Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

21.1R2-S1: Software Release Notification for JUNOS Software Version 21.1R2-S1



Article ID: TSB18166 TECHNICAL_BULLETINS Last Updated: 20 Sep 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
Alert Description:
Junos Software Service Release version 21.1R2-S1 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Risk Risk Description
Medium - Action required within next six months Software Release Notification
Impact Impact Description
Medium - Risk of service interruption Software Release Notification


Junos Software service Release version 21.1R2-S1 is now available.

21.1R2-S1 - List of Fixed issues

PR Number Synopsis Category: Marvell based EX PFE ACL
1611480 The fxpc process might crash and generate core
On EX4600/QFX5K platforms, the fxpc process might crash and generate core when router-advertisement-guard is configured under DHCP (Dynamic Host Configuration Protocol) forwarding-options.
PR Number Synopsis Category: NFX Layer 3 Features Software
1599643 The flowd interfaces are not appearing and srxpfe crash might be seen on NFX-3 with flex mode
On NFX-3 when Flex mode is enabled, L3/flowd interfaces are not appearing and srxpfe crash/core file might be seen.
PR Number Synopsis Category: BBE OS Infrastructure library
1601203 AUTO-CORE-PR : JDI KM REGRESSION : BBE-SMGD core found @ bbe_dequeue_and_deliver bbe_process_work_queues bbe_smd_main_post_dispatch
In rare occurrence of pthread lock failure of work queue, bbe-smgd can core, it should recover by itself.
PR Number Synopsis Category: Device Configuration Daemon
1591032 The dcd process crash might be observed after removing AE IFL from the targeted distribution database
On the MX platforms, the dcd internal data structure of the distribution bundle might get corrupt after removing the AE IFL (logical interface) of members of a targeted IFLset (logical interface set) from the targeted distribution database. Later the dcd process will crash when it accesses the corrupted entry.
PR Number Synopsis Category: EX4400 platform
1603602 NSSU performed with MACsec configuration might result in fxpc core
On EX4300-MP, EX4400 and NFX350 platforms, when NSSU (Nonstop Software Upgrade) is performed with a VC (Virtual Chassis) setup and MACsec (Media Access Control Security) configuration, the fxpc might core in the backup RE, which in-turn could lead to NSSU failure and traffic impact in the cored FPC (Flexible PIC Concentrator).
PR Number Synopsis Category: idp flow creation, deletion,notification, session mgr intfce
1614013 High RE CPU usage occurs when routing-instance is configured under security idp security-package hierarchy level
On all SRX Series devices, when routing-instance is configured under security idp security-package hierarchy level, several unexpected situations might occur, such as High Routing Engine (RE) CPU usage caused by the idpd process, the idpd process crash, IDP security-package update failure.
PR Number Synopsis Category: Adresses ALG issues found in JSF
1598017 ALG traffic might be dropped
On SRX-Series devices, ALG traffic might be dropped when incoming packet contains "HTTP/" and "rn" characters in data or NAT slipstream packets.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1602005 Upgrade might fail when upgrading from legacy release
On all platforms (For SRX, only SRX5k with RE-1800x4) while directly upgrading from Junos with FreeBSD 6 (e.g. 15.1X49 or before) to the affected releases, the system will check the USB connection. The upgrading will fail if there is no USB device detected during the upgrading process.
PR Number Synopsis Category: ZT/YT pfe firewall software
1589619 JDI-RCT : MPC11 : AFTD crashed at dfw_term_dictionary_get_next (term=0x0, dfw=0x7f1431da34c0) at ../../../../../src/pfe/common/applications/dfw/dfw_term.c:1460
As part of filter configuration, at PFE the out-of-order scenario corner case validation was not handled. Due to this, we might see a core that will restart FPC will interrupt the data path for the interfaces belongs to restarting FPC till it comes online.
PR Number Synopsis Category: PTX/QFX10002/8/16 specific software components
1603453 Packet loss might be seen on filter based GRE deployments
On some PTX/QFX platforms, when firewall-filter based IPv4 GRE (Generic Routing Encapsulation) tunneling is configured and the firewall-filter is attached in the outbound direction, encapsulation might not happen and could result in packet loss.
PR Number Synopsis Category: usf nat related issues
1601890 Traffic might be dropped at NAT gateway if EIM is enabled
With Network Address Translation (NAT) and Endpoint-independent Mapping (EIM) enabled, traffic unsupported by EIM might not be translated due to packets injected back to NAT gateway. When this issue happens, EIM unsupported traffic could be dropped. Also, the issue could cause looping at NAT gateway. In the end, looping occurred at NAT gateway affects device performance.

21.1R2-S1 - List of Known issues

PR Number Synopsis Category: NFX Layer 3 Features Software
1589655 NFX150 :: JDI_REGRESSION_SWITCHING_Porter:: :: Observed srxpfe core with VNF configs on NFX at rte_eal_init ,tvp_dpdk_eal_init,tvp_dpdk_eal_init,hardware_heap_init,hardware_basic_init.
Coredump might happen in the first boot on NFX250 run in compute mode and configure VNF with more than 2G memory.
PR Number Synopsis Category: Interface Information Display
1611623 SRX1500: Traffic fail seen on irb interface for network control forwarding class when verifying dscp classification based on single and multiple code-points
Traffic drop might be seen on irb interface on SRX1500 for network control forwarding class when verifying dscp classification based on single and multiple code-points.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1596483 Mcscnoopd might crash during deleting/adding layer-2 forwarding configuration after performing ISSU
In layer-2 forwarding configuration with ISSU scenario, Gencfg provides a generic way for applications to store interface state information (blobs) which needs to be sent to PFE/PIC/REs/daemons. In some rare cases, after performing ISSU, the Gencfg key (handed/generated by the kernel, a kind of layer-2 token) info might be inconsistent between the l2ald and master/backup kernel due to the state sync issue, then the Gencfg might send the blobs with this wrong key to the kernel during adding/deleting the layer-2 forwarding configuration. Then the kernel might return the wrong messages (e.g. next-hop lookup) to mcsnoopd, this will cause mcsnoopd to crash, the services/functions based on multicast will be impacted.
PR Number Synopsis Category: Label Distribution Protocol
1609559 LDP P2MP traffic may be interrupted post GRES
On MX104 platforms in NG-MVPN with LDP P2MP LSP enabled scenario, before GRES, NG-MVPN with Type-3 route may not be replicated while mirroring the tunnel information from master to backup RE, after GRES, the Type-3 route will be missing in the new master RE. This will affect the LDP P2MP traffic flow.
PR Number Synopsis Category: Express Chip L3 software
1590387 [isis] [ISIS] ptx5000 : :: PROTOCOLS:VPTX:ISIS adjacency is not coming up through CCC L2Circuit
ISIS over l2circuit will not come up if the encapsulation is TCC.
PR Number Synopsis Category: QFX EVPN / VxLAN
1570689 Unexpected multicast traffic streams after enabling EVPN is observed.
BUM traffic replication over VTEP is sending out more packets than expected and there seems to be a loop also in the topology.
PR Number Synopsis Category: QFX RCB issues
1605002 On QFX10008/16 platforms the system reboot takes approximately 9 minutes for FPCs to come online after system reboot command is issued. It is about 2 minutes more than 20.4 releases.
On QFX10008/16 platforms the system reboot takes approximately 9 minutes for FPCs to come online after system reboot command is issued.
Modification History:
First publication 2021-09-20
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search