Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

20.1R3-S3: Software Release Notification for JUNOS Software Version 20.1R3-S3



Article ID: TSB18255 TECHNICAL_BULLETINS Last Updated: 05 Jan 2022Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
Alert Description:
Junos Software Service Release version 20.1R3-S3 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Risk Risk Description
Low/Notification - No defined time impact to take action Software Release Notification
Impact Impact Description
Low/Notification - Monitor the situation but no action needed Software Release Notification


Junos Software service Release version 20.1R3-S3 is now available.

20.1R3-S3 - List of Fixed issues

PR Number Synopsis Category: EX4300 PFE
1623429 Route leak from master routing-instance to custom routing-instance failure occurs for local interface
Local interface(e.g..lo0.0) is configured under master routing-instance and leaked the route to another routing-instance.
PR Number Synopsis Category: EX2300/3400 PFE
1627857 Packet drop might be observed when L2PT is configured on transit device
On ACX/EX/QFX Junos platforms with Q-in-Q setup in SP(Service Provider) style configuration, when L2PT (Layer2 Protocol Tunneling) is enabled on a transit switch, mac rewritten packets might get dropped on the transit device due to which protocol (for example, STP) convergence fails between the end nodes and thus L2PT breakage could be observed for service-VLANs included in the environment.
PR Number Synopsis Category: SPC3 HW and SW Issues
1535536 The spcd process might crash during early initialization
On SRX5000 Series devices with SRX5K-SPC3 installed, the spcd process might crash during early initialization (e.g, during system bootup or system reboot). This issue will not always occur, it occurs in a race condition.
1625579 The flowd process lost heartbeat for 45 consecutive seconds without alarm raised
On SRX5K platforms with SPC3 card used, if the flowd process lost heartbeat for 45 consecutive seconds, all FPCs might reboot. However, the device marks the flowd process as down without alarm raised, the failover does not happen right away. Traffic loss might be seen due to this issue. Fix raises alarm at earlier stage. If cluster, there will be sooner failover.
PR Number Synopsis Category: CoS support on ACX
1620137 Traffic might get equally load-balanced irrespective of the scheduler configuration
On legacy ACX platforms, when HQOS(Hierarchical Quality of Service) is configured on physical interface and TCP(Traffic Control Profile) is attached to an IFL(logical interface) that has scheduler-map with transmit-rate configured in percent without guaranteed-rate configuration, traffic would be equally load-balanced, and not based on the configured transmit-rate.
PR Number Synopsis Category: BBE interface related issues
1624772 The AE member link might not be correctly populated on the PFE after FPC restart on MX series platforms
After FPC restart, the Aggregated Ethernet (AE) member link might not be populated on the PFE when using AE interfaces in dynamic profiles having targeted-distribution enabled on MX series platforms in subscriber environment.
PR Number Synopsis Category: Border Gateway Protocol
1620463 The rpd may crash and restart when NSR is enabled
On all Junos with NSR (nonstop routing) enabled the rpd crash and restart may occur when RPKI (Resource Public Key Infrastructure) records are being replicated between the primary and backup RE (Routing Engine) and some of the records are withdrawn over the RPKI session.
1626367 Time delay to export prefixes to BGP neighbors might occur post applying peer-specific BGP export policies
On all Junos and EVO Platforms, when BGP export policies were changed from deny all to the peer-specific export policies, it might take several hours for the RPD/BGP to finish the export evaluation.
PR Number Synopsis Category: BBE Remote Access Server
1625858 Radius CoA (Change of Authorization) NAK may not be sent with the configured Source Address in a virtual-router environment
On all Junos, when running a radius server in multiple routing instances, the CoA NAK messages uses the interface address instead of the configured source address for non-existent sessions. This issue happens when the Radius server is configured in different virtual routers with different settings.
PR Number Synopsis Category: DNX platform MPLS FRR features
1621425 On ACX5448 and ACX710 platforms with L3VPN scenarios after multiple core link or protocol flaps, the errors may be observed
On the ACX5448 and ACX710 platforms running with L3VPN service, After multiple core link or protocol flaps, the following errors could be seen which will result in repeated L3VPN service Unilist next-hop install and uninstall in HW.
PR Number Synopsis Category: Covers Application classification workflows apart from custo
1608915 On All SRX devices that use Layer 7 inspection like ipd or APPId, a coredump may be seen in rare situations
