Navigation  Back up to About Overview 
[+] Expand All
[-] Collapse All

No index entries found.

Outstanding Issues in Junos OS Release 12.3 for M Series, MX Series, and T Series Routers

The current software release is Release 12.3. For information about obtaining the software packages, see Upgrade and Downgrade Instructions for Junos OS Release 12.3 for M Series, MX Series, and T Series Routers.

Class of Service (CoS)

  • When FPC/PIC restarts or Routing Engine reboots, the physical interfaces are created and Class of Service daemon (cosd) sends chassis scheduler ADD for all interfaces. If a group of physical interfaces share the same Packet Forwarding Engine stream (such as oversubscribed PIC PD-5-10XGE-SFPP) and user configured chassis-scheduler is applied on some (NOT all) of the interfaces, the user configured chassis-scheduler can get over-written by default scheduler when chassis scheduler ADD comes for other non configured interface in same stream group with default scheduler-map. The issue can happen on any queuing PIC where multiple physical interfaces on PIC share same Packet Forwarding Engine/Chassis stream on FPC, in this bug, the fix is only for PD-5-10XGE-SFPP. PR809528
  • COSD errors are seen while Routing Engine switchover without GRES enabled. PR827534
  • With GRES enabled and LSQ interface configured, after Routing Engine switchover, the following error message might be seen: COSD_GENCFG_WRITE_FAILED: GENCFG write failed (op, minor_type) = (add, policy inline) for tbl 4 if 301 /0/0 Reason: File exists. PR827538
  • In PPPoE/DHCP subscriber management environment, with "burst-size $junos-cos-shaping-rate-burst" configured in subscriber dynamic-profiles, while logging in/out subscribers, the class-of-service daemon (cosd) memory leak due to cosd process does not free up memory used for parsing burst attributes of a traffic-control-profiles (tcp) guaranteed rate. The memory usage of cosd process can be monitored by the following CLI command: user@router> show system processes extensive | match "PID | cosd" (Note: The "RES" field means "Current amount of resident memory, in kilobytes") PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND 1326 root 1 96 0 14732K 4764K select 0:01 0.00% cosd. PR846615
  • Commit throws an error "Invalid rewrite rule rule-name for ifl .<ifl name>Ifd <ifd name> is not capable to rewrite inner vlan tag 802.1p bits" even though there is no rewrite configuration related to inner-vlan tag. PR849710
  • CoS relevant misconfiguration (for example, configure classifier exp for LT interfaces implicitly using "interface all" way) might cause cosd to crash. If cosd experiences multiple crashes within a short time, it might not be able to restart. PR969900
  • This issue is specific to rate-limit on trunk port in DPC due to a software issue that installing rate-limit variables to egress Packet Forwarding Engine does not work normally. PR1022966

Forwarding and Sampling

  • With more than four archive-sites configured under [system archival configuration archive-sites] hierarchy, after committing the configuration changes, pfed process crashes and generates a core file due to memory corruption or double free. The core files could be seen by executing CLI command "show system core-dumps". PR849465
  • This is a cosmetic issue. Deleting interface policer with "commit synchronize" later will see the following message on backup. This behavior can not be seen without "commit synchronize". < Conditions > 1. Use 64bit Junos. 2. Configure "graceful-switchover" and "policer". 3. Delete interface policer configuration and then hit "commit synchronize". < backup RE messages > dfw_update_local_shared_policer: new filter program should be NULL for op 3 If using fixed version, "system syslog" can be reconfigured. PR873084
  • When we configure unsupported firewall filter on channelized interfaces, commit error message show without this fix was misleading. With this fix, commit error will have the following message: mgd: error: layer2-policer is not supported for interface so-3/2/0. PR897975
  • On MX Series-based platform, when deleting firewall filter and the routing instance it is attached to, in some race conditions, the filter might not be deleted and remains in resolved state indefinitely. PR937258

