Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

19.4R3-S7: Software Release Notification for JUNOS Software Version 19.4R3-S7



Article ID: TSB18256 TECHNICAL_BULLETINS Last Updated: 13 Jan 2022Version: 3.0
Alert Type:
SRN - Software Release Notification
Product Affected:
Alert Description:
Junos Software Service Release version 19.4R3-S7 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Risk Risk Description
Low/Notification - No defined time impact to take action Software Release Notification
Impact Impact Description
Low/Notification - Monitor the situation but no action needed Software Release Notification


Junos Software service Release version 19.4R3-S7 is now available.

19.4R3-S7 - List of Fixed issues
PR Number Synopsis Category: EX4300 PFE
1623429 Route leak from master routing-instance to custom routing-instance failure occurs for local interface
Local interface(e.g..lo0.0) is configured under master routing-instance and leaked the route to another routing-instance.
PR Number Synopsis Category: SPC3 HW and SW Issues
1535536 The spcd process might crash during early initialization
On SRX5000 Series devices with SRX5K-SPC3 installed, the spcd process might crash during early initialization (e.g, during system bootup or system reboot). This issue will not always occur, it occurs in a race condition.
1625579 The flowd process lost heartbeat for 45 consecutive seconds without alarm raised
On SRX5K platforms with SPC3 card used, if the flowd process lost heartbeat for 45 consecutive seconds, all FPCs might reboot. However, the device marks the flowd process as down without alarm raised, the failover does not happen right away. Traffic loss might be seen due to this issue. Fix raises alarm at earlier stage. If cluster, there will be sooner failover.
PR Number Synopsis Category: CoS support on ACX
1620137 Traffic might get equally load-balanced irrespective of the scheduler configuration
On legacy ACX platforms, when HQOS(Hierarchical Quality of Service) is configured on physical interface and TCP(Traffic Control Profile) is attached to an IFL(logical interface) that has scheduler-map with transmit-rate configured in percent without guaranteed-rate configuration, traffic would be equally load-balanced, and not based on the configured transmit-rate.
PR Number Synopsis Category: chassisd related issues for high-end SRX platforms
1596118 Delay might be observed between Services Processing Card(SPC) failing and failover to other node
On SRX-Series devices with SPC3, when SPC3 fails in specific circumstances, there might be delay observed in failover to other node.
PR Number Synopsis Category: BBE interface related issues
1624772 The AE member link might not be correctly populated on the PFE after FPC restart on MX series platforms
After FPC restart, the Aggregated Ethernet (AE) member link might not be populated on the PFE when using AE interfaces in dynamic profiles having targeted-distribution enabled on MX series platforms in subscriber environment.
PR Number Synopsis Category: Border Gateway Protocol
1620463 The rpd may crash and restart when NSR is enabled
On all Junos with NSR (nonstop routing) enabled the rpd crash and restart may occur when RPKI (Resource Public Key Infrastructure) records are being replicated between the primary and backup RE (Routing Engine) and some of the records are withdrawn over the RPKI session.
1626367 Time delay to export prefixes to BGP neighbors might occur post applying peer-specific BGP export policies
On all Junos and EVO Platforms, when BGP export policies were changed from deny all to the peer-specific export policies, it might take several hours for the RPD/BGP to finish the export evaluation.
PR Number Synopsis Category: BBE Remote Access Server
1625858 Radius CoA (Change of Authorization) NAK may not be sent with the configured Source Address in a virtual-router environment
On all Junos, when running a radius server in multiple routing instances, the CoA NAK messages uses the interface address instead of the configured source address for non-existent sessions. This issue happens when the Radius server is configured in different virtual routers with different settings.
PR Number Synopsis Category: Captive Portal, Content Delivery Daemon, and Service Plugin
1614903 Modifying the input service-filter via COA may fail in subscriber management environment
In Junos Subscriber Management environment with Captive Portal Content Delivery (CPCD) service enabled, if the subscriber logs in with input service filter configured in a dynamic service-set , when modifying input service-filter using Change of Authorization (CoA), a non-acknowledgment (CoA NAK) may be received and the modification fails.
