Knowledge Search


×
 

18.4R1-S3: Software Release Notification for Junos Software Service Release version 18.4R1-S3

  [TSB17595] Show Article Properties


Alert Type:
SRN - Software Release Notification
Alert Description:
Junos Software Service Release version is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 18.4R1-S3 is now available.

The following are incremental changes in 18.4R1-S3.

 
PR Number Synopsis Description
1313095

At SRX4600 and SRX4800, there will be no autoinstall at default configuration.

We removed 'autoinstall' from srx4600/srx4800 default config file. because it is conflict with DHCP configuration. JWEB team will find other way to start their 'install wizard'

1353583

Traffic loss might be seen on new master after the interface flaps followed by RE switchover in VRRP scenario

VRRP MAC filter will not be seen in PFE if interfaces flap followed by GRES, before VRRP state settles down after flap. During this time VRRP state is backup in master-RE and VRRP state is idle in Backup-RE. This issue is only for AE interfaces with VRRP configuration. It's irrespective of VRRP scale. The traffic can be recovered by deactivating/activating the ae interfaces.

1356657

The packets might be dropped when they go through MX104 built-in interface

If the packets are destined to specific MAC address (such as last two octets are 0x1101, 0x1102, 0x1103, 0x1104, 0x1106, 0x1108, 0x1109, 0x110a and so on), they might be dropped on the remote-end device when going through MX104 built-in xe(10GE) ports.

1366579

QFX5120/EX4650: The command output "show pfe route summary hw" will be shown different scale values for the ipv4 and ipv6 lpm routes rather than the supported scale.

QFX5120/EX4650: On the QFX5120, when the UFT profile is configured with "lpm-profile prefix-65-127-disable" and "lpm-profile", the command output for "show pfe route summary hw" will show different scale values for the IPv4 and IPv6 LPM routes rather than the supported scale. Supported scale is as follows: lpm-profile prefix-65-127-disable IPv4 <= /32 IPv6 <= /64 IPv6 > /64 Enabled 351K (360,000 approx) 168K (172,000 approx) 0k Disabled 168K (172,000 approx) 64K (65524 approx) 64K (65524 approx)

1367766

The EVPN implementation does not follow RFC-7432

The EVPN implementation does not follow RFC-7432 when encoding/decoding 20-bit MPLS labels into ESI Label field in ESI Label Extended Community.

1383898

ms- used for IPSEC PIC is listed in show services ha detail as standby, cosmetic issue

Hide HA information when the service set does not have ha configured.

1385005

The rpd might crash when switchover is performed along with configuration changes being committed

In a rare race condition, the rpd might crash when both NSR and GRES are configured and switchover is performed along with config changes being committed.

1388290

IPsec IKE keys are not cleared when delete/clear notification is received

IPsec IKE keys are not cleared when delete/clear notification is received from the peer on GRES enabled device.

1389337

In rare cases rpd might crash after RE switchover when BGP multipath and L3VPN vrf-table-label are configured

When BGP multipath and L3VPN vrf-table-label are configured, after RE switchover, in rare cases, rpd might crash due to a vrf-table-label reallocation issue. During the crash, the routing table and neighborship will become unstable and traffic will be dropped, it will be restored automatically.

1389557

BGP IPv6 routes with IPv4 nexthop causes rpd crash

When a BGP import policy changes IPv6 routes to have IPv4 nexthop, rpd might crash during route resolution. With the fix, changing route to have nexthop with different address family will not be allowed, if the route table does not have that resolution family configured.

1391545

The SNMP query on LACP interface might lead to lacpd crash

If stale SNMP (Simple Network Management Protocol) index for LACP (Link Aggregation Control Protocol) interface exists and SNMP query is executed on the LACP interface, the lacpd might crash when trying to retrieve the stale SNMP index. The issue results in LACP negotiation failure during the lacpd restart. If "lacp periodic fast" is configured (which means LACP timeout is 3 seconds), the existing negotiated LACP interface might be impacted and traffic loss might be seen if the restart of the lacpd takes more than 3 seconds.

