Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

21.3R1-S1: Software Release Notification for JUNOS Software Version 21.3R1-S1

1

0

Article ID: TSB18201 TECHNICAL_BULLETINS Last Updated: 12 Nov 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 21.3R1-S1 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Risk Risk Description
Low/Notification - No defined time impact to take action Software Release Notification
Impact Impact Description
Low/Notification - Monitor the situation but no action needed Software Release Notification

Solution:

Junos Software service Release version 21.3R1-S1 is now available.

21.3R1-S1 - List of Fixed issues

PR Number Synopsis Category: QFX VC/VCF NSSU
1621611 QFX5200: NSSU (nonstop-upgrade) CLI missed in QFX TVP codes
Product-Group=junos
NSSU option is not available from 21.2R1. This option is missing from the time UI component publish has been separated out.
PR Number Synopsis Category: JUNOS kernel/ukernel changes for ACX
1608852 ACX710 with freebsd12 may experience kernel crash with g_vfs_done() logs on console
Product-Group=junos
ACX710 with freebsd12 (JunOS 21.2R1 onwards) could crash. No ssh or console access. Console will display g_vfs_done log. Require power-cycle to recover.
PR Number Synopsis Category: dns-proxy feature
1607867 DNS proxy functionality might not work on VRRP interfaces
Product-Group=junos
On all SRX platforms, if DNS proxy is enabled on VRRP interfaces, then DNS proxy functionality might fail to work.
PR Number Synopsis Category: Express pfe Mclag
1610173 Continuous L3 traffic drop might be observed with MC-LAG configuration on QFX10K platforms
Product-Group=junos
On QFX10K platforms with MC-LAG configured, When trying to add or remove the MC-LAG configuration continuous L3 traffic drop might be observed which might not be recovered.
PR Number Synopsis Category: IDP on logical system
1586220 "show security idp counters" is not having tenant knob in it's syntax
Product-Group=junos
As a fix of PR 1472994 support for tenant system argument in root system was removed because MGD is passing unexpected arg tenant while forking IDPDINFOD. so fix of this PR having two parts reverting the fix of PR 1472994 and fixing the PR 1472994 in MGD code. So root system user can pass tenant name as an argument for "show security idp counters"
PR Number Synopsis Category: jdhcpd daemon
1625617 The rpd scheduler might continuously slip after GRES when there are 7k DHCP clients in a subscriber management environment
Product-Group=junos
On the MX10008 platform with larger subscribers management, when it is configured as a DHCP (Dynamic Host Configuration Protocol) server having 7k DHCP clients binding, the commit can become very slow. After doing GRES (Graceful Routing Engine Switchover), the rpd may continuously run high CPU and scheduler slips for 20 minutes and may cause protocol flaps.
PR Number Synopsis Category: IPSEC/IKE VPN
1573102 The iked process might restart and generate core during session state activation/deactivation
Product-Group=junos
On SRX5k platforms with SPC3 card in L3 HA (High Availability) configuration with link encryption tunnel, the iked process is restarted and for a brief time IPsec tunnel establishment might be impacted.
PR Number Synopsis Category: Layer 2 Control Module
1622496 Invocation of netconf get command will fail if there are no L2 interfaces in the system.
Product-Group=junos
Invocation of netconf get command will fail if there are no L2 interfaces in the system.
PR Number Synopsis Category: Multiprotocol Label Switching
1598207 Sometimes MPLS LSP may go down due to a timing issue when a protected link goes down
Product-Group=junos
When a protected link goes down, MPLS gets tunnel local repair message from RSVP and trigger CSPF computation. Next, MPLS gets link protection information through RRO notification. If MPLS receives TED notification first before RRO notification, then CSPF computation fails. Since the link protection flag is not set, MPLS thinks it is an unprotected link and brings down the LSP.
1613372 Sometimes rpd might crash if express segments are configured with SRTE underlay protocol
Product-Group=junos
On all Junos platforms, When express segments are configured with SRTE ( Segment Routing Traffic Engineering ) as underlay protocol, rpd might crash when express segments are deleted or re-advertised. All routing protocols will be impacted due to rpd crash.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1607299 FreeBSD12: On Panic 0-size vmcore file get generates
Product-Group=junos
Under some conditions a truncated vmcore is generated on panic on EX-2300/EX-3400/EX-2300MP.
PR Number Synopsis Category: TCP/UDP transport layer
1626400 Configuration commit may fail while configuring the knob 'authentication-key-chains' under groups
Product-Group=junos
On all Junos and Evo platforms, if 'no-persist-groups-inheritance' is not configured, configuration commit issues may be seen while configuring the knob 'authentication-key-chains' under groups. Expanded view of the database is not fetched when configured via groups security and hence commit check error may be seen. The TCP-keychain functionality may not work as expected if this issue occurs.
PR Number Synopsis Category: Kernel Tunnel Interface Infrastructure
1621369 VMX :: Commit failure observed with syntax error: "error: load failure on translation changes" while applying tunnel interface configs using openconfig cli
Product-Group=junos
When you configure gr interface using openconfig knobs for ip address commit might fail. Solution: Configure ip and prefix length at subinterface path: set openconfig-interfaces:interfaces interface gr-0/0/0 subinterfaces subinterface 0 openconfig-if-ip:ipv4 addresses address 196.1.1.1 config ip 196.1.1.1 set openconfig-interfaces:interfaces interface gr-0/0/0 subinterfaces subinterface 0 openconfig-if-ip:ipv4 addresses address 196.1.1.1 config prefix-length 24
PR Number Synopsis Category: Stout cards (MPC8, MPC9) fabric issues
1617469 MPC8E in 1.6T bandwidth mode may not work correctly
Product-Group=junos
If MPC8E is set in 1.6T bandwidth mode, it may not work correctly and the end result is that the MPC8E will not be able to see 1.6T throughput (as configured) and will see fabric drops at higher traffic rates. The 1.6T bandwidth fabric parameters are not getting applied to SFBs.
PR Number Synopsis Category: usf ha related issues
1618360 With scaled IPv6 synced sessions, Clearing sessions on Master MX router, Stateful sync not clearing all the nat64 sessions on the backup MX router
Product-Group=junos
With scaled IPv6 synced sessions, Clearing sessions on Master MX router, Stateful sync not clearing all the nat64 sessions on the backup MX router
 

21.3R1-S1 - List of Known issues

PR Number Synopsis Category: OpenSSH and related subsystems
1571179 SHA-1 system login password format not accepted post upgrade
Product-Group=junos
If the Junos config contains a SHA-1 hashed password for a specific user, that user will be unable to login post upgrade. To identify any SHA-1 hashed passwords, run the following from the edit command line: # show | match \$sha1\$ Post upgrade do not use the SHA-1 password format. If the password format is set to SHA-1, the password will be hashed with SHA-512 instead.
PR Number Synopsis Category: EVPN control plane issues
1600310 [evpn_vxlan] [evpn_instance] : mx960 ::JUNOS:JDI_FT_REGRESSION::VMX:Bridge mac-table learning entries are not as expected for EVPN-VXLAN-1 routing instance
Product-Group=junos
In a scenario with EVPN-VXLAN in the Datacenter and EVPN-MPLS is in the WAN and the stitching is done with an LT interface, then the bridge mac-table learning entries are not as expected for EVPN-VXLAN routing instance. This could occur after 'restart interface-control' is issued on gateways.
PR Number Synopsis Category: usf ipsec related issues
1625888 USF-SPC3 : Packet loops in the pic even after stopping the traffic, after clearing IPsec SA with IPsec PMI/fat-core
Product-Group=junos
Packet loop might happen when IPsec SA be deleted (command clear/rekey, etc), which will causing high CPU. Clear SA again to recover
 
Modification History:
First publication 2021-11-12
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search