Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

20.4R2-S2: Software Release Notification for JUNOS Software Version 20.4R2-S2

0

0

Article ID: TSB18161 TECHNICAL_BULLETINS Last Updated: 03 Sep 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 20.4R2-S2 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Risk Risk Description
Low/Notification - No defined time impact to take action Software Release Notification
Impact Impact Description
Medium - Risk of service interruption Software Release Notification

Solution:

Junos Software service Release version 20.4R2-S2 is now available.

20.4R2-S2 - List of Fixed issues

PR Number Synopsis Category: "agentd" software daemon
1587956 The na-grpc process crash might be seen and existing telemetry connections will be disconnected
Product-Group=junos
On all Junos and EVO platforms, when there is a congestion on the link where telemetry streams are connected, then in a race conditions, there can be na-grpcd core and telemetry service will be impacted as na-grpcd will take a minute to come back online.
1590432 Non zero values might be displayed against the drop field in ?show network-agent statistics? CLI post switchover scenarios.
Product-Group=junos
In case of switchover scenarios, if the collector which was connected to older master, tries to connect to new master immediately, non-zero values could be seen in drops field for ?show network-agent statistics? CLI. These are not actual packet drops. Each packet sent as part of streaming data would contain a header which would have a meta information of the packet contents. One such field in the header indicates the current packets sequence number. This is a monotonically increasing number for each packet from a producer of telemetry data. During switchover cases, collectors may receive initial packets with a higher sequence number which could get reset to 0 after sometime. Due to this pattern, the cli would show non zero values against drops field. Note: These are not actual packet drops and there is no functionality impact. However it is not expected to see further increase in this value shown against the drops field.
PR Number Synopsis Category: Border Gateway Protocol
1592550 The traffic might get blackholed or forwarded through not-best path in BGP setup
Product-Group=junos
On all Junos and EVO platforms, the traffic might get blackholed or forwarded through not-best path when an iBGP route (that by default uses indirect nexthop) is forced to use 'discard' (or some other non-indirect) nexthop through policy by matching some specific BGP attribute (example, a specific community) and later when the iBGP route is updated (for example, remove the specific community) so that it transitions to use indirect nexthop.
PR Number Synopsis Category: Enhanced Broadband Edge support for cos
1591533 If the COS CR-features used by VBF service is configured, MPC may crash with subscriber
Product-Group=junos
On MX platforms with Next Generation Subscriber Management (Tomcat) enabled, if the COS CR-features (Classifier/Rewrite/Frag-map) are used by the VBF (Variable Based Flow) service, the MPC might crash in a rare case. The specific trigger is not known as this issue cannot be able to replicate.
PR Number Synopsis Category: QFX Access Control related
1594224 Clients authentication failure might occur due to dot1x daemon memory leak
Product-Group=junos
On all Junos platforms supporting dot1x daemon, when the switchover is performed in a VC (Virtual Chassis) with two members might cause dot1x daemon memory leak, as a result when memory consumption is high (~75 to 90 percent), it might lead to clients authentication failure.
PR Number Synopsis Category: Alias for DHCP issue on DNX based platform.
1605854 DHCP relay is not working in routing-instance.
Product-Group=junos
DHCP packet from server over mpls is not forwarded to client
1608125 DHCP packets may not be relayed on the ACX710/ACX5448 platforms
Product-Group=junos
On the ACX710/ACX5448 platforms, if the option "no-snoop" is configured under dhcp-relay, DHCP packets may not be relayed after PFE restarts or system reboots.
PR Number Synopsis Category: VPWS, L2 CKT, EVPN-VPWS
1603534 MACsec traffic over L2circuit might not work on ACX5448 and ACX710 platforms
Product-Group=junos
On ACX5448 and ACX710 platforms, MACsec over L2circuit connections might not work and hence the traffic might not flow between the MACsec interfaces.
PR Number Synopsis Category: SNMP, mib2d issues
1585409 SNMP query timeout failure might be observed on EVO platforms
Product-Group=junos
On all EVO based platforms, the SNMP polling failures timeout might be observed when the number of outstanding requests to any subagent (mib2d, snmpd-subagent) reaches 500. This will impact the snmp polling functionality.
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1591264 Traffic loss might be seen under EVPN-VxLAN scenario when MAC-IP moves from one CE interface to another
Product-Group=junos
On all Junos/Junos Evolved platforms with EVPN-VxLAN scenario, the number of MAC-IP binding counters may reach the limit when MAC-IP is moved between interfaces. Since MAC-IP counters are not decremented when entry is deleted due to this defect, repeated moves will result in a limit (default value is 1024) that will be reached even though there are fewer entries. Meanwhile, traffic loss could be seen.
PR Number Synopsis Category: Express PFE including evpn, vxlan
1572876 DCPFE/FPC crash may be observed on the QFX10000 series platforms if ARP MAC move happens
Product-Group=junos
On the QFX10000 series platforms with EVPN-VXLAN setup, ARP MAC move between local side and remote side or moving from a MAC-VRF table to the default switch table may cause DCPFE/FPC to crash.
PR Number Synopsis Category: SRX1500 platform software
1546132 SRX1500 reports fans running at over speed.
Product-Group=junosvae
SRX1500 may report intermittent cosmetic fan alarms.
PR Number Synopsis Category: Kernel software for AE/AS/Container
1592456 RE kernel might crash due to IFL of aggregated interface adding failure in Junos kernel
Product-Group=junos
In a rare case, the logical interface (IFL) of aggregated interface (e.g., AE, RLT, RVT, AF, AMS, RLSQ interface etc.) might fail to be added to Junos kernel. In this case, the RE kernel might crash with vmcore file generated. The IFL of aggregated interface adding failure in Junos kernel could happen in cases like failure of multicast filter list initialization or DCD sending an invalid vlan-id or memory allocation error etc.
PR Number Synopsis Category: Integrated Routing & Bridging (IRB) module
1567723 MAC addresses might not be relearned successfully after MAC address age timeout
Product-Group=junos
On all L2NG platforms, MAC address entries might be smaller in the MAC table than in the ARP table, this because some of MAC addresses are not relearned successfully after MAC address age timeout. This issue will cause traffic loss for non-existing MAC entries.
PR Number Synopsis Category: jdhcpd daemon
1575740 The DHCP client will be offline for 120 seconds after sending the DHCPINFORM message in the DHCP relay scenario
Product-Group=junos
In a Juniper device acting as DHCP relay scenario, if the DHCP clients are attempting the DHCPINFORM message to DHCP server to obtain an additional configuration state that was not present in their lease binding, an internal temporary client entry will be created in the DHCP relay. If the DHCP relay is not able to properly process the DHCP ACK message from the DHCP server, the subsequent DHCPDISCOVER messages sent from the DHCP client will be dropped by the DHCP relay for 120 seconds.
PR Number Synopsis Category: Adresses NAT/NATLIB issues found in JSF
1577922 Services NAT mappings and sessions are incorrect while checking the SIP sessions from public to private and RTP from private to public.
Product-Group=junos
When SIP control session is sent from public to private and RTP session is sent from private to public, this results in RTP session failure. During the issue we see mismatch of NAT IP between APP & EIM entries and the NAT IP port shown in session output. SIP control and data traffic would get affected because of this issue.
PR Number Synopsis Category: Flow Module
1584299 Unexpected traffic drop happens if both PMI and flexible-vlan-tagging are implemented
Product-Group=junos
On SRX platforms, PowerMode IPsec (PMI) and flexible-vlan-tagging on Aggregated Ethernet (AE) interface could not be implemented at the same time. It could cause IPsec traffic drop if both PMI and flexible-vlan-tagging are enabled.
PR Number Synopsis Category: Firewall Policy
1579425 High CPU usage might be seen on some SRX platforms
Product-Group=junos
On SRX300/320/340/345/380/550M platforms with Advanced Anti-Malware (AAMW) enabled, high CPU spike might be observed. This issue might cause device performance degradation.
PR Number Synopsis Category: IPSEC/IKE VPN
1574717 IKEv2 soft-lifetime timer might expire later than expected time
Product-Group=junos
On SRX-Series devices running new-iked, the soft-lifetime timer might expire later than expected time.
1604039 Tail drops might occur on SRX Series devices if shaping-rate is configured on st-interface
Product-Group=junos
On the branch SRX platforms, if shaping-rate is set on the st-interface, the maximum traffic rate might not reach shaping-rate, or there might be tail drops during traffic burst.
PR Number Synopsis Category: For multicast snooping on MX
1583207 With IGMP snooping implemented, there is unexpected jitter issue that could cause traffic loss
Product-Group=junos
On all Junos platforms running 19.4R1 onward, with IGMP snooping implemented, there is unexpected more than 1 second for network convergence. The reason of the issue is that multicast route is not installed into Kernel Routing table (KRT) and synchronized efficiently. This issue could cause jitter problem and initial traffic loss. Please refer to Workaround to avoid this issue.
PR Number Synopsis Category: Interface related ISSU PRs on Mx-series
1480212 FPC may crash after performing ISSU on the device which equips the type of 3D 20x 1GE MIC
Product-Group=junos
On the MX platforms with the type of 3D 20x 1GE MIC installed, after performing ISSU (In-Service Software Upgrade), the FPC equipping the MIC may crash and interfaces stay down. Due to this issue, the traffic on the MIC will be impacted.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1551193 VM might crash if file is shared between host operating system and guest operating system using virtFS
Product-Group=junos
On Virtual Machines (VM) based platforms running Junos images, file might not be shared between host operating system and guest operating system via Virtual Filesystem (virtFS). When this issue happens, device might be restarted.
1563647 Memory corruption of any binary in /usr/bin/ or /usr/sbin/ may be triggered when a recovery snapshot is being copied to the OAM volume or system while it's in heavily stressed condition.
Product-Group=junos
Memory corruption of a binary from /usr/bin/ or /usr/sbin/ directory can occur if such binary is invoked when a recovery snapshot creation is in progress. The exact symptoms will be different depending on the exact binary and JUNOS version - some programs will show an error, and some programs will crash every time it is executed. Such memory corruption will be persistent until the affected Routing Engine is restarted. Please refer to TSB17954 (https://kb.juniper.net/TSB17954) for further details. In addition to recovery snapshot, a device reboot could also be a possible trigger when the system is under heavier read operations across the mounted packages.
PR Number Synopsis Category: TCP/UDP transport layer
1595649 Junos OS: Upon receipt of specific sequences of genuine packets destined to the device the kernel will crash and restart (vmcore) (CVE-2021-0283, CVE-2021-0284)
Product-Group=junos
A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). Please refer to https://kb.juniper.net/JSA11200 for more information.
PR Number Synopsis Category: Express Chip L3 software
1593244 BFD session might flap during RE switchover
Product-Group=junos
On QFX10K platforms with GRES/NSR enabled, BFD session might flap during RE switchover. This issue has service impact.
PR Number Synopsis Category: vMX Platform Infrastructure related issue tracking
1604554 Interface hold-time up does not work on vMX/MX150
Product-Group=junos
On vMX/MX150, when hold-up time is configured on an interface, if the interface goes from down to up, the up hold-time timer is triggered. But hold-time up does not work as the interface comes up immediately even the timer still does not expire.
PR Number Synopsis Category: PTP related issues.
1587990 PTP may get stuck and not function properly on ACX710 in a certain condition
Product-Group=junos
On ACX710 platforms, TSU access may fail sometimes which leads to PTP functionality that will not work on the box.
PR Number Synopsis Category: QFX access control list
1606256 Multicast streams may stop flooding in VXLAN setup
Product-Group=junos
In VXLAN with multicast used scenario, multicast traffic might not get flooded if the multicast IP is in one of the IP range (224.0.0.32 - 224.0.0.255). This is because a newly introduced dynamic filter only works for non-VxLAN traffic.
PR Number Synopsis Category: QFX L2 PFE
1580352 DHCP packets might be dropped if dynamic filter 'dyn-dhcpv4_v6_trap' is applied on the interface
Product-Group=junos
DHCP packets might be dropped when dynamic filter 'dyn-dhcpv4_v6_trap' is applied and software-based learning CLI is enabled on the interface.
1602914 Traffic drop might be observed on QFX5K platforms in virtual chassis scenario when firewall filter is configured
Product-Group=junos
On QFX5k platforms in the Virtual chassis scenario, when the firewall filter is applied over the AE interface and AE is having only one child member from FPC0 and there are no child members from FPC1, all the packets flowing through backup FPC will be dropped.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1579736 The dcpfe process might crash when any interface flaps.
Product-Group=junosvae
On QFX5k switches, the dcpfe process might crash in some rare case when there is any interface flap.
PR Number Synopsis Category: QFX EVPN / VxLAN
1595197 The re-installation of the Type-5 tunnels might fail in the EVPN-VXLAN scenario
Product-Group=junos
On QFX5110/QFX5120 platforms running EVPN-VXLAN (Ethernet Virtual Private Network - Virtual Extensible LAN), with type-2 and type-5 tunnels go to the same destination, the re-installation of the Type-5 tunnels will fail after any trigger causing the above tunnels reprogramming (e.g. clear BGP, interface flap). The issue results in traffic drop for the Type-5 tunnels.
1601949 On QFX5120-48y-8c, dc-pfe core observed while issuing "show pfe vxlan nh-usage" in ERB EMC scenario with ~6000 ARP entries
Product-Group=junos
dc-pfe core observed while issuing "show pfe vxlan nh-usage", if there are any VTEP tunnels reachable through unilist.
1604393 Duplicate packets may be seen during bringing up all the interfaces on the spine switch
Product-Group=junos
On the QFX5K platforms with EVPN-VxLAN configured, duplicate packets will be seen during bringing down and bringing up all the interfaces on the spine switch where type-2 and type-5 tunnels are established. This issue will persist for a short period until the spine installs the type-2 VTEP (VxLAN Tunnel End Point) towards the leaves.
PR Number Synopsis Category: RPD policy options
1565629 The rpd might crash when the deletion of routing table occurs
Product-Group=junos
The rpd might crash when the deletion of routing table occurs.
PR Number Synopsis Category: SW PRs for SCBE3 fabric
1602080 A few line cards might not come up online with increased-bandwidth mode
Product-Group=junos
On MX platforms with multiple MPC2E NG /3E NG/MPCE type 3 3D installed and working in redundant mode (some line cards just working as spare role), if change the mode from "redundant" to "increased-bandwidth"(all line cards should be online without any spare role), one of the previous spare line cards might not get online and stay in check status. That might cause traffic loss or performance degradation.
PR Number Synopsis Category: VSRX platform software
1564117 Fabric probe packets might be processed incorrectly when power-mode-ipsec (PMI) is enabled
Product-Group=junos
On SRX-Series devices with PMI enabled, the fabric probe packets used by HA (High-availability) control plane might be processed incorrectly.
PR Number Synopsis Category: usf nat related issues
1598017 ALG traffic might be dropped
Product-Group=junos
On SRX-Series devices, ALG traffic might be dropped when incoming packet contains "HTTP/" and "rn" characters in data or NAT slipstream packets.
 

