Knowledge Search


×
 

17.4R1-S7: Software Release Notification for Junos Software Service Release version 17.4R1-S7

  [TSB17551] Show Article Properties


Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, PTX, MX, QFX, vMX, vRR, NFX, SRX, vSRX
Alert Description:
Junos Software Service Release version is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 17.4R1-S7 is now available.

The following are incremental changes in 17.4R1-S7.

 
PR Number Synopsis Description
1315066

The rpd might constantly consume high CPU in BGP setup

On all platforms with Border Gateway Protocol (BGP) configured, if BGP routes are queued to send to any peer (this could be caused by simply having network churn), the rpd might constantly consume high CPU (98%).

1322553

The rpd might crash when OpenConfig package is upgraded with JTI streaming data in the background

The rpd might crash when OpenConfig package is upgraded with Junos Telemetry Interface (JTI) streaming data in the background. The rpd process will recover automatically and the rpd related streaming will restart after the process comes up again.

1331299

PTX-Series: Invalid programming of interfaces during PFE initialization may lead to traffic black hole.

While a PTX-platform performs Packet Forwarding Engine (PFE) initialization, the PFE may not initialize interfaces data structure properly. This causes transit traffic drop while traffic egressing out of those interfaces. The problem is applicable only to PTX1000 ,PTX3000,PTX5000 and PTX10000.

1338895

The rpd process might crash when there is high priority route/nexthop involved along with high number of ACKs requested by rpd

The rpd process might crash and restart when there is high priority route/nexthop involved along with high number of ACKs requested by rpd. The routing protocols are impacted and traffic disruption will be seen due to loss of routing information.

1348797

Performing an SNMP walk on the IKE SA which is deleted, IPsec tunnels might go down and an infinite loop scenario might be seen

On M/MX series, if performing an SNMP walk on the IKE (Internet Key Exchange) SA (security association) which is deleted either as part of rekeying or through manual clear of IKE SA via "clear services ipsec-vpn ike security-associations" CLI command, IPsec tunnels might go down and an infinite loop scenario might be seen.

1366696

Export policy change for BGP will trigger rpd core when openconfig is running

On devices running Junos OS platform, when OpenConfig is running with sensor for "/network-instances/network-instance/protocols/protocol/BGP", changing the BGP import or export policy might cause rpd to crash.

1379657

Protocol adjacency might flap and FPC might reboot if jlock hog happens

On all platforms and in scaling scenario, if doing some operation which causes jlock hog, the protocols adjacency might flap and all the FPCs might reboot.

1381527

Constant memory leak might lead to FPC memory exhaustion

On MX/EX9200 platforms, constant memory leak might occur on a Flexible PIC Concentrator (FPC). This might finally lead to memory exhaustion and the FPC might crash and generate a core file.

1390428

The rpd might crash continuously when IPv6 prefix with IPv4 next-hop exists in BGP multipath scenario

In BGP scenario with multipath enabled, if applying import/export policy of IPv6 routes with a IPv4 next-hop to a BGP neighbor, the rpd might crash continuously.

1399369

CPU hog may be observed on PTX/QFX10000 Series platform

On PTX/QFX10000 series platform, CPU hog on PFC may be observed if the adaptive feature is enabled to load-balance for an AE interface.

1408012

The PFE might get disabled unexpectedly due to a auto correctable non-fatal hardware error on PTX or QFX10002/QFX10008/QFX10016

On PTX or QFX10002/QFX10008/QFX10016, a auto correctable non-fatal hardware error on PE chip (which is ASIC on PTX1000, PTX10002, QFX10002, the third-generation FPC on PTX3000/PTX5000, and the Line card on PTX10008/PTX10016/QFX10008/QFX10016) is reported as 'FATAL' error and hence the related Packet Forwarding Engine (PFE) will get disabled. The code changes have been made to change the error category from 'FATAL' to 'INFO' to avoid the PFE to be disabled unexpectedly.

1408974

The kmd process might crash on MX/ACX platforms when IKEv2 is used

On MX/ACX platforms, when IKEv2 is used for IPsec VPN and Dead Peer Detection (DPD) is enabled, if IKEv2 rekey interval is very short (about 6-7 minutes), the kmd process might crash, it will lead both VPN peers to tear down the tunnel.

1412322

MX10003: Rpd crash with switchover-on-routing-crash doesn't trigger RE switchover and the rpd on master RE goes into STOP state

If the rpd (routing protocol daemon) crashes with 'switchover-on-routing-crash' knob enabled on MX10003 platform, the RE switchover might not happen and the rpd on master RE goes into STOP state. All protocols go down and the rpd remains in STOP state until manual recovery is done.

1414021

The CPU utilization of the rpd process is stuck at 100% if BGP multipath is configured

In BGP with the indirect next-hop scenario, if uRPF is enabled, and then enable BGP multipath, a background job loop might be formed and the CPU utilization of rpd process might be stuck at 100%.

1419541

MX can encounter CPU spikes on Service PIC when bringing up an IPsec peer against a DEP/NAT-T setup due to KMD injecting a 0.0.0.0/0 route.

MX can encounter CPU spikes on Service PIC when bringing up an IPsec peer against a DEP/NAT-T setup due to KMD injecting a 0.0.0.0/0 route.

1419542

A new tunnel could not be established after changing the NAT mapping IP address until the IPEC SA Clear command is run

On IPSEC VPN with NAT-T scenario, when changing the NAT mapping IP address on NAT device, the new tunnel could not be established until the IPEC SA clear command is run. The reason is that the NAT IP change with any IKE negotiation triggers IPsec SA cleanup even before handling the delete request, and old NAT IP is still present even after the internal IPSEC SA update/handling. And this causes a problem in new IPsec SA setup later because old entry for this proxy ID is present with some other remote gateway (which is nothing but old NATTed IP entry). The related syslog messages could be seen in the External Description.

1420776

IPv6 ISIS routes might be deleted and not be reinstalled when MTU is changed under the IFL level for family inet6

In ISIS IPv6 scenario, if MTU is changed under the IFL (Logical Interface) level for family inet6, the ISIS IPv6 route might be deleted and might not be reinstalled. These routes remain present in ISIS database and ISIS adjacency remains UP as well. The reason is that ISIS interface data is not added for IPv6 unicast topology after the interface MTU changing event. And this does not allow the ISIS IPV6 routes to get resolved.

1422171

IPsec SA may not come up when the Local gateway address is a VIP for a VRRP configured interface.

IPsec SA may not come up when the Local gateway address is a VIP for a VRRP configured interface.

Modification History:
First publication 2019-03-29
Related Links: