Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

21.2R1-S1: Software Release Notification for JUNOS Software Version 21.2R1-S1

0

0

Article ID: TSB18164 TECHNICAL_BULLETINS Last Updated: 13 Sep 2021Version: 2.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 21.2R1-S1 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Risk Risk Description
Low/Notification - No defined time impact to take action notification
Impact Impact Description
Low/Notification - Monitor the situation but no action needed Software Release Notification

Solution:

Junos Software service Release version 21.2R1-S1 is now available.

21.2R1-S1 - List of Fixed issues

PR Number Synopsis Category: For PRs SRX DNS DGA and tunneling related
1608669 On Branch SRX, enabling vty-level dnsf traceoptions could cause the device to crash and generate a core file
Product-Group=junos
On Branch SRX, enabling vty-level dnsf traceoptions could cause the device to crash and generate a core file
PR Number Synopsis Category: MPC Fusion SW
1602939 The PFE might be disabled by a detected major CMERROR event while ungracefully removing the MIC from MPC2E-3D-NG/MPC3E--3D-NG
Product-Group=junos
On MPC2E-3D-NG/MPC3E--3D-NG with the certain chipset based MIC (like 20x1G MIC and 2x10G MIC), the PFE may be disabled while ungracefully removing the MIC from the MPC (e.g. without taking the MIC offline from CLI or with a MIC button).
PR Number Synopsis Category: BGP Segment Routing
1599446 NSR switchover performed with BGP SR-TE tunnels might lead to rpd core
Product-Group=junos
On all Junos and Junos Evo platforms that support BGP SR-TE (Segment Routing - Traffic Engineering) LSPs (Label Swithced Path), restarting the rpd in the master RE and subsequently performing NSR switchover before the BGP SR-TE tunnel routes syncs up between the master and backup RE, might result in rpd core in the backup RE, which in-turn might lead to loss of traffic over the BGP SR-TE tunnels.
PR Number Synopsis Category: Class of Service
1603909 802.1p rewrite policies might not have any effect if the rewrite is tied to CCC interfaces
Product-Group=junos
On the MX platform with trio-based line cards, the Class of Service rewrite policy might not work if the rewrite-rules is tied to CCC interfaces.
PR Number Synopsis Category: Class of service in forwarding daemon
1599857 Traffic loss might be observed if per-unit-scheduler is configured on AE interface
Product-Group=junos
On all Junos platforms with per-unit-scheduler support, when per-unit-scheduler is configured on AE interface, after cosd restart or NSR switchover, unbind/bind of scheduler over child interface of AE might occur. In NSR switchover scenario, traffic loss may be seen.
PR Number Synopsis Category: Device Configuration Daemon
1602656 The AE interface might flap upon configuration changes
Product-Group=junos
On Junos Fusion system with MX/EX as Aggregation Devices, the 100G AE interfaces might flap upon unrelated configuration changes.
PR Number Synopsis Category: Alias for DHCP issue on DNX based platform.
1605854 ACX5448/710 platforms running DHCP relay will not process packets arriving over MPLS
Product-Group=junos
ACX5448/710 platforms running DHCPv4 relay will not process packets received from the DHCP server if they arrive over MPLS core. Hence the DHCP reply packet from the server is not reaching the client.
PR Number Synopsis Category: Gnats category for dynamic rendering infrastructure
1520977 With Muliservices Scaled config and Junos Telemetry Interface monitoring running after routing-restart, protocols/Services remains down and RPD doesnt respond/recover.
Product-Group=junos
With Junos Telemetry Interface monitoring, the RPD process may be non-responsive after a restart in scaled scenarios with Junos Telemetry Interface monitoring is enabled using an asymmetric number of IPv4 and IPv6 addresses configurations.
PR Number Synopsis Category: Sflow on qfx10k/ptx series PRs for defect & enhancement req
1598263 [sflow] [sflow_sample] PTX1000 :sflow: Sflow data (inner vlan and outer vlan value, forwarding-class, DSCP value) is not exported while checking from server flow-records at the collector for Ingress Sampling.
Product-Group=junos
Sflow Ingress sampling with ECMP export is not working due to TAL request failure for both single and double VLAN tagged traffic. Works fine without ECMP.
PR Number Synopsis Category: Express PFE including evpn, vxlan
1572876 DCPFE/FPC crash may be observed on the QFX10000 series platforms if ARP MAC move happens
Product-Group=junos
On the QFX10000 series platforms with EVPN-VXLAN setup, ARP MAC move between local side and remote side or moving from a MAC-VRF table to the default switch table may cause DCPFE/FPC to crash.
PR Number Synopsis Category: Express ASIC interface
1606008 Link flaps might be observed momentarily on PTX5000 platforms
Product-Group=junos
