Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

18.2R3-S4: Software Release Notification for JUNOS Software Version 18.2R3-S4



Article ID: TSB17773 TECHNICAL_BULLETINS Last Updated: 24 Sep 2020Version: 3.0
Alert Type:
SRN - Software Release Notification
Product Affected:
Alert Description:
Junos Software Service Release version 18.2R3-S4 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts

Warning: With VPLS/Bridge-Domain environment, an MX/EX9200 Series router with Trio-based MPCs running software version 18.2R3-S4. The MPCs may experience NH memory leak in the PFEs when using integrated routing and bridging (IRB) interface participating in the VPLS/Bridge-domain instance.

Junos Software service Release version 18.2R3-S4 is now available.

18.2R3-S4 - List of Fixed issues

PR Number Synopsis Category: DOT1X
1462479 EX-4600-EX-4300: Mac entry missing in Ethernet-Switching table for Mac-radius client in server fail scenario when tagged is sent for 2 client
In case of server_fail scenario, When tagged traffic is sent for first client MAC learning happen for both data and voice. But for second client on same interface learning happening only for voice. Because vlan is already added for an interface due to first client authentication process.
PR Number Synopsis Category: MX10008/16 Platform
1420571 "show chassis power" output status doesn't seem right and there are also similar error messages in the syslog after turn off / on power feed
After changing the power feed(s), either turn off or turn on, show chassis power outputs do not match real condition and there are also incorrect Syslog information recorded.
PR Number Synopsis Category: QFX Multichassis Link Aggregrate
1488681 MClag consistency check for multiple irb's configured with same vrrp-group
The MClag consistency check fails if the same vrrp-group is used for multiple irb configurations on Local and Remote REs of the MCLAG topology. This change corrects the defect and makes the MClag consistency check to pass.
PR Number Synopsis Category: QFX PFE L2
1481031 Connectivity is broken through LAG due to members configured with hold-time and force-up
Connectivity through link aggregation group bundle could break after there is a flap event on the physical ports when one physical member interface is configured with hold-time and the other member interface is having LACP force-up feature configured.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1485612 QFX 5100 VC/VCF : fpc are going to NotPrsnt state after upgrading the QFX 5100 VC/VCF
On QFX5100-24Q, there are three PICs: PIC0, PIC1, and PIC2. Ports on PIC0 uses the integrated PHY capability (called PHYLESS) on the Broadcom ASIC. PIC1 and PIC2 have an external PHY capability (called PHY). If PIC1 or PIC2 ports (PHY ports) interfaces used for VCP creation then after upgrade FPC may go to NotPrsnt state due to link not coming up.
1487707 All interfaces stop transmitting traffic on multi-link simultaneously
On QFX5000 platforms (QFX5100/QFX5110/QFX5120/QFX5200/QFX5210) with point-to-point multi-link scenario, when the switch ingress buffer saturation happens, all interfaces on multi-link stop sending traffic at the same time.
PR Number Synopsis Category: BBE database related issues
1473063 SDB goes down very frequently if the "reauthenticate lease-renewal" knob is enabled for DHCP
On MX platforms, if the "reauthenticate lease-renewal" knob is enabled for DHCP, when DHCP Authentication Re-Auth i.e. reauthenticate lease-renewal happens, SDB might go down very frequently.
PR Number Synopsis Category: Border Gateway Protocol
1437837 The rpd process crash might be observed if leaking multi-pathed BGP routes from routing-instance to another routing table
This issue applies to Junos platforms with BGP multipath configured under a routing-instance and a RIB group is deployed to leak routes from that routing-instance to another routing table. "rpd" may restarts unexpectedly when performing multipath calculation operations for the secondary routes - (such as, removing the rib-groups/bouncing BGP neighbor under routing-instance.) The secondary routes refer to the second RIB in a RIB (Routing Information Base) group.
PR Number Synopsis Category: Device Configuration Daemon
1457460 Mismatched MTU value causes the RLT interface to flap
In Redundant Logical Tunnel (RLT) with any dynamic protocols that rely on this interface scenario, when performing a "commit full" operation, which might cause the protocol to get flapping if MTU is configured at IFD level of the RLT. Due to the mismatch MTU value calculated by DCD and Kernel that triggers the IFD flapping, and then the protocols flapping.
PR Number Synopsis Category: EVPN control plane issues
1490953 The rpd core might be seen when doing RE switchover after disabling BGP protocol globally
On EVPN scenario with BGP and routing-instance configured, if BGP protocol is disabled globally and then doing RE switchover, multiple rpd core might be seen. And the rpd does not run on new primary RE. Hence it would affect the traffic and service.
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1484296 Dead next-hops might flood in a rare scenario after remote PEs are bounced
On all Junos platforms with EVPN-MPLS scenario, due to a timing condition, dead next-hops might flood after remote PEs are bounced. This will affect BUM traffic flooding to remote EVPN PEs.
PR Number Synopsis Category: Issues related to EX MACsec
1469663 Traffic loss might be seen with framing errors or runts if MACsec is configured on EX4600/QFX5100 platforms
On EX4600/QFX5100 platforms with Media Access Control Security (MACsec) configured, if there is traffic flowing through the MACsec enabled link, increasing framing errors or runts statistics might be seen in the output of "show interfaces extensive <>" for the affected interface. Traffic loss might also happen due to this issue.
PR Number Synopsis Category: Layer 2 Circuit issues
1498040 l2circuit Stuck in RD state at one end
L2circuit running on MC-LAG environment with backup neighbor might stuck in RD state at one end post the core link flap. Neighbor: Interface Type St Time last up # Up trans ae1.2004(vc 20042004) rmt Up Mar 24 03:06:41 2020 2 Remote PE:, Negotiated control-word: No Incoming label: 307024, Outgoing label: 320784 Negotiated PW status TLV: Yes local PW status code: 0x00000010, Neighbor PW status code: 0x00000000 Local interface: ae1.2004, Status: Up, Encapsulation: VLAN Flow Label Transmit: No, Flow Label Receive: No Neighbor: Interface Type St Time last up # Up trans ge-1/0/0.2004(vc 20042004) rmt RD Mar 24 04:06:42 2020 1 Remote PE:, Negotiated control-word: No Incoming label: 320784, Outgoing label: 307024 Negotiated PW status TLV: Yes local PW status code: 0x00000000, Neighbor PW status code: 0x00000010 Local interface: ge-1/0/0.2004, Status: Up, Encapsulation: VLAN Flow Label Transmit: No, Flow Label Receive: No
PR Number Synopsis Category: Multiprotocol Label Switching
1497641 Routing Protocol Daemon(RPD) might crash with core-dump
Routing Protocol Daemon(RPD) might crash with core-dump when snmp polling is done using oid jnxMplsTeP2mpTunnelDestTable
PR Number Synopsis Category: Kernel MPLS / Tag / P2MP Infrastructure
1493053 Backup RE might crash unexpectedly due to a rare timing issue
The backup Routing Engine might crash unexpectedly due to a rare timing issue during a route churn in the network.
1493431 BGP session might keep flapping between two directly connected BGP peers because of the wrong TCP-MSS in use
In case the two directly connected BGP peers are established over a one-hop LSP, if the IP layer's MTU is smaller than the MPLS layer's MTU, plus the BGP packets from the host have the DF bit set, the BGP session might keep flapping because of the wrong TCP-MSS in use.
PR Number Synopsis Category: JUNOS Network App Infrastructure (for ping, traceroute, etc)
1484689 Show system buffer command display's all zero in the MX104 chassis and it looks like cosmetic issue as there is no service impact reported
Corrected the odl tags and buffer data handling while xmlizing the output.
PR Number Synopsis Category: Layer 3 issues for VMX
1485706 Interface input error counters are not increasing on MX150
The input errors on MX150 may be zero under show interfaces extensive output when there are CRC/Align errors on the interface.
PR Number Synopsis Category: Protocol Independant Multicast
1443056 PIM RPF selection for the specific multicast group might get incorrectly applied to other multicast groups
On MX platforms, changing an RPF interface for a particular multicast group using PIM rpf-selection configuration, might cause other multicast groups to take, a newly changed RPF interface.
PR Number Synopsis Category: Issues related to PKI daemon
1489249 Has the risk of service interruption on all SRX platforms with a dual-stacked CA server