1397030

Seeing "VMHost RE 0 Secure BIOS Version Mismatch" and "VMHost RE 1 Secure Boot Disabled" alarms

Minor False alarms "Secure BIOS Version Mismatch" seen on MX1008 platforms. There is no functionality break/impact due to this.

1397325

The BUM traffic might not be flooded in EVPN-MPLS scenario

In EVPN-MPLS (Ethernet VPN - Multiprotocol Label Switching) scenario with bridge-domains used, any configuration change which causes a BD (Bridge Domain) reincarnation (e.g. change of vlan-id-list under bridge-domains) might break the flooding of BUM (Broadcast, Unknown-unicast, Multicast) traffic. The issue leads to BUM traffic loss. All services that relying on BUM traffic might be impacted.

1399371

When committing a configuration for a VLAN adding to an EVPN instance and an AE interface respectively the newly added VLAN interface count might be zero (0) in that bridge domain

On all MX-Series platforms with EVPN supported, when committing a configuration for a VLAN adding to an EVPN instance and an AE interface respectively the newly added VLAN interface count might be zero (0) in that bridge domain and causes all the traffic in that VLAN to be blocked. However, if the two configurations are committed all together in one time, the interface count will be the correct number right after the committing.

1399726

EVPN Type 2 MAC+IP route is stuck when the route Advertisement has 2 MPLS labels and Withdrawal has 1 label

In EVPN (Ethernet VPN) scenario, if the router receives a Type 2 MAC+IP route Advertisement having 2 MPLS labels, and then Withdrawal of the same route with only 1 label, the Withdrawal will not be processed and that route will be stuck.

1400716

Only one PFE could be disabled on FPC with multiple PFEs in error/wedge condition

On MX, PTX and QFX platforms with Chassis Manager (CM) error reporting, if Flexible PIC Concentrator (FPC) has multiple Packet Forwarding Engines (PFEs) in which one of PFEs goes into wedge condition, due to this issue, the wedge condition might be reported continuously even after disable_pfe action has been taken for the corresponding PFE. Due to this issue, when CMERROR message queue is saturated and the level report-limit is reached (e.g. 10 major errors), the wedge condition on the other PFE within the same FPC will be ignored and not be able to trigger disable_pfe action any more. This issue might cause some traffic being blackholed.

1401817

The na-grpcd log file is not rotated and keeps growing until RE is out of disk space

In JET/Telemetry scenario, the Telemetry log file is not rotated and keep growing until Routing Engine (RE) is out of disk space, this might cause unexpected impact of RE, and eventually lead to RE crash. The fix has now been provided to set max allowable size to 50M and once the file reaches its max size, it will get rotated and compressed.

1404134

The rpd memory leak might be seen in ISIS Segment Routing scenario

In ISIS Segment Routing (SPRING) scenario, when "routing-options forwarding-table chained-composite-next-hop transit labeled-isis" is configured (default enabled on PTX), rpd memory leak for "RT_NEXTHOPS_TEMPLATE" might be observed. If the memory is exhausted, the rpd process might crash.

1404857

EVPN database and bridge mac-table are out of sync due to the interface's flap

If some interfaces flap faster on the remote PE, EVPN database and bridge mac-table might be out of sync on the local PE device. When this issue occurs, it may cause the impacted PE broadcasts packets to all the other PEs. And the broadcasted packets might cause traffic congestion which results in packet loss.

1405430

No chassis alarm is raised on PTX1000 when PEM is removed or power lost to PEM

When a PEM is removed or loses power on a PTX1000 in susceptible code versions, no chassis alarm is raised.

1406030

Fabric performance drop on MPC7/8/9E and SFB2 based MX2000 platform

On MPC7/8/9E and SFB2 based MX2000 Series platforms, code change done by PR 1336446 fixing MPC7/8/9E fabric re-ordering issue with SFB causes fabric performance drop. The throughput might not reach the expected value in high volume traffic scenario.

1406807

In a Layer2 domain, there might be unexpected flooding of unicast traffic at every 32-40s interval towards all local CE-facing interface

In a Layer2 domain (e.g. bridge-domain, VPLS), unexpected flooding of unicast traffic might be seen towards all local CE-facing interface if the FPC on the primary LSP is offline and the backup path PFE starts carrying the traffic.

1410813

Traffic loss may be seen on MPC8E/MPC9E after request one of the SFB2s offline/online

On MX2020/2010 platform, traffic traversing MPC8E/MPC9E may be discarded after one of SFB2s goes offline and it is requested online. This is a timing issue as it's not reproducible all the time.

1411456

The vlan tag is wrongly inserted on the access interface if the packet is sent from an IRB interface

With access interface configured on MPC7E/MPC8E/MPC9E/MX10k-LC2101/MX10003/MX204, the vlan tag is wrongly inserted on the access interface if the packet is sent from an IRB interface.

1412534

Family inet of the unnumbered interface might be getting deleted when deleting one of the IPs of the binding interface

When an unnumbered interface is binding to an interface which has more than one IP address and one of the IPs is deleted, the family inet of the unnumbered interface might be getting deleted. The issue results in traffic loss for all the services that rely on the family inet of the unnumbered interface. Configure preferred-source-address on the unnumbered interface will prevent deletion of the IP hence avoiding the deletion of the family inet of the unnumbered interface.

1412659

Junos PCC may reject PCUpdate/PCCreate message if there is metric type other than type 2

When using PCEP (Path Computation Element Protocol), if a PCE (Path Computation Element) generates a PCUpdate or PCCreate message which contains a metric type other than type 2, the Junos device acting as PCC (Path Computation Client) may fail to process the message and reject the PCUpdate or PCCreate message from the PCE. When the issue occurs the LSPs' (Label-Switched Path) characteristics cannot be updated hence it may cause traffic impact.

1412829

The rpd might crash in BGP-LU with egress-protection while committing configuration changes

In BGP labeled-unicast scenario with egress-protection enabled, the rpd might crash while committing some configuration changes even the changes are not related to egress-protection itself.

1414021

The CPU utilization of the rpd process is stuck at 100% if BGP multipath is configured

In BGP with the indirect next-hop scenario, if uRPF is enabled, and then enable BGP multipath, a background job loop might be formed and the CPU utilization of rpd process might be stuck at 100%.

1414863

When utilizing Unified Policies, vSRX 3.0's srxpfe process may crash

When utilizing Unified Policies, vSRX 3.0's srxpfe process may crash and create a core-file

1415117

The input and output bytes or bps statistic values might not identical for the same size of packets

On SRX4600 device, input and output bytes or bps statistic values might not identical for a same size of packet

1415207

MTU issue might cause PS interface to flap during dcd restart or GRES switchover

On MX-series platforms, if non-default MTU (for eg: 4400) is configured on PS interface IFD (Physical Interface), when performing a GRES or dcd restarts, the dcd triggers catastrophic events below the IFF (interface family). This might cause deletion and addition of IFAs (interface address) and it causes protocol sessions (such as BGP session) on this PS interface to flap.

1415599

The ISIS-SR route sent by the mapping server might be broken for ECMP

On MX/PTX series, in ISIS-SR (segment routing) scenario, the ECMP (equal-cost multi-path) route sent by ISIS-SR mapping server stitched from LDP might not be pushed labels on one of ECMP paths, which results in traffic blackhole on the next-hop with no label.

1417103

KVM core observed on configuring MTU on eth interface of VNF

WIth VNF running when MTU is configured, then KVM crash is observed and VNF goes down.

1418680

ACX-5448: BFD Timer value are not as per the configured 900ms with multiplier 3, its showing 6.000 with multiplier 3 instead for most of the sessions.

ACX-5448: BFD Timer value are not as per the configured 900ms with multiplier 3, its showing 6.000 with multiplier 3 instead for most of the sessions.

1419800

A memory leak in rpd might be seen if source packet routing is enabled for IS-IS protocol

If source packet routing or segment routing is enabled for IS-IS protocol, a memory leak might happen in the routing protocol process (rpd). The rpd will crash and restart once the rpd runs out of memory.

1423707

Traffic is dropped after FPC reboot with AE member links deactivated by remote device

On JUNOS routers and switches with Link Aggregation Control Protocol (LACP) enabled, deactivating a remote Aggregate Ethernet (AE) member link will make the local member link move to LACP Detached state. The Detached link will be invalidated from the PFE AE-Forwarding table as expected. However, if the device is rebooted with this state, all the member links will be enabled in PFE AE-Forwarding table irrespective of LACP states and result in traffic drop.

1424090

All interfaces will be down and the dcpfe will get crash if SFP-T is inserted on QFX5210

On QFX5210 platform starts from Junos 18.1R1, all interfaces will be down and the dcpfe will get crash if SFP-T is inserted on QFX5210. All service will be impacted as all interfaces are down.

1425339

The IFLs in EVPN routing instances might flap after committing configurations

When EVPN (Ethernet VPN) routing instance is created, there is an implicit bridge domain created for this EVPN. After creating another routing instance, the index of the implicit bridge domain created for EVPN is not updated properly in DCD. Therefore, the IFLs in EVPN routing instances might flap.

1426350

PEMs lose DC output power load sharing after PEM switch off and on operation on MX platforms

MX PEMs lose DC output power load sharing after PEM switch off/on operations.

1426588

REST API does not work on vSRX running 18.4R1/18.4R1-S1/18.4R1-S2/19.1R1

With vSRX (Not vSRX3.0), REST API query returns a 500 error. This is due to the incorrect mapping of the path to the required REST API libraries

1426975

Traffic loss might be seen when multiple IPsec tunnels are established with the remote peer

In IPsec DEP (Dynamic Endpoint) scenario, if multiple IPsec tunnels are established with the same traffic selector to the remote peer, only the reverse route pointing to the latest tunnel will be installed. Traffic sent through other tunnels will be dropped. If any of these tunnels is deleted, the installed reverse route will be deleted as well and traffic sent through the working tunnel will be dropped too.

1427147

The rpd might crash while handling the withdrawal of an imported VRF route

In L3VPN scenario with multipath enabled for BGP L3VPN family, if the knob "no-vrf-propagate-ttl" and "maximum-prefix" are configured for VRF, in some certain conditions, the rpd might crash when the maximum-prefix is hit and the withdrawal of VPN route occurs.

1430910

ACX5448 - Upon reboot of MC_LAG peer, when peer comes up (but before hardware comes up) there is a 10-20 second traffic hit on node1

The tx laser was enabled by default in CPLD. Therefore, the link is shown up on the peer as soon as the pfe starts.

1431885

QFX5110 SFP-T: All ingress traffic are dropped on 100m fixed speed port with no-auto-negotiation

On QFX5110, ingress traffic will be dropped on 100m fixed speed port which has no-auto-negotiation setting.

1432889

ACX5448: Auto-RP mapping periodically timeouting

if Auto-RP is used to signal RP, ACX5448 platform is periodically timeouting Auto-RP mapping. That is due to the fact that we are not specifying the proper port and queue towards CPU which will cause RP announce message not reaching RE and hence RP mapping timeout

1436465

rpd cores seen on multiple devices in network after the vrf reached max bgp prefixes count

In a BGP L3VPN with no-vrf-propagate-ttl and multipath enabled, when BGP L3VPN primary path is changed an rpd core may occur

1439950

The limit on maximum OVS interfaces is restored to the originally defined limit 25 for backward compatibility.

The limit on maximum OVS interfaces is restored to the originally defined limit 25 for backward compatibility.

Modification History:
Publication Date 2019-06-20
Related Links: