Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

21.2R2-S1: Software Release Notification for JUNOS Software Version 21.2R2-S1

0

0

Article ID: TSB18252 TECHNICAL_BULLETINS Last Updated: 27 Dec 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 21.2R2-S1 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Risk Risk Description
Low/Notification - No defined time impact to take action Software Release Notification
Impact Impact Description
Low/Notification - Monitor the situation but no action needed Software Release Notification

Solution:

Junos Software service Release version 21.2R2-S1 is now available.

21.2R2-S1 - List of Fixed issues

PR Number Synopsis Category: SRX DNS DGA and tunneling related
1629995 When viewing DNS Tunnel detections in the ATP Cloud portal, the Source-IP and Destination-IP metadata is reversed.
Product-Group=junos
When viewing DNS Tunnel detections in the ATP Cloud portal, the Source-IP and Destination-IP metadata is reversed.
PR Number Synopsis Category: CoS support on ACX
1619174 Host-outbound-traffic might be placed in wrong queue
Product-Group=junos
On the ACX5048 platform, host-outbound-traffic might be placed in different queue not in configured forwarding-class (FC) queue. This might lead to incorrect QoS treatment for host-outbound-traffic.
PR Number Synopsis Category: JUNOS kernel/ukernel changes for ACX
1636222 ACX5448 PEM overload alarm threshold is incorrect
Product-Group=junos
During normal operation of ACX5448/ACX5448-D/ACX5448-M platforms with AC PEMs, PEM 0 or 1 can incorrectly report overload or underload alarms
PR Number Synopsis Category: ACX PFE
1620685 IGMP: 6-8 seconds delay noticed when the receiver switches in between groups
Product-Group=junos
When (*,G) snoop route is installed, all the IGMP packets are getting lifted through the IP options queue, which is causing the delay, as it has a low pps(Packets Per Second) rate. This will make delay in processing the IGMP requests, and Switching delay will be seen between multicast(Mcast) groups which make the IGMP packets will be lifted through incorrect host queues. Moreover, 1000 IGMP packets are received per second, this may impact time delay
PR Number Synopsis Category: "agentd" software daemon
1600412 gNMI Telemetry might stop working after RE switchover
Product-Group=junos
In a dual RE (Routing Engine) system with GRES (Graceful Routing Engine Switchover) NSR (Nonstop Active Routing) enabled telemetry might stop working after RE switchover.
PR Number Synopsis Category: EVO platform software
1597999 PTX10001-36MR: Inconsistency in the platform name used in multiple places, version, snmp mibs, etc.
Product-Group=junos
"show snmp mib walk sysDescr" will show ptx10001-36mr
PR Number Synopsis Category: Covers Application classification workflows apart from custo
1625364 Coredumps might be reported on installing IDP security package
Product-Group=junos
On SRX platforms, when installing IDP sigpack, it might impact SRXPFE core file generation. It is a memory corruption issue.
PR Number Synopsis Category: EVPN control plane issues
1632723 The traffic loss might be seen when the link goes down for the local ESI
Product-Group=junos
In the EVPN-VXLAN Type 2 and Type 5 co-existence scenario, when the link goes down for the local ESI, the Type 5 route deleting followed by the Type 2 route adding might cause traffic loss which is proportional to the ARP scale on the link that goes down.
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1629426 The l2ald crash might be seen after performing restart routing on EVPN PE
Product-Group=junos
On all Junos and Evo platforms, when restart routing performed on EVPN PE in the network, l2ald crash might be seen on EVPN PE where restart routing was done. Furthermore, its peering PEs may see l2ald crash due to protocol flap following to restart routing. In both case, l2ald crash would be seen in a few minutes (~ 10 min) after restart routing was done.
