[AusNOG] Older Juniper J series routers - time bomb

Chris Hurley chris at minopher.net.au
Sat Mar 29 23:27:20 EST 2014


Just great, just great.
How to win friends..........not.


On 29/03/14 4:49 PM, "Skeeve Stevens" <skeeve+ausnog at eintellegonetworks.com>
wrote:

> Some info from Juniper:
> 
> ---
> 
> FAQs:
> 
> Q: What is the nature of this issue?
> 
> Junos software licenses are required to enable certain Junos software
> features. When a license expires, the features that are licensed on a device
> that is running an impacted version of Junos will cease to operate.
> 
> Q: What should a customer do if they believe they have been, or might be,
> impacted by this issue?
> 
> Customers should contact JTAC or their Juniper Service Engineer, following
> standard processes. Fixes for the issue are available, and the JTAC team can
> assist in proactive remediation, as well.
> 
> Q: What are the symptoms of this issue? How will a customer know if they are
> impacted by it?
> 
> There are a wide variety of symptoms. The indicator of this issue is an
> ³expired certificate² message in the syslog. Diagnostic details are found in
> the Technical Service Bulletin (TSB16366).
> 
> Q: Does this issue impact all versions of Junos?
> 
> This primarily impacts Junos 9.6 and older where the licensed feature will
> stop working. For Junos 10.0 - 11.4, any new or renewed licenses (after
> 24/March/2014) will require the installation of a certificate on the device.
> Junos 12.1 and above are NOT impacted.
> 
> Q: Has JTAC identified a fix?
> 
> JTAC has identified fixes for each impacted version of Junos and has released
> TSB16366.
> 
> Q: Has this issue been resolved for future releases of Junos?
> 
> Yes. Junos 12.1 and higher are not impacted. Any new 11.4 releases will have
> the relevant certificate added as part of the Junos image.
>  
> 
> ---
> 
> 
> 
> 
> On 29/03/2014 9:47 AM, "Tom Storey" <tom at snnap.net> wrote:
>> Juniper have released a fix.
>> 
>> http://kb.juniper.net/InfoCenter/index?page=content&id=TSB16366
>> 
>> Ive applied it to my J2300 running 9.3r4.4, and waiting patiently for
>> my FPC to come back...
>> 
>> On 27 March 2014 16:57, Tom Storey <tom at snnap.net> wrote:
>>> > Perusing the j-nsp list I came across this thread:
>>> >
>>> > http://www.gossamer-threads.com/lists/nsp/juniper/50450
>>> >
>>> > If youre running any older J series (i.e. x300), or were thinking of
>>> > digging them out to use for some purpose, you might be in for a
>>> > slightly rude shock.
>>> >
>>> > Otherwise its a "sad" thing to see. I have a J2300 in my lab at home
>>> > which works great in such a role, it would be a shame to have to ditch
>>> > it due to an expired certificate.
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
> 
> 
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140329/b625fca7/attachment.html>


More information about the AusNOG mailing list