Knowledge Search


×
 

17.4R2-S5: Software Release Notification for Junos Software Service Release version 17.4R2-S5

  [TSB17597] Show Article Properties


Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, Network Agent
Alert Description:
Junos Software Service Release version is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 17.4R2-S5 is now available.

The following are incremental changes in 17.4R2-S5.

 
PR Number Synopsis Description
1319631

Traffic might get blackholed temporarily when BGP GR is triggered and the direct interface flaps

After BGP session is established, if Graceful Restart (GR) is triggered and the direct connected interface flaps at the same time, traffic might get blackholed until the routes are flushed. GR helper mode is wrongly being triggered.

1327099

GRE interface might not come up after deactivate/activating the routing-instances

GRE interface might not come up after deactivating/activating the routing-instances or related changes that might result in route table change.

1329656

bcmDPC task is high eventhough Interuppt START_BY_START flag set to 0

START_BY_START_ERR interrupt handler was not available with the previous version of bcm sdk code. This lead to the status checking of this flag continously by bcmDPC process leading to high CPU utilization. This has been fixed in this release by adding a handler for this interrupt.

1363153

ARP reply is drop when we add temporal buffer-size on the NNI interface

ARP request is getting dropped and not forwarded to the NNI interface queue when the CoS configuration has temporal buffer size.

1363935

Packet drop in EVPN stitching with IRB configured.

In Ethernet VPN (EVPN) interconnecting scenario where EVPN-VXLAN or EVPN-MPLS instances are stitched, if one routing instance has an IRB interface configured and the other one does not have IRB, traffic loss might be observed because packets with the IRB MAC as source MAC (for example, ARP requests) are discarded.

1365316

Extended traffic loss when performing ISSU/GRES with AE interface configured with LACP

When the graceful Routing Engine switchover (GRES) is enabled, if the Link Aggregation Control Protocol (LACP) is configured on the AE interface, the AE interface might flap when the Routing Engine switchover happens - e.g. the unified in-service software upgrade (ISSU) is performed or the master RE is restarted. This could cause extended traffic loss (more than 5 sec, depending on how fast the AE interface recovers).

1366259

MS-MPC/MS-PIC might be crash in NAT scenario

MS-MPC/MS-PIC might be crash if two or more service sets configured with the same prefix lists and SIP ALG is configured in NAT scenario.

1367224

I2C error logs are seen when configuring wavelength on tunable SFP+ with part-number 740-053356

I2C error logs are seen when configuring wavelength on tunable SFP+ with part-number 740-053356

1367766

The EVPN implementation does not follow RFC-7432

The EVPN implementation does not follow RFC-7432 when encoding/decoding 20-bit MPLS labels into ESI Label field in ESI Label Extended Community.

1373368

PTP timescale arbitrary feature support in mainstream releases

For arbitrary timescale , default clock-class to quality level mapping needs to be added on the slave nodes as mentioned in the workaround. The current default clock class to quality level mappings are not as required for this feature.

1377749

In EVPN A-A scenario with MX or EX acting as PE device,flood NHs to handle BUM traffic may not get created or miss certain branches when the configuration is performed in a particular sequence

In EVPN A-A scenario with MX or EX acting as PE device,flood NHs to handle BUM traffic may not get created or miss certain branches when the configuration is performed in a particular sequence

1378747

FEB restarted after commit "delete interfaces e1-0/0/*"

Because of a race condition, in which the "class-of-service" configuration request for an interface is received before the e1-interface is created, a circuit with specified class-of-service parameters is created. Because of this, the interface creation fails resulting in traffic not flowing on the e1-interface and then (if e1-interfaces are further disabled or enabled) a core file is generated.

1380231

The RE might crash with various core files due to the deadlock issue on the SDB STS

In the system that uses session database (SDB), the deadlock might happen when getting the lock on the SDB short term storage (STS) due to a rare timing issue. It is more likely to happen on Enhanced Subscriber Management environment with large-scale subscribers (such as 50k subscribers). The issue will cause the master Routing Engine (RE) to crash with various core files and lose the management connectivity. And the subscriber service could be affected. The issue might happen on single RE system as well as dual RE system. In the dual RE system, the master RE crash could trigger a RE switchover. But the issue could cause the incomplete state on the SDB in the new master RE, which could cause the subscribers login failure. A restart of smg-service on the new master RE will recover this login issue.

1380600

The routes learned over an interface will be marked as "dead" next-hop after changing the prefix-length of IPv6 address on that interface

If an interface is configured with 128 prefix length for IPv6 address, the route learned over that interface might be marked as "dead" next-hop after the prefix length is changed from 128 to any other prefix length.

1384491

Multiple bbe-smgd cored with reference to bbe_mcast_vbf_dist_policy_service_encoder( )

When commit, any changed policy was being pushed to PFE even if the policy is not used (installed in the PFE). This caused bbe-smgd process to restart unexpectedly at the bbe_mcast_vfb_dist_policy_service_encoder() routine.

1386768

Changing the value of mac-table-size to default may lead all FPC to reboot

If the value of mac-table-size of a given VLAN which is carrying traffic is changed to default, then the layer 2 forward table ( IFL-List ) needs to be re-associated with Flush-List which keeps the newest MAC list pushed by the Route Engine ( RE ), then the IFL-List must be deleted for this re-association. However, when the MAC entries are deleted, their flags might still remain in the IFL-List, that causes the MAC deletion failure, also the update of the Flush-List might get stuck. Consequently, all FPC might reboot.

1387730

QFX5100/QFX5110/QFX5200/QFX5210 Virtual chassis could not be formed normally

On QFX5100/QFX5110/QFX5200/QFX5210-VC scenario with versions after 17.4R1, when forming the VC, the VCP port might not come up stably and flap with some CRC errors observed. And the Virtual Chassis might flap frequently and could not get form normally. Thus traffic drops might be seen on the VC High Gigabit ports.

1388290

IPsec IKE keys are not cleared when delete/clear notification is received

IPsec IKE keys are not cleared when delete/clear notification is received from the peer on GRES enabled device.

1389337

In rare cases rpd might crash after RE switchover when BGP multipath and L3VPN vrf-table-label are configured

When BGP multipath and L3VPN vrf-table-label are configured, after RE switchover, in rare cases, rpd might crash due to a vrf-table-label reallocation issue. During the crash, the routing table and neighborship will become unstable and traffic will be dropped, it will be restored automatically.

1389688

Layer 3 ip route might be deleted after L2 next-hop change is seen.

On EX4300 platform, Layer 3 ip route would be deleted when L2 next-hop change is seen or PFE receives duplicate nexthop change messages (Examples can be the STP/LAG state change of interfaces). And it will cause traffic drop.

1399184

All dcd operations might be blocked if profile-db is corrupt

In 'dynamic-profiles' scenario, if the profile-db is corrupt, all dcd operations are blocked. (e.g., not be able to add any interfaces). The device control process (dcd) is used to control the device's interfaces.

1399369

CPU hog may be observed on PTX/QFX10000 Series platform

On PTX/QFX10000 series platform, CPU hog on PFC may be observed if the adaptive feature is enabled to load-balance for an AE interface.

1399873

ARP refresh functionality may fail in an EVPN scenario

Address Resolution protocol (ARP) refresh functionality may fail in an Ethernet VPN (EVPN) scenario due to that the refresh packets with unicast destination MAC address sent from the device are not conformed with RFC5227 and discarded by the hosts with strict check on RFC conformity.

1401808

FPC coredump due to a corner case scenario (race condition between RPF, IP flow).

In a BBE deployment where the RPF and MAC check is enabled, a race condition can cause software failure resulted in a FPC to restart.

1403147

The cosd process might crash during committing configuration change via netconf

If excess-priority is configured, the cosd process might crash during committing configuration change which includes assigning CoS profile on any logical interface via netconf.

1404857

EVPN database and bridge mac-table are out of sync due to the interface's flap

If some interfaces flap faster on the remote PE, EVPN database and bridge mac-table might be out of sync on the local PE device. When this issue occurs, it may cause the impacted PE broadcasts packets to all the other PEs. And the broadcasted packets might cause traffic congestion which results in packet loss.

