Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

16.1R7-S4: Software Release Notification for Junos Software Service Release version 16.1R7-S4



Article ID: TSB17531 TECHNICAL_BULLETINS Last Updated: 01 Mar 2019Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, T, PTX, QFX, VMX, VRR, Network Agent
Alert Description:
Junos Software Service Release version is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts

Junos Software service Release version 16.1R7-S4 is now available.

PRs found and not fixed in 16.1R7-S4

PR Number Synopsis Description
1370405 Inline Service interface may not UP when bandwidth is configured Inline-service interfaces are not getting created with BW=40G after fix of PR1355168.

The following are incremental changes in 16.1R7-S4.

PR Number Synopsis Description

PTX Series router might send wrong packets if MPLS LSPs have protection configured

This issue occurs on PTX Series routers with a unilist application (such as ECMP) with member links with MPLS LSPs. If one member link has MPLS LSP protection configured and another does not, the router might send the wrong packets.


The ksyncd might crash

On QFX5100 Series Switches, ksyncd process might crash and generate a core-dump during graceful switchover.


RE may crash during NH addition in race condition.

When the RE switchover is performed, the new primary performs the NH additions corresponding to the routes being programmed on the system. During the unicast NH programming, there is a potential race condition wherein we might see the memory pointer associated with the relevant NH parameters return a NULL value and trigger kernel crash.


Syslogs contain messages with : %PFE-3: fpc0 ifd null, port 28 dc-pfe: %USER-3: ifd null, port 28 : %PFE-3: fpc0 ifd null, port 29 dc-pfe: %USER-3: ifd null, port 29

On an EX2300-48 port switch the syslog messages might contain messages like "fpc0 ifd null, port 28". These messages do not have any functional impact since port 28 is not the front panel port but the internal port on each forwarding ASIC.


Subscribers may fail to access the device after deleting the needless AE configuration

In subscriber management scenario with Dynamic Demultiplexing Interfaces(DEMUX) configured, in the case where subscribers belonging to one AE interface are migrated to a new configured AE interface, subscribers may fail to access the device after deleting the old AE configuration.


On QFX5K platforms, DDoS counters for OSPF might not increase.

On QFX5K platforms with OSPF configured, DDoS counters for OSPF might not increase.


When DHCP subscribers are in BOUND (LOCAL_SERVER_STATE_WAIT_GRACE_PERIOD) state, if dhcp-service is restarted then the subscribers in this state are logged out

When the JDHCPD (DHCP-service daemon) restarts, all subscribers in "BOUND" state will be logged out.


MPC/FPC might be unable to reply request messages to RE in a high subscriber scale scenario

On all Junos platforms, when the system runs with a large scale of subscribers (for example, more than 30K), if the subscriber interfaces are configured with tail/wred drop rules and different buffer-size values, the PIC Concentrator(MPC/FPC) might take too much process time for adding or deleting tail/wred drop rules during binding or releasing subscribers, so that it can't reply any request messages to Routing Engine(RE) for a long time. Due to this issue, a lot of kernel timeout error logs could also be seen.


The bbe-smgd might fail to add members to some of the AE interfaces randomly when there are many AEs in the access configuration

On MX-Series platform, if "system services subscriber-management enabled" is configured, bbe-smgd might fail to add members to some of the AEs randomly when there are many AE interfaces in the access configuration.


The rpd scheduler slip might be seen when frequently deleting/modifying/adding groups which are applied on top level

If groups are applied on top level, when these groups are deleted/modified/added, all the top level hierarchies which are referred by these groups will be set with "mark-changed" bit. Everything under these hierarchies will be considered as changed. If these groups refer to policy-options and there are policies referring to prefix-list, each prefix in prefix-list will be marked as 'changed' even though the prefix-list is actually not changed at all. This will cause the duplicate prefix to be added to prefix-list. When the groups adding/modifying/deleting operation is frequently executed, the issue will cause more CPU occupation by policy processing, and then might cause the rpd scheduler slip.


The MS-MPC might reset continuously on MX platform.

On MX platform with MS-MPC installed, the PIC might reset continuously for MS-MPC due to this issue, which will lead to core file generated as well.


Kernel crash might be seen after committing demux related config

In subscriber management scenario, if an AE interface is associated as the underlying-interface of a demux0 unit and both demux0 unit and AE unit (corresponding to the above AE interface) are configured with a duplicated VLAN id, kernel may crash after committing the config.


The bbe-smgd might crash when FPC is restarted

An FPC restart or FPC core under heavy lead would lead the bbe-smgd to crash. Core is due to cleanup issues with the VLAN creations in flight.


The Routing Engine might crash after non-GRES switchover

When LAG-enhanced is disabled, one child next hop is created for each member link of a LAG interface. During the Non-GRES switchover, the kernel memory might be exhausted, which leads to the creation failure of the child next hop, hence the Routing Engine crash happens. This crash can be avoided by enabling LAG-enhanced.


The bbe-smgd core might be seen after doing GRES

On MX platform with GRES enabled, if performing GRES and deleting an AE member interface (IFD) around the same time, the bbe-smgd core might be seen.


On EX4300-48MP, syslog error "Error in bcm_port_sample_rate_set(ifl_cmd) : Reason Invalid port" is seen.

On EX4300-48MP, while running regression scripts, got syslog error "On EX4300-48MP, while running regression scripts, got"


The RE might crash with various core files due to the deadlock issue on the SDB STS

In the system that uses session database (SDB), the deadlock might happen when getting the lock on the SDB short term storage (STS) due to a rare timing issue. It is more likely to happen on Enhanced Subscriber Management environment with large-scale subscribers (such as 50k subscribers). The issue will cause the primary Routing Engine (RE) to crash with various core files and lose the management connectivity. And the subscriber service could be affected. The issue might happen on single RE system as well as dual RE system. In the dual RE system, the primary RE crash could trigger a RE switchover. But the issue could cause the incomplete state on the SDB in the new primary RE, which could cause the subscribers login failure. A restart of smg-service on the new primary RE will recover this login issue.


The rpd might crash when performing GRES

On all Junos platforms with Graceful Routing Engine Switchover (GRES) and Nonstop active Routing (NSR) enabled, if Border Gateway Protocol (BGP) is configured, the rpd process might crash when performing GRES due to this timing issue.


Packet drops on interface if the knob "gigether-options loopback" is configured

On MX ,EX9200 and SRX5K platforms, with the knob "gigether-options loopback" configured on interface, if the interface is connected using copper SFP (SFP-T), packet drops might be seen.


RADIUS accounting statistics are not cleared after subscriber logout

On MX platform, if static demux interface over underlying is configured, after subscriber logout, the accounting statistics are not cleared.


DCD core can be seen after FPC restart if channelized interfaces are configured

If channelized interface coc1 is configured and FPC restart is performed then a core will generate and DCD restart can be seen. Currently we do not have any workaround for this issue. In case of all other interfaces core will not generate and normal behavior is seen.


The bbe-smgd process generates repeated core-dumps and stops running as a result of long term session database shared memory corruption.

On MX platforms, if committing config involving changes to dynamic profiles, the bbe-smgd process might generate repeated core-dumps and stop running as a result of the corruption of database session shared memory.


Traffic being dropped when passing through MS-DPC to MPC

On MX series platform, when traffic passes through MS-DPC service card and then egresses the router through an AE interface on MPC, partial traffic loss might be seen due to a memory initializing issue.


JUNOS enhancement configuration knob to modify mcontrol watchdog timeout

Junos CLI enhancement to configure mastership refresh timeout value 9 to 30 via the chassis CLI command 'set chassis redundancy mastership-refresh-timeout'.


IPSEC tunnel can not be established because that the tunnel SA and rule are not installed in the PIC

On MX-Series platforms, when IPSEC is used in an interoperability scenario with other verndor`s devices (such as CISCO/HUAWEI) and peer device sends IPSEC tunnel establishment request using the port and protocol as Traffic/Flow distinguisher, the SA for the tunnel is not installed in the PIC, namely the impacted tunnels are up on the RE but these are not programmed in the PFE. It would cause that IPSEC tunnel can not be established and traffic failure.


EX4300 might drop incoming ISIS hello packets when IGMP or MLD snooping is configured.

On EX4300 platform, when IGMP or MLD snooping is enabled, and ESIS/ISIS packets with below destination multicast mac-address are received, ESIS/ISIS packets are not flooded. It would cause ISIS adjacency establish failure. The MAC-level point-to-point addresses are: 09-00-2B-00-00-04 (AllEndSystems) 09-00-2B-00-00-05 (AllIntermediateSystems)


The subscriber route installation failed due to some interfaces states are not properly installed

On BBE subscriber scenario with subscribers built on AE interfaces, if doing some operations that trigger a great deal of interface states are published from BBE (Broadband Edge) to kernel (such as, System/FPC reboot or a massive amount of link flapping), some interfaces states could not be properly installed (with an invalid Next-Hop that has no selector). It might cause subscriber route installation failure and traffic drop.


The authd crash might be seen due to a memory corruption issue.

In subscriber scenario, the authd might crash multi-times due to a memory corruption issue.


The cosd process might crash during commiting configuration change via netconf

If excess-priority is configured, the cosd process might crash during commiting configuration change which includes assigning CoS profile on any logical interface via netconf.


With MS-MPC and MS-MIC service cards SYSLOG messages for port block interim may show for the private-IP and PBA release messages may show the NAT'd IP as the private IP.

With MS-MPC and MS-MIC service cards syslog messages for port block interim may show for the private-IP and PBA release messages may show the NAT'd IP as the private IP. These rare events that only occur when the EIF/Endpoint Independent feature is enabled and should not be seen often. All PBA allocation messages will be accurate so there will be a way to correlate the incorrect SYSLOG messages still with the correct private IP.


The FPC might crash in a CoS scenario

If MPC1/MPC2 are used ("Trio" based MPCs) in HCoS scenario, the FPCs might crash due to an invalid IFL referred by the dynamic BBE subscriber interface.


The process rpd crash may be observed once a non-forwarding path is used for re-resolution

The process rpd may crash after a non-forwarding route (i.e., a route to an indirect next-hop association is non-forwarding indirect next-hop) which is received from multiple protocols is resolved again by using the non-forwarding path.


Race conditions during BGP peer establishment causes rpd crash

On all Junos platform, if BGP (Border Gateway Protocol) is configured, and there is some transport error during BGP peer establishment (e.g. TCP handshake has been completed but the BGP session has not been setup), the issue might lead to the rpd process crash. It's rare timing issue due to race condition.


LDP crash with the reason ldp_label_bind_route assert condition

RPD may crash when configured with "protocols ldp longest-match".


The CPU utilization of the rpd process is stuck at 100% if BGP multipath is configured

In BGP with the indirect next-hop scenario, if uRPF or route record is enabled, and then enable BGP multipath, a background job loop might be formed and the CPU utilization of rpd process might be stuck at 100%.

Modification History:
First publication date 2019-03-01
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search