Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

19.1R3-S7: Software Release Notification for JUNOS Software Version 19.1R3-S7

0

0

Article ID: TSB18189 TECHNICAL_BULLETINS Last Updated: 27 Oct 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 19.1R3-S7 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Risk Risk Description
Low/Notification - No defined time impact to take action Software Release Notification
Impact Impact Description
Low/Notification - Monitor the situation but no action needed Software Release Notification

Solution:

Junos Software service Release version 19.1R3-S7 is now available.

19.1R3-S7 - List of Fixed issues

PR Number Synopsis Category: EX4300 PFE
1601005 The VRRP packets might not be forwarded when "mac-move-limit" knob is configured
Product-Group=junos
On EX4300 platforms, if the device worked as a layer 2 transit switch between VRRP routers and the knob "mac-move-limit" is configured, the VRRP packets might not be forwarded after clearing ethernet-switching table.
1602399 Adding ae configuration without child member may cause MAC/ARP learning issues
Product-Group=junos
On EX4300 series platforms, addition of no child lag into VSTP/RSTP instance with VSTP being disabled for all other ports in the same VLAN may cause traffic loss on ports which are part of the VLAN.
PR Number Synopsis Category: EX4300 COS implementation
1608306 The dcpfe process might crash and generate core on EX4300 platform
Product-Group=junos
On EX4300 platform, the dcpfe process that handles packet forwarding might crash if the mge-* interfaces are configured with CoS (Class-of-Service) and scheduler port-speed is non-zero wile shaping rate becomes 0.
PR Number Synopsis Category: EX4300 Filters implementation
1578859 The dcpfe crash is observed on Junos QFX/EX platforms
Product-Group=junos
On Junos QFX/EX platforms, the dcpfe crash may be seen. This is due to the interface flaps that on which a large number of mac-based VLAN clients registered. When it happens, the dcpfe crash, and the PFE(Packet Forwarding Engine) will restart, then all the traffic related to the PFE may be dropped. After that, the PFE could be self-recovery.
PR Number Synopsis Category: Marvell based EX PFE ACL
1611480 The fxpc process might crash and generate core
Product-Group=junos
On EX4600/QFX5K platforms, the fxpc process might crash and generate core when router-advertisement-guard is configured under DHCP (Dynamic Host Configuration Protocol) forwarding-options.
PR Number Synopsis Category: EX2300/3400 PFE
1598346 The backup VC member may not learn mac-address on a master after removing a VLAN unit from the SP style AE interface which is part of multiple VLAN units
Product-Group=junos
On EX2300/3400/4300MP/4400 and QFX5100/5110/5200 VC platforms, if removing a VLAN unit from the SP style AE interface which is part of multiple VLAN units, the backup member might not learn mac-address on a master and start processing packet to that mac as unknown unicast. In this case, flooding will happen in the VLAN which might cause traffic loss due to the limited bandwidth.
1602003 On EX2300 VC platforms ARP might not get resolved
Product-Group=junos
On EX2300/2300MP VC platforms with 2 menbers, after adding L3 interface, on the other FPC ARP is not getting resolved, which might lead to traffic drop.
1610253 DHCP packets might be received and then returned back to DHCP relay through the same interface on EX2300/EX3400/EX4300/QFX VC platforms
Product-Group=junos
On EX2300/EX3400/EX4300/QFX Virtual Chassis (VC) platforms which are connected to Dynamic Host Configuration Protocol (DHCP) server via DHCP relay, if the interface connected with DHCP relay is located on non master node, and the interface has the knob "dhcp-security" enabled under vlan, when the DHCP packets are received via DHCP relay and then need to be send out within the affected vlan through the same interface, the DHCP packets might get returned back to DHCP relay, instead of being dropped. Due to this issue, it might lead to Media Access Control (MAC) address move on DHCP relay and therefore bring potential risk of service impact.
PR Number Synopsis Category: NFX Layer 2 Features Software
1592019 Unable to configure ports on firewall filter of NFX devices
Product-Group=junos
On NFX platforms, commit error may be seen when configuring firewall filter with destination-port and/or source-port match conditions for ethernet-switching family
PR Number Synopsis Category: Accounting Profile
1521223 Logical interface statistcs for as(aggregated sonet) are displayed double value then expected.
Product-Group=junos
On MX series with Junos 16.2 or later version, when using as(aggregated sonet) interface, logical interface statistcs for member links of as interface are displayed double value then expected
PR Number Synopsis Category: ACX GE, 10GE, PoE, IDT framers
1485465 tcpdump core dump occurred after initiating 'monitor traffic interface' command from cli.
Product-Group=junos
tcpdump is crashing when the abnormal size packet is captured in lo0 interface. This packet payload contains ifd index of xe-0/0/0 (695 in this case). This packet seems to be an error packet with huge length (1677787136 bytes). This is pointing to out of bound memory and hence tcpdump crashed while trying to access it.
PR Number Synopsis Category: BBE GRES related issues
1610476 The authd process and RADIUS might have stale L2BSA subscriber entries
Product-Group=junos
In subscriber management scenario, if JSU package for Broadband Edge Subscriber Management daemon (bbe-smgd) is installed on backup RE when it is syncing subscriber information from master then the authd process and RADIUS might have stale Layer 2 Bit Stream Access (L2BSA) subscriber entries which might cause subscribers logout and re-login.
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1516556 The remaining BFD sessions of the aggregated Ethernet interface flap continuously if one of the BFD sessions is deleted.
Product-Group=junos
On QFX10000 platforms, if multiple sub-interfaces of the same Aggregated Ethernet (AE) interface belong to different routing instances, and these sub-interfaces are configured with the same IP address and configured with separate Bidirectional Forwarding Detection (BFD) sessions, the remaining BFD sessions will flap continuously if one of these BFD sessions is deleted.
PR Number Synopsis Category: Border Gateway Protocol
1446499 The command "show task replication" might show BGP replication complete even before BGP NSR replication is completed
Product-Group=junos
The command "show task replication" might show BGP replication complete before NSR replication is finished.
1542123 Traffic loss might be seen in the next-hop-based dynamic tunnels of the Layer 3 VPN scenario after changing the dynamic-tunnel preference.
Product-Group=junos
In the BGP signaling for next-hop-based dynamic tunnels (MPLS-over-UDP tunnel and MPLS-over-GRE tunnel) of L3VPN scenario, if changing dynamic-tunnel preference (e.g. the preference of GRE tunnel is configured higher than UDP tunnel, and vice versa) not apply to all of L3VPN instance, the advertised encapsulation tunnel information might be inconsistent between the sender side and receiver side, after that, the dynamic tunnels might not be shifted between the GRE tunnel and UDP tunnel, the traffic loss might happen on these tunnels.
PR Number Synopsis Category: BBE Remote Access Server
1600655 Subscribers might be stuck in terminated state when the radius server is unreachable
Product-Group=junos
In subscriber scenario, if RADIUS accounting backup is configured and the radius server is unavailable for more than 30 minutes, some subscribers might be stuck in terminated state and cannot be recovered even if the radius server is reachable.
1603030 The "Service session entry creation failed" errors are seen during ephemeral commit
Product-Group=junos
On MX platforms and in subscriber scenario, the "Service session entry creation failed" messages are seen in syslog sometimes during ephemeral commit (usually with ESSM service activation). This can cause some services to fail. This is caused by occasional failure of shmlog filtering feature.
1609403 Prefix duplication errors might occur for DHCPv6 over PPPoE subscribers
Product-Group=junos
On MX platforms with DHCPv6 (Dynamic Host Configuration Protocol) over PPPoE (Point-to-Point Protocol over Ethernet) configured in BBE(Broadband Edge) environment, where the PPPoE sessions have delegated IPv6 prefix assigned from a local pool, when a DHCP session comes up over the PPPoE leading to a change to the PPPoE session's address, an address-change notification would be triggered. The processing of this notification by general-authentication-service would result in wrong marking of the delegated IPv6 prefix as available. Once this happens, DHCP service might re-assign the same prefixes which would be rejected because of IP duplication.
1612196 DHCP session fails with CLI knob 'session-limit-per-username'
Product-Group=junos
On all Junos platforms with DHCP (Dynamic Host Configuration Protocol) over PPPoE (Point-to-Point Protocol over Ethernet) and 'session-limit-per-username' configured, if either interface or access configuration is modified while DHCP sessions are logged in, any new DHCP (v4/v6/PD/NA) session without authentication that uses the same access profile cannot log in.
PR Number Synopsis Category: Class of Service
1599024 Child mgd processes might get stuck when multiple sessions continuously ask for interface information
Product-Group=junos
When running NETCONF or any such session, querying interface information in XML format, and having such multiple sessions (around 50-60) continuously asking for interface information, the child mgd process might get stuck. If more than one (at least 4-5) child mgd processes get stuck, the mgd process will stop functioning, which may cause any new configuration to not take effect.
PR Number Synopsis Category: CFM
1619231 OAM CFM adjacency is not forming on EX4300.
Product-Group=junos
Due to the HW programming error, CFM sessions gets failed.
PR Number Synopsis Category: QFX Access Control related
1574480 Private VLAN configuration might fail in certain scenario
Product-Group=junos
On all Junos platforms if 802.1X authentication is configured globally using the set protocol dot1x interface all command and if trunk interface is configured with vlans then Private VLAN configuration might fail.
PR Number Synopsis Category: QFX Control Plane VXLAN
1520688 The local PE does not remove VNI flood information even though it does not receive VXLAN message from remote PE
Product-Group=junos
On all Junos platforms, the local PE does not remove VNI flood information when the remote PE deletes the VXLAN VLAN and all belonged CE interfaces.
1524485 The kernel crash might happen in EVPN-VXLAN scenario
Product-Group=junos
On all Junos platforms which support (Ethernet VPN) EVPN (Virtual Extensible LAN) VXLAN, if Aggregation Ethernet (AE) interface or Redundant Logical Tunnel (RLT) interface is configured in the underlay network for EVPN/VXLAN, when there is ARP request generated and flooded to the core side, the kernel crash might happen due to this issue.
PR Number Synopsis Category: Device Configuration Daemon
1553148 The dcd process might leak memory on pushing the configuration to the ephemeral database.
Product-Group=junos
The dcd (device control daemon) memory leak issue could be observed on all Junos platforms, on pushing the scaled routing-instance configuration with bridge-domain stanza into the Ephemeral database.
1601566 The dcd process might crash and FPC might be stuck in ready state on MX platforms
Product-Group=junos
On MX platforms in Junos Fusion scenario, if targeted-distribution is configured for AE/vlan-demux/PPPoE interfaces whose underlying legs are on FPC numbers greater than 32 (for ex: ge-101/0/0) then the dcd process might crash and FPC might be stuck in ready state.
1608281 Memory leak on dcd process occurs when committing configuration changes on any interfaces in a setup with AMS interface configured
Product-Group=junos
With aggregated multiservices interface (AMS) configured, the memory leak on dcd daemon occurs when making configuration changes on any interface. The leak rate is slow and depends on the scale of the IFLs on AMS interfaces (e.g. if there are 8 AMS physical interfaces with 8000 logical interfaces, the leak is about 5MB on each commit), which may lead to dcd crash.
PR Number Synopsis Category: Firewall Filter
1528403 Junos OS: User-defined ARP Policer isn't applied on Aggregated Ethernet (AE) interface until firewall process is restarted (CVE-2021-0289)
Product-Group=junos
When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer. Please refer to https://kb.juniper.net/JSA11191 for more information.
PR Number Synopsis Category: dns-proxy feature
1607867 DNS proxy functionality might not work on VRRP interfaces
Product-Group=junos
On all SRX platforms, if DNS proxy is enabled on VRRP interfaces, then DNS proxy functionality might fail to work.
PR Number Synopsis Category: Control Plane for Node Virtualization
1580168 MPC7E/8E/9E/11E line card might be stuck in "Unresponsive" state in a Junos Node Slicing setup
Product-Group=junos
There are two issues resolved in this PR. Issue 1: In a Junos Node Slicing setup, after assigning MPC7E/8E/9E/11E line card to a guest network function (GNF), a file containing GNF information might be copied to line card with incomplete content during card booting up and it cannot be updated with correct values in subsequent booting as well. It is a rare timing issue (e.g., it may happen if the line cards copy the file from routing engine in Base System (BSYS) while BSYS is populating the file with GNF information.) The issue could cause the MPC7E/8E/9E/11E line card to be stuck in "Unresponsive" state. Issue 2: In a Junos Node Slicing setup with MPC7E/8E/9E/11E line card, after assigning these line cards to a GNF or BSYS or activating/deactivating network-slices, duplicate entries could be added into some files in card (i.e., /etc/hosts.equiv and /root/.rhosts files in card). Over time (maybe years), these files could occupy large disk space and lead to the line card booting up issue.
PR Number Synopsis Category: EVPN control plane issues
1577548 The mustd.core process generates core file during upgrading or while committing a configuration
Product-Group=junos
On MX Series platforms, if the "protocols evpn" is not configured at the global level but one or more routing instances are configured, the mustd process crash can be seen during upgrade or while committing a configuration.
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1576147 Configuring static-mac and no-mac-learning simultaneously on the VXLAN interface causes stale MAC/IP entry in the EVPN database
Product-Group=junos
In EVPN/VXLAN scenario, after no-mac-learning and static MAC which has been dynamically learned are configured simultaneously, the EVPN database entry for MAC/IP pairs will not be updated.
PR Number Synopsis Category: EX Chassis chassism/chassisd
1586740 Packet drops during VRRP master reboot when 40XS linecard is present on some EX92xx platforms
Product-Group=junos
On EX9204/EX9208/EX9214 platforms with EX9200-40XS linecard enabled('set chassis fpc 1 power on', commit), packet drops may be seen even if traffic is not passing over the EX9200-40XS linecard. This is a timing issue and not happen frequently.
PR Number Synopsis Category: Express PFE FW Features
1589133 Junos OS: PTX Series: An FPC heap memory leak will be triggered by certain Flowspec route operations which can lead to an FPC crash (CVE-2021-31367)
Product-Group=junos
A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows an adjacent attacker to cause a Denial of Service (DoS) by sending genuine BGP flowspec packets which cause an FPC heap memory leak. Once having run out of memory the FPC will crash and restart along with a core dump. Refer to https://kb.juniper.net/JSA11229 for more information.
PR Number Synopsis Category: Express PFE L2 fwding Features
1594255 ARP entry might be found missing intermittently post FPC reboot
Product-Group=junos
On some QFX series, using Ethernet Virtual Private Network (EVPN) with Virtual Extensible LAN protocol (VXLAN) when the Flexible PIC Concentrator (FPC) is rebooted, in rare occasions some of the Address Resolution Protocol (ARP) entries might be found missing intermittently on the FPC rebooted spine leading to intermittent connectivity issues.
PR Number Synopsis Category: IDP policy
1599954 IDP policy compilation is not happening when a commit check is issued prior to a commit
Product-Group=junos
On SRX platforms, IDP policy compilation is not loaded when a commit check command is run before commit command.
PR Number Synopsis Category: Internet Group Management Protocol
1607493 Multicast traffic might be duplicated on subscriber interface on MX platforms
Product-Group=junos
On MX platforms with distributed IGMP enabled, if a non-bbe junos interface joins the same multicast group as the subscriber interface followed by GRES/NSR switchover, then multicast traffic might be duplicated on subscriber interface.
PR Number Synopsis Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip
1401396 The rpd generates the following core files: cmgr_if_route_exists_condition_init, ctx_handle_node, task_reconfigure_complete.
Product-Group=junos
The rpd might crash and restart when condition-manager policy is configured for routing table and the same routing table is repeatedly deleted then re-added. The issue is not fixed in 19.2R1, and it is fixed in 17.4R2-S8-J1 17.4R2-S9 18.2X75-D33 19.2R2 19.2R2-EVO 19.3R1 19.3R1-EVO 19.4R1.
PR Number Synopsis Category: Integrated Routing & Bridging (IRB) module
1565213 The new master RE post switchover might go into DB mode (or crash) on EX platforms
Product-Group=junos
On EX and EX-VC platforms, if post routing engine switchover, MAC address is configured to IRB interface (for ex: set interface irb.500 mac 00:11:22:33:44:55) on new master RE, then the new master RE might crash or go into DB mode.
PR Number Synopsis Category: ISIS routing protocol
1538696 IS-IS adjacency might flap after committing configuration change on protocol MTU for IS-IS interface
Product-Group=junos
With IS-IS configured, committing configuration change on protocol MTU for IS-IS interface will trigger a sequence of events in Junos. The following specific sequence of events might cause IS-IS hello PDU to convey incorrect IP address in IS-IS TLV #132 (IP interface address field) which would result in the IS-IS adjacency flapping. This is a timing issue. == The following sequence of events trigger this issue when changing protocol MTU for IS-IS interface == 1. IP interface address is deleted. 2. IS-IS hello PDU is sent out. 3. MTU is changed to new value. 4. IP interface address is added back. When the IP interface address (IFA) is deleted due to protocol MTU (like inet MTU) being changed, if IS-IS hello PDU is sending out during this time, the current implementation will encode the router-id in IS-IS TLV #132 (IP interface address field). So, in this special case, the IS-IS hello PDU received by IS-IS neighbor will be marked as invalid because of address mismatch and the IS-IS adjacency will be down. In the fix of this PR, by default, Junos does not encode the router-id in IS-IS hello PDU when IFA is not present on interface. However, a hidden knob is given for the backward compatibility, and when this knob is configured, the router-id will be encoded in IS-IS hello PDU if IFA is not present on interface.
1556575 Junos OS and Junos OS Evolved: An IS-IS adjacency might be taken down if a bad hello PDU is received for an existing adjacency causing a DoS (CVE-2021-31362)
Product-Group=junos
A Protection Mechanism Failure vulnerability in RPD (routing protocol daemon) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause established IS-IS adjacencies to go down by sending a spoofed hello PDU leading to a Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11224 for more information.
PR Number Synopsis Category: User Firewall related issues
1605933 Memory leak at the useridd process might be observed when Integrated User Firewall is configured
Product-Group=junos
On SRX-Series devices having Integrated User Firewall enabled with Active Directory as the authentication source, memory leak might be observed at the useridd process.
PR Number Synopsis Category: IPSEC/IKE VPN
1605634 Traffic might be dropped in a corner case of IPsec VPN scenario on SRX5000 platforms with SPC3 installed
Product-Group=junos
On SRX5000 platforms with SPC3 installed and IP security (IPsec) Virtual Private Network (VPN) tunnels configured, if the gcm cipher (e.g. aes-128-gcm and aes-256-gcm) is used as the encryption algorithm, when the Internet Key Exchange Daemon (iked) process restore (e.g. caused by redundancy group 0 failover) happens, the iked process might get a wrong key being restored into the memory. After that, once there is Packet Forwarding Engine (PFE) reset/restart before the IKE Security Association (SA) rekey, traffic drop might happen due to this issue.
PR Number Synopsis Category: Security platform jweb support
1449280 Junos OS: Stored Cross-Site Scripting (XSS) vulnerability in captive portal (CVE-2021-31355)
Product-Group=junos
A persistent cross-site scripting (XSS) vulnerability in the captive portal graphical user interface of Juniper Networks Junos OS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device; Refer to https://kb.juniper.net/JSA11220 for more information.
PR Number Synopsis Category: Kernel MX virtual-chassis PRs
1480404 All VCP interfaces might go down after performing back-to-back VC switchover
Product-Group=junos
In an MXVC setup with large scale configurations, after performing 3~4 times back-to-back virtual-chassis switchover, all of the VCP interfaces will come down, leading to all of the FPCs reboot on the new VCMM, till all of the FPCs finish rebooting, the VC will come back to normal.
PR Number Synopsis Category: MX104 Software - Kernel
1607282 In subscriber management scenario, under a rare condition, the RE reboots and generates a vmcore
Product-Group=junos
In subscriber management scenario, under a rare condition, the kernel might crash at very rare condition due to a null pointer check when an entry lookup is performed.
PR Number Synopsis Category: MX10K platform
1325946 Chassisd process memory leak issue on MX10008/MX10016 platform which might cause traffic loss.
Product-Group=junos
Starting with Junos 19.4, the chassisd process on the primary Routing-Engine (RE) for MX10008 and MX10016 platforms keeps leaking memory. When chassisd memory usage reaches 3.5GB it may crash and trigger RE switchover. In some production cases, the RE switchover has triggered temporary traffic impact even on NSR/GRES enabled systems. The rate of memory leak is depending on how many optics/SFPs the system has. Rate of leak = 'Number of optics/SFPs under the system has' * 16Bytes per every 6 seconds. 19.3 and earlier releases still have the same issue, but the leak only happens during MIC/optics initialization stage. The frequency of the leak should be ignorable compare to 19.4 and later releases.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1551193 VM might crash if file is shared between host operating system and guest operating system using virtFS
Product-Group=junos
On Virtual Machines (VM) based platforms running Junos images, file might not be shared between host operating system and guest operating system via Virtual Filesystem (virtFS). When this issue happens, device might be restarted.
1563647 Memory corruption of any binary in /usr/bin/ or /usr/sbin/ may be triggered when a recovery snapshot is being copied to the OAM volume or system while it's in heavily stressed condition
Product-Group=junos
Memory corruption of a binary from /usr/bin/ or /usr/sbin/ directory can occur if such binary is invoked when a recovery snapshot creation is in progress. The exact symptoms will be different depending on the exact binary and JUNOS version - some programs will show an error, and some programs will crash every time it is executed. Such memory corruption will be persistent until the affected Routing Engine is restarted. Please refer to TSB17954 (https://kb.juniper.net/TSB17954) for further details. In addition to recovery snapshot, a device reboot could also be a possible trigger when the system is under heavier read operations across the mounted packages.
1602005 Upgrade might fail when upgrading from legacy release
Product-Group=junos
On all platforms (For SRX, only SRX5k with RE-1800x4) while directly upgrading from Junos with FreeBSD 6 (e.g. 15.1X49 or before) to the affected releases, the system will check the USB connection. The upgrading will fail if there is no USB device detected during the upgrading process.
PR Number Synopsis Category: "ifstate" infrastructure
1547164 Backup Routing Engine vmcore might be seen due to the absence of the next-hop acknowledgement infra.
Product-Group=junos
On all Junos platforms with dual Routing Engines, after hundreds of rigorous interface flaps, a vmcore might be seen on the backup Routing Engine. The vmcore analysis pointed to rnh_index_alloc panic on the backup Routing Engine, which could be due to the absence of next-hop ACK infra on the device.
PR Number Synopsis Category: JUNOS Network App Infrastructure (for ping, traceroute, etc)
1582529 If committing 'source-address routing-instance' and then delete 'source-address ' in private edit mode, commit fails with warning message
Product-Group=junos
On all Junos platforms with private edit mode enabled, if you commit the statement 'source-address< address> routing-instance' and then delete 'source-address
', the commit fails with warning message: 'warning: patch removes statement that is not empty'.
PR Number Synopsis Category: TCP/UDP transport layer
1595649 Junos OS: Upon receipt of specific sequences of genuine packets destined to the device the kernel will crash and restart (vmcore) (CVE-2021-0283, CVE-2021-0284)
Product-Group=junos
A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). Please refer to https://kb.juniper.net/JSA11200 for more information.
PR Number Synopsis Category: Paradise pfe ddos protection feature
1578579 TACACS traffic might be dropped
Product-Group=junos
On PTX Series routers and QFX Series switches, the traffic from TACACS port 49 might not be classified into a proper DDoS queue. When the issue happens, it might cause the unclassified traffic to get dropped when the CPU utilization is very high.
PR Number Synopsis Category: PTP related issues.
1479027 Syslog messages related to the Precision Time Counter (PTC) process
Product-Group=junos
Syslog messages can be seen related to the precision time counter (PTC) on a very few devices. Issue happens if the reboot sequence is such that the initialization of the PTC counters fails, thus leaving continuous periodic errors in the PTC. Fix will enable the PTC to initialize correct with a few init retries.
1592657 Using the BITS interface from backup RE for clock recovery might not work
Product-Group=junos
On MX platforms with dual Routing Engine (REs), with Graceful Routing Engine Switchover (GRES) enabled and in Precision Time Protocol (PTP) Hybrid mode, if using the building-integrated timing supply (BITS) interface from backup RE for clock recovery, that will not work.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1520144 SNMP trap of power failure might not be sent out.
Product-Group=junosvae
On QFX5K platforms, the SNMP trap of power failure might not be sent out when power cable is removed from PSU, and the output of CLI command 'show chassis environment' would not display the information of the power failure.
PR Number Synopsis Category: QFX access control list
1592463 The IPv4 fragmented packets might be broken if PTP transparent clock is configured
Product-Group=junos
On QFX5K platforms with PTP transparent clock enabled, the IPv4 fragmented packets of UDP datagram might be broken by PTP in some rare scenario, and the corrupted packets will be a part of the payload.
1606256 Multicast streams may stop flooding in VXLAN setup
Product-Group=junos
In VXLAN with multicast used scenario, multicast traffic might not get flooded if the multicast IP is in one of the IP range (224.0.0.32 - 224.0.0.255). This is because a newly introduced dynamic filter only works for non-VxLAN traffic.
PR Number Synopsis Category: QFX L2 PFE
1580352 DHCP packets might be dropped if dynamic filter 'dyn-dhcpv4_v6_trap' is applied on the interface
Product-Group=junos
DHCP packets might be dropped when dynamic filter 'dyn-dhcpv4_v6_trap' is applied and software-based learning CLI is enabled on the interface.
1600892 Two copies of broadcast ARP packets are sending to the other VTEPs
Product-Group=junos
On EX2300/3400/4300/46XX and QFX5000 Series platforms in EVPN/VXLAN scenario, the L2 Leaf devices might send two copies of broadcast ARP packets to other VTEPs.
1602914 Traffic drop might be observed on QFX5K platforms in virtual chassis scenario when firewall filter is configured
Product-Group=junos
On QFX5k platforms in the Virtual chassis scenario, when the firewall filter is applied over the AE interface and AE is having only one child member from FPC0 and there are no child members from FPC1, all the packets flowing through backup FPC will be dropped.
1607249 LLDP packets received on VxLAN enabled port might be flooded unexpectedly
Product-Group=junos
If Link Layer Discovery Protocol (LLDP) packets are received on Virtual Extensible LAN (VxLAN) enabled port, these LLDP packets might be flooded unexpectedly. The issue could make LLDP session keep swapping. As a result, services like Power over Ethernet (PoE) etc might be affected.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1512175 The DHCP traffic might not be forwarded correctly when DHCP sends unicast packets.
Product-Group=junos
On EX4600/QFX5K platforms, DHCP unicast packets are getting dropped in the device due to DHCP relay filters which are getting installed during the init time without any DHCP configuration.
PR Number Synopsis Category: qfx-sw-mclag
1605234 MAC move may be seen between the ICL and MC-LAG interface if adding/removing VLANs on the ICL interface
Product-Group=junos
On QFX/EX platforms with MC-LAG used, if adding/removing VLANs on the ICL (the interchassis link) interface which is used to forward data packets link between two MC-LAG peers, a continuous MAC move might be seen between the ICL and MC-LAG interface. When this happens, it will cause traffic drop due to the flooding as a consequence of the MAC moves.
PR Number Synopsis Category: QFX VCCP
1606705 VC ports might remain in down state after removing and adding
Product-Group=junos
On QFX5110 VC (Virtual Chassis) setup, removing and adding of VC ports might cause the VC ports to remain in down state sporadically. The removing and adding of VC ports can be done either in logical or physical manner. Logically by using the commands "request virtual-chassis vc-port delete pic-slot port member " and "request virtual-chassis vc-port set pic-slot port member " to remove and add respectively. Physically by plugging and unplugging the optics corresponding to the VC port.
PR Number Synopsis Category: QFX5100 Interface related issues
1555741 The Virtual Chassis Port (VCP) might not come up after upgrading to 18.4R2-S4 or later releases on EX4600 or QFX5100 platform
Product-Group=junos
In EX4600 or QFX5100 with the Virtual Chassis (VC) scenario, if the QSFP+-40G-LR4/LX4/BXSR is used as the Virtual Chassis Port (VCP), it might come up against the optical signal strength issue accidentally after upgrading to 18.4R2-S4 or later releases. Then the VCP might be brought down by the physical port driver randomly and not come up again. The functionality of VC or the Virtual Chassis Fabric (VCF) might be impacted.
PR Number Synopsis Category: RPD Interfaces related issues
1594981 The label field for the EVPN Type 1 route is set to 1
Product-Group=junos
In the EVPN/VXLAN scenario, the label field for Type-1 route is not required but it is assigned 1 instead of 0, which is in conflict with the RFC7432.
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1595165 Junos OS and Junos OS Evolved: RPD core upon receipt of specific BGP update (CVE-2021-31353)
Product-Group=junos
An Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an attacker to inject a specific BGP update, causing the routing protocol daemon (RPD) to crash and restart, leading to a Denial of Service (DoS). Refer to https://kb.juniper.net/JSA11218 for more information.
PR Number Synopsis Category: SNMP Infrastructure (snmpd, mib2d)
1606600 SNMP reflects outdated ARP entries
Product-Group=junos
When the ARP entry gets removed in the ARP table, and if there is a presence of a static route referring to the removed NH IP, the refcount will not be 0. In that case, the kernel will not send a DELETE message to mib2d. As a result, SNMP still has the ARP entry even after it's expired in the ARP cache.
PR Number Synopsis Category: SFW, CGNAT on MS-MIC/MS-MPC (XLP)
1598720 The packet loop might be seen after receiving the PCP request packets which are destined to softwire concentrator address
Product-Group=junos
On MX platforms with MS-MPC/MS-PIC, the packet loop might be seen after receiving the PCP Mapping request packets to service-set where pcp rule is not configured and the packet loop might cause high CPU utilization.
PR Number Synopsis Category: Trio pfe stateless firewall software
1586817 FPC might crash in a scaled firewall configuration
Product-Group=junos
On MX Series routers, PTX Series routers, and QFX Series switches running Junos OS, traffic loss might be observed in a scaled firewall filter configuration setup due to FPC crash. When the issue occurs, a core file is generated, which can be checked using the CLI command 'show system core-dumps'. host@device> show system core-dumps -rw-r--r-- 1 root wheel 89322187 /var/crash/core-NGMPC0.gz.core.0 ----> Core file
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1558899 Some transmitting packets may get dropped due to the "disable-pfe" action is not invoked when the fabric self-ping failure is detected
Product-Group=junos
On the Trio-based line card with more than one PFEs, if there is a fabric self-ping failure detected on one of the PFE, the chassisd will disable all the IFD (physical interfaces) associated with the PFE to prevent blackhole and report a major CMERROR. Because the affected PFE is still active, and some applications (like BFD over AE across multiple FPCs/PFEs) are still using the PFE to transmit packets, the packets will get dropped due to all interfaces being disabled.
PR Number Synopsis Category: Junos Automation, Commit/Op/Event and SLAX
1553116 Junos OS and Junos OS Evolved: python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API via timed processing of valid PKCS#1 v1.5 ciphertext (CVE-2020-25659)
Product-Group=junos
A vulnerability in the python cryptographic library as used in Juniper Networks Junos OS and Junos OS Evolved allows an attacker to perform timing oracle attacks against RSA decryption; Refer to https://kb.juniper.net/JSA11245 for more information.
1604622 File download using "request system download" might fail
Product-Group=junos
On a EX4400 device, any files scheduled for download using the cli command "request system download" might fail due to error. The files can be downloaded using normal ftp/scp commands on the device.
PR Number Synopsis Category: PTX/QFX100002/8/16 platform software
1555386 The LCMD process might consume memory until all of the free memory available to VMHOST gets exhausted.
Product-Group=junosvae
On PTX10K, MX10K, and QFX10K (exception: MX10003, PTX10001, PTX10002, QFX10002, any Junos-EVO system are NOT affected), when the Linux Chassis Manager (LCMD) polls PSMs (Power Supply Modules), the memory used for that polling does not get freed. The amount of memory not being freed depends on the number of sensors (FPCs and PICs) installed in the chassis. The LCMD process will continue to consume memory until all of the free memory available to VMHOST has been exhausted. At that point, the LCMD restarts causing the Routing Engine's mastership switchover. (Please also see https://kb.juniper.net/TSB18061 for more details.)
PR Number Synopsis Category: VSRX platform software
1603199 Junos OS: When using J-Web with HTTP an attacker may retrieve encryption keys via Person-in-the-Middle attacks. (CVE-2021-31386)
Product-Group=junos
A Protection Mechanism Failure vulnerability in the J-Web HTTP service of Juniper Networks Junos OS allows a remote unauthenticated attacker to perform Person-in-the-Middle (PitM) attacks against the device. Refer to https://kb.juniper.net/JSA11254 for more information.
 

19.1R3-S7 - List of Known issues

PR Number Synopsis Category: CFM
1536417 FPC might core if CFM flap trap monitor feature in use
Product-Group=junos
FPC might core if flap-trap-monitor feature under "set protocols oam ethernet cfm performance-monitoring sla-iterator-profiles" is used and performance monitoring flap occurs.
PR Number Synopsis Category: Firewall Filter
1471310 Firewall filter monitoring using SNMP might not provide accurate results
Product-Group=junos
On all Junos except MX platforms, the firewall filter monitoring using SNMP OID 1.3.6.1.4.1.2636.3.5.2.1.6 might not provide the entire output of configured filters, when configured filters are using actions or matches that are not supported by the compiled filters. Below is the list of actions and matches that are not supported by the compiled filters: actions: "then policy map", "clear-policy-map", "then encapsulate/decapsulate" matches: "payload-protocol", "gre-key", "flex-offset range/prefix", "policy-map"
PR Number Synopsis Category: PTP related issues.
1561372 PTP lock status gets stuck at the Acquiring state instead of the Phase Aligned state.
Product-Group=junos
On QFX5110-48s and QFX5200-32Q, the PTP slave port might stay in Acquiring mode indefinitely, because the QFX is starting with EPOCH time January 1, 1970, and the time difference to the GM (Grand Master) is too large for the servo algorithm.
1583023 [timing] [hybrid] Hybrid over lag - Huge 1 PPS time error values seen for 1 gig interface on 20x1GE MIC
Product-Group=junos
On MX platforms with MPC2E/3E, T1,T4 and two way time error is meeting the required performance metrics but high 1pps error is observed. There is no impact on PTP (Precision Time Protocol) functionality.
1618929 The clksyncd might crash and PTP/SyncE might not work
Product-Group=junos
On MX240/MX480/MX960 with 1pps measurement port output and PTP/Hybrid mode configured by default during bootup, clksyncd may crash and dump a core. This issue will cause the PTP/SyncE to not work if the problematic configuration is present.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1584902 The QFX5k/10k device might get hanged after reboot for sometime
Product-Group=junos
On QFX5k/10K switches, during reboot in certain instances the device may get into a state where Junos virtual machine hangs until the NMI is triggered and reboots fully. The system recovers after ~30 mins.
PR Number Synopsis Category: QFX L2 PFE
1417546 Either unicast RPF in the Strict mode or ICMP redirect does not work.
Product-Group=junos
On QFX5110 and QFX5120 platforms, either unicast RPF in strict mode or ICMP redirect does not work properly.
PR Number Synopsis Category: QFX EVPN / VxLAN
1554389 Wrong ARP reply might be sent via AE interface on QFX5000 series platforms
Product-Group=junos
Wrong Address Resolution Protocol (ARP) reply might be sent by QFX5000 series platforms when the ARP request packet is received via an Aggregated Ethernet (AE) interface. This issue affects QFX5000 series platforms running Junos image only. Please refer to workaround to avoid this issue.
PR Number Synopsis Category: RPD policy options
1596436 BGP import policy is not applied to all the routes when CCNH inet6 is enabled
Product-Group=junos
BGP import policy might be not applied to all the routes when CCNH inet6 is configured.
PR Number Synopsis Category: All Asgard Platform Related Issues
1335526 The ppmd process might crash after an upgrade on SRX platforms
Product-Group=junos
On SRX platforms with Bidirectional Forwarding Detection (BFD) enabled for multiple protocols (such as OSPF, ISIS, BGP, PIM), the ppmd process might crash after an upgrade.
PR Number Synopsis Category: UI Misc
1457602 The version information under the configuration changes from Junos OS Release 19.1. onwards.
Product-Group=junos
Under configuration on 19.x, version info is different from prior 18.x release.
Modification History:
First publication 2021-10-27
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search