Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

17.4R2-S10: Software Release Notification for JUNOS Software Version 17.4R2-S10



Article ID: TSB17761 TECHNICAL_BULLETINS Last Updated: 07 Apr 2020Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, Network Agent
Alert Description:
Junos Software Service Release version 17.4R2-S9 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts

Junos Software service Release version 17.4R2-S10 is now available.

17.4R2-S10 - List of Fixed issues
PR Number Synopsis Category: EX2300/3400 platform
1477165 EX3400 me0 interface might remain down
The me0 interface of EX3400 does not come up when connected to 100m speed interface.
PR Number Synopsis Category: MPC Fusion SW
1454595 The 100G Interfaces may not come up again after going down on MPC3E-NG
On MPC3E-NG cards with 100G interface in use, if the interface detects Loss of Lock (LOL) on the link without Loss of Signal (LOS), the interface will go down and may not come up again after the link is recovered.
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1470603 The BFD client session might flap when removing BFD configuration from the peer end (from other vendor) of the BFD session
Currently, when a BFD packet with session state set to "AdminDown" is received by Juniper Device, the Juniper device will check both the session state and the diagnostic code in the packet. If the session state is "AdminDown" and the diagnostic code is 7 (which means "diag AdminDown"), the BFD session will be set to "Down" and the BFD client (i.e. the service which is protected by BFD) will be notified with "AdminDown" and the BFD client session will not flap. But if the BFD packet with session state set to "AdminDown" along with diagnostic code other than 7 is received, the BFD client will be notified with "Down" and the BFD client session will flap.
PR Number Synopsis Category: Border Gateway Protocol
1437108 Wrong next-hop might be seen when BGP PIC Edge is enabled
On all Junos releases before 19.1R1, when BGP PIC Edge is enabled, the incorrect next-hop might be assigned through BGP update, which will result in the following: 1. The next-hop advertised through BGP can be incorrect. 2. ECMP paths can get replaced with a PIC backup when the egress interface is same for the ECMP paths.
1442902 The CPU utilization on rpd spins at 100% once the same external BGP route is learned in different vrf tables
With "advertise-external" knob configured in BGP and "auto-export" knob configured in vrf, once the same external bgp route is learned in different vrf via the import policy, the CPU utilization on rpd will spin at 100% immediately.
1487691 High CPU utilization might be observed when the outgoing BGP updates are sending slowly
On all Junos platforms with the BGP routing protocols, the rpd process might go into a high CPU utilization causing slow network convergence. If a BGP peer is receiving and processing BGP updates slowly, this may cause the BGP output queue of the sending BGP peer to be full. When the queue is full it causes high CPU utilization of the BGP IO thread (bgpio, it is part of the rpd daemon) on the sending BGP peer. This defect could cause network-wide slow BGP network convergence. (See also
PR Number Synopsis Category: Cassis pfe microcode software
1464820 MPC5E/6E might crash due to internal thread hogging the CPU
PR 1382182 (which is fixed in 16.2R3 17.1R3 17.3R3-S3 17.3R4 17.4R2-S3 17.4R3 18.1R3-S2 18.1R4 18.2R2 18.2X75-D40 18.3R2 18.4R1 19.1R1) introduced an improper code which could cause an internal thread to hog the CPU and eventually result in the MPC crash. It is a timing issue and affects MPC5E/6E.
PR Number Synopsis Category: Firewall Filter
1466698 An output bandwidth-percent policer with logical-bandwidth-policer applied to an AE bundle along with an output-traffic-control-profile has incorrect effective policing rate
On MX platforms, for an AE bundle of at least two members hosted at two different FPCs, if the AE interface is with CoS output-traffic-control-profile of shaping-rate and with the output filter of policer with logical-bandwidth-policer and bandwidth-percent, the AE interface might have incorrect effective output policing rate.
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1459830 ARP request/NS might be sent back to the local segment by DF router
Under EVPN multihoming mode, if ARP Request or Neighbor Solicitation (NS) message encapsulated in Dual Tagged VLAN arrives at the DF(designated forwarder) which may send it back to the local segment as it was, that might cause a loop and at last, overwhelms the device. Note: It will not happen with normal broadcast traffic. BDF(backup designated forwarder)does not have this behavior.
PR Number Synopsis Category: Express PFE FW Features
1491575 BFD sessions start to flap when the firewall filter in the loopback0 is changed
On all Junos based PTX/QFX10000 series platforms with large filter configuration (e.g. one filter has more than 500 terms or one term has more than 500 filters) scenario, during the change operation of loopback0 filter, the bfd sessions start to flap.
PR Number Synopsis Category: Kernel software for AE/AS/Container
1474300 A newly added LAG member interface might forward traffic even though its micro BFD session is down
On all Junos platforms, if a static Link Aggregate Group (LAG) is configured, and Bidirectional Forwarding Detection (BFD) is enabled on the LAG which is also called as micro BFD, a newly added member link might start to forward traffic immediately when the configuration change commits even though its micro BFD session is still down, for example, add a new member interface only on single end, and the remote member interface is disabled or not added. Therefore, traffic loss might be seen due to this issue.
PR Number Synopsis Category: JSR Infrastructure
1363645 SRX4200 devices using show chassis commands may not display any outputs.
SRX4200 devices using 'show chassis' commands may not display any outputs
PR Number Synopsis Category: L2TP service related issues
1406179 The stale si-logical interface might be seen when L2TP subscribers with duplicated prefixes or framed-route log in.
If L2TP LNS uses inline service (si) interface and the routing service (such as framed-route) is configured in dynamic-profiles, when subscribers login with duplicated prefixes or framed-route, the LNS will reject the second subscriber due to route adding failure. But the si- IFL for the failure subscriber will be left in PFE as a stale IFL.
PR Number Synopsis Category: Multicast for L3VPNs
1460625 The rpd process might crash due to memory leak in "MVPN RPF Src PE" block
In NG-MVPN scenario with multiple multicast sources, the rpd process might crash due to memory leak in "MVPN RPF Src PE" block.
PR Number Synopsis Category: PTX5KBroadway based PFE IPv4, IPv6 software
1404088 Incorrect mem stat message is seen in FPC logs of PTX Type 1 FPC
Incorrect mem stat message is seen in FPC logs of PTX Type 1 FPC
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1449977 FPC does not restart immediately after rebooting the system. That might cause packet loss
On QFX10008 and QFX100016 switches, the traffic drop occurs after rebooting the system due to the time delay in rebooting the FPC.
PR Number Synopsis Category: rosen-6 and rosen-7 mvpn bugs
1405887 The CLI command "show pim mdt data-mdt-limit instance " with family option might cause CPU usage of rpd high
In draft-rosen MVPN scenario with data-mdt, if performing the CLI command "show pim mdt data-mdt-limit instance ", The output might go in loop and the rpd process might use high CPU.
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1406070 The rpd might crash or duplicated routes might be seen if doing configuration change with BGP multipath and flapping routes
On all platforms, if doing configuration change (with BGP multipath) and flapping the IGP/LDP/RSVP routes simultaneously, the rpd crash or duplicated routes might be seen.
PR Number Synopsis Category: RPD policy options
1450123 The rib-group might not process the exported route correctly
The rib-group with a policy that matches route next-hop can fail to add the route to the secondary routing table when matched route next-hop is changed to another one and then referred back again after some time. This issue has traffic impact as the exported route will lose in the secondary routing table.
PR Number Synopsis Category: Resource Reservation Protocol
1445994 Traffic blackhole likely if two consecutive PLRs along the LSP perform local repair simultaneously under certain mis-configured conditions
In RSVP environment with link or node protection deployed, if two consecutive PLRs (point of local repair) along the LSP perform local repair simultaneously and if backup LSP signaling between the downstream PLR & MP (merge point) pair fails due to any reason, then the backup LSP signaling between the upstream PLR & MP pair also does not succeed. Then due to a software defect the upstream PLR does not correctly clean up the LSP state and continues to send traffic into the backup LSP, resulting in traffic blackhole at the downstream PLR.
PR Number Synopsis Category: MX10002 Platform SW - Platform s/w defects
1426120 MPC reboot or RE mastership switchover might occur on MX204/MX10003
On MX204/MX10003, if there's high rate of fragmented traffic received on em3 interface, em3 watchdog timeout might occur. It could cause MPC reboot or RE mastership switchover.
1426120 MPC reboot or RE mastership switchover might occur on MX204/MX10003
On MX204/MX10003, if there's high rate of fragmented traffic received on em3 interface, em3 watchdog timeout might occur. It could cause MPC reboot or RE mastership switchover.
PR Number Synopsis Category: Trio pfe stateless firewall software
1433034 The FPC might crash when the firewalls filter manager deals with the firewall filters
In some corner scenarios (e.g. the IGP neighbor flaps on the IFL configured with the firewall filters), the crash of FPC might be observed if the firewalls filter manager (DFW) deals with the filters of the interface.
PR Number Synopsis Category: Junos Automation, Commit/Op/Event and SLAX
1436773 The /var/db/scripts directory might be deleted after executing "request system zeroize"
On all platforms which support ZTP (Zero Touch Provisioning), the /var/db/scripts directory might get deleted after executing "request system zeroize", and it won't be recreated automatically.
PR Number Synopsis Category: Virtual Router Redundancy Protocol
1450652 Dual VRRP mastership might be seen after RE switchover ungracefully
When VRRP works in distributed mode (ie. delegate-processing is enabled under VRRP) with more than 250 VRRP sessions, dual VRRP mastership might be observed after RE switchover ungracefully (e.g. master RE failure).

17.4R2-S10 - List of Open issues
PR Number Synopsis Category: Border Gateway Protocol
1437837 The rpd process crash might be observed if leaking multi-pathed BGP routes from routing-instance to another routing table
This issue applies to Junos platforms with BGP multipath configured under a routing-instance and a RIB group is deployed to leak routes from that routing-instance to another routing table. "rpd" may restarts unexpectedly when performing multipath calculation operations for the secondary routes - (such as, removing the rib-groups/bouncing BGP neighbor under routing-instance.) The secondary routes refer to the second RIB in a RIB (Routing Information Base) group.
1481589 The rpd process might crash with BGP multipath and route withdraw occasionally
In BGP multipath scenario on all Junos platforms, if original active/best BGP multipath routes got flapped occasionally, some routes, which are changed from best routes to alternative now, are removed from the BGP multipath route list, but its multipath flag are not cleared, due to some temporarily incorrect route reorder in BGP. And when the currently active route got withdrawn for some reason, and the original best routes again become the best routes then rpd might hit an assert and crash.
PR Number Synopsis Category: Neo Interface
1453433 Interfaces shutdown by 'disable-pfe' action might not be up using MIC offline/online command
On MX platform, when interfaces shutdown by 'disable-pfe' action, interfaces might not be back to normal operation by bouncing MIC (offline/online). At the end, this problem causes traffic black-holing. This is day-1 issue and could be fixed by restarting MPC.
Modification History:
First publication date 2020-04-07
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search