Knowledge Search


×
 

18.4R1-S2: Software Release Notification for Junos Software Service Release version 18.4R1-S2

  [TSB17559] Show Article Properties


Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, and VMX
Alert Description:
Junos Software Service Release version is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 18.4R1-S2 is now available.

The following are incremental changes in 18.4R1-S2.

 
PR Number Synopsis Description
1346452

Error message "STUCK_BUFF : port_sp not empty for port 35 sp 1 pkts:1"

Ingress buffers are stuck in MMU during system init. During system init we are seeing very huge amount of packets getting copied to CPU causing ddos violations and rate limiting on CPU queues. At this point of time,some default IFD COS settings are getting programmed. Before doing COS setting we are trying to drain all the packets from MMU, If not we are going ahead and doing HW programming. This is causing the stuck buffer issue. packets destined to CPU can't be drained using SDK call, we are increasing the loop wait time to 10sec.

1366459

When IKE policy proposals encryption-type algorithm begin with aes-gcm, then IPsec proposal cannot be configured with cbc

When aes-gcm is configured in an IKE proposal, then commit check would enforce the IPSsec proposal to use aes-gcm

1377749

In EVPN A-A scenario with MX or EX acting as PE device,flood NHs to handle BUM traffic may not get created or miss certain branches when the configuration is performed in a particular sequence

In EVPN A-A scenario with MX or EX acting as PE device,flood NHs to handle BUM traffic may not get created or miss certain branches when the configuration is performed in a particular sequence

1384929

MPLS LSP will keep down state due to routing loop detection after flapping link between P router and egress PE.

MPLS LSP will keep down state due to routing loop detection after flapping link between P router and egress PE under setting "expand-loose-hop" knob to the P router.

1389518

ACX 5448:100G Link FEC enabled by default on 100G LR4

Default FEC on 100G LR4 was FEC91, now it is set up NONE

1392580

18.4 SecPDT: GW lcores and srxpfe cores at ../src/pfe/usp/rt/applications/ipsec/ipsec_rt_forge_util.c:59 when loading 18.4 image.

when traffic is present, rebooting backup node sometime causes flowd core on primary node. This behavior is observed randomly when there are ~2k tunnels are configured. This problem is specific to srx4200 HA.

1393940

The FPC cards might not come up while performing ISSU on MX10003

On MX10003 with 18.2R1 or above, the FPC cards might not come up while performing ISSU.

1394922

Junos OS: Firewall filter terms named "internal-1" and "internal-2" being ignored (CVE-2019-0036)

Junos OS: Firewall filter terms named "internal-1" and "internal-2" being ignored (CVE-2019-0036); Refer to https://kb.juniper.net/JSA10925 for more information.

1397018

The rpd process might keep crashing repeatedly if the LSP destination address is set to be 0.0.0.0

On all Junos platforms, if the Label Switched Path (LSP) destination address is set to be 0.0.0.0 under the protocol Multiprotocol Label Switching (MPLS), the rpd process might keep crashing repeatedly and won't recover due to this issue.

1399141

Junos OS: BGP packets can trigger rpd crash when BGP tracing is enabled. (CVE-2019-0019)

Junos OS: BGP packets can trigger rpd crash when BGP tracing is enabled. (CVE-2019-0019); Refer to https://kb.juniper.net/JSA10931 for more information.

1399733

QFX5100 - VXLAN - Traffic is queued in the wrong queue when interface configuration is changed from a layer 2 with VXLAN configured on the VLAN to a family inet configuration

On QFX5100, traffic initiated from a server connected to an interface will be dropped at the interface on the switch if the interface was configured with family ethernet-switching with VXLAN and the configuration is changed to family inet.

1404002

The time synchronization through PTPoE might not work when Enhanced Subscriber Management is enabled on MX

When Enhanced Subscriber Management is enabled on MX (i.e. set system services subscriber-management enable), the Precision Time Protocol (PTP) with PTP-over-Ethernet (PTPoE) configuration might not work on MPC2E-NG/3E-NG or MPC5E and above (such as MPC6E/7E/8E/9E/10E/11E).

1405798

ACX 5448: TrTCM Policer configuration parameters are as per RFC4115.

ACX5448 hardware supports TrTCM of RFC4115. While the RFC4115 & hardware deals with CIR/CBS & EIR/EBS, JunOS CLI does have CIR/CBS & PIR/PBS only. So, PFE will calculate internally EIR=PIR-CIR and configure the hardware. And the PBS value is configured as EBS in the hardware. ACX5448 supports minimum of 22Kbps policer rate, so EIR (PIR-CIR) should be minimum 22kbps.

1406029

18.4R1:SRX-SPC3:Sec-PDT:Mixed Mode:HA failed with the failure code "HW" after loading the image

If user has SPC3 and SPC2 in a HA system, and see all PICs online on ?show chassis fpc pic-status? but see HA status stuck at ?HW? under Monitor-failures column, check if HA port is configured to SPC3 card, if so, re-configure the HA port to SPC2 card, then reboot the system. If there are only SPC3 cards in the HA system, set hidden CLI ?set chassis cluster no-hardware-monitoring? to prevent this issue. This a software issue and will be fixed in 18.4R1-S1.

1410970

DMAC problem of IRB interface for traffic over the l2cuircuit

For LT interfaces packets in TX path missing 4 bytes in l2 header

1410981

On SRX Series, when using Unified Policies and Webfiltering (EWF) without SSL-Proxy in 18.4R1, the Server Name Indication (SNI) may not be identified correctly and the RT_UTM logs were recording incomplete information.

On SRX Series, when using Unified Policies and Webfiltering (EWF) without SSL-Proxy in 18.4R1, the Server Name Indication (SNI) may not be identified correctly and the RT_UTM logs were recording incomplete information.

1415224

PCE initiated LSPs get deleted because of wrong timer timeout

PCE initiated LSPs get deleted from PCC if PCEP session goes down and gets re-established within "delegation-cleanup-timeout" period

1415352

Reth interfaces are now supported when configuring SSL Decryption Mirroring (mirror-decrypt-traffic interface)

Reth interfaces are now supported when configuring SSL Decryption Mirroring (mirror-decrypt-traffic interface)

1415614

The L2circuit egress PE might drop the traffic in FAT+CW enabled L2circuit scenario when another FAT+CW enabled L2circuit PW flaps

On PTX1000/PTX10002/PTX10008/PTX10016 platforms, when multiple FAT+CW (FAT->flow-aware transport, CW->control-word) are enabled in L2circuit PWs (pseduo-wires) scenario, the L2circuit egress PE might drop the traffic (the affected PW is unsure/unkown) and also corrupt the PW traffic/packet received from MPLS core when another FAT+CW enabled L2circuit PW flaps (such as, link down, FPC crashes, do enable/disable of flow label on PW, etc).

1415898

swap memory is not initialized on boot on ACX5048

Swap memory is not initialized by default on boot. This can be verified by "show system process extensive" output. Example: Mem: 488M Active, 166M Inact, 433M Wired, 648M Cache, 69M Buf, 114M Free Swap: >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> No swap memory After the fix of this PR swap memory will be initialized on boot. Mem: 508M Active, 166M Inact, 434M Wired, 648M Cache, 69M Buf, 92M Free Swap: 1106M Total, 1106M Free >>>>>>>>>>>>>>>>>>>>>>||$$ initialised

1416106

NFX-2: request-load-configuration output from device does not match with 18.4 yang

Please check with Dev engineer.

1418937

lsp-cleanup-timer is not being honored when lsp-cleanup-timer is configured to be greater than 2147483647

The lsp-cleanup-timer, configured under [edit protocols pcep pce ] currently accepts values between 1 and 4294967294; however, only values between 1 and 2147483647 are valid for this configuration statement. If a value larger than 2147483647 is configured then when the path-computation-client status goes down the LSP is removed from the router immediately. Similarly if the LSP is PCE initiated and lsp-cleanup-timer is configured with a value above 2147483647 then the LSP will be removed immediately after the dead-timer expiry.

1419756

bbe-mibd memory leak causing daemon crash when having live subscribers and SNMP OIDs query

When having subscribers online and doing SNMP query for some of the OIDS such as ifXEntry, bbe-mibd daemon might experience memory leak and crash eventually.

Modification History:
First publication date 2019-04-20
Related Links: