate member list, member already exists, aggIflName:ps1.0 memberIflName:lt-3/0/0.32767 Nov 12 15:08:37 cleansing fpc3 user.err aftd-trio: [Error] IF:Unable to add member to aggregate member list, member already exists, aggIflName:ps1.0 memberIflName:lt-5/0/0.32767
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1512802 Memory leak on l2ald might be observed when adding or deleting the routing-instances or bridge-domains configuration.
Product-Group=junos
Memory leak on l2ald might be seen when adding/deleting the routing-instances/bridge-domains configuration.
PR Number Synopsis Category: MPC11 ULC interface software related issues.
1473191 MPC11, Oversubscription drops are not accounted in RE CLI under resource drops when Flow control is disabled
Product-Group=junos
On MPC11, when traffic on WAN is oversubscribed, Oversubscription drops are not accounted in RE CLI under resource drops when Flow control is disabled.
1497089 MPC10/MPC11 : Error messages seen ztchip_mqss_wanio_stream_out_disable: Waiting for available credits value to become initial value for WO connection failed - status 29, wan_port_group 0, conn_num 10
Product-Group=junos
MPC10/MPC11 : Error messages seen ztchip_mqss_wanio_stream_out_disable: Waiting for available credits value to become initial value for WO connection failed - status 29, wan_port_group 0, conn_num 10
PR Number Synopsis Category: MX2010 platform software
1477924 Observed messages spmb0 cmty_sfb_temp_check: sfb[0] is powered OFF and spmb0 cmty_sfb_voltage_check_one: sfb[0] is powered OFF are flooding even though SFBs are online in MX2010.
Product-Group=junos
With JUNOS 19.3R2 and higher, syslogs such as "spmb0 cmty_sfb_temp_check: sfb[0] is powered OFF" & "spmb0 cmty_sfb_voltage_check_one: sfb[0] is powered OFF" are flooding even though SFB2s are online in MX2008/MX2010/MX2020
PR Number Synopsis Category: "ifstate" infrastructure
1533719 The rpd might switch to primary role early without syncing up all routes/nexthops if routes churn occurs during GRES switchover
Product-Group=junos
If NSR is configured, during the GRES switchover, the rpd might switch to primary role even without syncing up all routes/nexthops when routes churn occurs. Further kernel message will be missed by the rpd afterwards.
1545463 Continuous rpd errors might be seen and new routes fails to be programmed by the rpd process
Product-Group=junos
In case of high route churn in the network, all kuackmem (Kernel ACK mechanism) entries may be exhausted as a result of a rare timing issue and any new routes will fail to get programmed by rpd.
PR Number Synopsis Category: IPv6/ND/ICMPv6 issues
1521683 RE crash might be seen after removing the chassis FPC level configuration
Product-Group=junos
On all Junos platforms with IPv6 traffic running, removal of fpc level configuration causes severe traffic churn which may cause Routing Engine (RE) to crash and master RE (suitable for both single-RE and double-RE) to reboot.
PR Number Synopsis Category: JUNOS Network App Infrastructure (for ping, traceroute, etc)
1563298 The mtr process might hog CPU when the "traceroute monitor" command is paused
Product-Group=junos
On all Junos platforms, if the "traceroute monitor" command is executed, the mtr process might utilize 100% CPU if p is pressed to pause it.
PR Number Synopsis Category: TCP/UDP transport layer
1552603 The BGP session replication might fail to start after the session crashes on the backup Routing Engine.
Product-Group=junos
On certain Junos platforms with Dual-REs (platforms capable of installing Junos packages with name format as "junos*install"), BGP replication may fail to start under GRES/NSR setup after a crash on backup Routing Engine. NSR starts un-replicating the socket since backup Routing Engine is no longer present. Massive unreplicated request leads to memory buffer getting full with multiple BGP sessions (e.g., 20 BGP peers). Hence BGP unreplicated request returned with an error. Besides, the kernel is left with stale data. It does not allow the JSR (Juniper Socket Replication, BGP in this case) when backup RE comes up due to the stale data. BGP-NSR (Nonstop Routing) is broke under the conditions. Traffic outage will be observed after performing GRES.
1557881 Junos OS: Upon receipt of specific sequences of genuine packets destined to the device the kernel will crash and restart (vmcore) (CVE-2021-0283, CVE-2021-0284)
Product-Group=junos
A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). Please refer to https://kb.juniper.net/JSA11200 for more information.
1595649 Junos OS: Upon receipt of specific sequences of genuine packets destined to the device the kernel will crash and restart (vmcore) (CVE-2021-0283, CVE-2021-0284)
Product-Group=junos
A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). Please refer to https://kb.juniper.net/JSA11200 for more information.
PR Number Synopsis Category: OSPF routing protocol
1543147 The metric of prefixes in intra-area-prefix LSA might be changed to 65535 when the metric of one of the OSPFv3 P2P interfaces is set to 65535.
Product-Group=junos
When metric of one of the OSPFv3 p2p interfaces is set to 65535, metrics of some of prefixes in intra-area-prefixes LSA associated with p2p interface will be changed to 65535. This problem is seen only when metric of p2p interface was set to 65535. Metric value <= 65534 did not cause this problem. And problem will be seen, regardless of whether the p2p interface belongs to IPv4 or IPv6 realm. Non p2p interface is not affected by this problem.
PR Number Synopsis Category: KRT Queue issues within RPD
1542280 The KRT queue might get stuck after the Routing Engine switchover.
Product-Group=junos
On all Junos platforms with dual Routing Engines (REs), if RE switchover happens while the rpd process on backup RE (new master RE) is reading routes from kernel, some error might happen in a very rare timing condition, and the Kernel Routing Table (KRT) queue might get stuck due to this issue.
1549884 The rpd process might crash if performing multiple GRES
Product-Group=junos
On all Junos platforms with dual Routing Engines (REs), when performing multiple GRES, the rpd process might crash if RE switchover happens while the rpd process on backup RE (new master RE) is reading routes from the kernel. It is because it may not handle the route delete message correctly. As it is a timing issue, so the chance of occurrence for this issue increases in case of many routes with multiple GRES.
PR Number Synopsis Category: MPC7/8/9 chassis issues
1481879 Delay in disabling PFE might be seen on MX platforms with MPC7/8/9 and PTX series with PECHIP equipped FPCs inserted
Product-Group=junos
On MX240, MX480, MX960, MX2010, MX2020 platforms with MPC7/8/9 inserted, and PTX series with PECHIP equipped FPCs, if recovery code is triggered due to 'fatal' hardware error on the HMC, the HMC Fatal Error registers are dumped as part of the recovery code. This PR could cause delay in disabling PFE, which in turns delays traffic switch over to the redundant network interface.
PR Number Synopsis Category: ZT/YT pfe firewall software
1559174 ,Junos OS and Junos OS Evolved: MX Series with MPC10/MPC11, PTX10003, PTX10008: Line card may crash and restart when traffic is hitting a firewall filter having a term with syslog action configured (CVE-2021-0264)
Product-Group=junos
A vulnerability in the processing of traffic matching a firewall filter containing a syslog action in Juniper Networks Junos OS on MX Series with MPC10/MPC11 cards installed, PTX10003 and PTX10008 Series devices, will cause the line card to crash and restart, creating a Denial of Service (DoS). Continued receipt and processing of packets matching the firewall filter can create a sustained Denial of Service (DoS) condition. Please refer to https://kb.juniper.net/JSA11155 for more information.
PR Number Synopsis Category: Trio LU, IX, QX, MQ chip drivers, ucode & related SW
1514446 The filtering performance on some specific line cards might degrade with Junos 18.4 onwards when comparing to previous Junos release due to ucode rebalance not working
Product-Group=junos
On MX/EX92/SRX5K/T4000 platforms, if MPC 3D 16x 10GE/MPC1 ~MPC4/FPC/IOC2/FPC5 is used, some internal error might cause the filtering performance degradation and this might cause packets drop.
1550933 FPC might crash due to the errors triggered by microcode performance optimization operation in GUMEM
Product-Group=junos
The Ucode (microcode) performance measurement operation is used to monitor and assess the microcode performance on PFE, and the Ucode rebalance operation is used to instruct and optimize the microcode performance between Global Ucode Memory (GUMEM) and the Ucode memory (UMEM). Under very rare circumstances (e.g. GUMEM cache might not be flushed properly) with some specific line cards, when some errors happen on GUMEM for these Ucode operations and not be handled correctly, it might result in a CPU-HOG and FPC crash.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1501758 MAC learning request throttling mechanism could not work properly in a scale setup
Product-Group=junos
On EX92xx/MX/T/SRX platform with Trio FPCs, if scaling dynamic MAC learning happens (e.g., 10k+ MACs are learned per second), it could result in chipset hogging on FPC. Service on the affected FPC could be impacted due to this defect. The scaling dynamic MAC learning issue more likely happens if there is a loop in the system or high rate MAC learning in a Layer 2 network. The specific FPCs are as follows. EX9200-2C-8XS EX9200-32XS EX9200-40F EX9200-40F-M EX9200-40T MX-BUILTIN-FPC MS-MPC-128G MX-MPC1-3D MX-MPC1-3D-Q MX-MPC1E-3D MX-MPC1E-3D-Q MX-MPC2-3D MX-MPC2-3D-Q MX-MPC2-3D-EQ MX-MPC2E-3D MX-MPC2E-3D-Q MX-MPC2E-3D-EQ MX-MPC2E-3D-P MPC-3D-16XGE-SFPP MPCE-3D-16XGE-SFPP AS-MCC MX-MPC3E-3D MPC4E-3D-32XGE-SFPP MPC4E-3D-2CGE-8XGE T4000-FPC5-3D FPC5-LSR SRX5K-SPC-4-15-320 SRX5K-MPC
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1462219 CCL: LAG traffic load balance on failed child links more than 6% among child link (18.2X75-D50.6/.8)
Product-Group=junos
The amount of LAG load balancing traffic going through each member link may deviate more than 6%. This issue is introduced by the fix for PR1435322.
PR Number Synopsis Category: Virtual Private LAN Services
1522607 Unexpected VPLS packet loss might happen when MPLS LSP is implemented
Product-Group=junos
On all Junos platforms, within Multiprotocol Label Switching (MPLS) label-switched path (LSP) environment and Label Distribution Protocol (LDP) enabled as signaling layer, label switched interface (LSI) for virtual private LAN service (VPLS) might be up when VPLS pseudowire is inactive. In the end, unexpected packet loss will happen.
 

19.3R2-S7 - List of Known issues

PR Number Synopsis Category: Border Gateway Protocol
1488984 High CPU utilization by BGP I/O thread on master RE might be seen if NSR is enabled on a large-scale BGP setup
Product-Group=junos
On all platforms with a large-scale BGP setup (e.g. advertising 300K routes over 500 BGP peers), high CPU utilization (close to 100%) by BGP I/O thread on master RE might be seen for a couple of minutes (like 10 minutes), which may lead to dramatic performance degradation and even traffic loss if NSR is enabled while there is a lot of advertisements and the backup RE is busy (performing "clear bgp neighbor all" on the RR can achieve this).
PR Number Synopsis Category: EA chip ( MQSS SW issues )
1503705 Traffic blackhole due to not disable-pfe in case of FO/WO checksum errors
Product-Group=junos
On MX platforms with MPC7/8/9/10/11, MX204/10K, EX92 or SRX5k with IOC4, in many cases, other CMERRORs will be invoked as well and Major Alarms will perform disable-pfe action. However, in some cases of FO/WO errors, this does not happen. The fix is to create a new CMERROR if the Packet Error count of 255 is active for 3 consecutive polling periods to cover the condition with operational impact, but no other CMERROR events have caught this event.
PR Number Synopsis Category: EVPN control plane issues
1600310 [evpn_vxlan] [evpn_instance] : mx960 ::JUNOS:JDI_FT_REGRESSION::VMX:Bridge mac-table learning entries are not as expected for EVPN-VXLAN-1 routing instance
Product-Group=junos
 
PR Number Synopsis Category: Fast Ethernet interfaces
1436327 The control logical interface is not created along with physical interface by default on MX/EX/SRX
Product-Group=junos
The control logical interface (IFL unit is 16386) is not created along with physical interface (ge/xe/et) by default on MX/EX/SRX if IFL is not configured explicitly. This could lead the protocol (e.g. LLDP) using the control logical interface not working.
PR Number Synopsis Category: lldp sw on MX platform
1569312 Junos OS and Junos OS Evolved: LLDP Out-of-Bounds Read vulnerability in l2cpd (CVE-2021-0277)
Product-Group=junos
An Out-of-bounds Read vulnerability in the processing of specially crafted LLDP frames by the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS), or may lead to remote code execution (RCE). Please refer to https://kb.juniper.net/JSA11181 for more information.
PR Number Synopsis Category: vMX Data Plane Issues
1534568 Inconsistent core.python2.7.mpc0 core file is seen with stacktrace @ea_wi_precl,@ea_macsec_receive.
Product-Group=junos
Inconsistent core.python2.7.mpc0 core is seen with stacktrace @ea_wi_precl,@ea_macsec_receive()
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1534455 Some routes might get incorrectly programmed in the forwarding table in the kernel which is no longer present in rpd.
Product-Group=junos
In a scaled routes scenario, if there is any route change operation when the system is under memory pressure, the rpd might change a route entry but the same is not conveyed to the kernel. This causes a mismatch between routes in rpd and kernel leading to traffic blackhole for the mismatched route entries that are incorrectly programmed in the kernel.
PR Number Synopsis Category: Resource Reservation Protocol
1495746 The rpd process generates core file on the backup Routing Engine.
Product-Group=junos
On the backup RE, when previous hop for P2MP LSP is not created, p2mp structures corresponding to this entity are freed. During this removal process, RPD crashes due to some condition failure in one of p2mp structures. This issue only happens on the backup RE and no service impact would be seen.
PR Number Synopsis Category: Trio LU, IX, QX, MQ chip drivers, ucode & related SW
1568072 Reclassify the severity of the CMERROR "XMCHIP_CMERROR_DDRIF_PROTECT_WR_RD_SRAM_RUNN_CHKSUM" from major to minor
Product-Group=junos
On the MX/EX92xx/SRX platforms with XM chipset based line card installed, when the line card experiences the CMERROR "XMCHIP_CMERROR_DDRIF_PROTECT_WR_RD_SRAM_RUNN_CHKSUM", the disable-pfe action will be involved. This issue will cause the PFE to be disabled and traffic lost.
 
Modification History:
First publication 2021-09-02
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search