PR Number Synopsis Category: QFX Control Plane VXLAN
1524485 The kernel crash might happen in EVPN-VXLAN scenario
On all Junos platforms which support (Ethernet VPN) EVPN (Virtual Extensible LAN) VXLAN, if Aggregation Ethernet (AE) interface or Redundant Logical Tunnel (RLT) interface is configured in the underlay network for EVPN/VXLAN, when there is ARP request generated and flooded to the core side, the kernel crash might happen due to this issue.
PR Number Synopsis Category: DNX platform MPLS FRR features
1621425 On ACX5448 and ACX710 platforms with L3VPN scenarios after multiple core link or protocol flaps, the errors may be observed
On the ACX5448 and ACX710 platforms running with L3VPN service, After multiple core link or protocol flaps, the following errors could be seen which will result in repeated L3VPN service Unilist next-hop install and uninstall in HW.
PR Number Synopsis Category: Covers Application classification workflows apart from custo
1625364 Coredumps might be reported on installing IDP security package
On SRX platforms, when installing IDP sigpack, it might impact SRXPFE core file generation. It is a memory corruption issue.
1626589 21.3R2:VSRX3.0:SRX-RIAD:APPID: Application package installation failed in pfe with error is seen while repetative enabling/disabling of application/groups
Application Signature package installation might fail in cases with repetitive enabling/disabling of applications/group in configuration.
PR Number Synopsis Category: EVPN control plane issues
1562160 The rpd might crash under EVPN-VPWS environment
Within Ethernet VPN-Virtual Private Wire service (EVPN-VPWS) environment, if the interface assigned to VPWS instance is changed from single-homed access to multi-homed access, rpd might crash. Traffic could be self-recovered if rpd restart is success.
1600310 Bridge mac-table learning entries might not be as expected for the EVPN-MPLS routing instance
When using the logical tunnel (lt-) interface to stitch EVPN-MPLS and EVPN-VxLAN, bridge mac-table learning entries might not be as expected for the EVPN-MPLS routing instance. This is due to the AD (Auto-Discovery) route per ESI with VxLAN encapsulation community which is ignored on MPLS routing instance.
PR Number Synopsis Category: Express PFE MPLS Features
1618507 Traffic loss might be observed with some MPLS labels in multipath BGP scenarios
On all PTX platforms, when a Provider Edge (PE) router is configured with multipath, traffic loss might be seen even though the link is up.
PR Number Synopsis Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip
1517081 The rpd calculates available memory wrongly when running in 64-bit mode
When rpd is operating in 64bit mode, the available memory calculation is incorrectly limited to 32GB by the kernel. On systems with memory greater than 32GB (e.g. 48GB or 64GB) it can cause incorrect output from "show task memory" CLI command and syslog messages. The rpd may report values greater than 100% in use when it allocates more than 32GB of memory. This may also cause rpd to log JTASK_OS_MEMHIGH syslog messages. Example output with >100% usage: user@router> show task memory Memory Size (kB) Percentage When Currently In Use: 5321268 44% now Maximum Ever Used: 37059547 107% 20/06/11 00:27:51 Available: 34359738 100% now Example syslog message: rpd[4119]: JTASK_OS_MEMHIGH: Using 37044285 KB of memory, 107 percent of available
PR Number Synopsis Category: jdhcpd daemon
1625617 The rpd scheduler might continuously slip after GRES when there are 7k DHCP clients in a subscriber management environment
On the MX10008 platform with larger subscribers management, when it is configured as a DHCP (Dynamic Host Configuration Protocol) server having 7k DHCP clients binding, the commit can become very slow. After doing GRES (Graceful Routing Engine Switchover), the rpd may continuously run high CPU and scheduler slips for 20 minutes and may cause protocol flaps.
PR Number Synopsis Category: Flow Module
1619321 Security traffic log display service-name="None" for some application
On SRX series devices, the expected service name for some application does not display in security traffic log, however service-name="None" is displayed.
PR Number Synopsis Category: User Firewall related issues
1589108 The jsqlsyncd process files generation might cause device to panic crash after upgrade
On SRX-Series devices configured in high-availability, after upgrade jsqlsyncd process files might get generated which might result in device panic crash.
PR Number Synopsis Category: IPSEC/IKE VPN
1627557 Traffic over IPSec tunnels may be dropped post control link failure
After control-link failure, the traffic over IPSec tunnels might be dropped.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1599094 The l2ald process may crash due to memory leak when all active interfaces in a VLAN are unstable
When none of the constituent active interfaces on a VLAN is stable, memory leak may occur which might eventually lead l2ald to crash. No memory leak will be seen if one or some constituent interfaces are flapping but the VLAN has at least one active stable interface overall.
PR Number Synopsis Category: Neo Interface
1621286 Flapping of all ports in the same PFE may cause PFE to be disabled
On MPC1/MPC1E/MPC2/MPC2E/MPC-3D-16/EX9200-40T/EX9200-40F/EX9200-40F-M line card and in a very rare situation, all ports from the same PFE going down may cause error of mqchip_disable_ostream timeout. When this error is seen, a temporary host loopback path wedge error may occur and trigger disable-pfe. The wedge can be cleared by itself but the disable-pfe needs a FPC reboot to recover.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1570148 A false error related to insufficient space might appear while installing a Junos image that is corrupted
On all Junos platforms, the upgrade might fail with a false error related to insufficient space when trying to install Junos from a corrupted package.
PR Number Synopsis Category: Kernel Tunnel Interface Infrastructure
1609630 BFD over GRE tunnel interface stuck in "init" state with GRES enabled
On all JUNOS platforms, when disabling the physical interface where GRE tunnels is established and performing a GRES (Graceful Routing Engine Switchover). After GRES, enabling the physical interface will cause BFD to become stuck in init state.
1621696 Traffic loss can be seen on the new master RE post GRES
On all Junos platforms with GRE (Generic Routing Encapsulation) configuration, when we disable the gr interface on master RE and enable it on new master RE post GRES, traffic loss can be seen on the new master RE.
PR Number Synopsis Category: vMX Platform Infrastructure related issue tracking
1537729 MX150 Unexpected Behavior after using the command request system software validate
'request system software validate' command is disabled currently from 19.4 and above. Customer can validate the same using 'request system software add'.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1584902 The QFX5k/10k device might get hanged after reboot for sometime
On QFX5k/10K switches, during reboot in certain instances the device may get into a state where Junos virtual machine hangs until the NMI is triggered and reboots fully. The system recovers after ~30 mins.
PR Number Synopsis Category: QFX L2 PFE
1614767 On QFX5K VLAN firewall filter is not deleted in PFE after configuration change
For VLAN based firewall filters configured on QFX5K series platforms, when replacing a firewall filter with another one, the previous filter might not be deleted in the Packet Forwarding Engine (PFE) after the configuration change, hence leading to traffic not being filtered as expected.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1571471 The dcpfe crash is seen after running MC-LAG profile config
The FPC/dcpfe crash may be seen after loading MC-LAG (Multichassis link aggregation groups) on all QFX5k platforms with BFD (Bidirectional Forwarding Detection used to detect link failures) configured. A MC-LAG is a type of link aggregation group with constituent ports that terminate on separate chassis, for providing redundancy in the event one of the chassis fails
1610093 Ping to lo0/IRB over Type-5 fails
In an EVPN-VXLAN (spine-leaf) scenario, any route received as Type-5 may not be reachable. When we are pinging an IP learned over Type-5, the packet should be mapped to one of the IRB in that routing instance, else the packet is discarded. Fix is to use all the available routes in the routing instance for this mapping.
PR Number Synopsis Category: QFX5100 Virtual Chassis
1619997 Disabled VCP (Virtual chassis port) will be UP after the optic on it is reseated
On all EX and QFX platforms, disabled VCP(Virtual Chassis Port) using the command "request virtual-chassis vc-port set interface vcp-xx/xx/xx disable member XX" will be up after the optic on it is reseated. It should keep disabling VC on the port. After it is UP and then a Master switchover is performed, the port will be disabled.
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1635009 Multipath route getting formed for a VPN prefix due to incorrect BGP route selection logic
On all Junos and EVO platforms running BGP, when a specific route is received from multiple places under a VRF, multipath route is getting formed even though the BGP route selection algorithm has the active route with higher local preference. Once multipath is formed, the traffic forwarding is happening based on that, and it may result in some traffic going to an unwanted path. Please refer to KB37775 for more details.
PR Number Synopsis Category: SRX branch platforms
1548626 When Junos OS software is upgraded to Junos OS Release 20.3, you might see the error "ERROR: Failed to setup symlinks in alternate root".
Older version JUNOS upgrade to 20.3R1 and later version will appear this "ERROR: Failed to setup symlinks in alternate root" warning. This is because during install 20.3R1 JUNOS package, it will extract a 'kernel' file at /altroot/ which lead to it create the /altroot/kernel symlink fail. it is by design, the 20.3R1 is successfully installed without the symlink.
1580667 [SRX] error message tcp_timer_keep:Local(0x81100001:60753) Foreign(0x8f100001:33010) is seen in messages log every 80 seconds
On SRX series platform with Chassis Cluster, tcp_timer_keep:Local(0x81100001:60753) Foreign(0x8f100001:33010) is seen in messages log every 80 seconds.
1630886 LLDP packets may be sent with incorrect source MAC for RETH/LAG child members
On all platforms, when LLDP is run on child members of LAG/Redundant Ethernet (RETH) interfaces, LLDP packets may not be sent out with interface hardware address as source MAC. Instead, packets will be sent out using LAG/RETH interfaces MAC address. So, in case if the RETH/LAG interface MAC address changes, the source MAC address of LLDP packets will also change dynamically. Which will affect any service that relays on LLDP.
PR Number Synopsis Category: SRX5XX platform
1575231 The fxp0 interface of an SRX550 in cluster might become unreachable from an external network
On SRX550 configured with chassis cluster, fxp0 interfaces might not be reachable from external management interface when the fxp0 and redundant Ethernet(reth) interfaces are in separate routing instances. This is because there is no ARP entry for the reth interface in fxp0 ARP table. As a result of this, SRX cluster cannot be accessed from an external management network.
PR Number Synopsis Category: Stout cards (MPC8, MPC9) fabric issues
1617469 MPC8E in 1.6T bandwidth mode may not work correctly
If MPC8E is set in 1.6T bandwidth mode, it may not work correctly and the end result is that the MPC8E will not be able to see 1.6T throughput (as configured) and will see fabric drops at higher traffic rates. The 1.6T bandwidth fabric parameters are not getting applied to SFBs.
PR Number Synopsis Category: MX10003/MX204 Platform SW - Chassisd s/w defects
1575029 The chassisd process might have memory leak issue and crash in long term
Starting 19.4, On MX204/MX10003 and SRX4600 platforms, the chassisd process on the primary Routing-Engine (RE) keep leaking memory without any trigger. When chassisd memory usage reaches 3.5GB it may crash and trigger RE switchover. In some production cases, the RE switchover has triggered temporary traffic impact even on NSR/GRES enabled systems. The rate of memory leak is depending on how many optics/SFPs the system has. Rate of leak = 'Number of optics/SFPs under the system has' * 16Bytes per every 6 seconds. On older Junos (19.3 and earlie), the leak is happening when interface configuration/reconfigurations or change in PIC mode or port speed configuration or SFP initilization is done.
