Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EX ONLY] 18.4R1-S7.2: Software Release Notification for JUNOS Software Version 18.4R1-S7.2

0

0

Article ID: TSB17805 TECHNICAL_BULLETINS Last Updated: 15 Jun 2020Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
EX2300 EX3400
Alert Description:
Junos Software Service Release version 18.4R1-S7 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 18.4R1-S7.2 is now available for EX2300 and EX3400 platforms. EX-Series JUNOS Version 18.4R1-S7.2 replaces 18.4R1-S7.1 which has been recalled - see TSB17791.

18.4R1-S7 - List of Fixed issues

PR Number Synopsis Category: MX Platform SW - Mastership Module
1424187 The system does not reboot or halt as configuration when encountering the disk error
Product-Group=junos
When the system encounters disk error or halted system (ex. memory leak), the chassisd might go in hung state with the blow error messages even though "disk-failure-action reboot" or "disk-failure-action halt" is configured.
PR Number Synopsis Category: CoS support on DNX
1432720 CCM packets drop might be seen in a scaling ethernet OAM scenario.
Product-Group=junos
In an ACX5448 box with Ethernet OAM scenario, if connectivity fault management (CFM) sessions are based on 40GbE or 100GbE ports, CCM (continuity check message) packets drop might be dropped after scaling up beyond 650 CFM sessions.
PR Number Synopsis Category: ACX platform interface issues
1398270 "Output packet error Count" incrementing on 100GE, 40GE ports on RIO
Product-Group=junos
The "Output packet error count" is increasing when the interface MTU is greater than 1524 and the traffic is pumped with packet size greater than 1524. This is happening because the forwarding ASIC is treating these bigger packets as error packets. However, there is no impact to the traffic seen. Currently this issue is under investigation
1401718 Link fault signaling (LFS) is not working on ACX5448 10/40/100GbE interfaces
Product-Group=junos
Link fault signaling (LFS) feature is not supported on ACX5448 10/40/100GbE interfaces.
PR Number Synopsis Category: DNX L2 related features
1453766 ACX5448 FPC crashed due to segmentation fault
Product-Group=junos
ACX5448 FPC crashed due to segmentation fault, due to timing issue. There is very low chance of this core occurring.
1461485 ARP resolution issue might be seen during the bring up of AE (aggregated ethernet) interface after reboot
Product-Group=junos
On ACX5448 platforms with LACP is used with AE, there might be issues with ARP resolution when one member of AE is removed or a device is rebooted with AE configuration. This issue is seen when all the member ports are not added to the AE in the hardware though the RE shows the interface(ifd and ifl) as part of the AE. Since the RE has all the interfaces in the AE, it tries to send the ping/ARP through an interface which actually in the hardware is not configured to the AE because of which ARP/ping fails.
PR Number Synopsis Category: DNX platform MPLS FRR features
1485444 ACX5448 L2VPN with interface ethernet-ccc input-vlan-map/output-vlan-map can cause traffic blackhole
Product-Group=junos
On the ACX5448 platform, l2vpn application with ethernet-ccc input-vlan-map/output-vlan-map can experience traffic blackhole while the control plane is still up. This issue is a software defect introduced by changes made via PR1456624 in the ethernet-ccc ingress interface. This software defect adds an internal vlan tag to all packets. As a result, customers' desired vlan-tag was not added in ccc->mpls direction. Causing the remote PE -- expecting vlan-tagged traffic -- to drop these packets due to vlan mismatch.
PR Number Synopsis Category: Interface Information Display
1439440 The number of mgd processes increases because the mgd processes are not closed properly.
Product-Group=junos
On SRX Series platforms, sometimes the mgd processes are not properly closed. As a result, many mgd instances are unnecessarily left running.
PR Number Synopsis Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip
1429719 Junos OS: A race condition vulnerability may cause RPD daemon to crash when processing a BGP NOTIFICATION message. (CVE-2020-1629)
Product-Group=junos
A race condition vulnerability on Juniper Network Junos OS devices may cause the routing protocol daemon (RPD) process to crash and restart while processing a BGP NOTIFICATION message. Refer to https://kb.juniper.net/JSA11009 for more information.
PR Number Synopsis Category: Kernel software for AE/AS/Container
1459692 In MC-LAG scenario traffic destined to VRRP virtual MAC gets dropped
Product-Group=junos
When VRRP (virtual router redundancy protocol) is configured on MC-LAG (multichassis link aggregation groups), traffic destined to VRRP virtual MAC address might get dropped because the virtual MAC is not correctly programmed in PFE (packet forwarding engine).
PR Number Synopsis Category: jdhcpd daemon
1419437 The dhcp relay sessions could not be established successfully
Product-Group=junos
If dhcp group configuration is added without any interface, the jdhcpd maybe not aware of the group configuration after the group is applied on an interface.
1429456 The DHCP DECLINE packets are not forwarded to DHCP server when forward-only is set within dhcp-reply
Product-Group=junos
If forward-only is set within dhcp-reply in a Juniper Networks device as a DHCP relay agent, the DHCP DECLINE packets that are broadcasted from the DHCP client are dropped and not forwarded to the DHCP server.
PR Number Synopsis Category: Security platform jweb support
1499280 Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services
Product-Group=junos
Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services (CVE-2020-1631). Refer to https://kb.juniper.net/JSA11021 for more information.