1405055

The subscriber may not access the device due to the conflicted assigned address

In a subscriber management environment, the subscriber (say, subscriber A) may not access the device (A can get IP address x.x.x.x but then the connection will be terminated), because the address x.x.x.x is previously assigned to another subscriber B and then re-assigned to A before confirming whether the respective access route for address x.x.x.x is removed.

1405956

QFX5120 : In VxLAN-EVPN configuration , transition from collapsed to non-collapsed L2/L3 GW and vice versa needs switch reload

On a QFX5120 system Transition from VXLAN/EVPN collapsed to non-collapsed L2/L3 GW and vice versa needs switch reload due to stale source vtep IP.

1406807

In a Layer2 domain, there might be unexpected flooding of unicast traffic at every 32-40s interval towards all local CE-facing interface

In a Layer2 domain (e.g. bridge-domain, VPLS), unexpected flooding of unicast traffic might be seen towards all local CE-facing interface if the FPC on the primary LSP is offline and the backup path PFE starts carrying the traffic.

1407848

"show configuration" and "rollback compare" commands causing high CPU

If scaled config of interfaces and filters are configured, the CPU usage hits 100% for a few seconds while running "show configuration" or "show system rollback compare " commands.

1408974

The kmd process might crash on MX/ACX platforms when IKEv2 is used

On MX/ACX platforms, when IKEv2 is used for IPsec VPN and Dead Peer Detection (DPD) is enabled, if IKEv2 rekey interval is very short (about 6-7 minutes), the kmd process might crash, it will lead both VPN peers to tear down the tunnel.

1409585

The port at FPC(e.g. JNP10K-LC1101) might fail to come up

On rare occasions, the port at FPC(e.g. JNP10K-LC1101) might fail to come up due to the retimer initialization failure upon the FPC reboot/OIR and a QSFP OIR.

1409632

Indirect-next-hop pointing to unknown unilist stuck with weight 65535 may occur after a link flap

In the scenario where bgp multipath is enabled, when forwarding chain is unilist_1->indirect-next-hop->unilist_2, any change in unilist_2 active member list will be absorbed by indirect-next-hop in the chain and the change will not be back propagated to top-level unilist_1. If a link flaps it will cause indirect-next-hop pointing to unilist_2 stuck with weight 65535 and further causing traffic blackholing.

1413224

The rpd memory leak might be seen due to a wrong processing of a transient event

From Junos 16.1R1, in large-scale setup (e.g. ~400 BGP peers), during routes update/links flapping, the RTSOCK (trace routing socket event, a transient event) message produced by KRT might be handled incorrectly, it will cause rpd memory leak. If the memory is exhausted, the rpd process might crash.

1413663

The support of inet6 filter attribute for ATM interface is broken in the release 17.2R1 and onwards

On all Junos platforms with the release 17.2R1 and onwards, the support of inet6 filter attribute for Asynchronous Transfer Mode (ATM) interface is broken by mistake.

1414145

FPC crash may be observed if it reaches heap utilization limit

In a subscriber management environment, FPC crash may be observed if it reaches heap utilization limit along with continuously subscriber login in, this is due to a code defect which fails to report this condition accurately, then because of this failure further subscriber login in is allowed, which further causes FPC crash.

1414434

The PTX10002 may stop forwarding packets after the "chassis-control" process restarts

This issue is specific to PTX10002. During normal operation, if the "chassis-control" process restarts, Express ASICs are not initialized. This causes packets dropped on the output queue.

1417574

Some subscribers might be offline when doing GRES or daemon restart

In DHCP subscriber scenario, some subscribers might be offline when doing GRES or daemon restart. The reason is that when restoring the subscribers back from SDB (subscriber database), PDB (Profile database) call (a internal call which is done to determine the interface type) fails. Because sometimes PDB calls are unreliable and could return error if database is not ready. And this is also the root cause.

1417931

RSVP LSP might get stuck in down state in OSPF Multiarea topology

In OSPF Multiarea topology (ABR has one or more multi-area adjacencies--one interface is attached to multiple OSPF areas), and inter-area RSVP LSP is configured (inter-domain is configured inside LSP), when primary path failure or optimize-timer triggers to signal a new instance of LSP, the LSP might get stuck in down state and it could not complete the signaling process. The reason is the incorrect CSPF on ABR which leads to RSVP path message loop and also causes next CSPF run to be skipped on the headend.

1418960

The PPPoE negotiation of subscriber connection might fail when 65535 is assigned as session-id

On MX platform running with Point-to-Point over Ethernet (PPPoE), the reserved PPPoE session-id 65535 might also be assigned to the subscriber, and it's conflicted with RFC 2516. The PPPoE negotiation of subscriber connection might fail due to this issue.

1419542

A new tunnel could not be established after changing the NAT mapping IP address until the IPEC SA Clear command is run

On IPSEC VPN with NAT-T scenario, when changing the NAT mapping IP address on NAT device, the new tunnel could not be established until the IPEC SA clear command is run. The reason is that the NAT IP change with any IKE negotiation triggers IPsec SA cleanup even before handling the delete request, and old NAT IP is still present even after the internal IPSEC SA update/handling. And this causes a problem in new IPsec SA setup later because old entry for this proxy ID is present with some other remote gateway (which is nothing but old NATTed IP entry). The related syslog messages could be seen in the External Description.

1420776

IPv6 ISIS routes might be deleted and not be reinstalled when MTU is changed under the IFL level for family inet6

In ISIS IPv6 scenario, if MTU is changed under the IFL (Logical Interface) level for family inet6, the ISIS IPv6 route might be deleted and might not be reinstalled. These routes remain present in ISIS database and ISIS adjacency remains UP as well. The reason is that ISIS interface data is not added for IPv6 unicast topology after the interface MTU changing event. And this does not allow the ISIS IPV6 routes to get resolved.

1420983

The FPC CPU might be hogged if channelized interfaces are configured

On MX platform, with 1xCOC12 or 4XCOC3 used, if channelized interfaces are configured, FPC CPU hog might be seen.

1421314

MX LNS might fail to forward the traffic on the subscriber Access route.

On MX platforms, if the following steps happen in a succession, packets from subscriber using the subscriber access route prefix might be dropped in PFE with exception reason as "SW ERROR". 1. Bring up subscriber with BGP disabled 2. Subscriber Access route prefix is installed with correct RPF info 3. Enable BGP 4. Access Route get updated with a different non subscriber NH. This results in loss of RPF information 5. Disable BGP 6. Route get added back with subscriber NH. This time since the RPF information is lost, RPF check for this IP will result in drop of packet

1422535

4x10G interfaces on PTX3000/PTX5000 FPC type 3 might not come up after frequently flap for a large amount of time

On PTX3000/PTX5000 platforms with FPC3, if remote-connected interface continuously flaps for a large amount of time, the 4x10G interfaces on FPC3 might get down and never come up. The probability of occurrence increases with the number of continuous flaps.

1423368

Stale entries may be observed in a layer 3 VXLAN gateway scenario

On QFX5000 series platform where the Layer 3 Virtual Extensible LAN (VXLAN) gateway is enabled such as QFX5110, stale entries may be observed if route change happens, triggering route and nexthop deletion on PFE. Due to the increasing stale entries, which may further fill up the corresponding table and causes the new entries to not get added successfully, traffic loss may be observed as a result.

1423761

The Jflow export might fail when channelization is configured on FPC QFX10000-30C

When channelization is configured on FPC QFX10000-30C (ULC-30Q28) while Jflow (Jflow v9 or v10) is configured on this board, the Jflow export might fail. The issue results in loss of sample flow.

1425339

The IFLs in EVPN routing instances might flap after committing configurations

When EVPN (Ethernet VPN) routing instance is created, there is an implicit bridge domain created for this EVPN. After creating another routing instance, the index of the implicit bridge domain created for EVPN is not updated properly in DCD. Therefore, the IFLs in EVPN routing instances might flap.

1425828

The rpd process might crash and core dump during mpls ping command on l2circuit

When end-interface or backup-interface/protect-interface in end-interface is used as an interface for "ping mpls l2circuit interface" command, the rpd process might crash and core dump.

1426244

Address allocation issue with linked pools when using linked-pool-aggregation

In a chain of linked address pools, if the last pool is sent and linked-pool-aggregation is configured, the head of the linked pool might not be returned once the last pool is consumed.

1427090

Heap memory leak might be seen on QFX10000 platforms

On QFX10000 platforms (QFX10002, QFX10008, QFX10016 ), if BFD is configured, heap memory leak will be seen.

1427868

CFM message flooding.

When an action profile is configured on a VPLS PE functioning as a CFM MEP, transit CFM packets are flooded throughout the VPLS instead of being sent unicast to its destination.

1428094

PTX10K/LC1101: when an interface is configured with jumbo frames support (e.g. MTU = 9216), the effective MTU size for locally sourced traffic is 24 bytes less than the expected value

PTX10K/LC1101: when an interface is configured with jumbo frames support (e.g. MTU = 9216), the effective MTU size for locally sourced egress traffic is 24 bytes less than the expected value. This issue is confined to locally originated traffic only and does not affect transit traffic.

1430722

QFX10K: Hold-down timer configured interface are processing incoming packets leading to packet forwarding through the ASIC

QFX10K: Hold-down timer configured interface are processing incoming packets leading to packet forwarding through the ASIC

1431038

The NCP session might be brought down after IPCP Configure-Reject is sent

On MX platforms running with Point-to-Point Protocol (PPP) subscribers, if the subscriber repeatedly send PPP Internet Protocol Control Protocol (IPCP) Conf-Request packet with a fixed IP address which couldn't be offered, MX will reply with IPCP Conf-NAK. Then after Network Control Protocol (NCP) max-failure is reached, MX will send Conf-Reject and directly bring down the NCP session due to this issue. The unnumbered Conf-Request with no IP address in IP option sent by subscriber later will be discarded due to NCP event down already takes place.

1431459

The bbe-smgd might crash if subscribers are trying to login/logout and a config commit activity happens at the same time

In Next Generation Subscriber Management (Tomcat) scenario, the bbe-smgd process might crash if a config commit activity happens when subscribers are trying to login/logout. The issue will lead to a crash/core dump by the bbe-smgd daemon, but the daemon will restart and recover state. There will be no traffic impact for existing flows, but for new flows/logins/logouts, a momentary disruption might be seen while the bbe-smgd daemon restarts.

1432293

Incorrect MAC count with "show evpn/bridge statistics"

After a mac move from local interface to a remote mac, "show bridge/evpn statistics" command reports the wrong number of MACs learned on an interface. "show bridge/evpn mac-table count" provides the accurate number of MACs learnt

1433557

"show services accounting status name all" command causes kernel core

"show services accounting status name all" command may lead to kernel core and RE switchover on MX platforms. Issue here is that the RTSOCK receive buffer set by this command is 32Kb, while the nexthop message being appended is bigger (35KB) which triggers kernel core.

1434004

MX URLF: URL case sensitivity support

URI portion in URL will become case-sensitive via a hidden config knob "url-case-sensitive" under "url-filter-template". Existing behaviour is the default i.e., URL is case-insensitive including URI. url-filter[web-filter] { profile { url-filter-database ; template { ???? ???? url-case-sensitive; ???? ???? } } }

1435687

The second IPSec ESP tunnel might not be able to establish between two IPv6 IKE peers

On SRX5400/5600/5800 platforms acting as a middle device between Internet Key Exchange (IKE) peers, it is not able to establish more than one Encapsulating Security Payload (ESP) session between two IPv6 IKE peer if the IKE ALG is enabled on the middle SRX device.

1435705

On QFX10K platforms, SIB and FPC minor Link Error alarms might happen on QFX10K switches due to a single CRC

SIB and FPC Minor alarms might happen on QFX10K switches due to a single CRC in the internal Fabric link. Example: show chassis alarms 2 alarms currently active Alarm time Class Description 2019-05-12 18:20:26 UTC Minor FPC 4 SIB Link Error 2019-05-10 00:47:16 UTC Minor SIB 5 FPC Link Error

1435791

In ACX platforms, no-vrf-propagate-ttl may not work after activate or deactivate of COS configuration

No-vrf-propagate-ttl may not work after activate or deactivate of COS configuration in acx

1437302

The next-hop mac address in the output from "show route forwarding-table" command might be wrong

Cosmetic problem cli display of wrong next hop mac address in show route forwarding table command.

Modification History:
First publication date 2019-06-24
Related Links: