Knowledge Search


×
 

18.2R2-S4: Software Release Notification for Junos Software Service Release version 18.2R2-S4

  [TSB17587] Show Article Properties


Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, NFS, PTX, QFX, SRX, VMX, VRR, Network Agent
Alert Description:
Junos Software Service Release version is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 18.2R2-S4 is now available.

The following are incremental changes in 18.2R2-S4.

 
PR Number Synopsis Description
1253542

In a VPLS multihoming scenario, the CFM packets can be forwarded over backup, standby, non-designated, or CCC-down link, which might cause the traffic to be endlessly looped

In a VPLS multihoming scenario, the CFM packets are forwarded over the standby PE device link, resulting in duplicate packets or a loop between the active and standby link.

1275544

MAC addresses might not be learnt on bridge-domains after XE/GE interface flap

The setup with 120 bridge domains among the 1000 bridge domains, with XE/GE links towards downstream switch and LAG bundles as uplinks towards upstream routers. The XE/GE link is part of the physical loop in the topology. Spanning tree protocols such as VSTP/RSTP/MSTP is used for loop avoidance. Some MAC addresses are not learnt on DUT when LAG bundles part of such bridge domains are flapped along with other events such as spanning tree root bridge change.

1352504

Large-scale users' login and logout may cause mgd memory leak

The mgd memory usage is shown as increased by about 450 MB over the weekend (greater than 72 hours).

1356423

Command "show system virtual-memory | display xml validate" displays errors

The xmlised output of "show system virtual-memory" is created under a single container(for each table format) with repeated tag names. Because of the repeated tag names in the same container xml validation is failing. Added changes to xmlise each row output of table format in a separate container.

1357802

Configuration commit operation after policy change causes rpd crash

The rpd might crash during the policy configuration changes.

1365265

The kernel crash might be observed when there is a firewall filter modification

In firewall scenario, when the apply-path statement is used to expand a prefix-list pointed to a defined path, if any configuration modification causes the prefix-list changes, in a rare condition, the kernel crash might happen. Traffic disruption might be seen if NSR (Nonstop active routing) is not used during the crash.

1382166

Host bound traffic might be affected and lt interface can go down in ACX

Host bound traffic might be affected and lt interface can go down in ACX

1384574

The RA packets may be sent out without using the configured virtual gateway address

In an EVPN scenario, even if an IPv6 "virtual-gateway-address" is configured on "IRB" interface, the router advertisement (RA) packets may be sent out with the physical interface/link-local IPv6 address instead of configured virtual-gateway-address.

1385138

18.4: vSRX2.0 : vSRX-Small: traffic drop is seen twice after complete primary power off (virsh destroy)

In KVM hypervisor, The MAC address of the child ge-x/x/x interface will be the same as the MAC address of the redundant (reth) interface no matter even when the child interface is on the primary or secondary node on the vSRX chassis cluster DUT.

1387737

Some SFBs might go down when one of the PSMs in the chassis generates a bad output voltage which is out-of-range

On MX2010/MX2020, some Switch Fabric Boards (SFBs) might go down due to one of the Power Supply Modules (PSMs) in the chassis generates a bad output voltage which is out-of-range.

1389206

All DPCs might crash while adding or deleting a logical interface from the AE bundle

On MX240/MX480/MX960 platforms with a scaling number of prefixes (for about 700k prefixes) learned over a logical interface of the Aggregated Ethernet (AE) bundle, if a new logical interface is added or deleted from the AE bundle, the DPCs might get busy with CPU spiking to 100% and ultimately get crash.

1391323

The dcd memory leak might be seen when committing configuration change on static route tag

After committing configuration change on static route tag (see below example), the memory consumed by device control daemon (dcd) might increase. The leak rate is slow (200KB for every commit with one tag change). [edit routing-instances TEST routing-options static route xx.xx.xx.xx/25] - tag 10; + tag 11;

1391932

The PFE might not respond with ICMP time exceeded error when packet is arrived from subscriber

The PFE might not respond with ICMP error for TTL expiry when packet is arrived from subscriber. This might prevent traceroute to work from subscribers. When the traffic or service problem occurs in the production network, if the result of traceroute is wrong, it will bring great difficulties to troubleshooting.

1400716

Only one PFE could be disabled on FPC with multiple PFEs in error/wedge condition

On MX, PTX and QFX platforms with Chassis Manager (CM) error reporting, if Flexible PIC Concentrator (FPC) has multiple Packet Forwarding Engines (PFEs) in which one of PFEs goes into wedge condition, due to this issue, the wedge condition might be reported continuously even after disable_pfe action has been taken for the corresponding PFE. Due to this issue, when CMERROR message queue is saturated and the level report-limit is reached (e.g. 10 major errors), the wedge condition on the other PFE within the same FPC will be ignored and not be able to trigger disable_pfe action any more. This issue might cause some traffic being blackholed.

1406030

Fabric performance drop on MPC7/8/9E and SFB2 based MX2000 platform

On MPC7/8/9E and SFB2 based MX2000 Series platforms, code change done by PR 1336446 fixing MPC7/8/9E fabric re-ordering issue with SFB causes fabric performance drop. The throughput might not reach the expected value in high volume traffic scenario.

1407923

continuous log message 'authd[18454]: %DAEMON-3-LI: liPollTimerExpired returned 0'

The log message 'authd[18454]: %DAEMON-3-LI: liPollTimerExpired returned 0' can be seen after any LI activity. The messages are cosmetic. The log was removed to hide LI activity.

1408974

The kmd process might crash on MX/ACX platforms when IKEv2 is used

On MX/ACX platforms, when IKEv2 is used for IPsec VPN and Dead Peer Detection (DPD) is enabled, if IKEv2 rekey interval is very short (about 6-7 minutes), the kmd process might crash, it will lead both VPN peers to tear down the tunnel.

1411062

Slow SNMP on entityMIB during subscribers load test

In highly loaded subscriber management setups some SNMP queries might experience response delay from MX due to higher priority daemons utilizing CPU resources

1416415

Distributed multicast forwarding to the subscriber interface may not work

When distributed IGMP is enabled for enhanced subscriber management, IGMP processing for subscriber flows is in the Packet Forwarding Engine (PFE) of supported line cards. Due to a software defect, the Variable based flows (VBF) multicast group deletion is not cleaned properly, causing no multicast forwarding to the subscriber interface.

1418396

Traffic loss might be seen on the ae interface on QFX10000 platforms

On QFX10000 platforms(QFX10002/QFX10008/QFX10016), and there is an ae interface which has at least 2 child links, which are located on different PFE chips, and this ae interface is added to a VXLAN VLAN with IRB as an access interface , if ae membership changes, for example, removing one child link from the ae, traffic loss might be seen on the ae interface.

1418490

The EX3400 VC status might be unstable during the boot up of the VC or after the VC port flaps

On EX3400 platform virtual chassis with two members, during the boot up of the VC or after the VC port flaps, The VC port might flap and the VC status might be unstable for several minutes.

1419500

A PPP session under negotiation might be terminated if another PPPoE client bearing the same session ID

In PPPoE (Point-to-Point Protocol over Ethernet) subscriber scenario, if a PPPoE client is under PPP (Point-to-Point Protocol) session negotiation while another PPPoE client bearing the same session ID sends LCP (Link Control Protocol) terminate request to the MX, the MX might terminate this PPP session. The issue results in failure of PPPoE client negotiation.

1420921

Sometimes, IGMP-Snooping may not work. Workaround is to restart multicast-snooping process

Sometimes, IGMP-Snooping may not work. Workaround is to restart multicast-snooping process

1422535

Interfaces on PTX5000 FPC type 3 might not come up after flap

When an interface flaps on FPC3-PTX-U2 or FPC3-PTX-U3, e.g. due to remote peer reboot, the interface might remain down and never come up. The probability of occurrence increases with the frequency of the flaps. The following messages can appear when the problem occurs: [Apr 23 17:00:49.173 LOG: Err] t6e_dfe_tuning_state:et-1/0/0:1 - Failed to dfe tuning count 10 [Apr 23 17:02:29.183 LOG: Info] t6e_dfe_tuning_state: re-init wanio serdes on et-1/0/0:1 [Apr 23 17:04:09.193 LOG: Info] t6e_dfe_tuning_state: re-init wanio serdes on et-1/0/0:1 [Apr 23 17:05:49.203 LOG: Info] t6e_dfe_tuning_state: re-init wanio serdes on et-1/0/0:1 [Apr 23 17:07:29.208 LOG: Info] t6e_dfe_tuning_state: re-init wanio serdes on et-1/0/0:1

1424090

All interfaces will be down and the dcpfe will get crash if SFP-T is inserted on QFX5210

On QFX5210 platform starts from Junos 18.1R1, all interfaces will be down and the dcpfe will get crash if SFP-T is inserted on QFX5210. All service will be impacted as all interfaces are down.

1425339

[EVPN] Aggregate-Ethernet interface flaps followed by commit

A software defect is introduced via PR1390063. This defect causes an EVPN ESI aggregate-Ethernet interface to flap when there is a commit after any configuration change. The interface flaps may cause significant network events in a large network.

1425824

Bypass dynamic rsvp lsp tears down too soon when being used for protecting ldp lsp with knob dynamic-rsvp-lsp

After a protected link goes down, the LDP link protection Bypass LSP may be deleted without delay when IGP updates the inet.3 route to the new nexthop. This may cause traffic loss following the Bypass LSP.

1426016

mpls ping sweep stops working and gets CLI irresponsive

mpls ping might lead freezing in CLI when its size is indicated over 9996 bytes. Ctrl+C cancellation does not work.

1426711

The rpd might crash in PIM scenario with auto-rp enabled

In PIM scenario with auto-rp enabled, when both of a PIM session task and an auto-rp session task are being closed by rpd very near to each other, and the auto-rp task has got terminated before the PIM task is about to terminate, then the rpd process crashes.

1427726

When installing YANG package without "proxy-xml" knob, the cli environment could not working well

In the normal YANG module code flow, it was not being checked if it is a xmlproxy YANG module. If installing the xmlproxy YANG package without the "proxy-xml" knob, CLI environment might not work as expected.

1427936

The policer bandwidth might be wrong for the aggregate interface after activating the knob 'shared-bandwidth-policer'

On MX Series with MPC, if an AE interface is with the filter of 'shared-bandwidth-policer' and the knob 'shared-bandwidth-policer' is deactivated, after activating the knob 'shared-bandwidth-policer', the policer bandwidth might be calculated as 0 and all traffic might be dropped for the AE interface.

1429018

Incorrect IGMP interface counter for dynamic PPP interfaces.

show igmp statistics does not count the total number of multicast enabled interfaces properly.

1429315

Some ports on PTX might remain down after rebooting the FPC/device at remote side

On PTX3000/5000 with FPC3 installed, some 100G ports might remain down after rebooting the FPC/device at remote side.

1429392

JSU might be deactivated from FPC in case of power cycle

Few JSUs (Junos Selective Update), including 16.1R4-S11-J5, might be deactivated from FPC in case of the power cycle. There is traffic impact when the issue occurs.

1430721

SPC3:Uneven distribution of CPU with high PPS on device

In our SRX SPC3 regression test-bed, we notice uneven CPU distributions between CPUs on an SPC3 when processing NAT and stateful firewall at the rate of over 10 million packets per seconds.

1431459

The bbe-smgd process might crash if PPPoE subscribers are trying to login when commit is in progress

In subscriber management scenario, the bbe-smgd process might crash if a configuration change is applied when PPPoE subscribers are trying to connect.

1432506

Pre-fragmented ICMP IPv4 packets might fail to arrive at the destination

In a Mapping of Address and Port with Encapsulation scenario (MAP-E, which can be considered as IPv4 traffic from a pure IPv4 network, which travels through a pure IPv6 network to another IPv4 network), those packets which have pre-fragmented ICMP IPv4 inside of IPv6 might fail to successfully arrive at the destination, due to the fact that MAP-E device at the ISP side cannot handle this sort of packets.

1436714

once added a new VLAN-VPLS,the next-hop of CE facing agg interface is set to wrong states with 65535 and standby

adding a new VLAN-VPLS instance, the next-hop of CE facing agg interface is set to wrong states with 65535 and standby

Modification History:
First publication 2019-06-03
Related Links: