Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

16.1R7-S3: Software Release Notification for Junos Software Service Release version 16.1R7-S3

0

0

Article ID: TSB17487 TECHNICAL_BULLETINS Last Updated: 14 Dec 2018Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, T, TX, PTX, MX, QFX5100, VMX, VRR, NA
Alert Description:
Junos Software Service Release version is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 16.1R7-S3 is now available.

The following are incremental changes in 16.1R7-S3.

 
PR Number Synopsis Description
1221777

Firewall "from packet-length" match with more than 2 ranges will fails on PE/TL for PTX/QFX without warning

PE/TL based PTX/QFX platforms only support two "packet-length" range matching. Firewall filter will fail to installed when using more than two ranges without any warning.

1282672

The rpd process might crash due to a certain chain of events in a BGP-LU protection scenario.

In a BGP label-unicast protection scenario with the statement "per-prefix-label" configured, rpd might crash because of a certain chain of events. If a BGP route with the indirect next hop is received first and later another BGP route with the direct next hop (which has the same prefix as the route received earlier) is received, then the prefix is advertised at least on the group.

1289311

Memory leak in the PFE's clone route storage could lead to memory exhaustion for MPLS routes

A memory leak in the PFE's clone route storage could lead to memory exhaustion for MPLS routes.

1291515

PPPoE can't dial in due to all padi dropped as "unknown iif" when deactivated/activated AE configuration

PPPoE can't dial in due to all padi dropped as "unknown iif" when deactivated/activated AE configuration which a AE child leaves and joins bundle in quick succession. And lead to out of order for substructs msg. And the Fix is to process all substructs hanging off the parent IFL ifstate in the order in which they were enqueued. Restore-only is to reboot FPC.

1318677

FPC crash on configuration change for PFE sensors

On receiving a configuration change for PFE sensors in the middle of a reap cycle there is a chance that the PFE might crash due to invalid data access. This is a timing issue and related to the length of time it takes to reap the sensors.

1331186

Non-NEBS compliant optics might be disabled when chassis temperature exceeds non-nebs-optics-overheat-trigger

If Non-NEBS (Network Equipment-Building System, a design guideline applied to telecommunications equipment) compliant optics is used on MX MPC and chassis temperature exceeds non-nebs-optics-overheat-trigger (default: 50 degrees), the fan might not change to high speed because the temperature hasn't reached fan speed "High" threshold (default: 60 degrees). If the temperature remains over non-nebs-optics-overheat-trigger for about 10 minutes, the non-NEBS compliant optics might be disabled.

1333274

Nexthop programming issue during link flapping on PTX

In ECMP (Equal-Cost Multipath) scenario on PTX series platforms, the unilist nexthop might be incorrectly programmed on PFE (Packet Forwarding Engine) when a member link flaps, resulting in traffic blackhole.

1337304

The rpd might crash when BGP neighbor is flapping

In rare cases, rpd might crash during the times of excessive neighbor session instability (flapping).

1344988

The Framed-route "0.0.0.0/0" won't be installed in MX platform with Junos enhanced subscriber management releases

In MX platform with Junos enhanced subscriber management releases, if MX receives a Framed-route "0.0.0.0/0" from Radius, it won't be installed. This issue results in the MX loses the default route to the subscriber.

1350098

The MPC might crash when the MIC is removed

When the MIC is removed from the MPC, the MPC might crash.

1351765

In dual stack subscribers scenario with NDRA pool configured, the linked pools are not used when the first NDRA pool is exhausted

On MX and M platforms, dual stack subscribers are configured to use Neighbor Discovery Router Advertisement (NDRA) pools, if the first NDRA pool is exhausted, the linked NDRA pools are not used.

1353240

IPsec tunnels might flap when SNMP walk is executed if IPsec is configured with DPD enabled

If IPsec is configured (even at a low scale of 200 tunnels) with Dead peer detection (DPD) en abled and all the IPsec tunnels are IDLE, when SNMP walk is performed, IPsec tunnels might flap.

1356428

Executing the command of "show pppoe underlying-interfaces" might cause the bbe-smgd to crash in a scaling of subscriber environment

On MX Series platforms with Enhanced Subscriber Management deployed, executing the CLI command "show pppoe underlying-interfaces" in a scaling of subscriber environment might cause the bbe-smgd to crash.

1361015

FPC core might be observed after GRES switchover

In the dual Routing Engine (RE) platform with telemetry sensor configured. After graceful routing engine switchover (GRES) switchover, flexible PIC concentrator (FPC) core might be observed in the master RE. This issue might impact the device traffic.

1363034

The non-default routing-instance is not supported correctly for NTP packet in subscriber scenario

On MX platform with non-default routing-instance subscribers configured, NTP packet might not use the correct non-default routing-instance.

1364775

Unexpected large shmlog folder size consuming most of the disk space

"shmlog" files are not rotated correctly. Causing it to keep growing in size and consume most of the disk space.

1365653

The LSP might remain UP even if no path is acceptable due to CSPF failure

In Resource Reservation Protocol (RSVP) scenario, the label-switched path (LSP) might remain UP even if no path is acceptable due to Constrained Shortest Path First (CSPF) failure. There are two scenarios which may result in CSPF failure. Scenario 1 with MBB: optimization timer fires during make-before-break (MBB). Scenario 2 without MBB: A link/IGP flap causes CSPF, but it depends on timing.

1368067

The authd process might not be started after executing RE switchover on backup RE without GRES enabled

In a dual Routing Engine (RE) system with the enhanced subscriber management feature enabled, if Graceful Routing Engine Switchover (GRES) is not configured, the authd process might not be started after executing RE switchover on backup RE.

1368788

In dual-homed NG-MVPN the receipt of type 5 withdrawal removes downstream join states for some routes

In dual-homed NG-MVPN (Next-Generation Multicast Virtual Private Network) scenario with spt-only mode enabled, the receipt of type 5 withdrawal removes the downstream join states for some routes when multiple type 5 routes exist and one of them is withdrawn in some cases (such as PE uplink failure).

1368840

Accounting stop message is not sent to radius server after bringing down the L2TP subscriber

On MX and M12/M320 platforms, if bringing down the L2TP LNS subscriber, accounting stop message might not be sent to the radius server.

1371304

The host outbound traffic might get dropped when the 'class-of-service host-outbound-traffic ieee-802.1 rewrite-rules' knob is configured

If a tunnel interface is anchored on Trio-based FPC and the 'class-of-service host-outbound-traffic ieee-802.1 rewrite-rules' knob is configured, the host outbound traffic might get dropped when the traffic goes through this tunnel interface.

1372877

Image installation on SD fails with error " Unable to read reply from software add command to re1; error 1"

Upgrading satellite devices (SDs) with "upgrade-groups" option may fail if any of the SD already has that SNOS software version.

1372924

The traceroute mpls might fail when traceroute is executed from Juniper device to other device not supporting RFC6424

Enhance MPLS LDP traceroute process to accommodate devices which do not support RFC6424 - LSP ping with TLV 20, DDMT.

1373631

JNH memory leaks in multicast scenario with MoFRR enabled

On MX platform, with Multicast-Only Fast Reroute (MoFRR) enabled, if doing any change that causes to create a new rpf nexthop, JNH memory leak might be seen.

1373807

BOOTP packets may be dropped if BOOTP-support is not enabled at the global level

If BOOTP-support is not enabled at the global level, Bootstrap Protocol (BOOTP) packets may be dropped while receiving them on an interface because there is a defect that the device only checks BOOTP-support at the global level.

1373855

LDP convergence delay might be seen after IGP metric change with knob bgp-igp-both-ribs configured

In a large-scale BGP/LDP environment with 'protocols mpls traffic-engineering bgp-igp-both-ribs' configured, when IGP metric of interface is changed by configuration modification (commit), the metric change could get propagated to LDP slowly, leading to long delay of LDP convergence.

1374295

Address pool does not correctly cycle to the beginning of the pool when linked-pool-aggregation parameter is defined

In subscriber scenario, when "linked-pool-aggregation" is enabled on MX platform, the address pool might not cycle to the beginning of the pool and it might report "Out of Addresses" even though not all addresses are in use.

1374478

FPC might be unable to work properly if one child interface is removed from an AE bundle in dynamic VLAN subscriber scenario

On MX platform which supports next-generation subscriber management, if the Aggregate Ethernet (AE) bundle has multiple child interfaces which are located in the same Packet Forwarding Engine (PFE) complex, e.g. ge-1/0/0 and ge-1/0/1, when dynamic VLAN subscriber gets online from the AE bundle, then one physical child interface is removed out of the AE bundle, e.g. ge-1/0/0, the Flexible PIC Concentrator (FPC) might keep reporting error logs, and the statistics on the dynamic VLAN flow also won't get incremented. Therefore PFE might be unable to work properly due to this issue.

1375030

"PE Chip:pe0[0]: IPW: oversize_drop error" causes Major error on FPC

PTX routers with FPC3s that encounter oversize_drop errors will trigger an FPC Major alarm with each error seen. The alarm should clear on its own. The severity of this alarm is being reduced as there is no lasting impact to the FPC.

1377500

Packets might be dropped on data plane in the inline Jflow scenario

On MX series with MPC, in the inline Jflow scenario, due to a software defect, the data structure associated with inline Jflow feature may not be initialized correctly. This leads to not being able to forward traffic correctly on the affected MPC.

1378392

Traffic might be dropped on third-generation FPCs on PTX

On PTX with third-generation FPCs, if optics not certified by Juniper Networks (NON-JNPR) are used and there is specific traffic pattern with congestion, traffic might be dropped.

1378901

Unable to commit with a configuration of packet-length in egress firewall filter on EX9200

On EX9200 Series platform, if there is 'packet-length' keyword under 'firewall filter' which is applied on interface egress, such configuration is not able to be committed due to commit-check failure.

1381230

CoA updates subscriber with original dynamic-profile if radius has returned different dynamic-profile name

When radius sends CoA (Change of Authorization) for the subscriber after radius has returned different dynamic-profile name in access-accept, the subscriber will be updated with original dynamic-profile. The issue is because the new dynamic-profile name which sent by the radius is not saved in the subscriber's table, hence when the CoA message arrives, the old dynamic-profile name is used. The issue results in CoA updates subscriber with unexpected values (The old dynamic-profile instead of the new dynamic-profile is used).

1382050

Subscribers not able to login after double GRES, after reboot, or after config.

Rarely Over GRES or RE reboot, subscribers of all access types were not able to login. bbe-smgd daemon restart potentially can solve the issue.

1382059

The ipv6 subscriber may fail to log in on LNS side

In subscriber management scenario, IPv6 subscriber, having DHCPv6 Unique Identifier (DUID) type 2 format used for identification, may not be identified, because the LNS device is not able to extract the MAC address from DUID in type 2 format.

1382074

The value of 'predefined-variable-defaults routing-instances' overrides the RADIUS-supplied VSA (26-1 Virtual-Router)

If the default value for the $junos-routing-instance predefined variable is configured (i.e. 'dynamic-profiles <> predefined-variable-defaults routing-instances <>'), the subsciber will come up in the configured default routing-instance even if RADIUS has already supplied the VSA of '26-1 Virtual-Router'.

1382531

Flows are getting exported before the expire of the configured active timeout value

The export of the Jflow records is seen at the collector before the expire of the configured active timeout value. This export result might not be the expected.

1384137

The jpppd process might crash if the EPD value contains a format specifier

If the trace options for PPP (Point-to-Point Protocol) are set to level all, the jpppd might crash when the EPD (Endpoint Discriminator) value which is used for LCP (Link Control Protocol) has a format specifier('%s').

1387746

Penultimate-hop router does not install BGP LU label causing traffic blackhole

On the penultimate-hop router in BGP LU (labeled unicast) scenario using PHP (penultimate-hop popping), when a link flap causes the next-hop of a label received from the egress router to change, once the link comes back, the penultimate-hop router might fail to install the clone route (S=0) entry for that label and result in traffic blackhole.

1388780

Fabric drops might be seen if using a newer generation of MPC with SFB2

On MX2020, MX2010 and MX2008 platforms with SFB2 cards installed, if a newer generation of MPC (e.g. MPC type 3, 4, 5, 6, 7, 8 or 9) is installed into a slot which had MPC 3D 16x10GE, MPC type 1 or MPC type 2 previously installed, the available fabric bandwidth to the new MPC card would be rate-limited due to residual programming on the fabric planes. Traffic impact is observed during peak utilization.

1390340

LED for ports 5 and 7 on PIC P3-24-U-QSFP28 seems to be reversed

LED for ports 5 and 7 on PIC P3-24-U-QSFP28 got reversed

1390989

The BNG might not respond with PADO and create any demux interface when PPPoE PADI packet is received

In PPPoE subscriber with dynamic demux interface scenario, when the PPPoE connection was torn down and not cleaned up correctly, the BNG might not respond with PPPoE PADO (PPPoE Active Discovery Offer) and create any demux interface on incoming PPPoE PADI (PPPoE Active Discovery Initiation) packets. The issue results in the PPPoE connection fails.

1391084

All the BGP sessions will flap after switchover

With GRES and NSR enabled, if executing switchover, all the BGP session might flap

1391411

Usage-Monitoring-Information AVP as part of PCRF gx-plus provisioning is causing service accounting activation.

Usage-Monitoring-Information AVP as part of PCRF gx-plus provisioning is causing service accounting activation.

1391562

The bbe-smgd process might crash after commiting config changes

In enhanced subscriber management environment, the bbe-smgd process might crash after commiting config changes, especially when some parts of the dynamic-profiles are modified.

1391847

L2TP subscribers might be stuck in init state in a corner case

On MX platforms enabled with Next Generation Subscriber Management, if Layer 2 Tunneling Protocol (L2TP) is configured, when there is an IP connectivity loss between L2TP Access Concentrator (LAC) and L2TP Network Server (LNS), which will lead to tunnels teardown and re-negotiation, in addition to that, the bbe-smgd process restart at the same time, some affected L2TP subscribers might be stuck in init state and can't login successfully in this corner case.

1392792

High RPD CPU utilization on the backup RE running MVPN and NSR

Under extreme case, Routing process under Backup Routing Engine might be under high utilization upon route updates.

1393729

Certain builds of JUNOS do not allow you to upgrade or commit config changes when the SI service interface is used.

Certain builds of JUNOS do not allow you to upgrade or commit config changes when the SI service interface is used. 17.2R3, 17.4R2, 18.1R3, 18.2R2, 18.3.R1, 16.1R8, 16.2R3 are known to encounter this issue. 

1393884

If FPGA on the new master CB has a specific hardware failure, the chassid might keep crashing after GRES switchover

On MX/EX/SRX platforms, after GRES switchover, if a chassis has bent-pin or failed Field Programmable Gate Array (FPGA) on the new CB has a specific hardware failure and fails to detect FPC presence properly, the chassisd might keep crashing.

1396785

The MS-MPC might core when mspmand receives a non-syn packet of TCP

When MS-MPC line card is used, if the ms/ams-interface is not configured and mspmand (Multiservices PIC management daemon) receives a non-syn packet of TCP, the MS-MPC might crash due to some NULL pointer issues of the global configuration variable.

1398542

Invalid Layer 4 checksum might be observed on IPv4 packets generated by NAT64 with MS-DPC after translating fragmented IPv6 UDP/TCP packets

On MX-Series platforms wherever the MS-DPC or MS-PIC line card is used, when the router executes the NAT64 translation for the fragmented IPv6 UDP/TCP packets, invalid Layer 4 checksum would be observed on IPv4 packets generated by NAT64. The reason is that during fragmentation the first fragment`s next-header doesn`t point to the L4 information and hence wrong calculation is done at L4 checksum. And due to this invalid checksum, the traffic would be dropped. 

1398873

The bbe-smgd process may core when executing "show pppoe lockout"

The bbe-smgd process may generate a core file when the "show pppoe lockout" command is issued from the CLI

1402563

FPC might crash after offline/online MIC-3D-16CHE1-T1-CE-H

On MX and ACX platforms, after offline and then online MIC-3D-16CHE1-T1-CE-H card, the related FPC might crash.

Modification History:
First publication 2018-12-14
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search