General Routing

  • During interface flap, the FPC console may print a message: "No localhost ifl for rtt 65535" This is caused by a race condition in the software and is cosmetic. PR676432
  • The configuration statement route-memory-enhanced(hierarchy: set chassis) is hidden in platforms M320 and MX Series. There is no functionality break but this configuration statement should not be hidden. PR690100
  • next-hop-group configuration statement is not supported under routing-instance hierarchy, but this configuration statement is present under this hierarchy. This PR is opened to remove next-hop-group configuration statement from routing-instance hierarchy. PR731264
  • icmp redirects are not disabled even after configuring no-redirects on irb interface PR819722
  • Changing static route with qualified-next-hop and order option to next-hop option results in static route missing from the routing table. Need restart routing to see the routes again. PR830634
  • When a prefix next-hop address resolution requires a recursive lookup, the next-hop might not be updated correctly after an egress interface is disabled. PR862989
  • In subscriber management environment, with scaling subscribers login (110K DHCP and 20K PPPoE), after restarting one of the line cards which has subscribers, autoconf process might crash and generate a core file due to memory corruption or memory double free. PR870661
  • The lldpd process might crash if there are multiple unknown type, length, and value (TLV) elements included in received LLDP PDUs. PR882778
  • There are two issues about "flow term-order" Issue 1: Config command "set routing-options flow term-order standard" has no effect on the router without "restart routing". Issue 2: When the flow term-order is set to "standard", if the command "delete routing-options flow" is executed, the flow term-order should revert to the default setting of "legacy", but in this case, this does not happen. PR885091
  • PIC removal without PIC offline can cause FPC crash in case of PD-5-10XGE-SFPP PIC. PR922655
  • The message [RPD_KRT_KERNEL_BAD_ROUTE] may start to display on backup Routing Engine logs. This message does not point to a real network issue. This message is displayed because all nexthops are read in the backup RPD including the L2 nexthops, which are not created by RPD process. Therefore, RPD reads these L2 nexthops and discards them, then it displays this message. Hence these messages are harmless. To address this, and to stop swamping the syslog with these messages, a fix aims to print these messages only for L3 nexthops i.e. rpd-created nexthops has been implemented. PR931667
  • FPC would crash when access corrupted unicast next hop data structure that chain composite nexthop's depends on. PR946276
  • When a router is booted with AE having per-unit-scheduler configuration and hosted on an EQ DPC, AE as well as its children get default traffic control profile on its control logical interface. However, if a non-AE GE interface is created on the DPC with per-unit-scheduler configuration, it will get default scheduler map on its control logical interface. PR946927
  • On systems running Junos OS Release 13.3R1 and Nonstop routing (NSR) is enabled, when "switchover-on-routing-crash" under [set system] hierarchy is set, Routing Engine switchover should happen only when routing protocol daemon (rpd) crashes. But unexpected Routing Engine switchover can be seen when we perform CLI command "request system core-dump routing running" to manually generate a rpd live core. PR954067
  • MPLS traceroute causes "rttable-mismatch" syslog messages. PR960493
  • Default threshold for ES-FPC errors is 1 for major errors and 10 for minor errors. When the threshold is reached, some actions (for example, alarm|offline-pic|log|get-state|offline|reset) will be taken by FPC as configured. This feature is designed for permament/real errors. The issue here is that even some transient errors (for example, link flaps) will also trigger the default action. In some cases, it might cause panic for the FPC. PR961165
  • On MX Series DPC line cards with redundancy System Control Boards (SCBs), when active SCB goes down ungracefully by unexpected event (such as turn off Power Entry Modules (PEMs)), traffic loss is observed and cannot be recovered on standby SCB as expected. PR961241
  • On T Series or M320 routers with OSPF configuration statement. If have large-scale routes (for example, 180K Composite Nexthop), when do costing-out and costing-in operations along with changing gigether-options of core router facing interface multiple times continuously, the Flexible PIC Concentrator (FPC) CPU utilization might increase to 100 percent, and then FPC might crash. PR961473
  • Display issue only. "show route cumulative vpn-family" command is using "inet.6" for vpnv6 routes instead of inet6.0. PR966828
  • Infrastructure to correct DLU SRAM parity errors on PTX platform. PR970797
  • In scenario of next-generation-MVPN with P2MP LSP as provider tunnel, Kernel Routing Table (KRT) might get stuck after making changes for MVPN, then traffic loss will be seen, and besides, rpd process might crash while trying to generate a live core file. PR982959
  • On a router with point-to-point(P2P) SONET/SDH interface, when a P2P interface is disabled, the corresponding host route might still be kept in the forwarding table, if a ping operation is performed, instead of returning message "No route to host" the message "Can't assign requested address" might be seen. PR984623
  • In the VPLS environment with control-word configuration, when the "control-word" is changed to "no-control-word", there is a 5 minute service outage. PR987216
  • If encapsulation type is "ppp" for the SONET interface on IQE PIC, sometimes the MTU change might not work. PR1001880
  • If with accounting/sampling enabled, an unnecessary update from the routing protocol process (rpd) to the route record database might be triggered by certain configuration change. This process causes jump in CPU utilization of all Packet Forwarding Engines. PR1002107
  • When a static discard route is configured with no-install option but actual forwarding using different next hop, if egress sampling is enabled on the forwarding outgoing interface (OIF), traffic leaving that interface would have incorrect OIF on the flow records, resulting in unreliable flow records and incorrect billing. There is no traffic impact though. PR1002287
  • A raw IP packet with invalid Memory Buffer(mbuf) length may trigger a kernel crash. The invalid mbuf length might be set by other daemons incorrectly. PR1006320
  • This PR is implementing traceoptions debug enhancements to detect route-record corruption events. The route-record traceoptions debug will be enabled as follows: ---------------------------- user@router> edit Entering configuration mode [edit] user@router# set routing-options traceoptions flag route-record [edit] user@router# commit ---------------------------- PR1015820
  • When destinations are pointing to protocol next-hops as unilist type or IP forwarding next-hops as unilist, which in scenarios like using Loop-Free Alternate Routes for OSPF (LFA-OSPF) with link protection, link-protection for P2MP LSP, or MPLS FRR is enabled. If flapping the active interface very fast, especially an interface comes back up before Kernel gets a chance to delete all the unilist next-hops, those unilist next-hops which have not been deleted yet would be re-used. As a result, the corresponding destinations are pointing to discard next-hop(s) or replaced next-hop(s) in Packet Forwarding Engine Jtree. The "discard" next-hop(s) causes traffic blackhole while the "replaced" next-hop(s) diverts traffic to other active next-hop(s) in the unlist. Those unilist next-hops which have been already deleted are safe and get updated accordingly. This is a day one timing issue. PR1016649
  • On MX Series platform with DHCP relay configured, the router might keep filling a specific partition "/var/mfs/sdb" with files named log.XXXX and this would eventually cause DHCP relay fail. PR1017642
  • This issue only affects OC-48 MICs. If an SFP is inserted into an OC-48 MIC port that has been disabled the SFP will not show up in a >show chassis hardware command. The issue is fixed with a patch. Contact JTAC to find out which version is best for you. PR1031851
  • With VPLS BGP control word configured, intermittent packet loss might be seen in one direction on VPLS circuit due to the control-word not being programmed at Packet Forwarding Engine after member DPC reboot. The problem can happen on below conditions: 1. LSI interface exists across two or more physical interfaces. 2. Those physical interfaces located in different FPCs. 3. Those physical interfaces consist of equal-cost paths. So, LSI will not be flapped with one member FPC down. 4. Flap the member DPC where one of physical interfaces situated. PR1031863
  • MPC with Channelized OC3/STM1 (Multi-Rate) Circuit Emulation MIC (MIC-3D-4COC3-1COC12-CE) might crash. This problem is very difficult to replicate and a preventive fix will be implemented to avoid the crash. PR1050007
  • As a precautionary measure, a periodic sanity check is added to FPC situated on M7i/M10i with enhanced CFEB, M320 with E3-FPC, M120 and MX Series with DPC. It checks FPC error conditions and performs the appropriate actions in case of an error. PR1056161
  • In LDP tunneling over single hop RSVP based LSP environment, after enabling "chained-composite-next-hop", the router may fail to create the chained composite next hops if the label value of VPN is equal with the label value of LDP. PR1058146
  • When "satop-options" is configured on an E1 with Structure-Agnostic TDM over Packet (SAToP) encapsulation, after Automatic Protection Switching (APS) switchover, some SAToP E1s on the previously protect interface (now working) start showing drops. PR1066100
  • If the hidden configuration statement "layer-4 validity-check" is configured, the Layer4 hashing will be disabled for fragmented IP traffic. Due to a defect, the Multicast MAC rewrite is skipped in this case, the fragmented multicast packets will be sent with incorrect destination MAC. PR1079219
  • In some rare conditions, depending on the order in which configuration steps were performed or the order in which hardware modules were inserted or activated, if PTP master and PTP slave are configured on different MPCs on MX Series router acting as BC, it might happen that clock is not properly propagated between MPCs. PR1085994
  • In a fib-localization scenario, IPv4 addresses configured on service PICs (SP) will not appear on FIB-remote FPCs although all local (/32) addresses should, regardless of FIB localization role, install on all Packet Forwarding Engines. There is no workaround for this and it implies that traffic destined to this address will need to transit through FIB-local FPC. PR1092627
  • Fragmenting a special host outbound IP packet with invalid IP header length (IP header length is greater than actual memory buffer packet header length), can trigger NULL mbuf accessing and dereferencing, which may lead to a kernel panic. PR1102044
  • The commit latency will increase along with the increasing lines under [edit system services static-subscribers group <group name> interface]. Use ranges to create static demux interfaces is a recommend option. e.g. [edit system services static-subscribers group PROFILE-STATIC_INTERFACE] + interface demux0.10001001 upto demux0.10003000; PR1121876

High Availability (HA) and Resiliency

  • Configuring the maximum segment size (MSS) for the TCP connection for BGP neighbors, if "mtu-discovery" and "path-mtu-discovery" configuration statements are removed, the default MSS value of 512 will be used instead, this is not an expected behavior. PR835220
  • PR 855661 will affect IQ2 PICs during unified ISSU on TX platform. When upgrading to Release 12.3R2 from releases prior to 12.3R2 through unified ISSU, IQ2 PICs will report an error. This error is because IQ2 PICs are not able to download the image during unified ISSU. PR855661
  • During a router hardware upgrade procedure, in a dual Routing Engines system, the newly installed Routing Engine may overwrite the other Routing Engine configuration with the factory default configuration. As a result, both Routing Engines may boot-up in "Amnesiac" mode. This situation can occur under following conditions: - RE0 has default factory configuration and, - RE1 has "commit synchronize" enabled - Both RE0 and RE1 boot-up simultaneously, or - RE0 is UP and running and RE1 is restarted. PR909692

