Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

18.4R1-S4: Software Release Notification for Junos Software Service Release version 18.4R1-S4



Article ID: TSB17629 TECHNICAL_BULLETINS Last Updated: 06 Sep 2019Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
Alert Description:
Junos Software Service Release version 18.4R1-S4 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts

Junos Software service Release version 18.4R1-S4 is now available.

The following are incremental changes in 18.4R1-S4.

PR Number Synopsis Description

[SIRT]Certain QFX and EX Series devices are vulnerable to 'Etherleak' memory disclosure in Ethernet padding data (CVE-2017-2304)

Certain QFX and EX Series devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak' and often detected as CVE-2003-0001. Refer to JSA10773 for more information.


FPC might crash when processing corrupted PDU

FPC might crash if the packet passed by PFEMAN to PPMAN has incorrect length.


The rpd process might crash after clearing ISIS database with link-protection configured

When ISIS database is cleaned, rpd crash might be observed if loop free alternative is configured. ISIS database can be cleaned even when isis is deactivated.


CoS is incorrectly applied on Packet Forwarding Engine, leading to egress traffic drop.

On ACX5K/EX4600/QFX5100 series platforms, in some cases, CoS configuration is not applied appropriately in the Packet Forwarding Engine, leading to unexpected egress traffic drop on some interfaces.


i40e NVM upgrade support for PTX platforms

Adding support for i40e NVM upgrade in PTX3000 platforms


The fxpc process might use high CPU on ACX5000 after upgrade

On ACX5000 platforms with Junos 16.2 onwards, if the ECC Errors occur, the FPC/fxpc process might use high CPU. This issue can be hit after the upgrade in some cases.


NFX3/ACX5448:LIBCOS_COS_TVP_FC_INFO_NOT_FOUND: Forwarding-class information not specified" prints while commit on config prompt

NFX3/ACX5448:LIBCOS_COS_TVP_FC_INFO_NOT_FOUND: Forwarding-class information not specified" prints while commit on config prompt


Subscriber flapping may cause SMID resident memory leak

In MX subscriber management scenario, if the subscribers keep flapping, the SMID (subscriber management infrastructure daemon) memory leak is observed. When the SMID resident memory is exhausted, SMID will crash and subscriber session can't be established.


The mgd-api crash due to memory leak

Memory leak in mgd-api then core dump.


The MTU might change to a Jumbo default size on PFE side after deleting and re-adding the interface

On EX and QFX platforms, if there is no manually MTU configuration, the MTU changes to be the Jumbo MTU after deleting and re-adding the interface.


Traffic drop is seen on EX4300 when 10G Fiber port is using 1 Gigabit Ethernet SFP optics with Auto-Negotiation enabled

Traffic drop is seen on EX4300 when 10G Fiber port is using 1 Gigabit Ethernet SFP optics with Auto-Negotiation enabled. Auto-Negotiation is enabled by default on these ports. This issue is applicable to EX4300 platforms using 10G Fiber ports supporting 1G optics in any of the applicable PIC ( PIC0 last 4 ports and PIC2 of EX4300-32F and PIC2 of EX4300-24/48 T/P ). Traffic will not egress out of these ports and the peer will not receive the traffic.


Voltage read failed for rail LTC3887-EA1-VDD0V9R2-CH0

On an MX10003 and an MX10008, its i2c bus may fail a read operation. There is a retry operation to address this particular error. This PR optimize the retry logic and its alerting mechanism


Some files are missing during log archiving

When there are any scripts running on the router cscript.log will be created. It is found that the permission are set wrongly hence when any non-root user tries to archive the /var/log along with cscript, some other files in /var/log go missing in the archived file. So when we untar the file, less files are found. This issue is not seen when root user does the archive. With the fix of the PR non-root user would be able to archive the files.


MX10003 cosmetic message: ALARMD_CONNECTION_FAILURE: after 60 attempts craftd connect returned error: Connection refused

MX10003 platform doesn't have craftd process but alarmd keeps on retrying to connect to it. As the connection keeps failing, alarmd logs error message for first 10 minutes. Later it keeps re-trying the connection attempt silently and endlessly every one second. Removing this connection attempt from alarmd process for unsupported platforms.


CLI giving error as "usp_ipc_client_open: failed to connect to the server after 1 retries(61)" when SRX4600 has large entries on RIB/FIB

"show security flow session" command fails with error msg when SRX4600 has over million routing entries.


Unrelated AE interfaces might go down if committing configuration changes

On all Junos platforms, if VRRP is running upon AE interfaces while committing any configuration changes related to AE interfaces, unrelated AE interfaces might go down.


SNMP OID IFOutDiscards not updated when drops increasing

When interface drop happens on interface, the SNMP OID IfOutDiscars might not be updated until a new "show interface extensive" cli command issued.


HA packets might be dropped on SRX5000 line of devices with IOC3 or IOC2 cards.

On SRX5K platform with IOC3 or IOC2 card installed, the HA packets (HA data plane RTOs and Z mode revenue) might be dropped by SPU and hence, HA fablink might get down.


High CPU usage on fxpc process might be seen on ACX5K platform

On ACX5K platform, the fxpc process high CPU usage might be seen under rare condition if parity errors are detected in devices. It has no direct service/traffic impact. However since CPU utilization is high during this issue, there are some side-effects. Eg, it could impact time-sensitive features like BFD.


MX: PTP phase aligned but TE/cTE not good

PTP/Hybrid is not supported with the hyper mode. Delete/deactivate hyper-mode config and reboot the router to use PTP #delete forwarding-options hyper-mode; OR Add the below config on the platforms where supported. set forwarding-options no-hyper-mode


The show security flow session session-identifier < sessID> is not working if the session ID is bigger than 10M on SRX4600 platform.

"show security flow session session-identifier < sessID>" not working if the sessID bigger than 10M on Summit platform.


The port configured for 1G speed flaps after RE switchover

After RE switchover (GRES+NSR), xe interfaces which configured 1G speed might flap.


The interface configured with 1G speed on JNP10K-LC2101 cannot come up

On MX10008/MX10016 platform with JNP10K-LC2101 line card used, when the channelized 10GE interface is used to connect to other devices, the interface might stay in downstate if configuring 1G speed on both sides of the link.


The native VLAN ID of packets might fail to be removed when leaving out

On EX9200 switches with EX9200-12QS line card, or MX 2000 series with MPC7/MPC8/MPC9 line card, packets will be sent with tagged native VLAN ID via access interface or trunk interface, because the native VLAN ID is not removed when being forwarded out, communications failure will be met.


The demux interfaces will be down after changing the MTU of the underlying et interface

If the et interface is the underlying interface for the demux interfaces, the demux interfaces will be down after changing the MTU (Maximum Transmission Unit) of the underlying et interface. The issue results in services down for these demux interfaces.


EX4300-48MP switch can not learn MAC address through some access ports that are directly connected to a host when auto-negotiation is used

On EX4300-48MP platform, the MAC address might not be learned on some access ports which are directly connected to a host with auto-negotiation is used.


With CNH for 6PE, MPLS EXP rewrite rule for non-VPN IPv4 over MPLS traffic might not work

On platforms that use Trio PFE (MX/EX9200/T4000), when Chained Composite Next-Hop for 6PE is configured, Class of Service MPLS EXP rewrite rule for non-VPN IPv4 over MPLS traffic ('protocol mpls-inet-both-non-vpn') may not work when a BGP 6PE route using the same MPLS LSP (same BGP next-hop) exists. This happens after the MPLS LSP next-hop is re-programmed, e.g. due to the network convergence.


The NCP session might be brought down after IPCP Configure-Reject is sent

On MX platforms running with Point-to-Point Protocol (PPP) subscribers, if the subscriber repeatedly send PPP Internet Protocol Control Protocol (IPCP) Conf-Request packet with a fixed IP address which couldn't be offered, MX will reply with IPCP Conf-NAK. Then after Network Control Protocol (NCP) max-failure is reached, MX will send Conf-Reject and directly bring down the NCP session due to this issue. The unnumbered Conf-Request with no IP address in IP option sent by subscriber later will be discarded due to NCP event down already takes place.


Outer VLAN tag may not be pushed in the egress VXLAN traffic towards the host for QinQ scenario

In EVPN-VXLAN with QinQ scenario, if the "encapsulate-inner-vlan" knob is configured on some VXLANs but not configured on some other VXLANs, and after an interface flap OR a configuration change, the switch may stop pushing the outer VLAN tag towards host for QinQ scenario.


Overflow filters on PVLAN IRB may not work after ISSU

On QFX5K platform, if an ISSU is done to the image containing this fix, in case of more than 15 L3 filters are configured, the filter applied to PVLAN (Primary VLAN) IRB interfaces might not work unless the filter is deleted and re-added.


The l2circuit traffic might be black-holed at EVPN SPINE/MPLS LSP TRANSIT device if VXLAN access interface flaps on remote PE node(QFX5110)

When there is a L2circuit connection between 2 QFX5110 established through an EVPN SPINE/MPLS LSP TRANSIT device. If the VXLAN access interface flap at one QFX5110, it will cause corruption for l2circuit at the other QFX5110. So the l2circuit traffic is blackholed at MPLS transit node.


Unknown SNMP trap ( sent on QFX5110 restart

Unknown SNMP trap ( sent on QFX5110 restart.


BGP route next-hop can be incorrect in some scenarios with PIC edge configuration

BGP route next-hop can be incorrect in some scenarios with PIC edge configuration


[PTX10002] No chassis alarm is raised when PEM is removed or power lost to PEM

When the one of the PEM is not present or not powered, an active alarm should be flagged and a syslog indicating the same should be generated. But due to the defect that is not the case.


RIO:ACX5448:DHCP Packets not Transparent over L2CIRCUIT

Transit DHCP packets are not punted to CPU and are transparently passthrough.


NMTE Container Does not start after upgrade from 15.1X53-D470 to 18.4X2

IPSec-NM does not start after an upgrade to 18.4, and requires a second reboot of the NFX device


The ksyncd process may crash and restart on SRX platforms

On SRX platforms, the ksyncd process might crash due to timing issue. SRX HA secondary node cannot synchronize kernel states successfully.


The specific source-ports of UDP packet are dropped on EVPN/VXLAN setup

On QFX5120 EVPN/VXLAN scenario, in a rare condition, the specific source-ports of UDP packets (41070 or 52870) are wrongly hitting wrong internal VXLAN implicit filter (system level and unable to configure), causing these two kinds of UDP packet loss/service degradation on UDP service.


QFX5110 - L2 & L3 IFL on IFD - flexible-ethernet-services - VXLAN passing over L2 ifd breaks, L3 P2P communication

QFX5110 - L2 & L3 IFL on IFD - flexible-ethernet-services - VXLAN passing over L2 ifd breaks, L3 P2P communication. When the hw token used by the underlay l3 interfaces and the VLAN id on a VxLAN are the same, there could be an ARP resolve issue. The change is to check when there is a mapping between the VLAN hw token and the l3 interface, then don't process it a a vxlan packet.


MX10000 reports jail socket errors

%SYSLOG-3-EVENTD_JAIL_SOCKET_FAILURE: Could not create jail socket: /jail/var/run/eventd_events message is seen in system logs during normal operation of a router


traffic dropped at MX/EVPN-L3GW when VRRP switchover is initiated at host side; irb_arp_ndp NH is programmed as discard during the problem state

In proxy ARP, MAC+IP is not allowed to be learned before Mac is learned as per design but there is a scenario where GARP packet received with different Ether Mac could result reverse and will move IP Route/NH into discard state.


Flow control does not work as expected on 100G interface of QFX5110

On 100G interface of QFX5110, flow control does not work as expected. As a result, QFX5110 may stop transferring traffic when receiving a pause frame on flow control disabled interface or flow control does not work though enabling it.


QFX10K - PMTUD & PMTUD over GRE not working for ipv4 & ipv6 when ingress L3 interface is irb

This issue is fixed in junos:18.4R1-S4, junos:18.4R3, junos:19.1R2, junos:19.2R2, junos:19.3R1


ACX5448: Pkt buffer error from PFE leading to memory leak when IGMP is sent from NNI AC in L2circuit & VPLS

In an ACX5448 platforms, when the PFE failed to allocate packet buffer, portion of packet memories may not be freed.


P2MP LSP might get stuck in the down state after link flaps

On all Junos platforms, if interface flaps on a transit router and lead to one branch of P2MP LSP to go down in ingress, meanwhile, at least one branch of the P2MP LSP should be up, after performing RE switchover on the ingress router, the failed P2MP LSP might get stuck in down state. As the collateral damage, if the interface on the ingress router flaps afterward, the additional P2MP LSPs might be stuck in the down state either.


MX204: Larger than MTU packets of GRE data get dropped when sampling is enabled on the egress interface.

MX204: Larger than MTU packets of GRE data get dropped when sampling is enabled on the egress interface.


UTM WR profile mem leak

UTM WR may have memory leak on utmd on RE


[EX4300-MP] Log generated continuously"rpd[6550]: task_connect: task AGENTD I/O. addr Connection refused"

Agentd daemon is not running on EX4300-MP platform hence the logs are received. if Agentd is not supported then the knob "enable-sensors" must not be present in the default configuration the fix provide to prevent "enable-sensors" knob with EX4300-MP Platform configuration


In ACX, auto exported route between VRFs might not reply for icmp echo requests

In ACX, auto exported route between VRFs might not reply for icmp echo requests


Some error messages might be seen when using J-Web

When J-Web is used, if log into J-Web and navigate to multiple pages frequently, some error messages would be seen. It has no impact to service or traffic. This affects only J-Web UI.


The QFX5120 might drop the tunnel encapsulated packets if it acts as a transit device

On QFX5120 platform acting as a transit node, it might drop all the tunnel encapsulated packets like MPLS over GRE, MPLS over Generic Network Virtualization Encapsula (GNVE) / MPLS over Generic Protocol Extension (GPE) packets.


The transit packets might be dropped if an LSP is added or changed on MX/PTX device

On MX/PTX series platforms acting as a transit router, if the "set protocol mpls sensor-based-stats" and "ldp-tunneling" are used and when an LSP is added or changed, part of its data structure might not be freed which might cause the resources to be exhausted. Once the resource is exhausted, the kernel routing table (KRT) queue will be built-up and new routes cannot be programmed in the forwarding engine, in the end, the transit packets might be lost.


L2ALD failed to update conposite NH

L2ALD faild to update Conposite NH due to race condition. This issue can be seen when PE switchover happens. 1 L2ALD receive underlay NH from RPD as part of LSI IFF ADD (VPLS core NH) and create Flood NH 2 RPD already delte underlay NH from NH from Kernel Forwarding table 3 L2ALD create Flood NH with this underlay NH because IFF delete is yet to be received at L2ALD 4 Then L2ALD failed to update the NH


Rebooting QFX5120-48Y using "request system reboot" doesn't take physical links offline immediately

After rebooting QFX5120-48Y using "request system reboot", the physical link doesn't become offline immediately, which might result in traffic loss.


SPC3 Talus FPGA stuck on 0x3D/0x69 golden version

In SRX5000 series with SPC3, at the first bootup after a Junos upgrade, if the SPC3 FPGA upgrade gets interrupted for example by another reboot, the FPGA upgrade may persistently fail and fallback to an older FPGA image (0x3D/0x69), which may cause the SPC3 card to come online, but not process traffic. The system alarm 'Talus version mismatch' will be raised in this case.


Loopback address exported into other VRF instance might not work on EX/QFX/ACX platforms

On EX/QFX/ACX platforms, the loopback address exported into other VRF instance might not work.


Increase in the maximum value of delegation-cleanup-timeout

Increase in the maximum value of delegation-cleanup-timeout - You can now configure a maximum of 2147483647 seconds as the delegation cleanup time for a Path Computation Client (PCC). This extends the time taken by the PCC to retain the last provided path over a PCEP session from the last session down time. With the increase in maximum value of delegation-cleanup-timeout from 600 to 2147483647 seconds, you can benefit during a Path Computation Element (PCE) failover, or other network issues that may disrupt the PCEP session with the main active stateful PCE.


One AE member link does not send out sFlow sample packets for ingress traffic

On QFX series platform, the sFlow sample packets would stop on one Aggregated Ethernet (AE) member link if ingress sFlow is configured on the member link. This would cause inaccurate monitoring on network traffic.


an arp entry isn't learned at one of mc-lag device at qfx10k

Arp entry doesn't sync between mc-lag devices when flexible-vlan-tagging is used.


On VSRX3.0 the increase of 'Swap Utilization' might be seen

On VSRX3.0, gradual increase in 'Swap Utilization' might be observed, and it might cause the VSRX instability and crash if it increases to some degree (such as, 85% or above). And based on which processes need this swap space, the impact would be different. For example, RE response will be slow or sometimes SRX PFE will be killed with error message 'no more swap space' seen. The fix is that starting with 18.4R3, the Junos RE memory is increased to 256M and the need for swap usage is eliminated or becomes less.


MPLS LDP may still use stale MAC of the neighbor even the LDP neighbor's MAC changes

On EX/QFX/ACX platforms, when there is MAC change for LDP neighbor and IP remains the same, ARP update is proper but MPLS LDP may still use the stale MAC of the neighbor. If there is any application/service such as MP-BGP using LDP as next-hop, all transit traffic pointing to the stale MAC will be dropped.


JDI-RCT: EVPN-VXLAN NON-COLLAPSED:ARP will get resolved on non-TVP OPUS for Vxlan having vlan-id of 2

When there is a vxlan with vlan -id of 2 on a non-TVP opus, ARP will not get resolved.

Modification History:
First publication 2019-09-06
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search