If the tunnel destination is in a VPN, the generic routing
encapsulation (GRE) traffic may get deleted due to a lookup in the
wrong forwarding table. [PR/45035]
When you configure a source class usage (SCU) name with
an integer (for example, 100) and use this source class as a firewall
filter match condition, the class identifier might be misinterpreted
as an integer, which might cause the filter to disregard the match.
[PR/50247]
On a Monitoring Services III PIC configured as a dynamic
flow capture (DFC) interface (dfc-fpc/pic/port), when you configure
the DFC interface as the next hop in a forwarding path, port-mirrored
packets might become corrupted. [PR/60799]
If you configure 11 or more logical interfaces in a single
VPLS instance, VPLS statistics might not be reported correctly. [PR/65496]
When a large number of kernel system log messages are
generated, the log information might become garbled and the severity
level could change. This behavior has no operational impact. [PR/71427]
On M320 and T-series routing platforms, there is a process
that monitors FPCs while they transition to an online state. If an
FPC is busy and cannot complete the transition within the time limit,
the process might time out and prevent the FPC from coming online.
[PR/72364]
In the situation where a Link Services (LS) interface
to a CE router appears in the VPN routing and forwarding table (VRF
table) and a fragmentation is required, Internet Control Message Protocol
(ICMP) cannot be forwarded out of the LS interface from a remote PE
router that is in the VRF table. As a workaround, include the vrf-table-label statement in the configuration. [PR/75361]
On the T-series routing platform, when you include the no-labels configuration statement at the [edit forwarding-options
hash-key family mpls] hierarchy level, the statement is added
to the configuration; however, MPLS labels are still included in the
hash key. [PR/80334]
Traceroute does not work when ICMP tunneling is configured.
[PR/94310]
The initialization fails to parse the configuration present
in the init.conf file. [PR/94576]
For T-series and M320 routers, multicast traffic with
the do not fragment bit set to a low MTU value is being dropped.
If the clear pim join command is executed, the router stops
forwarding all traffic transiting the interface. [PR/95272]
A firewall filter that matches the forwarding class of
incoming packets (that is, includes the forwarding-class statement at the [edit firewall filter filter-name term term-name from] hierarchy level)
might incorrectly discard traffic destined for the Routing Engine.
Transit traffic is handled correctly. [PR/97722]
The JUNOS software does not support dynamic ARP resolution
on Ethernet interfaces that are designated for port mirroring. This
causes the Packet Forwarding Engine to drop mirrored packets. As a
workaround, configure the next-hop address as a static ARP entry by
including the arp ip-address statement
at the [edit interfaces interface-name] hierarchy level. [PR/237107]
Currently, the JUNOS Software cannot build an outbound
serial connections through the AUX port. For example, build an outbound
serial connection to a console on an adjacent router. [PR/256818]
On T640, T320, and M320 routers, if you take an FPC offline
during an ISSU boot, other FPCs in the router might crash. This happens
when there is transit traffic flowing from the other FPCs towards
the offlined FPC. [PR/268294]
When Periodic Packet Management (PPM) delegation for Bidirectional
Forwarding Detection (BFD ) sessions is disabled (the delegate-processing statement is removed at the [edit routing-options ppm] hierarchy
level), the BFD sessions might be terminated (because a "state is
down" message is sent) and reestablished. [PR/280233]
When you perform an in-service software upgrade (ISSU)
on a routing platform with an FPC3 or an Enhanced FPC3 with 256 MB
of memory and the number of routes in the routing table exceeds 750,000,
route loss might occur. If route loss occurs, as a workaround, perform
either of the following tasks: (a) replace the FPC3 or Enhanced FPC3
with another FPC that has more memory, or (b) after the ISSU is complete,
reboot only the FPC3 or Enhanced FPC3. [PR/282146]
For Routing Engines rated at 850 MHz (which appear as RE-850 in the output from the show chassis hardware command), messages like the following might be written to the system
log when you insert a PC Card: “bad Vcc request” and “Device
does not support APM.” Despite the messages, operations that
involve the PC Card work properly. [PR/293301]
Next-hop marking (marked with a dash) in the show
route forwarding-table command output indicates which next hops
might not transmit traffic in a hierarchical load-balancing topology
(for example, multiple load-balanced LSPs over multiple paths or aggregated
interfaces). The forwarding-options indexed-next-hop statement
was added to address hierarchical load-balancing issues, but configuring
this statement may result in the next-hop marking being inaccurate
and so the markings should be ignored. [PR/293306]
Temporary files named in the format cprodxxxxxx are retained in the temporary directory on
the router and can be deleted. [PR/304750]
On a Protected System Domain, under the following conditions
an FPC might generate a core file and stop operating: (a) a firewall
policer with a large number of counters (for example, 20,000) is applied
to a shared uplink interface and (b) the FPC that houses the interface
does not have a sufficiently powerful CPU. As a workaround, reduce
the number of counters or install a more powerful FPC. [PR/311906]
The SSB servers display an error when you delete a string
from the redix tree and then reboot. [PR/312453]
When you commit a configuration that includes the dynamic
demux relay feature and there is a large number of subscribers (for
example, 64,000), all subscribers do not become active and the kernel
generates an error. [PR/312563]
Traffic originating from a remote PE router is silently
dropped without informing the source that the data did not reach its
intended recipient when the multicast MAC address is configured on
the local PE router for a CE device. [PR/398698]
Following an FPC reset, the next-hop route pointing to
the service PIC interface running RPM might be incorrect. [PR/438599]
User Interface and Configuration
The CLI does not generate a warning if multiple users
are configured with the same user ID. [PR/55774]
On M20 routers, after a Routing Engine mastership switchover,
it might not be possible to enter CLI configuration mode on the new
master Routing Engine. Also, the request system reboot and request system halt commands do not clearly fail but do not
return the CLI prompt either. [PR/64899]
The logical system administrator can modify and delete
master administrator-only configurations by performing local operations
such as issuing the load override, load replace,
and load update commands. [PR/238991]
When you are working in private configuration mode and
try to commit a configuration that includes a comment about an inactive
configuration statement, the commit operation fails with the message
"syntax error.". [PR/270160]
In the output from the configuration mode show | compare command, the banner might be the parent level of the current hierarchy
level instead of the current level itself. For example, when the current
hierarchy level is [edit interfaces fe-1/1/1], the banner
in the output reads [edit interfaces], but the additions
and deletions are reported with respect to the [edit interfaces
fe-1/1/1] level. [PR/291574]
A user belonging to a login class with limited rights
to modify a specific firewall filter cannot use the insert command to reorder firewall terms. [PR/310872]
The IPv6 PMTU discovery timeout variable is ip6_pmtu_timeout instead of path_mtu_timeout. [PR/315133]
When executing the commit sync command, messages
appear on the backup Routing Engine. These messages can be ignored.
[PR/395716]
Using the filter config text in the NETCONF get-config command results in a syntax error and the router
configuration cannot be returned in ASCII format. [PR/430799]
Interfaces and Chassis
On aggregated SONET/SDH interfaces, the counter for drops
and errors in the show interfaces command output does not
display the correct value, because the counter does not collect data
from the constituent interfaces within the aggregate. [PR/23577]
On channelized E1 interfaces, you might be able to configure
clocking on ds-fpc/pic /port:n interfaces,
where n is not unit 0. This is an invalid
configuration and might cause a clocking selection problem on the
other channels. [PR/24722]
On a 2-port OC12 ATM2 IQ interface, the total virtual
path (VP) downtime might not display correctly in the show interfaces command output. [PR/27128]
On M20 and M40 routers, when a physical layer problem
affects a SONET/SDH interface, carrier transition statistics might
not increment correctly in the output of the show interfaces extensive command. [PR/33325]
When you configure both the bundle link and constituent
links at the [edit (logical-routers logical-router-name | logical-systems logical-system-name) interfaces] hierarchy level, the constituent links do not come up. As a workaround,
configure the constituent links at the [edit interfaces] hierarchy
level. [PR/35578]
On the Channelized STM1 with a QPP PIC, error monitoring
for CRC and frame errors might not work as expected. [PR/39440]
When you apply an IPSec firewall filter to match traffic
sent across a generic routing encapsulation (GRE) tunnel and originating
from the local routing platform, the local traffic is dropped. Transient
traffic is not affected. [PR/44871]
On a Link Services PIC, the CLI might incorrectly allow
you to configure a logical tunnel interface (interface identifier
lt); the resulting interface might not work correctly. [PR/49818]
If an MLPPP LSQ bundle carries a large volume of link
fragmentation and interleaving (LFI) traffic and a small proportion
of multilink traffic, packets might be dropped on the egress constituent
links. [PR/56664]
If you configure IS-IS, MPLS, and graceful Routing Engine switchover
(GRES) and a switchover event occurs, the routing platform might end
the PPP IP Control Protocol (IPCP) sessions and renegotiate them if
the remote side has changed interface MTU settings prior to the switchover
event. [PR/61121]
If you configure graceful Routing Engine switchover (GRES)
and issue the request chassis routing-engine master acquire command, in rare cases the master Routing Engine might fail to relinquish
mastership, or the switchover to the backup Routing Engine might take
up to 360 seconds. [PR/61821]
For Automatic Protection Switching (APS) on SONET/SDH
interfaces, there are no operational mode commands that display the
presence of APS mode mismatches. An APS mode mismatch occurs when
one side is configured to use bidirectional mode, and the other side
is configured to use unidirectional mode. [PR/65800]
If you ping a nonexistent IPv6 address that belongs to the same
subnet as an existing point-to-point link, the packet loops between
the two point-to-point interfaces until the time to live expires.
[PR/94954]
The output of the show interfaces diagnostics optics command includes the "Laser rx power low alarm" field even if the
transceiver is a type (such as XENPAK) that does not support this
alarm. [PR/103444]
XFP-OC192-SR may report "XFP read fail, retry for 1 times"
randomly. This is a cosmetic issue and doesn't affect to the interface
functionality. [PR/262883]
The hot swapping fan tray for the M120 might cause the
Check CB alarm to activate. [PR/268735]
On the JCS 1200, when you issue the clear -config
-T switch[1] command using the management module, the switch
module returns to its factory default setting instead of the Juniper
Networks default setting. As a workaround, do not issue the command.
[PR/274399]
When you configure ILMI on an ATM interface (include the ilmi statement at the [edit interfaces interface-name atm-options] hierarchy level) and a graceful Routing Engine
switchover (GRES) or unified in-service software upgrade (ISSU) event
occurs, the show ilmi command no longer returns any output.
[PR/282051]
On a router with Frame Relay multilink configured on a
MultiServices 400 PIC or on a channelized DS3 PIC, when the minimum
links value for the Frame Relay interface is set to 8 and a link is
deactivated from the configuration, the link remains up. [PR/285244]
On the Juniper Control System (JCS) platform, the control
and management traffic for all Routing Engines share the same physical
link on the same switch module. In rare cases, the physical link might
become oversubscribed, causing the management connection to Protected
System Domains (PSDs) to be dropped. [PR/293126]
On a Protected System Domain (PSD) configured with a large
number of BGP peers and routes (for example, 5000 peers and a million
routes), FPCs might restart during a graceful Routing Engine switchover.
[PR/295464]
When two routers are connected via SONET/SDH interfaces
that are configured as container interfaces and the Routing Engine
on one router reboots, the container interfaces on the other router
might go down and come up again. [PR/302757]
On M5, M10, M20, and M40 routers, when you issue an SNMP
query for alarm LED status (such as the show snmp mib walk jnxLEDState command), the message “FPM device not open” might be
logged. This is an erroneous message and can be ignored. [PR/313073]
On MX-series routers, the path MTU discovery for a GRE
tunnel is not functioning properly. [PR/390993]
In JUNOS Release 9.3 and later, VPLS customer edge (CE)-facing
interfaces can be associated with the CE mesh groups to which they
belong, instead of only with the default CE mesh group (as in JUNOS
Release 9.2 and earlier). However, the JUNOS Release 9.2 behavior
still applies to interfaces in a VPLS routing instance that is defined
at the [edit logical-systems logical-system-name routing-instances] hierarchy level. Also, if you move the configuration
for a logical interface in a VPLS routing instance from the [edit
routing-instances routing-instance-name] hierarchy level to the [edit logical-systems logical-system-name routing-instances routing-instance-name] hierarchy level, the value vpls might stop appearing in
the Proto column of the output from the show interfaces
terse command. As a workaround, perform the move in two steps
by removing the interface from the [edit routing-instances routing-instance-name] hierarchy level and committing
the configuration, then creating the interface at the [edit logical-systems logical-system-name routing-instances routing-instance-name] hierarchy level and committing again. [PR/400248]
The XML output is not correct when the Virtual Router
Redundancy Protocol (VRRP) track interface is configured. [PR/414734]
On MX-series routers, MAC address accounting in the egress
direction might not work if traffic is unidirectional and no traffic
flows in the reverse direction for a duration longer than the aging
interval. [PR/415146]
When you configure the payload port-data statement
at the [edit family mpls hash-key] hierarchy level on M120,
MX-series, or M320 platforms with E3 FPCs, the hashing algorithm might
not take the port-data values into account. [PR/442223]
Services Applications
The output of the show services nat pool command
displays duplicate entries for a single Network Address Translation
(NAT) pool. [PR/34678]
The show services accounting flow-detail extensive command sometimes displays incorrect information about input and
output interfaces. [PR/40446]
On Adaptive Services PICs configured for IPSec tunnel
redundancy, if there are a large number of tunnels, sometimes a few
of the tunnels might switch over to the backup tunnel. [PR/46733]
When a routing platform is configured for graceful Routing
Engine switchover and Adaptive Services (AS) PIC redundancy, and a
switchover to the backup Routing Engine occurs, the redundant services
interface (rsp-) always activates the primary services interface (sp-),
even if the secondary interface was active before the switchover.
[PR/59070]
For Adaptive Services II PICs, even if you do not configure
flow collector services, a temporary file might be created every 15
minutes in the /var/log/flowc/ directory. The file is deleted
if there are no clients, and re-created only when a client connects
and attempts to write to the file. [PR/75515]
If a large number of BGP authentication sessions (for
example, 400) are configured in a VRF instance, the following message
is written to the system log when the configuration is committed:
“keyadmin[pid]: dump_assn: posting additional
read." This message can be ignored and there is no operational impact.
[PR/295407]
A user belonging to a login class with limited rights
to modify a specific firewall filter cannot use the insert command to reorder firewall terms. [PR/312961]
The IPv6 PMTU discovery timeout variable is ip6_pmtu_timeout instead of path_mtu_timeout. [PR/401247]
As a fix, the Multilink Point-to-Point Protocol (MLPPP)
reassembly logic does not perform a strict out-of-order check. In
a multi-CPU packet handling environment, packets arriving later may
be processed before the first. [PR/430296]
Subscriber Access Management
When dynamic IP address assignment is configured, if there
is only one address left in the address allocation pool and an attempt
to authenticate with a service fails (because, for example the authentication
request specifies an invalid service name), a subsequent authentication
attempt for the service also fails. The following messages might appear
in the log for the authentication process (authd): "assigned address address in use, trying next available" and "Unable to
assign an address." [PR/305516]
When you use a RADIUS Change-of-Authorization (CoA) message
to activate a service that is already activated, the service is removed.
[PR/307983]
Routing Policy and Firewall Filters
On M-series and T-series routers running JUNOS Release
9.3R1 and later, FPCs might stop functioning if you configure a firewall
filter and include the family any statement at the [edit
firewall] hierarchy level, and apply the filter to an interface
for which the configuration includes the family iso statement
at the [edit interfaces interface-name unit logical-unit-number] hierarchy level. Apply a firewall
filter that is configured with the family any statement only
to an interface that is not configured with the family iso statement. [PR/408617]
On an MX-series router, if you configure a logical interface
policer containing the bandwidth-limit and burst-size-limit statements at the [edit firewall police policer-name if-exceeding] hierarchy level, then perform an in-service
software upgrade (ISSU) from JUNOS Release 9.3 to 9.4, load another
configuration, issue the ping command to verify connectivity
to an adjacent neighbor, and finally perform a rollback to the first
configuration, you might not be able to reach the neighbor again when
you reissue the ping command because the ICMP packet flow
might be blocked. [PR/408893]
Routing Protocols
The CLI allows you to commit a configuration that specifies
a value higher than 32 for the metric statement at the [edit protocols dvmrp interface all] hierarchy level, but values
higher than 32 are invalid. [PR/33429]
If a router receives a Pragmatic General Multicast (PGM)
Source Path Message (SPM), it does not create a forwarding cache,
nor does it forward the message to other routers as a heartbeat, as
specified in RFC 3208. Also, the routers multicast cache might time
out if it does not receive actual PGM data (ODATA) for more than 6
minutes. As a workaround, configure the PGM source application to
send PGM ODATA at least once every 6 minutes. The ODATA acts as the
heartbeat message in lieu of the SPM messages and ensures that the
multicast and forwarding caches are created and updated. [PR/37504]
When you configure damping globally and use the import
policy to prevent damping for specific routes, and a new route is
received from a peer with the local interface address as the next
hop, the route is added to the routing table with default damping
parameters, even though the import policy has a nondefault setting.
As a result, damping settings do not change appropriately when the
route attributes change. [PR/51975]
If a BGP group is created but without any defined peers,
a warning message appears when the configuration is committed. [PR/63279]
When you issue the show ldp traffic-statistics command, the following system log message might be generated for
all forwarding equivalence classes (FECs) with an ingress counter
set to zero: "send rnhstats GET: error: ENOENT -- Item not found."
[PR/67647]
In the output of the show pim join extensive command,
the assert winner status is displayed in the Outgoing Interface List
(OIL) for PIM Dense Mode (PIM-DM) but not for auto-RP dense groups.
[PR/74737]
If ICMP tunneling is enabled on the router and you configure
a new logical system that does not have ICMP tunneling enabled, the
feature is globally disabled. [PR/81884]
When the flow of multicast traffic changes because an
OSPFv3 link goes down, the output from the show multicast statistics
inet6 command reports incorrect values in the In kbytes and In packets fields for the new ingress interface. [PR/234969]
When you commit a new configuration for nonstop routing
(NSR) on a primary Routing Engine that differs from the configuration
for NSR that is already running on the backup Routing Engine, the
routing protocol process stops functioning on the backup Routing Engine
only. Traffic forwarding is not affected. [PR/254379]
Disabling the PIM protocol with the set protocols
pim disable command can cause the router to stop operating until
that statement is removed. As a workaround, use the deactivate
protocols pim command instead. [PR/274478]
The routing protocol process may restart if PIM is configured
to run on unnumbered interfaces. [PR/295319]
The clear ospf io-statistics command may not
clear the counter values that would be seen using the show ospf
io-statistics command. [PR/308679]
The clear ospf io-statistics command might not
clear the counter values that are displayed by the show ospf io-statistics command. [PR/401351]
The show isis statistics command does not display
the IS-IS packet statistics. [PR/405022]
OSPF and IS-IS differ in how they handle the addition
of a better internal or external (smaller IGP metric) route into the
protocol’s internal routing-table. IS-IS flushes all next-hops
information (including LSP next-hops) when learning a better prefix,
despite equal-cost LSP tunnels, whereas OSPF does not. However, this
does not cause any issues with respect to load balancing. [PR/408702]
The rendezvous point (RP) is not learned on a router where
auto-rp discovery is configured. A mismatch occurs between the PIM
interface configuration on a router where auto-rp discovery is configured
and on a router where auto-rp mapping is configured. For example,
one router has an IFL with PIM configured and the other has an IFL
with PIM disabled. As a workaround, ensure that PIM is enabled on
all IFLs on both routers. [PR/445917]
MPLS Applications
If you configure a label-switched path (LSP) with the no-cspf statement at the [edit protocols mpls] hierarchy
level, the LSP might cycle up and down several times before stabilizing.
[PR/10415]
If a cross-connected circuit (CCC) traverses a forwarding
adjacency label-switched path (LSP), traffic forwarding might be affected.
[PR/60088]
RSVP graceful restart does not function for LSPs that
have a forwarding adjacency (FA) label-switched path (LSP) as a next
hop. [PR/60256]
When you modify the primary path for an MPLS LSP by using
the delete protocols mpls label-switched-path lsp-path-name primary path-name command in configuration
mode, followed by the set protocols mpls label-switched-path lsp-path-name primary path-name command, and then issue the commit command, the entire
LSP (both primary and secondary) is torn down and then rebuilt from
scratch. As a workaround, issue the delete protocols mpls label-switched-path lsp-path-name primary path-name command in configuration mode, followed by the commit command.
Then issue the set protocols mpls label-switched-path lsp-path-name primary path-name command, followed by the commit' command. [PR/62365]
When you enable per-packet load balancing on parallel
label-switched paths (LSPs), the output of the show mpls lsp ingress command might display all the routes on only one of the LSPs even
when traffic is evenly balanced across the LSPs. [PR/70487]
An error in the Constrained Shortest Path First (CSPF)
software might cause the routing protocol process (rpd) to generate
a core file and stop operating. [PR/103777]
When there are more than five link-protected or node-link-protected
LSPs to the same destination and per-packet load balancing is enabled,
some bypass next-hops might not be part of the active route. This
can occur after a primary link goes down and comes back up. [PR/259219]
For point-to-multipoint LSPs configured for VPLS, the ping mpls command reports 100 percent packet loss even though
the VPLS connection is active. [PR/287990]
The monitor label-switched-path output control key "n"
does not work. [PR/298814]
VPNs
When you modify the frame-relay-tcc statement
at the [edit interfaces interface-name unit logical-unit-number] hierarchy level of a Layer 2
VPN, the connection for the second logical interface might not come
up. As a workaround, restart the chassis process (chassisd) or reboot
the router. [PR/32763]
Traffic might not flow when an ATM interface is used as
the access circuit on an M120 router. [PR/255160]
If a PE router is acting as the mapping agent for PIM
auto-RP, PR elections based on the bootstrap router (BSR) do not work
correctly. [PR/305325]
For a VRF instance configured for PIM, MVPN, and provider
tunnels (the pim and mvpn statements are included
at the [edit routing-instances vpn-name protocols] hierarchy level and the provider-tunnel statement is included
at the [edit routing-instances vpn-name] hierarchy level), when PIM is deactivated and reactivated, it fails
to install type-5 (source-active) routes in the instance-name.mvpn.0 routing table. This issue arises only when remote C-multicast
joins are configured on the ingress PE router (as displayed by the show mvpn c-multicast command). [PR/306983]
When an LSP switches from a primary path to a bypass path,
Layer 2 circuits might go down and come up again, resulting in packet
loss. [PR/309085]
In JUNOS Release 9.3, when you configure inter-AS VPLS
with MAC processing at the autonomous system (AS) boundary router
along with multihoming, and if a designated forwarding AS boundary
router fails and then comes back up again, traffic flowing to the
local AS from the other AS’s boundary router might be lost.
The loss occurs in the time period (tenths of a second) during which
the old designated forwarding AS boundary router is taking back the
role of designated forwarder. [PR/312730]
On a router configured for NSR (the nonstop-routing statement is included at the [edit routing-options] hierarchy
level), if an NSR switchover occurs after the configuration for routing
instances changes in certain ways, BGP sessions between PE and CE
routers might not be established after the switchover. [PR/399275]
After the ingress PE router for an NG MVPN instance performs
a GRES event, the egress PE routers could fail to install a new forwarding
state for the multicast traffic. Clearing the BGP session on the ingress
router can restore traffic to all egress routers. [PR/441392]
High Availability
On a router with dual Routing Engines and nonstop active
routing (NSR) enabled, if you perform a commit synchronize operation when the backup Routing Engine is not available, routing
protocol sessions might not be reestablished. To expedite protocol
synchronization, issue the restart routing command on the
backup Routing Engine when it comes up. [PR/277993]
In a routing matrix, if you include the prefix-action statement at the [edit firewall family inet] hierarchy
level and perform an ISSU operation, the FPCs on the T640 routing
nodes do not come online. In the output from the show chassis
fpc command, the FPC state is reported as ISSU Error. [PR/391266]
On M-series, MX-series, and T-series routing platforms,
if you configure IPv6 on an interface with no MAC address (such as
a SONET or loopback interface), it might cause the Routing Engine
to restart. As a workaround, do not configure IPv6 addresses on interfaces
that do not have MAC addresses. [PR/439252]
Class of Service
The class-of-service process (cosd) can fail under certain
circumstances when container interfaces (for example, rlsq) and graceful
routing engine switchover (GRES) are configured. There is no workaround.
[PR/466104]
When a logical tunnel (lt-) interface is the
outbound interface, JUNOS software does not support the IEEE 802.1p
rewrite rule. [PR/55903]
If you try to configure a scheduler map containing two
forwarding classes that are mapped to the same queue, the class-of-service
scheduler is not applied to the Packet Forwarding Engine. As a workaround,
configure a single forwarding class for each available queue. [PR/57907]
On M-series routers connected by VLAN circuit cross-connects
(CCCs) and configured with class-of-service (CoS), when explicit forwarding
(EF) traffic is generated from the ingress customer edge router (CE1)
to the egress customer edge router (CE2), the ingress provider edge
router (PE1) properly marks the packets with default EXP bits and
sends the packets out queue 1, but the intermediary core router forwards
all traffic through queue 0 instead of sending it through the EF queue.
As a workaround, include the no-control-word statement at
any of the following hierarchy levels: [edit protocols l2circuit
neighbor address interface interface-name], [edit (logical-routers logical-router-name | logical-systems logical-system-name) protocols
l2circuit neighbor address interface interface-name], [edit routing-instances routing-instance-name protocols l2vpn], or [edit
(logical-routers logical-router-name | logical-systems logical-system-name) routing-instances routing-instance-name protocols l2vpn]. [PR/65280]
When you configure a specific classifier for a logical
unit, it does not override the fixed classifier configured using wildcards.
[PR/68888]
On M320 and T-series routing platforms, if you map multiple
forwarding classes to the same queue (specify the same value for the queue-num statement at the [edit class-of-service forwarding-classes
class class-name] hierarchy level for multiple
classes) and then include the multiple classes in one scheduler map
(by including the forwarding-class statement for each one
at the [edit class-of-service scheduler-maps map-name] hierarchy level), the commit operation fails with
the message "Total bandwidth allocation exceeds 100 percent for scheduler-map."
[PR/103370]
On MX-series routers, when you configure VPLS over an
LSI interface, classification does not work on the egress PE router
for traffic flowing from the core of the network to the egress CE
router. [PR/240777]
If you configure the tri-color statement at the [edit class-of-service] hierarchy level, the drop counters for
the show interfaces queue command appear to not work for
the medium-high (yellow) priority traffic and the low (green) priority
traffic. The drop counter for the high-priority traffic (red) functions
normally. [PR/258499]
On MX960 routers, bandwidth sharing across high priority
and strict-high priority schedulers might not be as expected. This
issue occurs when the schedulers are configured on logical interfaces.
[PR/265603]
When you set the port speed of a multi-rate POS type 2
PIC to OC3, it does not correctly change the CoS speed value within
the PFE. The speed is left at OC12. This will result in unexpected
class-of-service (CoS) behavior and there is no workaround at this
time. [PR/279617]]
When a core-facing interface on a PE router that is acting
as an IGP peer is deactivated (for example, by deactivating the interface interface-name statement at the [edit protocols ospf area area-id] hierarchy
level), the following message might be written to the system log:
"COSMAN: cosman_unbind_update_if_refcount: Failed to find the ifd interface-name (index) in the ifdtable
for ifl index." There is no operational impact.
[PR/291630]
When the sum of shaping-rates at the logical interfaces
is greater than the interface bandwidth and the rate-limit statement is applied to one of the logical interface queues, the
limiting bandwidth for the queue is based on a scaled down logical
interface shaping-rate value rather than the configured logical interface
shaping-rate. [PR/441413]
Forwarding and Sampling
On M320 and T-series routing platforms, when you configure
interface output sampling, packets sometimes might travel through
the output firewall. As a workaround, configure a firewall filter
on the output interface with then sample and then next-term statements. The workaround provides the same functionality as the
other configuration, but avoids the problem behavior. [PR/70473]
On T-series routers, if there is an ingress firewall configured
to drop all incoming multicast packets, the discarded multicast packets
are incorrectly sent to the Routing Engine. This causes a high utilization
of the CPU (50 percent) on the FPC. [PR/239268]
Do not use the virtual LAN (VLAN) variable when configuring
ether-type or vlan-ether-type match conditions for a firewall filter
at the [edit firewall family vpls filter filter-name term term-name]
hierarchy level. Using the VLAN variable will cause the firewall filter
to fail. [PR/273448]
The show interfaces filters and show interfaces
extensive CLI commands do not display the interfaces. [PR/295977]
Under some circumstances, when you add a prefix at the
[edit policy-options prefix-list list-name] hierarchy level, the commit operation might fail with one
of the following error messages: “Check-out failed for Firewall
daemon (/usr/sbin/dfwd) without details" or "configuration
check-out failed." [PR/305510]
The following message might be written to the system log: "rts_cos_get_shaping_rate_for_ifl():
Entry not found for IFL index in cos ifl table"
under the following conditions:
You configure interface-specific input and output filters
that contain logical bandwidth policers (include the logical-bandwidth-policer statement at the [edit firewall policer policer-name] hierarchy level, and both that policer and the interface-specific statement at the [edit firewall family family filter filter-name term term-name then] hierarchy level).
You apply the filters to an interface (include the input filter-name and output filter-name statements at the [edit interfaces interface-name unit logical-unit-number family family filter] hierarchy level).
You apply a traffic control profile to the interface (include
the profile-name statement at the [edit class-of-service traffic-control-profiles] hierarchy level
and the output-traffic-control-profile profile-name statement at the [edit class-of-service interfaces interface-name] hierarchy level).
The router receives host-bound packets or IP option packets.
As a workaround, include the shaping-rate statement
at the [edit class-of-service traffic-control-profiles profile-name] hierarchy level. [PR/314292]
Network Management
The following groups of MIB objects do not segregate the
data they return according to the routing instance specified in an
SNMP request: vrrpMIB, jnxCosIfqStatsTable, jnxCosQstatTable. [PR/63045]
The TCP dump is reports a max-response-time within IGMP
in seconds while displays units of 1/10th of a second. [PR/424618]
J-Web
While configuring VAP, the No Broadcast SSID
is selected even if the user disables it and redisplays the page.
[PR/462903]
Resolved Issues
This section lists issues that are fixed in the JUNOS Release
9.3R4. The identifier following the description is the tracking number
in our bug database.
Platform and Infrastructure
If too many statistics requests are sent to the FPC from
the Routing Engine, the kernel might run out of buffers and this results
in a Routing Engine failure. [PR/281458: This issue has been resolved.]
On MX, M120 or M320 routers, with E-3FPC platforms a logical
interface flap may trigger a jtree memory leak. [PR/403472: This issue
has been resolved.]
A large volume of next-hop changes in a short period may
cause a small number of packets to be lost or sent to the wrong destination.
[PR/411567: This issue has been resolved.]
If a duplicate address is detected for theIPv6 family
on an Ethernet interface, the DAD does not restart even after the
interface goes down and then back comes up. The has been fixed in
JUNOS Release 9.3 and later and in JUNOS software released after April
23, 2009. [PR/421241: This issue has been resolved.]
The input statistics of the AE interface shows the wrong
value if the member link is part of an IQ-2 PIC. [PR/429771: This
issue has been resolved.]
On MX-series and M120 routers, and M320 routers with an
Enhanced III FPC, if the VRF configuration includes the vrf-table-label statement, a DPC or FPC might dump core when an MPLS packet with
time-to-live (TTL) equal to 0 (zero) or 1 (one) is processed at the
egress provider edge (PE) router. [PR/436017: This issue has been
resolved.]
In JUNOS Release 9.1 or earlier, when MVPN is configured
with auto-RP and there is a change in the RP of the default routing
instance, then an RP address changes and a Layer 2 descriptor leak
occurs. [PR/436637: This issue has been resolved.]
SCU configuration causes the PFE to drop some host-bound
packets on M320 and T-series routers. [PR/438261] [PR/438261: This
issue has been resolved.]
Under certain circumstances an Intelligent Queuing PIC
might not be able to boot properly on an E3-FPC. [PR/438678: This
issue has been resolved.]
When the FPCs for T1600-FPC4-ES, T640-FPC4-1P-ES, T640-FPC1-ES,
T640-FPC2-ES, and T640-FPC3-ES receive corrupted cells through high-speed
links, they might unnecessarily reboot and report the following system
log error message: "Unrecoverable Error: Flist gtop bit toggled !."
No reset is needed to recover from this condition. [PR/441844: This
issue has been resolved.].
On T1600, TX Matrix, or T640 routers installed with one
of the following Flexible PIC Concentrators (FPCs)—T1600-FPC4-ES,
T640-FPC4-1P-ES, T640-FPC4-ES, T640-FPC1-ES, T640-FPC2-ES and T640-FPC3-ES—and
JUNOS Release 9.3 or higher, jtree memory might get corrupted once
routes are deleted while traffic is send to those prefixes. This can
result in permanent or transient packet drops. One or more of the
following symptoms might be logged in the system log:
SRCHIP(1): 131072 Discards - stack underflow
SRCHIP(1): 129735 Discards - truncated key - next hop
SRCHIP(1): 4670347 Multicast list discard route entries
SRCHIP(1): SOF (58) >= DMA length (46) (Read Channel)
SRCHIP(1): RKME int_status 0x300
SRCHIP(1): 14486 Discards - illegal BTT
SLCHIP(1): 1617082 new errors (illegal link) in DESRD
last stream 0 last lout_key 0xabd0e
SLCHIP(1): 1622998 new errors (packet error) in HDRF,
lout_hdrf_poll_stats
There is no workaround and an FPC reboot might be needed
to recover. [PR/443171: This issue has been resolved.]
The kernel may have an error due to the loss of a watchdog
if several packets are sent out from the Routing Rngine through an
aggregated (SONET) interface when the logical interface is down and
the physical interface is up. [PR/449361: This issue has been resolved.]
FIPS 140-2 Level 2 mode operation is not supported, when
dual Routing Engines are on the router. [PR/449750: This issue has
been resolved.].
On MX-series tunnel interfaces configured on DPC show
traffic incorrectly on other interfaces. [PR/450844: This issue has
been resolved.]
In a Layer 3 VPN PE carrying multicast routes, an error
in the kernel crash might occur when an FPC homing on an aggregate
Ethernet interface is restarted. [PR/452999: This issue has been resolved.]
The FPC experiences a heap memory leak when Ethernet OAM
protocols are configured. The workaround is to disable the Ethernet
OAM protocols. [PR/453842: This issue has been resolved.]
Due to a JUNOS software issue, an M120 FEB/FPCx can overreact
to a CPU Layer 2 cache single-bit-error. [PR/457157: This issue has
been resolved.]
User Interface and Configuration
During commit synchronize, the backup Routing Engine logs
the commands to the TACACS+ server. As a result, the commit synchronize
process takes a long time to commit. [PR/424255]
Wildcard apply groups do not work properly in JUNOS Releases
9.1, 9.2, 9.3R1, and 9.3R2. [PR/425355: This issue has been resolved.]
Issuing the set cli complete-on-space off command
may result in unexpected CLI authorization behavior. [PR/426916: This
issue has been resolved.]
SSH/Telnet sessions may time out for a longer period of
time then usual if a user or password is not provided. [PR/428116:
This issue has been resolved.]
The idle sync-other-re process may be incorrectly
shown in configuration mode. [PR/433164: This issue has been resolved.]
If you configure the traceoptions statement under system scripts commit, the router may have commit errors. [PR/438289:
This issue has been resolved.]
Interfaces and Chassis
On MX-series routers configured for graceful Routing Engine
switchover (GRES), aggregated interfaces might not operate correctly
after any of the following events occurs: (a) a simultaneous reboot
of both master Routing Engines, (b) a power cycle of the chassis,
or (c) a graceful switchover from a master Routing Engine to the backup
Routing Engine. To restore functioning, on the master Routing Engine
either issue the commit synchronize full command or restart
the interface process (dcd). [PR/309716 : This issue has been resolved.]
When you reboot an FPC while it is coming online and if
the FPC adding process is interrupted before it successfully completes,
the chassis process does not operate properly. [PR/400676: This issue
has been resolved.]
Incorporating changes to the interfaces configuration
results in a small leak in the DCD process. The leak is at the rate
of 16 bytes per interface configured per commit. [PR/411596: This
issue has been resolved.]
When you configure LACP on an aggregated Ethernet interface,
the counters displayed by the show interface extensive command
might show unexpected values. This problem occurs for logical interfaces
that have an incoming interface index value that matches the default
index of the data stream. [PR/418054: This issue has been resolved]
The PPP MTU value of an interface protocol on a peer might
change as a result of an irrelevant configuration change and cause
the PPP MTU negotiation to fail. [PR/421706: This issue has been resolved.]
When you change a hardware Field Replacement Unit (FRU)
in the chassis, the craft process (craftd) might fail upon reinitializing
the device list and generate a core file. This does not affect normal
operation of the FRU. [PR/429171: This issue has been resolved.]
On MX480 and MX960 platforms, the FAN LED stays green
even when the FAN tray is pulled out. [PR/429521: This issue has been
resolved.]
The algorithm that is responsible to switch over the SFM
and take the FPC offline does not clear the errors (hard/soft) on
each FPC after the SFM is switched over. [PR/433616: This issue has
been resolved.]
For some interfaces, when configured with the WAN-PHY
framing mode, the monitor interface command might be missing
some counters. [PR/435775: This issue has been resolved.]
A large number of ATM2 error interrupts might cause the
FPC to fail. [PR/438073: This issue has been resolved.]
In the output of the show chassis pic fpc-slot x pic-sloty command, the SFP-GE40KM SFP might be shown erroneously as 1000LH
instead of 1000EX. [PR/438753: This issue has been resolved.]
When the same logical interface is deleted from the default
system and added into a logical system, the Routing Rngine might fail.
[PR/441284: This issue has been resolved.]
When the sum of shaping rate at a logical interface is
greater than the interface's bandwidth and a rate limit is applied
to one of the logical interface queues, the bandwidth limit for the
queue is based on a scaled-down logical interface shaping rate value
rather than the configured logical interface shaping rate. [PR/441413:
This issue has been resolved.]
On M-series routers, BGP sessions flap when any configuration
change happens, even an relevant one. As a workaround, make the difference
between the configured MRRU and the MTU to be greater than eight.
[ [PR/442688: This issue has been resolved.]
When the ingress router re-signals an RSVP session, traffic
could egress from a disabled SONET interface that is part of an APS
group that is using container interfaces. As a workaround, switch
the APS interfaces. [PR/443295: This issue has been resolved.]
If VRRP tracks a cloned route this is because the cloned
route will always be treated as down. The reason this it is always
treated as down, is that the unicast cloned routes are not added to
the routing table. [PR/446408: This issue has been resolved.]
Services Applications
A TCP-based stateful firewall flow might remain active
after the service interface inactivity timeout expires, even though
the corresponding TCP session is already closed. Several iterations
of Reset and TCP keepalive messages might be exchanged between the
peers before the flow is completely closed. [PR/446960: This issue
has been resolved.]
General Routing
The show helper statistics and clear helper
statistics commands are not available on MX-series platforms
on or after the following JUNOS releases: 9.3R4, 9.4R4, 9.5R3, and
9.6R2. [PR/445240: This issue has been resolved.]
Routing Protocols
When more than one external path originates from the same
autonomous system (AS), the JUNOS software does not comply with the
RFC 5004 path selection algorithm. [PR/392819: This issue has been
resolved.]
Deactivation of routing instances might cause the routing
protocol process (rpd) to create a soft assertion failure. [PR/396122:
This issue has been resolved.]
In some cases (for example, after a repeated power-down
event), one of the internal database files (/var/db/lmpd-name-id.db) becames corrupt, causing the lmpd system process to fail on commit.
As a workaround, delete the file and commit again. [PR/403129: This
issue has been resolved.]
If a multiaccess interface is disabled, it is advertised
as a disabled link in the router LSA after the Routing Engine switchover.
[PR/418559: This issue has been resolved.]
If OSPF is in overload mode on the standby Routing Engine
but not in overload mode on the master Routing Engine, it may take
a long time to install OSPF routes on the standby Routing Engine.
[PR/421636: This issue has been resolved.]
In rare cases, the BPG cleans the data structures correctly
when the entire peer group fails and the peer group is deleted. [PR/423060:
This issue has been resolved.]
In a large-scale BGP multipath setup, the BGP multipath
calculation uses a large amount of CPU and slows down RPD for a long
period of time. [PR/424360: This issue has been resolved.]
If RIP authentication is turned on, updates may get dropped
on sequence number mismatch because they are not processed in the
order they are received. [PR/429297: This issue has been resolved.]
The assert condition is not valid for cases where the
PIF is flapped. [PR/429392: This issue has been resolved.]
Community types are being allocated at random to the members
in the community list. As a result, extended communities might be
treated as simple and vice versa, which causes failures in the VRF
import code. [PR/430728: This issue has been resolved.]
With non-stop routing enabled for BGP, the master and
backup RPD instances will fail to establish and maintain a synchronized
state. [PR/434162: This issue has been resolved.]
If a static route is pointing to a discard configuration,
a failure may happen when the router attempts to collect the multicast
statistic data. [PR/434298: This issue has been resolved.]
A Layer 3 VPN BGP using the show bgp neighbor command shows local-id 0.0.0.0 as output when NSR is enabled. [PR/434321:
This issue has been resolved.]
With BGP multipath configured, the BGP trace option flags
may not be refreshed after a change in the trace-option flag configuration.
[PR/436440: This issue has been resolved.]
Embedded RP is not created upon receiving a trigger from
multicast traffic. Deactivate and activate the configuration to fix
the problem. [PR/437893: This issue has been resolved.]
Embedded RP configurations cause continuous RPD failure
if PIM is disabled. [PR/438159: This issue has been resolved.]
When you use auto-rp, if the rendezvous point (RP) configuration
is deactivated and then reactivated on the provider edge (PE) router,
the router fails to rediscover the RP announced by the customer edge
(CE) router. [PR/438356] [PR/438356: This issue has been resolved.]
If a RIB is referenced within the FROM clause
of a policy statement, the statement might change on each commit.
This can lead to route flaps on every commit if the statement is used
as the import policy for a RIB group, which in turn is referenced
in OSPF. [PR/441557: This issue has been resolved.]
RPD may fail if a VRF routing instance is reconfigured
in a single commit from Draft-Rosen MVPN to Next-Gen MVPN with RSVP-TE
inclusive provider tunnels. [PR/442391: This issue has been resolved.]
When you configure the path-selection always-compare-med statement at the [edit protocols bgp] hierarchy level,
BGP multipath might not find all eligible paths. [PR/444629: This
issue has been resolved.]
When BGP NSR is configured with sampling (under forwarding-options
sampling), duplicate updates for some prefixes could be sent during
a Routing Engine switchover. [PR/458669: This issue has been resolved.]
MPLS Applications
On M-series and T-series routers, when the MPLS label-switched
path (LSP) re-optimizes (or changes path) followed by a signaling
failure along that path, then the path change does not occur till
the next LSP re-optimization event. [PR/401343: This issue has been
resolved.]
The load-balancing spread is affected when both the primary
and the first secondary LSP are out of commission. [PR/422596: This
issue has been resolved.]
The mplsResourceTunnelTable reports bandwidth
in bps instead of Kbps. [PR/432716: This issue has been resolved.]
The MPLS LSP auto-bandwidth adjustment may stop working
while RSVP signals for the path; either optimization is initiated
or the LSP goes down. [PR/4438157: This issue has been resolved.]
On a PE router, when an uplink is deactivated, the MPLS
LSP BFD session over this link may not switch to other uplinks. [PR/454071:
This issue has been resolved.]
When MPLS traceroute is executed in downstream mapping
TLV (TLV 2), the reply packet contains misleading values because of
an MPLSOAMD error. [PR/454796: This issue has been resolved.]
VPNs
Applying configuration changes that remove both static
P2MP LSP and a static MVPN provider tunnel group configuration, can
result in RPD failure. To avoid this problem, first remove the provider-tunnel
configuration, then remove the LSP P2MP configuration. [PR/288456:
This issue has been resolved.]
In Layer 2 CCC scenarios packets where the size is less
than 64 bytes, the scenarios packets may be erroneously padded when
forwarded through an Ethernet uplink. As a result, the packets size
arriving at the remote end will not correspond to those that were
originally sent. [PR/420037: This issue has been resolved.]
If you create new VPLS instances with a provider-tunnel
Point-to-Multipoint (P2MP) label-switched path template, the routing
protocol daemon (RPD) might restart, creating P2MP LSP paths. [PR/442544:
This issue has been resolved.]
While configuring a Layer 2 VPN routing instance, if the
protocol’s Layer 2 VPN stanza is not included as part of the
routing instance configuration when a commit is performed and instead
is added during a later commit, the Layer 2 VPN session associated
with this routing instance may not come up. [PR/449494: This issue
has been resolved.]
High Availability
When you issue the show chassis ethernet-switch statistics command on a routing platform with graceful Routing Engine switchover
(GRES) enabled, the two Routing Engines might be unable to exchange
information for about 2 seconds. [PR/233779: This issue has been resolved.]
The MIB definitions, jnxPicXDpcCombo10X1GE and jnxPicXQDpcCombo10X1GE for Combo DPC PICs, are missing in the
database which causes errors in the chassis process (chassisd) logs.
[PR/418469: This issue has been resolved.]
After an ISSU software upgrade on the MX-series router,
you might see a kernel database replication error, an ISSU prepare
timeout, and a core dump. These problems might be due to issues with
allocated schedulers after the ISSU. This issue is seen only with
Gigabit Ethernet Enhanced Queuing IP Services DPCs. [PR/427694: This
issue has been resolved.]
The TX LCC displays an error when ARP entries time out
and are added back. This problem occurs with JUNOS Release 9.0 and
later (released after August 14, 2007) and in JUNOS Release 8.5R3.3
and 8.5 (released after October 17, 2008). [PR/450698: This issue
has been resolved.]
Layer 2 Ethernet Services
For MX480 routers only, the temperature gap between the
MX480 fan speed-up and slow-down has changed from 0 degree Celsius
to 5 degree Celsius. Before the change, the fan speeds up to a maximum
temperature of 54 Celsius and slows down to 53 Celsius (0 degree gap).
After the change, the fan speeds up to a maximum temperature of 56
Celsius and slows down to 49 Celsius (5 degree gap). [PR/394651: This
issue has been resolved.]
When you configure GRES on the MX-series router, the SIB
might not initialize if you reboot both Routing Engines simultaneously,
or reboot the router with only one Routing Engine installed. [PR/408359:
This issue has been resolved.]
When the router is configured as a DHCP relay agent with
the option 82 enabled, it starts dropping packets when the packet
size exceeds the maximum size as specified in option 57. [PR/411626:
This issue has been resolved.]
The relay-option-60 configuration, located under
the group statement, stops working if something else is changed
under the same group statement. [PR/434373: This issue has
been resolved.]
High Availability
An AGRES switchover may cause an FPC failure if the interfaces
configuration contains the following statement: sp-x/y/0 { unit
0 { family inet; }. [PR/399152: This issue has been resolved.]
If static routes are configured under [routing-options], which points to a discarded interface, and if GRES is also configured,
then the kernel database may not synchronize with the backup Routing
Engine after a GRES switchover is performed. The backup Routing Engine
displays a connection error. [PR/399888: This issue has been resolved.]
When the IPv6 protocol is configured in an IP-IP tunnel
and if GRES and NSR are enabled, the backup Routing Engine might display
a replication error. [PR/420102: This issue has been resolved.]
Installing OSPF routes may take a longer then normal period
of time, if OSPF is in overload mode on a standby Routing Engine and
is not in overload mode on the master Routing Engine (RE). [PR/421636:
This issue has been resolved]
When you use auto-RP and if the rendezvous point (RP)
configuration is deactivated and then reactivated on the provider
edge (PE) router, the router will fail to rediscover the RP announced
by the customer edge (CE) router [PR/438356: This issue has been resolved]
When you configure the path-selection always-compare-med statement at the [edit protocols bgp] hierarchy level,
BGP multipath may not find all eligible paths. [PR/444629: This issue
has been resolved]
Class of Service
The packet drop cannot be brought down to zero. However,
with this fix the packet drop should be reduced by nearly half. [PR/429961:
This issue has been resolved.]
On M320 routers, when the Tunnel PIC is on a standard
FPC, multicast traffic conforming to Internet draft-rosen-vpn-mcast-08.txt
might be subject to incorrect CoS queuing and rewrite. [PR/433142:
This issue has been resolved.]
After the aggregate chassis configuration is deactivated
then activated, the classifier might not be properly applied on aggregate
interfaces. [PR/442240: This issue has been resolved.]
After an FPC restart, the classifiers might not be properly
applied to the aggregate members if they have LACP configured. This
following error message is displayed: Jun 4 12:43:02 sting-re1
fpc0 SLCHIP(0): Unable to fathom what channel used by IFL 68 Jun 4
12:43:02 sting-re1 fpc0 SLCHIP(0): error 1 in setting QoS table 1
for ifl 68 Jun 4 12:43:02 sting-re1 fpc0 COSMAN: lchip write failed,
lchip 0 while binding IFL(68) to classifier(1) Jun 4 12:43:02 sting-re1
fpc0 SLCHIP(0): Unable to fathom what channel used by IFL 68 Jun 4
12:43:03 sting-re1 fpc0 SLCHIP(0): error 1 in setting QoS table 1
for ifl 68 Jun 4 12:43:03 sting-re1 fpc0 COSMAN: lchip write failed,
lchip 0 while binding IFL(68) to classifier(1)
The problem is seen on JUNOS Release 9.3, 9.4 releases shipped
after 08/15/2008. Deactive and activate CoS to fix the problem. [PR/442418:
This issue has been resolved.]
When an Intelligent Queuing PIC is taken offline and then
brought back online, the chassis scheduler map might change to [95,0,0,5].
As a workaround, deactivate the chassis scheduler map before taking
the PIC offline and then activate the chassis scheduler map after
PIC comes back online. [PR/444543: This issue has been resolved.]
Tail drops are not seen in the Routing Engine CLI output.
[PR/446617: This issue has been resolved.]
Forwarding and Sampling
Policers cannot be modified after a system upgrade because
of a flaw in the parser routine. This error occurs when the current
item is deleted and then the parser cannot proceed to the next item.
With the fix, the routine in the forwarding process (dwfd) has been
modified so that the next item in the object tree is fetched before
the current object is parsed. [PR/433418]
Network Management
When the SNMP has a response that is larger than 9KB,
a "Message too long" log is reported but no SNMP get response failure
occurs. [PR/389559: This issue has been resolved.]
When subagents are slow in responding to SNMP queries,
the SNMP process continues to buffer the incoming SNMP requests. SNMP
memory becomes exhausted after the buffer increases to a bigger value,
which causes the SNMP process to fail. [PR/430106: This issue has
been resolved.]
If the master snmpd restarts in a TX Matrix platform and
the SNMP subagent running with an LCC chassisd tries to register MIB
objects with the master snmpd, the registration progress fails and
results in the snmpd (running at SCC) utilizing large amounts of CPU.
[PR/438085: This issue has been resolved.]
Previous Releases
Resolved Issues
9.3R3
This section lists issues that were fixed in JUNOS Release 9.3R3.
The identifier following the description is the tracking number in
our bug database.
Platform and Infrastructure
On M320 and T-series routing platforms, when you configure
the local gateway of an IPSec tunnel in a routing instance, IPSec
might not function properly over a generic routing encapsulation (GRE)
tunnel. [PR/73864: This issue has been resolved.]
On M7i and M10i routers, when the system log for the CFEB
becomes full, additional messages are discarded instead of overwriting
the oldest messages in the log. [PR/79128: This issue has been resolved.]
When the resolve.conf file does not include a
proper working DNS server name, the show ntp associations command output displays the message Can't find host localhost with NTP server definitions.” Because
the DNS server name is not mandatory in the resolve.conf file, the
error message is unnecessary. [PR/270915: This issue has been resolved.]
You might encounter output drops with the 10–Gigabit
Ethernet PICs. The output drops occur because the software incorrectly
calculates the number of queues for polling statistics in a 10-Gigabit
Ethernet PIC, even though it is different from other PICs. [PR/277693:
This issue has been resolved.]
On MX-series routers using Routing Engine-based sampling,
when samples are sent from the Packet Forwarding Engine to the Routing
Engine over certain interfaces, the interface Input/Output index and
next-hop address are set to 0. The following interfaces are affected:
ge-x/0/y, ge-x/1/y, xe-x/2/0, and xe-x/3/0. [PR/286089: This issue
has been resolved.]
When an IPv6 BGP peer becomes unreachable, the raw IPv6
packets might be forwarded without the correct Layer 2 encapsulation
over an Ethernet connection. [PR/314629: This issue has been resolved.]
The MX-series Tri-rate DPC does not support MAC accounting
and returns the following message: "error: MAC accounting and policing
not supported." [PR/387919: This issue has been resolved.]
On T1600 routing nodes with JUNOS Release 9.3R1 or 9.3R2,
if there are interface flaps and routes from 0.0.0.0 to 127.255.255.255
using an indirect next hop, the following error message might be triggered
in the syslog: "JTREE(jt_nh_get_reachable_nh32): Not reachable 0x00000000:0x2d740780
for seg 1 (rt_jtree_build_nh)" and forwarding traffic is impacted.
[PR/392876: This issue has been resolved.]
For aggregated interfaces only, when GRES is enabled and
the neighboring server fails, the next hop turns to a hold next hop
which waits to be resolved. If the next hop is resolved immediately,
the replicated Routing Engine (RE) might panic. [PR/394209: This issue
has been resolved.]
In an MPLS Layer 3 VPN network, the traceroute command
does not return a valid result (it returns three asterisks [* * *] instead) for the hop between two routers when their configuration
includes both of the following features:
Per-packet load balancing (the load-balance per-packet statement is included at the [edit policy-options policy-statement policy-name then] hierarchy level and that policy-name statement is included at the [edit
routing-options forwarding-table] hierarchy level)
Multiple equal-cost paths between the routers (for example,
when the encapsulation frame-relay statement is included
at the [edit interfaces interface-name] hierarchy level for a SONET/SDH interface and the same address is
specified for more than one of its logical interfaces at the [edit
interfaces interface-name unit logical-unit-number family family address] hierarchy level)
[PR/396280: This issue has been resolved.]
When you have configured the vrf-table-label statement at the [edit routing-instances routing-instance-name] hierarchy level for a VRF routing instance, IPv4 and IPv6
MTU error notification is not handled properly. On M320 routers with
an incoming FPC as SFPC and an outgoing FPC as FFPC, large IPv6 packets
are not being detected and discarded properly. [PR/397334: This issue
has been resolved.]
When the Routing Engine requests numerous statistics that
surpass a set boundary, "PFEMAN: Couldn't write..." messages might
be logged and DPC failures occur. [PR/398233: This issue has been
resolved.]
When the multicast MAC address is configured on the local
PE for a CE device, traffic originating from a remote PE is silently
dropped without informing the source that the data did not reach its
intended recipient [PR/398698: This issue has been resolved.]
Prolonged fast interface flaps with thousands of ARP entries
might cause the FPC to stop functioning. [PR/399175: This issue has
been resolved.]
On T640 and T1600 routing platforms with the Enhanced
Scaling FPC4, errors such as the following might be written to the
system log: "x new errors (mtu error) in HDRF,lout_hdrf_poll_stats,"
"Error (code: 30, type:Minor) encountered, cmalarm_passive_alarm_signal,"
and "1 new errors in SLout OP." There is no operational impact. [PR/399258]
On egress PE routers, the correct EXP classifier is not
applied to label-switched interfaces (LSIs) that are created by including
the vrf-table-label statement at the [edit routing-instances routing-instance-name] hierarchy level. [PR/399634:
This issue has been resolved.]
In specific a configuration such as MVPN, restarting RPD
causes a small memory leak on the PFE lookup table. [PR/400917: This
issue has been resolved.]
For T640 routing nodes only, when you configure per-packet
load balancing, the outgoing traffic is dropped. This issue is exacerbated
if you configured two PFE routing instances. [PR/402031: This issue
has been resolved.]
When the ifd channel mode is of type HYBRID, LSI statistics
are counted every time ifl_stats are collected for each logical interface.
This causes the LSI input counters to be incremented by a multiple
of the logical interfaces. [PR/404857: This issue has been resolved.]
On MX-series routers, when IGMP snooping is enabled in
a VPLS instance, a VPLS interface flap causes a DPC to unexpectedly
restart. [PR/405136: This issue has been resolved.]
The traffic class byte is set to 0x00 in the
header of some BGP packets sent between interfaces that have IPv6
addresses, instead of the correct setting of 0xc0 (INTERNETCONTROL).
[PR/406802: This issue has been resolved.]
For MX-series routers running with JUNOS Release 9.1R1
or higher, when traffic is sent to the router with the IEEE 802.1p
value set to 2 or the source class usage (SCU) configured, the packets
are discarded when they reach the PFE. [PR/414491: This issue has
been resolved.]
The show pfe statistics CLI command does not
display I-CHIP Ipktwr packet drop counts. [PR/414477: This issue has
been resolved.]
Under rare circumstances, the kernel panics on the TX
Matrix LCC or on the SRX-series platform following a Routing Engine
switchover or an RDP connection timeout between the LCC and SCC. [PR/416973:
This issue has been resolved.]
For multicast traffic, if the OIF is on an aggregated
interface and its member link is on a different PFE (for example,
7/1/0 and 6/1/0), multicast traffic might be lost after the FPC, which
has IIF for the multicast, is rebooted. [PR/418583: This issue has
been resolved.]
Initial ARP packets are discarded by the default ARP policer
because when a T1600 routing nodes FPC restarts, the current credit
is initialized to JT_POL_SR_CURRENT_CREDIT_MAX, which is 0xFFFFF.
This has a high negative value in SR, so packets are dropped until
it goes down. As a workaround, you can initialize the current credit
to max_credit_limit (which is equal to (credit_limit / Rate) * time_credit),
approximately equal to TC. [PR/419909: This issue has been resolved.]
The SNMP remote operations process (rmopd) might fail
after configuring a BGP neighbor with a local address. [PR/420504:
This issue has been resolved.]
In JUNOS Release 9.3R1 or higher, on Juniper Networks
routers with Type 4 FPCs or T1600 routing nodes, multicast traffic
is not counted within the interface statistics counters once class-of-service
rewrite rules have been applied to the interface. [PR/420681: This
issue has been resolved.]
On the MX-series router, when you configure MPLS and a
tunnel configuration on the same Gigabit Element (GE) DPC, the tunnel
interface shows traffic as the sum of the traffic of the other Gigabit
Element (GE) interfaces on the DPC. This is a cosmetic issue and does
not affect functionality. [PR/422274: This issue has been resolved.]
When an aggregate bundle fails and the aggregate bundle
is part of an Equal Cost Multi-Path (ECMP), there is a short transient
window while traffic is re-routed where one or all of the following
entries is reported in the message log: - PFE: Detected error nexthop
- RCHIP(1): RKME int_status 0x10000000 - LCHIP(1): 3067 new errors
(illegal size) in DESRD - LCHIP(1): 3067 new errors (illegal link)
in DESRD - RCHIP(1): SOF (61) >= DMA length (46). [PR/424741: This
issue has been resolved.]
On MX-series routers, the FPC might reboot without a failure
if the DWDM is incorrectly configured. Either disconnect the offending
link or configure the Disable statement at the [edit
interfaces] hierarchy level to stop the FPC reboots. [PR/430703:
This issue has been resolved.]
When configuring Proxy ARP on unnumbered interfaces, the
router can incorrectly answer address collision detection ARP requests,
causing DHCP clients to decline the offered address. [PR/431192: This
issue has been resolved.]
When you configure flow monitoring on a T1600 with a T640
or T1600 Enhanced Scaled FPC4 and the input and output traffic are
located on the same bottom PFE1, then the next-hop address and output
interface are set to 0. [PR/431567: This issue has been resolved.]
On MX-series, M120, and M320 routers with an Enhanced
III FPC, the DPC FPC fails if the VRF configuration includes the vrf-table-label statement when an MPLS packet with time-to-live
(TTL) is set equal to 0 (zero) or 1 (one) and is processed at the
egress PE. [PR/436017: This issue has been resolved.]
An ARP retry count is incorrect in that instead of sending
out the first five retries every second, the third and consequent
retries are sent every 15 seconds. [PR/436580: This issue has been
resolved.]
On MX-series routers with a Combo DPC (20-port 1-Gigabit
Ethernet 2-port 10-Gigabit Ethernet), if the family mpls statement
is included at the [edit interfaces interface-name unit logical-unit-number] hierarchy level
for any 1-Gigabit Ethernet port of a DPC slot, the show interfaces
statistics command reports zero values for input traffic at all
ports. This issue does not affect the input traffic statistics for
the 10-Gigabit Ethernet ports. This is a cosmetic issue and does not
affect functionality. [PR/436653: This issue has been resolved.]
User Interface and Configuration
The alarm process (alarmd) updates /var/db/feature.db, a license-tracking file, every
60 seconds, even on routers that do not support the JUNOS software
licensing feature (for example, the M7i, M10i, M40e, and T-series
routing platforms) and causes unnecessary hard disk drive activity.
[PR/308466: This issue has been resolved.]
The container value is unavailable when the commit script show configuration system scripts commit is used with traceoptions and when the direct-access statement is set. [PR/394243:
This issue has been resolved.]
The algorithm that switches over the SFM and takes the
FPC offline, does not clear the hard/soft errors on each FPC once
the SFM is switched over. [PR/433616: This issue has been resolved.]
When the direct-access statement is configured,
the firewall filter input-list in a commit script may not return an
expected value. [PR/406663: This issue has been resolved.]
The RPC get-configuration statement may not
get the expected output if both direct-access and filter are configured under [system scripts commit]. [PR/406687:
This issue has been resolved.]
You get a commit fail when applying a group to the chassis
section of a configuration. [PR/425355: This issue has been resolved.]
When you use the commit confirmed command on
TX-series routers, it fails to roll back the original configuration
as expected. [PR/425642: This issue has been resolved.]
If you configure the traceoptions statement under system scripts commit, the router may have commit errors. [PR/438289:
This issue has been resolved.]
Interfaces and Chassis
In the output from the show interfaces extensive command, the count of REI-P errors in the SONET path section
is incorrect when the RDI-P error also appears in the SONET defects field. [PR/256049: This issue has been resolved.]
On aggregated Ethernet interfaces configured for LACP
(the lacp statement is included at the [edit interfaces
aex aggregated-ether-options] hierarchy
level), if you deactivate one of the interfaces in the aggregate,
multicast traffic might not be detoured as expected. [PR/313617: This
issue has been resolved.]
On a router with dual Routing Engines, if the hard disk
is inoperable or missing on the backup Routing Engine, no chassis
alarm is set (visible in the output of the show chassis alarms command), nor is an SNMP trap or system log message generated. The
only indication is a line like the following in the output from the show system boot-messages command: "adx: not attached, missing in Boot List." [PR/392837: This issue has
been resolved.]
On the T1/E1 Circuit Emulation PIC, if you specify an
invalid value for the payload-size statement at the [edit
interfaces (t1 | e1)-fpc/pic/port satop-options] hierarchy level, the
DS1 alarm LOF is raised, as reported in the output from the show interfaces (t1 | e1)-fpc/pic/port:channel command.
The valid values for the payload-size statement are
as follows:
In T1 mode, a multiple of 24 in the range 24 to 1024
In E1 mode, a multiple of 32 in the range 64 to 1024
[PR/395143: This issue has been resolved.]
In JUNOS Release 9.3R1 and later, SONET Automatic Protection
Switching (APS) does not work correctly on the 4-port Channelized
OC3/STM1 Circuit Emulation PIC with SFP. [PR/402068: This issue has
been resolved.]
On channelized OC12 intelligent queuing (IQ) interfaces,
incoming code violation path (CV-P) messages might not trigger the
sending of remote error indication path (REI-P) messages.[PR/47188:
This issue has been resolved.]
While bringing a PIC online, after bringing a router online
and performing an FPC or PIC (re)start, the interface hold-down up
timer is activated and the interface comes up immediately. [PR/277236:
This issue has been resolved.]
In TX Matrix platforms, the show chassis fpc X command returns an error instead of showing the FPC information
when X is greater than 8. [PR/387950: This issue has been resolved.]
In OC768-over-OC192 mode on the 4-port OC192c PIC, when
you change the clocking internal statement to clocking
external at the [edit interfaces interface-name] hierarchy level, the clock may not come up. [PR/395847: This
issue has been resolved.]
When the no-auto-negotiation statement is configured
under a port within IQ2 PICs, the down link may flap. [PR/397491:
This issue has been resolved.]
On T640 router nodes when the FPC is taken offline, the
AE bundle statistics (which issue the monitor interface traffic command) display a high value. This is not an issue for the TX Matrix
platform. [PR/399451: This issue has been resolved.]
Running OAM under an aggregate interface might not detect
a link failure in a child interface. This causes the router to direct
network traffic to a destination where it is lost. [PR/399868: This
issue has been resolved.]
The output for queue counters under the show interfaces command (xe-fpc/pic/port extensive) might be incorrect
when traffic is passed at near maximum throughput to any Queuing IQ2
or IQ2E PICs or DPCs. [PR/401431: This issue has been resolved.]
High priority traffic gets RED dropped even though the rate
is lower than the shaping-rate under the following conditions:
248 VLANs are configured on a single port within an IQ2
Gigabit Element (GE) PIC
The shaping rate for each VLAN is set to 4m and a buffer
size for high priority traffic (for example, real-time is 5 percent)
Both high and low priority traffic are sent out through
all 248 VLANs where the total rate is higher than the line rate
[PR/401893: This issue has been resolved.]
When Multilink Frame Relay encapsulation is configured
on an interface using the encapsulation multilink-frame-relay-uni-nni statement is included at the [edit interfaces interface-name] hierarchy level), the kernel might generate an error. [PR/407608:
This issue has been resolved.]
When a 10-Gigabit Element interface of a DPC is connected
to a faulty optical card which causes the link state to change at
a very high rate, the DPC fails. [PR/411072: This issue has been resolved.]
When a Layer 2 policer is applied to the egress interface
of a router, the dropped frame statistics might show incorrect information.
[PR/419181: This issue has been resolved.]
On an IQ2 PIC, the slow aging interval might be overwritten
with a value of 202 seconds which causes the MAC entry to be removed
in 6 to 7 minutes. [PR/419510: This issue has been resolved.]
The address family of child next hops is incorrectly set
to the address family of the IFF, instead of the address family of
the parent next hop. [PR/425802: This issue has been resolved.]
A NULL pointer reference in an ifinfo failure is caused
by a loss of synchronization with GRES-enabled Routing Engines. [PR/43112:
This issue has been resolved.]
The SFP-GE40KM SFP may display as 1000LH instead of 1000EX
in the output of the chassis pic fpc-slot x pic-slot y command.
[PR/433616: This issue has been resolved.]
Services Applications
The issue occurs when you configure the NAT match-direction
output statement and attach it to a interface-style service set
on an egress interface. When you explicitly configure forward and
backward rules for a NAT service set, an ICMP fragmentation-needed message is not sent and the traffic is dropped without notification.
If the backward rule is not configured and is left implicit, this
problem is not seen. An explicit backward rule causes the ICMP error
packet to be handled as a new flow. [PR/238215: This issue has been
resolved.]
On an M7i or M10i router with the enhanced CFEB, if you
issue the deactivate forwarding-options sampling command,
sampling stops for both IPv4 and IPv6 traffic. If you then issue the activate forwarding-options sampling command, sampling resumes
for only IPv4 traffic. [PR/415140: This issue has been resolved.]
General Routing
When you configure multiple addresses for the from
neighbor statement inside a routing policy term, only the last
address takes effect. [PR/414768: This issue has been resolved.]
On TX Matrix platforms, use of generate in the
routing-options stanza with reference to a policy results in the commit
not completing successfully. [PR/416380: This issue has been resolved.]
A RPD error occurs after you commit changes to a routing
instance configuration. [PR/425126: This issue has been resolved.]
Routing Protocols
On a router with dual Routing Engines and NSR configured,
the backup RPD may go down in rare instances while processing an indirect
next-hop delete. [PR/302731: This issue has been resolved.]
Inefficient deletions of BGP routes from the routing instance
table cause the scheduler to slip. [PR/305027: This issue has been
resolved.]
When more than one external path originates from the same
autonomous system (AS), the JUNOS software does not comply with the
RFC 5004 path selection algorithm. [PR/392819: This issue has been
resolved.]
The deactivation of a routing instance causes an RPD to
create a soft assertion failure. [PR/396122: This issue has been resolved.]
On a router configured with nonstop routing (NSR), when
you apply the BGP import policy and then issue the clear bgp neighbor
address soft command to reset BGP, the policy does not take effect.
[PR/396291: This issue has been resolved.]
If you specify an IPv6 address as a value in the ssm-groups statement at the [edit routing-options multicast] hierarchy
level, the SSM group does not work as expected. [PR/399352: This issue
has been resolved.]
When you enable distributed periodic packet management
by including the delegate-processing statement at the [edit routing-options ppm] hierarchy level, BFD packets are
transmitted on a queue other than queue 3 (this could be queue 0 or
queue 4 depending on the JUNOS software version). [PR/400907: This
issue has been resolved.]
The SNMP interface index is not set internally which causes
the MIB interface queries to display the index value as zero.This
can also cause SNMP interface MIB queries for statistics to return
stale information. [PR/401038: This issue has been resolved.]
If GRES is not enabled on a Routing Engine switchover,
then the routing protocol process (rpd) on the new backup Routing
Engine quits before cleaning up the forwarding table. [PR/402372:
This issue has been resolved.]
When you issue the mtrace source command and the route to the source is defined in the routing
table for a PIM nonforwarding instance (that is, not in the main instance
table, inet.0), the command fails with the following messages: "...giving
up" and "Timed out receiving responses." [PR/403033: This issue has
been resolved.]
When an operator executes the show route aspath-regex command and then attempts to escape with CTRL+C, an RPD generates
a failure. [PR/403410: This issue has been resolved.]
When the OSPF overload timeout is set, even as low as
the minimum of 60 seconds, the external LSA may not be generated even
after the overload timer times out. [PR/404097: This issue has been
resolved.]
When peers in different BGP peer groups have similar export
policies such that identical advertisements are sent, the routing
protocol process (rpd) might generate an error and become unresponsive
when the backup Routing Engine comes online. [PR/404471: This issue
has been resolved.]
When certain statements are included at the [edit
protocols bgp group group-name] hierarchy
level, the routing protocol process (rpd) might generate an error
and stop operating in some circumstances. [PR/404667: This issue has
been resolved.]
Aggregate routes with a large number of contributing members
cause the routing protocol process (rpd) to monopolize the CPU constantly
with frequent routing changes. However this condition applies only
when you configure a policy with the aggregate-contributor match condition. [PR/405499: This issue has been resolved.]
An SNMP MIB walk of the downstream interfaces of point-to-multipoint
multicast routes might cause the routing protocol process (rpd) to
fail. [PR/405505: This issue has been resolved.]
When rapid configuration commits occur for a certain type
of configuration changes that include nonstop routing configuration,
rpd may stop consuming further configuration changes with the message
"SIGHUP while previous commit isn't yet complete." [PR/405761: This
issue has been resolved.]
If you redistribute a default route or other labeled unicast
FEC with the discard or reject action into BGP and enable traffic
statistics at the [edit protocols bgp family inet labeled-unicast] hierarchy level, the routing protocol process (rpd) might fail and
FECs might be logged with a value of 0. [PR/407546: This issue has
been resolved.]
When changing from static OSPF and ISIS route load balancing
to BGP load balancing with multipath enabled, the routes may not be
load balanced correctly until the BPG session is restarted. [PR/407925:
This issue has been resolved.]
PIM mistakenly prefers a specific hidden route over an
active less specific route as the RPF route to the MCAST source. [PR/411385:
This issue has been resolved.]
If a multiaccess interface is disabled, it is advertised
as a disabled link in the router LSA after the Routing Engine (RE)
switchover. [PR/418559: This issue has been resolved.]
In rare cases, the BPG cleans the data structures correctly
when the entire peer group fails and the peer group is deleted. [PR/423060:
This issue has been resolved.]
In a large-scale BGP multipath setup, the BGP multipath
calculation uses a large amount of CPU and slows down RPD for a long
period of time. [PR/424360: This issue has been resolved.]
If RIP authentication is turned on, updates may get dropped
on sequence number mismatch because they are not processed in the
order they are received. [PR/429297: This issue has been resolved.]
The assert condition is not valid for cases where the
PIF is flapped. [PR/429392: This issue has been resolved.]
Community types are being allocated at random to the members
in the community list. As a result, extended communities might be
treated as simple and vice versa, which causes failures in the VRF
import code. [PR/430728: This issue has been resolved.]
If a static route is pointing to a discard configuration,
a failure may happen when the router attempts to collect the multicast
statistic data. [PR/434298: This issue has been resolved.]
A Layer 3 VPN BGP using the show bgp neighbor command shows local-id 0.0.0.0 as output when NSR is enabled. [PR/434321:
This issue has been resolved.]
With BGP multipath configured, the BGP trace option flags
may not be refreshed after a change in the trace option flag configuration.
[PR/436440: This issue has been resolved.]
Embedded RP configurations cause continuous RPD failure
if PIM is disabled. [PR/438159: This issue has been resolved.]
On a router configured for NSR, when you apply a BGP import
policy and issue the clear bgp neighbor address soft command to reset BGP, the policy does not take effect.
(In terms of configuration statements, the nonstop-routing statement is included at the [edit routing-options] hierarchy
level and the import policy-name statement
at the [edit protocols bgp group group-name neighbor address] hierarchy level.) As
a workaround, either disable NSR or issue the clear bgp neighbor address command without the soft option,
which forces BGP peers to reestablish their sessions. [PR/396291:
This issue has been resolved.]
When two BGP peers establish a session, they negotiate
the hold time to use for keepalive messages. If one of the peers uses
a nondefault hold-time value (that is, the hold-time statement
is included at the [edit protocols bgp group group-name] hierarchy level in its configuration), and either of the peers
goes down immediately after the session is established, the hold timer
incorrectly expires after the default interval instead of the negotiated
interval. [PR/396823: This issue has been resolved.]
If you specify an IPv6 address as a value for the ssm-groups statement at the [edit routing-options multicast] hierarchy level, the SSM group does not work as expected. As a workaround,
specify only IPv4 addresses. [PR/399352: This issue has been resolved.]
When you enable distributed periodic packet management
(by including the delegate-processing statement at the [edit routing-options ppm] hierarchy level), BFD packets are
transmitted on a queue other than queue 3 (queue 0 or 4 depending
on the JUNOS version). If system load allows it, disable distributed
PPM as a workaround. [PR/400907: This issue has been resolved.]
When you issue the mtrace source command and the route to the source is defined in the routing
table for a PIM nonforwarding instance (that is, not in the main instance
table, inet.0), the command fails with the following messages:
"...giving up" and "Timed out receiving responses." [PR/403033: This
issue has been resolved.]
When certain statements are included at the [edit
protocols bgp group group-name] hierarchy
level, the routing protocols process (rpd) might generate an error
and stop operating in some circumstances. [PR/404667: This issue has
been resolved.]
MPLS Applications
After a link flap which triggers a print-to-multipoint
LSP reroute, the CCC connection stays down for an long period of time
due to a race condition between CSPF runs and the RSVP. [PR/280259:
This issue has been resolved.]
Traffic loss might occur during an LSP switchover. [PR/392406:
This issue has been resolved.]
When you change the configuration of a secondary (standby)
LSP in certain ways, the entire LSP is taken down and set up again,
which might cause traffic loss or delay. Specifically, the problem
occurs if you add or change the value of certain statements at the [edit protocols mpls label-switched-path lsp-name secondary lsp-name] hierarchy level, including admin-group, hop-limit, and priority. [PR/394184:
This issue has been resolved.]
On M-series and T-series routers, when the MPLS label-switched
path (LSP) re-optimizes (or changes path) followed by a signaling
failure along that path, then the path change does not occur till
the next LSP re-optimization event. [PR/401343: This issue has been
resolved.]
If an RSVP LSP configured with LDP tunnel initiates auto-bandwidth
adjustment, the LDP might fail to send keepalive message. This can
trigger an LDP session flap as a result of hold-down timer expiration.
[PR/407707: This issue has been resolved.]
VPNs
The time-to-live (TTL) threshold value is not propagated
correctly for VPNs that use IPv6 addresses. This might cause multiple
entries for the same address in the output from the traceroute command. [PR/257497: This issue has been resolved.]
When you reboot a PIC or FPC that houses a virtual tunnel
(vt-) interface, the interface is not re-created. As a workaround,
deactivate and reactivate the interface in the configuration. [PR/266170:
This issue has been resolved.]
When deleting a Layer 2 VPN routing instance and then
adding a new VPLS routing instance using the same interface within
the same commit, RPD fails. [PR/291407: This issue has been resolved.]
If you take a PIC offline that hosts a large number (for
example, 1000) of CE-facing interfaces in a Layer 2 VPN, the routing
protocols process (rpd) might generate an error. [PR/300601: This
issue has been resolved.]
On a router configured for nonstop routing (NSR), if you perform
the following sequence of steps, the routing protocol process (rpd)
on the backup Routing Engine might generate a failure:
Remove a Layer 2 VPN routing instance (that is, one for
which the configuration includes the instance-type l2vpn statement
at the [edit routing-instances routing-instance-name] hierarchy level).
Commit the configuration.
Immediately create a new Layer 2 VPN routing instance.
Commit the configuration.
[PR/401057: This issue has been resolved.]
In a VPLS dual-homed configuration, traffic loss might
occur for approximately 20 seconds during a switchover from the backup
to the primary interface. [PR/404605: This issue has been resolved.]
On a router configured as a Layer 2 VPN ASBR or route
reflector, if a BGP session to a Layer 2 VPN peer (Layer 2 VPN signaling
is enabled) flaps or is explicitly cleared, the backup routing protocol
process (rpd) might fail and restart. [PR/407820: This issue has been
resolved.]
If MAC addresses are learned within a VPLS instance, CE
devices will communicate directly even though no-local-switching is configured. [PR/419976: This issue has been resolved.]
Multicast group addresses ending with .232 are classified
as SSM groups when using multicast VPNs. These routes are not installed
in a multicast VPN routing table and all traffic to these destinations
is dropped. [PR/426811: This issue has been resolved.]
While handling the ifl mismatch notification, multicast
code finds the active route from the route (S,G) that should get installed
in the forwarding plane which leads to a mismatch. The multicast code
then hands the mismatch notification to the protocol that owns the
active route. While finding the active route, multicast ignores the
MVPN route and the mismatch notification is dropped. [PR/431211: This
issue has been resolved.]
Layer 2 Ethernet Services
For MX480 router only, the temperature gap between the
MX480 fan speed-up and slow-down has changed from 0 degree Celsius
to 5 degree Celsius. Before the change, the fan speeds up to a maximum
temperature of 54 Celsius and slows down to 53 Celsius (0 degree gap).
After the change, the fan speeds up to a maximum temperature of 56
Celsius and slows down to 49 Celsius (5 degree gap). [PR/394651: This
issue has been resolved.]
When you configure GRES on the MX-series router, the SIB
might not initialize if you reboot both Routing Engines simultaneously,
or reboot the router with only one Routing Engine installed. [PR/408359:
This issue has been resolved.]
When the router is configured as a DHCP relay agent with
the option 82 enabled, it starts dropping packets when the packet
size exceeds the maximum size as specified in option 57. [PR/411626:
This issue has been resolved.]
The relay-option-60 configuration, located under
the group statement, stops working if something else is changed
under the same group statement. [PR/434373: This issue has
been resolved.]
High Availability
An AGRES switchover may cause an FPC failure if the interfaces
configuration contains the following statement: sp-x/y/0 { unit
0 { family inet; }. [PR/399152: This issue has been resolved.]
If static routes are configured under [routing-options] which points to a discarded interface and if GRES is also configured
then the kernel database may not synchronize with the backup Routing
Engine (RE) after a GRES switchover is performed. The backup Routing
Engine (RE) displays a connection error. [PR/399888: This issue has
been resolved.]
When the IPv6 protocol is configured in an IP IP tunnel
and if GRES and NSR are enabled, the backup Routing Engine (RE) might
display a replication error. [PR/420102: This issue has been resolved.]
Class of Service
When you use wildcards to configure class-of-service (CoS)
attributes for interfaces on intelligent queuing PICs (for example,
IQ and IQ2), the scheduler map specified for the interface can be
applied to the chassis stream. Performing a Routing Engine (RE) switchover
in this condition can result in the chassis scheduler map being removed.
As a workaround, you can explicitly configure a chassis scheduler
map with the scheduler-map-chassis statement at the [edit
class-of-services interfaces] hierarchy level. [PR/425710: This
issue has been resolved.]
When you apply a class-of-service (CoS) classifier to
a logical interface that has the * (wildcard) value configured as
the unit number, the classifier is removed after a Routing Engine
reboot occurs. This issue does not occur if the logical interface
unit value is configured as a specific numerical value. To apply a
CoS classifier to a logical interface, include the classifier classifier-name statement at the [edit interfaces interface-name unit unit-value] hierarchy level.
For classifier-name, include the name of a classifier configured
at the [edit class-of-service classifiers] hierarchy level.
[PR/427848: This issue has been resolved.]
In JUNOS Release 8.4 and later, the commit or commit-check
operation fails if a rewrite rule is defined at both the [edit
class-of-service interfaces interface-name unit logical-unit-number rewrite-rules] hierarchy level
and in a configuration group (defined at the [edit groups] hierarchy level) that is applied to that interface. The correct
behavior is for the directly applied rule to override the rule inherited
from the configuration group. [PR/261229: This issue has been resolved.]
Forwarding and Sampling
A flow route is assigned an internal identifier that captures
the values of all match conditions specified at the [edit routing-options
flow route route-name match] hierarchy level.
If the length of the identifier exceeds a certain limit, the MIB II
process (mib2d) might repeatedly generate an error and fail to restart.
The higher the number of match conditions, and the more values specified
for conditions that accept multiple values (such as the destination-port and source-port statements), the more likely the problem
is to occur. As a workaround, limit the number of conditions or values
or both. [PR/273373: This issue has been resolved.]
On an MX480 router, if you change link speed for a physical
interface (by changing the value of the speed statement at
the [edit interfaces interface-name] hierarchy level) and a rate-limiting output policer is applied to
one of its logical interfaces (the output statement is included
at the [edit interfaces interface-name unit logical-unit-number family family-name policer] hierarchy level), the traffic rate does not change
(as reported by the show policer command). As a workaround,
deactivate the policer statement, commit, reactivate the
statement, and commit again. [PR/314143: This issue has been resolved.]
For a filter whose last term has a next-term statement,
if the filter 1) is applied individually, and 2) is within the term
of another filter, or is applied in an input-list or an output-list,
then the firewall process will commit with errors in the log and the
filters might not be applied. [PR/395561: This issue has been resolved.]
The password statement configured under [
accounting-options file x archive-sitesis] may not work correctly.
[PR/396648: This issue has been resolved.]
A sample core error occurs when you perform an assertion
which causes a memory allocation failure. [PR/418126: This issue has
been resolved.]
When a filter term has "next term" as the action, the
action may be shown in the firewall log as "unknown" for the matched
outgoing packets. [PR/421810: This issue has been resolved.]
For list filters, the firewall compiler (dfwc) creates
temporary interface-specific filters marked with a flag (DFW_FLAGS_IFACE_INLINE)
and uses them to clone as needed. These filters are usually purged
from the system after cloning, but with this issue the filters are
not purged and occupy index space. The workaround is to identify the
unpurged list filter by checking for the flag DFW_FLAGS_IFACE_INLINE
and then deleting it manually. [PR/426137: This issue has been resolved.]
The commit fails with the error message “Referenced prefix-list xxx” is not defined under the following conditions:
An input-list or output-list is configured on an interface
in a logical system
The filters in the list are defined under the firewall
hierarchy of the main router
A prefix list defined under the policy-options of the
main router is referenced by one of the filters in the list
[PR/427253: This issue has been resolved.]
Policers could not be modified after a system upgrade
because of a flaw in the parser routine. This error occurs when the
current item is deleted and then the parser cannot proceed to the
next item. With the fix, the routine in the forwarding process (dwfd)
has been modified so that the next item in the object tree is fetched
before the current object is parsed. [PR/433418]
General Routing
The jnxFWCounterPacketCount MIB module does
not show the correct values and displays a zero even if the statistics
used in the show command are non-zero. [PR/403563: This issue
has been resolved.]
If the kernel is slow to respond to interface statistics
requests made by the Management Information Base II (MIB II) process
(mib2d), it could be that the MIB II process is blocking the request.
In addition, if there is an interface flap (link down followed by
up), the MIB II process may recognize only the latest interface link
state and thereby miss modifying the ifLastChange object
identifier (OID) associated with the interface, and also miss sending
a link down trap. [PR/421585: This issue has been resolved.]
The Management Information Base II (MIB II) process (mib2d)
core is generated when the Routing Engine 1 (RE1) is reloaded. [PR/436218:
This issue has been resolved.]
9.3R2
This section lists issues that fixed in JUNOS Release 9.3 R2.
The identifier following the description is the tracking number in
our bug database
Platform and Infrastructure
When the Routing Engine hard disk fails, the compact flash
might be removed from the list of media used at boot time, instead
of the hard disk being removed. In some cases, this makes the Routing
Engine unable to initialize. [PR/389540: This issue has been resolved.]
On M120 and MX-series routers, and on some FPCs on M320
routers, the Packet Forwarding Engine might not free memory correctly
during operations on multicast next hops. [PR/396903: This issue has
been resolved.]
On a T1600 routing node, an FPC might stop operating while
processing an ICMP TTL expiration packet. Such packets increment the
count in the ttl expired field of the output from the show pfe statistics ip icmp command. [PR/398059: This issue
has been resolved.]
On egress PE routers, the correct EXP classifier is not
applied to label-switched interfaces (LSIs) that are created by including
the vrf-table-label statement at the [edit routing-instances routing-instance-name] hierarchy level. [PR/399634:
This issue has been resolved.]
When you install an FPC in all eight slots on a T1600
routing node configured for graceful Routing Engine switchover (the graceful-switchover statement is included at the [edit chassis
redundancy] hierarchy level), the routing node might reboot repeatedly.
As a workaround, disable GRES or remove one FPC. [PR/400267: This
issue has been resolved.]
User Interface and Configuration
When you issue the request system (halt | power-off
| reboot) other-routing-engine lcc routing-node-index command on a TX Matrix platform, the requested operation is
performed on the TX Matrix platform instead of the specified routing
node (line-card chassis, or LCC). As a workaround, issue the command
on the routing node itself (without the lcc option). [PR/241274:
This issue has been resolved.]
On routers that do not use JUNOS software licensing (for
example, the M7i, M10i, M40e, and T-series routing platforms) the
alarm process (alarmd) nevertheless updates a license-tracking file
every 60 seconds. This causes excessive disk activity. As a workaround,
become the root user and create an empty directory called /config/license. To determine if a router supports licensing, issue the show
system license command. On routers that do not support licensing,
the command returns the message "syntax error, expecting <command>”
and we recommend the workaround. [PR/308466: This issue has been resolved.]
Interfaces and Chassis
On MX-series routers, when a DPC configured with a large
number of interfaces restarts, the chassis process (chassisd) might
write the following messages to the log: "failed to complete channel
bonding" and "reached link 5 max index value." [PR/292057: This issue
has been resolved.]
When only one Routing Engine is installed in an M120 router,
on the craft interface the LEDs for the power supplies never light
up. Similarly, in the PS LEDs section of the output from
the show chassis craft-interface command, there is a period
in all four fields (indicating that no LEDs are lit). [PR/302504:
This issue has been resolved.]
When Multilink Frame Relay encapsulation is configured
on an interface (the encapsulation multilink-frame-relay-uni-nni statement is included at the [edit interfaces interface-name] hierarchy level), the kernel might generate an error. [PR/408066:
This issue has been resolved.]
Services Applications
Network address translation (NAT) is not performed correctly
for Real-Time Streaming Protocol (RTSP) methods when the Content-Length
field is set to 0 (zero). [PR/393171: This issue has been resolved.]
Subscriber Access Management
If you create multiple subscriber sessions on a logical
interface at the same time, some clients might not initialize correctly.
The show dhcp server binding detail command reports the value act-prof in the State column for these clients. [PR/303778:
This issue has been resolved.]
Layer 2 Ethernet Services
When more than one of a physical interface's logical interfaces
is associated with a bridge domain (the family bridge statement
is included at more than one [edit interfaces interface-name unit logical-unit-number] hierarchy level
and each logical interface is specified as the value for an interface interface-name statement at an [edit bridge-domains domain-name] hierarchy level), the monitor physical-interface-name command displays incorrect
values in the Input packets field of the Traffic statistics section. [PR/397745: This issue has been resolved.]
Routing Protocols
On a router with dual Routing Engines that is configured
for nonstop active routing (NSR) and graceful Routing Engine switchover,
if the backup-router or inet6-backup-router statement
is included at the [edit system] hierarchy level, the static
route to the backup destination is not deleted on the backup Routing
Engine when you activate NSR. [PR/305597: This issue has been resolved.]
If the route to a multicast source address is learned
using BGP and the upstream interface goes down, PIM might not detect
the outage. As a consequence, the value unknown appears in
the Upstream interface and Upstream neighbor fields
of the output from the show pim join extensive command. [PR/397410:
This issue has been resolved.]
If PIM sources are accessed via different addresses on
the same neighbor, and PIM is deactivated and reactivated on the neighbor,
the Upstream interface and Upstream neighbor fields
of the output from the show pim join extensive command continue
to report the value unknown after the neighbor is active.
[PR/400573: This issue has been resolved.]
When peers in different BGP peer groups have similar export
policies such that identical advertisements are sent, the routing
protocols process (rpd) might generate an error and become unresponsive
when the backup Routing Engine comes online. [PR/404471: This issue
has been resolved.]
MPLS Applications
When the load-balance bandwidth statement is
included at the [edit protocols rsvp] hierarchy level on
a router with two LSPs to a destination, the balance coefficient is
set to zero for the next-hop interfaces in the MPLS forwarding table
entry for the route to the destination that is marked with (S=0) (in other words, in the output from the show route forwarding-table
family mpls extensive command, the record with the header Destination: index(S=0) has Next-hop
interface entries where the Balance field does not appear).
[PR/257570: This issue has been resolved.]
When both CSPF and link protection are enabled, in rare instances
the routing protocol process (rpd) might generate an error and restart.
[PR/266126: This issue has been resolved.]
High Availability
On an MX-series router configured for VRRP for IPv6, during
a mastership change the original master does not relinquish mastership,
with the result that both it and the original backup are reported
as master in the VR state field of the output from
the show vrrp summary command. [PR/398399: This issue has
been resolved.]
On a router configured for nonstop active routing (NSR),
if you perform the following sequence of steps, the routing protocols
process (rpd) on the backup Routing Engine might generate an error:
remove a Layer 2 VPN routing instance (that is, one for which the
configuration includes the instance-type l2vpn statement
at the [edit routing-instances routing-instance-name] hierarchy level), commit the configuration, immediately create
a new Layer 2 VPN routing instance, and commit the configuration.
[PR/401057: This issue has been resolved.]
Class of Service
When you update a CoS rewrite rule, the changes are not
applied to active multicast streams, but only to streams created after
the change. As a workaround, clear all active multicast streams after
updating the rule. [PR/266341: This issue has been resolved.]
9.3R1
This section lists issues that were fixed in JUNOS Release 9.2R1.
The identifier following the description is the tracking number in
our bug database.
Platform and Infrastructure
When you enable point-to-multipoint LSPs over an outgoing
aggregated Ethernet interface that is configured with circuit cross-connect
(CCC) switching, the LSP fails to forward traffic and the following
error appears in the system log: "nh_ucast_add." As a workaround,
disable the interface and LSP, reenable them in that order, and then
clear the RSVP session for the LSP. [PR/105884: This issue has been
resolved.]
If you configure a large number of MD5 authentication
keys for BGP sessions, and then deactivate and reactivate the keys,
the router might generate a commit error and MD5 authentication might
not be applied on some of the BGP sessions. [PR/238960: This issue
has been resolved.]
When you issue the file copy command with an
FTP path as the source or destination and include the source-address option, the specified source address is not used for establishing
a connection with the peer FTP server. [PR/240580: This issue has
been resolved.]
On MX960 routers, if you issue the request system
power-off other-routing-engine command to power down a Routing
Engine, it does not power back on when you then issue the request
system power-on other-routing-engine command. [PR/253061: This
issue has been resolved.]
When you configure aggregated interfaces as core-facing
links, translational cross-connect (TCC) might not work properly.
[PR/267867: This issue has been resolved.]
Including the mirror-flash-on-disk statement
at the [edit system] hierarchy level has no effect. [PR/268474:
This issue has been resolved.]
On MX-series Ethernet Services routers, if the label-switched
interface (LSI) is enabled for an xe member link that is
part of an aggregated Ethernet (ae) interface, the xe interface statistics are counted twice. [PR/274396: This issue has
been resolved.]
When a GGSN C-PIC sends a packet larger than the MTU of
the outgoing interface in a default VRF, ICMP error messages that
indicate fragmentation is needed do not reach the C-PIC. [PR/276392:
This issue has been resolved.]
On a Routing Engine of type RE-3.0 (as reported
by the show chassis hardware command) with a 1-GB compact
flash card, issuing the request system snapshot command might
corrupt one or more JUNOS package files in the /altroot/packages directory. [PR/291295: This issue has been resolved.]
In an environment with many active multicast routes and
one or more aggregated interfaces as downstream interface, when an
aggregated interfaces flaps or an FPC containing an aggregated interface
restarts, the kernel might restart unexpectedly. This issue is seen
in networks with greater than 1000 multicast routes. The chance of
kernel restarts increases as the number of multicast routes increases
or the number of downstream aggregated interfaces increases. [PR/292521:
This issue has been resolved.]
If a small form-factor pluggable transceiver (SFP) does
not respond to a request for diagnostic data, a message is written
to the system log. The message is unnecessary because the failure
to respond has no operational impact. [PR/293212: This issue has been
resolved.]
When a Multilink Point-to-Point Protocol (MLPPP) link
is incorrectly added to a Multilink Frame Relay (MLFR) bundle, the
kernel resets unexpectedly. [PR/294885: This issue has been resolved.]
An MPLS frame with an explicit NULL label designated for
the Routing Engine might be dropped by the Packet Forwarding Engine.
[PR/298967: This issue has been resolved.]
For individual T1 links in an MLPPP bundle, the counts
of input bytes and input packets are not reported correctly in the Traffic statistics section of the output from the monitor
interface t1-fpc/pic/port command. [PR/299688: This issue has been resolved.]
On M320 and T-series routing platforms, when member links
of a Multilink Frame Relay bundle go down and come back up, an FPC
in which a Link Services Queuing (LSQ) PIC is installed might stop
forwarding traffic and need to be rebooted. As a workaround, install
the PICs with the member links and the LSQ PIC in the same FPC. [PR/300331:
This issue has been resolved.]
If both the key and ttl statements are
included at the [edit logical-systems logical-system-name interfaces interface-name unit logical-unit-number tunnel] hierarchy level for a GRE tunnel, the TTL value might
be decremented incorrectly. This can cause the ping command
to fail. [PR/300956: This issue has been resolved.]
When you configure an unnumbered interface to borrow from
a loopback or non-Ethernet interface and also configure unrestricted
proxy ARP on the unnumbered interface, the incoming proxy-ARP requests
are dropped. As a workaround, configure the unnumbered interface to
borrow from any Ethernet interface. [PR/301101: This issue has been
resolved.]
If an interface is configured as a shared uplink for the
JCS 1200 platform (the shared-uplink statement is included
at the [edit interfaces interface-name] hierarchy level), it cannot function as a label-switched interface
(LSI). [PR/305520: This issue has been resolved.]
When you enable or disable MPLS on an interface configured
as a shared uplink to the JCS 1200 platform, an FPC that has a tunnel
PIC installed might generate an error. [PR/305670: This issue has
been resolved.]
VPLS flood forwarding might not work correctly on an interface
configured as a shared uplink to the JCS 1200 platform (the shared-uplink statement is included at the [edit interfaces interface-name] hierarchy level). [PR/307213: This issue has been resolved.]
On the TX Matrix platform, if there are a large number
of interface configuration changes in a small amount of time, or if
the alarm process (alarmd) restarts, it might take a long time for
the show version detail command to return all of its output.
[PR/307228: This issue has been resolved.]
During graceful Routing Engine switchover (GRES), resynchronization
between Routing Engines might fail. In this case, the Kernel
database field in the output of the show system switchover command reports the value Connection error, Initialize error. [PR/307501: This issue has been resolved.]
When a PE router receives a PIM Join message from a CE
router and the source for the required multicast data is another directly
connected CE router, the attempt to create a flood next hop might
initially fail. Messages including the following are written to the
system log: "NH: Failed to install flood nexthop: index." The next hop is eventually installed, so there is no operational
impact. [PR/307579: This issue has been resolved.]
On T-series routing platforms with VPLS configured, if
a customer edge-facing interface on a provider edge router is on an
Enhanced Scaling FPC4, the following message might be written repeatedly
to the system log: "LCHIP(0): number new errors
in SLout OP". The condition that triggers the message has no operational
impact. [PR/309044: This issue has been resolved.]
On M120 routers or M320 platforms with M320 Enhanced III
FPCs, packets might be discarded after a graceful Routing Engine switchover
event. The following might be written to the system log: "ichip_f_check_dest_errors:
Fabric request time out for plane index dest index pfe index." To restore forwarding
performance, restart the Enhanced III FPC on M320 routers or the Forwarding
Engine Board on M120 routers. [PR/310061: This issue has been resolved.]
In a Protected System Domain, under the following conditions
VPLS traffic received on a core-facing shared uplink interface is
not forwarded: (a) both the main routing instance and a logical system
are using the shared uplink interface and (b) an FPC housing a tunnel
PIC goes down and comes back up. As a workaround, configure another
logical system for the main routing instance, so that all the shared
uplink interfaces and peer tunnel interfaces are configured in a logical
system. [PR/311302: This issue has been resolved]
When the mirror-flash-on-disk statement is included
at the [edit system] hierarchy level and the Routing Engine
is rebooted, the following spurious message appears when you log in
to the Routing Engine: "NOTICE: System is running on alternate media
device (/dev/device-file)." [PR/311768: This
issue has been resolved.]
When two BGP peers are configured to use MD5 authentication
and you issue the clear bgp neighbor command on one peer,
the following message might be written to the system log on the other
peer: "tcp_auth_ok: Packet from address:identifier missing MD5 digest." Traffic forwarding is
not affected. [PR/312680: This issue has been resolved.]
When the authentication-key statement is included
at the [edit protocols bgp group group-name] hierarchy level, TCP sessions might not be terminated properly.
As a result the message "tcp_auth_ok: Packet from address missing MD5 digest" might be written to the system log for each
TCP ACK packet sent from a remote endpoint. [PR/313119: This issue
has been resolved.]
On MX-series and M120 routers, and M320 routers with an
Enhanced III FPC, if the configuration includes the explicit-null statement at the [edit protocols mpls] or [edit protocols
ldp] hierarchy level, a DPC or FPC might reboot (but not generate
an error) when an MPLS packet with time-to-live (TTL) equal to 0 (zero)
or 1 (one) is processed at the egress of a tunnel. [PR/313319: This
issue has been resolved.]
The output from the traceroute command includes
both the IP address and DNS hostname of each hop. The hostname information
might be incorrect for one or more hops. [PR/389794: This issue has
been resolved.]
During recovery after the Routing Engine hard drive fails,
the JUNOS kernel might fail, causing the router to reboot. [PR/390306:
This issue has been resolved.]
When a member link of an aggregate interface goes down
and comes back up and new forwarding information is installed during
that change-in-status period, traffic might be lost. [PR/392550: This
issue has been resolved.]
On T-series routing platforms with aggregated SONET/SDH
interfaces, if multiple statistics requests for these interfaces are
queued at the same time, a memory corruption might occur, causing
the kernel to crash. [PR/393572: This issue has been resolved.]
User Interface and Configuration
Under certain conditions, when you issue show configuration
| compare command the management process (mgd) might generate
an error. [PR/281705: This issue has been resolved.]
If a BGP peer is defined in a configuration group, it
might not be possible to establish a connection with it. [PR/283238:
This issue has been resolved.]
If you use the replace pattern command to change
the name of a policy that is applied to an object in the [edit
protocols] hierarchy (for example, the import policy-name statement is included at the [edit protocols bgp group group-name neighbor address] hierarchy level) and then commit the configuration, the show
| compare command reports the name change at the hierarchy level
for the object but shows the new name as both the old and new value.
The output remains the same even after multiple repetitions of the commit command. However, the policy with the new name is being
applied correctly. [PR/294344: This issue has been resolved.]
When you include the match regular-expression statement at the [edit system syslog (console | file |
host | user)] hierarchy level to refine the set of messages included
in the log, messages that do not match the expression are still included.
[PR/295523: This issue has been resolved.]
Under the following conditions, the commit operation might
fail with the syntax error "inactive: group group-name { ... }": (a) you use the configure private command to
enter configuration mode, (b) a BGP group is deactivated, and (c)
you change another BGP group’s name. As a workaround, use the configure command to enter configuration mode. [PR/300917: This
issue has been resolved.]
When you invoke a commit or commit check operation for a configuration that includes forwarding-table filters,
the firewall process (dfwd) might generate an error and restart. [PR/301806:
This issue has been resolved.]
When TACACS+ authentication is configured and a user tries
to log in to the router over an SSH or FTP connection, the JUNOS software
does not include the remote user address in the authentication request
packet sent to the TACACS+ server. [PR/301927: This issue has been
resolved.]
If the set of transient changes specified in a commit
script (enclosed by the <transient-change> tag) includes
the deactivation of a configuration statement, none of the transient
changes take effect. [PR/307352: This issue has been resolved.]
Interfaces and Chassis
On channelized T3 interfaces, the T1 loopback state does
not reflect loopbacks set by facilities data link requests using the remote-loopback-respond statement at the [edit interfaces interface-name t1-options] hierarchy level. [PR/45837:
This issue has been resolved.]
If you include the compression-device statement
at the [edit interfaces at-fpc/pic/port unit logical-unit-number] hierarchy level (that is, on an ATM interface), the JUNOS
kernel might generate an error and restart. [PR/265542: This issue
has been resolved.]
On 1-port 10-Gigabit Ethernet XFP Uplink PICs and 1-port
10-Gigabit Ethernet XENPAK PICs, when the 10-Gigabit Ethernet port
is disabled through the CLI, the transmit laser is shut off correctly.
After this, if the XFP or XENPAK module is changed or reseated, the
transmit laser is turned on, even though the port is disabled. [PR/267308:
This issue has been resolved.]
When you issue the show interfaces diagnostics optics command and do not specify an interface name, the output is the
same as for the show interfaces command, instead of including
optic diagnostics. [PR/285978: This issue has been resolved.]
In JUNOS Release 9.0 and later, the monitor interface interface-name command output is missing some information.
[PR/296131: This issue has been resolved.]
The commit operation does not fail when the configuration
includes the following invalid combination of statements: the address
specified by the source or destination statement
at the [edit interfaces gr-fpc/pic/port unit logical-unit-number tunnel] hierarchy level is the same as the interface’s
own subnet address (as specified by the address statement
at the [edit interfaces gr-fpc/pic/port unit logical-unit-number family family-name] hierarchy level).
[PR/299443: This issue has been resolved.]
When a Routing Engine switchover takes place, the kernel
might generate an error. [PR/301327: This issue has been resolved.]
On a router without redundant Routing Engines (such as
the M7i router), if the Routing Engine restarts, the router might
stop forwarding packets. As a workaround on the M7i router, issue
the request chassis cfeb restart command. [PR/301788: This
issue has been resolved.]
On a Gigabit Ethernet IQ2 PIC with SFPs, if a logical
interface is configured for VRRP, the values in the Traffic statistics section of the output from the show interfaces ge-fpc/pic/port extensive command might not be accurate. [PR/303151: This issue
has been resolved.]
If you change the MTU for a shared-uplink interface on
the root system domain (RSD) (by adding the mtu statement
at the [edit interfaces interface-name] hierarchy level or changing its value), the RSD process (rsdd) generates
an error and the MTU does not change. [PR/303256: This issue has been
resolved.]
In a Protected System Domain with a large number of LSPs
configured (for example, 50,000), an FPC might generate an error when
you issue the show pfe route mpls command repeatedly. [PR/303349:
This issue has been resolved.]
If you change any VRRP configuration statement (at the [edit interfaces interface-name unit logical-unit-number family (inet | inet6) address address] hierarchy level and commit the configuration,
VRRP performs a mastership election even if the changed statement
does not affect mastership. [PR/303701: This issue has been resolved.]
When you configure bandwidth management for a Protected
System Domain (PSD) by including the control-plane-bandwidth-percent statement at the [edit chassis system-domains protected-system-domain
psdn] hierarchy level, it might take up
to four hours for FPC core file errors to transfer to the PSD. To
reduce the transfer time to approximately 15 minutes, use one of the
following workarounds: (a) remove the control-plane-bandwidth-percent statement, or (b) set the control-plane-bandwidth-percent value to 96 on the PSD to which the FPC is assigned. [PR/304765:
This issue has been resolved.]
When the links in a redundant LSQ bundle are not configured
at the remote site, if a graceful Routing Engine switchover occurs
and then a primary or secondary LSQ PIC goes offline, the backup Routing
Engine might generate an error. [PR/306667: This issue has been resolved.]
For SONET/SDH interfaces, when the hold-time statement
is included at the [edit interfaces so-fpc/pic/port] hierarchy
level and you change the framing type from the default (SONET) to
SDH by including the framing sdh statement at the [edit
interfaces so-fpc/pic/port] hierarchy level, the interface does not come
up after the commit operation. As a workaround, deactivate the hold-time statement before changing the framing. [PR/306687:
This issue has been resolved.]
When you disable a Fast Ethernet interface, a router at
the other end of a link to the interface might not mark the link as
down. [PR/307538: This issue has been resolved.]
The 1-port ATM2 OC48/STM12 IQ PIC might generate an RDI-P
error when it receives a packet in which the bits corresponding to
the enhanced path-RDI encoding of the G1 path overhead byte are set,
even if the formal path-RDI bit within the G1 path overhead byte is
not set. [PR/309929: This issue has been resolved.]
When you set a nondefault payload size for a SAToP pseudowire
(by including the payload bytes statement
at the [edit interfaces interface-name satop-options] hierarchy level), the setting does not take effect and the default
payload size is retained. The payload size is reported in the TDM payload size field in the output of the show route table
l2circuit detail command. [PR/311066: This issue has been resolved.]
When you configure a shared uplink interface on the JCS
1200 platform, the interface process (dcd) might generate an error
and stop operating. [PR/311384: This issue has been resolved.]
Services Applications
If Network Address Port Translation (NAPT) is configured
and multiple short-lived flows are established, ports on MS PICs might
not be assigned correctly. In some cases, this situation causes the
MS PIC to stop functioning. [PR/300553: This issue has been resolved.]
If Network Address Port Translation (NAPT) is configured
and multiple short-lived flows are established, ports on MS PICs might
not be assigned correctly. In some cases, this situation causes the
MS PIC to stop functioning. [PR/304088: This issue has been resolved.]
When a PPP session on a dedicated interface is terminated,
associated static routes might remain in the routing table. [PR/309771:
This issue has been resolved.]
Subscriber Access Management
The router’s address-assignment pool support enables
you to create a named address range that is based on a specific DHCP
option 82 value (either circuit-id or remote-id). However, when a
client request is received, the router ignores the specified option
82 value and instead uses the first named range of addresses in the
address-assignment pool. [PR/263077: This issue has been resolved.]
When you configure either AAA or local authentication
for Mobile IP services (at the [edit services mobile-ip] hierarchy
level), a call-setup rate of more than 20 calls per second might cause
the following: (a) a significant drop in the connection rate and (b)
a high CPU utilization rate for the Mobile IP process (mipd) when
there are more than 30,000 configured subscribers. [PR/307121: This
issue has been resolved.]
On a router configured for Mobile IP services, under the
following conditions both the Mobile IP process (mipd) and the authentication
process (authd) might generate an error and restart: (a) the order
aaa statement is included at the [edit services mobile-ip
authenticate] hierarchy level, (b) the call setup rate is more
than 20 calls per second, and (c) more than 30,000 subscribers are
configured. [PR/308707: This issue has been resolved.]
On a router configured for Mobile IP services, when 40,000
concurrent subscribers are logged in, the authentication process (authd)
might create an error and restart. [PR/309778: This issue has been
resolved.]
When you change a dynamic profile in the [edit dynamic-profiles] configuration hierarchy and commit the configuration, the foreign
file propagation process (ffp) might generate an error. As workaround,
remove the dynamic profile, commit the configuration, reinsert the
dynamic profile with the desired changes, and commit again. [PR/310327:
This issue has been resolved.]
Layer 2 Ethernet Services
When you configure bridge options for a trunk interface
(by including the interface statement at the [edit bridge-domain domain-name bridge-options] hierarchy level) and
the bridge domain is part of the default virtual switch, the JUNOS
software rejects the configuration as invalid. As a workaround, include
the complete bridge domain configuration at the [edit routing-instances routing-instance-name] hierarchy level, along with
another interface statement at that level for the trunk interface.
[PR/307000: This issue has been resolved.]
When you change the values for the vlan-id and vlan-tags statements at the [edit routing-instances routing-instance-name bridge-domains domain-name] hierarchy level, the multicast snooping process (mcsnoopd)
might generate an error. There is no operational effect and the process
recovers automatically. [PR/307322: This issue has been resolved.]
On an MX-series router with a large-scale Layer 2 Control
Protocol configuration, Layer 2 traffic might be discarded after an
in-service software upgrade. [PR/311893: This issue has been resolved.]
On MX-series routers, access ports configured for VSTP
(the interface interface-name statement
corresponding to the port is included at the [edit protocols vstp] hierarchy level) might not interoperate properly with other vendors’
switches. [PR/390026: This issue has been resolved.]
Routing Protocols
You can specify a value for the lsp-interval statement
at the [edit protocols isis interface-name] hierarchy level that exceeds the documented maximum (the operation
does not fail when you commit such a configuration). However, values
that exceed the maximum can cause unexpected behavior. [PR/41613:
This issue has been resolved.]
If the configuration includes VPNs and nonstop active
routing is enabled, the following message is written repeatedly to
the system log: "Error creating dynamic logical interface from sub-unit
0: No such file or directory." [PR/277005: This issue has been resolved.]
When an IPv6 duplicate address is detected, the interface
stops forwarding but IS-IS and OSPFv3 continue to announce the interface
as a valid route. However, the address is unreachable and all traffic
destined to or through the interface is dropped. [PR/296740: This
issue has been resolved.]
If during an LDP outage you change the value of the ldp-synchronization hold-time statement at the [edit protocols
ospf area area-id interface interface-name] or deactivate the statement, OSPF might advertise the incorrect
metric for the interface. [PR/303733: This issue has been resolved.]
If during an LDP outage you change the value of the ldp-synchronization hold-time statement at the [edit protocols
isis interface interface-name] or deactivate
the statement, IS-IS might advertise the incorrect metric for the
interface. [PR/304532: This issue has been resolved.]
When you include the stale-routes-time statement
at the [edit protocols bgp graceful-restart] hierarchy level,
but not the graceful-restart statement at the [edit routing-options] hierarchy level, the commit operation fails with the following message:
"Error in neighbor address of group group-name: graceful restart must be enabled in routing-options
too." [PR/307034: This issue has been resolved.]
On an AS boundary router or a route reflector for a VPN
address family, under the following conditions VPN routes are not
imported into the routing instance (VRF instance) tables: (a) the nonstop-routing statement is included at the [edit routing-options] hierarchy level, (b) routing instances are configured for locally
attached VPN sites, and (c) you deactivate and reactivate the routing
instance configuration. [PR/307770: This issue has been resolved.]
When you configure a policy that causes BGP to advertise
static routes that lead to unnumbered interfaces, the routing protocol
process (rpd) might generate an error. [PR/308465: This issue has
been resolved.]
If a BGP notification message has an invalid value for
the length of the next-hop network address field in the MP_REACH_NLRI
attribute, the JUNOS software sends error code 3, subcode 1 ("Malformed
Attribute List"), instead of the code specified by RFC 2858, which
is code 3, subcode 9 ("Optional Attribute Error"). [PR/308628: This
issue has been resolved.]
When you re-add a previously deleted or deactivated address statement for an interface’s IPv6 address on a
PIM upstream neighbor (at the [edit interfaces interface-name unit logical-unit-number family inet6] hierarchy level), the addition does not register at the downstream
neighbor. On the downstream neighbor, the value in the Upstream
interface and Upstream neighbor fields remains unknown in the output from the show pim join extensive command.
As a workaround, issue the clear pim join command. [PR/309972:
This issue has been resolved.]
If unicast routes towards a multicast source are updated
via BGP static routing and an IPv6 address on a BGP peer router is
deactivated and reactivated, multicast forwarding does not function
correctly. [PR/386781: This issue has been resolved.]
If the source address for IPv6 multicast traffic is resolved
by a static route, information about an upstream neighbor might not
be updated after a graceful Routing Engine switchover event (the value unknown appears in both the Upstream interface and Upstream neighbor fields in the output from the show pim
join extensive command). [PR/389856: This issue has been resolved.]
When a PE router receives an external LSA of type 7 (NSSA)
that has a matching VPN tag or has the DN (down) bit set, it nevertheless
includes the advertised route in its OSPF route calculation. According
to RFC 4576, it must ignore such routes. [PR/391733: This issue has
been resolved.]
MPLS Applications
If an ingress LSP detects a routing loop (reported as Routing loop detected[number times] in
the output from the show mpls lsp name lsp-name extensive command), it might stop handling traffic. [PR/293686:
This issue has been resolved.]
After some types of network events (for example, when
an interface goes down and comes back up), LDP routes might be removed
incorrectly from the inet.3 routing table. As a workaround,
restart all LDP sessions. [PR/297144: This issue has been resolved.]
If you include the traffic-engineering (bgp-igp-both-ribs
| mpls-forwarding) statement at the [edit protocols mpls] hierarchy level for a link-protected point-to-multipoint LSP, the
routing protocol process (rpd) might generate an error. [PR/303993:
This issue has been resolved.]
When a Layer 2 circuit comes back up after an interruption
of network connectivity, the JUNOS software does not record the state
change appropriately, and traffic is not sent through the Layer 2
circuit connection. [PR/306043: This issue has been resolved.]
If two point-to-multipoint branch LSPs share the same
incoming interface, and one of them comes up after the other during
a remerge event at a transit router, the in-label for both LSPs is
marked Discard, as reported by the show route table mpls.0 command. [PR/306312: This issue has been resolved.]
When you issue the traceroute mpls ldp command,
the MPLS OAM process (mplsoamd) might generate an error. [PR/307732:
This issue has been resolved.]
If an IP address is configured as both a direct LDP neighbor
and a targeted LDP neighbor, and an LDP session with the neighbor
repeatedly goes down and comes up again, the routing protocol process
(rpd) might generate an error and stop operating. [PR/308178: This
issue has been resolved.]
If there is a single hop to an LDP neighbor and the source
address of the received LDP Link Hello address is the same as the
LDP Targeted Hello source address, when the LDP link neighbor and
target LDP neighbor go down and come back up in a certain sequence,
the Layer 2 circuit connection might remain inactive (reported as VC-Dn in the St field of the entry for the neighbor
in the output from the show l2circuit connections command).
To return the connection to the active state, issue the clear
ldp neighbor address command. [PR/312672:
This issue has been resolved.]
VPNs
When a logical tunnel (lt-) interface forwards
a multicast packet, it incorrectly sets the destination MAC address.
[PR/304516: This issue has been resolved.]
Including both the interface and neighbor statements in a VPLS mesh group (that is, at the [edit routing-instances routing-instance-name protocols vpls mesh-group group-name] hierarchy level) is not a valid configuration,
but the commit operation does not fail. The mesh groups are not established
correctly, however, as indicated in the output from the show vpls
connections extensive command. [PR/304952: This issue has been
resolved.]
A dynamic change to the provider tunnel type might cause
the routing protocol process (rpd) to generate an error. [PR/305081:
This issue has been resolved.]
In rare cases, changes to the encapsulation or MAC address
on a PE router’s CE-facing interface, followed by a nonstop
active routing (NSR) event, might disrupt Layer 2 circuit communications.
The show l2circuit connections command reports an MTU Mismatch
(MM) status for the Layer 2 circuit connection on the remote
PE router. To restore communications, on the local PE router deactivate
and reactivate the l2circuit configuration stanza at the [edit protocols] hierarchy level. To avoid the error, include
the ignore-mtu-mismatch statement at the [edit protocols
l2circuit local-switching interface interface-name] hierarchy level for every interface. [PR/306453: This issue
has been resolved.]
High Availability
On a router with BGP and nonstop active routing (NSR)
enabled, after a few graceful Routing Engine switchover events (for
example, three or four) the routing protocols process (rpd) might
generate an error and stop operating. [PR/288783]
Following a unified in-service software upgrade (ISSU),
logical tunnel interfaces might not work properly. Problems might
include failure of the ping command and formation of Layer 2
forwarding loops. As a workaround, deactivate and activate the affected
interfaces after the upgrade finishes. [PR/294284: This issue has
been resolved.]
During an in-service software upgrade on a TX Matrix platform,
firewall counters are reset to zero (as reported by the show firewall command) at two points: when the backup Routing Engines on the routing
nodes are upgraded and when FRUs are upgraded on a newly rebooted
routing node. After the second reset to zero, the counters no longer
increment. [PR/305450: This issue has been resolved.]
Class of Service
When you remove a CoS scheduler map from an interface
(by removing the scheduler-map statement at the [edit
class-of-service interfaces interface-name] hierarchy level), corresponding data structures might not be removed
from Packet Forwarding Engine memory. An attempt to configure a different
scheduler map on the interface might fail, as indicated by the following
message in the system log: "mqchip_red_profile() no profile space
available." [PR/292223: This issue has been resolved.]
If the configured shaping rate for an interface is low
(the value of the shaping-rate statement at the [edit
class-of-service interfaces interface-name unit logical-unit-number] hierarchy level is less than 5m), queue transmission rates do not match the configured values.
[PR/305209: This issue has been resolved.]
Forwarding and Sampling
When you include the route-accounting statement
at the [edit forwarding-options family inet6] hierarchy level,
the sampling process (sampled) might generate an error. [PR/291455:
This issue has been resolved.]
Under some circumstances, when you add a prefix at the [edit policy-options prefix-list list-name] hierarchy level, the commit operation might fail with one of the
following error messages: "Check-out failed for Firewall daemon (/usr/sbin/dfwd)
without details" or "configuration check-out failed." [PR/305510:
This issue has been resolved.]
When you configure Routing Engine-based sampling (by including
the sampling statement at the [edit forwarding-options] hierarchy level), 4-byte AS numbers might be incorrectly reported
as 2-byte numbers in the output from the monitor start sampled command. [PR/310276: This issue has been resolved.]
If a prefix list specified at the [edit firewall family
inet6 filter filter-name term term-name from source-prefix-list] hierarchy level includes an IPv4 address,
the commit operation fails with the following message: "Invalid inet6
addr: 'ipv4-address/prefix-length'." [PR/310299: This issue has been resolved.]
Specifying peer as the value for the autonomous-system-type statement at the [edit forwarding-options sampling output cflowd hostname] hierarchy level has no effect (the exported
information is the same as when the value origin is specified).
[PR/310313: This issue has been resolved.]
Network Management
When some PIC types are taken offline and brought back
online, an SNMP linkUp trap is not generated for some of
the logical interfaces. [PR/294667: This issue has been resolved.]
The JUNOS software does not generate an SNMP linkDown trap when an interface’s state (represented by the ifOperStatus object) changes from up to lowerLayerDown. The
trap is required by RFC 2863. [PR/297829: This issue has been resolved.]
When you issue the monitor traffic interface or tcpdump command for a logical interface on a T1 or T3 interface,
the command might fail and return the following error message: "BIOCSETIF:
<interface-name>: Device not configured." [PR/310814: This issue
has been resolved.]
When you enable firewall counters for IPv4 and IPv6 traffic
on an interface (by including the count statement at the [edit firewall family (inet | inet6) filter filter-name term term-name then] hierarchy level and
the filter filter-name statement at
the [edit interfaces interface-name unit logical-unit-number (inet | inet6)] hierarchy level),
the show snmp mib walk jnxFWCounterByteCount command might
not display all of the counters. [PR/313194: This issue has been resolved.]