AppID is double freeing the memory during appsigpack switch in a corner case which is causing the core. This double free can also happen without appsigpack switch in a rare corner case.
1613516 For apps getting classified on first packet, the volume update syslog is not getting generated.
On Junos 21.3R1 release, due to the default enablement of PMI(Power Mode IPSec) express path at FLOW end, for apps getting classified on first packet, the volume update log is not getting triggered. Workaround is to disable PMI using config : "set security flow power-mode-disable".
1625364 Coredumps might be reported on installing IDP security package
On SRX platforms, when installing IDP sigpack, it might impact SRXPFE core file generation. It is a memory corruption issue.
PR Number Synopsis Category: EX driver issues
1600291 The SFP-T port might stop forwarding traffic on EX4600 platforms
On EX4600, after performing an upgrade, the peer device is rebooted, the peer interface is disabled/enabled or rebooting EX4600, then the SFP-T port on EX4600 might remain in up state but could not forward traffic.
PR Number Synopsis Category: jdhcpd daemon
1625617 The rpd scheduler might continuously slip after GRES when there are 7k DHCP clients in a subscriber management environment
On the MX10008 platform with larger subscribers management, when it is configured as a DHCP (Dynamic Host Configuration Protocol) server having 7k DHCP clients binding, the commit can become very slow. After doing GRES (Graceful Routing Engine Switchover), the rpd may continuously run high CPU and scheduler slips for 20 minutes and may cause protocol flaps.
PR Number Synopsis Category: jl2tpd daemon
1629104 L2TP tunnels may go down and not able to re-establish after restarting the bbe-smgd process
On MX configured as L2TP access concentrator (LAC), if the bbe-smgd process is restarted when L2TP tunnels are getting down (e.g. L2TP tunnel will get down due to retransmission timed out caused by loss of IP connection between LAC and LNS) and later on the same tunnels are selected to tunnel new subscriber sessions, these L2TP tunnels may be stuck in down state and not be able to re-establish. The issue could cause the subscriber to lose connectivity. This is a timing issue.
PR Number Synopsis Category: Flow Module
1619321 Security traffic log display service-name="None" for some application
On SRX series devices, the expected service name for some application does not display in security traffic log, however service-name="None" is displayed.
PR Number Synopsis Category: User Firewall related issues
1589108 The jsqlsyncd process files generation might cause device to panic crash after upgrade
On SRX-Series devices configured in high-availability, after upgrade jsqlsyncd process files might get generated which might result in device panic crash.
1605933 Memory leak at the useridd process might be observed when Integrated User Firewall is configured
On SRX-Series devices having Integrated User Firewall enabled with Active Directory as the authentication source, memory leak might be observed at the useridd process.
PR Number Synopsis Category: IPSEC/IKE VPN
1574409 The SRXPFE process might crash and generate a core file when IPsec VPN is used
On SRX4000 and SRX5000 Series devices, the SRXPFE process might crash and generate a core file when IPsec VPN is configured.
1601047 Wrong st0 IFL deletion at spoke when multiple VPNs negotiate same destination address as TS
The general trigger is when multiple VPNs configured have the traffic selectors which have same remote-ip/subnet. And if one of the tunnels go down the wrong st0 route gets deleted.
1627557 Traffic over IPSec tunnels may be dropped post control link failure
After control-link failure, the traffic over IPSec tunnels might be dropped.
PR Number Synopsis Category: Security platform jweb support
1629978 skip to jweb not working for srx300
The J-Web setup wizard may not function correctly on SRX300 and SRX320 devices. The work around is to perform initial configuration manually.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1599094 The l2ald process may crash due to memory leak when all active interfaces in a VLAN are unstable
When none of the constituent active interfaces on a VLAN is stable, memory leak may occur which might eventually lead l2ald to crash. No memory leak will be seen if one or some constituent interfaces are flapping but the VLAN has at least one active stable interface overall.
PR Number Synopsis Category: MX104 Software - Kernel
1607282 In subscriber management scenario, under a rare condition, the RE reboots and generates a vmcore
In subscriber management scenario, under a rare condition, the kernel might crash at very rare condition due to a null pointer check when an entry lookup is performed.
PR Number Synopsis Category: Neo Interface
1621286 Flapping of all ports in the same PFE may cause PFE to be disabled
On MPC1/MPC1E/MPC2/MPC2E/MPC-3D-16/EX9200-40T/EX9200-40F/EX9200-40F-M line card and in a very rare situation, all ports from the same PFE going down may cause error of mqchip_disable_ostream timeout. When this error is seen, a temporary host loopback path wedge error may occur and trigger disable-pfe. The wedge can be cleared by itself but the disable-pfe needs a FPC reboot to recover.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1570148 A false error related to insufficient space might appear while installing a Junos image that is corrupted
On all Junos platforms, the upgrade might fail with a false error related to insufficient space when trying to install Junos from a corrupted package.
PR Number Synopsis Category: Kernel Tunnel Interface Infrastructure
1621696 Traffic loss can be seen on the new master RE post GRES
On all Junos platforms with GRE (Generic Routing Encapsulation) configuration, when we disable the gr interface on master RE and enable it on new master RE post GRES, traffic loss can be seen on the new master RE.
PR Number Synopsis Category: vMX Platform Infrastructure related issue tracking
1537729 MX150 Unexpected Behavior after using the command request system software validate
'request system software validate' command is disabled currently from 19.4 and above. Customer can validate the same using 'request system software add'.
PR Number Synopsis Category: VRR (Virtual Route Reflector) for MX
1635950 vRR VM might establish its identity as "Olive" after a CLI s/w upgrade
vRR VM might come up as Olive after a CLI sw upgrade using junos-install-mx* package if the XML used to spawn the VM didn't have SMBIOS entry "VRR".
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1584902 The QFX5k/10k device might get hanged after reboot for sometime
On QFX5k/10K switches, during reboot in certain instances the device may get into a state where Junos virtual machine hangs until the NMI is triggered and reboots fully. The system recovers after ~30 mins.
PR Number Synopsis Category: QFX L2 PFE
1637249 Configuring L2PT on a transit switch in a Q-in-Q environment breaks L2PT for other S-VLANs
When L2PT (Layer2 Protocol Tunneling) is enabled on a transit switch using SP style configuration, protocol convergence between end nodes might fail.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1571471 The dcpfe crash is seen after running MC-LAG profile config
The FPC/dcpfe crash may be seen after loading MC-LAG (Multichassis link aggregation groups) on all QFX5k platforms with BFD (Bidirectional Forwarding Detection used to detect link failures) configured. A MC-LAG is a type of link aggregation group with constituent ports that terminate on separate chassis, for providing redundancy in the event one of the chassis fails
1610093 Ping to lo0/IRB over Type-5 fails
In an EVPN-VXLAN (spine-leaf) scenario, any route received as Type-5 may not be reachable. When we are pinging an IP learned over Type-5, the packet should be mapped to one of the IRB in that routing instance, else the packet is discarded. Fix is to use all the available routes in the routing instance for this mapping.
PR Number Synopsis Category: QFX EVPN / VxLAN
1561588 Dcpfe process might crash on after committing EVPN-VXLAN profile configuration and ARP resolution may fail causing traffic issues.
Dcpfe process might crash on after committing EVPN-VXLAN profile configuration and ARP resolution may fail causing traffic issues.
PR Number Synopsis Category: QFX5100 Virtual Chassis
1619997 Disabled VCP (Virtual chassis port) will be UP after the optic on it is reseated
On all EX and QFX platforms, disabled VCP(Virtual Chassis Port) using the command "request virtual-chassis vc-port set interface vcp-xx/xx/xx disable member XX" will be up after the optic on it is reseated. It should keep disabling VC on the port. After it is UP and then a Master switchover is performed, the port will be disabled.
PR Number Synopsis Category: Indirect nexthop routing infrastructure
1613723 The process rpd might crash in BGP rib-sharding scenario
In all Junos and Junos Evolve platforms, rpd crash might be seen when BGP rib-sharding is enabled and it may affect services/traffic.
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1635009 Multipath route getting formed for a VPN prefix due to incorrect BGP route selection logic
On all Junos and EVO platforms running BGP, when a specific route is received from multiple places under a VRF, multipath route is getting formed even though the BGP route selection algorithm has the active route with higher local preference. Once multipath is formed, the traffic forwarding is happening based on that, and it may result in some traffic going to an unwanted path. Please refer to KB37775 for more details.
PR Number Synopsis Category: SRX branch platforms
1580667 [SRX] error message tcp_timer_keep:Local(0x81100001:60753) Foreign(0x8f100001:33010) is seen in messages log every 80 seconds
On SRX series platform with Chassis Cluster, tcp_timer_keep:Local(0x81100001:60753) Foreign(0x8f100001:33010) is seen in messages log every 80 seconds.
1630886 LLDP packets may be sent with incorrect source MAC for RETH/LAG child members
On all platforms, when LLDP is run on child members of LAG/Redundant Ethernet (RETH) interfaces, LLDP packets may not be sent out with interface hardware address as source MAC. Instead, packets will be sent out using LAG/RETH interfaces MAC address. So, in case if the RETH/LAG interface MAC address changes, the source MAC address of LLDP packets will also change dynamically. Which will affect any service that relays on LLDP.
PR Number Synopsis Category: SRX5XX platform
1575231 The fxp0 interface of an SRX550 in cluster might become unreachable from an external network
On SRX550 configured with chassis cluster, fxp0 interfaces might not be reachable from external management interface when the fxp0 and redundant Ethernet(reth) interfaces are in separate routing instances. This is because there is no ARP entry for the reth interface in fxp0 ARP table. As a result of this, SRX cluster cannot be accessed from an external management network.
PR Number Synopsis Category: Stout cards (MPC8, MPC9) fabric issues
1617469 MPC8E in 1.6T bandwidth mode may not work correctly
If MPC8E is set in 1.6T bandwidth mode, it may not work correctly and the end result is that the MPC8E will not be able to see 1.6T throughput (as configured) and will see fabric drops at higher traffic rates. The 1.6T bandwidth fabric parameters are not getting applied to SFBs.
PR Number Synopsis Category: ZT/YT pfe firewall software
1627986 FPC might restart with syslog filter action configured
On EVO-based PTX platforms and all MX series platforms with MPC10+, configuring syslog as a filter action may cause the FPC to restart.
PR Number Synopsis Category: Trio pfe qos software
1619630 CoS custom classifier might not work on logical interface
On all MX series platforms, in a rare case when CoS classifier binding message received before logical interface family creation message to PFE, traffic might be classified with default classifier instead of custom classifier. Due to this, traffic may not be classified and mapped to the right Queue resulting in not right CoS treatment for the traffic.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1606731 The FPC might crash if 'flow-table-size' is configured on MX platforms
On MX platforms, if knob 'set chassis fpc slot-number inline-services flow-table-size' or 'set chassis fpc slot-number inline-services flex-flow-sizing' is configured, the FPC might crash.
PR Number Synopsis Category: Authentication, Authorization, Accounting, PAM (RADIUS/tacplus)
1620564 SRX Accounting and auditd process might not work on secondary node
On SRX platforms, auditd process might not work in any of the cluster nodes except protocol master, hence accounting logs (login/logout/command execution logs) might not be sent to the configured authentication authorization and accounting (AAA) TACACS/RADIUS servers. The auditd process is responsible for accounting and hence this feature might be impacted.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1586229 Fix fast-diff to detect the change when a deactivated delta-list element is deleted
Fix fast-diff to detect the change when a deactivated delta-list element is deleted
PR Number Synopsis Category: PTX/QFX10002/8/16 specific software components
1599183 False fan failure alarm flaps (set and cleared) frequently
Joule FTs on evo/Scapa has implemented dampening the zero speed failures. Vale/Junos will implement the same via this PR for joule FTs.
PR Number Synopsis Category: PTX/QFX100002/8/16 interface software
1600768 CRC errors increase continuously after interface flap
On PTX10008/PTX10016 devices with LC1101/LC1102/LC1103 line cards, interface flapping may cause the interface CRC errors increase continuously, then traffic loss might be seen. This is a rare timing issue.

20.1R3-S3 - List of Known issues

PR Number Synopsis Category: CFM
1536417 FPC might core if CFM flap trap monitor feature in use
FPC might core if flap-trap-monitor feature under "set protocols oam ethernet cfm performance-monitoring sla-iterator-profiles" is used and performance monitoring flap occurs.
PR Number Synopsis Category: EVPN control plane issues
1600310 Bridge mac-table learning entries might not be as expected for the EVPN-MPLS routing instance
When using the logical tunnel (lt-) interface to stitch EVPN-MPLS and EVPN-VxLAN, bridge mac-table learning entries might not be as expected for the EVPN-MPLS routing instance. This is due to the AD (Auto-Discovery) route per ESI with VxLAN encapsulation community which is ignored on MPLS routing instance.
PR Number Synopsis Category: Express PFE MPLS Features
1618507 Traffic loss might be observed with some MPLS labels in multipath BGP scenarios
On all PTX platforms, when a Provider Edge (PE) router is configured with multipath, traffic loss might be seen even though the link is up.
PR Number Synopsis Category: QFX5100 Platform optics
1606003 QFX5100 : Generate an optical power after detached and attached QSFP on disabled interface.
Modification History:
First publication 2022-01-05
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search