Knowledge Search


×
 

16.1R7-S5: Software Release Notification for Junos Software Service Release version 16.1R7-S5

  [TSB17601] Show Article Properties


Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, T, TX, PTX, MX, QFX5100, VMX, VRR, Network Agent
Alert Description:
Junos Software Service Release version 16.1R7-S5 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 16.1R7-S5 is now available.

The following are incremental changes in 16.1R7-S5.

 
PR Number Synopsis Description
1216198

ACX PFE reports acx_nh_mpls_tunnel_uninstall "Operation still running" and acx_nh_tag_hw_install : "Table full" messages

On ACX series routers, in a scaled environment with link protection/FRR, frequent LDP route flaps/NH flaps or route churn due to some activity may lead to the "Operation still running" messages . These route flaps are leading to creation of duplicate mpls entries in the hardware ASIC and due to that memory is consumed in the hardware ASIC. This memory full is observed with the pattern "acx_nh_tag_hw_install: BCM L3 Egress create object failed for NH 13423 (-6:Table full)" messages in the logs. Fix of this PR will make sure there are no duplicate entries formed in the hardware ASIC when there is route churn.

1220671

Tacacs access does not work after upgrade

The /etc/passwd file is created in the process of the first commit when a pristine jinstall image is used to boot for the first time. If event-options is configured, the system will try to read the configuration from the available event scripts, which requires privileges obtained from the /etc/passwd file. That causes a circular dependency because the commit will not pass if the configuration includes event-options the first time a pristine image boots up, which is the case of an upgrade performed with virsh create.

1222670

The kernel might crash if interface family gets deleted

The kernel might crash if interface family get deleted.

1231402

EVPN/VXLAN: MAC entry incorrectly programmed in PFE, leading to some traffic blackhole

An incorrect PE router is attached to an ESI when the router receives two copies of the same AD/ESI route (for example, one through eBGP and another one received from an iBGP neighbor). This causes a partial traffic black hole and stale MAC entries. You can confirm the issue by checking the members of the ESI: user@router> show evpn instance extensive ... Number of ethernet segments: 5 ESI: 00:13:78:00:00:00:00:00:00:01 Status: Resolved Number of remote PEs connected: 3 Remote PE MAC label Aliasing label Mode 87.233.39.102 0 0 all-active 87.233.39.1 200 0 all-active <<<< this PE is not part of the ESI 87.233.39.101 200 0 all-active

1287342

The oneset/leaf-list configuration might not get deleted with delete operation through JSON

The deletion of oneset/Leaf-list configuration through JSON might not get deleted when the "delete" attribute is passed in the JSON string.

1303491

The kysncd process might crash after removing and inserting backup RE in analytics and "mpls sensor" scenario

On all junos platforms with JVision, Multiprotocol Label Switching (MPLS) stats sensor and graceful routing engine switchover (GRES) configured. The kysncd process might crash when the backup RE is removed/inserted.

1334966

The IPsec rule might not work if both IPv4 ANY-ANY term and IPv6 ANY-ANY term are configured for it

When IPsec service is configured on MS-MPC/MS-MIC, the IPsec rule might not work if both IPv4 ANY-ANY term and IPv6 ANY-ANY term are configured for it. This is because of rule matching without type check. It is a day-1 issue.

1338559

After a MPLS LSP link flap and local repair, a new LSP instance is tried to be signaled but it may get stuck

After Resource Reservation Protocol (RSVP) Multiprotocol Label Switching (MPLS) Label Switched Path (LSP) link flaps (link goes down and comes back up), RSVP tries to create a second MPLS LSP instance, if Resv/PathErr message drops for the second MPLS LSP instance, then the second MPLS LSP instance is stuck, and no further optimizations are possible.

1342681

The interface might flap continuously after device reboot

On PTX5K/PTX3K platform with P3-24-U-QSFP28 PIC installed, after reboot the device, the interface might flap continuously.

1342942

KRT queue might be stuck on changing RD of a routing-instance

Junos platforms do not support 'on the fly RD change' - changing the RD (route distinguisher) of an active routing-instance to another value, which might lead to KRT (kernel routing table) queue to be stuck and hence routing/forwarding impact. This is because of the software design and is a production limitation. However such on the fly RD change can be successfully committed without any type of error message. With fix of this PR, error message will be reported in syslog upon commit.

1345085

After ISSU upgrade this continuous error message is seen: ms50 mspmand[229]: SA handle not installed

SA handle not installed message can be seen during issu upgrade.

1345720

The rpd might crash when doing RE switchover with NSR and logical-system configurations

When doing RE switchover with NSR (nonstop-routing) and logical-system configurations, rpd core might happen. This issue is platform independent. And it would cause traffic or service impact.

1346954

The rpd process might crash after GRES when multipath is configured

In NSR and BGP multipath scenario, after RE switchover, the rpd process might crash due to inconsistent multipath cache.

1347650

Suppressing cfmd logs : jnxSoamLmDmCfgTable_next_lookup: md 0 ma 0 md_cfg 0x0

The PR suppress the unnecessary CFMD logs like below:

Mar 9 11:30:51.614 2018 MX cfmd[28796]: %DAEMON-3: jnxSoamLmDmCfgTable_next_lookup: md 0 ma 0 md_cfg 0x0
Mar 9 11:30:51.614 2018 MX cfmd[28796]: %DAEMON-3: jnxSoamLmDmCfgTable_next_lookup: md 0 ma 0 md_cfg 0x8d69160
Mar 9 11:30:51.614 2018 MX cfmd[28796]: %DAEMON-3: jnxSoamLmDmCfgTable_next_lookup: md 0 ma 0 md_cfg 0x0
Mar 9 11:30:51.614 2018 MX cfmd[28796]: %DAEMON-3: jnxSoamLmDmCfgTable_next_lookup: md 0 ma 0 md_cfg 0x8d69160
Mar 9 11:30:51.614 2018 MX cfmd[28796]: %DAEMON-3: jnxSoamLmDmCfgTable_next_lookup: md 0 ma 0 md_cfg 0x0
Mar 9 11:30:51.614 2018 MX cfmd[28796]: %DAEMON-3: jnxSoamLmDmCfgTable_next_lookup: md 0 ma 0 md_cfg 0x8d69160
Mar 9 11:30:51.614 2018 MX cfmd[28796]: %DAEMON-3: jnxSoamLmDmCfgTable_next_lookup: md 0 ma 0 md_cfg 0x0
The occurrences of these log messages may be accompanied by high CPU utilization by cfmd and eventd processes.
PID USERNAME       THR PRI NICE   SIZE    RES STATE    TIME    WCPU COMMAND
12521 root             1  81    0   865M 19180K RUN     33.6H  31.30% cfmd
11669 root             1  81    0   718M  4988K RUN    113.8H  28.66% eventd
 

 

1350302

Licenses might not take effect even though license key configuration is committed successfully

On all Junos platforms, licenses might not take effect after successfully committing a license key configuration.

1357016

The DHCPv6 binding might be stuck in "RELEASE(DHCPV6_RELAY_STATE_WAIT_SUBSCR_DELETE)" state when route-suppression is configured

On all MX-Series platforms with the route-suppression configuration, when the subscriber sends a release message, the binding remains and it might not able to be released, as a result, the DHCPv6 binding might be stuck in "RELEASE(DHCPV6_RELAY_STATE_WAIT_SUBSCR_DELETE)" state.

1357965

When forwarding-class-accounting knob is enabled, on an interface, inside of a routing-instance of instance-type vrf, aggregate input forwarding-class statistics do not increment (egress statistics work fine).

When forwarding-class-accounting knob is enabled, on an interface, inside of a routing-instance of instance-type vrf, aggregate input forwarding-class statistics do not increment (egress statistics work fine).

1358339

The subscriber might fail to bind and some process might restart in a large-scale subscriber environment due to a rare timing issue

On MX and M120/M320 platforms, when large-scale subscribers attempt to login, some subscribers might fail to bind and bbe-smgd coredump might be seen due to a rare timing issue.

1359282

MPCs may restart during ISSU

On MX/EX9200 platforms, MPCs may restart if performing ISSU from the versions before 17.4 (including 17.4) which are not fixed in the PR to the versions after 18.2R1 (including 18.2R1).

1361617

VC-Bm can't sync with VC-Mm when the Virtual-Chassis splits then reforms

In MX-VC scenario, if any events that might cause the Virtual-Chassis to splits then reforms such as VCP port flapping or backup restart etc happens, Master Routing Engine in Virtual Chassis backup router (VC-Bm) might not sync with Master Routing Engine in Virtual Chassis master router (VC-Mm).

1363773

The l2circuit on MPC7E/8E/9E with asynchronous-notification and ccc configured might keep flapping when the circuit is going up

The l2circuit on MPC7E/8E/9E with asynchronous-notification and ccc configured might keep flapping when the circuit is going up.

1363803

The multicast route update may stuck in KRT queue and the rpd may crash if rpd and kernel go out of sync

In multicast scenario under large-scale route environment, the multicast route update may stuck in KRT queue, and the rpd may crash and restart.

1365709

In case of MPLS ,DMR packets are sent with different mpls exp bits if MX receives CFM DMM packets with varying exp values on MPLS header

When below conditions are met, after traversing through MPLS network, if CFM DMM packets arrive with varying exps value on MPLS header, DMR packets sent with different MPLS exp bit. The varying bit may cause VLAN priority bit viariation, then impact the receiver end, if receiver only matches one particular priority bit. 1/ CFM delay measurement is configured on CE facing AE interface 2/fixed forwarding-class is not configured on interface COS setting.

1366619

The route prefixes with an assigned label might be missed in the LDP database

On all MX-Series platforms, the route prefixes with an assigned label might be missed in the Label Distribution Protocol (LDP) database when BGP-LU link protection is enabled.

1368258

Hashing does not work for the IPv6 packet encapsulated in VxLAN scenario

On QFX5000 Series switches, IPv6 traffic over VxLAN tunnel does not hash, this might result in some unexpected issue in ECMP scenario.

1368913

On QFX5k Series switches ISIS adjacency with Cisco might go down

On QFX5k Series, If ISIS packet is received with DMAC as 09:00:2b:00:00:05 (ISO 9542, All Intermediate System Network Entities Address) and Jumbo frame with EtherType as 0x8870 (non-standard, used by Cisco), such packet will be dropped, resulting in failure in the adjacency.

1370405

Inline Service interface may not UP when bandwidth is configured

Inline-service interfaces are not getting created with BW=40G after fix of PR1355168.

1371222

Minor chassis alarm on Secondary node "Potential slow peers are: FWDD0 XDPC1 XDPC8 FWDD1"

On All SRX platforms, the minor chassis alarm "Potential slow peers are: FWDD0 XDPC1 XDPC8 FWDD1" is shown on Secondary node.

1373575

The traffic might not be load-balanced equally across LSPs with ldp-tunneling configured

When there are more than one RSVP LSP toward the same downstream neighbor and more than one such downstream neighbor exist, if one of the interfaces toward one downstream neighbor is brought down, the weight might become unequal for ECMP and then the traffic might not be load-balanced equally.

1374211

Traffic might be lost for the CoS-based forwarding services if EVPN is configured

When EVPN is configured with class-of-service-based forwarding (CBF), traffic might be lost for the CBF services.

1374530

The bbe-smgd might crash continuously in centralized IGMP scenario

In enhanced subscriber management scenario with centralized IGMP configuration, after the last subscriber of a multicast group leaves that group and in some rare cases the bbe-smgd could not delete the multicast group node from the tree, this insistent state of the node causes the bbe-smgd process to restart. However, when the bbe-smgd restarts in init phase, it would try to delete that multicast node again, this inconsistent state results in bbe-smgd restarting again, so the bbe-smgd could never come out of the init phase and it restarts continuously.

1376354

The rpd process might crash continuously if nsr-synchronization or all flag is used in RSVP traceoptions

Applying Resource Reservation Protocol (RSVP) traceoptions with nsr-synchronization flag or all flag on a Nonstop Active Routing (NSR) enabled device may cause the rpd process to crash due to memory corruption. The memory corruption occurs when size of received RSVP Path message being replicated from master routing engine(RE) to standby RE is greater than 768 characters.

1377749

In EVPN A-A scenario with MX or EX acting as PE device,flood NHs to handle BUM traffic may not get created or miss certain branches when the configuration is performed in a particular sequence

In EVPN A-A scenario with MX or EX acting as PE device,flood NHs to handle BUM traffic may not get created or miss certain branches when the configuration is performed in a particular sequence

1379022

LACP PDU may be looped towards peer MC-LAG nodes

In MC-LAG with force-up scenario, the LACP PDU loop may be seen when both MC-LAG nodes and access device using same admin key.