PR Number Synopsis Category: Platform infra to support jvision
1415884 Possible memory leak in Chassisd
Product-Group=junos
Chassisd process will be leaking memory without specific operation. Memory leak continues as long as chassisd is running and there is no way to stop leaking. This would cause eventual chassisd crash and unexpected MPC restarting. Process would crash when its memory utilization goes beyond 3Gbyte.
PR Number Synopsis Category: Layer 2 Control Module
1469635 Memory leak on l2cpd process might lead to l2cpd crash
Product-Group=junos
On all Junos platforms with l2cpd (Layer-2 control protocols) daemon, committing configuration changes which are processed by l2cpd (e.g., flexible-vlan-tagging, stacked-vlan-tagging, vlan-tagging, family ethernet-switching) might cause marginally memory leak. Committing the l2cpd processed configuration changes in a successive manner might cause the memory resource exhaustion (Some operations have the same effect as the committing action, e.g., bouncing a vlan-tagged interface in a successive way). Eventually, it could result in the l2cpd process crash.
PR Number Synopsis Category: rtsock kernel instrastructure
1407000 Kernel memory leak in virtual-memory due to interface flaps (CVE-2020-1625)
Product-Group=junos
The kernel memory usage represented as "temp" via 'show system virtual-memory' may constantly increase when Integrated Routing and Bridging (IRB) is configured with multiple underlay physical interfaces, and one interface flaps. This memory leak can affect running daemons (processes), leading to an extended Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11004 for more information.
PR Number Synopsis Category: QFX PFE Class of Services
1476829 QFX Platforms are exhibiting invalid PFE PG counter pairs to copy, src 0xfffff80, dst 0
Product-Group=junos
On QFX Series Switches one may see "invalid PFE PG counter pairs" errors might be displayed as a result of polling class of service-related SNMP OIDs. These messages might eventually lead to interface counters not being populated properly.
PR Number Synopsis Category: QFX MPLS PFE
1469998 If continuous interface flaps at ingress/egress of PE devices, IP routed packets might be looped on the MPLS PHP node
Product-Group=junos
On QFX5K platform, when MPLS node-link-protection is configured on all nodes (PE and P device), the IP routed packets might be looped on the MPLS PHP node (P device) if continuous interface flaps at ingress/egress of PE devices.
PR Number Synopsis Category: KRT Queue issues within RPD
1446320 ,The rpd process might crash when it is terminated immediately after it has been started
Product-Group=junos
When the rpd process is terminated immediately after it has been started, the rpd process might crash due to a race condition.
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1424819 The rpd keeps crashing after changing configuration
Product-Group=junos
In the ECMP (Equal-Cost Multipath) environment with existing more than 8 multipath for a given route, changing configuration (e.g. delete routing protocol IGP or LSP) is trying to delete a software structure which was already corrupted sometime earlier due to memory corruption, and this may cause the rpd to keep crashing. This issue applies to all types of nexthops with multipath.
PR Number Synopsis Category: show route table commands, tracing, and syslog facilities
1421076 RPD crash might occur when changing prefix list address from IPv4 to IPv6
Product-Group=junos
RPD crash might occur when changing a prefix-list address from IPv4 to IPv6 with "replace-pattern"
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1396785 The MS-MPC might core when mspmand receives a non-syn packet of TCP
Product-Group=junos
On MX Series platforms and when MS-MPC line card is used, if the ms/ams-interface is not configured and mspmand (Multiservices PIC management daemon) receives a non-synchronized packet of TCP, the MS-MPC might crash due to some NULL pointer issues of the global configuration variable.
1402260 The mspmand process might crash with lots of error logs seen in high scaled MX platforms with MS-MPC/MS-MIC
Product-Group=junos
On MX platforms with MS-MPC/MS-MIC, if "services-options tcp-tickles" is enabled for the Transmission Control Protocol (TCP) traffic which needs TCP tickles packets, when there are high scale of application sessions and traffic loaded (e.g. 200K sessions), there might be lots of error logs observed, together with the service interface flapping and the mspmand process crash.
1405917 The FPC crash might be observed in MS-MPC HA environment
Product-Group=junos
On MX Series platform with MS-MPC card used, in race condition, if the MS-MPC is used on HA (High Availability) scenario ( the 'set interfaces ms-x/x/x redundancy-options redundancy-peer/redundancy-local' knob and GRES is configured), the FPC might crash due to the bus error (segmentation fault). The reason is that two CPUs simultaneously access the same session-extension memory in the session structure, one for writing, the other for reading. A reading CPU gets an incorrect value and uses that as the memory address. This causes the bus error (segmentation fault).
PR Number Synopsis Category: Junos Automation, Commit/Op/Event and SLAX
1436773 The /var/db/scripts directory might be deleted after executing "request system zeroize"
Product-Group=junos
On all platforms which support ZTP (Zero Touch Provisioning), the /var/db/scripts directory might get deleted after executing "request system zeroize", and it won't be recreated automatically.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1465171 Commit script does not apply changes in private mode unless a commit full is performed
Product-Group=junos
Commit script does not apply changes in private mode unless a commit full is performed.
 

18.4R1-S7 - List of Known issues

PR Number Synopsis Category: Border Gateway Protocol
1454198 The rpd scheduler slip for BGP GR might be up to 120s after the peer goes down
Product-Group=junos
In BGP GR (graceful-restart) scenario (graceful-restart is configured for BGP or GR-helper mode is enabled by default), when high-scale routes get learnt from one peer, the rpd scheduler slip might be up to 120s after that BGP peer flaps.
PR Number Synopsis Category: Cassis pfe microcode software
1459698 Silent dropping of traffic upon interface flapping after DRD auto-recovery.
Product-Group=junos
An interface stops forwarding traffic when MX software triggers a "DRD reorder timeout recovery" event follows by an interface flap on the same XMCHIP. When the logic is triggered, you will see a "cmtfpc_xmchip_drd_reorder_id_timeout_callback" message in the PFE syslog messages. This issue affects XM based MPCs (3E 4E 5E 6E 2E-NG 3E-NG).
PR Number Synopsis Category: ACX platform interface issues
1499130 [PDT][DNX] QSFP I2C errors in steady state, linux_i2c_mq : 224 Error in read ack, status 5, qsfp_tk_eeprom_scanning_check: RIO-MIC(0/1)(0) failed scanning eeprom addr 0x40 err 1
Product-Group=junos
The error log "linux_i2c_mq : 224 Error in read ack, status 5, qsfp_tk_eeprom_scanning_check: RIO-MIC(0/1)(0) failed scanning eeprom addr 0x40 err 1" is seen due to I2C read failure in one of the periodic calls. It is seen intermittently and not causing any impact to functionality. The I2C read eventually succeeds in the subsequent periodic calls thereby not causing any problem.
PR Number Synopsis Category: Flow Module
1465944 Junos OS: High-End SRX Series: Multicast traffic might cause all FPCs to reset. (CVE-2020-1634)
Product-Group=junos
On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core. Refer to https://kb.juniper.net/JSA11014 for more information.
PR Number Synopsis Category: Layer 2 Control Module
1505710 The l2cpd crash might be seen if adding/deleting ERP config and then restart l2cpd
Product-Group=junos
Core files are generated if you add or delete ERP configuration multiple times and restarted l2cpd or rebooted the box. If this issue is happened, l2cpd does not recover again and generates core file continuously.
PR Number Synopsis Category: Label Distribution Protocol
1432138 MPLS ingress LSP's might not come up after disable/enable of MPLS
Product-Group=junos
Dynamically configured RSVP LSP's for LDP link protection might not come up after disabling/enabling protocol MPLS.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1463802 The scheduled tasks might not be executed if "cron" daemon goes down without restart automatically
Product-Group=junos
The service utility "cron" runs in the background and regularly checks /etc/crontab for tasks to execute and searches /var/cron/tabs for custom crontab files. These files are used to schedule tasks which "cron" runs at the specified times. "cron" daemon is started during boot. If for some reason, the "cron" process exits, the scheduled tasks will not be executed. "cron" was not restarted automatically and had to be started manually.
1510224 Issuing the CLI command "request system zeroize" or upgrade on EX2300 may cause the console unresponsive
Product-Group=junos
Issuing the CLI command "request system zeroize" or upgrade on EX2300 may cause the console unresponsive.
PR Number Synopsis Category: IPv6/ND/ICMPv6 issues
1439844 DHCPv6 relay binding is not up when integrated routing and bridging(IRB) interface enabling DHCPv6 Snooping and Neighbor Discovery Inspection (NDI) simultaneously on EX9200
Product-Group=junos
In DHCPv6 relay scenario, when DHCPv6 snooping and NDI enable simultaneously on IRB interface on EX9200, DHCPv6 relay binding is not up.
PR Number Synopsis Category: PTP related issues.
1498739 QFX5110-48S-4c may have high 1 PPS output measurement error
Product-Group=junos
The QFX5110-48S-4c 1 PPS output measurement error has been measured higher than expected on some systems (~160 nsec instead of than less than 50 nsec)
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1376060 MS-MPC might have performance degradation under scaled fragmented packets
Product-Group=junos
On MX Series platforms with MS-MPC, it might have performance degradation if the MS-MPC receives scaled fragmented packets.
1459306 The traffic might be stuck on MS-MPC/MS-MIC with sessions receiving huge number of affinity packets
Product-Group=junos
On MX platforms with MS-MPC/MS-MIC, if there are sessions receiving huge number of affinity packets (e.g. thousands of packets), the service interface might be brought down by the prolonged flow-control, and the mspmand process crash might happen. In this case, the traffic will be stuck due to this issue.
1489942 Prolonged flow-control might happen on MX platforms with MS-MPC/MS-MIC
Product-Group=junos
On MX platforms with MS-MPC/MS-MIC, if there are lots of self-generated packets like TCP-tickle and UDP-logging, there might be data congestion on the data path due to no throttling functionality for such types of packets. When the data path is blocked, prolonged flow-control might happen with the service interfaces being brought down and the PIC reboot. At the same time, the mspmand core file will be generated if dump-on-flow-control is enabled.
PR Number Synopsis Category: SFW, CGNAT on MS-MIC/MS-MPC (XLP)
1335956 The MAC_STUCK might be seen on MS-MPC or MS-MIC
Product-Group=junos
On MS-MPC/MS-MIC in ALG scenario, MAC_STUCK might be seen and traffic may be lost.
1442552 Different formats of the B4 addresses may be observed in the SERVICES_PORT_BLOCK_ALLOC/RELEASE/ACTIVE log messages
Product-Group=junos
In DS-lite setup implementation on MS-MPC card different B4(Basic Bridging Broadband) address formats for JSERVICES_NAT_PORT_BLOCK_RELEASE log may be observed when softwire-prefix is configured under the service set, but a unified behaviour is required.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1404946 Configuring using the CLI editor in J-Web generates an mgd core dump and commit does not work.
Product-Group=junos
Configuring using the CLI Editor in the J-Web generates an mgd core dump and commit does not work.
1439805 When group is applied at non-root level then updating knobs inside the group is not updating hierarchies where it's applied
Product-Group=junos
On all Junos platforms, if a group is applied at non-root level and later some knob from the group is deleted, then change bits are not set for the hierarchy where the group is applied.
Modification History:
First publication 2020-06-15
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search