Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

17.3R3-S2: Software Release Notification for Junos Software Service Release version 17.3R3-S2

0

0

Article ID: TSB17459 TECHNICAL_BULLETINS Last Updated: 18 Nov 2018Version: 2.0
Alert Type:
SRN - Software Release Notification
Alert Description:
Junos Software Service Release version is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 17.3R3-S2 is now available.

PRs found and not fixed in 17.3R3-S2

PR Number Synopsis Description
1400248 Software Regression -  dcpfe core seen in QFX10002 on 17.3R3-S2.2 when trying to delete port-mirroring configuration from an interface in DC Fusion topology​ Software Regression -  dcpfe core seen in QFX10002 on 17.3R3-S2.2 when trying to delete port-mirroring configuration from an interface in DC Fusion topology​
1400399 Unicast traffic from Leaf to Spine send multiple copies after deactivate bgp in one of the spine Unicast traffic from Leaf to Spine send multiple copies after deactivate bgp in one of the spine
1400574 while debugging a link flap issue qsfp was removed from et-7/0/1 - then BFD flapped while debugging a link flap issue qsfp was removed from et-7/0/1 - then BFD flapped

 

The following are incremental changes in 17.3R3-S2.

 
PR Number Synopsis Description
1042512

The command of "show configuration | compare" shows the unchanged configuration after deleting part of the configuration under firewall section

There're 2 issues resolved by this PR. They are related to firewall configuration section. First, commit error is seen when using "no-fast-sync" in "configure-private" mode. Second, "show configuration | compare" may display all sub-hierarchy option if one of the options is deleted.

1277744

Distributed multicast may not be forwarded to a subscriber interface

Even though multicast appears to be active with "show multicast route extensive" command, it is not forwarded to the subscriber interface.

1279607

Error messages might be seen if flapping the AE interface hosted on MPC-3D-16XGE card

In a scaled setup, triggering a flap of the aggregate ethernet interfaces using the commands "set interfaces ae disable" and "set interfaces aeenable" could result in the error messages "mqchip_disable_ostream() MQCHIP(2) timed out waiting for phy_stream 1025 queue empty".

1286987

The apply-path prefix is not inherited under policy after commit

The apply-path prefix might not be inherited under policy after commit.

1299484

EX4300-32F MACSec session stays down on 1G/10G links after events when events are performed with traffic running

When EX4300-32F's 1/10G Ethernet ports are reset, MACSEC sessions may stay down and will not be able to re-established.

1307666

ACX: Support dual tag to untag traffic L3 traffic

Support dual tag to untag traffic L3 traffic

1323496

Specific range of VPN labels might be wrongly programmed in the PFE which cause service outage

The PFE on Trio platform or PTX/QFX10000 follows a certain conversion logic to convert MPLS-VPN labels to certain channel values, and then back to MPLS-VPN labels. VPN labels having values 0x7FFFF and above ( 524287 and above) are affected by this conversion logic.

1334750

MPC8E or MPC9E report high temperature alarms and fan speed moving continuous through full and normal speed iterations

The overall temperatures threshold settings for all sensors on the MPC8E and MPC9E line cards has been adapted to avoid high temperature alarms and fans impellers moving back and forth from normal to full speed due to warm system conditions.

1337028

AI-script does not get auto upgrade unless it is manually done after a Junos upgrade

On all VMHost supported platform like MX240/480/960, PTX5000/3000, QFX5100/5200, after a Junos upgrade, AI-script does not get auto upgrade unless it is manually done. Perform this manually using command "request system scripts add ".

1337304

The rpd might crash when BGP neighbor is flapping

In rare cases, rpd might crash during the times of excessive neighbor session instability (flapping).

1338688

MX Series: L2ALD daemon may crash if a duplicate MAC is learned by two different interfaces (CVE-2018-0056)

MX Series: L2ALD daemon may crash if a duplicate MAC is learned by two different interfaces (CVE-2018-0056); Refer to https://kb.juniper.net/JSA10890 for more information.

1339077

fpc temperature mismatch for mpc6/8/9 on mx2k platform

The temperature mismatch between "show chassis fpc" & "show chassis fpc detail" for mpc6/8/9 on mx2k platform

1342942

KRT queue might be stuck on changing RD of a routing-instance

Junos platforms do not support 'on the fly RD change' - changing the RD (route distinguisher) of an active routing-instance to another value, which might lead to KRT (kernel routing table) queue to be stuck and hence routing/forwarding impact. This is because of the software design and is a production limitation. However such on the fly RD change can be successfully committed without any type of error message. With fix of this PR, error message will be reported in syslog upon commit.

1350826

SNMP Traps not being sent by the new master RE after RE mastership switchover

Sometimes, the trap-source-address bind is getting delayed because the platform does not attach the respective IP to any of the interfaces on the router. But since trap is generated at the start before any configured trap source-address is not yet bound properly, this trap is not added into the throttle/destination trap queues.

1351212

Bogus DDOS counter values and syslog messages could be seen after clearing DDOS statistics for a specific protocol on QFX10000 series switches

On QFX10000 series switches with DDOS scenario, incorrect DDOS counter values and syslog messages might be seen after a specific protocol statistics is manually cleared.

1354069

RPT BBE Regressions : Observed "error: not enough space in /var on re1." while doing ISSU upgrade from 17.4-20180328.0 --> 18.2-20180416.0

The following error is seen during early ISSU validation phase: "error: not enough space in /var on re1". As a workaround, make sure that the space available in "/var" is twice the size of the target image. This is the basic requirement for unified ISSU to proceed.

1354580

The host interface may stop sending packets on PTX with FPC3 or PTX1000 when using outbound firewall filter with syslog option

If output firewall filter is configured with "syslog" option, the host interface might be wedged on PTX with FPC3 or PTX1000.

1356428

Executing the command of "show pppoe underlying-interfaces" might cause the bbe-smgd to crash in a scaling of subscriber environment

On MX Series platforms with Enhanced Subscriber Management deployed, executing the CLI command "show pppoe underlying-interfaces" in a scaling of subscriber environment might cause the bbe-smgd to crash.

1356726

Addressing VPLS issues uncovered while performs negative testings

Addressing VPLS issues uncovered while performs negative testings. In this case, when the primary router restarts, some MAC addresses still appear on backup VPLS router and require manual removals.

1357252

The bbe-smgd process might be stuck in subscriber scenario with Node Slicing

When MX platform is used for External Node Slicing for Enhanced Subscriber Management functionality, the both sets of links (master and backup) between the external x86 server and the BSYS go down, bbe-smgd process might stuck.

1360216

MC-LAG peer doesn't send ARP request to the host

On EX4300/EX4600/EX9200/QFX3500/QFX3600/QFX5000 Series switches, MC-LAG peer might not send ARP request to the host.

1360876

The shutdown of the cascade port might lead to the invalidation of the MPC linecard

In Fusion scenario, on the MPC2E/3E NG HQoS or MPC5E 3D Q linecard, if the cascade port is down (e.g., disabled, deactivated), all the interfaces of the linecard might be unusable.

1361430

MX BNG doesn't generate ESMC/SSM Quality Level failed snmp trap

MX doesn't generate quality Level failed alarm (Trap-Id:.1.3.6.1.4.1.2636.3.75.1.1.7) when the transmit SSM-QL is reduced from a valid SSM-QL to a value below minimum SSM-QAL (SSUB/EEC).

1361483

Interface flapping is seen on EX4300 switch

On EX4300 Series switches, the interface could be connected to a peer device support active and standby interface (similar to redundant trunk group RTG). The backup interface on the remote peer might become active or flapping when the active link of the interface group goes down.

1361689

On all JunOS products, the CLI allows to configure more sub-interface than the limit of 2048 sub-interfaces on lag interface from 17.2R1

The maximum number allowed for sub-interface of a LAG interface is 2048. However, a software defect introduced 17.2R1 does not enforce this. This fix enforces the maximum number of allowable sub-interface.