PR Number Synopsis Category: Express PFE including evpn, vxlan
1601961 InterDC traffic loss might be seen in MAC-VRF EVI with trap stats "dlu.ucode.discard "
Product-Group=junos
On QFX10002/10008 platforms, when WAN-RT (Route Target) is modified for MAC-VRF (Virtual Routing and Forwarding) EVI(EVPN Instance), about 1% of InterDC L3 traffic may get black-holed for the MAC-VRF EVI, with trap stats "dlu.ucode.discard". This happens because the original VNI (Virtual Network Identifier) of the Bridge Domain is sent in the VXLAN(Virtual Extensible Local Area Network) header. However, instead of the original VNI the translated VNI should be sent for correct traffic propagation.
PR Number Synopsis Category: Express pfe Mclag
1610173 Continuous L3 traffic drop might be observed with MC-LAG configuration on QFX10K platforms
Product-Group=junos
On QFX10K platforms with MC-LAG configured, When trying to add or remove the MC-LAG configuration continuous L3 traffic drop might be observed which might not be recovered.
PR Number Synopsis Category: jdhcpd daemon
1625617 The rpd scheduler might continuously slip after GRES when there are 7k DHCP clients in a subscriber management environment
Product-Group=junos
On the MX10008 platform with larger subscribers management, when it is configured as a DHCP (Dynamic Host Configuration Protocol) server having 7k DHCP clients binding, the commit can become very slow. After doing GRES (Graceful Routing Engine Switchover), the rpd may continuously run high CPU and scheduler slips for 20 minutes and may cause protocol flaps.
PR Number Synopsis Category: Flow Module
1619321 Security traffic log display service-name="None" for some application
Product-Group=junos
On SRX series devices, the expected service name for some application does not display in security traffic log, however service-name="None" is displayed.
PR Number Synopsis Category: Layer 2 Control Module
1622496 Invocation of netconf get command will fail if there are no L2 interfaces in the system.
Product-Group=junos
On all junos platforms, invocation of netconf get command will fail if there are no L2 interfaces in the system.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1626714 LT interface is missing from VPLS flood topology
Product-Group=junos
On MX platforms, when Logical Tunnels(LT)interface is used for VPLS, VPLS broadcast traffic might not be forwarded to LT interface properly after deleting the LT interface and the VPLS instance followed by adding them back, which might cause LT interface missing from VPLS flood topology and eventually affects VPLS communication.
PR Number Synopsis Category: Multiprotocol Label Switching
1613372 The process rpd might crash if express segments using SR-TE underlay are configured
Product-Group=junos
On MX and PTX series platforms, when express segments are configured with SR-TE (Segment Routing Traffic Engineering) underlay path, rpd might crash when express segments are deleted or re-advertised.
PR Number Synopsis Category: Kernel Tunnel Interface Infrastructure
1621696 Traffic loss can be seen on the new master RE post GRES
Product-Group=junos
On all Junos platforms with GRE (Generic Routing Encapsulation) configuration, when we disable the gr interface on master RE and enable it on new master RE post GRES, traffic loss can be seen on the new master RE.
PR Number Synopsis Category: QFX EVPN / VxLAN
1560038 On the QFX5110 line of switches, the untagged traffic routed over native-vlan might be dropped.
Product-Group=junos
On QFX5110 platforms in VXLAN Layer3 Gateway scenario, untagged traffic routed over native-vlan-id interface might be dropped.
1612905 Arp resolution for data traffic received over Type5 might fail
Product-Group=junos
Arp resolution for Data traffic received over Type5 might fail if the VNI ussed for decap for a given tunnel is also used for Encap VNI for another tunnel. When Encap VNI for a tunnel is created first followed by Decap VNI(same vni) for another tunnel we fail to update the routing instance needed for Decap.
1624925 QFX5K log messages: fpc0 SRIRAM Tx VxLAN Ucast: ifd_out = vtep dst_gport is (c00000X) so do not process pkt further
Product-Group=junos
Log messages "fpc0 SRIRAM Tx VxLAN Ucast: ifd_out = vtep dst_gport is (c00000X) so do not process pkt further" can show up on QFX5K switches (where X = different values). These are harmless messages.
1625285 Traffic loss might be observed after configuring VXLAN over IRB interface
Product-Group=junos
On QFX5100/QFX5110/QFX5200/QFX5210/EX4300-48MP/EX4600/EX4650-48Y platforms, with IRB interface as underlay for VXLAN, data plane VXLAN traffic loss might be observed.
1632444 Adding and removing VLANs might cause traffic loss
Product-Group=junosvae
On QFX5120 platforms with VXLAN setup, when deleting at least half of the VLANs that are added before, the packets over VTEP are sent out with inner VLAN tagged and might be dropped by the tunnel terminating device.
PR Number Synopsis Category: PTX10K RE EVO Issues
1617720 Unexpected RE switchover might be observed on EVO platforms
Product-Group=junos
On all EVO platforms with dual RE, automatic RE switchover might be observed unexpectedly since the feature "chassis redundancy failover" is enabled by default.
PR Number Synopsis Category: SRX Argon module
1624655 Running DNS on all SRX platforms, a memory leak on PFE may occur
Product-Group=junos
PFE memory leakage will be seen in the presence of live heavy DNS traffic on all SRX platforms.
PR Number Synopsis Category: SRX branch platforms
1620888 Traffic may get dropped due to memory issue on some SRX devices
Product-Group=junos
On SRX300/320/340/345/380/550M platforms, the memory partition limits may be wrongly set at the boot-up time. This may cause the traffic to drop.
PR Number Synopsis Category: MX10003/MX204 MPC defects tracking
1609988 MX204: Interface flaps might be observed on certain ports
Product-Group=junos
On MX204 platforms, when QSA(QSFP-to-SFP) adapter is used with any SFP/SFP+(small form-factor pluggable) optics and if interface at PIC0 is configured with 1G speed, the corresponding interface might flaps with the "Ethernet PCS Block Not Locked/Locked Delta Event" error messages leading to traffic fluctuation passing through it.
PR Number Synopsis Category: Trio LU, IX, QX, MQ chip drivers, ucode & related SW
1619111 Degraded traffic processing performance might be observed in case of processing very high PPS rate traffic
Product-Group=junos
MX-Series devices processing very high Packets per second (PPS) rate transit traffic might not show traffic processing performance enough and drop traffic.
PR Number Synopsis Category: Ephemeral Database
1553469 Ephemeral instance configuration not removed even after deleting the ephemeral instance from set system configuration-database
Product-Group=junos
When the ephemeral instance is deleted, physical files related to the instance is not deleted and the content of the file will remain as it is and can cause device behave uncertain.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1600435 The dfwc and dcd processes may crash when a commit-check is performed after a previously terminated (with ctrl+c) commit-check
Product-Group=junos
During performing commit-check for the firewall and interface related configurations, if an operator uses the ctrl+c to abort it, the dfwc and dcd may crash after performing another commit-check. This issue will happen only with those daemons that follow the message-based commit-check model (such as dfwc, dcd, rdmd and fwa), and has no impact on other daemons.
 

21.2R2-S1 - List of Known issues

PR Number Synopsis Category: common or misc area for SRX product
1630040 USB image upgrade for RE-1800x4 K2re "bare-metal" platforms (SRX5k, MX240, MX480, MX960, MX2010, EX9208 chassis) might not be successful.
Product-Group=junos
USB image upgrade for RE-1800x4 K2re "bare-metal" platforms (SRX5k, MX240, MX480, MX960, MX2010, EX9208 chassis) might not be successful.
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1618118 (Inline and distributed) BFD overlay sessions flap with underlay interface flap
Product-Group=junos
on certain conditions where underlay session flapped due to interface down event, it may possible to see the flap in overlay bfd session due to delay in route install to reach the packet to the neighbor.
PR Number Synopsis Category: Control Plane for Node Virtualization
1576173 "CHASSISD_FRU_IPC_WRITE_ERROR: fru_send_msg: FRU GNF 2, errno 40, Message too long" may appear periodically in the chassisd logs
Product-Group=junos
"CHASSISD_FRU_IPC_WRITE_ERROR: fru_send_msg: FRU GNF 2, errno 40, Message too long" may appear periodically in the chassisd logs
PR Number Synopsis Category: EVPN control plane issues
1586584 QFX10002/8/16 - ISIS sessions not coming up over EVPN with IPv4 underlay
Product-Group=junos
QFX10002/8/16 - ISIS sessions not coming up over EVPN with IPv4 underlay
1600600 I-ESI modification workflow on DC-GW
Product-Group=junos
Modifying the I-ESI value is traffic effecting event. If this must be done then follow the below steps in order to avoid this PR 1) deactivate interconnect stanza for the routing-instance in question 2) Modify the I-ESI value 3) activate the interconnect stanza
1610432 MAC-IP move across L2-DCI is not updated in MAC-IP table of the GW nodes for vlans that have translate VNI configuration
Product-Group=junos
This problem happens only with translation VNI when mac moved one from DC1 to DC2. VM move across DC where there is not translate VNI configuration in the interconnect works as designed
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1609322 Few ARP/ND/MAC entries for Vlans are missing with MAC-VRF configuration
Product-Group=junos
In all Junos and Evo platforms, in EVPN-VXLAN scenario, with "proxy-macip-advertisement" knob configured, few ARP/ND/MAC entries may get missing.
PR Number Synopsis Category: FIPS related issues
1623128 FIPS mode enabling fails with self-test failure and kernel crash
Product-Group=junos
FIPS mode enabling fails with self-test failure and kernel crash
PR Number Synopsis Category: all logging related bugs on srx platforms
1620018 On SRX Series devices using On-Box Logging, LLMD write failures may be seen under high load. The output of 'show security log llmd counters' can be used to view LLMD behaviour.
Product-Group=junos
On SRX Series devices using On-Box Logging, LLMD write failures may be seen under high load. The output of 'show security log llmd counters' can be used to view LLMD behaviour.
PR Number Synopsis Category: Multiprotocol Label Switching
1598207 Sometimes MPLS LSP may go down due to a timing issue when a protected link goes down
Product-Group=junos
When a protected link goes down, MPLS gets tunnel local repair message from RSVP and trigger CSPF computation. Next, MPLS gets link protection information through RRO notification. If MPLS receives TED notification first before RRO notification, then CSPF computation fails. Since the link protection flag is not set, MPLS thinks it is an unprotected link and brings down the LSP.
PR Number Synopsis Category: Multicast for L3VPNs
1562056 PIM: error finding the 224.1.1.1 PIM (S G) join state on CE1 (R3) and multicast route extensive group o/p is NULL
Product-Group=junos
Software change introduced by PR1549182 makes an assumption that the secondary routes were never leaked to other routing instances. Hence, blocking secondary routes to all VRFs and instance inetx.x tables. This change breaks exporting routes when both primary routes and secondary routes are from the same instance.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1518898 The kernel might crash if a file/directory is accessed for the first time and is not created locally
Product-Group=junos
On the Junos with Virtual Filesystem (VirtFS), if a file/directory is accessed for the first time and is not created locally, the kernel might crash and generate a vmcore file. Junos might reboot due to this issue.
1568757 The image validation is not supported during upgrading from Pre 21.2 to 21.2 and onward
Product-Group=junos
Please use the "no-validate" options -- ie. "cli> request system software add no-validate " -- when upgrading software from Junos version 21.1 or earlier to Junos version 21.2R1 or later.
PR Number Synopsis Category: Express Paradise PFE Sflow
1620140 PTX sflow server log does not contain srcIP and desIP details
Product-Group=junos
Missing the srcIP and desIP values from records sent to a sflow server.
PR Number Synopsis Category: Issues related to PKI daemon
1580442 PKID core during auto-re-enrollment of CMPv2 certificates.
Product-Group=junos
During auto-reenrollment of cmpv2 certificates, if the CA server is unresponsive and cmpv2 request retries has reached the maximum limit, then pkid core might occur. This is a corner case scenario and core is not frequent .
PR Number Synopsis Category: analyzer on QFX 5100,5200, 5110
1581542 When soft loopback port and analyzer configs are committed together, Mirror ingress to local port is not working .
Product-Group=junos
When soft loopback port and analyzer configs are committed together, Hardware is not getting programmed with the analyzer. This issue is not seen when physical loopback is used to achieve the same.
1631618 IPv6 neighbor solicitation and arp packets are mirrored to 'Remote Mirroring with VXLAN Encapsulation' collector even when there is no interface/vlan is configured to be mirrored.
Product-Group=junos
In "Remote Mirroring with VXLAN Encapsulation" Physical/Softloopback ports are used to achieve the VXLAN encapsulation of the mirrored traffic. When mirrored traffic packets are of NS/ARP these packets are sent to the CPU and are re-injected back to RSPAN VLAN, which will cause the LOOP between the loop-backed ports and in turn sent to the remote collector.
PR Number Synopsis Category: QFX L2 PFE
1618920 JUNOS:JDI_FT_REGRESSION: PROTOCOLS: SWITCHING:INTERFACES: DCPFE core seen at itable16_getnext (table=0x0, prev_index=0xaf99beae, ret_index=0xaf99beae) at ../../../../../../../../src/pfe/common/ toolkits/itable/itable.c:579
Product-Group=junos
During device reboot, if the fast boot is not enabled then dcbcm_shutdown_all_ports() is called to shut down all ports. During this ala88e1111_shutdown_all() tries to deactivate all links and check for ala88e1111_ctrl.itable is missing after freeing the link. This resulted in NULL Table access causing the FPC to create a core file. This issue is fixed by PR1613702.
PR Number Synopsis Category: Remote Access VPN issues on SRX
1611003 Juniper Secure Client: traffic gets dropped during reaching JSC installed CLIENT from SERVER behind gateway in TCP path finder enabled VPN gateway
Product-Group=junos
The issue is when we enable TCP path finder in the VPN gateway, VPN connection is established properly. After VPN connection is established, able to ping from JSC installed CLIENT to SERVER behind gateway, but unable to ping from SERVER behind gateway to JSC installed CLIENT
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1530160 DHCP-Relay : The offer message from the server reaching the relay agent ,However not forwarded to IRB's on which clients are connected.
Product-Group=junos
When the DHCP relay mode is configured as no-snoop, we are observing the offer gets dropped due to incorrect asic programming. This issue only affects while running DHCP relay on EVPN/VXLAN environment.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1609201 DFWD core-dump
Product-Group=junos
Dfwd cored when accessing ephemeral db files which is deleted through script.
PR Number Synopsis Category: VMHOST platforms software
1571753 Packets with the MAC address of eth0 and macvlan0@eth0 interface might be sent out to the management interface on VMHOST platform with specific NG-RE
Product-Group=junosvae
On VMHost platform with specific NG-RE (e.g., RE-S-X6 on MX240/MX480/MX960, REMX2K-X8 on MX2010/MX2020, REMX2008-X8 on MX2008, RCB-PTX-X6 on PTX3000, RE-PTX-X8 on PTX5000, EX9200-RE2 on EX9204/EX9208/EX9214, SRX5K-RE3 on SRX5400/5600/5800), the physical management interface is virtualized and mapped to fxp0 interface in Junos (Guest OS), eth0 and macvlan0@eth0 interface in host OS. Currently, IPv6 is enabled by default on eth0 and macvlan0@eth0 interface on host OS. During system bootup or the management interface coming up, the management interface (i.e., eth0 and macvlan0@eth0 interface) on the host OS might respond to IPv6 Neighbor Discovery protocol packets. It could cause the upstream router to learn the MAC address of eth0 and macvlan0@eth0 interface instead of fxp0 interface in Junos. In certain deployments (based on the upstream router configurations), the upstream router might disable the access to fxp0 interface.
PR Number Synopsis Category: usf ipsec related issues
1625888 Packet loops in the pic even after stopping the traffic on MX platform with SPC3 line card
Product-Group=junos
Packet loop might happen when IPsec SA be deleted (command clear/rekey, etc), which will causing high CPU. Clear SA again to recover
PR Number Synopsis Category: usf nat related issues
1588046 show services count on vms interface is not as expected while sending FTP traffic from public side after configuring with NAPT44+EIM+APP+PCP
Product-Group=junos
In USF mode (MX-SPC3), With NAPT44,EIM,APP & PCP configuration, show services session count on vms interface is not as expected for FTP traffic initiated from public side.
Modification History:
First publication 2021-12-27
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search