1381446

Traffic blackhole caused by FPC offline in MC-LAG scenario

On a Junos device in the multichassis link aggregation group (MC-LAG) scenario with integrated routing and bridging (IRB) interface and enhanced-convergence enabled, if the MC-LAG has only one member link, after taking offline the FPC hosting that member link and then clearing ARP, the traffic which is expected to egress the interchassis link (ICL) might get dropped, due to the nexthop being incorrectly set as Discard by code in Junos kernel.

1381527

Constant memory leak might lead to FPC memory exhaustion

On MX/EX9200 platforms, constant memory leak might occur on a Flexible PIC Concentrator (FPC). This might finally lead to memory exhaustion and the FPC might crash and generate a core file.

1382857

dcd restarted unexpectedly after committing a configuration with static demux interface stacking over ps interface

The static demux interface stacking over ps interface is not supported and can cause the dcd process to restart. The commit process should not allow such configuration.

1383233

MAC learning might get stuck on MX with DPC and MPC

On MX series platform with DPC and MPC installed, due to incorrect MLP message (which is used to notify MAC address among different FPCs) sent from MPC to DPC, MAC learning procedure might get stuck in certain scenario, resulting in MAC remaining unresolved on PFE and MAC missing from the MAC table.

1383964

Twice NAT not supported on FTP ALG causes MS-PIC crash

FTP ALG (Application Layer Gateway) is not supported with Twice NAT (Network Address Translation). When an unsupported translation type is configured on an M or MX series platform working as FTP ALG, the Multiservices PIC crashes. With the fix of this PR, a syslog message will be displayed instead of triggering a crash.

1384750

Vmcore may be seen on the 18.1R3 release.

Due to an API introduced in 18.1R3, a kernel core dump may occur when a configuration change is done. This results from invalid pointer access by the API.

1389206

All DPCs might crash while adding or deleting a logical interface from the AE bundle

On MX240/MX480/MX960 platforms with a scaling number of prefixes (for about 700k prefixes) learned over a logical interface of the Aggregated Ethernet (AE) bundle, if a new logical interface is added or deleted from the AE bundle, the DPCs might get busy with CPU spiking to 100% and ultimately get crash.

1389337

In rare cases rpd might crash after RE switchover when BGP multipath and L3VPN vrf-table-label are configured

When BGP multipath and L3VPN vrf-table-label are configured, after RE switchover, in rare cases, rpd might crash due to a vrf-table-label reallocation issue. During the crash, the routing table and neighborship will become unstable and traffic will be dropped, it will be restored automatically.

1389461

The interface-control process thrashes and dcd does not restart after adding an invalid demux interface to the configuration

On M120 and MX platform, if an invalid non demux0 interface, such as demux1, is committed to the configuration, the interface-control process will thrash and the dcd process will not restart.

1389944

Individual command authorization may cause mgd crash

For a user with allow-commands and deny-commands configured, mgd crash is happening sometimes when the user enters into CLI mode and executes any show commands.

1391323

The dcd memory leak might be seen when committing configuration change on static route tag

After committing configuration change on static route tag (see below example), the memory consumed by device control daemon (dcd) might increase. The leak rate is slow (200KB for every commit with one tag change). [edit routing-instances TEST routing-options static route xx.xx.xx.xx/25] - tag 10; + tag 11;

1392704

The ppmd on RE may run with high CPU utilization after RE switchover

In the rare case, ppmd on RE might stay high cpu usage after RE master switch event. There will be no impact on this problem.

1394922

Junos OS: Firewall filter terms named "internal-1" and "internal-2" being ignored (CVE-2019-0036)

Junos OS: Firewall filter terms named "internal-1" and "internal-2" being ignored (CVE-2019-0036); Refer to https://kb.juniper.net/JSA10925 for more information.

1395231

BGP reset may be observed in an EPVN-MPLS scenario

In an EVPN-MPLS scenario where the device is running on certain release (16.1 or 16.2), the BGP session may be reset due to receiving unexpected EVPN type 2 updates that have an IPv6 prefix and a MAC address along with two labels.

1395620

The dcd crash might be seen after deleting the sub interface from VPLS routing-instance and mesh-group

If an IFL is configured under a VPLS routing-instance and also configured in a mesh-group, if it is deleted from the routing-instance and from mesh-group and these changes are done at same time (single commit), then DCD might crash. First, interface from routing-instance is deleted successfully however deleting from mesh-group is leading to the crash.

1396335

When using ifconfig utility to bring down PS interface IFL , its Admin status is not going down as expected.

