Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

18.4R3-S8: Software Release Notification for JUNOS Software Version 18.4R3-S8



Article ID: TSB18035 TECHNICAL_BULLETINS Last Updated: 29 Apr 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
Alert Description:
Junos Software Service Release version 18.4R3-S8 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts

Junos Software service Release version 18.4R3-S8 is now available.

18.4R3-S8 - List of Fixed issues
PR Number Synopsis Category: EX-Series VC Infrastructure
1573173 EX4600/EX4300 mixed VC : Error message 'ex_bcm_pic_eth_uint8_set' is seen when changing config related to interface.
On EX4600/EX4300 mixed VC, error message, 'ex_bcm_pic_eth_uint8_set' could be seen whenever changing interface configuration.
PR Number Synopsis Category: Cassis XQ related issues
1464297 On the MX960 router, the following error message might be observed: SCHED L4NP[0] Parity errors.
This PR along with an earlier PR1232952 address the issue completely, so JUNOS version in question should have fix for these two PRs to address this issue completely.
PR Number Synopsis Category: QFX Multichassis Link Aggregrate
1562535 MAC address entry issue might be observed after the MC-LAG interface.
On all junos platforms with high scale setup (for ex: 40 mac per 3000 vlan), MAC address entry issue might be seen after MC-LAG interface failover/failback few times. Some MAC entry remains as DR after failover and these stale entries might cause service disruptions.
PR Number Synopsis Category: QFX PFE L2
1550918 Traffic may be forwarded incorrectly on an interface having VXLAN enabled and "hold-time up xxx" statement configured
If an interface is configured with "hold-time up xxx" statement and has VXLAN enabled, after interface flaps, traffic coming from this interface (such as ARP traffic) may be forwarded even it's not changed to the "up" state.
1574435 On QFX5K switches, software forwarded VXLAN decapsulated packets can have illegal length
On QFX5K switches, software forwarded VXLAN decapsulated packets (i.e. STP, DHCP etc) received on a VTEP interface might be forwarded with illegal length. During decapsulation the packet length might not be adjusted to the length on the inner payload and packet would get forwarded by adding trailer for the remaining length.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1568533 The untagged packets might not work on EX Series platforms.
On EX/QFX5K platforms, if 'flexible-vlan-tagging', 'vlan-id-list' and 'native-vlan-id' are configured on the interface in SP style, the untagged packets that need to be egressed from this interface might be dropped by the peer device.
PR Number Synopsis Category: Australia related infrastructure software
1501752 Continuous l2ald and L2ALM log messages seen on nodes of chassis cluster of SRX5000
On some JunOS SR releases continuous l2ald and L2ALM log messages are seen in chassis cluster setup of SRX5000 Series. The issue is cosmetic.
PR Number Synopsis Category: BBE database related issues
1554539 During ISSU, BNG losses subscriber sessions without sending the Session Stop message but stay in authd
When a SDB service session is created and requested to be replicated on the master RE during a full SDB resync like ISSU or VC global switchover, the replication request may be dropped due to a bug in the repd logic attempting to determine if the new service session will be picked up and replicated as part of the full SDB resync.
PR Number Synopsis Category: BBE multicast related issues
1537846 The NGMPC2 process generates the core file at bv_entry_active_here::bv_vector_op:: gmph_reevaluate_group:: gmph_destroy_client_group.
If PFE processes distributed igmp pseudo ifl delete, it attempts to delete all associated multicast flows. On a scaled setup, deleting several thousand multicast flows hogs CPU for long time that it is killed by the scheduler, resulting in core. This is a rare condition, seen only on scaled distributed igmp setup.
PR Number Synopsis Category: BBE routing
1556980 The framed route installed for a demux Interface has no MAC address.
On MX platforms with Broadband Edge(BBE) scenario, traffic sent to/transit via Framed-Route might be dropped, as there is no MAC associated with Framed-Route on the Demux Interface if "qualified-next-hop" is configured in dynamic-profile access route.
PR Number Synopsis Category: Enhanced Broadband Edge support for cos
1582356 bbe-smgd process on both routing engines may crash due to a rare timing issue after logout of subscribers over pseudowire
In subscriber over MPLS pseudowire scenario, bbe-smgd process on both routing engines may crash due to a rare timing issue after subscriber logout. Output of "show system core-dumps routing-engine both" will indicate presence of bbe-smgd core dumps on both routing engines.
PR Number Synopsis Category: Device Configuration Daemon
1530935 Backup RE or backup node may stuck in bad status with improper "backup-router" configuration
Redundant group 1+ may report Interface Monitor failure if backup router destination prefix is configured same as interface IP address.
PR Number Synopsis Category: Express PFE L2 fwding Features
1534340 The dcpfe process might crash and cause FPC to restart due to the traffic burst
The dcpfe process might crash on the QFX10002-60C/PTX10002-60C platform and might lead to FPC restart causing traffic loss. This issue is seen during traffic bursts on the device.
PR Number Synopsis Category: IDP on logical system
1561298 The idpd process might crash when committing IDP configuration under LSYS/Tenants during RGs failover
On SRX Series devices, if there are a considerable number of Logical-systems/Tenants configured. The idpd process might crash if the IDP-related configuration under Logical-systems/Tenants is changed and committed repeatedly during Redundancy Groups(RGs) failover. It is suggested not to modify and commit the IDP-related configuration in that situation.
PR Number Synopsis Category: IPSEC/IKE VPN
1564444 A session might be closed when the session is created during the IPsec rekey.
A session might be closed when the session is generated during IPsec rekey. It might cause the traffic drop on SRX platforms.
1565132 When there are multiple IPsec SA, Backup SA start ipsec rekey.
On all SRX platform, when there are multiple IPsec SA for single IPsec tunnel, backup SA start ipsec rekey and multiple IPsec SA condition remains for a long time.
PR Number Synopsis Category: QFX platform optics related issues
1561181 The tunable optics SFP+-10G-T-DWDM-ZR doesn't work on EX/QFX devices
On EX4600/EX4650/QFX5110 devices with tunable optics SFP+-10G-T-DWDM-ZR used, the configured wavelength value does not take effect when connecting two EX/QFX across a mux (multiplexer) using tunable optics SFP+-10G-T-DWDM-ZR.
PR Number Synopsis Category: QFX L2 PFE
1564020 On EX4650/QFX5120 platforms, "storm control" with IRB interface might not work correctly
On EX4650/QFX5120 platforms, "storm-control" might not work as expected if adding an IRB interface to a VLAN where "storm-control" is enabled. This defect could be seen when a destination IP of the stream's route is in a resolve state.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1560161 Few IPv6 ARP ND fails after loading the base configurations.
On QFX5k platforms, when configuring a VLAN ID for a VxLAN, recommendation is to use VLAN ID of 3 or higher. If VLAN ID of 2 is used, replicated broadcast, multicast, and unknown unicast (BUM) packets for these VxLANs might be untagged, which in turn might result in the packets being dropped by a device that receives the packets.
PR Number Synopsis Category: QFX EVPN / VxLAN
1555835 Traffic might not passed due to the addition of the VLAN tag 2 while passing through the Virtual Chassis port.
When ingress and egress interfaces are in different FPC on QFX5120VC with OVSDB vxlan, the VLAN tag 2 might be added automatically and the peer device drops it.
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1482112 The rpd process might crash when deactivating logical systems.
On all Junos platforms running with logical systems, if the logical systems get deactivated either by manually restarting the rpd process or by the deletion of the logical system configurations, the rpd process might crash in a race condition. It is a timing issue.
PR Number Synopsis Category: SW PRs for SCBE3 related kernel drivers
1564539 MX platforms with MX-SCBE3 may reboot continuously.
A recent change in the kernel boot loader causes a system with MX-SCBE3 to experience the Routing Enginne's kernel memory corruption which causes the system to reboot continuously.
PR Number Synopsis Category: platform related PRs on SRX branch platforms
1572920 Traffic going through the VRRP interface might be dropped when VRRP enabled IRB interface goes down
On the SRX platform with multiple IRB interfaces belong to the same VRRP group ID, when one of the IRB interfaces down, it might cause traffic disruption going through Virtual IP (VIP) on another IRB interface.
PR Number Synopsis Category: SRX-1RU platfom related protocol, QoS, filtering features et
1585698 The 1G interfaces might not come up after device reboot
On SRX4600 platforms, In a rare scenario the interfaces configured with "speed 1G" might not come up after the device reboot and will remain in down state.
PR Number Synopsis Category: Trio pfe qos software
1538960 The following major error message might cause the Packet Forwarding Engine(s) to disable: XQ_CMERROR_SCHED_L3_PERR_ERR.
On EX9200 platforms with EX9200-6QS/MX platforms with MPC2E/3E/5E(Q)/SRX5K platforms with MPC3, PFE(s) on that FPC(s) might be disabled due to a major alarm "XQ_CMERROR_SCHED_L3_PERR_ERR". Without the fix, this major alarm triggered "disable-pfe" action. This defect could be seen if there is a parity error in the L3 node static memory.
PR Number Synopsis Category: Authentication, Authorization, Accounting, PAM (RADIUS/tacplus)
1530106 Ex3400 VC - Console access on backup VC member is not allowed
Console login on a Virtual Chassis backup member might not be permitted if unreachable DNS name-server is configured on the box. DNS name resolution checks if the host is valid for login or not. If the DNS server configured on the box is not reachable, the user is not allowed on the Virtual Chassis while trying to access it from the console of the backup member.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1543037 The license errors might get returned on the backup Routing Engine while trying to commit the configuration.
On all Junos platforms, when trying to commit the configuration, license errors may get returned on backup RE even though the license is installed correctly. This issue doesn't have any service impact.

18.4R3-S8 - List of Known issues
PR Number Synopsis Category: QFX PFE L2
1444095 QFX5120 drops traffic whose destination port is 4789
QFX5120 drops traffic, whose destination port is 4789 (default port for VXLAN), if the traffic is received via a layer 2 trunk port.
PR Number Synopsis Category: ACX L2 related features
1565642 ACX5048: Entry for mac address from which no traffic is seen for mac age timer does not age out if there is active traffic destined for this mac
As per the current code, ACX would not delete a mac address from the mac table there is- (a) traffic destined to the mac address or (b) traffic sourced from the mac address or (c) both Fix of this PR will allow ACX to only look at (b) traffic sourced from mac address before deleting the mac address entry from mac table. So, if there is no traffic sourced from the mac for an interval of mac aging timer, the mac would be deleted from the mac table at the end of mac aging timer with out taking into account the traffic destined to the mac address.
PR Number Synopsis Category: Control Plane and Infrastructire for the B-54 program
1188254 Junos Fusion Enterprise: LLDP might stop working if manually deactivated and reactivated
On a Junos Fusion Enterprise, LLDP might stop working if it is reenabled after being manually disabled.
PR Number Synopsis Category: BBE Remote Access Server
1402653 The subscriber might need to take retry for login
On all Junos platforms running in subscriber scenario with address pool configured, if the address pool has high usage so that only few addresses are free to allocate, when there are subscribers logout and login, the released address by one subscriber might get re-used and allocated to the other subscriber very soon. Due to this issue, syslog error messages might be seen, and the affected subscriber might need to take retry for login.
PR Number Synopsis Category: Virtual-chassis platform/chassisd infrastructure PRs for MX
1587499 Unable to configure pseudowire interface on Summit MX 3RU in virtual chassis mode
On Summit MX 3RU (MX10003) in virtual chassis (VC) mode, configuring a pseudowire interface over a logical tunnel (LT) or a redundant logical tunnel (RLT) results in a commit error that states that the anchor point interface is not configured, even when the LT or RLT interface is operationally up. The issue is not present on MX10003 in non-VC mode.
PR Number Synopsis Category: IPSEC/IKE VPN
1571105 SPI mismatch caused by simultaneous rekeys under kmd stress
On the SRX Series platforms with IPsec configured, when kmd has high stress due to enabling traceoption, SPI mismatch might be seen under back2back rekeys. This can lead to incoming traffic cannot be decrypted on the target tunnel.
PR Number Synopsis Category: Security platform jweb support
1587453 [Jweb]system log output fails under plenty events and it leads high RE cpu usage
When using syslog output at J-web menu "Monitor > Events > System", users may see taking long time to output or even fails. Also the system may face high CPU on RE. This behavior is a limitation due to an unavoidable system performance issue in J-Web.
1588106 [Jweb]event log is deactivated when stream mode change via Jweb
When a user tries to configure traffic log with stream mode via Jweb, event log is also configured as inactive.
PR Number Synopsis Category: Multiprotocol Label Switching
1460283 The previously configured credibility preference is not considered by CSPF even though the configuration has been deleted or changed to prefer another protocol in the traffic engineering database.
After configuring the credibility, the new credibility preference value will be stored internally and its not cleared or consider by the CSPF module, incase if the perviously configuration of "traffic-engineering credibility-protocol-preference" was deleted or if you configure "traffic-engineering credibility-protocol-preference" under another protocol (for example ISIS)
PR Number Synopsis Category: show route table commands, tracing, and syslog facilities
1574497 PIM rib-group fails to be added in VRF.
PIM rib-group failure to add in vrf - PIM: ribgroup vrf not usable in this context; all RIBs are not in instance
PR Number Synopsis Category: SRX-1RU platfom related protocol, QoS, filtering features et
1562722 Intermittent high SPU with firewall filter "count" option
If firewall filter with "count" option is configured, SPUs are spiking to high values after certain traffic threshold is reached.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
991081 The configuration change on Backup RE cannot be synchronized while deleting inactivated interfaces/routing-instances from master
In the dual Routing Engine scenario, the backup Routing Engine does not sync up the configuration change while deleting an inactivated interface/routing-instances from the master. So after the operation, the inactivated interface/routing-instances still exists on the backup Routing Engine.
Modification History:
First publication 2021-04-29
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search