Knowledge Search


×
 

18.2R2-S2: Software Release Notification for Junos Software Service Release version 18.2R2-S2

  [TSB17536] Show Article Properties


Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, SRX, VMX, VRR, Network Agent
Alert Description:
Junos Software Service Release version is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 18.2R2-S2 is now available.

The following are incremental changes in 18.2R2-S2.

 
PR Number Synopsis Description
1379433

DNS requests with EDNS options might be dropped by DNS ALG

On SRX platforms with DNS ALG enabled, the DNS requests with Extension mechanisms for DNS (EDNS) additional options might be dropped by DNS ALG.

1383623

DHCP packets may be dropped on a Junos Fusion Data Center scenario (QFX10000 series)

In a Junos Fusion Data Center scenario where Satellite Devices (SD) are dual-homed to Aggregation Devices (AD), if the DHCP relay is enabled for at least one IRB and both the DHCP server and clients are connected to ADs over native ports, the discover packets sent from clients which are not using DHCP-relay may be dropped on AD device.

1397742

Fragmentation and ALG support for Power Mode IPSec

Prior to the 18.2R2-S1 release, when Power Mode IPsec feature was enabled, and fragmented traffic is received by the SRX on an IPsec tunnel, the tunnel was moved from Power Mode IPsec to regular Flow IPSec mode. Similarly, if any flow session using Power Mode IPsec required advanced services like ALG, then this tunnel would switch to regular Flow IPsec. From the Junos 18.2R2-S1 release, SRX has enhanced support for Power Mode IPsec to handle fragmentation (both pre and post frag) and advanced L7 services. When a tunnel is enabled to use Power Mode IPsec and SRX receives a fragmented IP packet, only this clear-text flow session is processed in Flow mode to merge or split the packets. After the fragmentation processing, this clear-text flow session's packets will continue to process in PMI for the non-fragmented packets. So with this design, the performance impact is isolated only to fragmented packets. The other sessions which are using this IPsec tunnel will continue processing packets in Power Mode IPsec throughout.

1400825

The "link-down" action of "low-light" feature needs to be enhanced.

Once the low-light condition has been reached on a link, instead of bringing the transmitter (laser) down, the PCS will be reset. This will trigger REMOTE-FAULT alarm on the remote side of the link.

1401808

FPC coredump due to a corner case scenario (race condition between RPF, IP flow).

In a BBE deployment where the RPF and MAC check is enabled, a race condition can cause software failure resulted in a FPC to restart.

1406822

Traffic impact might be seen if auto-bandwidth is configured for RSVP LSPs

With auto-bandwidth configured for Resource Reservation Protocol (RSVP) Label Switched Path (LSP), when timeout occurs during LSP statistics query, large bandwidth might be wrongly reserved for the LSP. If there is no sufficient resources (e.g. bandwidth, alternative path) in the network, other LSPs might be torn down, or might not go up.

1407408

The process rpd crash may be observed once a non-forwarding path is used for re-resolution

The process rpd may crash after a non-forwarding route (i.e., a route to an indirect next-hop association is non-forwarding indirect next-hop) which is received from multiple protocols is resolved again by using the non-forwarding path.

1411376

Kernel replication failure might be seen if an ipv6 route next-hop points to an ether-over-atm-llc ATM interface

If an ipv6 route next-hop points to an ATM interface with encapsulation ether-over-atm-llc, after performing or re-enabling the graceful routing engine switchover, the ksyncd core and vmcore might be seen and the kernel replication might fail, which results in non-synchronization status of routing protocols on both REs.

1412316

Reauth Initiator: traffic drops on peer due to bad SPI after 1st re authentication

On SRX5400, SRX5600, SRX5800 devices with SPC3, when SRX is configured to initiate IKEv2 reauthentication, upon a successful reauthentication IPsec tunnel index may change. In such a scenario, there might be some traffic loss.

1412322

MX10003: Rpd crash with switchover-on-routing-crash doesn't trigger RE switchover and the rpd on master RE goes into STOP state

If the rpd (routing protocol daemon) crashes with 'switchover-on-routing-crash' knob enabled on MX10003 platform, the RE switchover might not happen and the rpd on master RE goes into STOP state. All protocols go down and the rpd remains in STOP state until manual recovery is done.

1413297

During ISSU from 16.1R4-S11.1 to 18.2R2-S1.2, CoS GENCFG write failures observed[ COS(cos_rewrite_do_pre_bind_add_action:676): Binding of table 44226 to ifl 1073744636 failed, table already bound to ifl ]

In a sbuscriber management deployment, performing an ISSU from Software version 16.1R4-S11 to version 18.2R2-S1 may failed

1413663

Broken of support of [family inet6 filter] on atm interface

In the latest release of 17.2 and higher, the inet6 filter attribute was for the at- interface was blocked by mistake.

1414021

The CPU utilization of the rpd process is stuck at 100% if BGP multipath is configured

In BGP with the indirect next-hop scenario, if uRPF or route record is enabled, and then enable BGP multipath, a background job loop might be formed and the CPU utilization of rpd process might be stuck at 100%.

Modification History:
First publication 2019-03-06
Related Links: