Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

18.4R2-S6: Software Release Notification for JUNOS Software Version 18.4R2-S6

0

0

Article ID: TSB17909 TECHNICAL_BULLETINS Last Updated: 11 Nov 2020Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 18.4R2-S6 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 18.4R2-S6 is now available.

18.4R2-S6 - List of Fixed issues
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1410021 BFD link failure detection of the broken path gets delayed when IGP link-state update is received from the same peer through an alternative path.
Product-Group=junos
Under BFD for IGP scenario, there is more than one path existing between the two IGP peers. If the IGP (OSPF or ISIS) peer receives IGP link-state update through an alternative path when one of the paths is down and BFD session of this link is a timeout, BFD hold timer will refresh which finally causes a delay on BFD link-failure detection.
PR Number Synopsis Category: Border Gateway Protocol
1517498 The rpd process might crash after deleting and then adding a BGP neighbor.
Product-Group=junos
In BGP scenario on all Junos platforms, after deleting and re-adding a BGP neighbor, the rpd might crash due to a rare timing issue.
PR Number Synopsis Category: EVPN control plane issues
1439537 The RPD process might crash after committing changes
Product-Group=junos
The RPD process might crash after committing changes. This issue might be seen if the following conditions are met: * On EX/QFX switches and applicable for all JUNOS platforms * EVPN is configured Traffic loss may happen due to RPD core.
PR Number Synopsis Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip
1401396 The rpd generates the following core files: cmgr_if_route_exists_condition_init, ctx_handle_node, task_reconfigure_complete.
Product-Group=junos
The rpd might crash and restart when condition-manager policy is configured for routing table and the same routing table is repeatedly deleted then re-added. The issue is not fixed in 19.2R1, and it is fixed in 17.4R2-S8-J1 17.4R2-S9 18.2X75-D33 19.2R2 19.2R2-EVO 19.3R1 19.3R1-EVO 19.4R1.
PR Number Synopsis Category: Integrated Routing & Bridging (IRB) module
1453025 The IRB traffic might get drop after mastership switchover
Product-Group=junos
In the Virtual-Chassis scenario with mac-persistence-timer enabled, the IRB traffic might get drop after master switchover.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1534796 High rate of ARP or NS packets might be observed between a device that runs Junos OS and host when the device that runs Junos OS receives an ARP or NS packet on an interface in transition.
Product-Group=junos
On Junos device in EVPN scenario, if an interface is in transition status and an ARP request is received on the interface from a host, the Junos device may send out re-arp out towards the host, and the host responds to this re-arp and the Junos device sends another re-arp in response to this arp reply from host. This goes forever causing high rate of arp packets until the interface comes up. This issue is also applicable to ND/NS in IPv6 environment.
PR Number Synopsis Category: lacp protocol
1463791 Member links state might be asychronized on a connection between the PE and CE devices in an EVPN active/active scenario.
Product-Group=junos
In EVPN multi-homed active/active scenario, when LACP is enabled on PE-CE child member links and after recovering from a core-isolation on the PE device, the PE-CE child member links might be stuck in Detached state if LACP sync-reset feature is enabled on the CE device. The child links on the CE device might show the LACP state as Collecting Distributing. However, on the PE devices, the LACP state might be shown as Detached.
1505523 The aggregated Ethernet interface sometimes might not come up after switch is rebooted.
Product-Group=junos
In Junos platforms with LACP and knob "minimum-links" enabled scenario, AE interface might not come up after the switch is rebooted or the AE interface is deactivated/activated. This is because the knob "sync-reset" is enabled. ("sync-reset" is enabled by default on QFX and EX platforms, and it only needs to use when the "minimal link" is not supported on one side of an LACP).
PR Number Synopsis Category: Multiprotocol Label Switching
1448769 Deleting constituent-list used by an abstract-hop causes rpd crashed
Product-Group=junos
On MX, PTX and QFX platform, when MPLS traffic engineering (TE) and adminstrative group feature enabled, abstract-hop configuration need to be removed before deleting adminstrative group feature in order to avoid routing protocol daemon (rpd) crash issue.
PR Number Synopsis Category: OS IPv4/ARP/ICMPv4
1496429 The Routing Engine might crash when a large number of next hops are quickly deleted and added again in a large ARP or ND scaled scenario.
Product-Group=junos
On all Junos platforms with large ARP/ND scale scenario, if a large number of nexthops are deleted and re-added very quickly (such as a result of link flap), the memory corruption might occur and eventually cause RE crash.
PR Number Synopsis Category: Kernel Stats Infrastructure
1508442 SNMP polling might return an unexpectedly high value for the ifHCOutOctets counter for a physical interface when any jnxDom OID is processed at the same time.
Product-Group=junos
When actual transmitted load is configured for interface as: set interfaces interface-transmit-statistics And ifHCOutOctets OID is polling together with any jnxDom OIDs for the same interface with time interval between pollings equal or less then one second, the resulted value of ifHCOutOctets may be unexpectedly high
1522561 OID ifOutDiscards reports zero and sometimes shows valid value.
Product-Group=junos
OID ifOutDiscards reports zero and sometimes shows valid value. user@router> show snmp mib get ifOutDiscards.514 | refresh 3 ---(refreshed at 2020-07-10 12:54:07 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:10 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:13 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:16 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:19 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:22 IST)--- ifOutDiscards.514 = 241974 ---(refreshed at 2020-07-10 12:54:25 IST)--- ifOutDiscards.514 = 241974 ---(refreshed at 2020-07-10 12:54:28 IST)--- ifOutDiscards.514 = 0 ---(refreshed at 2020-07-10 12:54:31 IST)--- ifOutDiscards.514 = 0
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1456742 The laser from the 10G SFP+ interface is still on when the interface is disabled or the device is rebooted
Product-Group=junos
On the QFX5210/QFX5110/QFX5100 platform, the laser is still emitting from 10G SFP+ port even though the interface is disabled or the device is rebooted. It will cause the peer's interface is still up and might impact traffic.
1507044 The archival function might fail in certain conditions.
Product-Group=junos
If the archival function is enabled with the statement "routing-instance" and transfer mode is set as SFTP/SCP for archive-sites, it may not work and fail to transfer the files.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1454527 On the QFX5000 line of switches, the dcpfe process crashes due to the usage of data that is not null getting terminated.
Product-Group=junosvae
The dcpfe crash is due to usage of data which is not NULL terminated on QFX5K.
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1406070 The rpd might crash or duplicated routes might be seen when you change the configuration with BGP multipath and flapping routes.
Product-Group=junos
On all platforms, if doing configuration change (with BGP multipath) and flapping the IGP/LDP/RSVP routes simultaneously, the rpd crash or duplicated routes might be seen.
PR Number Synopsis Category: RPD policy options
1538172 If upgrade to a specific version, the configuration validation may fail and the rpd may crash
Product-Group=junos
On all Junos OS platforms with "set policy-options rtf-prefix-list" configured, if upgrade to a specific version, the device might fail to validate its configuration which eventually causing rpd to crash unexpectedly due to a software fault.
PR Number Synopsis Category: Resource Reservation Protocol
1368177 The rpd might restart after an MPLS LSP flap if no-cspf and fast-reroute are configured in an LSR ingress router.
Product-Group=junos
RPD may restart unexpectedly after an MPLS LSP flap when "no-cspf" and "fast-reroute" are configured in LSR ingress router
PR Number Synopsis Category: MX10003/MX204 Linux issues (including driver issues)
1492121 MX10003 RCB always detect fire temp and shutdown in short time after downgrade from POST to PRE PR1413210 version
Product-Group=junosvae
Root Cause of the problem: As part of PR-1413210's fix, temperature sensor TMP435's extended binary mode enabled permanently to read negative temperature value correctly, which was causing to read incorrect temperature value(High temperature value) while downgrading the image (any image which doesn't have fix for PR-1413210). Hence high temperature value was forcing system to shutdown. Solution Provided: Extended binary mode is only enabled when required and then disabled again. Hence no issue while downgrading/upgrading the image.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1451559 In EVPN-VXLAN scenario, sometimes host-generated packets gets dropped as hitting reject route in Packet Forwarding Engine.
Product-Group=junos
The host generated packets might be dropped in the EVPN/VXLAN scenario due to hitting the "reject route" policy in PFE.
1513509 During route table object fetch failure, the FPC might crash.
Product-Group=junos
Due to rare timing issue, the FPC might crash because of route table object fetch failure in EVPN multihoming scenario.
 

18.4R2-S6 - List of Known issues
PR Number Synopsis Category: Marvell based EX PFE L3
1516883 Traffic load balancing on Onyx/EX (TD3) platforms with static ECMP hashing
Product-Group=junos
Broadcom asic uses a static hashing and RTAG7 hash algorithm might be alike on each chipset. Hence, it is recommended to fine tune hash parameters based on the Traffic profile used when deviation in load balance is observed. On TD3 chipset based platforms, following configuration is required to fine tune hashing deviation if any 1. set forwarding-options enhanced-hash-key hash-parameters ecmp offset 29 2. set forwarding-options enhanced-hash-key hash-parameters ecmp preprocess
PR Number Synopsis Category: NFX Series Platform Software
1462556 Junos OS: NFX350: Password hashes stored in world-readable format (CVE-2020-1669)
Product-Group=junos
The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. Refer to https://kb.juniper.net/JSA11066 for more information.
PR Number Synopsis Category: QFX PFE L2
1261824 Elit_EVPN-VXLAN : dc-pfe core after adding a IRB in the same routing instance as that of the underlay vtep interface
Product-Group=junos
In EVPN-VXLAN deployment with QFX10k switches, when vxlan enabled IRB interface is configured in the same routing instance as that of the the underlay vtep tunnel and if the remote VTEP interface IP is resolved over the IRB interface using routing protocols or static route, dc-pfe cores would be generated and all the interfaces would go down. dc-pfe cores would be continuously generated until configuration is corrected.
1496766 Flow control is enabled in PFE irrespective of interface configuration and the fix causes a very small amount of packet loss when a parameter related to an interface such as "interface description" on any port is changed.
Product-Group=junos
On QFX5120 and QFX5210 running JunosOS 18.4R2-S5, 18.4R2-S6, 18.4R3-S5, 19.3R3 releases, there will be a very small amount of packet loss when a parameter related to an interface such as "interface description" on any port is changed. When the parameter is changed, COS buffer modifications is checked. Even when there is no change in previous and present COS buffer state for port, COS buffer modifications is unnecessarily performed and is calling traffic block and unblock and causing a very small amount of packet loss. This will be fixed in the following releases. Junos OS 18.4R2-S7, 18.4R3-S6, 19.3R3-S1 and all subsequent releases.
PR Number Synopsis Category: Border Gateway Protocol
1456260 Packet drop and CPU spike on Routing Engine might be seen in certain conditions if labeled-unicast protection is enabled for a CsC-VRF peer.
Product-Group=junos
On all Junos OS platforms under carrier supporting carrier (CsC) scenario, when PE link protection (labeled-unicast protection) is enabled, after one of the redundant links between CsC-CE flap or RSVP-TE LSP re-route from the primary path happens, it might result in slow convergence issue. Packets drop and CPU spike on the Routing Engine might be seen during this period.
PR Number Synopsis Category: Device Configuration Daemon
1539991 The logical interface might flap after adding or deleting native VLAN configuration
Product-Group=junos
On EX/QFX platforms, the unrelated logical interface on a physical interface would flap when adding or deleting native VLAN configuration on the physical interface.
PR Number Synopsis Category: EVPN control plane issues
1521526 ARP table not updated in race condition after vmotion or network loop
Product-Group=junos
ARP table not updated in race condition after vmotion or network loop
PR Number Synopsis Category: Express PFE FW Features
1432116 The FPC might crash when a firewall filter is modified.
Product-Group=junos
In QFX10K/PTX series platforms, if a firewall filter with multiple match conditions is configured on interfaces which are Up and the firewall filter is modified (either a new action is added or the condition is added/removed etc.), the FPC might crash and restart. It might affect the service/traffic.
PR Number Synopsis Category: Express PFE including evpn, vxlan
1538600 BFD neighborship is failing with EVPN_VXLAN configuration after l2-learning restart
Product-Group=junos
With EVPN-VxLAN configuration, when restart of l2-learning command is executed, BFD sessions on IRB interface may not come up.
PR Number Synopsis Category: Multiprotocol Label Switching
1506062 The rpd process might crash when rpd restarts or GRES switchovers.
Product-Group=junos
On all Junos platforms with GR (Graceful Restart) and LSP (Label Switched Path) configured, if the /mfs/var/db/tag_restart.db file is corrupted, the rpd process might crash when triggering rpd restart or GRES (Graceful Routing Engine Switchover) switchover. Traffic loss might be seen during the rpd crash and restart.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1449977 FPC does not restart immediately after the system reboot that causes packet loss.
Product-Group=junos
On QFX10008 and QFX100016 switches, the traffic drop occurs after rebooting the system due to the time delay in rebooting the FPC.
PR Number Synopsis Category: Filters
1514710 In the VXLAN configuration, the firewall filters might not be loaded into the TCAM with the following message due to TCAM overflow after upgrading to Releases 18.1R3-S1, 18.2R1, and later : DFWE ERROR DFW: Cannot program filter.
Product-Group=junos
n QFX5000/EX4600 platforms with VxLAN scenario, firewall filters loading failure might happen due to Ternary Content Addressable Memory(TCAM) overflow, which may cause traffic impact if the Junos version is upgraded to 18.1R3-S1 / 18.2R1 or higher. This is because IPACL VxLAN filter is introduced on that releases to replace regular IPACL for VxLAN VLANs. And after upgrade, IPACL VxLAN filter needs more entries in TACM compared with regular IPACL, which makes TCAM to overflow, and even traffic will be impacted.
PR Number Synopsis Category: QFX L2 PFE
1435561 The l2ald memory leakage is observed when the VTEP or overlay BGP session flaps.
Product-Group=junos
When you restart the routing process, if the system is configured with EVPN service, memory of the Layer 2 learning daemon increases by 4000 when you use " show system processes extensive | match l2ald".
1497993 Traffic might get dropped if the aggregated Ethernet member interface is deleted or added, or a SFP of the aggregated Ethernet member interface is unplugged or plugged.
Product-Group=junos
On QFX5K/EX46xx platforms, if STP is configured on vlan but the AE interface which is part of that vlan is not configured with STP, after an AE member interface is deleted or a SFP of the AE member interface is unplugged, and when the deleted AE member interface is added back or the unplugged SFP is plugged again, traffic via that AE interface might get dropped. LACP and LLDP traffic are not affected by this issue.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1537924 ECMP over GRE does not work for BGP route
Product-Group=junos
ECMP over GRE does not work for BGP route. Traffic is polarized to just one egress interface but not distributed to multiple egress interfaces.
PR Number Synopsis Category: QFX EVPN / VxLAN
1510794 Multicast traffic loss is observed due to few multicast routes missing in the spine node
Product-Group=junos
In an EVPN-VXLAN scenario with scaled snooping configuration(for example, 100 vlan's with snooping enabled), traffic drops might be observed for multicast groups in few vlan's when "clear bgp sessions" is performed on all Spine devices.
PR Number Synopsis Category: QFX VC Infrastructure
1528879 On QFX5100 VC, if traffic engineering is configured then downgrade to 14.1 release from 17.3 or later release may fail.
Product-Group=junos
On QFX5100 VC, if traffic engineering is configured then downgrade to 14.1 release from 17.3 or later release may fail.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1488251 MAC learning under bridge-domain stops after MC-LAG interface flaps.
Product-Group=junos
MAC learning under bridge-domain over MC-LAG interface stops after MC-LAG interface flap
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1448965 Unexpected behavior might occur when you use the load override command.
Product-Group=junos
On all Junos platform, when CLI command 'load override ' is executed, unexpected behavior such as dot1xd core might be observed. The functionality of the dot1xd daemon might be impacted.
PR Number Synopsis Category: VNID L2-forwarding on Trio
1517591 MAC learning issue might happen when EVPN-VXLAN is enabled
Product-Group=junos
On MX platform, with Ethernet VPN and Virtual Extensible LANs (EVPN-VXLAN) implemented, Address Resolution Protocol (ARP) requests received on VXLAN tunnel endpoint (VTEP) might not forward to customer edge (CE) side or Proxy ARP role on VTEP might not work properly. This issue could happen when knob 'no-arp-suppression' is disabled under EVPN instance combined with static VXLAN implementation. Please refer to workaround provided when this issue hit.

 
Modification History:
First publication 2020-11-11
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search