Knowledge Search


×
 

15.1R7-S5: Software Release Notification for Junos Software Service Release version 15.1R7-S5

  [TSB17602] Show Article Properties


Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, M, MX, T, TX, PTX, VMX, VRR, QFX
Alert Description:
Junos Software Service Release version 15.1R7-S5 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

unos Software service Release version 15.1R7-S5 is now available.

The following are incremental changes in 15.1R7-S5.

 
PR Number Synopsis Description
1126386

EX4500 logs tacacs failure messages without much details

On EX4500 switches running TACACS, you might notice the following log message: mgd[65984]: %DAEMON-5-UI_TACPLUS_ERROR: TACACS+ failure: .

1216198

ACX PFE reports acx_nh_mpls_tunnel_uninstall "Operation still running" and acx_nh_tag_hw_install : "Table full" messages

On ACX series routers, in a scaled environment with link protection/FRR, frequent LDP route flaps/NH flaps or route churn due to some activity may lead to the "Operation still running" messages.

1228526

The traffic might not be transmitted correctly after a logical interface is deleted from one VLAN and added to another VLAN

On all Junos platforms, if one logical interface is configured in one VLAN and then is deleted and added to another VLAN, traffic might not be transmitted correctly.

1232178

The RE-PFE out-of-sync errors might be seen in syslog

When a configuration that brings a PFE down and another configuration that brings the PFE back online, is committed in quick succession, there could be RE-PFE out of sync errors logged in syslog. Most of the time these are benign errors, but sometimes they may result in PFE crashes.

1252058

IPv6 neighbor state does not recover from unreachable to Stale state

IPv6 neighbor state does not recover from unreachable to Stale state, until a unicast IPv6 ping is initiated to the device. Once the unicast ping6 is initiated the state of the neighbor is changed to Stale.

1277600

MTU configuration for vt interface causes vt interfaces should be removed because the MTU on this interface is already set to unlimited.

MTU (Maximum Transmission Unit) configuration for tunnel interfaces (e.g. vt/lt/mt/pd/pe/ud interface) might cause interface flapping and packet loss on every commit. MTU configuration option for tunnel interfaces will be removed after fixing this PR because the MTU on these interfaces is already set to unlimited and there is no need for configuring MTU on these interfaces.

1313158

The mgd process might crash and sessions will be terminated when using netconf to perform configuration load override

Every load override and rollback operation increases the refcount by 1 and after it reaches the max value of it (65,535), the mgd process is terminated. When mgd terminated, the active lock may remain preventing any further commits.

1324800

jdhcpd core dump after making DHCP config changes

jdhcpd core dump after making DHCP config changes

1325037

The validation replication database sometimes shows much more entries than the validation database after restarting the RPKI cache server

In RPKI (Resource Public Key Infrastructure) scenario, the validation replication database might have much more entries than the validation database after restarting RPKI cache server and the validation session is reestablished.

1327099

GRE interface might not come up after deactivate/activating the routing-instances

GRE interface might not come up after deactivating/activating the routing-instances or related changes that might result in route table change.

1344039

MPLS LSP statistics are not shown in cli command "show mpls lsp ingress statistics"

when using LSP to forward traffic, the statistics are not displayed in the command "show mpls lsp ingress statistics" output, whereas the interface displays the traffic sent out properly. This behavior can be seen when you have the logical system on the same router used as Provider where the kernel will be in sync with the Self ID allocation between master and logical system to display the stats properly. This got fixed here The cli command "show mpls lsp ingress statistics" lose MPLS LSP statistics in the output.

1350733

lt- interface gets deleted with tunnel-services configuration still present.

When tunnel interface is used as anchor-port in pseudo-wire services, while deleting the set interface config causing the tunnel-services interface to get deleted. Deleting pseudo serives alone will not have an effect on tunnel-services interfaces.

1361483

Interface flapping is seen on EX4300 switch

On EX4300 Series switches, the interface could be connected to a peer device support active and standby interface (similar to redundant trunk group RTG). The backup interface on the remote peer might become active or flapping when the active link of the interface group goes down.

1367141

PFE may crash if encountering frequent MAC move

On EX4300 platform, PFE may crash, after frequent MAC move happens or continuously performing the sequence of MAC learning/deleting, which eventually causes memory exhaustion.

1381272

IRB interface does not turn down when master of VC is rebooted or halted

On Virtual Chassis (VC) based on EX4300/EX4600/EX9200/QFX3500/QFX3600/QFX5100, IRB interface which is associated with AE interfaces having member interfaces only from master chassis may not turn down when master chassis is rebooted or halted.

1391323

The dcd memory leak might be seen when committing configuration change on static route tag

After committing configuration change on static route tag (see below example), the memory consumed by device control daemon (dcd) might increase. The leak rate is slow (200KB for every commit with one tag change). [edit routing-instances TEST routing-options static route xx.xx.xx.xx/25] - tag 10; + tag 11;

1395620

The dcd crash might be seen after deleting the sub interface from VPLS routing-instance and mesh-group

If an IFL is configured under a VPLS routing-instance and also configured in a mesh-group, if it is deleted from the routing-instance and from mesh-group and these changes are done at same time (single commit), then DCD might crash. First, interface from routing-instance is deleted successfully however deleting from mesh-group is leading to the crash.

1395638

Switch encapsulate protocol PDUs even if it is not configured for L2PT tunneling

On EX4550/EX4500/EX4200/EX3300/EX2200 in VC scenario during VC split/restart the l2pt may be programmed incorrectly leading to wrong encapsulation of the protocols that should not be encapsulated.

1396335

When using ifconfig utility to bring down PS interface IFL , its Admin status is not going down as expected.

When ifconfig utility is used to bring down any PS interface IFL ,its Admin status is not going down. This is unexpected behavior for PS IFLs. At the same time, PS IFDs behave correctly when ifconfig utility is used to bring them down.

1399184

All dcd operations might be blocked if profile-db is corrupt

In 'dynamic-profiles' scenario, if the profile-db is corrupt, all dcd operations are blocked. (e.g., not be able to add any interfaces). The device control process (dcd) is used to control the device's interfaces.

1402122

Certain otn-options cause interface flapping during commit.

With following configuration present, the interface flaps after a commit where an AE interface is being added. set interfaces otn-options trigger oc-tsf hold-time up <> down <> set interfaces otn-options trigger odu-bei hold-time up <> down <>

1402563

FPC might crash after offline/online MIC-3D-16CHE1-T1-CE-H.

On MX and ACX platforms, after offline and then online MIC-3D-16CHE1-T1-CE-H card, the related FPC might crash.

1405189

Executing command "request system configuration rescue save" may fail with error messages

The command "request configuration rescue save" is not functioning well and it prints an error log for the nonexisting FPCs. So it cannot restore the configuration in time in the event of a software failure.

1406296

The ERPS ring may fail and traffic may lose on EX

On the EX-series switch with ERPS configured scenario, if one of the ERPS (Ethernet Ring Protection Switching) interfaces is deleted by unplugging transceiver, eswd (ethernet switching process) crash and ERPS PDUs won't be sent anymore. This issue may cause the ERPS ring failure and traffic loss.

1411376

Kernel replication failure might be seen if an ipv6 route next-hop points to an ether-over-atm-llc ATM interface

If an ipv6 route next-hop points to an ATM interface with encapsulation ether-over-atm-llc, after performing or re-enabling the graceful routing engine switchover, the ksyncd core and vmcore might be seen and the kernel replication might fail, which results in non-synchronization status of routing protocols on both REs.

1412534

Family inet of the unnumbered interface might be getting deleted when deleting one of the IPs of the binding interface

When an unnumbered interface is binding to an interface which has more than one IP address and one of the IPs is deleted, the family inet of the unnumbered interface might be getting deleted. The issue results in traffic loss for all the services that rely on the family inet of the unnumbered interface. Configure preferred-source-address on the unnumbered interface will prevent deletion of the IP hence avoiding the deletion of the family inet of the unnumbered interface.

1413686

The unexpected AS prepending action for AS path might be seen after the no-attrset knob is configured or deleted with vrf-import/vrf-export configuration

If the independent AS domain (It is enabled with independent-domain knob, and attribute set messages are enabled by default) is configured for the virtual routing and forwarding (VRF) instance, the global autonomous system (AS) number in the master routing instance should be prepended to the AS path when the route prefix is imported into the VRF instance. And with no-attrset configured (which disable the attribute set messages), the global AS number in the master routing instance should not be prepended to the AS path. But the current implementation violate the above behavior when vrf-import/vrf-export policy is used in the VRF routing-instance and the no-attrset knob is configured or deleted.

1414170

MAC learning might not happening correctly when using tagged-access port with wireless AP controller.

EX swith (authenticator) ------ AP controller (untagged) ------- Wireless client (tagged) If tagged-access port is used for DOT1X authentication against wireless AP controller, which has wireless clients connected (that do not require DOT1X authentication), there are chances upon DOT1X reauthentication clients' MAC might being used for DOT1X authentication, which will fail the authentication process and block the port as a result. During authentication in single supplicant mode, if an MAC is pending authentication, and if there is a different MAC coming in for authentication, the dot1x was updating the queried vlan of the authentication node. In this case the AP that sending untagged vlan was pending authentication. Before the authentication could complete the client device MAC request for authentication was received, and the queried vlan of the authentication session was updated. After the accept response from RADIUS, DOT1XD response to ESWD, was the wrong vlan, due to which Aruba AP MAC was learnt on a tagged vlan. Using configuration knob no-tagged-mac-authentication might not help if fall-back authentication method is configured (e.g. authentication order [dot1x, mac-radius]). When DOT1X is not successful, the authentication mechanism changes to mac radius, which uses the mac address to authenticate. During initial authentication, the no-tagged-mac-authentication configuration prevents the authentication of a tagged mac address. But when the authentication is not going through and the auth mechanism changes to mac-radius, there is no check to avoid tagged mac authentication if no-tagged-mac-authentication is configured. Due to this, authentication was going through for tagged mac as well.

1415284

The IRB interface might flap after committing configuration change on any interface

When configuring an IRB interface with iff (interface address family) MTU higher than ifd (physical interface) MTU and that particular IRB interface is part of a bridge-domain or VLANs, if the above two configurations are committed at the same time, the IRB interface might flap on the subsequent committing which invokes interface configuration daemon (e.g. any interface configuration, bridge-domain or routing-instance configuration, etc.).

1421307

The priority tagged packets might not be stripped causing connectivity issues

When the dot1x client connects to the EX using the dot1x authentication, the priority tagged packets (like ARP, ICMP, etc. )might not be stripped causing connectivity issues. It might impact the dot1x client connectivity not to work after authentication.

1421539

failed to reload keyadmin database for /var/etc/keyadmin.conf

During commit of the configuration change the following warning message can appear: warning: Command exited: PID 7527, status 255, command keyadmin error: failed to reload keyadmin database for /var/etc/keyadmin.conf

1422920

Traffic loss when one of logical interfaces on LAG is deactivated or deleted

If SP style config is used in EX4300, deactivated or deleted one of logical interfaces on LAG would cause traffic failure passing through the same LAG interface. Using EP style config will be a workaround.

1423843

Diagnostics tdr might stop working on EX3300 platform

On EX3300 platform, after upgrading to a specified software version, diagnostics tdr might stop working, so the intended function (showing various of status of the monitored interface) can't be performed.

1424030

Auditd crashed when Accounting RADIUS server not reachable..

When Junos device tries to send accounting messages to the accounting server and when the accounting radius server is not responding to accounting request messages from the Junos device, Junos will try to resend the accounting request messages after a timeout. If the number of accounting messages is huge, these messages will be stored in a queue and Junos will read the messages one by one from the queue and send the messages out. While trying to allocate memory and store the messages in a queue, memory allocation is failing resulting in a crash. This issue will not occur if the accounting radius server is responding. As part of the fix, if memory allocation fails, half of the messages in the queue are deleted so that memory for those messages will get freed.

1425414

The knob "flexible-queuing-mode" is not working on FPCs of VC member 1

In MX-VC scenario, the knob "flexible-queuing-mode" can not function properly, this could cause CoS function impact.

1433237

L2 traffic might be impacted if the vlan name given in 'show vlan' contains more than 169 characters

On legacy platforms (EX3200, EX3300, EX4200, EX4500, EX4550, EX6200, EX8208, EX8216, EX-XRE, QFX3008-I, QFX3600-I, QFX3500 and QFX3600), if the vlan name given in 'show vlan' contains more than 169 characters, the eswd might crash and L2 traffic and vmember based traffic might get impacted. Spanning tree service might get impacted as well.

Related Links: