Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

18.4R1-S6: Software Release Notification for JUNOS Software Version 18.4R1-S6

0

0

Article ID: TSB17736 TECHNICAL_BULLETINS Last Updated: 02 Mar 2020Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 18.4R1-S6 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 18.4R1-S6 is now available.

18.4R1-S6 - List of Open issues

PR Number Synopsis Category: ACX Services feature
1479710 dcpfe core when disabling/enabling macsec via Toby scripts
 
dcpfe core when disabling/enabling macsec via Toby scripts
PR Number Synopsis Category: DNX L2 related features
1453766 ACX5448 FPC crashed due to segmentation fault
 
ACX5448 FPC crashed due to segmentation fault, due to timing issue. There is very low chance of this core occurring.
1407506 FPC crash and slow convergence upon HMC Fatal error condition when inline-jflow is used
 
On MX Series platforms using MPC7E, MPC8E, MPC9E, MX10k-LC2101, or MX10003, when the inline J-Flow application is used, a fatal error on Hybrid Memory Cube (HMC) performs a "disable-pfe" action. Because J-Flow records are hosted on the HMC memory partition, reading and writing to the HMC memory might trigger FPC crash and high FPC CPU utilization, causing slow convergence (adding/deleting routes or next hops) for other Packet Forwarding Engines on the same FPC carrier.
PR Number Synopsis Category: Layer 2 Control Module
1478157 "show evpn statistics instance" command gets stuck on multihomed scenario.
 
"show evpn statistics instance" command gets stuck on multihomed scenario. The command shall give proper output but will not terminate and only time out. Ctrl+C can be used to exit the command immediately.
PR Number Synopsis Category: Multiprotocol Label Switching
1282369 The rpd on backup RE might crash when the rpd on master RE restarts
 
With nonstop active routing (NSR), when the routing protocol process (rpd) restarts on the master Routing Engine, the rpd on the backup Routing Engine might restart.
PR Number Synopsis Category: Multi Protocol Label Switch OAM
1399484 The rpd process might crash when executing "traceroute mpls bgp"
 
When traceroute is performed to a remote host for an MPLS LSP using the command "traceroute mpls bgp", in very rare cases, it is possible that mplsoam daemon is holding the stale BGP instance handle in the query to the rpd process to get the information for the Forwarding Equivalence Class (FEC). Hence rpd crash might occur because of the invalid instance and cause traffic impact till rpd comes back up.
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1242589 In a BGP/MPLS scenario, if the next-hop type of label route is indirect, disabling and enabling the "family mpls" of the next-hop interface might cause the route to go into a dead state
 
In a BGP or MPLS scenario, if the next-hop type of label route is indirect, then the following changing events about the next-hop interface MPLS family might cause the route to be in DEAD state, and the route will remain dead even when the family MPLS is again activated. The following events occur: Deactivating and activating the interface family mpls Deleting and adding back the interface family mpls Changing maximum labels for the interface Note: When a labelled route is resolved over an interface, that interface must have family mpls configured for the route to be successfully resolved. Otherwise the route does not get resolved.
1424819 The rpd keeps crashing after changing configuration
 
In the ECMP (Equal-Cost Multipath) environment with existing more than 8 multipath for a given route, changing configuration (e.g. delete routing protocol IGP or LSP) is trying to delete a software structure which was already corrupted sometime earlier due to memory corruption, and this may cause the rpd to keep crashing. This issue applies to all types of nexthops with multipath.
PR Number Synopsis Category: RPD policy options
1357802 Configuration commit operation after policy change causes rpd crash
 
The rpd might crash during policy configuration changes.
PR Number Synopsis Category: Trio pfe microcode software
1463718 On MX204 platform, Packet Forwarding Engine (PFE) errors may occur when incoming GRE tunnel fragments 1) get sampled and 2) undergo inline reassembly
 
On MX204 platform, Packet Forwarding Engine (PFE) error messages might be seen when sampling, GRE tunnel termination and inline reassembly are all configured. The errors could cause packet buffer memory leak. Eventually, once packet buffer memory is exhausted, traffic will starting getting lost.

18.4R1-S6 - List of Fixed issues

PR Number Synopsis Category: EX2300/3400 platform
1477165 EX3400 me0 interface might remain down
 
The me0 interface of EX3400 does not come up when connected to 100m speed interface.
PR Number Synopsis Category: Accounting Profile
1452363 The pfed might crash and not be able to come up on the PTX or TVP platforms
 
The flow label statistics are retrieved periodically by pfed for PTX or TVP platforms, if the statistics reply becomes very big number, the pfed might crash hence affecting traffic.
PR Number Synopsis Category: "agentd" software daemon
1409639 The CPU might be hogged by jsd process in JET scenario
 
The JET (Juniper Extension Toolkit) service process (jsd) is used to support application interaction with Junos OS, by default, jsd listens for API execution requests on TCP prot 32767. When gRPC is enabled in JET scenario, under certain conditions, the cpu might be hogged by jsd process during the connection establishment of a client.
PR Number Synopsis Category: Border Gateway Protocol
1382892 The rpd might crash under a rare condition if GR helper mode is triggered
 
When graceful restart is configured on the BGP peer device, if the peer device initiate new TCP connection when there is an existing TCP connection for the BGP session, send OPEN message and this new TCP connection also get torn down immediately after establishment/sending of OPEN message. The rpd might crash.
1402255 On the multi-access/broadcast network, third party BGP router might unexpectedly select RR router as next-hop to forward the IPv6 traffic.
 
RFC 2545 has a limitation on third party next-hops where the next hop is propagated unchanged. Due to this limitation, BGP inet6 Route-Reflector router attaches the BGP neighbor's IPv6 global address and its own IPv6 link-local address as the next-hops while advertising the route to another BGP neighbor. This could introduce the forwarding issue on the BGP neighbor from other vendors if their device picks up the link-local address as next-hop. This would put the BGP RR router in the traffic forwarding path unexpectedly. This issue will not be seen on Juniper devices because IPv6 link-local address would not be selected as prefix's next hop.
1412538 BGP might stuck in Idle state when the peer triggers a GR restart event
 
When NSR (nonstop-routing) is enabled in local device and BGP GR (Graceful-Restart) is enabled in peer device, if the peer triggers a GR restart (it is usually caused by some failure in peer or the peer restarts rpd, etc), some BGP sessions might stuck in Idle state. The reason is that when the GR restart happens, the device is still doing the initial sync to the backup RE of the previous sessions, so some BGP sessions might stuck in Idle state because the router does not complete the process (the initial sync of the data set to the backup).
1446861 The rpd CPU utilization gets 100% due to incorrect path-selection
 
On Junos platforms with BGP-PIC (protect core) and "add-path" enabled scenario, the rpd CPU utilization gets 100% due to incorrect path-selection. This issue may impact route update convergence or even cause routing protocols to flap.
1454951 The rpd process might crash when multipath is in use
 
If multipath is enabled, in some certain conditions, The rpd process might crash while secondary route resolution is running.
1487691 High CPU utilization might be observed when the outgoing BGP updates are sending slowly
 
On all Junos platforms with BGP scenario, the rpd process might go into high CPU utilization if there are a few BGP peers that are sending the updates slowly. The high CPU utilization of the BGP IO thread (bgpio, it is part of the rpd daemon) happens when the outgoing BGP update queue is full. This defect could cause a slow BGP network convergence problem. (See also https://kb.juniper.net/TSB17725)
PR Number Synopsis Category: MX Platform SW - FRU Management
1383335 chassis-control process (chassisd) runs between 10-20% CPU utilization
 
The chassis-control process's CPU utilization is running between 10% to 20% after a software upgrade to 18.4R1 or latrer
1442138 The chassisd is unable to power off a faulty FPC after RE switchover which leading to chassisd restart loop
 
In the MX router with a faulty (e.g. hardware error) FPC (Flexible PIC Concentrator) installed, performing RE (Routing Engine) switchover or restarting chassisd which may cause chassisd restart loop. This issue will cause traffic lose completely.
PR Number Synopsis Category: Control Plane for Node Virtualization
1451215 Main chassisd thread at a JNS GNF could experience stalls upon GNF SNMP polling for hardware-related OIDs
 
- Chassisd main thread stalls could be seen at a JNS GNF upon GNF SNMP polling for HW-related OIDs (e.g. ones from jnxBoaAnatomy MIB). - If a GNF chassisd main thread stalls are ongoing and the GNF is restarted, then a service MGD process at the BSYS could start spinning at 100% CPU. This MGD process won't terminate by itself and will be consuming 100% CPU even when the GNF is back online.
PR Number Synopsis Category: ISIS routing protocol
1430581 The next-hop of IPv6 route remains empty when a new ISIS link comes up
 
In a scenario with IS-IS running single spf (shortest-path-first) for IPv4 and IPv6, that is, multi-topology is not enabled, when a new IS-IS link comes up, IFA (interface address) for IPv4 comes up quickly and the route is installed, but IFA for IPv6 is not up quickly because DAD (Duplicate Address Detection) is enabled by default. Therefore, after spf calculation, the next-hop list for IPv6 remains empty for about 11 seconds, and IS-IS ends up deleting the route.
1455432 The rpd might crash continuously due to memory corruption in ISIS setup
 
With ISIS configured and in a very rare case, memory corruption may occur, this may cause rpd crash continuously.
PR Number Synopsis Category: Category for JET(JUNOS Extension Toolkit) related issues
1401854 JET authentication does not work for usernames and passwords of certain lengths.
 
The authentication module for JET RPCs and Telemetry fails in authenticating usernames or passwords of certain lengths. Hence the users will be unable to execute JET APIs or Junos Streaming Telemetry.
PR Number Synopsis Category: Security platform jweb support
1431298 Junos OS: Path traversal vulnerability in J-Web
 
A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission. Refer to https://kb.juniper.net/JSA10985 for more information.
PR Number Synopsis Category: PFE infra to support jvision
1456275 Queue data might be missing from path '/interfaces/interface/state'
 
On subscribing to '/interfaces/interface/state/' it might get subscribed to '/junos/system/linecard/interface/traffic/' internally, instead of '/junos/system/linecard/interface/queue/' which might impact traffic.
PR Number Synopsis Category: Layer 2 Circuit issues
1425828 The rpd process might crash and core dump during mpls ping command on l2circuit
 
When end-interface or backup-interface/protect-interface in end-interface is used as an interface for the "ping mpls l2circuit interface" command, the rpd process might crash and generate core files.
PR Number Synopsis Category: Label Distribution Protocol
1416032 LDP routes might flap in rare conditions
 
On all Junos platforms, if there is any protocol running dependent on LDP (e.g., l2circuit/L2VPN), after committing any configuration changes, even only such as changing the description on an interface, unnecessary LDP updates might be seen. Only services dependent on LDP might be impacted during the period. It is a rare timing issue.
1428843 The LDP might withdraw a label for an FEC once the IGP route is inactive in inet.0
 
If LDP is used without using egress-policy, when the route from other routing protocol is preferred over the IGP route in inet.0, e.g. BGP-LU route exported in inet.0, LDP might withdraw the FEC label hence causing LDP traffic to get lost.
1451157 The LDP route timer is reset when committing unrelated configuration changes
 
The LDP route timer is reset due to committing unrelated configuration changes. As usual, the "route timer reset" implies route churn, but LDP itself is not affected as there is no real nexthop change in the case of configuration commit with unrelated changes. However, protocols using the LDP route as protocol nexthop may be impacted.
1460292 High CPU usage and rpd coredump might be observed if "ldp track-igp-metric" is configured and IGP metric is changed
 
If "protocols ldp track-igp-metric" is configured, metric change of IGP route might cause high CPU usage and rpd coredump on the device.
PR Number Synopsis Category: PTX1000 platform
1401507 The TCP connection for external or internal might be dropped due to a kernel issue
 
Due to a kernel issue, any TCP connection, either the external TCP carrying like BGP or internal TCP like the connection between ppmd in RE and ppman in PFE might be dropped. It will result in the relevant session going down.
PR Number Synopsis Category: mc-ae interface
1479012 MC-AE interface may be shown as unknown status if adding the sub-interface as part of the VLAN on the peer MC-AE node
 
If adding the sub-interface as part of the VLAN on the peer MC-AE node while its corresponding MC-AE interface is still not configured to be part of the VLAN, the status of the MC-AE interface might be shown as unknown. It might have an impact on the traffic as the colour of the MC-AE interface could not be updated correctly.
PR Number Synopsis Category: Multiprotocol Label Switching
1402185 JSA10979 Junos OS: A specific SNMP command can trigger a high CPU usage Denial of Service in the RPD daemon. (CVE-2020-1600)
 
In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA10979 for more information.
PR Number Synopsis Category: Multi Protocol Label Switch OAM
1436373 The rpd might crash after executing 'ping mpls ldp'
 
In LDP to BGP-LU stitching scenario, when BGP route goes down, MPLS ping is done before that route is pulled out of the routing table, the rpd will crash.
PR Number Synopsis Category: Kernel MPLS / Tag / P2MP Infrastructure
1478806 Kernel crash and device restart might happen
 
In a corner case on Junos platform, where the family ccc is configured along with any other existing family within the same interface, like inet, inet6, etc. (basically, Junos never allows to do so, but somehow a customer did it ). And if the family ccc is deleted from the interface, which might cause kernel crash and the device reboot automatically, so all the traffic will be interrupted.
PR Number Synopsis Category: IPv6/ND/ICMPv6 issues
1443576 Junos OS: Improper handling of specific IPv6 packets sent by clients eventually kernel crash (vmcore) the device. (CVE-2020-1603)
 
Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled. Refer to https://kb.juniper.net/JSA10982 for more information.
PR Number Synopsis Category: Kernel Tunnel Interface Infrastructure
1478822 The protocol MTU may not be changed on lt- interface from the default value
 
For the first time, the protocol MTU of lt- interface changing from default state to any other specific value, it can not be changed. The configuration will show it has been changed to the specific value, but checking by the CLI command "show interface lt-x/x/x", there's no setting value for the protocol MTU of lt- interface. The traffic may be impacted by this issue.
PR Number Synopsis Category: QFX platform optics related issues
1402127 QSFP-100GBASE-SR4/LR4 might take a long time to come up after disabling interface or reboot
 
On QFX5110 platform with QSFP-100GBASE-SR4/LR4 port used, after disabling an 100G port and then enable the port again, or reboot the device, there is a long time delay (5-15 minutes) before the ports come up.
PR Number Synopsis Category: QFX L2 PFE
1473685 The RIPv2 packets forwarded across a L2circuit connection might be dropped
 
When RIPv2 routes are received on a QFX5100/EX4600 platforms, either to or from an L2 circuit connection, such packets are not propagated. This includes directed unicast RIPv2 packets.
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1441550 The rpd may crash or consume 100% of CPU after flapping routes
 
When flapping the existed flood nexthop type routes, it may cause rpd crash or consume 100% of CPU. This issue may cause routing protocols sessions/neighbors flap or traffic loss.
1460786 IPv6 Prefix might be hidden when received over IPv4 BGP session
 
When labeled-IPv6 and non-labeled IPV6 prefixes are received with the same protocol nexthop and the outgoing interface does not have MPLS family enabled, the IPv6 non-labeled route will be in inactive state and remains in hidden state.
PR Number Synopsis Category: RPD policy options
1453439 Routes resolution might be inconsistent if any route resolving over the multipath route
 
On all Junos platforms, any route resolving over the multipath routes, one scenario is BGP over BGP. After the metric value of any PNH (refers to the second PNH and using it to performing the second time next-hop resolving) changes, meanwhile, if the hash-selection changes happened, it might result in routes resolution inconsistency. Traffic drops could be observed if the packages are still forwarding to the old PNH (Protocol Next Hop). Any recursive resolving multipath scenario might trigger this issue.
PR Number Synopsis Category: SRX Argon module bugs
1480005 The flowd/srxpfe process might crash when Advanced Anti-MalWare service is used
 
On all multiple-threads SRX Series devices with Advanced Anti-MalWare service used, in a rare condition that a deadlock might occur among multiple threads, which results in the flowd/srxpfe crash.
PR Number Synopsis Category: Trio pfe stateless firewall software
1433034 The FPC might crash when the firewalls filter manager deals with the firewall filters
 
In some corner scenarios (e.g. the IGP neighbor flaps on the IFL configured with the firewall filters), the crash of FPC might be observed if the firewalls filter manager (DFW) deals with the filters of the interface.
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1354225 Trinity JNH memory leak when adding and removing unicast NH
 
Junos MPC memory leak when adding and removing unicast Next-hops
1426727 Some CFM and BFD sessions might flap while collecting MPLS statistics
 
On Junos-based platform with MPLS and MPLS statistics enabled as well as a CFM or BFD, when CFM with continuity-check interval less than 1000ms (e.g. 100ms) or BFD with minimum-interval less than 1000ms (e.g. 100ms), during the periodic MPLS statistics collection if there are a large number of next-hops (several thousand) related to MPLS forwarding, the transmission of the periodic CFM or BFD protocol packet may be delayed. It may cause some CFM or BFD sessions to expire on the remote side of the session due to timeout, which can further result in traffic drop due to CFM/BFD flapping.
PR Number Synopsis Category: Configuration mgmt, ffp, load-action, commit processing
1468119 Daemons might not be started if "commit" is executed after "commit check"
 
On Junos from 16.2R1 onwards, if "commit" is executed after "commit check", the daemon (e.g. dhcpd, sampled) might not be started even the related configuration is successfully committed.
 
Modification History:
First publication 2020-03-01
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search