PR Number Synopsis Category: Trio pfe qos software
1619630 CoS custom classifier might not work on logical interface
On all MX series platforms, in a rare case when CoS classifier binding message received before logical interface family creation message to PFE, traffic might be classified with default classifier instead of custom classifier. Due to this, traffic may not be classified and mapped to the right Queue resulting in not right CoS treatment for the traffic.
PR Number Synopsis Category: Authentication, Authorization, Accounting, PAM (RADIUS/tacplus)
1620564 SRX Accounting and auditd process might not work on secondary node
On SRX platforms, auditd process might not work in any of the cluster nodes except protocol master, hence accounting logs (login/logout/command execution logs) might not be sent to the configured authentication authorization and accounting (AAA) TACACS/RADIUS servers. The auditd process is responsible for accounting and hence this feature might be impacted.
PR Number Synopsis Category: Configuration management, ffp, load action
1577626 Apply-paths might cause validation failures during JUNOS upgrade
On SRX-Series devices with apply-path configuration, during upgrade the validation might fail.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1484801 Any change in the nested groups might not be detected on commit and does not take effect
On all Junos platforms, if a group is inserted to another group, any change of the inner level group might not come into effect.
PR Number Synopsis Category: PTX/QFX10002/8/16 specific software components
1599183 False fan failure alarm flaps (set and cleared) frequently
Joule FTs on evo/Scapa has implemented dampening the zero speed failures. Vale/Junos will implement the same via this PR for joule FTs.
PR Number Synopsis Category: PTX/QFX100002/8/16 interface software
1600768 CRC errors increase continuously after interface flap
On PTX10008/PTX10016 devices with LC1101/LC1102/LC1103 line cards, interface flapping may cause the interface CRC errors increase continuously, then traffic loss might be seen. This is a rare timing issue.
PR Number Synopsis Category: VMHOST platforms software
1547669 WR Linux 6 platforms and WR Linux 9 platforms might be stuck after upgrading or downgrading image version and restarting the device
On Wind River Linux 6 (WR Linux 6) platforms and WR Linux 9 platforms using VMHOST based routing engine (RE), device might be stuck after upgrading image or downgrading image and reload the device. There is service impact if this issue happens.
PR Number Synopsis Category: Unified Services Framework
1547505 In the syslog output, the sylog-local-tag name is truncated as SYSLOG_SF when the sylog-local-tag name is configured as SYSLOG_SFW.
since one less character in the log-tag is included in the syslog output, an extra character in the configuration will resolve this issue.

19.4R3-S7 - List of Known issues

PR Number Synopsis Category: Border Gateway Protocol
1632132 The BGP session might flap after rpd crash with 'switchover-on-routing-crash' and NSR enabled in a highly scaled environment
On all Junos platforms that support NSR(Nonstop active routing), when 'switchover-on-routing-crash' is enabled, the rpd process crash will lead to Routing Engine switchover. In a highly scaled environment(about 15~19 million BGP routes), BGP(Border Gateway Protocol) session which is still sending update packets of size more than 2k might flap even when NSR is enabled. This might lead to loss of traffic till the BGP session converges after the flap. This does not happen always but happens sporadically. The switchover can be either due to rpd process crash or when switchover is performed manually.
PR Number Synopsis Category: CoS support on DNX
1623922 [RIO/acx5448] COS - EXP rewrite is not working in l3vpn scenario when mf filter is configured.
In DSCP classifier remark internal priority is populated with forwarding class and color. This remark internal priority is used as key for EXP rewrite. When applying mf filter, it modifies the remark_int_priority only with forwarding class. As the remark_int_priority modified by the mf filter, there will not be any matching rewrite rule.
PR Number Synopsis Category: jl2tpd daemon
1629104 L2TP tunnels may go down and not able to re-establish after restarting the bbe-smgd process
On MX configured as L2TP access concentrator (LAC), if the bbe-smgd process is restarted when L2TP tunnels are getting down (e.g. L2TP tunnel will get down due to retransmission timed out caused by loss of IP connection between LAC and LNS) and later on the same tunnels are selected to tunnel new subscriber sessions, these L2TP tunnels may be stuck in down state and not be able to re-establish. The issue could cause the subscriber to lose connectivity. This is a timing issue.
PR Number Synopsis Category: Firewall Policy
1636540 ISSU policy validation malfunction in certain cases
ISSU policy validation malfunction in certain cases Recommendation is to add to your upgrade pre-checks procedure the ?request security policies check? and if they appear ?out-of-sync? use the ?request security policies resync? before starting the ISSU process.
PR Number Synopsis Category: IPSEC/IKE VPN
1574409 The SRXPFE process might crash and generate a core file when IPsec VPN is used
On SRX4000 and SRX5000 Series devices, the SRXPFE process might crash and generate a core file when IPsec VPN is configured.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1584902 The QFX5k/10k device might get hanged after reboot for sometime
On QFX5k/10K switches, during reboot in certain instances the device may get into a state where Junos virtual machine hangs until the NMI is triggered and reboots fully. The system recovers after ~30 mins.
PR Number Synopsis Category: QFX platform fabric mgmt for Express ASIC chip
1559725 QFX10000-60S-6Q line card takes more than 15 mins to boot up after Panic or Watchdog reboot has been triggered
On QFX10000-60S-6Q line card on QFX10K platforms, during a reboot which is triggered by line card Linux Panic event or CPU Watchdog event, it may sometimes take more than 15 mins to come up.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1629178 There might be a crash file generated for fxpc process followed by FPC reboot
On the QFX5100, EX4600 and EX4650 platforms, crash files might be generated for fxpc process and post that the FPC may reboot. The dcpfe crash might also lead to traffic loss.
PR Number Synopsis Category: ZT/YT pfe firewall software
1627986 FPC might restart with syslog filter action configured
On EVO-based PTX platforms and all MX series platforms with MPC10+, configuring syslog as a filter action may cause the FPC to restart.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1530160 DHCP-Relay: The offer message from the server reaching the relay agent, However not forwarded to IRB's on which clients are connected
When the DHCP relay mode is configured as no-snoop, we are observing the offer gets dropped due to incorrect asic programming. This issue only affects while running DHCP relay on EVPN/VXLAN environment.
PR Number Synopsis Category: VCCP related PRs for virtual-chassis in MX
1638888 ospf/isis flaps can be seen after halting both-routing-engines together on Protocol master in MXVC
ospf/isis flaps can be seen after halting both-routing-engines together on Protocol master in MXVC
PR Number Synopsis Category: VMHOST platforms software
1544875 The VM host platform might get crashed continuously after performing upgrade/downgrade and booting up with the new image
After performing upgrade/downgrade on VM host platform, during booting up with the new image, the Wind River Linux (WRL) kernel might go into a deadlock state due to a race condition in Advanced Configuration and Power Interface (ACPI) Component Architecture (ACPICA) module in Linux kernel. This issue could cause the system to get stuck in continuous crashing state. It is a rare timing issue and currently only seen on PTX1000 with WRL6 kernel based image during upgrade/downgrade between 17.4X5 and 18.2X75-D61.
PR Number Synopsis Category: Virtual Router Redundancy Protocol
1638378 After upgradation, the tracking routes of VRRP might become unknown
On all Junos platforms, after upgradation the Virtual Router Redundancy Protocol (VRRP) state will not be correct and tracking routes of VRRP might show as unknown. The intended router might not be the VRRP master instead the peer router with less priority will be master. The route states are not correct because "route add" messages are not received at 'vrrpd' after activation of the interface. When the interface is activated an interface route is created for the address configured on the interface, 'vrrpd' will receive the addition and then update the track route state accordingly. When this is not being received at 'vrrpd' tracking routes might become unknown.
Modification History:
Update 2022-01-13 - PR1577814 was erroneously included in the "Known Issue". It has been removed.
First publication 2022-01-07
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search