20.4R2-S2 - List of Known issues

PR Number Synopsis Category: EX2300/3400 platform
1609792 40G DAC links are not getting in down state during kernel crash in EX3400
Product-Group=junos
On EX3400 during kernel crash, 40G DAC links will not be in disabled state. As result high availability will be impacted.
PR Number Synopsis Category: QFX PFE CoS
1568333 Traffic might be dropped by destination device
Product-Group=junos
On QFX5120/EX4400/EX4650 platforms, if the switch is acting as a routing transit device, and if the value of the IPv4 header checksum is 0xffff in the ingress traffic, the checksum of the IPv4 header will not be recalculated even though the TTL (time to live) value has been reduced. This will most likely lead to traffic being dropped by the next transit-device or the destination-device due to the bad checksum.
PR Number Synopsis Category: Application Quality of Experience
1599191 The flowd process might crash in AppQoE scenarios
Product-Group=junos
On SRX Series devices or NFX Series devices with AppQoE (Application Quality of Experience) configured, in a race condition that a data session is destroyed but passive probing for that session is occurring concurrently, the flowd process might crash.
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1572577 The BFD session of DHCP subscriber does not come up on the MPC2E card and gets stuck in the "Down" state
Product-Group=junos
On all Junos platforms with MPC2E line cards, when DHCP client is configured with BFD, the BFD session of DHCP subscriber may not come up and gets stuck in the "Down" state.
PR Number Synopsis Category: Alias for DHCP issue on DNX based platform.
1590225 ACX5448/710 platforms running DHCP relay will not process packets arriving over MPLS with an explicit null label
Product-Group=junos
ACX5448/710 platforms running DHCP relay will not process packets received from the DHCP server if they arrive over MPLS with an explicit null label. Hence the DHCP reply packet from the server is not reaching the client.
PR Number Synopsis Category: EA chip ( MQSS SW issues )
1551353 The Packet Forwarding Engine might get disabled when major CMERROR occurs due to the parity errors
Product-Group=junos
On MX/EX92xx platforms, the PFE (packet forwarding engine) might get disabled when the major CMERROR occurs due to the parity error in the DRD memory block's SRAM. This PR re-classified these errors "Minor" to avoid the "disable-pfe" action and the operational outage.
PR Number Synopsis Category: EVPN control plane issues
1597300 Traffic loss might be seen if AE bundle interface with ESI is disabled on master RE followed by a RE switchover
Product-Group=junos
On all Junos platforms traffic loss might be seen if AE bundle interface with ESI is disabled on master RE followed by a RE switchover.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1597391 The MAC/IP withdraw route may be suppressed by rpd in the EVPN-VxLAN scenario
Product-Group=junos
On all Junos and Junos Evolved platforms with EVPN-VxLAN environment, when MAC/IP is moved from one Ethernet segment identifier (ESI) to another ESI from the same peer, the MAC/IP withdraw route may not be sent to the remote Virtual Tunnel End Point (VTEP), only MAC withdraw route is sent to the remote VTEP.
PR Number Synopsis Category: Microkernel for neo mpc
1538131 JDI-RCT:M/Mx: NPC crashed @ cmtfpc_mic_neo_state_check (mic_env=< optimized out>, mic_slot=< optimized out>) at ../../../../src/pfe/common/applications/cmt/jam/cmtfpc_pic_npc_jam.c:4808
Product-Group=junos
This issue is due to Thread hogging for 2.5s after ISR registration during ISSU done phase causing a core at FPC. FPC will get rebooted with ISR registration again during normal init. This issue is specific to "3D 20x 1GE(LAN)-E,SFP" and "3D 20x 1GE(LAN)-EH,SFP" MIC types.
PR Number Synopsis Category: Path computation client daemon
1472051 PCC tries to send a report to PCE but the connection between PCC and PCE is not in the up state especially in the case of MBB in PCE provisioned or controlled LSP.
Product-Group=junos
The pccd core and PCEP (Path Computation Element Protocol) session flaps might be seen when PCC (Path Computation Client) tries to send a report to PCE but the connection between PCC and PCE is not in UP state. It might also cause rpd core. This issue might happen in MBB (Make-before-break) cases in PCE provisioned/controlled LSP or doing ISSU upgrade operation.
PR Number Synopsis Category: vMX Data Plane Issues
1534568 Inconsistent core.python2.7.mpc0 core file is seen with stacktrace @ea_wi_precl,@ea_macsec_receive.
Product-Group=junos
Inconsistent core.python2.7.mpc0 core is seen with stacktrace @ea_wi_precl,@ea_macsec_receive()
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1587609 Packet DMA memory leak might be seen in EVPN-VXLAN scenario after receiving some packets
Product-Group=junos
On QFX platforms, in EVPN-VXLAN scenario, packet DMA memory leak might be seen after receiving some packets. When the leak is up to 99%, it will cause protocols to stop working.
PR Number Synopsis Category: QFX EVPN / VxLAN
1570689 Unexpected multicast traffic streams after enabling EVPN is observed.
Product-Group=junos
BUM traffic replication over VTEP is sending out more packets than expected and there seems to be a loop also in the topology.
PR Number Synopsis Category: QFX5100 Interface related issues
1555741 The Virtual Chassis Port (VCP) might not come up after upgrading to 18.4R2-S4 or later releases on EX4600 or QFX5100 platform
Product-Group=junos
In EX4600 or QFX5100 with the Virtual Chassis (VC) scenario, if the QSFP+-40G-LR4/LX4/BXSR is used as the Virtual Chassis Port (VCP), it might come up against the optical signal strength issue accidentally after upgrading to 18.4R2-S4 or later releases. Then the VCP might be brought down by the physical port driver randomly and not come up again. The functionality of VC or the Virtual Chassis Fabric (VCF) might be impacted.
 
Modification History:
First Publication 2021-09-02
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search