Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

18.4R3-S3: Software Release Notification for JUNOS Software Version 18.4R3-S3

0

0

Article ID: TSB17793 TECHNICAL_BULLETINS Last Updated: 24 Sep 2020Version: 2.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, and VMX
Alert Description:
Junos Software Service Release version 18.4R3-S3 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 18.4R3-S3 is now available.

NOTE: Know critical issue for EX Series. The Service Release Software for EX Series has been recalled. The issue caused by PR1510224 - Performing "request system zeroize" on an EX may brick the switch
Warning: With VPLS/Bridge-Domain environment, an MX/EX9200 Series router with Trio-based MPCs running software version 18.4R3-S3. The MPCs may experience NH memory leak in the PFEs when using integrated routing and bridging (IRB) interface participating in the VPLS/Bridge-domain instance.
 

18.4R3-S3 - List of Fixed issues

PR Number Synopsis Category: DOT1X
1462479 EX-4600-EX-4300: Mac entry missing in Ethernet-Switching table for Mac-radius client in server fail scenario when tagged is sent for 2 client
Product-Group=junos
In case of server_fail scenario, When tagged traffic is sent for first client MAC learning happen for both data and voice. But for second client on same interface learning happening only for voice. Because vlan is already added for an interface due to first client authentication process.
1504818 EX2300-48MP :: Client did not receive captive-portal success page by downloading the ACL parameter as Authentication failed
Product-Group=junos
In case of captive-portal, Authentication is getting failed for captive portal user when we receive filter from radius for that user. This issue has seen only with config captive portal with radius filter when dot1x stanza is not present.
PR Number Synopsis Category: EX2300/3400 VC
1461554 RTG link faces nearly 20 sec down during backup node rebooting
Product-Group=junos
On VirtualChassis (VC) setup with Redundant Trunk Groups (RTG) enabled, nearly 20 sec down is observed at RTG link during node reboot. The issue is seen when the rebooted target FPC0 is working as the backup. This issue might cause traffic loss of about 20 seconds.
PR Number Synopsis Category: NFX LTE Software
1507165 tunnels are down in GWR, after jdm image upgrade from D497.1 to 18.4R3-S2 porter 2 image
Product-Group=junosvae
tunnels are down in GWR, after jdm image upgrade from D497.1 to 18.4R3-S2 porter 2 image
PR Number Synopsis Category: QFX Access control list
1499918 Traffic drop might be observed after modifying FBF firewall filter
Product-Group=junos
On QFX5K platforms, after making changes in filter-based forwarding (FBF) firewall filter that is configured with multiple terms or different routing instances, traffic drop might be observed.
PR Number Synopsis Category: QFX PFE L2
1499422 The FPC will go down when 100G link comes up on the network port of the QFX5110-48S device
Product-Group=junos
On the QFX5110-48S device running on Junos 19.3R2-S2, 18.2R3-S3 or 18.2R3-S4, the FPC will go down when the 100G link comes up on the network port. This leads to FPC up and down every 90 seconds. During the problem state running CLI "show chassis fpc detail" will not yield any output for upto 90sec. user@device> show chassis fpc detail. <-------- Empty Once FPC state transition back to online state, the 100G transceivers gets detected and fpc flap is seen again. This behavior is seen continuously as long as 100G transceivers remain connected to the QFX device in question. If 100G interfaces gets disabled from CLI or physically removed from the QFX switch, the FPC flap will no longer be seen. Note: This issue is not applicable when 100G-QSFP is used as a VCP port on QFX5110-48S.
PR Number Synopsis Category: MPC Fusion SW
1463859 The MPC2E-NG/MPC3E-NG card with specific MIC might crash after a high rate of interface flaps
Product-Group=junos
If any MIC of type MIC-3D-2XGE-XFP / MIC-3D-4XGE-XFP / MIC-3D-20GE-SFP-E / MIC-3D-20GE-SFP-EH / MIC-MACSEC-20GE is installed in MPC2E-NG/MPC3E-NG card, the Microkernel (uKern) might hog for CPU on Packet Forwarding Engine (PFE) when there is a high rate of interface flaps (~30/40 flaps per second). This will eventually trigger the MPC2E-NG/MPC3E-NG card crash with an NGMPC core file. Normally the excessive interface flapping won't happen frequently in the real-world and it may be caused due to the external environment. This fix will reduce the impact and prevent the uKern hog when having such conditions. The fix for this issue causes a regression as documented in TSB17782 and PR1508794 which affects interfaces with "WAN-PHY" framing.
PR Number Synopsis Category: common or misc area for SRX product
1434592 Fabric link monitoring is not resetting the secondary node FPC after recovering from fabric link failure
Product-Group=junos
The cluster is stuck in the CS(Cold Sync monitoring ) status after recovering from fabric link failure.
PR Number Synopsis Category: Border Gateway Protocol
1499977 The rpd may crash if the import policy is changed to accept more routes that exceed the teardown function threshold
Product-Group=junos
On all platforms with BGP max-acceptance prefix limit (accepted-prefix-limit with teardown action) configured, the rpd crashes may occur when a policy change causes the number of routes being imported cross the configured threshold value and teardown action is being performed by the router.
PR Number Synopsis Category: Class of Service
1470252 Syslog error cosd[10290]: LIBCOS_COS_ATTRIBUTE_RETRIEVE_FAILED: FAILED to retrieve cos field (cos_fc_defaults_0_fc_no_loss)
Product-Group=junosvae
Class-of-service forwarding class default fields are missing in the schema file resulting in error log LIBCOS_COS_ATTRIBUTE_RETRIEVE_FAILED
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1498023 The l2ald memory leak may be observed in any EVPN scenario
Product-Group=junos
In any EVPN scenario (e.g. active-active multi-homing mode, active-standby multi-homing mode, EVPN-VxLAN, or EVPN-MPLS), the l2ald (Layer 2 Address Learning Daemon) memory may slowly come up when the local CE or core face interfaces continuously flap. If the memory of l2ald is exhausted, it will cause the l2ald to crash.
1502357 The VXLAN function might be broken due to a timing issue after the change in PR 1495098
Product-Group=junos
After the change in PR 1495098 (currently the affected release is 18.4R3-S2), the VXLAN function might be broken due to a timing issue. It is not recommended to use VXLAN with the affected release.
PR Number Synopsis Category: Express PFE FW Features
1432116 The FPC might crash when a firewall filter is modified
Product-Group=junos
In QFX10K/PTX series platforms, if a firewall filter with multiple match conditions is configured on interfaces which are Up and the firewall filter is modified (either a new action is added or the condition is added/removed etc.), the FPC might crash and restart. It might affect the service/traffic.
PR Number Synopsis Category: Integrated Routing & Bridging (IRB) module
1436924 IRB over VTEP unicast traffic might get dropped on EX9200/MX platforms
Product-Group=junos
On EX9200/MX platforms running as Provider Edge (PE) nodes in Ethernet Virtual Private Network (EVPN) and Virtual extension LAN (VxLAN) scenario, if the enhanced-ip mode is enabled for chassis configuration, and the EVPN routing instance is configured with Integrated Routing and Bridging (IRB) interface, the unicast traffic which is sent through IRB over Virtual Tunnel End Point (VTEP) might get dropped since it couldn't get routed towards core network due to this issue. [TSB17770]
PR Number Synopsis Category: Security platform jweb support
1502657 The J-Web users might not be able to configure PPPoE using PPPoE wizard
Product-Group=junos
On SRX platform with J-Web service enabled, when PPPoE wizard is used for configuring an interface for PPPoE, the DHCP pool Name is required but the pool list is not displayed and the configuration doesn't get completed. This issue is seen when the backend software is not able to fetch the DHCP pool details.
PR Number Synopsis Category: Application specific PRs (cos/snmp/time-sync/routing/BRAS)
1493699 [subscriber_services] [all] JDI_BBE_REGRESSIONS: DHCP subscribers not coming up as expected after deactivating vcp port
Product-Group=junos
In 20.1R1, for MX-VC platforms, setting or deleting a VC port causes other VC ports on the same FPC/MIC slot to bring link state down for a few seconds, possibly interrupting communication with the other member chassis.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1475851 [Tencent] ULC-30Q28 FPC major error after system boot up or fpc restart
Product-Group=junos
FPC is reporting Major Error because of SHUTDOWN ERI failure during BIST with repair on HMC having FW version >= 0x9c. BIST with repair is incorporated during boot up, so this Major Error will be reported during boot up having FW>=0x9c on HMC. During debugging, its found that this ERI is getting issued even before the HMC was brought up which is resulting into this Error. So added bringup steps for HMC before the BIST procedure starts as done for vale-ptx.
PR Number Synopsis Category: QFX Control Plane Kernel related
1421250 A vmcore is seen on QFX VC
Product-Group=junos
On QFX Series Virtual Chassis during shutdown, if an interrupt is received, the system gets into this state and vmcore is observed.
1421250 A vmcore is seen on QFX VC
Product-Group=junosvae
On QFX Series Virtual Chassis during shutdown, if an interrupt is received, the system gets into this state and vmcore is observed.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1423201 SFP-LX10 stay down until disable auto-negotiate
Product-Group=junosvae
SFP-LX10 stay down until disable auto-negotiate.
PR Number Synopsis Category: QFX platform optics related issues
1497947 lcmd core seen on QFX5210064C
Product-Group=junosvae
The LCMD process is the Linux Chassis Management Management Daemon. Due to a bug in the I2C handling in the daemon, a core dump may be seen. There is no specific user-visible trigger for the core dump and you may see several erroneous alarms when the core dump occurs. These should clear after the daemon automatically restarts
PR Number Synopsis Category: RPD Interfaces related issues
1383246 The chassisd might crash due to HW-DB errors on TVP based platforms
Product-Group=junos
On platforms of the ToR Velocity Program (TVP) in rare cases, HW-DB errors might be seen if the device has been up for a long time. This might cause chassisd crash. If GRES is not enabled, it might cause service impact. (HW-DB is a structure where FRU information is stored. Normally it updates when a message from FRU arrives for the first time. But due to this bug, every message gets appended to the HW-DB. After a a very long run, heap overflow happens.)
PR Number Synopsis Category: multicast source distribution protocol
1485206 There might be rpd memory leak in a certain looped MSDP scenario
Product-Group=junos
On all Junos platforms running in the Multicast Source Discovery Protocol (MSDP) scenario, if there are multiple overlapping mesh groups existing in the topology, for example, node A and B belong to mesh group M, node A and D belong to mesh group N, while node B and D belong to a different mesh group O, the Source Active (SA) messages sent from node A might get continously looped due to this issue. This might lead to the rpd memory leak and 100% CPU utilization.
PR Number Synopsis Category: platform related PRs on SRX branch platforms
1497956 Traffic interruption happens due to MAC address duplication between two Junos devices
Product-Group=junos
On Branch SRX series, traffic interruption might happen if an AE interface is configured, due to MAC address duplication with other Junos devices. For the reason is that the MAC address allocation for the AE interfaces of a Branch SRX will start from out of the local public pool range, and this MAC is most likely used for anther Junos device which is in the same Layer 2 broadcast domain. Note: 1. Each Junos device has its own local MAC range. And a MAC address consists of 6 groups of hexadecimal numbers, the first 3 groups are fixed as the vendor identifier, and the last 3 groups are available for Junos devices. with this, each Junos device takes a short segment from the available address range as the local MAC address range. 2. Public MAC pool VS private MAC pool in a device, the main difference is the penultimate binary bit in the first group (belongs to vendor identifier group), "0" indicates public, "1" for private. 3. Junos usually allocates MAC addresses from the private pool for the first 16 AE interfaces and MAC from the public pool for the 17th AE. (But Branch SRX series is an exception, which has no private pool)
PR Number Synopsis Category: MX10003/MX204 MPC defects tracking
1491970 User configured MTU might be ignored after the ISSU upgrade using "request vmhost software in-service-upgrade"
Product-Group=junos
User configured MTU might be ignored after the ISSU upgrade using "request vmhost software in-service-upgrade" if MTU is configured more than 9192.
PR Number Synopsis Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1440676 FPC might stuck in 100% CPU utilization due to GRES and multiple daemon's continuous restart on MX platform
Product-Group=junos
On MX series routers, in some situations when too many statistics (e.g. show interfaces queue) need to be collected from the Packet Forwarding Engine level at the same time, the bulk manager thread of the FPC microkernel level might be continuously busy and cause permanent 100% FPC CPU utilization. The issue is seen on a subscriber setup when continuous GRES ( Graceful Routing Engine Switchover) is performed with multiple daemons(PFED, STATSD, SMGD ect) restart.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1468663 JNH memory leaks might be seen after CFM session flap for LSI/VT interfaces
Product-Group=junos
JNH memory leak may be seen when CFM session over the VPLS LSI interface/VT interface flaps if mip-half-function is used.
 

18.4R3-S3 - List of Known issues

PR Number Synopsis Category: ESWD
1192520 GARPs being sent from the switch once in 10 minutes
Product-Group=junos
GARPs were being sent whenever there is a mac (fdb) operation (add or delete). This is now updated to send GARP when interface is UP & l3 interface attached to the vlan.
PR Number Synopsis Category: EX2300/3400 PFE
1462155 The fxpc crashes due to PFEMAN_RT thread and BCM linkscan thread get into a deadlock
Product-Group=junosvae
In certain conditions, PFEMAN_RT thread and BCM linkscan thread get into a deadlock causing watchdog timeout.
PR Number Synopsis Category: QFX Access control list
1497133 Firewall filter could not work in certain conditions under VC setup
Product-Group=junos
On EX4650/QFX5120 with Virtual Chassis setup, the firewall filter (egress direction) could not work when traffic goes across VCP (Virtual Chassis Port) link.
PR Number Synopsis Category: MPC Fusion SW
1508794 MPC2E/3E NG: WAN-PHY interface continuously flaps with default hold-time down of 0
Product-Group=junos
On MX-series routers with MPC2E or MPC3E NG line cards, 10GE interface configured with WAN-PHY framing may flap continuously if the hold-down timer is set to 0 (which is the default).
PR Number Synopsis Category: Border Gateway Protocol
1481589 The rpd process might crash with BGP multipath and route withdraw occasionally
Product-Group=junos
In BGP multipath scenario on all Junos platforms, if original active/best BGP multipath routes got flapped occasionally, some routes, which are changed from best routes to alternative now, are removed from the BGP multipath route list, but its multipath flag are not cleared, due to some temporarily incorrect route reorder in BGP. And when the currently active route got withdrawn for some reason, and the original best routes again become the best routes then rpd might hit an assert and crash.
PR Number Synopsis Category: Class of Service
1470252 Syslog error cosd[10290]: LIBCOS_COS_ATTRIBUTE_RETRIEVE_FAILED: FAILED to retrieve cos field (cos_fc_defaults_0_fc_no_loss)
Product-Group=junos
Class-of-service forwarding class default fields are missing in the schema file resulting in error log LIBCOS_COS_ATTRIBUTE_RETRIEVE_FAILED
PR Number Synopsis Category: DNX L2 related features
1461485 SW:Rio-X NPI:Platforms: ACX5448-D Interfaces and Optics support: sometimes during the bring up of AE interface there are ARP resolution issue
Product-Group=junos
Arp issue is seen with AE :When one member of AE is removed and also when device is rebooted with AE configuration.
PR Number Synopsis Category: jpppd daemon
1488302 MPLS VPN label can poin on discard next-hop after RE switchover without NSR if egress interface is pp0
Product-Group=junos
After RE switchover without non-stop routing (NSR) on the brodband network gateway (BNG) some VRF routing instances may experience blackholing for traffic destined to the hosts behind static PPPoE subscrier's CPE device. The affected routing instances are configured without 'vrf-table-label' knob and should have static route configured with pp0.xxx interface as a next-hop like: user@router> show configuration routing-instances TEST instance-type vrf; interface pp0.1000; route-distinguisher 65000:1000; vrf-target target:65000:1000; routing-options { static { route 10.0.0.0/24 next-hop pp0.1000; <<<< } }
PR Number Synopsis Category: Flow Module
1489276 GRE/IPSec tunnel might not come up when 'set security flow no-local-favor-ecmp' command is configured
Product-Group=junos
On SRX or vSRX clusters, when 'set security flow no-local-favor-ecmp' is configured, GRE/IPSec tunnel might not come up.
PR Number Synopsis Category: User Firewall related issues
1499090 Don't use capital characters for source-identity when using "show security match-policies" cmd.
Product-Group=junos
When using "show security match-policies" cmd to match a policy with source-identity configured, only the non-capital source-identity name can be matched by policy.
PR Number Synopsis Category: Layer 2 Control Module
1505710 The l2cpd crash might be seen if adding/deleting ERP config and then restart l2cpd
Product-Group=junos
If adding/deleting "protocols protection-group ethernet-ring" (ERP) config along with restarting l2cpd, the l2cpd crash might be seen, the l2cpd process will not recover again and it would be coring continuously.
PR Number Synopsis Category: Multicast Routing
1470183 The mcsnoopd might crash when the STP moves the mrouter port to the blocked state
Product-Group=junos
On ACX, EX, QFX, NFX and SRX platform, when IGMP snooping is enabled and a logical interface (IFL) of mrouter port is in blocked state by Spanning Tree protocol (STP), removal of the IFL might get stuck in Kernel routing table (KRT), which causes mscnoopd crash. Traffic loss will happen during mscnoopd self-restart.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1394978 The DRAM and Buffer utilization fields are not correct for QFX platforms
Product-Group=junos
"show chassis fpc" command displays a wrong amount of available memory on a QFX's FPCs.
1394978 The DRAM and Buffer utilization fields are not correct for QFX platforms
Product-Group=junosvae
"show chassis fpc" command displays a wrong amount of available memory on a QFX's FPCs.
PR Number Synopsis Category: QFX L2 PFE
1475005 On QFX platforms the system might stop new MAC learning and have impact on layer 2 traffic forwarding
Product-Group=junos
On QFX platforms, if there are a lot of MAC moves, the system might stop new MAC learning and lots of old MAC addresses might be stuck and couldn't be aged and deleted. Due to this issue, could have impact on layer 2 traffic forwarding and the customer service.
PR Number Synopsis Category: Resource Reservation Protocol
1505834 The rpd process might crash with RSVP configured in a rare timing case
Product-Group=junos
On all Junos platforms running with the Resource Reservation Protocol (RSVP) configured, when some socket error happens, RSVP might be unable to send message, however the counter for sent messages has already been increased due to the software design defect. The wrong counter might lead to the rpd process crash. It's a rare timing issue and it might be more likely to happen in a scaled scenario.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1489942 Prolonged flow-control might happen on MX platforms with MS-MPC/MS-MIC
Product-Group=junos
On MX platforms with MS-MPC/MS-MIC, if there are lots of self-generated packets like TCP-tickle and UDP-logging, there might be data congestion on the data path due to no throttling functionality for such types of packets. When the data path is blocked, prolonged flow-control might happen with the service interfaces being brought down and the PIC reboot. At the same time, the mspmand core file will be generated if dump-on-flow-control is enabled.
PR Number Synopsis Category: MPC7/8/9 Interface Issues
1436275 Link flapping with QSFPP-4X10GE-LR on MX204/MX10003 or MPC7E/8E/9E
Product-Group=junos
On MX Series routers with MPC7E, MPC8E, or MPC9E installed, if optics QSFPP-4X10GE-LR (Part number 740-054050) is used, the link might flap.
PR Number Synopsis Category: MX10003/MX204 Platform SW - Chassisd s/w defects
1315577 MX10003 : Despite of having all AC low PEM alarm is raised.
Product-Group=junos
An alarm is raised if mixed AC PEMs are present. This occurs because the criteria for checking whether mixed AC is present was changed. If the PEM is AC(HIGH) the first bit of pem_voltage is set, and if it is AC(LOW) the second bit of pem_voltage is set. So if both first and second bit are set, then mixed AC is present.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1439068 With 19.2, the EVPN-VXLAN Packets egressing IRB may get dropped with traps when there are multiple PFEs involved
Product-Group=junos
With Junos OS Release 19.2R1, the EVPN-VXLAN packets egressing IRB might get dropped with traps when there are multiple Packet Forwarding Engines involved.
1497203 The unicast traffic to destination reachable over IRB will be dropped due to PFE mis programming
Product-Group=junos
On MX Series routers with Trio chip set based MPCs,Unicast traffic will get dropped when the destination is reachable over an integrated routing and bridging (IRB) interface participating in the EVPN instance.
PR Number Synopsis Category: VMHOST platforms software
1349373 FPCs may reboot continuously until the Routing Engine reboot
Product-Group=junos
On a next-generation Routing Engine (NG-RE), a failure of the Hardware Random Number Generator (HWRNG) will leave the system in a state where there is not enough entropy available to operate. Please refer to TSB17734(http://kb.juniper.net/InfoCenter/index?page=content&id=TSB17734) for more details.
Modification History:
2020-09-18 Update to include a warning about PFE memory leaks when using IRB with VPLS/Bridge-domain
First publication 2020-05-27
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search