Knowledge Search


×
 

18.4R2-S1: Software Release Notification for Junos Software Service Release version 18.4R2-S1

  [TSB17628] Show Article Properties


Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, and VMX
Alert Description:
Junos Software Service Release version 18.4R2-S1 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 18.4R2-S1 is now available.

The following are incremental changes in 18.4R2-S1.

 
PR Number Synopsis Description
1372521

The backup member switch might fail to become the master switch after switchover on QFX5100/QFX5200/EX4600 Virtual Chassis platform

On QFX5100/QFX5200/EX4600 Series Virtual Chassis platform with graceful-switchover (GRES) configured, if the backup member has a file of /var/run/consoleredirect.pid, then reboot the master member of do Router Engine switchover, the backup cannot become the master member.

1407021

Change the default parameters for resource-monitor rtt-parameters

Default parameters for resource-monitor RTT-parameters have been changed from 3 X 5 = 15 seconds to 1 x 3 = 3 seconds.

1408172

CLI giving error as "usp_ipc_client_open: failed to connect to the server after 1 retries(61)" when SRX4600 has large entries on RIB/FIB

"show security flow session" command fails with error msg when SRX4600 has over million routing entries.

1409535

Unrelated AE interfaces might go down if committing configuration changes

On all Junos platforms, if VRRP is running upon AE interfaces while committing any configuration changes related to AE interfaces, unrelated AE interfaces might go down.

1411610

Parity error might cause FPC alarm

The parity errors related to static memory areas in the XQ chip can be corrected by writing back the scheduling node configuration again. This part was missing and as a result, we used to generate an alarm for every such occurrence.

1421018

EVPN enhancement for MAC flush mechanism in JUNOS

On JUNOS MX Platforms serving as EVPN gateways, some asynchronous entries causing undesired events, due to relink logic failure for MACs flushing mechanism, when there are multiple ifbd/bd delete or vrrp flaps/loops.

1422354

RSI bloat due to vmhost based log collection

Started from JUNOS 17.3, "request support information" on next-generation routing-engine is dumping vmhost side logs, which will cause RSI bloat. It might lead to the RE switchover on MX10008 as well.

1423860

ptp asymmetry change needs ptp bouncing

With JUNOS PTP asymmetry feature, in some scenarios, we need to bounce the interface in order to get the effect asymmetry timing in multicast mode. In software fix, we added the asymmetry update for stateful ports.

1427075

VC split after network topology changed

In Virtual Chassis (VC) scenario, when the interfaces flaps or VLAN configuration is changed frequently, the network topology will be changed accordingly, then CPU utilization will be dramatically increased to very high within a short time, which might cause the failure of essential communications between VC master and members. When the failure happens, FPC will automatically restart. As a result, VC is split and traffic is lost.

1427305

ENTITY MIB has incorrect containedIn values for some fixed MPCs with builtin PICs

On some fixed MPCs with builtin PICs, the ENTITY MIB has incorrect containedIn values for PICs when doing SNMP mib walk for oid .1.3.6.1.2.1.47

1429181

The PICs might go offline and split-brain might be seen when interrupt storm happens on internal ethernet interface em0/em1

On SRX5400, SRX5600, SRX5800 platforms with chassis cluster scenario, the PICs might go offline and split-brain (both the active and passive firewalls claim master at the same time) might be seen when interrupt storm happens on internal ethernet interface em0/em1. The issue might result in a complete service outage.

1429712

The LACP interface might flap if performing a failover

On SRX4600 platform with LACP configured, in a rare condition, if RG0 failover and the primary RE CPU utilization is up than 85%, the interface flap might happen. This issue might cause traffic interrupted.

1430187

REST API does not work on lower-end SRX platforms

REST API does not work on lower-end SRX platforms

1430878

With CNH for 6PE, MPLS EXP rewrite rule for non-VPN IPv4 over MPLS traffic might not work

On platforms that use Trio PFE (MX/EX9200/T4000), when Chained Composite Next-Hop for 6PE is configured, Class of Service MPLS EXP rewrite rule for non-VPN IPv4 over MPLS traffic ('protocol mpls-inet-both-non-vpn') may not work when a BGP 6PE route using the same MPLS LSP (same BGP next-hop) exists. This happens after the MPLS LSP next-hop is re-programmed, e.g. due to the network convergence.

1431380

PFE crashes might be seen on SRX1500 platform

PFE crashes might be seen on SRX1500 platform when the secondary node gets power-off on the chassis cluster. A core file will be generated and there will be temporary traffic interruption.

1431609

The false license alarm may be seen even if there is a valid license

On all SRX platforms with any licensed feature is enabled, a false license alarm might be generated. This issue is not a feature or license specific, it is random and can happen for any licensed feature. This issue only generates a false alarm, no functionality impact.