On all SRX products with Online Certificate Status Protocol (OCSP) or Certificate Revocation List (CRL) configured which belongs to a dual-stacked (IPv4/IPv6) Certificate Authority (CA) server, and if one of the IP addresses gets failure, all the services that rely on it might be interrupted, as Junos only selects the first IP from the DNS response message as the IP of the OCSP or CRL.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1449977 FPC does not restart immediately after rebooting the system. That might cause packet loss
On QFX10008 and QFX100016 switches, the traffic drop occurs after rebooting the system due to the time delay in rebooting the FPC.
PR Number Synopsis Category: QFX L2 PFE
1385954 "CMQFX: Error requesting SET BOOLEAN, illegal setting 66" is generated at booting up.
The following log may be generated at booting up. >> Feb 10 02:15:26 jtac-qfx5100-48s-6q-r2373 : %PFE-3: fpc0 CMQFX: Error requesting SET BOOLEAN, illegal setting 66. This is a cosmetic log and you can ignore the log safely.
PR Number Synopsis Category: jflow/monitoring services
1439630 Sampling might return incorrect ASN for BGP traffic
In a BGP scenario with sampling enabled, incorrect ASN (autonomous system number) might be returned for the traffic originated from an internal prefix. This is because some AS paths and routes don't hold the latest information in the message buffers that srrd (sampling route-record daemon) uses to send to the clients.
PR Number Synopsis Category: MS-MPC Logging on MX
1478972 TCP-log sessions might be in Established state but no logs get sent out to the syslog server
When TCP-based syslog is configured under the service-set, the Services PICs will establish the TCP sessions with syslog server. When the networks between the syslog server and the MX/SRX are not stable, TCP retransmit may not work properly and cause the TCP sessions to hang. When issuing "show services tcp-log connections", the TCP sessions are still shown in "Established" state, however, no syslog messages are sent to the syslog server.
PR Number Synopsis Category: security-intelligence feature on SRX
1482947 19.2R2:VSRX3.0:SRX-RIAD:ipfd core found at 0x08601e14 in ipid_msg_process (svr=< optimized out>, client_id=< optimized out>, msg=< optimized out>, len=< optimized out>) at ../../../../../../src/pfe-shared/include/jnx/usp/ipid_shared.h:622
If ipfd core happens with similar stack trace, it is likely that PR1482947 applies, it is self-heal, does not need special action, and does not impact production traffic
PR Number Synopsis Category: platform related PRs on SRX branch platforms
1473456 Supports LLDP on reth interfaces.
On all SRX chassis cluster with LLDP supported, the "set protocols lldp interface reth*" is supported since this release, please configure LLDP on reth interface not on reth's child interfaces.
PR Number Synopsis Category: MX10003/MX204 MPC defects tracking
1474231 QSA adapter Lane 0 port might be also brought down when disabling one of the other lanes
When QSA adapter is installed, the Lane 0 port might be also in down state when disabling one of the other lanes (1, 2 or 3) due to the chan number not entertained. It is not expected behaviour and it might affect service.
PR Number Synopsis Category: SRX-1RU HA SW defects
1487951 If a cluster-id of 16 or multiples of 16 is used the cluster might not come up
When using the SRX4600 firewall in a cluster, if a cluster-id of 16 or multiples of 16 is being used, the cluster might not come up.
PR Number Synopsis Category: V44 Satellite Device Infra
1460607 The dpd crash might be observed on satellite devices in junos fusion enterprise
In junos fusion dpd might crash on satellite devices running SNOS.
Modification History:
2020-09-18 Update to include a warning about PFE memory leaks when using IRB with VPLS/Bridge-domain

Updated 2020-04-28 - Remove PR1463169  from the "Fixed Included" section. The fix is not in 18.2R3-S4 packages on the Support Software download page. It is part of a patch available in a JSU package - 18.2R3-S4-J1 (See KB35396 for information on how to install a JSU package)
PR Number Synopsis Category: MX Platform SW - FRU Management
1463169 The RE switchover may not be triggered when the primary CB clock failure
On the specific Junos platforms, the RE switchover may not be triggered when the primary CB clock failure is detected. The primary CB with faulty clock can't operate normally and this issue may cause fabric plane failure.
First publication 2020-04-23
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search