Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

18.4R2-S8: Software Release Notification for JUNOS Software Version 18.4R2-S8



Article ID: TSB18055 TECHNICAL_BULLETINS Last Updated: 26 May 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
Alert Description:
Junos Software Service Release version 18.4R2-S8 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts

Junos Software service Release version 18.4R2-S8 is now available.

18.4R2-S8 - List of Fixed issues
PR Number Synopsis Category: ChassisD changes specific for ACX series
1518480 The fxpc core might be observed during EEPROM read when SFP is removed
The fxpc process might crash when a SFP transceiver is removed in the middle of a EEPROM read of the transceiver being removed. This is a rare issue.
PR Number Synopsis Category: MX Layer 2 Forwarding Module
1529706 The l2ald process might crash when a device configuration flaps frequently
When device configuration gets deleted and added (configuration change from 'baseline-configuration' to 'user configuration' and rollback) through automated scripts, it sometimes causes data corruption and which results in l2-learning daemon crash.
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1558102 BGP LU session flap might be seen with the AIGP used scenario.
On all QFX5K platforms with L3VPN and BGP LU (Labeled Unicast) setup, the BGP neighbor relationship might flap, which might cause traffic loss, if it receives new routes with AIGP (Accumulated Interior Gateway Protocol) information.
PR Number Synopsis Category: Border Gateway Protocol
1454198 The rpd scheduler slip for BGP GR might be up to 120 second after the peer goes down.
In BGP GR (graceful-restart) scenario (graceful-restart is configured for BGP or GR-helper mode is enabled by default), when high-scale routes get learnt from one peer, the rpd scheduler slip might be up to 120s after that BGP peer flaps.
1515264 The BGP link-bw of the non-multipath routes are included in an aggregation
On all Junos platforms, if there are multiple routes to a destination and these routes are associated with the link-bandwidth extended community. Even if these routes are not participating in multipath (BGP multipath is not enabled), these routes link-bandwidth will be aggregated even though they should not be. Due to the incorrect aggregated link-bandwidth value, the traffic load imbalance issue will be seen.
1518056 Tag matching in the VRF policy does not work properly when the independent-domain option is configured.
On all platforms and in an L3VPN environment, when the tag is configured in the policy and applied to the VRF instance, configuring 'independent domain' for the autonomous system under the routing-options will cause the inet-vpn routes stop getting advertised between VRF instances.
1532414 Transit labels for Layer 3 VPN routes are pushed momentarily to the MPLS.0 table.
In L3VPN scenario with in-line RR (Route Reflector) which has an export policy with next-hop self to advertise all transit L3VPN routes to its clients and also uses route-target family, the undesired L3VPN routes may be pushed to FIB (Forwarding Information Base) after enabling/disabling route-target family on the RR or a new BGP peer joins a group with 'next-hop self'.
1538491 Configuring then next hop and then reject on a route policy for the same route might cause the rpd process to crash.
On all Junos platforms with BGP enabled, if a policy is setting 'then next-hop' and 'then reject' at the same time for the same prefix, rpd crash might be seen. Like the following: set policy-options policy-statement xxx term 1 from route-filter xxx set policy-options policy-statement xxx term 1 then next-hop ... set policy-options policy-statement xxx term 2 then reject
1541768 The rpd process generates the core file at gp_rtarget_tsi_update,bgp_rtarget_flash_rt,bgp_rtarget_flash.
If RTarget module tries to take an access of the active route which does not exist (since NextHop is not resolved), a reference is taken on the non-existent active route, and rpd crashes.
PR Number Synopsis Category: Virtual-chassis platform/chassisd infrastructure PRs for MX
1552588 The VCP port is marked as administratively down on the wrong MX-VC member.
On MX/EX/QFX platforms with Virtual Chassis (VC) scenario, some interfaces might be shutdown unexpectedly, which might cause traffic to be interrupted if there is an error generated on an FPC. The reason is that after an ASIC error, the IFD down messages is not sent to the local chassis master where the error was reported, instead, it will be sent to the master of the Virtual Chassis, so that another interface with the same Slot/PIC/Port number will be shutdown as well.
PR Number Synopsis Category: Device Configuration Daemon
1559238 The dcd core may be seen if "native-vlan-id 0" is configured
On all Junos platforms, the dcd (Device Configuration Daemon) process might crash if "native-vlan-id 0" is configured. When this happens, the set of configurations that have "native-vlan-id 0" as a part will not be reflected on the setup.
PR Number Synopsis Category: mgd, ddl, odl infra issues
1529989 The configuration under groups stanza is not inherited properly
If there is the same configuration stanza across different groups or one of them is in groups, config may not be inherited as expected.
PR Number Synopsis Category: PR for EX4400 platform
1573889 EX4400: Mgmt LEDs are not working as per expectations
Below is the status of management LED when speed is set to: 1. 10m - Activity LED is not blinking when ping/traffic is runnig (instead it is remaining steady GREEN) 2. 100m - Activity LED is blinking without any ping/traffic.
PR Number Synopsis Category: Express pfe ddos protection feature
1547032 OSPFv3 session might keep flapping and OSPFv3 hellos might be dropped in the host path.
On QFX10008/QFX10016/QFX10002-36Q/QFX10002-72Q platforms, the OSPFv3 sessions might keep flapping and the hello packets maybe dropped in the host path. This might happen with high amount of control traffic with OSPFv3 protocol configured. This is because OSPFv3 hello packets are not proper classified going to the unclassified DDOS queue.
PR Number Synopsis Category: jdhcpd daemon
1554992 DHCP packet drop might be seen when the DHCP relay is configured on a leaf device.
DHCP Offers are getting dropped with send error counter incrementing. This is specifically seen in a RI to RI environment where the client and server are reachable in different routing-instances.
PR Number Synopsis Category: PFE infra to support jvision
1507864 The na-grpcd will crash in case of incomplete sensor data exported from PFE
Due to invalid data exported from PFE, the network agent damon (na-grpcd) will crash while parsing the payload. This will disrupt telemetry for all the connected collectors.
PR Number Synopsis Category: Label Distribution Protocol
1538124 The rpd process might crash when the LDP route with indirect next hop is deleted on the aggregated Ethernet interface.
If the Label Distribution Protocol (LDP) route with indirect next-hop exists (e.g. LDP egress-policy is used to advertise BGP route into LDP), the rpd might crash when the LDP route is deleted from the AE interface.
PR Number Synopsis Category: lldp sw on MX platform
1528856 The l2cpd process might crash when removing LLDP on an aggregated Ethernet interface.
On all Junos platforms, if Link Layer Discovery Protocol(LLDP) is enabled on 'interface all' and some AE interface at the same time, the Layer 2 Control Protocol process (l2cpd) might crash when lldp is removed from the AE interface. The l2cpd crash might affect all the protocols running under it (such as X-STP, LLDP, ERP, MVRP, etc.).
PR Number Synopsis Category: OS IPv4/ARP/ICMPv4
1511833 The kernel might crash causing the router or the Routing Engine to reboot when performing virtual IP related change.
On all Junos platforms with VRRP enabled, if delete and add any configuration which involves the virtual IP in the same commit, the kernel might crash. When this happens, the system or the RE will reboot.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1579331 EX4400: Under some conditions, the FPGA reset reason may be incorrectly shown in console logs as 0.
EX4400: Under some special conditions, such as boot from OAM volume following a graceful/warm reboot, the FPGA reset reason incorrectly shown in console logs as 0.
PR Number Synopsis Category: PE based services related sw
1546143 Junos OS: PTX Series: Denial of Service in packet processing due to heavy route churn when J-Flow sampling is enabled (CVE-2021-0263)
A vulnerability in the Multi-Service process (multi-svcs) on the FPC of Juniper Networks Junos OS on the PTX Series routers may lead to the process becoming unresponsive, ultimately affecting traffic forwarding, allowing an attacker to cause a Denial of Service (DoS) condition. This can occur during periods of heavy route churn, causing the Multi-Service Process to stop processing updates, without consuming any further updates from kernel. Please refer to for more information.
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1515487 The 100-Gigabit Ethernet AOC non-breakout port might be auto-channelized to a different speed.
On QFX5k platform with QFX-5e image, if the 100G port is enabled with auto-channelization (which is by default) and the AOC (Active Optical Cable) non-breakout transceiver is used on it, the 100G port might be detected as breakout and auto-channelized to other speed (e.g. 50G). The interface connection will be impacted.
1527814 Channelizing the 40G port to 10G port might bring down another interface on the QFX10K platforms
On the QFX10K platforms with 30-port line card installed, when channelizing the 40G port to 10G port, it may bring down another interface unexpectedly. This issue will cause traffic loss on the affected interface.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1560161 Few IPv6 ARP ND fails after loading the base configurations
On QFX5k platforms, when configuring a VLAN ID for a VxLAN, recommendation is to use VLAN ID of 3 or higher. If VLAN ID of 2 is used, replicated broadcast, multicast, and unknown unicast (BUM) packets for these VxLANs might be untagged, which in turn might result in the packets being dropped by a device that receives the packets.
PR Number Synopsis Category: QFX EVPN / VxLAN
1524955 Traffic loss might be observed on interfaces in a VXLAN environment.
On the QFX5K/EX4600 series platforms with VXLAN setup, if changing the VLAN (VXLAN enabled) configuration under an interface stanza from service provider style to enterprise style in a single commit without deactivating/activating the corresponding VLAN configuration under "vlans" stanza, traffic loss may be observed on the interface after the change.
1555835 Traffic might not passed due to the addition of the VLAN tag 2 while passing through the Virtual Chassis port.
When ingress and egress interfaces are in different FPC on QFX5120VC with OVSDB vxlan, the VLAN tag 2 might be added automatically and the peer device drops it.
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1534455 Some routes might get incorrectly programmed in the forwarding table in the kernel which is no longer present in rpd.
In a scaled routes scenario, if there is any route change operation when the system is under memory pressure, the rpd might change a route entry but the same is not conveyed to the kernel. This causes a mismatch between routes in rpd and kernel leading to traffic blackhole for the mismatched route entries that are incorrectly programmed in the kernel.
PR Number Synopsis Category: RPD policy options
1523891 The policy configuration might be mismatched between the rpd and mgd process when deactivate policy-options prefix-list is involved in the configuration sequence.
If "deactivate policy-options prefix-list" is involved in configuration sequence along with other policy configurations, the mgd process might not notify the rpd process about the policy configuration changes after committing the configuration. This can cause the policy configuration to be out-of-synchronization between policy database used by rpd and configuration database used by mgd. Due to the missing policy entries in policy database, later the rpd might crash when accessing these entries via CLI command like "show policy".
PR Number Synopsis Category: SW PRs for SCBE3 related kernel drivers
1564539 MX platforms with MX-SCBE3 may reboot continuously.
A recent change in the kernel boot loader causes a system with MX-SCBE3 to experience the Routing Enginne's kernel memory corruption which causes the system to reboot continuously.
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1473665 The "Drops" stats are not shown for AE physical interface although the "Drops" stats are shown for the member interface of the AE bundle
The "Drops" stats are shown for the member interface of the aggregated Ethernet (AE) bundle via the CLI command of "show interface extensive". However, the same "Drops" stats are not shown for AE physical interface (IFD).
PR Number Synopsis Category: Configuration management, ffp, load action
1427962 Changing nested apply-groups does not occur.
When the nested apply-groups applied is deleting, the logical interface under the nested groups is not removed.
PR Number Synopsis Category: Configuration mgmt, ffp, load-action, commit processing
1500988 Slow response might be observed when the show | compare or commit check action in a large-scale configuration environment is committed.
In this problematic case, there is a large-scale configuration (like over 700k lines), it takes over 40s to finish and the CPU of mgd spikes to 100% when performing "show | compare" or "commit check" etc action with or without configuration change. The mgd will be back to normal after the command is finished. This issue will also affect contrail device discovery
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1484801 Any change in the nested groups might not be detected on commit and does not take effect
On all Junos platforms, if a group is inserted to another group, any change of the inner level group might not come into effect.

18.4R2-S8 - List of Known issues
PR Number Synopsis Category: Border Gateway Protocol
1456260 Packet drop and CPU spike on Routing Engine might be seen in certain conditions if labeled-unicast protection is enabled for a CsC-VRF peer.
On all Junos OS platforms in a carrier supporting carrier (CsC) scenario, when PE link protection (labeled-unicast protection) is enabled, after one of the redundant links between CsC-CE flap or RSVP-TE LSP re-route from the primary path happens, it might result in a slow convergence issue. Packet drops and CPU spike on the Routing Engine might be seen during this period.
PR Number Synopsis Category: MX Platform SW - Environment Monitoring
1551760 The LCM Peer Absent message might be seen.
On all TVP platforms, a major alarm of "LCM Peer Absent" might be seen.
PR Number Synopsis Category: Device Configuration Daemon
1537491 Junos OS: SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series: In a multi-tenant environment, a tenant host administrator may configure logical firewall isolation affecting other tenant networks (CVE-2021-0235)
On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series devices using tenant services on Juniper Networks Junos OS, due to incorrect permission scheme assigned to tenant system administrators, a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider. Further, a tenant may inadvertently receive traffic from another tenant. Refer to for more information.
PR Number Synopsis Category: Ethernet OAM (LFM)
1529209 Junos OS: ethtraceroute Local Privilege Escalation vulnerabilities in SUID binaries (CVE-2021-0255)
A local privilege escalation vulnerability in ethtraceroute Ethernet OAM utility of Juniper Networks Junos OS may allow a locally authenticated user with shell access to escalate privileges and write to the local filesystem as root. Please refer to for more information.
PR Number Synopsis Category: ISIS routing protocol
1577458 Traffic loss across the ldp path during taffic shift from ptx1k to another device in the mpls cloud.
here two routers with two different capacities are converging at two different times, so the micro loop occurs between the two nodes, so please check the work around provided.
PR Number Synopsis Category: Security platform jweb support
1501588 Junos OS: J-Web can be compromised through reflected client-side HTTP parameter pollution attacks. (CVE-2021-0269)
The improper handling of client-side parameters in J-Web of Juniper Networks Junos OS allows an attacker to perform a number of different malicious actions against a target device when a user is authenticated to J-Web. Refer to for more information.
PR Number Synopsis Category: Multiprotocol Label Switching
1460283 The previously configured credibility preference is not considered by CSPF even though the configuration has been deleted or changed to prefer another protocol in the traffic engineering database.
After configuring the credibility, the new credibility preference value will be stored internally and its not cleared or consider by the CSPF module, in case if the previously configuration of "traffic-engineering credibility-protocol-preference" was deleted or if you configure "traffic-engineering credibility-protocol-preference" under another protocol (for example ISIS)
Modification History:
First publication 2021-05-26
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search