Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

18.4R3-S10: Software Release Notification for JUNOS Software Version 18.4R3-S10

0

0

Article ID: TSB18188 TECHNICAL_BULLETINS Last Updated: 27 Oct 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 18.4R3-S10 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Risk Risk Description
Low/Notification - No defined time impact to take action Software Release Notification
Impact Impact Description
Low/Notification - Monitor the situation but no action needed Software Release Notification

Solution:

Junos Software service Release version 18.4R3-S10 is now available.

18.4R3-S10 - List of Fixed issues

PR Number Synopsis Category: Marvell based EX PFE ACL
1611480 The fxpc process might crash and generate core
Product-Group=junos
On EX4600/QFX5K platforms, the fxpc process might crash and generate core when router-advertisement-guard is configured under DHCP (Dynamic Host Configuration Protocol) forwarding-options.
PR Number Synopsis Category: ACX GE, 10GE, PoE, IDT framers
1485465 tcpdump core dump occurred after initiating 'monitor traffic interface' command from cli.
Product-Group=junos
tcpdump is crashing when the abnormal size packet is captured in lo0 interface. This packet payload contains ifd index of xe-0/0/0 (695 in this case). This packet seems to be an error packet with huge length (1677787136 bytes). This is pointing to out of bound memory and hence tcpdump crashed while trying to access it.
PR Number Synopsis Category: common or misc area for SRX product
1490181 The SRX1500 device and the SRX4000 line of devices might boot up with the rescue configuration after a power outage.
Product-Group=junosvae
After a power outage occurs, SRX1500 and SRX4K devices might load rescue configuration in order to boot up successfully.
PR Number Synopsis Category: BBE interface related issues
1525036 Problem with static VLAN deletion with active subscribers and the FPC might be stuck at the Ready state during restart.
Product-Group=junos
In subscriber brought up over static VLAN scenario on MX platforms, during the restart process, some resources are stuck in the FPC and the FPC is never able to reach online state but stuck at Ready state. The fix is to make sure the device control daemon deletes the static VLAN interface only after the dependency table associated with the static VLAN interface are resolved/removed.
PR Number Synopsis Category: BBE Remote Access Server
1473159 The authd might crash after unified ISSU from Junos OS Release 18.3 or earlier to Release 19.4 or later.
Product-Group=junos
On all MX series platform with subscriber enviroment and non-stopping routing (NSR) feature enabled, when perform ISSU from 18.3- to 18.4+, authd might crash. No AAA service will be available on master routing engine (RE) during authd self-recovery. As a result, new subscribers could not access internet in authd self-recovery period of time.
1609403 Prefix duplication errors might occur for DHCPv6 over PPPoE subscribers
Product-Group=junos
On MX platforms with DHCPv6 (Dynamic Host Configuration Protocol) over PPPoE (Point-to-Point Protocol over Ethernet) configured in BBE(Broadband Edge) environment, where the PPPoE sessions have delegated IPv6 prefix assigned from a local pool, when a DHCP session comes up over the PPPoE leading to a change to the PPPoE session's address, an address-change notification would be triggered. The processing of this notification by general-authentication-service would result in wrong marking of the delegated IPv6 prefix as available. Once this happens, DHCP service might re-assign the same prefixes which would be rejected because of IP duplication.
1612196 DHCP session fails with CLI knob 'session-limit-per-username'
Product-Group=junos
On all Junos platforms with DHCP (Dynamic Host Configuration Protocol) over PPPoE (Point-to-Point Protocol over Ethernet) and 'session-limit-per-username' configured, if either interface or access configuration is modified while DHCP sessions are logged in, any new DHCP (v4/v6/PD/NA) session without authentication that uses the same access profile cannot log in.
PR Number Synopsis Category: Captive Portal, Content Delivery Daemon, and Service Plugin
1614903 Unable to modify input-service-filter using COA
Product-Group=junos
In Junos Subscriber Management environment, when subscriber with input service-filter configured in the service under dynamic-profile fails when modified using COA. COA NAK is received when input-service-filter is modified.
PR Number Synopsis Category: CFM
1619231 OAM CFM adjacency is not forming on EX4300.
Product-Group=junos
Due to the HW programming error, CFM sessions gets failed.
PR Number Synopsis Category: Device Configuration Daemon
1599266 Duplicate source and destination pair check is done only across same tunnel encapsulation type for FTI
Product-Group=junos
When configuring multiple flexible tunnel interface (FTI) tunnels, the source and destination address pair needs to be unique only among the FTI tunnels of the same tunnel encapsulation type. Prior to this PR, the source and destination address pair had to be unique among all the FTI tunnels regardless of the tunnel encapsulation type.
PR Number Synopsis Category: dns-proxy feature
1607867 DNS proxy functionality might not work on VRRP interfaces
Product-Group=junos
On all SRX platforms, if DNS proxy is enabled on VRRP interfaces, then DNS proxy functionality might fail to work.
PR Number Synopsis Category: Express PFE L2 fwding Features
1594255 ARP entry might be found missing intermittently post FPC reboot
Product-Group=junos
On some QFX series, using Ethernet Virtual Private Network (EVPN) with Virtual Extensible LAN protocol (VXLAN) when the Flexible PIC Concentrator (FPC) is rebooted, in rare occasions some of the Address Resolution Protocol (ARP) entries might be found missing intermittently on the FPC rebooted spine leading to intermittent connectivity issues.
PR Number Synopsis Category: User Firewall related issues
1589108 The jsqlsyncd process files generation might cause device to panic crash after upgrade
Product-Group=junos
On SRX-Series devices configured in high-availability, after upgrade jsqlsyncd process files might get generated which might result in device panic crash.
1605933 Memory leak at the useridd process might be observed when Integrated User Firewall is configured
Product-Group=junos
On SRX-Series devices having Integrated User Firewall enabled with Active Directory as the authentication source, memory leak might be observed at the useridd process.
PR Number Synopsis Category: IPSEC/IKE VPN
1605634 Traffic might be dropped in a corner case of IPsec VPN scenario on SRX5000 platforms with SPC3 installed
Product-Group=junos
On SRX5000 platforms with SPC3 installed and IP security (IPsec) Virtual Private Network (VPN) tunnels configured, if the gcm cipher (e.g. aes-128-gcm and aes-256-gcm) is used as the encryption algorithm, when the Internet Key Exchange Daemon (iked) process restore (e.g. caused by redundancy group 0 failover) happens, the iked process might get a wrong key being restored into the memory. After that, once there is Packet Forwarding Engine (PFE) reset/restart before the IKE Security Association (SA) rekey, traffic drop might happen due to this issue.
PR Number Synopsis Category: Label Distribution Protocol
1498367 The rpd crash could be seen if the LDP IPv6 link protection is enabled
Product-Group=junos
On all platforms with Label Distribution Protocol (LDP) enabled, the rpd will crash if LDP IPv6 link protection is enabled because it is not supported.
PR Number Synopsis Category: MX104 Software - Kernel
1607282 In subscriber management scenario, under a rare condition, the RE reboots and generates a vmcore
Product-Group=junos
In subscriber management scenario, under a rare condition, the kernel might crash at very rare condition due to a null pointer check when an entry lookup is performed.
PR Number Synopsis Category: MX10K platform
1325946 Chassisd process memory leak issue on MX10008/MX10016 platform which might cause traffic loss.
Product-Group=junos
Starting with Junos 19.4, the chassisd process on the primary Routing-Engine (RE) for MX10008 and MX10016 platforms keeps leaking memory. When chassisd memory usage reaches 3.5GB it may crash and trigger RE switchover. In some production cases, the RE switchover has triggered temporary traffic impact even on NSR/GRES enabled systems. The rate of memory leak is depending on how many optics/SFPs the system has. Rate of leak = 'Number of optics/SFPs under the system has' * 16Bytes per every 6 seconds. 19.3 and earlier releases still have the same issue, but the leak only happens during MIC/optics initialization stage. The frequency of the leak should be ignorable compare to 19.4 and later releases.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1551193 VM might crash if file is shared between host operating system and guest operating system using virtFS
Product-Group=junos
On Virtual Machines (VM) based platforms running Junos images, file might not be shared between host operating system and guest operating system via Virtual Filesystem (virtFS). When this issue happens, device might be restarted.
1563647 Memory corruption of any binary in /usr/bin/ or /usr/sbin/ may be triggered when a recovery snapshot is being copied to the OAM volume or system while it's in heavily stressed condition
Product-Group=junos
Memory corruption of a binary from /usr/bin/ or /usr/sbin/ directory can occur if such binary is invoked when a recovery snapshot creation is in progress. The exact symptoms will be different depending on the exact binary and JUNOS version - some programs will show an error, and some programs will crash every time it is executed. Such memory corruption will be persistent until the affected Routing Engine is restarted. Please refer to TSB17954 (https://kb.juniper.net/TSB17954) for further details. In addition to recovery snapshot, a device reboot could also be a possible trigger when the system is under heavier read operations across the mounted packages.
1602005 Upgrade might fail when upgrading from legacy release
Product-Group=junos
On all platforms (For SRX, only SRX5k with RE-1800x4) while directly upgrading from Junos with FreeBSD 6 (e.g. 15.1X49 or before) to the affected releases, the system will check the USB connection. The upgrading will fail if there is no USB device detected during the upgrading process.
PR Number Synopsis Category: "ifstate" infrastructure
1547164 Backup Routing Engine vmcore might be seen due to the absence of the next-hop acknowledgement infra.
Product-Group=junos
On all Junos platforms with dual Routing Engines, after hundreds of rigorous interface flaps, a vmcore might be seen on the backup Routing Engine. The vmcore analysis pointed to rnh_index_alloc panic on the backup Routing Engine, which could be due to the absence of next-hop ACK infra on the device.
PR Number Synopsis Category: Kernel Multicast Infrastructure
1608311 Intermittent p2mp traffic drop might be seen in MVPN scenario
Product-Group=junos
On MX platforms that support enhanced IP, intermittent p2mp traffic drop might be seen in the case of MVPN with p2mp. When the multicast composite NH involves unicast NH pointing to pseudo interfaces like interface vt-, irb or lsi and the other unicast next-hop is spread across multiple line cards/PFEs, if a new member joins or an existing member leaves the multicast stream traffic drop might be seen.
PR Number Synopsis Category: PTP related issues.
1479027 Syslog messages related to the Precision Time Counter (PTC) process
Product-Group=junos
Syslog messages can be seen related to the precision time counter (PTC) on a very few devices. Issue happens if the reboot sequence is such that the initialization of the PTC counters fails, thus leaving continuous periodic errors in the PTC. Fix will enable the PTC to initialize correct with a few init retries.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1574779 Traffic loss might be observed due to faulty FPC on QFX10008/QFX10016 platform
Product-Group=junos
On QFX10008/QFX10016 platforms, if a faulty FPC (FPC with hardware problem) is present then traffic loss might be observed.
PR Number Synopsis Category: QFX5K hostpath
1610295 MAC move or MAC flap may be triggered in the QFX5k VC environment
Product-Group=junos
On all QFX5k platforms with VC (Virtual-Chassis) setup, IGMP (Internet Group Management Protocol) control packet received on a port in the backup (backup-RE) unit is forwarded back to the same port whereas split horizon is not working. Due to this, we might observe MAC (Media Access Control) move or flap. The workaround is to change the mastership between FPCs.
PR Number Synopsis Category: QFX L2 PFE
1602914 Traffic drop might be observed on QFX5K platforms in virtual chassis scenario when firewall filter is configured
Product-Group=junos
On QFX5k platforms in the Virtual chassis scenario, when the firewall filter is applied over the AE interface and AE is having only one child member from FPC0 and there are no child members from FPC1, all the packets flowing through backup FPC will be dropped.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1561722 Junos OS: QFX5000 Series: Traffic from the network internal to the device (128.0.0.0) may be forwarded to egress interfaces. (CVE-2021-31371)
Product-Group=junosvae
Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an QFX5000 Series switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading to an information exposure vulnerability. Refer to https://kb.juniper.net/JSA11236 for more information.
PR Number Synopsis Category: qfx-sw-mclag
1605234 MAC move may be seen between the ICL and MC-LAG interface if adding/removing VLANs on the ICL interface
Product-Group=junos
On QFX/EX platforms with MC-LAG used, if adding/removing VLANs on the ICL (the interchassis link) interface which is used to forward data packets link between two MC-LAG peers, a continuous MAC move might be seen between the ICL and MC-LAG interface. When this happens, it will cause traffic drop due to the flooding as a consequence of the MAC moves.
PR Number Synopsis Category: QFX EVPN / VxLAN
1589702 LLDP packets drop on SP style interface for QFX devices
Product-Group=junos
On QFX platforms with VxLAN Ports configured in SP style, LLDP neighbor ship may not be formed due to wrong IFL allocation in hostpath. This can cause LLDP packet drops.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1600619 The Multiservices card doesn't drop the TCP ACK packet received as a reply to the self-generated TCP keepalive
Product-Group=junos
On MX with Multiservices card (MS-PIC/MS-MPC) installed, when the user's TCP session is passing the Multiservices card, TCP tickle functionality tries to extend TCP session after the inactivity-timeout expires by sending self-generated TCP keepalive packets to both parts of TCP connection and expecting the TCP ACK to be seen from both parts. While the expected behavior is to drop that TCP ACK packet on Multiservices card upon receiving, it sends to another part of TCP connection, this causes confusion and inability to extend TCP session, and then causes impact on long-lived TCP sessions with low volume of traffic.
PR Number Synopsis Category: Stout cards (MPC7, MPC8, MPC9) microkernel issues
1537869 Certain Linux based FPCs might reboot if TNP neighbor towards backup RE continuously flaps on dual-RE platforms
Product-Group=junos
On dual-RE platforms, if certain Linux based FPCs are installed, when TNP (Trivial Network Protocol) neighbor towards backup RE continuously flaps, FPC might reboot after GRES due to the TNP neighbor issue.
PR Number Synopsis Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1523362 MX104 experienced afeb0 core dump in Nextgen Stats related to subscriber management environment.
Product-Group=junos
MX104 experienced afeb0 core dump in Nextgen Stats related to subscriber management environment.
PR Number Synopsis Category: Trio pfe stateless firewall software
1586817 FPC might crash in a scaled firewall configuration
Product-Group=junos
On MX Series routers, PTX Series routers, and QFX Series switches running Junos OS, traffic loss might be observed in a scaled firewall filter configuration setup due to FPC crash. When the issue occurs, a core file is generated, which can be checked using the CLI command 'show system core-dumps'. host@device> show system core-dumps -rw-r--r-- 1 root wheel 89322187 /var/crash/core-NGMPC0.gz.core.0 ----> Core file
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1521222 ARP packets might be flooded continuously between DF and non-DF nodes in EVPN-MPLS multihoming scenario.
Product-Group=junos
In the EVPN-MPLS multihoming scenario, the ARP/NS-NA packets coming from the core-facing interface might get snooped and reinjected by l2alm causing flooding between DF (Designated Forwarder) and non-DF nodes. This issue may cause high CPU utilization in the FPC along with a storm.
PR Number Synopsis Category: Junos Automation, Commit/Op/Event and SLAX
1604622 File download using "request system download" might fail
Product-Group=junos
On a EX4400 device, any files scheduled for download using the cli command "request system download" might fail due to error. The files can be downloaded using normal ftp/scp commands on the device.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1555685 The chassisd core dump might be observed if PIC number 2 or 3 is used on MX204
Product-Group=junos
On MX204, if PIC number 2 or 3 is used for an interface under groups, the chassisd process might crash.
PR Number Synopsis Category: PTX/QFX100002/8/16 platform software
1555386 The LCMD process might consume memory until all of the free memory available to VMHOST gets exhausted.
Product-Group=junosvae
On PTX10K, MX10K, and QFX10K (exception: MX10003, PTX10001, PTX10002, QFX10002, any Junos-EVO system are NOT affected), when the Linux Chassis Manager (LCMD) polls PSMs (Power Supply Modules), the memory used for that polling does not get freed. The amount of memory not being freed depends on the number of sensors (FPCs and PICs) installed in the chassis. The LCMD process will continue to consume memory until all of the free memory available to VMHOST has been exhausted. At that point, the LCMD restarts causing the Routing Engine's mastership switchover. (Please also see https://kb.juniper.net/TSB18061 for more details.)
PR Number Synopsis Category: VMHOST platforms software
1547669 WR Linux 6 platforms and WR Linux 9 platforms might be stuck after upgrading or downgrading image version and restarting the device
Product-Group=junos
On Wind River Linux 6 (WR Linux 6) platforms and WR Linux 9 platforms using VMHOST based routing engine (RE), device might be stuck after upgrading image or downgrading image and reload the device. There is service impact if this issue happens.
PR Number Synopsis Category: VSRX platform software
1603199 Junos OS: When using J-Web with HTTP an attacker may retrieve encryption keys via Person-in-the-Middle attacks. (CVE-2021-31386)
Product-Group=junos
A Protection Mechanism Failure vulnerability in the J-Web HTTP service of Juniper Networks Junos OS allows a remote unauthenticated attacker to perform Person-in-the-Middle (PitM) attacks against the device. Refer to https://kb.juniper.net/JSA11254 for more information.
 

18.4R3-S10 - List of Known issues

PR Number Synopsis Category: BBE database related issues
1465277 The jdhcpd process might consume a high CPU and no further subscribers can be brought up
Product-Group=junos
When DHCP sessions are brought up on the EX4300-32F (3 GB DRAM & acting as DHCP relay/server), if any DHCP operation (e.g. request, release, renew coming from the different interface after MAC move of DHCP subscribers) happens at higher rates per second which translates to an update to the DHCP sessions, jdhcpd daemon might consume high CPU (e.g. 70%) and operations may take potentially long time. This will prevent clients from getting the IP addresses and no further subscribers can be brought up. Fix: >> A new memory band for SDB (subscriber database) has been introduced, which will help heal the situation. >> This fix is applicable to EX4300-32F only.
PR Number Synopsis Category: Device Configuration Daemon
1478523 FPC with vpn-localization vpn-core-facing-only configuration might get stuck in ready state after configuration removal or restoration because vt logical interface under MVPN is not cleaned up (physical interface cleanup failed for vt-ifl under MVPN instance).
Product-Group=junos
On all Junos platform with MVPN scenario, when 'vpn-localization vpn-core-facing-only' is configured, the FPC should be restart when MVPN configuration is changed. But if there is a large-scale configuration that includes "vpn-localization vpn-core-facing-only" and vt-ifl under mvpn instance, when performing configuration removal/restoration(load baseline, commit, rollback 1, commit again), the FPC might be stuck in ready state due to cleanup failure of vt-ifl under MVPN instance.
PR Number Synopsis Category: Firewall Filter
1471310 Firewall filter monitoring using SNMP might not provide accurate results
Product-Group=junos
On all Junos except MX platforms, the firewall filter monitoring using SNMP OID 1.3.6.1.4.1.2636.3.5.2.1.6 might not provide the entire output of configured filters, when configured filters are using actions or matches that are not supported by the compiled filters. Below is the list of actions and matches that are not supported by the compiled filters: actions: "then policy map", "clear-policy-map", "then encapsulate/decapsulate" matches: "payload-protocol", "gre-key", "flex-offset range/prefix", "policy-map"
PR Number Synopsis Category: MX Inline Jflow
1531633 jnh_services_jflow_table_cfg_event(3406): Disabling inline jflow service due to internal error
Product-Group=junos
On EA based line cards, Maximum Inline Jflow scale supported is highly dependent on memory available at the time of flow table size or flex flow sizing configuration. It is not recommended to increase flow scale or set flex flow sizing when PFE's memory is fragmented or close to out-of-memory condition. Ex: When flex flow sizing is configured, Inline Jflow requires Hugh memory (~128M DWs). It is likely to fail if memory is fragmented or close to out-of-memory condition.
PR Number Synopsis Category: QFX platform fabric mgmt for Express ASIC chip
1577315 The port might not get brought down immediately during some abnormal type of linecard reboot on QFX10K platforms
Product-Group=junos
On QFX10K platforms, if some system internal error is encountered (e.g. kernel software fault), it may result into some abnormal types of linecard reboot. The port might not get brought down immediately after the reboot start, and it will lead to traffic blackhole due to this issue.
PR Number Synopsis Category: QFX5100 Virtual Chassis
1619997 Disabled VCP (Virtual chassis port) will be UP after the optic on it is reseated.
Product-Group=junos
Disabled VCP by "request virtual-chassis vc-port set interface vcp-xx/xx/xx disable member XX" will be UP after the optic on it is reseated. It should keep disabling VC on the port. After it is UP and then Master switchover is performed, the port will be disabled.
PR Number Synopsis Category: RPD policy options
1596436 BGP import policy is not applied to all the routes when CCNH inet6 is enabled
Product-Group=junos
BGP import policy might be not applied to all the routes when CCNH inet6 is configured.
PR Number Synopsis Category: All Asgard Platform Related Issues
1335526 The ppmd process might crash after an upgrade on SRX platforms
Product-Group=junos
On SRX platforms with Bidirectional Forwarding Detection (BFD) enabled for multiple protocols (such as OSPF, ISIS, BGP, PIM), the ppmd process might crash after an upgrade.
PR Number Synopsis Category: VSRX platform software
1490878 The srxpfe may crash if a reboot or upgrade is performed.
Product-Group=junos
On vSRX (not vSRX3.0) platforms, the srxpfe might crash if a reboot or an upgrade is performed.
Modification History:
First publication 2021-10-27
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search