1432163

Dual-Stack Subscriber Accounting Statistics are not baselined when one stack logs out

Dual-Stack Subscriber Accounting Statistics are not baselined when one stack logs out

1432703

Outer VLAN tag may not be pushed in the egress VXLAN traffic towards the host for QinQ scenario

In EVPN-VXLAN with QinQ scenario, if the "encapsulate-inner-vlan" knob is configured on some VXLANs but not configured on some other VXLANs, and after an interface flap OR a configuration change, the switch may stop pushing the outer VLAN tag towards host for QinQ scenario.

1433221

Temperature field will be displayed as "Testing" in "show chassis fpc" and "show chassis fpc details" CLI command output

When a user executes CLI commands "show chassis fpc" or "show chassis fpc details" the system displays the temperature reading as "Testing".

1434941

Overflow Filters on PVLAN IRB will not work Post ISSU

If an ISSU is done to the image containing this fix, the L3 Overflow filters applied to PVLAN IRB interfaces will still not work unless these filters are deleted and re-added back. If a regular upgrade is done, the issue will be resolved.

1435306

Asynchronous between ARP table and Ethernet switching table happens if EVPN ESI link flap multiple times

There are 2 issues in this PR. Issue 1: On QFX5000 platform, if EVPN Ethernet Segment Identifier (ESI) link flaps multiple times, ARP entry points to incorrect IFL (RVTEP or AE IFL), so that asynchronous between ARP table and ethernet switching table happens. Issue 2: On all Junos platform, if EVPN ESI link flaps multiple times, ARP entry is not cleaned up and remain in only one of the PE programmed incorrectly( ESI is configured in EVPN multihoming scenario), so that asynchronous between ARP table and ethernet switching table happens.

1435504

The l2circuit traffic might be black-holed at EVPN SPINE/MPLS LSP TRANSIT device if VXLAN access interface flaps on remote PE node(QFX5110)

When there is an L2circuit connection between 2 QFX5110 established through an EVPN SPINE/MPLS LSP TRANSIT device. If the VXLAN access interface flap at one QFX5110, it will cause corruption for l2circuit at the other QFX5110. So the l2circuit traffic is blackholed at MPLS transit node.

1435955

The interface using LACP flaps when RE is busy

On SRX4100, SRX4200 and SRX4600 platforms, if LACP is configured on the reth interfaces and chassis cluster is used, the interface using LACP flaps when RE is busy. This issue causes traffic gets dropped for around one second.

1436207

IRB IFL is not up when local L2 member is down and IM NH present

In the EVPN scenario, IRB subunit is marked down when local L2 interfaces are down even though the IM route exists

1436223

i40e NVM upgrade support for EX9200 platform

Added support for i40e NVM upgrade in EX9208 in JUNOS Software releases

1436421

On SRX4600 J-Ukernel core might be observed and SPM might be in the present state

On SRX4600 devices, in rare cases, FPC0 and/or FPC1 may stay in Present state at boot and never come Online or may move to Present state during operation. When this occurs, J-Ukernel crashes and multiple chassis alarms may be observed. The reason is that the power chip doesn`t produce the right voltage. The fix is to set the right voltage (through upgrading the Jfirmware version). It would affect traffic.

1436436

DHCP discover packets sent to IP addresses in the same subnet as irb interface cause the QFX5110 to send bogus traffic out of dhcp-snooping enabled interfaces

When the DHCP discover packets are received with the destination mac address of the device's IRB interface, the packets are supposed to be dropped when DHCP snooping is enabled and DHCP relay and DHCP server are not configured.

1436465

The rpd might crash during the best path changes in BGP-L3VPN with multipath and no-vrf-propagate-ttl enabled

In BGP L3VPN scenario with multipath and no-vrf-propagate-ttl enabled, when multiple BGP L3VPN paths for one prefix are installed in the forwarding table and BGP peer is configured with a RIB group, the rpd might crash if the best path for this prefix is changed.

1437108

BGP route next-hop can be incorrect in some scenarios with PIC edge configuration

BGP route next-hop can be incorrect in some scenarios with PIC edge configuration

1438621

Subscriber flows might not be synchronized between AE members on MX-VC platforms

On MX-VC platforms with large scale subscriber setup (subscriber scale exceeds or approximates to the recommended limit), when back-to-back commit operations (within 2 minutes) are performed to delete and re-add an AE member interface, GENCFG errors might be observed while publishing subscriber flows. This results in subscriber flow not synchronize between AE members and subscriber traffic will be affected.

1439012

The FPC might crash when PFE memory is exhausted

FPC might crash when PFE memory usage for a partition such as NH/DFW is high. Under low PFE memory condition log "Safety Pool below 25% Contig Free Space" or "Safety Pool below 50% Contig Free Space" might be observed.

1439198

[PTX10002] No chassis alarm is raised when PEM is removed or power lost to PEM

When one of the PEM is not present or not powered, an active alarm should be flagged and a syslog indicating the same should be generated. But due to the defect that is not the case.

1439905

The bbe-smgd core dumps is seen after restarted

In subscriber scenario, if restart the bbe-smgd when routes are being deleted, the bbe-smgd might crash and all the subscribers can be affected.

1440194

The flowd process crashes on SRX550 or SRX3XX platforms when SFP module is plugged in

When SFP module is plugged in SRX550,SRX300,SRX320,SRX340 or SRX345 series devices, the flowd process crashes on SRX device.

1440381

CoS related errors are seen and subscribers could not get service

The new login of subscriber continues reference to the old version of the scheduler-map which is deleted. This can result in the failure of the new subscriber's login.

1440576

The ksyncd process may crash and restart on vSRX platform

On vSRX platform, the ksyncd process might crash for some timing sequence. SRX HA secondary node cannot sync kernel states successfully.

1440696

DHCP offer packets towards IRB over LT interface getting dropped in DHCP relay enviroment

In DHCP relay enviroment, the DHCP offer packets from server might get dropped towards IRB (Integrated Routing and Bridging) over LT (Logical Tunnel) interface.

1441047

The specific source-ports of UDP packet are dropped on EVPN/VXLAN setup

On QFX5120 EVPN/VXLAN scenario, in a rare condition, the specific source-ports of UDP packets (41070 or 52870) are wrongly hitting wrong internal VXLAN implicit filter (system level and unable to configure), causing these two kinds of UDP packet loss/service degradation on UDP service.

1442138

The chassisd is unable to power off a faulty FPC after RE switchover which leading to chassisd restart loop

In the MX router with a faulty (e.g. hardware error) FPC (Flexible PIC Concentrator) installed, performing RE (Routing Engine) switchover or restarting chassisd which may cause chassisd restart loop. This issue will cause traffic lose completely.

1442319

traffic dropped at MX/EVPN-L3GW when VRRP switchover is initiated at host side; irb_arp_ndp NH is programmed as discard during the problem state

In proxy ARP, MAC+IP is not allowed to be learned before Mac is learned as per design but there is a scenario where GARP packet received with different Ether Mac could result reverse and will move IP Route/NH into discard state.

1442973

TPI-61120: core-isolation feature does not work after set/delete no-core-isolation knob on MX

The core-isolation feature does not work after setting and then deleting the no-core-isolation knob on mx platform. The feature can be enabled back after restarting rpd.

1443222

RTSP resource session is not found during NAT64 static mapping

On all SRX platforms, when using NAT64 translation, RTSP uses a wrong string to re-write the message payload, which may result in the message being dropped in a remote device.

1443489

Non-Designated port is not moving to backup Port role

Once VSTP has converged, if there is a VSTP config change and then BPDU might not be flooded due to which port role might be incorrect state in the adjacent switches. There is no loop created in the network.

1443933

local host (EVPN routes and mac/ip) is missing from evpn database or mac-ip-table when vlan-id is removed from evpn and re-added

local host (EVPN routes and mac/ip) is missing from evpn database or mac-ip-table when vlan-id is removed from evpn and re-added

1444186

MX204: Larger than MTU packets of GRE data get dropped when sampling is enabled on the egress interface.

MX204: Larger than MTU packets of GRE data get dropped when sampling is enabled on the egress interface.

1445222

UTM WR profile mem leak

UTM WR may have a memory leak on utmd on RE

1445382

The CPCDD process continuously generates core and process stops, in ServicesMgr::ServicesManager::cpcddSmdInterface::processInputMsg.

The CPCDD process continuously generates core and process stops, in ServicesMgr::ServicesManager::cpcddSmdInterface::processInputMsg.

1445618

[EX4300-MP] Log generated continuously"rpd[6550]: task_connect: task AGENTD I/O.128.0.0.1+9500 addr 128.0.0.1+9500: Connection refused"

Agentd daemon is not running on EX4300-MP platform hence the logs are received. if Agentd is not supported then the knob "enable-sensors" must not be present in the default configuration the fix provides to prevent "enable-sensors" knob with EX4300-MP Platform configuration

1445751

The mspmand process might crash if URL filtering is configured and one blacklisted domain name is a sub-string of another blacklisted domain name in URL filter database file

The mspmand (Multiservices PIC manager daemon) process runs on service PIC (MS-MPC/MS-MIC) and is responsible for managing URL Filtering service if URL filtering feature is configured. The mspmand process might crash if URL filtering is configured and one blacklisted domain name is a sub-string of another blacklisted domain name in URL filter database file. This would be continuous crashes until all the sub-string entries are removed from the system.

1446043

In ACX, auto exported route between VRFs might not reply for icmp echo requests

In ACX, auto exported route between VRFs might not reply for icmp echo requests

1446418

MX-VC on MX10003: Not able to connect to newly installed routing-engine from other RE's in MX-VC

This issue is applicable to a situation when a new Routing Engine is installed in an MX10003 Virtual Chassis (due to faulty equipment or other reasons), and after upgrading the Junos OS on the new Routing Engine. The new Routing Engine is not accessible from the other working Routing Engines. Hence, the new RE does not participate in the Virtual Chassis.

1446489

Traffic Discarded for only specified VLAN in IPACL_VXLAN filters

When there is only one term containing user-vlan-id match condition and there are no other terms in the IPACL_VXLAN filter except discard, the discard action for non-matching traffic will work for only that VLAN which is specified under user-vlan-id and not for other VxLAN VLANs which are part of that trunk port on which filter is applied. This can be ignored by adding another term to the filter which doesn't contain a user-vlan-id match.

1447170

The transit packets might be dropped if an LSP is added or changed on MX/PTX device

On MX/PTX series platforms acting as a transit router, if the "set protocol mpls sensor-based-stats" and "ldp-tunneling" are used and when an LSP is added or changed, part of its data structure might not be freed which might cause the resources to be exhausted. Once the resource is exhausted, the kernel routing table (KRT) queue will be built-up and new routes cannot be programmed in the forwarding engine, in the end, the transit packets might be lost.

1448100

DHCPv6 authentication via Radius server might fail due to the missing of VSA option 26-207

On all Junos platforms which are enabled with Dynamic Host Configuration Protocol version 6 (DHCPv6), if the DHCPv6 authentication is configured via Remote Authentication Dial-In User Service (RADIUS) server, and Vendor-Specific Attributes (VSA) options 26-207 is expected on the RADIUS server, the authentication might fail due to this issue.

1448161

LACP cannot work with "encapsulation flexible-ethernet-services" configuration

On SRX550M devices, when encapsulation flexible-ethernet-services is configured together with LACP protocol on AE interfaces, the interface does not come up.

1448722

SPC3 Talus FPGA stuck on 0x3D/0x69 golden version

In SRX5000 series with SPC3, at the first bootup after a Junos upgrade, if the SPC3 FPGA upgrade gets interrupted for example by another reboot, the FPGA upgrade may persistently fail and fallback to an older FPGA image (0x3D/0x69), which may cause the SPC3 card to come online, but not process traffic. The system alarm 'Talus version mismatch' will be raised in this case.

1449468

Increase in the maximum value of delegation-cleanup-timeout

Increase in the maximum value of delegation-cleanup-timeout - You can now configure a maximum of 2147483647 seconds as the delegation cleanup time for a Path Computation Client (PCC). This extends the time taken by the PCC to retain the last provided path over a PCEP session from the last session downtime. With the increase in the maximum value of delegation-cleanup-timeout from 600 to 2147483647 seconds, you can benefit during a Path Computation Element (PCE) failover, or other network issues that may disrupt the PCEP session with the main active stateful PCE.

1449806

an arp entry isn't learned at one of mc-lag device at qfx10k

Arp entry doesn't sync between mc-lag devices when flexible-vlan-tagging is used.

1450057

"No localhost ifl for rtt 65535" can be seen on MX running junos enhanced subscriber management feature

"No localhost ifl for rtt 65535" can be seen on MX running junos enhanced subscriber management feature

1450204

Increasing Junos RE memory to 256M and eliminating the need for swap usage

Starting with 18.4R3, the Junos RE memory is being increased to 256M and the need for swap usage is being eliminated.

1451958

[MX] Error dropped packets seen on MQ/XM based MPC cards though there is no traffic flowing through the system

After fixing PR 1338647, Error dropped packets are seen on MQ/XM based MPC cards, though there is no traffic flowing through the system.

1452851

MX10003:MACSEC framing errors are seen whenever sequence number exceed 2 power 32 with XPN (Extended Packet Numbering).

MX10003:MACSEC framing errors are seen whenever sequence number exceed 2 power 32 with XPN (Extended Packet Numbering).

1452870

DHCP offer packet with unicast flag set gets dropped by 10k in a VXLAN multi-homed (ESI) setup using anycast IP

DHCP offer packet with unicast flag set gets dropped by 10k in a VXLAN multi-homed setup (ESI) using anycast IP

Related Links: