Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

18.2R2-S2: Software Release Notification for Junos Software Service Release version 18.2R2-S2



Article ID: TSB17536 TECHNICAL_BULLETINS Last Updated: 06 Mar 2019Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, SRX, VMX, VRR, Network Agent
Alert Description:
Junos Software Service Release version is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts

Junos Software service Release version 18.2R2-S2 is now available.

The following are incremental changes in 18.2R2-S2.

PR Number Synopsis Description

DNS requests with EDNS options might be dropped by DNS ALG

On SRX platforms with DNS ALG enabled, the DNS requests with Extension mechanisms for DNS (EDNS) additional options might be dropped by DNS ALG.


DHCP packets may be dropped on a Junos Fusion Data Center scenario (QFX10000 series)

In a Junos Fusion Data Center scenario where Satellite Devices (SD) are dual-homed to Aggregation Devices (AD), if the DHCP relay is enabled for at least one IRB and both the DHCP server and clients are connected to ADs over native ports, the discover packets sent from clients which are not using DHCP-relay may be dropped on AD device.


Fragmentation and ALG support for Power Mode IPSec

Prior to the 18.2R2-S1 release, when Power Mode IPsec feature was enabled, and fragmented traffic is received by the SRX on an IPsec tunnel, the tunnel was moved from Power Mode IPsec to regular Flow IPSec mode. Similarly, if any flow session using Power Mode IPsec required advanced services like ALG, then this tunnel would switch to regular Flow IPsec. From the Junos 18.2R2-S1 release, SRX has enhanced support for Power Mode IPsec to handle fragmentation (both pre and post frag) and advanced L7 services. When a tunnel is enabled to use Power Mode IPsec and SRX receives a fragmented IP packet, only this clear-text flow session is processed in Flow mode to merge or split the packets. After the fragmentation processing, this clear-text flow session's packets will continue to process in PMI for the non-fragmented packets. So with this design, the performance impact is isolated only to fragmented packets. The other sessions which are using this IPsec tunnel will continue processing packets in Power Mode IPsec throughout.


The "link-down" action of "low-light" feature needs to be enhanced.

Once the low-light condition has been reached on a link, instead of bringing the transmitter (laser) down, the PCS will be reset. This will trigger REMOTE-FAULT alarm on the remote side of the link.


FPC coredump due to a corner case scenario (race condition between RPF, IP flow).

In a BBE deployment where the RPF and MAC check is enabled, a race condition can cause software failure resulted in a FPC to restart.


Traffic impact might be seen if auto-bandwidth is configured for RSVP LSPs

With auto-bandwidth configured for Resource Reservation Protocol (RSVP) Label Switched Path (LSP), when timeout occurs during LSP statistics query, large bandwidth might be wrongly reserved for the LSP. If there is no sufficient resources (e.g. bandwidth, alternative path) in the network, other LSPs might be torn down, or might not go up.


The process rpd crash may be observed once a non-forwarding path is used for re-resolution

The process rpd may crash after a non-forwarding route (i.e., a route to an indirect next-hop association is non-forwarding indirect next-hop) which is received from multiple protocols is resolved again by using the non-forwarding path.


Kernel replication failure might be seen if an ipv6 route next-hop points to an ether-over-atm-llc ATM interface

If an ipv6 route next-hop points to an ATM interface with encapsulation ether-over-atm-llc, after performing or re-enabling the graceful routing engine switchover, the ksyncd core and vmcore might be seen and the kernel replication might fail, which results in non-synchronization status of routing protocols on both REs.


Reauth Initiator: traffic drops on peer due to bad SPI after 1st re authentication

On SRX5400, SRX5600, SRX5800 devices with SPC3, when SRX is configured to initiate IKEv2 reauthentication, upon a successful reauthentication IPsec tunnel index may change. In such a scenario, there might be some traffic loss.


MX10003: Rpd crash with switchover-on-routing-crash doesn't trigger RE switchover and the rpd on primary RE goes into STOP state

If the rpd (routing protocol daemon) crashes with 'switchover-on-routing-crash' knob enabled on MX10003 platform, the RE switchover might not happen and the rpd on primary RE goes into STOP state. All protocols go down and the rpd remains in STOP state until manual recovery is done.


During ISSU from 16.1R4-S11.1 to 18.2R2-S1.2, CoS GENCFG write failures observed[ COS(cos_rewrite_do_pre_bind_add_action:676): Binding of table 44226 to ifl 1073744636 failed, table already bound to ifl ]

In a sbuscriber management deployment, performing an ISSU from Software version 16.1R4-S11 to version 18.2R2-S1 may failed


Broken of support of [family inet6 filter] on atm interface

In the latest release of 17.2 and higher, the inet6 filter attribute was for the at- interface was blocked by mistake.


The CPU utilization of the rpd process is stuck at 100% if BGP multipath is configured

In BGP with the indirect next-hop scenario, if uRPF or route record is enabled, and then enable BGP multipath, a background job loop might be formed and the CPU utilization of rpd process might be stuck at 100%.

Modification History:
First publication 2019-03-06
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search