Interfaces and Chassis

  • Collecting subscriber management control traffic via 'monitor traffic interface demux0 write-file xy.pcap', the logical unit number is incorrect when multiple demux IFL's are present. This problem is fixed and the correct interface logical unit number is reported in the juniper header of the captured PCAP file. PR771453
  • Warning message added is syslog when external sync is not supported. PR817049
  • Prior to this PR, the speed of a GE interface capable of working at FE speeds was set to 'auto' in the Packet Forwarding Engine level. This causes a problem when manually setting the speed on the Routing Engine. Now the behavior is to set the speed to '1 g' in the Packet Forwarding Engine. For automatic speed detection the interface should be set to 'speed auto' in the configuration. PR821512
  • With Junos OS Release 11.4 or later and Enhanced SCB installed on a mix of MX Series routers and DPC cards, REG_ERR messages might be reported under certain traffic flow conditions from MX Series routers to the DPC card. On the receiving DPC card fabric cell received out of order will be re-ordered and merged to build the packet. If this out-of-order delivery is too high a reorder event will be triggered and all cells belonging to the packets are dropped. The frequency is low rate. The following syslog entry will be reported Sep 29 20:43:10 node fpc8 ICHIP(3)_REG_ERR:first cell drops in ichip fi rord : 4122 Sep 29 20:43:10 node fpc8 ICHIP(3)_REG_ERR:Non first cell drops in ichip fi rord: 7910 PR821742
  • In some circumstances, such as deleting a routing-instance containing active dynamic subscribers, a flag db_on_miss_queue is incorrectly set for db_entry and leads the system trying to access the Null, hence causes the crashing of the DCD process. PR826899
  • A request (like snmp query) for collecting input ipv6 stats of ae logical interface on abc chipset is not working properly. PR831811
  • In PPPoE subscriber management environment, while subscribers login/logout, each subscriber will use an Event Rate Analyzer (ERA) until the outcome of the subscriber connection (whether it succeeds or fails). During a logout of a high number of subscribers (e.g. 16k), all the ERA events are quickly exhausted (there are 1250 in total), so that new logins are blocked until ERA events start to be freed. PR842935
  • Whenever tunnel interface -pe/-pd gets created using the MS-DPC instead of the MPC, it will not be able to process register messages. Because of MPC and MS-DPC have different multicast architectures and they are incompatible, if chassis is configured in "enhanced-ip" mode this issue will be seen. Necessary changes have been made to code so that these interfaces will not be created on MS-DPC. PR853995
  • On M Series, MX Series, and T Series platforms with Services PIC and dual Routing Engines, configure MPLS and set Services PIC in layer 2 mode. Apply class-of-service (CoS) configuration to sp-x/y/z control interface. After that perform graceful Routing Engine switchover (GRES), and the Services PIC might restart. PR859036
  • In scaled MX-VC environment, AE interfaces may get removed from the Kernel after the GRES switchover. PR860316
  • On MX Series router, the physical or logical interfaces (ifd/ifl) might be created and marked UP before a resetting FPCs' fabric planes are brought up and ready to forward traffic, as a result, traffic might be black-holed during the time window. This window of traffic black-hole is particular long if the chassis is heavily populated with line-cards, for example, the router has large scale of configuration (routes or subscribers), and coupled with a lot of FPC reset, such as upon a node power up/reset. PR918324
  • Strange FRU Insertion trap [RE PCMCIA card 0] is generated when Routing Engine master-switching is done on box with RE-1800. PR943767
  • When transit traffic of Ethernet frames of size less than 64 bytes are received by 1x 10GE(LAN/WAN) IQ2E PIC, the router forwards the frames instead of dropping them. PR954996
  • When an ifl containing some VRRP group configuration is deleted, SNMP walk on VRRP MIB may loop continuously. PR957975
  • In very uncommon situation, we will see LCCs chassisd state is inconsistent with SFC chassisd state, this is very misleading in troubleshooting stage. This PR fixed this issue. PR963342
  • After changing the speed of fxp0 interface (the management Ethernet interface) to 1G (the maximum speed), the interface process (dcd) configures the interface but reads the speed even before the change takes effect. Although the hardware speed is updated to 1G, from dcd perspective, the speed is still not changed. Then if you change back to the original speed, the change is ignored by dcd. PR976825
  • On MX Series platform, when an aggregated Ethernet bundle participating as L2 interface within bridge-domain goes down, the following syslog messages could be observed. The messages would be associated with FPC0 even if there are no link(s) from this FPC0 participating in the affected aggregate-ethernet bundle. mib2d[2782]: SNMP_TRAP_LINK_DOWN: ifIndex 636, ifAdminStatus up(1), ifOperStatus down(2), ifName xe-3/3/2 mib2d[2782]: SNMP_TRAP_LINK_DOWN: ifIndex 637, ifAdminStatus up(1), ifOperStatus down(2), ifName xe-3/3/3 mib2d[2782]: SNMP_TRAP_LINK_DOWN: ifIndex 740, ifAdminStatus up(1), ifOperStatus down(2), ifName ae102 fpc0 LUCHIP(0) Congestion Detected, Active Zones f:f:f:f:f:f:f:f:f:f:f:f:f:f:f:f fpc0 LUCHIP(0) Congestion Detected, Active Zones 2:0:0:0:0:8:a:0:0:0:0:0:8:4:0:a alarmd[1600]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC 0 Major Errors craftd[1601]: Major alarm set, FPC 0 Major Errors fpc0 LUCHIP(0) Congestion Detected, Active Zones 2:0:0:0:0:8:a:0:0:0:0:0:8:4:0:a alarmd[1600]: Alarm cleared: FPC color=RED, class=CHASSIS, reason=FPC 0 Major Errors craftd[1601]: Major alarm cleared, FPC 0 Major Errors fpc0 LUCHIP(0): Secondary PPE 0 zone 1 timeout. fpc0 PPE Sync XTXN Err Trap: Count 7095, PC 10, 0x0010: trap_nexthop_return fpc0 PPE Thread Timeout Trap: Count 226, PC 34a, 0x034a: nh_ret_last fpc0 PPE PPE Stack Err Trap: Count 15, PC 366, 0x0366: add_default_layer1_overhead fpc0 PPE PPE HW Fault Trap: Count 10, PC 3c9, 0x03c9: bm_label_save_label fpc0 LUCHIP(0) RMC 0 Uninitialized EDMEM[0x3f38b5] Read (0x6db6db6d6db6db6d) fpc0 LUCHIP(0) RMC 1 Uninitialized EDMEM[0x394cdf] Read (0x6db6db6d6db6db6d) fpc0 LUCHIP(0) RMC 2 Uninitialized EDMEM[0x3d9565] Read (0x6db6db6d6db6db6d) fpc0 LUCHIP(0) RMC 3 Uninitialized EDMEM[0x3d81b6] Read (0x6db6db6d6db6db6d) These message would be transient in nature. The discrepancy of nexthop handling that is addressed in this PR can also manifest itself in form of other issues in the system. Basically when the nexthops go out of sync we are bound to see either Packet Forwarding Engine crashes/traps or Routing Engine crashes. The fix in this PR should take care of this behavior and ensure we handle the nexthops correctly to maintain the synchronization between master Routing Engine, backup Routing Engine and all Packet Forwarding Engine peers. PR990023
  • In the PPPoE environment, when the subscriber logs in successfully but profile activate fails, due to code processing error, the address entry is not deleted in the authd's DAP pool. So when the subscriber tries to login again, it connects fails. PR995543
  • In Ethernet OAM connectivity-fault-management, Junos OS default encodes MAID(MD name and MA name) in character format. Currently only 43 octets are supported in Junos OS for the MD + MA name. Junos OS needs to support maximum length of 44 octets for MAID per the standards. PR997834
  • When IEEE 802.3ah OAM link-fault management action profile is configured to define event and the resulting action, the link might flap after it is brought down by an event but brought up by other events erroneously. PR1000607
  • For multichassis link aggregation groups (MC-LAGs) running in active-active mode with back-to-back square topology, when the Inter-chassis Control Protocol (ICCP) is broken between any MC-LAG devices, the non preferred device reverts to its own local system ID. But its Link Aggregation Control Protocol (LACP) partner on the remote side does not remove the flap link from AE bundle and it remains UP. This might cause a network wide loop resulting in traffic outage until manual intervention. PR1061460
  • Deactivating/activating logical interfaces may cause BGP session flapping when BGP is using VRRP VIP as source address. This is caused by a timing issue between dcd and VRRP overlay file. When dcd reads the overlay file, it is not the updated one or yet to be updated. This results in error and dcd stops parsing VRRP overlay file. PR1089576
  • On PB-2OC12-ATM2-SMIR PIC, port 0 and port 1 are configured with clock source as external, if Loss of signal (LOS) is inserted on port 0, the port 0 will be down, the expected behavior is clock being used from port 1. But in this case, port 0 down will result in port 1 flapping and reporting SONET phase lock loop (PLL) errors. PR1098540
  • Due to the fact that the error injection rate configured by user on Routing Engine via CLI command "bert-error-rate" may not be programmed in the hardware register, the PE-4CHOC3-CE-SFP, PB-4CHOC3-CE-SFP, MIC-3D-4COC3-1COC12-CE, and MIC-4COC3-1COC12-CE-H may fail to inject bit errors during a Bit Error Ratio Test (BERT). PR1102630
  • On Junos OS platform, an aggregate-ethernet bundle having more-than one member link can show incorrect speed which wouldn't match to the total aggregate bandwidth of all member links. The issue would be seen when LFM is enabled on the aggregate-ethernet bundle. The issue would be triggered when one of the member link flaps. Although after the flap, the current master Routing Engine would show correct aggregate speed, the backup Routing Engine would report incorrect value. In this state, when Routing Engine mastership is switched, the new master Routing Engine (which was backup) will show incorrect value. One of the side-effect of this issue is that RSVP also reflects incorrect Bandwidth availability for the affected aggregate-ethernet bundle, thus can cause under-utilization of the link with LSP having bandwidth constraints. PR1121631

Layer 2 Features

  • After changng the way of getting site ID of VPLS from fixed site-id to automatic-site-id on one site while other sites are still using the fixed site-id in the network, the rpd process might crash due to the site ID get by "automatic-site-id" may conflict to site ID which was configured as fixed site ID on other sites. PR1054985
  • With Dynamic Host Configuration Protocol (DHCP) maintain subscriber feature enabled, when the subscriber's incoming interface index is changed, for example, the interfaces go away and come back after changing the MTU configuration of interface, the existing subscribers may get dropped and new subscribers fail in connection. PR1059999
  • During interface flaps, a high amount of TCN (Topology Change Notification) might get propagated causing other switches to get behind due to high amount of TCN flooding. This problem is visible after the changed done from 11.4R8 onwards which propagates TCN BPDU immediate and not in the pace of the 2 second BPDU Hello interval to speed up topology change propagation. The root cause is the TCNWHILE timer of 4 seconds is always reset upon receiving TCN notifications causing the high churn TCN propagation. PR1089580


  • Statistics for a P2MP LSP used for CCC connection will not be displayed on an Ingress PE. PR444336
  • Customer upgrading network using features involving Non-Penultimate Hop Popping Behavior and Out-of-Band Mapping should upgrade routers involved together to Junos OS Release 13.1 or later. PR852808
  • During SNMP walk on table MPLS cross-connect table (mplsXCTable) in case of flood nexthop, the rpd might crash. PR964600
  • In next-generation MVPN extranet scenario, if there is a mix of VT interface and LSI (vrf-table-lable is used) interface on next-generation MVPN egress node, after changing some vrf policies, the routing protocol process (rpd) might crash and reset. PR1045523
  • In Resource Reservation Protocol (RSVP) environment, if CoS-Based Forwarding (CBF) for per LSP (that filter out traffic not related to that LSP) is configured, and either the feature fast-reroute or link-protection is used on the device, when the primary link is down (for example, turning off the laser of the link), due to some next hops of the traffic may be deleted or reassigned to different class of traffic, and the RSVP local repair may fail to process more than 200 LSPs at one time, the traffic may get dropped by the filter on the device before the new next hop is installed. In this situation, the feature (fast reroute or link protection) may take longer time (for example, 1.5 seconds) to function and the traffic loss might be seen at the meantime. In addition, the issue may not be seen if the CBF for per LSP is not configured on the device. PR1048109
  • When fast-reroute, node-link-protection or link-protection is configured, if a Shared Risk Link Group (SRLG) is associated with a link used by a LSP ingressing at a router, then on deleting the SRLG configuration from the router, the SRLG entry still stays in the SRLG table even after the re-optimization of this LSP. PR1061988
  • The point-to-multipoint (P2MP) label-switched path (LSP) is unable to re-establish after certain links are down. This issue might be encountered when the links are those that contain the primary and backup LSPs for the P2MP LSP. The P2MP LSP can be restored after the links are up. PR1064710
  • In MPLS scenarios, removing the "family mpls" configuration from an outgoing interface may cause inet and/or inet6 nexthops associated with that interface to unexpectedly transit to dead state. Even adding back "family mpls" cannot restore it. PR1067915
  • When a primary LSP gets re-routed due to better metric, Link/Node protection for this LSP is expected to come up within 7 seconds provided the bypass-lsp protecting the next-hop link/node is already available. However in some corner cases, the Link/Node protection for re-routed primary LSP will not come up within 7 seconds even with bypass-lsp availability. The PR fixes this issue and reduces the delay of associating bypass-lsp with primary-lsp from 7 seconds to 2 seconds. PR1072781


  • In multicast environment, if GRES Routing Engine switchover is performed immediately after a routing-instance being deleted, the krt (kernel routing table) queue might get stuck after adding back the routing-instances which were deleted. PR1001122

Network Management and Monitoring

  • When OID dot3adAggPortTable is polled on the router, snmpd tries to fetch interface/interface-unit data from kernel in ASYNC mode, it is possible that by the time kernel replies with stats the interface/interface-unit state is already changed or deleted. This problem is most commonly seen when kernel replies for interface/interface-unit are late, more than expected window. Accessing interface/interface-unit stats for which the state has already been changed can cause the mib2d core-dump. At such times mib2d must first check if the interface/interface-unit entries are still valid (i.e. not changed or deleted) before accessing the associated data-structure. A check has been added in Junos OS Release 13.2R2 and later via this PR which marks the interface/interface-unit as stale if state has been changed. This prevents the code from accessing any associated data-structure if the entry is marked as stale. PR852282
  • When syslog server is configured using hostname, after Routing Engine switchover router might stop sending the syslogs to external syslog server. Immediately after switchover, DNS is not accessible because it will take some time to learn route to DNS. System stops retrying DNS resolution and syslogging. System was running GRES (no NSR). PR947869
  • Mib2d generates a core file while trying to re-add a lag child into the internal DB. Since the entry is already present in the internal DB. Before adding the child link mib2d does a lookup on the tree, to know if the entry is not already there. However, this lookup returns no results, since the child link is part of snmp filter-interface configuration. PR1039508
  • In rare cases, when the mib2d process attempts connection with the snmpd process and there are pending requests waiting to be finished, the mib2d process might crash and the CPU utilization is high around the same time as the crash happens. PR1076643
  • The SNMPv3 message header has a 4 byte msgID filed, which should be in (0....2147483647), when the snmpd process has been running for a long time, the msgID might cross the RFC defined range and causing Net-SNMP errors, "Received bad msgID". PR1123832

Platform and Infrstructure

  • Commit time warning is changed to trace message. PR480082
  • On the process details page (Monitor > System View > Process Details) of the J-Web interface, there are multiple entries listed for a few processes that do not impact any functionality. PR661704
  • On the JCS-1200 RE-JCS-1X2400-48G-S Routing Engine configuration of the MAC address on the external interfaces em0 and em1 is not allowed. You cannot configure the MAC address on fxp0 on the other routing engines supported on the JCS-1200 as well. Therefore, the Junos OS CLI to configure the MAC address on em0 and em1 interfaces has been disabled. PR770899
  • XML tags for get-software-information output missing some elements of new Junos OS service release naming convention. PR783653
  • There is a problem going from 12.2 to 12.3 using unified ISSU. The blobs being created in 12.2 are using the newer format which is not compatible with 12.3code. PR818947
  • CLI command 'show route forwarding-table' would only display <= 16 ecmp paths when CBF is used. PR832999
  • cscript generated a core file during pressure test of ServiceNow. PR843062
  • Distributed protocol adjacencies (LFM/BFD/etc) may experience a delay in keepalives transmission and/or processing due to a prolonged CPU usage on the FPC microkernel on T4000 Type 5-3D FPCs. The delay in keepalive transmission/processing may result in a mis-diagnosis of a link fault by the peer devices. The issue is seen several seconds after a Routing Engine mastership switch with NSR enabled and the fault condition will clear after a couple of minutes. PR849148
  • After the "show version detail" command is executed, the syslog message "UI_OPEN_TIMEOUT: Timeout connecting to peer" might appear. This message is cosmetic only; you can ignore this message. PR895320
  • With MX Series based line cards, change MTU on one interface might cause L2 traffic interruption on other interfaces in the same FPC. PR935090
  • On a router which does a MPLS label POP operation (penultimate hop router for example) if the resulting packet (IPv4 or IPv6) is corrupted then it will be dropped. PR943382
  • Reception of a very high rate of crafted IGMP packets may cause the Junos OS kernel to crash. The contents of the valid IGMP packets must be specifically crafted to trigger the crash, while maintaining a transmit rate exceeding approximately 1000 packets per second. PIM must also be enabled to trigger this crash. PR944135
  • Backing up the configuration with transfer-on-commit does not work in a MX-VC environment. PR947444
  • Bad udp checksum for incoming DHCPv6 packets as shown in monitor traffic interface output. The UDP packet processing is normal, this is a monitor traffic issue as system decodes checksum=0000. PR948058
  • With FPC3-E3 type FPC, the internal pc- interface statistics on the IQ/IQ2 PIC will be the same as the ingress interface statistics of the physical interface if family mpls is configured. It is a cosmetic display issue. PR953183
  • When both FPC CPU are already very busy and a very large firewall filters (thousands of terms long) are to be used, a port being used for port mirroring goes down due to an external factor ( such as a fiber cut or the remote side rebooting), the FPC CPU may rise to 100% for 4 minutes and then followed by a FPC reboot with a reason of "pfeman watchdog expired". This issue will only be observed occasionally, and if any of these three factors is not present, the issue will not occur. So, disabling the port being used for port mirroring prior to bringing down that link is sufficient to avoid this issue. PR968393
  • In multi-chassis platform, one of LCC's mastership change causes other LCC's SPARE-SIB's Active-LED to be set abnormally instead of "actual active plane's LED". There is no impact on operation, it is a cosmetic issue. * only if spare-SIB is SIB#0. For example, - SCC-RE0(M),RE1(B) | LCC0-RE0(M),RE1(B) | LCC1-RE0(M),RE1(B) - all-chassis SIB0 is spare status. - LCC0's mastership change makes the issue on LCC1. - LCC1's spare-SIB0's active LED to be set abnormally. PR972457
  • In the dual Routing Engines scenario with NSR configuration, the configuration statement "groups re0 interfaces fxp0 unit 0" is configured. If disable interface fxp0, backup Routing Engine is unable to proceed with commit processing due to SIGHUP not received, the rpd process on backup Routing Engine might crash. PR974430
  • The problem is seen because CFMD is getting a configuration commit after the MX-VC switch has happened. This commit is deleting the cfmd session and then creating a new session which is causing the old information of action-profile to be deleted which brings the interface back up. This problem fixes by the code correction. PR974663
  • no-propagate-ttl does not work for L3VPN when PE is configured with l3vpn-composite-nexthop and its core interfaces are hosted on MPC based FPC. PR985688
  • When netconf or Junos OS scripts are used to manage the device, the management process gets stuck in a loop, causing high CPU usage. PR991616
  • When receiving traffic coming on MPC and going out on DPC, the MAC entry on a Packet Forwarding Engine might not be up-to-date and the frames targeted to a known MAC address will be flooded across the bridge domain. PR1003525
  • In PPPoE over ATM subscriber management environment with active subscribers present, when you issue the "show arp" command, an ARP core file is generated. PR1006306
  • LSI logical interface input packet and byte stats are also added to core logical interface stats, but when the LSI logical interface goes down and the core logical interface stats are polled, there is a dip in stats. The fix is to restore LSI logical interface stats to core logical interface before deleting the LSI logical interface. PR1020175
  • CPQ RLDRAM ECC single and double bit errors will generate CM alarm. "show chassis alarms" command can be used to view CM alarm. Details ======= 1> CPQ RLDRAM ECC single bit error in last 10 secs will raise minor CM alarm. 2> No CPQ RLDRAM ECC single bit error in last 10 secs will clear minor CM alarm. 3> CPQ RLDRAM ECC double bit error will raise Major CM alarm (this alarm will not be cleared until the FPC is restarted). PR1023146
  • On all high-end MX Series devices, the packets per second (pps) and bits per second (bps) counters are not reporting accurate values while checking the "monitor traffic interface interface-name" command or the "show interface interface-name extensive" command. PR1033222
  • Recurring local memory (LMEM) data errors may cause lookup chip on Trio based FPC wedge and eventually FPC crash. PR1033660
  • ISC BIND software included with Junos for MX series devices is affected by CVE-2014-8500. This may allow a network based attacker to cause a denial of service condition on MX devices. This issue only affects MX devices where "set system services dns dns-proxy" has been configured. This is not enabled by default on MX devices. This issue does not affect other Junos OS based devices as they do not have BIND DNS server feature. This issue has been assigned CVE-2014-8500. Please see JSA10676. PR1048628
  • For a Routing Matrix, if different Routing Engine models are used on switch-card chassis (SCC)/switch-fabric chassis (SFC) and line-card chassis (LCC) (for example, RE-1600 on SCC/SFC and RE-DUO-C1800 on LCC), where the out-of-band (OoB) management interfaces are named differently (for example, fxp0 on SCC/SFC Routing Engine and em0 on LCC Routing Engine), then the OoB management interface configuration for LCC Routing Engine will not be propagated from SCC/SFC Routing Engine during commit. PR1050743
  • Under very rare situations, Packet Forwarding Engines on the following linecards, as well as the compact MX80/40/10/5 series, may stop forwarding transit traffic: - 16x10GE MPC - MPC1, MPC2 This occurs due to a software defect that slowly leaks the resources necessary for packet forwarding. Interfaces handled by the Packet Forwarding Engine under duress may exhibit incrementing 'Resource errors' in consecutive output of 'show interfaces extensive'. A Packet Forwarding Engine reboot via the associated linecard or chassis reload is required to correct the condition. PR1058197
  • For inline-jflow service on MPC3 and MPC4 linecards of MX-series, the packets get sprayed across all four lookup units (LUs). Normally the records from different LUs should have different observation domain ID (obs-id), but in this case they all have the same obs-id, causing four different sets of sequence numbers for the flow records. PR1066319
  • The MIB counter or "show pfe statistics traffic" shows junk PPS and invalid total traffic output counter. PR1084515
  • On MX Series-based line cards, when the prefix-length is modified from higher value to lower value for an existing prefix-action, heap gets corrupted. Due to this corruption, the FPC might crash anytime when further configurations are added/deleted. The following operations might be considered as a workaround: Step 1. Delete the existing prefix-action and commit Step 2. Then re-create the prefix-action with newer prefix-length PR1098870
  • DHCP End options (option 255) is missing by DHCP-relay agent (where 20 bytes DHCP options 82 inserted) for client DHCP discover message with 19bytes padding. PR1110939
  • With "fast-synchronize" configured, adding a new configuration-group that has configuration relevant to the rpd process and apply it and commit, then any configuration commits might cause the rpd process on the backup Routing Engine crash. We can reboot the backup Routing Engine to restore. PR1122057
  • Doing a file copy from a Routing-Engine running legacy Junos OS image to a Routing-Engine running FreeBSD 10.x based Junos OS image fails. PR1132682

Routing Protocols

  • After upgrade to 10.4R9 following messages are seen "Cancelling deferral pp0 index 131" These messages are not indicative of any problem and only cosmetic PR742534
  • This issue reported captures a change in behavior observed from previous releases. The adjacency hold down is taking longer than expected on passive interfaces and subsequently the issue disappears. This will not cause any functionality break since the functionality is restored eventually and seen only on passive interfaces immediately after unified ISSU. PR780684
  • Continuous soft core-dump may be observed due to bgp-path-selection code. RPD forks a child and the child asserts to produce a core-dump. The problem is with route-ordering. And it is auto-corrected after collecting this soft-assert-coredump, without any impact to traffic/service. PR815146
  • This PR fixes a bug by which the receiving EBGP speaker mistakenly accepts a session establishment attempt from an EBGP peer address that is not directly connected because it did not check to see if the address to which peer wants to establish a session belongs to the receiving interface or not. PR816531
  • OSPF route will not be deleted from routing/forwarding table if configuration satisfies below simultaneously. 1. Router ID is not specified and it can be changed due to interface down. 2. There is an interface where OSPF is not running. Suppose OSPF is running on interface A and it is not running on interface B. IP address of interface A is selected as router ID. When interface A goes down and router ID is changed to the IP address of interface B, OSPF on interface A will lose adjacency to the remote OSPF router but router will keep routes learned via OSPF. PR820909
  • In a rare condition, the periodic packet management process (ppmd) may crash during freeing connections. PR825522
  • When a Bidirectional Protocol Independent Multicast (PIM) rendezvous point (RP) is configured on a physical interface, such as fe-0/0/0 not the loopback interface, after restarting the routing, the Reverse Path Forwarding (RPF) interface might not be added to the accepting interface list for the affected groups, then some traffic can not be forwarded normally. PR842623
  • When pim traceoptions "flag all" and "flag hello disabled" are configured, traces about hello from ppmd are still seen. The work-around is to configure "flag hello detail disabled" as well. PR842627
  • When bfd-holddown is configured for BGP, and if interface goes down, bfd session is not destroyed currently, and if BGP-session is brought up with a new interface, then the stale BFD's flapping causes the BGP session to flap. PR846981
  • On Inter-AS PIM SM, where RP and Source are located in another BGP AS domain, if there are duplicate upstream and link flapped happened to primary upstream, multicast will get stuck with secondary upstream path and will not revert back to primary upstream, which will rpf mismatch and traffic outage. PR847370
  • Whenever a configuration change is made and a commit is issued, the Routing Engine's CPU utilization might go up due to BGP reprocessing all the routes. This could happen for any commits unrelated to policy, BGP configuration and most common with scaled BGP environment. PR853670
  • When an import-policy change rejects a BGP-route previously contributing to BGP-Multipath formation, the Peer Active-route-counters in "show bgp neighbor" may not get updated correctly. PR855857
  • When you perform a commit or a commit check of an invalid subnet configuration on a multicast group, the routing protocol process (rpd) crashes, and core files are generated. PR856925
  • Prefixes that are marked with 2 or more route target communities (matching multiple configured targets configured in policies) will be using more CPU resources. The time it takes to process this kind of prefixes depends on the number of VRFs and the number of routes that are sharing this particularity. This can lead to prolonged CPU utilization in rpd. PR895194
  • If Node-link protection is required in case of multiple ECMP primary paths, Node-link protection command: ("set protocols ospf area <area_id> interface <interface_name> node-link-protection") needs to be configured on all the outgoing-interfaces of PLR(Point of Local Repair)node that falls on the ECMP path to the primary. For example in the following diagram: PLR: RTA Destination: RTC Primary paths: RTA-->lt-1/2/10.102-->RTB-->lt-1/2/10.203-->RTC; RTA-->lt-1/2/10.122-->RTB-->lt-1/2/10.203-->RTC; Outgoing interfaces on PLR: lt-1/2/10.102 lt-1/2/10.122 Node-link protection needs to be enabled on both lt-1/2/10.102 and lt-1/2/10.122 if backup route avoiding RTB needs to be computed. (cost 1) |-----|-------------lt-1/2/10.102( )----------------|-----| | | (cost 1) | | | RTA |-------------lt-1/2/10.122(| RTB | |_____| |_____| | | | |lt-1/2/10.203 | | | (cost 1000) |-----| | |----lt-1/2/10.103( -----| RTC |--------------------| |-----| The behavior is corrected from release 14.1 and Node-link protection can be configured on any one of the interfaces on the ECMP path. PR924290
  • When a Junos OS router with multicast enabled receives IGMP packets with protocol DVMRP (IGMP_PROTO_DVMRP) to the IGMP port is 0x5 (DVMRP_ASK_NEIGHBORS2), IGMP builds a neighbor list and responds back to the source IP address of the sender. This source IP address can be a unicast address or a multicast address. There is no throttling of responses. The requests are answered at the highest rate possible. Secondary impacts are that the routing protocol daemon (rpd) IGMP utilization goes very high and the host path and interface network control queues can get congested. Refer to KB29553 for more information and mitigation. PR945215
  • In rare cases, rpd may write a core file with signature "rt_notbest_sanity: Path selection failure on ..." The core is 'soft', which means there should be no impact to traffic or routing protocols. PR946415
  • In a scaling setup a restart routing or NSR switchover can result in duplicate MSDP entries. PR977841
  • There are two scenarios that the rpd might crash. The first scenario is when all BGP peers flap with bgp route target proxy configured. The second scenario is when BGP session is configured in a way that one side is configured with family l2vpn auto-discovery-only, while on the other side is configured with both family l2vpn signaling and keep all configuration statements. PR1002190
  • With multicast discard route present, if an RP router has no pd- interface, it might not generate (S,G) join to upstream when receiving MSDP source active (SA) message. PR1014145
  • On the provider PE in Carrier-of-Carriers VPN scenario, a route in the vrf.inet.3 table is copied to vrf.inet.0 automatically. It is because the provider carrier's iBGP session has family inet-vpn and will only advertise routes from vrf.inet.0. Then the route in vrf.inet.0 is further auto-exported to bgp.l3vpn.0 table. The rpd process might crash when BGP is trying to advertise the route in bgp.l3vpn.0 table while its original route in vrf.inet.0 table is in the middle of deletion. This is a timing issue and not easy to be reproduced. PR1024470
  • Either "rib inet.3" or "resolve-vpn" feature is available to be configured in the lower hierarchy for BGP labeled-unicast family routes. These two features are mutually exclusive and only one of them could be used at a single BGP group. If the administrator swaps the two features (for example, using the "resolve-vpn" first, then deactivate it and using "rib inet.3" instead, then use "resolve-vpn" back), the secondary routes (routes in inet.3 which including the ones from this BGP group and from other BGP groups) may got accidentally removed every time on "commit" operation take place. PR1052884
  • In multi-topologies IS-IS scenario, there is huge difference between estimated free bytes and actual free bytes when generating LSP with IPv6 Prefix. It might cause LSP fragment exhaustion. PR1074891
  • There are two issues in the PR: (1) In multicast environment, Incoming interface list (IIF) list has only RPF interface, designated forwarder (DF) winners are not added in the list in backup Routing Engine. (2) "Number of downstream interfaces" in show pim join extensive is not accounting Pseudo-VXLAN interface. PR1082362
  • With Bidirectional Forwarding Detection (BFD) authentication configured, the memory usage of the bfdd process increases after the BFD client restarts or shuts down. The bfdd process will crash when reaching its maximum memory limit. The bfdd crash may cause link or protocol flap. PR1095990
  • Due to software bug Junos OS cannot purge so called doppelganger LSP, if such LSP is received over newly formed adjacency shortly after receiving CSNP from the same neighbor. PR1100756
  • There may be stale bfd session after changing physical terface mtu, it may also cause bfd session flap continuous or stay in down state. PR1116666

Services Applications

  • When sending traffic through IPsec tunnels for above 2.5Gbps on an MS-400 PIC, the Service-PIC might bounce due to prolonged flow control. PR705201
  • In the Adaptive Service PIC (Service PIC II) scenario, configure the command "root@user# set services service-set <service set name> stateful-firewall-rules", because the command is not supported by 12.1R4, so Adaptive Service PIC goes offline. PR819833
  • When rollback from v9 to v5 is done, Sampling logic was not rolling back, as sampling registers are not getting released from Packet Forwarding Engine and because in v5 the sampling is Routing Engine based it was not working. PR824769
  • When an MS-DPC PIC reboots due to a crash or manual intervention, it might get stuck in a booting loop if the MS-DPC up-time is more than 49 days and 17 hours. After 5 consecutive boot failures, the MS-DPC PIC will go offline automatically and gives the following error message: [ 15:21:22.344 LOG: Err] ICHIP(0): SPI4 Training failed while waiting for PLL to get locked, ichip_sra_spi4_rx_snk_init_status_clk [ 15:21:22.344 LOG: Err] CMSPC: I-Chip(0) SPI4 Rx Sink init status clock failed, cmsdpc_spi4_init [ 15:21:22.344 LOG: Err] CMX: I(0) ASIC SPI4 init failed [ 15:21:22.379 LOG: Err] Node for service control ifl 68, is already present [ 15:21:23.207 LOG: Err] ASER0 SPI-4 XLR source core OOF did not go low in 20ms. [ 15:21:23.208 LOG: Err] ASER/XLR0 spi4 stop src train failed! [ 15:21:23.208 LOG: Err] ASER0 XLR SPI-4 sink core DPA incomplete in 20ms. [ 15:21:23.208 LOG: Err] ASER/XLR0 spi4 sink core init failed! [ 15:21:24.465 LOG: Err] ICHIP(0): SPI4 Stats Unexpected 2'b 11 Error, isra_spi4_parse_panic_errors [ 15:21:24.465 LOG: Err] ICHIP(0): SPI4 Tx Lost Sync Error, isra_spi4_parse_panic_errors In order to recover from this state the whole MS-DPC needs to be rebooted. PR828649
  • The jnxNatSrcNumPortInuse counter is not refreshing when polling the jnxNatSrcNumPortInuse OID via SNMP after RSP switchover. PR829778
  • In the case of a stateful proxy, SIP hairpinning does not function, and two SIP users behind the NAT device might be unable to connect through a phone call. PR832364
  • With RTSP ALG enabled, RTSP keep-alive packets might be dropped if they are already Ack'ed by the receiver. PR834198
  • On an MS-DPC/service PIC with any of the affected release and with a NAT hide mode (napt44) configuration system may generate SIP core in SipFreeXInfo caused by portbmap incorrectly set on us xlate information. SIP transactions with the following characteristics: * the other end is swapping from and to when replying to requests (it should not but some bad implementations do it with little consequences, except for us) * all requests include SDP payload (invites for instance) and are made using the same callID (because they belong to the same dialog or the client was just implemented that way) * from and to tags can change, register callID can also have been different will cause the crash with the reported stack trace. PR834309
  • When DHCP subscribers login and radius hands down flow-tap variables the following errors are seen in the log: "/kernel: GENCFG: op 24 (Lawful Intercept) failed; err 5 (Invalid)." PR837877
  • If flow-tap or radius-flow-tap is configured and logging, dynamic flow control daemon (dfcd) may be leaking file descriptors. Over time these leaked file descriptors reach the limit and following error message will be seen. /kernel: kern.maxfiles limit exceeded by uid 0, please see tuning(7). Then routing protocol daemon (rpd) may crash and generate a core file. PR842124
  • On M Series, MX Series, T Series routers (platforms) with Services PIC, the Session Initiation Protocol (SIP) Application Layer Gateway (ALG) is deployed. When the SIP invite message is received, in rare condition, the Services PIC might crash. PR843047
  • Service PIC might crash in corner cases when receiving specific SIP REGISTER. PR843479
  • When Session Initiation Protocol (SIP) Application Level Gateway (ALG) is enabled, if there are SIP conversations such that a leaf or branch has a master flow (for example, if a SIP message does not match any existing flow), after issuing CLI command "clear services stateful-firewall flows", service PIC might crash and generate a core file. A practical example is a SIP INVITE initiated hierarchy with no reply and retransmissions using a different source UDP port. Clearing the flows in such condition will cause service PIC to crash and generate a core file. PR845746
  • In SIP Application Layer Gateway (ALG) with NAT scenario, "VIA headers" in "183 Session Progress" messages from outside NAT to inside NAT are not getting changed properly, which causes ringback tone failed. PR845934
  • In CGNAT environment, SIP call broken after putting in hold button of a phone which is in inside NAT. For example, as shown here: [Phone A] ------- [router] (NAT) ---- [Phone B] Call from Phone B to Phone A and then push hold button on Phone A. After then 200 OK with Session Description Protocol (SDP) from Phone B but IP address is not getting changed on router which cause SIP call broken. PR846838
  • Service PIC might crash in corner cases when EIM is enabled for SIP ALG. PR847124
  • When allocate the memory from shared memory for bitmaps used in port blocks. Junos OS requests as many bytes as the size of the block. If customers assign for example, 10K block size for deterministic NAT or PBA, then Junos OS allocates 10K bytes for that bitmap. However, it only needs 10K/8 bytes as one byte can represent 8 ports. These huge allocations are leading to memory depletion when many source addresses are behind the NAT, and port blocks are big. PR851724
  • spd core file generated during swicthover when CGAT configuration is there. Issue is well understood now and has been fixed in later releases. PR854206
  • In a CGNAT scenario with Port Block/Bucket Allocation (PBA) configured, when the port is exhausted due to receive ICMP or ICMPv6 echo requests fast with changing ID, the services PIC will have no more ports to allocate but create state objects for these newly packets. The state objects then cannot be released anymore, and memory leak will occur. If the service PIC used memory that reaches 2GB, then it will no longer allocate new port blocks and some logs will be seen "port block memory allocation errors" The memory usage of service PIC can be seen by using following command: user@router> show services nat pool detail Jan 10 11:52:37 Interface: sp-11/0/0, Service set: MOBILE-1 NAT pool: POOL1-MOBILE, Translation type: dynamic Address range: Port range: 512-65535, Ports in use: 48, Out of port errors: 196197999, Max ports used: 344898 AP-P out of port errors: 75964912 Max number of port blocks used: 55371, Current number of port blocks in use: 15, Port block allocation errors: 4098769297, Port block memory allocation errors: 196197999 Port blocks limit exceeded errors: 75979500. PR854428
  • MS-DPC may crash in certain scenarios when using CGNAT PBA and junos-rsh, junos-rlogin, junos-rpc-services-udp and junos-rpc-services-tcp ALGs (either one) in combination with EIM. PR862756
  • In IPsec environment, after performing the Routing Engine switchover (for example, performing Graceful Routing Engine Switchover) or chassis reboot (that is, whole device is powered down and powered UP again), due to the key management daemon (kmd) may be launched before the Routing Engine mastership is finalized, it may stop running on the new master Routing Engine. PR863413
  • When DHCP subscribers log in and radius hands down flow-tap variables the following errors are seen in the log:"/kernel: rts_gencfg_dependency_ifstate(): dependency type (2) is not supported." PR864444
  • "replicate-services" configuration command-line interface(CLI) under "set services service-set ..." is hidden, but it can be seen according to "root@user# run show configuration services | display set" PR930521
  • FSAD can sometimes crash on systems with high number of intelligent PICs. These crashes have no impact but creating corefiles for fsad. PR940522
  • Message type for if_msg_ifl_channel_delete should be lower severity and not an error. PR965298
  • If a destination-prefix or source-prefix is used like below example, the Network Address Translation (NAT) rule and term names will be used to generate an internal jpool with a form : _jpool_{rule_name}_{term_name}. If the generated jpool name exceeds 64 characters in length, it will get truncated. If the truncated jpool name get overlapped with other generated jpool name it will lead to an inconsistent pool usage. user@router# show services nat rule A_RULE_NAME_WHICH_IS_LONG_12345 { ... term A_TERM_ALSO_WITH_LONG_NAME_1 { from { source-address {; } } then { translated { source-prefix; <--- translation-type { source static; } } } } term A_TERM_ALSO_WITH_LONG_NAME_2 { from { source-address {; } } then { translated { source-prefix; <--- translation-type { source static; } } } } } First jpool = _jpool_A_RULE_NAME_WHICH_IS_LONG_1234_A_TERM_ALSO_WITH_LONG_NAME_1 > 64 characters. Second jpool = _jpool_A_RULE_NAME_WHICH_IS_LONG_1234_A_TERM_ALSO_WITH_LONG_NAME_2 > 64 characters. The resulted jpool "_jpool_A_RULE_NAME_WHICH_IS_LONG_1234_A_TERM_ALSO_WITH_" will be used wrongly in both terms. PR973465
  • On M Series, MX Series, T Series routers (platforms) with Services PIC, the incoming interface is a services interface. If the services interface receives "ICMP MTU Exceeded" message, the message might be dropped. PR977627
  • The cflow export would cease due to memory exhaustion when flow-monitoring is enabled using Adaptive Services II PIC due to memory leak condition. While in this condition, user would see increments in "Packet dropped (no memory)" as below: user@node> show services accounting errors Service Accounting interface: sp-3/0/0, Local interface index: 320 Service name: (default sampling) Interface state: Accounting Error information Packets dropped (no memory): 315805425, Packets dropped (not IP): 0. PR982160
  • On MX240/480/960 Series router with MS-DPC with "deterministic-port-block-allocation block-size" configuration. In rare condition, when the "block-size" is set to a larger value (in this case, block-size=16128), the Services PIC might crash. PR994107

Software Installation and Upgrade

  • Filesystem corruption might lead to Routing Engine boot up failure. This problem is observed when directory structure on hard disk (or SSD) is inconsistent. Such a failure should not result in boot up problem normally, but due to the software bug the affected Junos OS releases mount /var filesystem incorrectly. The affected platforms are M/T/MX/TX. PR905214

Subscriber Access Management

  • When an MX Series router is acting as the Dynamic Host Configuration Protocol (DHCP) local server and interacting with Session and Resource Control (SRC) for subscriber authorization and provisioning, SRC passes back "framed-ip-address" during subscriber login the local address pool. In this scenario, the OFFER and ACK messages sent by the MX Series router does not include dhcp-option 1, subnet-mask. PR851589
  • There was a software bug related to shmlog locking that is exposed when too many ifinfo process invocations are triggered by cli show interface commands. PR855677
  • When the MX Series router acting as the Policy and Charging Enforcement Function (PCEF) uses Gx-Plus to request service provisioning from the Policy Control and Charging Rules Function (PCRF), the authentication service process (authd) might crash during the subscribers logout. PR1034287
  • When using Neighbor Discovery Router Advertisement (NDRA) and DHCPv6 prefix delegation over PPPoE in the subscriber access network, if a local pool is used to allocate the NDRA prefix, when the CPE send DHCPv6 solicit message with both Internet Assigned Numbers Authority (IANA) and Identity Association Prefix Delegation (IAPD) options, the subscriber might get IPv6 prefix from the NDRA pool but not the delegated pool. As a workaround, the CPE should send DHCPv6 solicit message with only IAPD option. PR1063889
  • In subscriber management environment, when dual-stack service is activated by the Change of Authorization (CoA) request from the Radius Server, both families will be activated in the same profile response. Due to a software defect, the service accounting session id is not generated properly and the Service Accounting Messages and Interim-updates failed to be sent out. PR1071093
  • On MX Series routers when adding the LI-Action attribute for mirroring the traffic of dual stack subscribers, due to the loop of the service requests lookup and adding, the authentication process (authd) CPU utilization may stay high indefinitely and traffic mirroring is not happening. PR1077940

User Interface and Configuration

  • Selecting the Monitor port for any port in the Chassis Viewer page takes the user to the common Port Monitoring page instead of the corresponding Monitoring page of the selected port. PR446890
  • User needs to wait until the page is completely loaded before navigating away from the current page. PR567756
  • Using the Internet Explorer 7 browser, while deleting a user from the Configure > System Properties > User Management > Users page on the J-Web interface, the system is not showing warning message, whereas in the Firefox browser error messages are shown. PR595932
  • If you access the J-Web interface using the Microsoft Internet Web browser version 7, on the BGP Configuration page (Configure > Routing > BGP), all flags might be shown in the Configured Flags list (in the Edit Global Settings window, on the Trace Options tab) even though the flags are not configured. As a workaround, use the Mozilla Firefox Web browser. PR603669
  • On the J-Web interface, next hop column in Monitor > Routing > Route Information displays only the interface address and the corresponding IP address is missing. The title of the first column displays "static route address" instead of "Destination Address." PR684552
  • Protected sections of the group hierarchy do not have their protection status displayed correctly and are not prevented from adding new elements into existing groups. PR717527
  • "annotate" is not valid under firewall filter then hierarchy level and displayed "No valid completions" , and lead to the configuration could not be committed under "edit private" mode. [edit] user@router# show | compare [edit firewall family inet filter LOOPBACK-OUTBOUND term allow-ipv6 then] + /* Don't process the packet here; it's IPv6, not IPv4. + * Accept it and have it be processed by the IPv6 ACL. */ accept; syntax error. user@router# commit full [edit firewall family inet filter LOOPBACK-OUTBOUND term allow-ipv6 then] 'accept' outgoing comment does not match patch: PR812111
  • On the J-Web interface, Configure > Routing> OSPF> Add> Interface Tab is showing only the following three interfaces by default: - pfh-0/0/0.16383 - lo0.0 - lo0.16385 To overcome this issue and to configure the desired interfaces to associated ospf area-range, perform the following operation on the CLI: - set protocols ospf area area-range - set protocols ospf area interface fe-0/3/1 PR814171
  • When PIM is enabled via apply-groups to one routing-instance whose instance-type is not defined (no-forwarding type is set), incorrect constraint check of PIM will cause routing protocol daemon (rpd) to crash upon any configuration change later. PR915603
  • For routers with multiple Routing Engines and "commit synchronize" configured, CLI might get stuck after issuing commit command simultaneously from both Routing Engine's. PR937960
  • When entering "restart r" incomplete command in CLI, even though there are multiple options available, command "restart routing" is executed finally. It should throw an error like "error: invalid daemon: r". PR1075746


  • BGP community 0xFF04 (65284) is a well known community (NOPEER), but it is incorrectly displayed as "mvpn-mcast-rpt" in the cli command "show route". This is a show command issue only. No operational mis-behavior will be observed on the router/network. PR479156
  • VPLS traffic gets flooded back over the ingress interface on the local PE as the split-horizon gets disabled upon interface flap. PR818926
  • When a receiver already receiving multicast traffic for a group leaves the group, router connected to the receiver sends a Prune upstream and starts its upstream Prune timer. When the egres PE receives the Prune it will withdraws Type-4 route. During this time, if we 'clear pim join instance vrf' or (set routing-instances vrf protocols pim disable/enable) is done on egress PE and when the Receiver joins the group again, egress PE receives PIM Graft message but, drops it because it does not have matching SG state. This resulting in egress PE not able to get trigger to send Type-4 and thereby is not able to pull traffic from ingress. PR888901
  • For NG-MVPN with RPT-SPT mode, configuring the leaf tunnel limit to block the TYPE 4 routes sending from egress PE after it reaches the configured limit. In certain corner scenarios, the leaf route count is not updated correctly and then the TYPE 4 routes are blocked on receiving the TYPE 3 routes. This timing issue could happen only when a new C-multicast route is bound to the selective provider multicast service interface (S-PMSI) which is marked for deletion however not yet deleted. PR953449
  • In NG-MVPN route-group scenario, configuring leaf tunnel limit on egress PE, flapping the source route on preferred serving site, during the transition from preferred to non-preferred serving site, if the selective provider multicast service interface (S-PMSI) limit count is exceeded temporarily on member site, the member site might fail to originate Type 4 route even though it has Type 5 and Type 3 routes from non-preferred serving site. This is a timing issue and difficult to be reproduced. PR994687
  • In the Rosen MVPN environment, the RP-PE is an assert loser, another PE is sending traffic over the data-mdt. If a new receiver PE with higher rate comes up, because internal workflow processes wrong, the receiver PE might reset data-mdt. This leads to traffic loss. PR999760
  • In NG-MVPN rpt-spt scenario with C-multicast limitation configured, there are some corner circumstances to make the receiver site not receiving all the traffic from the serving site: 1.When the C-multicast limitation is relaxed or some of the routes deleted making way for the new routes to be installed,if MVPN installed a route first, and PIM tries to install the same route prefix, since the limit was reached it was not installing the route. Similarly when MVPN tries to install a route which is installed by PIM already. This was leading to miscounting and hence the egress PE advertising lesser number of routes than limit. 2.If RP PE is also connected to source, the limit should not be applied as it is ingress PE. However when the source route changes to remote, then the limit should be applied as it is egress PE now. The miscounting on RP PE also causing lesser routes to be advertised than configured limit. PR1001861
  • In NG-MVPN scenario with multiple source PEs for a same group, if an inactive source PE has local receivers, the routing protocol process (rpd) on this PE might cause multicast traffic loss and continuous IFF-MISMATCH error. PR1009215
  • In the 12.3 release after issuing a "request pim multicast-tunnel rebalance" command the software may place the default encapsulation and decapsulation devices for a Rosen MVPN on different tunnel devices. PR1011074
  • Problem Description The problem is that MSDP is periodically polling PIM for S,G's to determine if the S,G is still active. This check helps MSDP determine if the source is active and therefore the SA still be sent. There is a possibility that PIM will return that the S,G is no longer active which causes MSDP to remove the MSDP state and notify MVPN to remove the Type 5. One of the checks PIM makes is to determine if it is the local RP for the S,G. During a re-configuration period where any commit is done, PIM re-evaluates whether it is a local RP. It waits until all the configuration is read and all the interfaces have come up before making this determination. The local rp state is cleared out early in this RP re-evaluation process, however, which allows for a window of time where the local RP state was cleared out but it has not yet been re-evaluated. During this window PIM may believe it is not the local rp and return FALSE to MSDP for the given source. If MSDP makes the call into PIM during this window after a configuration change(commit), then it is possible that the Source Active(Type 5) state will be removed. Fix The fix will be to clear out the local rp state right before it is re-evaluated ie after it reads configuration for all interfaces; to not allow any time gap where it could be inconsistent. PR1015155
  • In PIM Draft-Rosen Multicast VPN (MVPN) environment, in a setup where active C-PR, standby C-RP, C-receivers, and C-source are located in different VPN sites of MVPN instance, once the link to active C-RP is flapped, the PE router which connects to C-receivers would send (*,g) join and (s,g,rpt) prune towards standby C-RP. When the PE that connects to standby C-RP receives the (*,g) join and (s,g, rpt) prune over mt-, it ends up updating the (s,g) forwarding entry with mt- as downstream, which is already the incoming interface (IIF). This creates a forwarding loop due to missing check if IIF is same as OIF when PIM make-before-break (MBB) join load-balancing feature is enabled. As a result traffic gets looped back into the network. Loop once formed will remain at least for 210 seconds till the delayed prune timer expires. After this, IIF is updated to the interface towards standby C-RP. PR1085777
  • In NG-MVPN spt-only mode with a PE router acts as the rendezvous point (RP), if there are only local receivers, the unnecessary multicast traffic continuously goes to this RP and dropped though it is not in the shortest-path tree (SPT) path from source to receiver. PR1087948

Related Documentation

Modified: 2016-06-09