On PTX5000 platforms with QSFP-100GBASE-LR4 optics, after a software upgrade, link flaps might be observed momentarily due to a firmware upgrade issue. This issue might cause traffic impact.
PR Number Synopsis Category: idp flow creation, deletion,notification, session mgr intfce
1610706 The flowd/srxpfe process might crash when IDP is used on Junos OS Release 21.2R1
Product-Group=junos
On all SRX Series devices running on Junos OS Release 21.2R1, there is a chance of flowd/srxpfe core when IDP processes traffic on non-standard ports with no application classification is available.
PR Number Synopsis Category: Firewall Policy
1539980 The dns-name can't be resolved if customer-defined routing instance is configured under name-server
Product-Group=junos
On all SRX platforms, dns-name entries in policies might not be resolved if the routing instance is configured under a system name server.
PR Number Synopsis Category: MPC11 ULC fabric software related issues.
1573972 MPC11E "AM : IPC handling" warnings can be seen in the logs
Product-Group=junos
The following messages might be seen in the logs from MPC11E line-card: Feb 9 11:35:27.357 router-re0-fpc8 aftd-trio[18040]: [Warn] AM : IPC handling - No handler found for type:27 subtype:9 There is no functional impact, these logs can be ignored.
PR Number Synopsis Category: DNS filtering on MX.
1612316 The service PICs are unable to come up when dnsf package is configured
Product-Group=junos
On MX platforms with MS-MPC/MS-PIC when dnsf package is configured, i.e., 'set chassis fpc pic adaptive-services service-package extension-provider package ', the service PICs are unable to come up.
PR Number Synopsis Category: TCP/UDP transport layer
1557881 Junos OS: Upon receipt of specific sequences of genuine packets destined to the device the kernel will crash and restart (vmcore) (CVE-2021-0283, CVE-2021-0284)
Product-Group=junos
A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). Please refer to https://kb.juniper.net/JSA11200 for more information.
1595649 Junos OS: Upon receipt of specific sequences of genuine packets destined to the device the kernel will crash and restart (vmcore) (CVE-2021-0283, CVE-2021-0284)
Product-Group=junos
A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). Please refer to https://kb.juniper.net/JSA11200 for more information.
PR Number Synopsis Category: vMX Platform Infrastructure related issue tracking
1604554 Interface hold-time up does not work on vMX/MX150
Product-Group=junos
On vMX/MX150, when hold-up time is configured on an interface, if the interface goes from down to up, the up hold-time timer is triggered. But hold-time up does not work as the interface comes up immediately even the timer still does not expire.
PR Number Synopsis Category: SRX Argon module bugs
1604773 The flowd process might crash if the DNS-inspection feature is enabled by configuring SMS policy
Product-Group=junos
On SRX branch platforms, when SMS(security metadata streaming) policy is configured under services and DNS-inspection feature is enabled under services, it will cause the flowd process crash. There will be temporary traffic interruption until the issue is restored automatically.
1607251 On SRX-Series devices, a core file may be generated when the DGA and/or DNS Tunnel detections are enabled within security-metadata-streaming
Product-Group=junos
On SRX-Series devices, a core file may be generated when the DGA and/or DNS Tunnel detections are enabled within security-metadata-streaming
PR Number Synopsis Category: ZT/YT pfe l3 forwarding issues
1596100 PFE wedge might be seen if received many IPV4 packets that need to be fragmented
Product-Group=junos
On MX platforms with MPC10E/MPC11E line cards used, if received a large number of packets which length is greater than the outgoing interface MTU, the Packet Forwarding Engine (PFE) might get wedged when performing IPv4 packet fragmentation at the high traffic rate. The traffic flow through this PFE will be affected.
PR Number Synopsis Category: Trio LU, IX, QX, MQ chip drivers, ucode & related SW
1547240 HEAP malloc(0) detected! errors may be seen when adaptive load-balancing is configured on a LAG
Product-Group=junos
"HEAP malloc(0) detected!" errors may be seen when a LAG with adaptive load-balancing is created/deleted. There is no functional impact.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1599641 The mustd process may crash with multiple cores due to memory issue on NFX devices
Product-Group=junos
On NFX platforms, when available free physical memory drops below 1.5GB, configuration commits by Junos Device Management Daemon(JDMD) may not take effect and mustd core files will be seen. This will not have any impact on the running traffic.
PR Number Synopsis Category: VSRX platform software
1601823 The FPC may not come up if the vCPU number is configured more than 5 vCPU on vSRX3.0 platforms
Product-Group=junos
On vSRX3.0 platforms with i40e SR-IOV interface on VMware, if the vCPU number is configured more than 5 vCPU, the FPC might be offline.
 

21.2R1-S1 - List of Known issues

PR Number Synopsis Category: Class of Service
1604943 IEEE 802.1 rewrite rule might not work on MPC10 linecard
Product-Group=junos
On MX platforms with MPC10 linecard, if Class-of-Service (CoS) ieee-802.1 rewrite rule is applied on Aggregated Ethernet (AE) interface with vlan-ccc encapsulation, the rewrite rule might not work as expected due to this issue.
PR Number Synopsis Category: EVPN control plane issues
1600310 [evpn_vxlan] [evpn_instance] : mx960 ::JUNOS:JDI_FT_REGRESSION::VMX:Bridge mac-table learning entries are not as expected for EVPN-VXLAN-1 routing instance
Product-Group=junos
In a scenario with EVPN-VXLAN in the Datacenter and EVPN-MPLS is in the WAN and the stitching is done with an LT interface, then the bridge mac-table learning entries are not as expected for EVPN-VXLAN routing instance. This could occur after 'restart interface-control' is issued on gateways.
PR Number Synopsis Category: Label Distribution Protocol
1594405 rpd core in backup RE@ in mirror_process_recvd_data_queue with mldp NSR config
Product-Group=junos
RPD may restart unexpectedly when you delete the static LDP p2mp configuration.
PR Number Synopsis Category: vMX Data Plane Issues
1534568 Inconsistent core.python2.7.mpc0 core file is seen with stacktrace @ea_wi_precl,@ea_macsec_receive.
Product-Group=junos
Inconsistent core.python2.7.mpc0 core is seen with stacktrace @ea_wi_precl,@ea_macsec_receive()
PR Number Synopsis Category: QFX EVPN / VxLAN
1560038 On the QFX5110 line of switches, the untagged traffic routed over native-vlan might be dropped.
Product-Group=junos
On QFX5110 platforms in VXLAN Layer3 Gateway scenario, untagged traffic routed over native-vlan-id interface might be dropped.
PR Number Synopsis Category: QFX5100 Interface related issues
1555741 The Virtual Chassis Port (VCP) might not come up after upgrading to 18.4R2-S4 or later releases on EX4600 or QFX5100 platform
Product-Group=junos
In EX4600 or QFX5100 with the Virtual Chassis (VC) scenario, if the QSFP+-40G-LR4/LX4/BXSR is used as the Virtual Chassis Port (VCP), it might come up against the optical signal strength issue accidentally after upgrading to 18.4R2-S4 or later releases. Then the VCP might be brought down by the physical port driver randomly and not come up again. The functionality of VC or the Virtual Chassis Fabric (VCF) might be impacted.
PR Number Synopsis Category: ZT/YT pfe l3 forwarding issues
1593335 MX2020/MX2010 : MPC11e : Enhance-Mode ISSU : Many ppe traps seen during iterative enhanced mode ISSU on DUT with scaled pseudowire headend termination config on MPC11E
Product-Group=junos
On DUT with MPC11E linecard and scaled pseudowire headend termination configs,on performing iterative enahaced mode ISSU, PPE(packet processing engine) traps and BGP peer flaps are seen. These result in transient traffic loss of several minutes on DUT. traps and protocols flaps are NOT seen in first iteration, but subsequent iterations. RE and linecards are NOT rebooted between enhanced mode ISSU iterations.
PR Number Synopsis Category: ZT/YT pfe multicast software
1586337 MX2020/MX2010 : MPC11e : Enhance-Mode ISSU : Transient traffic loss seen during iterative enhanced mode ISSU with scaled pseudowire headend termination configs on MPC11E
Product-Group=junos
In DUT with MPC11E linecard and scaled pseudowire headend termination configs, transient traffic loss is seen during iterative enhanced mode ISSU. The loss is usually seen in second or third ISSU iteration and ranges from 40-90 seconds. No traffic loss is seen in first ISSU iteration. Linecards/RE are NOT rebooted between ISSU iterations.
PR Number Synopsis Category: Trio pfe stateless firewall software
1530160 DHCP-Relay : The offer message from the server reaching the relay agent ,However not forwarded to IRB's on which clients are connected
Product-Group=junos
When the DHCP relay mode is configured as no-snoop, we are observing the offer gets dropped due to incorrect asic programing.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1520626 On the MX480 router, during the verification of GRES and NSR functionality with VXLAN feature, the convergence is not as expected L2-DOMAIN-TO-L3VXLAN.
Product-Group=junos
With GRES and NSR functionality with VXLAN feature, the convergence time may be slightly higher than expected for L2-DOMAIN-TO-L3VXLAN
PR Number Synopsis Category: usf ams related issues
1597386 Traffic might be interrupted on changing configuration from AMS warm-standby to AMS deterministic NAT
Product-Group=junos
On all MX/SRX platforms, changing configuration AMS 1:1 warm-standby to load-balance or deterministic NAT may result in vmcore and cause traffic loss.
 
Modification History:
First publication 2021-09-09
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search