When ifconfig utility is used to bring down any PS interface IFL ,its Admin status is not going down. This is unexpected behavior for PS IFLs. At the same time, PS IFDs behave correctly when ifconfig utility is used to bring them down.

1398502

All FPC cards might restart after L3VPN routes churn

In L3VPN network with large-scale prefixes, if the peer PE is other vendor's router (e.g. Cisco) configured with "per-prefix label", all FPC cards might restart after L3VPN routes churn multiple times.

1398685

The rpd soft core and inappropriate route selection might be seen when L2VPN is used

The rpd provides a mechanism to validate that route selection has successfully been done. When errors in route selection are detected, a soft core is dropped: the rpd remains running, a single core file is dropped, it is rate limited to not do this frequently. When running L2VPN, BGP MED selection may be inappropriately run on the routes. As a result, a soft core is created, and features that rely on skipping such routes such as BGP add-paths, may advertise an alternate path that is inappropriate.

1398876

The rpd might crash when LDP route with indirect next-hop is deleted

If Label Distribution Protocol (LDP) route with indirect next-hop exists (e.g. LDP egress-policy is used to advertise BGP route into LDP), the rpd might crash when the LDP route is deleted.

1399102

RVT interface might get flapping

RVT (redundant-virtual-tunnel) interface might get flapping due to a config change made on chassis FPC which is not part of RVT. It might cause traffic loss.

1399141

Junos OS: BGP packets can trigger rpd crash when BGP tracing is enabled. (CVE-2019-0019)

Junos OS: BGP packets can trigger rpd crash when BGP tracing is enabled. (CVE-2019-0019); Refer to https://kb.juniper.net/JSA10931 for more information.

1399184

All dcd operations might be blocked if profile-db is corrupt

In 'dynamic-profiles' scenario, if the profile-db is corrupt, all dcd operations are blocked. (e.g., not be able to add any interfaces). The device control process (dcd) is used to control the device's interfaces.

1399726

EVPN Type 2 MAC+IP route is stuck when the route Advertisement has 2 MPLS labels and Withdrawal has 1 label

In EVPN (Ethernet VPN) scenario, if the router receives a Type 2 MAC+IP route Advertisement having 2 MPLS labels, and then Withdrawal of the same route with only 1 label, the Withdrawal will not be processed and that route will be stuck.

1399733

QFX5100 - VXLAN - Traffic is queued in the wrong queue when interface configuration is changed from a layer 2 with VXLAN configured on the VLAN to a family inet configuration

On QFX5100, traffic initiated from a server connected to an interface will be dropped at the interface on the switch if the interface was configured with family ethernet-switching with VXLAN and the configuration is changed to family inet.

1402122

Certain otn-options cause interface flapping during commit.

With following configuration present, the interface flaps after a commit where an AE interface is being added. set interfaces otn-options trigger oc-tsf hold-time up <> down <> set interfaces otn-options trigger odu-bei hold-time up <> down <>

1402450

The ICMPv6 packet with embedded IPv6 fragment might not be translated correctly to IPv4 ICMP packet in a NAT64 with MS-DPC deployment

On MX-Series platforms with MS-DPC deployed for NAT64, the translation for IPv6 packet to IPv4 packet might not be translated correctly when a node in IPv6 network sends an ICMPv6 Packet Too Big (PTB) message with an embedded ipv6 fragment towards a node in IPv4 network. This results in Path MTU discovery failure.

1403480

Smg-service could become unresponsive when doing some GRE related CLI operations

On BNG (Broadband Network Gateway) or subscriber scenario, when doing GRE related CLI operations and config commit, smg-service could become unresponsive and the bbe-smgd core might happen. The effect detail depends on if there is a crash and what is happening during a crash. Generally it would not cause a crash, but if the resulting concurrent access occurs, it might lead to a crash, thus the bbe-smgd would restart and restore state. In the meantime the service might be affected but it would be temporary.

1405359

The L2circuit information is not advertised over the LDP session if "ldp dual-transport inet-lsr-id" is different from the router-id

The L2circuit label mapping is not advertised to the LDP (Label Distribution Protocol) neighbor if "ldp dual-transport inet-lsr-id" is different from the router-id.

1406030

Fabric performance drop on MPC7/8/9E and SFB2 based MX2000 platform

On MPC7/8/9E and SFB2 based MX2000 Series platforms, code change done by PR 1336446 fixing MPC7/8/9E fabric re-ordering issue with SFB causes fabric performance drop. The throughput might not reach the expected value in high volume traffic scenario.

1407345

L2VPN might flap repeatedly after the link up between PE and CE

The Layer 2 VPN (L2VPN) on 1x100GE CFP MIC/10X10GE SFPP MIC/2X40GE QSFP MIC with asynchronous-notification and ccc configured might keep flapping when the link is going up between PE and CE.

1409523

Traffic is getting dropped when there is a combination of DPC/MX-FPC card and MPC card on egress PE router in L3VPN

In L3VPN scenario with a combination of DPC/MX-FPC card and MPC card installed on egress PE router, if the ingress card is MPC and the egress card is DPC/FPC, the TTL (Time to live) value of the bottom (service) MPLS label for L3VPN packets is set to 0 when the knob "no-propagate-ttl" and "chained-composite-next-hop" are enabled, due to this, traffic is getting dropped on egress LSR (Label Switching Router) or PHP (Penultimate Hop Popping) router.

1410162

MAC address cannot be learned in VPLS after MAC moves

On MX-Series platforms with VPLS scenario, when "interface-mac-limit packet-action-drop" knob is configured, in the case of MAC moves, the new MAC could not be learned sometimes due to a race condition of unusual update of "MAC learn limit" under PFE (the HW "MAC learn limit exceeded" counter behaves strange and increases to a very huge and negative number). Then it would cause the packets dropped.

1411376

Kernel replication failure might be seen if an ipv6 route next-hop points to an ether-over-atm-llc ATM interface

If an ipv6 route next-hop points to an ATM interface with encapsulation ether-over-atm-llc, after performing or re-enabling the graceful routing engine switchover, the ksyncd core and vmcore might be seen and the kernel replication might fail, which results in non-synchronization status of routing protocols on both REs.

1413004

PPPoE subscribers may not be able to login after ISSU

In a subscriber-management environment, if subscribers are flapping during In-Service Software Upgrade (ISSU), some subscribers may get stuck and not be able to connect after ISSU is finished.

1413224

The rpd memory leak might be seen due to a wrong processing of a transient event

From Junos 16.1R1, in large-scale setup (e.g. ~400 BGP peers), during routes update/links flapping, the RTSOCK (trace routing socket event, a transient event) message produced by KRT might be handled incorrectly, it will cause rpd memory leak. If the memory is exhausted, the rpd process might crash.

1414816

The MPC might crash when one MIC is pulled out during this MIC is booting up

On MX platform, the MPC might crash when one MIC is pulled out during this MIC is booting up.

1417170

Some IPsec tunnels might fail to pass traffic after GRES on MX platform

On all MX platforms running with IP security (IPsec) scenario, if Graceful Routing Engine Switchover (GRES) is executed, and some IPsec Security Associations (SAs) are going to reach the hard life time expiry just before the GRES, the new master RE might not delete the expired IPsec SA pair entry from the kernel. Due to this issue, some IPsec tunnels might have traffic drop or ping failure after the IPsec SA re-key.

1417344

The deletion of (S,G) entry might be skipped after the PIM join timeout

On all Junos platforms enabled with Protocol Independent Multicast (PIM), the deletion of (S,G) entry might be skipped after the PIM join timeout in some rare conditions, if Multicast Virtual Private Network (MVPN) is configured in rpt-spt mode, there might be a creating problem for the affected (S,G) entry since the PIM (S,G) discard entry seems to be retained. Due to this issue, the traffic is not able to hit the MVPN installed (*,G) entry, hence it will be blocked.

1417707

Inline Periodic packet management (PPM) adjacency (rx) session might be programmed with the wrong packet template

When a maintenance association end point (MEP) is configured on a CCC-encapsulated interface, and the route to the remote MEP is resolved over an aggregated ethernet interface for the next-hop while the 'LAG Enhanced' feature is disabled, the inline packets may be programmed incorrectly. This mis-programming results in the inline connectivity fault management (CFM) session being incorrectly programmed, if some scripts running based on CFM status, it may affect data traffic.

1419438

Post ISSU, Filter configuration change getting error logs "Error compiling filters" logs and none of the new filter configs are getting applied

When firewall filter compiled objects are not synced between the master RE and backup RE. The filter objects are in /var/etc/filters directory. If anyone of these object is missing on the router will cause this issue.

1419816

The jdhcpd process might consistently run at 100% CPU and not provide service if the 'delay-offer' is configured for DHCP local server

If the 'delay-offer' is configured for DHCP local server, the jdhcpd process might consistently run at 100% CPU because the delay-offer implementation might cause the jdhcpd to get stuck in a recursive loop during the timer event processing. Due to the degraded jdhcpd process, the DHCP clients might not get connected and serviced, and the operations like clearing DHCP bindings or running DHCP CLI commands might fail.

1420082

Commit error will be seen but the commit is processed if adding more than o

On EX, MX and T platforms, if "automatic-site-id is configured in BGP signalled VPLS scenario, when adding more than one site under "protocols vpls" in the VPLS routing-instances, the wrong configuration commit will be processed.

1426711

The rpd might crash in PIM scenario with auto-rp enabled

In PIM scenario with auto-rp enabled, when both of a PIM session task and an auto-rp session task are being closed by rpd very near to each other, and the auto-rp task has got terminated before the PIM task is about to terminate, then the rpd process crashes.

1427147

The rpd might crash while handling the withdrawal of an imported VRF route

In L3VPN scenario with multipath enabled for BGP L3VPN family, if the knob "no-vrf-propagate-ttl" and "maximum-prefix" are configured for VRF, in some certain conditions, the rpd might crash when the maximum-prefix is hit and the withdrawal of VPN route occurs.

1427987

The rpd would core dump due to improper handling of Graceful Restart stale routes

In BGP Graceful Restart scenario, including helper mode which is enabled by default, rpd would core dump due to improper handling of BGP Graceful Restart stale routes during the BGP neighbor deleting. The rpd would crash and service/traffic impact would occur.

1428428

The subscriber IP route may got suck in bbe-smgd if the subscriber IP address is the same with local IP address

In Broadband Edge (BBE) subscriber scenario, if a wrong configuration is configured (overlap in loopback address and subscriber address), the subscriber IP route might stuck in bbe-smgd and bbe-smgd might not releasing it.

1429692

L2TP subscriber and MPLS Pseudowire Subscriber volume accounting stats value remains unchanged post ISSU

On MX platforms, if running enhanced subscriber-management with radius volume accounting enabled, the L2TP subscriber/MPLS Pseudowire Subscriber volume accounting stats value might remain unchanged post ISSU.

1431459

The bbe-smgd might crash if subscribers are trying to login/logout and a config commit activity happens at the same time

In Next Generation Subscriber Management (Tomcat) scenario, the bbe-smgd process might crash if a config commit activity happens when subscribers are trying to login/logout. The issue will lead to a crash/core dump by the bbe-smgd daemon, but the daemon will restart and recover state. There will be no traffic impact for existing flows, but for new flows/logins/logouts, a momentary disruption might be seen while the bbe-smgd daemon restarts.

1432100

dead nh in the pfe remains in BGP-LU scenario after primary interface returns

In BGP Labeled Unicast (BGP-LU) scenario, if the device works as penultimate hop and receives BGP-LU routes with indirect next-hop from an egress router, after the operational next-hop interface corresponding to those labeled routes flaps, a "dead" next-hop type (discard action is performed for this type) may be set for the related clone routes (s=0) and still there even the next-hop interface is operational again. The issue present again only in 16.1R7-S3 after PR1333570, and the fix is complete in 16.1R7-S5.

1432655

Change to in-use parameterized filter prefix-list could result in bbe-smgd core on backup RE

In subscribers scenario with scaling parameterized filter configured, the bbe-smgd might crash on backup RE, if a change to a prefix-list that is used by a parameterized filter occurs.

1433625

PIM join not sent upstream until MSDP SA is received

There could be a significant delay between the time when the (*,G) PIM JOIN is received from downstream interface and a corresponding PIM JOIN is sent to the Upstream router. In order to hit this problem there has to be (*,G) state and the source information has to be received over MSDP. In this case if the PIM JOIN from the downstream device expires the subsequent PIM JOIN from this downstream device will not trigger an Upstream PIM JOIN until the corresponding MSDP SA is received.

1435781

Corruption of the mirrored packet of the output direction traffic on an extended port in a Junos Fusion Setup

L3/L2 Port mirrored payload on the output direction on the extended port (Physical Port in the Satellite Device) in a Junos Fusion Environment get dropped due to incorrect calculation of start byte of the Payload header after stripping the 802.1BR tag header resulting in the port mirrored packet only for the output direction is dropped at the PFE as a regular Discard.

Modification History:
First publication date 2019-07-03
Related Links: