[AusNOG] Older Juniper J series routers - time bomb

Skeeve Stevens skeeve+ausnog at eintellegonetworks.com
Sat Mar 29 16:49:49 EST 2014

Some info from Juniper:



*Q: What is the nature of this issue?*

Junos software licenses are required to enable certain Junos software
features. When a license expires, the features that are licensed on a
device that is running an impacted version of Junos will cease to operate.

*Q: What should a customer do if they believe they have been, or might be,
impacted by this issue?*

Customers should contact JTAC or their Juniper Service Engineer, following
standard processes. Fixes for the issue are available, and the JTAC team
can assist in proactive remediation, as well.

*Q: What are the symptoms of this issue? How will a customer know if they
are impacted by it?*

There are a wide variety of symptoms. The indicator of this issue is an
"expired certificate" message in the syslog. Diagnostic details are found
in the Technical Service Bulletin (TSB16366).

*Q: Does this issue impact all versions of Junos?*

This primarily impacts Junos 9.6 and older where the licensed feature will
stop working. For Junos 10.0 - 11.4, any new or renewed licenses (after
24/March/2014) will require the installation of a certificate on the
device. Junos 12.1 and above are NOT impacted.

*Q: Has JTAC identified a fix?*

JTAC has identified fixes for each impacted version of Junos and has
released TSB16366.

*Q: Has this issue been resolved for future releases of Junos?*

Yes. Junos 12.1 and higher are not impacted. Any new 11.4 releases will
have the relevant certificate added as part of the Junos image.


On 29/03/2014 9:47 AM, "Tom Storey" <tom at snnap.net> wrote:

> Juniper have released a fix.
> http://kb.juniper.net/InfoCenter/index?page=content&id=TSB16366
> Ive applied it to my J2300 running 9.3r4.4, and waiting patiently for
> my FPC to come back...
> On 27 March 2014 16:57, Tom Storey <tom at snnap.net> wrote:
> > Perusing the j-nsp list I came across this thread:
> >
> > http://www.gossamer-threads.com/lists/nsp/juniper/50450
> >
> > If youre running any older J series (i.e. x300), or were thinking of
> > digging them out to use for some purpose, you might be in for a
> > slightly rude shock.
> >
> > Otherwise its a "sad" thing to see. I have a J2300 in my lab at home
> > which works great in such a role, it would be a shame to have to ditch
> > it due to an expired certificate.
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140329/36525e33/attachment.html>

More information about the AusNOG mailing list