1362271

The MS-MPC might reset continuously on MX platform

On MX platform with MS-MPC installed, the PIC might reset continuously for MS-MPC due to this issue, which will lead to core file generated as well.

1363153

ARP reply is drop when we add temporal buffer-size on the NNI interface

ARP request is getting drop and not forwarded to the NNI interface queue when we have COS with temporal buffer-size.

1363641

Traceroute MPLS from Juniper to Huawei routers does not work as expected

Traceroute MPLS from Juniper to Huawei routers does not work as expected due to unsupported TLV.

1364477

The kernel might crash after repeatedly deactivating/activating interfaces/filter/class-of-services configurations due to accessing stale memory entry

The kernel might crash with a core dump after repeatedly deleting/setting/deactivating/activating interfaces/filter/class-of-services configurations using an automated script. Since the issue is not seen in the initial 2-5 iterations, the probability of hitting this issue is very low.

1364775

Unexpected large shmlog folder size consuming most of the disk space

"shmlog" files are not rotated correctly. Causing it to keep growing in size and consume most of the disk space.

1365894

VPLS with vlan-id-list not working properly in some releases when PE-CE is ae-interface with single member link and child ifd flap

On a VPLS scenario, on which the CE-PE facing interface is an aggregate (ae) interface with a single child link, and VPLS VLAN-ID-list is configured: If the child link flaps, then the VLAN-ID-List does not get properly programmed in Hardware and the VPLS does not work properly.

1366259

MS-MPC/MS-PIC might be crash in NAT scenario

MS-MPC/MS-PIC might be crash if two or more service sets configured with the same prefix lists and SIP ALG is configured in NAT scenario.

1367472

The bbe-smgd process might crash during the authentication phase for L2BSA subscriber

In L2BSA (Layer 2 Bit Stream Access) subscriber scenario, if there is a misconfiguration on Radius profile for L2BSA subscriber (for example, the routing-instance returned from Radius is not configured as VPLS) or authentication part is missing in the physical interface configuration, the bbe-smgd process might crash during the L2BSA subscribers login.

1367477

The FPC might go down on some vmhost based PTX/QFX platforms

On PTX1000/PTX10001-20C/PTX10002-60C/QFX10002-60C, the Flexible PIC Concentrator (FPC) might reboot which might result in the FPC not coming up or the system becoming unresponsive.

1368067

The authd process might not be started after executing RE switchover on backup RE without GRES enabled

In a dual Routing Engine (RE) system with the enhanced subscriber management feature enabled, if Graceful Routing Engine Switchover (GRES) is not configured, the authd process might not be started after executing RE switchover on backup RE.

1368599

JSA10893: 2018-10 Security Bulletin: MX Series: In BBE configurations, receipt of a crafted IPv6 exception packet causes a Denial of Service (CVE-2018-0058)

MX Series: In BBE configurations receipt of a crafted IPv6 exception packet causes a Denial of Service (CVE-2018-0058), please refer to https://kb.juniper.net/JSA10893 for more information. 

1368805

About 10min traffic loss is caused by BGP flap during MX ISSU

While performing ISSU in an MXVC deployment, the MXVC system may clear TCP connections causing BGP peerings to flap.

1369011

The dcpfe might crash and all interfaces flap due to this

QFX5110 may generate DCPFE core and as side effect all interfaces will flap.

1369166

QFX10k / Import default ipv6 route to VRF causes infinite entries to get created in 'evpn ip-prefix-database' and become unstable

If there is a IPv6 default route to be advertised by EVPN type-5 route, we run into infinite loop when issuing a 'show evpn ip-prefix-database'.

1369340

IPsec-VPN IKE security-associations might get stuck in "Not Matured" state

In IPsec-VPN scenario, some special peers (e.g. Huawei enodeB) might start new IPsec-VPN IKE (Internet Key Exchange) session without clearing the old session upon detecting session failure, which results in the old IKE session stuck in "Not Matured" state. There is no impact to service but these sessions might consume too many memory resources.

1369968

L2TP subscriber firewall filter might not be removed from PFE when routing-services are enabled in the dynamic profile

On MX platform which support Next Generation Subscriber Management (Tomcat), when the Layer 2 Tunneling Protocol (L2TP) Network Server (LNS) is enabled, if the dynamic-profiles are configured with the knob "routing-services" and the firewall filter, the firewall filter might not be removed from Packet Forwarding Engine (PFE) after subscriber logout. Due to this issue, the firewall filter index might be used up and then no more subscriber could login.

1370182

RSVP authentication may fail between some Junos releases and cause traffic loss during local repair

When Resource Reservation Protocol (RSVP) link or node protection is deployed and RSVP authentication is used, if the PLR (Point of Local Repair) router and the MP (Merge Point) router run different versions of Junos software during local repair, i.e. one a >= 16.1 release and the other a < 16.1 release, the RSVP authentication errors may occur for the bypass Multiprotocol Label Switching (MPLS) Label Switched Path (LSP) and cause traffic loss.

1370464

In certain routing topologies with sFlow configured, sampled packets may be duplicated and sFlow records are not sent to the collector.

In certain routing topologies with sFlow configured, sampled packets may be duplicated and sFlow records are not sent to the collector.

1371926

BBE SMGD core on FPC restart

An FPC restart or FPC core under heavy lead would lead to bbe-smgd to core. Core is due to cleanup issues with the VLAN creations in flight.

1372163

QFX5100 : ipv6 routed packet will be transmitted though VRRP state is in transition to master.

On QFX5100, ipv6 routed packet will be transmitted over VRRP virtual IP address though its VRRP state is in transition to master.

1372924

The traceroute mpls might fail when traceroute is executed from Juniper device to other device not supporting RFC6424

Enhance MPLS LDP traceroute process to accommodate devices which do not support RFC6424 - LSP ping with TLV 20, DDMT.

1373368

PTP timescale arbitrary feature support in mainstream releases

For arbitrary timescale , default clock-class to quality level mapping needs to be added on the slave nodes as mentioned in the workaround. The current default clock class to quality level mappings are not as required for this feature.

1374339

TPI-50840: Missing ARP/IPv6 neighbors after deactivate/activate IRB interface

When IRB is deactivated/activated on a spine, some of the ARP/ND entries go missing on it. The entries on other remote spines remain in-tact. After restarting l2-learning on the spine where config change was made, the issue gets resolved. 

1374478

FPC might be unable to work properly if one child interface is removed from an AE bundle in dynamic VLAN subscriber scenario

On MX platform which supports next-generation subscriber management, if the Aggregate Ethernet (AE) bundle has multiple child interfaces which are located in the same Packet Forwarding Engine (PFE) complex, e.g. ge-1/0/0 and ge-1/0/1, when dynamic VLAN subscriber gets online from the AE bundle, then one physical child interface is removed out of the AE bundle, e.g. ge-1/0/0, the Flexible PIC Concentrator (FPC) might keep reporting error logs, and the statistics on the dynamic VLAN flow also won't get incremented. Therefore PFE might be unable to work properly due to this issue.

1374933

The dcd process might go down when 'vlan-id none' is configured for interface

If 'vlan-id none' is configured for interface (for example 'set interfaces unit vlan-id none'), the dcd process will go down after committing this configuration. The fix is to report check error when committing this configuration so as to avoid the dcd crash.

1375647

The ppmd process on AD might crash when using authentication key-chain with BFD

In Junos Fusion environment, when configuring "authentication key-chain" under BFD, the ppmd process might crash several times and restart unexpectedly on Aggregate Device (AD), some protocols will be affected during the crash.

1376354

The rpd process might crash continuously if nsr-synchronization or all flag is used in RSVP traceoptions

Applying Resource Reservation Protocol (RSVP) traceoptions with nsr-synchronization flag or all flag on a Nonstop Active Routing (NSR) enabled device may cause the rpd process to crash due to memory corruption. The memory corruption occurs when size of received RSVP Path message being replicated from master routing engine(RE) to standby RE is greater than 768 characters.

1376574

Interface optic output power is not zero when the port has been disabled

The interface optic output could be non-zero value even when the port has been administratively disabled.

1377500

Packets might be dropped on data plane in the inline Jflow scenario

On MX series with MPC, in the inline Jflow scenario, due to a software defect, the data structure associated with inline Jflow feature may not be initialized correctly. This leads to not being able to forward traffic correctly on the affected MPC.

1378747

FEB restarted after commit "delete interfaces e1-0/0/*"

Due to a race condition, on which class-of-service configuration request for interface is coming before e1 interface creation, we create a circuit with specified class-of-service parameters, and due to this, interface creation failed inducing to traffic not flowing on e1-interface an then (if further deactivate/active of e1) a core-dump.

1378818

After NAT64 router (with MS-MPC) translates an ipv6 fragment to ipv4 fragment, router is not inserting the right value in identification field of IPv4 Header

After NAT64 router (with MS-MPC) translates an ipv6 fragment to ipv4 fragment, router is not inserting the right value in identification field of IPv4 Header

1378852

The ICMPv6 packets larger than 1024 might be dropped if "icmp-large-packet-check" is configured on ids service

On MX platform with MS-MPC/MS-MIC installed, the ICMPv6 packets larger than 1024 might be dropped if "icmp-large-packet-check" is configured on ids service.

1378901

Unable to commit with a configuration of packet-length in egress firewall filter on EX9200

On EX9200 Series platform, if there is 'packet-length' keyword under 'firewall filter' which is applied on interface egress, such configuration is not able to be committed due to commit-check failure.

1379002

Deleting an irb interface might affect other irb interfaces if the same custom MAC address is configured

On QFX10000 series platforms, when irb interfaces are configured with a custom media access control (MAC) address, if one of the irb interfaces is deleted, the custom MAC address might be deleted from the rest irb interfaces. This impacts mfilter configuration, causing it not to trap control packets destined to the custom MAC address.

1379530

Traffic might get into blackhole when CoS configuration is changed on a PS interface

In CoS scenario, if PS interface uses RLT as PS anchor, all traffic might be dropped on PS interface when deactivating or activating rewrite rules. 

1380056

Remove the chassisd alarms for fpcs exceeding 90 percent of power budget and exeeding 100 percent of power budget

Starting in Junos OS Release with this change, PTX Series Routers do not raise a chassis alarm in the following events; instead, it registers a system log.

1380527

FPC crash might be seen after FPC restarts

If scaling IFLSet members and AE members are configured on the same FPC, the FPC might crash when it restarts.

1380590

lsi binding missing upon nd6 entry refresh after l2ifl flap.

lsi binding missing upon nd6 entry refresh after l2ifl flap

1380783

L3VPN traffic might be dropped due to one core-facing interface down

On QFX10000/PTX Series platforms, the L3VPN traffic might be dropped if one core-facing interface gets down in the L3VPN multipath scenario.

1380795

A QFX5xxx packet forwarding engine (PFE) may shows DISCARD next-hop for overlay-bgp-lo0-ip in a leave-spine topology

A QFX5xxx packet forwarding engine (PFE) may show DISCARD next-hop for overlay-bgp-lo0-ip when the QFX5xxxx is the leave in a leave-spine topology

1381017

The dot1x does not work with Microsoft NPS server

On EX series platforms, if Protected Extensible Authentication Protocol (PEAP) is configured in dot1x, and the authentication server is Microsoft Network Policy Server (NPS), then the dot1x authentication will fail.

1381231

Backup RE may experience a crash, causing vmcore to be generated on master RE, master RE performance will not be affected

On dual RE systems like QFX10K8 platform, the backup RE may experience a crash, causing vmcore to be generated on the master RE. The master RE performance will not be affected.

1381383

Some subscribers fail to get SRL service as provided in Radius accept message even though the Radius messages can be sent and received

In Dual-stack PPP/PPPoE-based subscriber scenario, when V4+V6 service is installed with family v4, if some daemon (such as dfwd) fails to add family inet6 IFF during instantiation of the family inet6 portion of some services (such as SRL service), thus family activation for family inet6 would fail. But only the family inet6 portion of service should be removed. The family inet and L2 services such as CoS should be unchanged, but it does not. So some subscribers cannot get some services (such as SRL service) even though the Radius messages can be sent and received. It is a timing specific issue. 

1381527

Constant memory leak might lead to FPC memory exhaustion

On MX/EX9200 platforms, constant memory leak might occur on a Flexible PIC Concentrator (FPC), and such condition might finally lead to memory exhaustion and the FPC would core.

1382050

Subscribers not able to login after double GRES, after reboot, or after config.

Rarely Over GRES or RE reboot, subscribers of all access types were not able to login. bbe-smgd daemon restart potentially can solve the issue.

1382727

The PFE might crash if the GRE destination IP is resolved over another GRE tunnel

On QFX10k Series platforms, the Packet Forwarding Engine (PFE) might crash if the Generic Routing Encapsulation (GRE) tunnel destination IP is resolved over another GRE tunnel.

1382857

dcd restarted unexpectedly after committing a configuration with static demux interface stacking over ps interface

The static demux interface stacking over ps interface is not supported and can cause the dcd process to restart. The commit process should not allow such configuration.

1383265

RADIUS accounting statistics are not cleared after subscriber logout

On MX platform, if static demux interface over underlying is configured, after subscriber logout, the accounting statistics are not cleared.

1383567

The configuration through NETCONF session might fail

NETCONF session may fail when issuing 'protocols vstp interfaces ' in XML format through NETCONF

1384289

CoS attachment might be mistakenly removed for DHCPv4 stack when DHCPv6 stack fails to be brought up for single session dual stack subscriber

On MX platform which support single session dual stack feature, if DHCP IP Demux dual-stack subscribers are configured with "on-demand-address-allocation" knob without any IPv6 address pool, when DHCPv6 stack is brought up after DHCPv4 stack, DHCPv6 stack fails to come up as expected. However, during DHCPv6 binding cleanup, The Class of Service (CoS) attachments on the interface are mistakenly removed due to this issue. It will cause that the DHCPv4 stack can't work properly later.

1384517

The dcpfe process might crash while changing MTU of physical ports for GRE

On QFX10000 and QFX10008 with generic routing encapsulation (GRE) tunnel deployed, maximum transmission unit (MTU) change of physical interface for GRE tunnel might cause the dcpfe process to crash and impact traffic.

1384574

The RA packets may be sent out without using the configured virtual gateway address

In an EVPN scenario, even if an IPv6 "virtual-gateway-address" is configured on "IRB" interface, the router advertisement (RA) packets may be sent out with the physical interface/link-local IPv6 address instead of configured virtual-gateway-address.

1384889

Multiple ipv6 IANA addresses assigned for one session in ipv6 PD binding failure scenarios

On MX platform which supports single-session dual-stack feature, when the DHCPv6 stack is brought up after DHCPv4 stack, DHCPv6 stack fails to come up during one of below scenarios: 1. MX without any IPv6 Identity Association for Prefix Delegation (IAPD) address pool configuration or RADIUS didn't provide IAPD pool name per access-accept to MX, 2. If CPE request IANA only firstly, later followed by both IANA and IAPD even fixed the scenario 1.

1385062

All 1G SFP copper and 1G fiber optic links remain UP on QFX10008 after all SIBs/FPCs are offline

On QFX10008 devices, 1G SFP copper and 1G fiber optic interfaces remain UP after all SIBs/FPCs go offline.

1385409

The LACP might be detached state when deleting native-vlan-id on AE interface with flexible-vlan-tagging configured

If AE interface is configured with LACP, flexible-vlan-tagging and native-vlan-id, then after deleting the native-vlan-id option, the LACP state will be detached state.

1386147

Spine EVPN routes stuck in hidden state with next-hop as unusable after FPC1 offlined in spine

After FPC1(EBGP underlay and IBGP overlay)) offlined + redundancy FPC0 (EBGP underlay and IBGP overlay) , EVPN routes went to hidden state from overlay bgp peer show route receiving protocol bgp hidden After FPC1 bring back to online state also , EVPN routes were in hidden state

1386873

The rpd might crash after issuing operational command "show route detail" for RIP route

The rpd might crash and core after issuing operational command "show route x.x.x.x/xx detail" for RIP route, the routing table will become unstable during the crash.

1386891

Configuring the 'backward-compatible-unnumbered-mask' under an OSPF interface does not have the expected effect on the device running 17.3 release

Configuring the 'backward-compatible-unnumbered-mask' OSPF interface knob does not take effect on the device running 17.3 release.

1387690

bbe-smgd daemon crashes and generates a core dump when two DHCP subscribers with same framed-route prefix and preference values try to login.

MX BNG doesn't allow two subscribers with same framed-route prefix and preference values. It allows the the first subscriber to login, while the second subscriber is denied access. With this PR, when the second subscriber tries to login, the bbe-smgd daemon crashes and generates a core.

1387713

It might fail to update NH (next-hop) in HW for existing ECMP route when "ecmp-resilient-hash" is configured

If a QFX5100 device has a host route with ECMP (equal-cost multipath) next-hops and receives a better path with single next-hop then next-hop in HW (hardware) will not be changed.

1387724

Default route configured gets deleted during ZTP

During Zero Touch Provisioning (ZTP) process, default route is being cleaned up by code. Due to this if a static default route is configured in the initial configuration (configuration file downloaded from the file server for ZTP), the route will fail to work. This might lead to ZTP failure or device access issue after ZTP.

1388867

The bbe-smgd process generates repeated core-dumps and stops running as a result of long term session database shared memory corruption.

On MX platforms, if committing config involving changes to dynamic profiles, the bbe-smgd process might generate repeated core-dumps and stop running as a result of the corruption of database session shared memory.

1389461

The interface-control process thrashes and dcd does not restart after adding an invalid demux interface to the configuration

On M120 and MX platform, if an invalid non demux0 interface, such as demux1, is committed to the configuration, the interface-control process will thrash and the dcd process will not restart. 

1389569

BFD flaps were seen on PTX or QFX10K platforms with inline BFD

With inline BFD (Bidirectional Forwarding Detection) configured on PTX or QFX10K platform, BFD sessions may reset continuously.

1390422

The subscriber's authentication might fail when the link-layer address encoded in the DHCPv6 DUID is different from the actual link-layer hardware address

In IPv4 and IPv6 Dual-Stack/Single-Session DHCP (Dynamic Host Configuration Protocol) subscriber scenario, the subscriber's authentication might fail when the link-layer address encoded in the DHCPv6 DUID (DHCP Unique Identifier) is different from the actual link-layer hardware address.

1390428

The rpd might crash continuously when IPv6 prefix with IPv4 next-hop exists in BGP multipath scenario

In BGP scenario with multipath enabled, if applying import/export policy of IPv6 routes with a IPv4 next-hop to a BGP neighbor, the rpd might crash continuously.

1390762

Delay in cli output with second or more "show subscriber <> extensive" queries when first session is sitting at -(more)- prompt displaying "show subscribers extensive"

In a scaled environment with 32k subscribers, if a the command "show subscriber extensive" is issued from the cli, and left sitting at the -(more)- prompt, any subsequent cli session that request to show subscriber extensive content will see a delay up to 40 seconds before the prompt is returned. 

1391568

The rpd crash might be seen if a BGP unresolved route is withdrawn

If an import policy is applied to a BGP neighbor and the policy has indirect IPv4 next-hop for IPv4 and IPv6 routes (IPv6 routes resolved over IPv4), when BGP unresolved route is withdrawn, rpd crash might be seen.

Modification History:
First publication 2018-10-26
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search