Issues in JUNOS Software Release 9.4 for M-series, MX-series, and T-series Routing Platforms

The current software release is Release 9.4 R3. For information about obtaining the software packages, see Upgrade and Downgrade Instructions for JUNOS Software Release 9.4 for M-series, MX-series, and T-series Routing Platforms.

Current Software Release

The current software release is Release 9.4R4. For information about obtaining the software packages, see Upgrade and Downgrade Instructions for JUNOS Software Release 9.4 for M-series, MX-series, and T-series Routing Platforms.

Outstanding Issues for 9.4R4

Class of Service

If you try to configure a scheduler map containing two forwarding classes that are mapped to the same queue, the class-of-service scheduler is not applied to the Packet Forwarding Engine. As a workaround, configure a single forwarding class for each available queue. [PR/57907]
When you configure a specific classifier for a logical unit, it does not override the fixed classifier configured using wildcards. [PR/68888]
On MX Series routers with Enhanced DPCs, bandwidth sharing between two schedulers, one with high and the other with strict-high priority, might not be as expected when the schedulers are oversubscribed. That is, only one queue can use all of the excess bandwidth. [PR/265603]
The command show class-of-service interfaces does report classifiers being bound to the service PIC interfaces. However, they are not programmed within the PFE since BA classifiers are not supported for the service PIC interfaces. The forwarding-class information is preserved once packets pass through the service PIC and there is no need to re-classify the packets. [PR/414398]
In the class-of-service (CoS) process (cosd), "entries" is misspelled as "enteries" in JUNOS Release 9.4R1. [PR/439993]

Forwarding and Sampling

On M320 and T-series routing platforms, when you configure interface output sampling, packets sometimes might travel through the output firewall. As a workaround, configure a firewall filter on the output interface with then sample and then next-term statements. The workaround provides the same functionality as the other configuration, but avoids the problem behavior. [PR/70473]
The FPC CPU experiences high use when interrupted by firewall discarded multicast packets. [PR/239268]
The firewall filter fails when you configure the VLAN variable. As a workaround, do not configure the VLAN variable when you configure the ether-type or vlan-ether-type match conditions for a firewall filter at the [edit firewall family vpls filter filter-name term term-name] hierarchy level. [PR/273448]
In rare circumstances, if the filter is changed while a counter query is in progress and the system is under a heavy load, the system may fail. [PR/447033]
When setting the burst size range, if you set a range where the traffic rates are close to the policing rate it might result in unexpected packet drops. The workaround is to increase the burst-size. For example, in a 1-Mbps policer, increase the burst size from 32K (250 m sec) to 64K (500 m sec) so that the TC value can be less than credit_limit/2. [PR/478659]

High Availability

When a static route is created using the passive retain option and is pointing to a private interface such as fxp0, the backup router during a GRES might not behave as expected. As a workaround, do not use the passive retain option to create a static route to a private interface. [PR/412746]
After performing an in-service software upgrade (ISSU) on the MX-Series platform, fluctuations may occur in the output traffic due to flooding. The MAC tables on the DPCs become out of sync, as no updates are received with regard to the MAC addresses. [PR/461822]

Interfaces and Chassis

On aggregated SONET/SDH interfaces, the counter for drops and errors in the show interfaces command output does not display the correct value, because the counter does not collect data from the constituent interfaces within the aggregate. [PR/23577]
On a 2-port OC12 ATM2 IQ interface, the total virtual path (VP) downtime might not display correctly in the show interfaces command output. [PR/27128]
On M20 and M40 routers, when a physical layer problem affects a SONET/SDH interface, carrier transition statistics might not increment correctly in the output of the show interfaces extensive command. [PR/33325]
When you configure both the bundle link and constituent links at the [edit (logical-routers logical-router-name | logical-systems logical-system-name) interfaces] hierarchy level, the constituent links do not come up. As a workaround, configure the constituent links at the [edit interfaces] hierarchy level. [PR/35578]
On the Channelized STM-1 with QPP PIC, error monitoring for CRC and frame errors might not work as expected. [PR/39440]
When you apply an IPsec firewall filter to match traffic sent across a generic routing encapsulation (GRE) tunnel and originating from the local routing platform, the local traffic is dropped. Transient traffic is not affected. [PR/44871]
On a Link Services PIC, the CLI might incorrectly allow you to configure a logical tunnel interface (interface identifier lt); the resulting interface might not work correctly. [PR/49818]
If you configure IS-IS, MPLS, and graceful Routing Engine switchover (GRES) and a switchover event occurs, the routing platform might end the PPP IP Control Protocol (IPCP) sessions and renegotiate them if the remote side has changed interface MTU settings prior to the switchover event. [PR/61121]
If you configure graceful Routing Engine switchover (GRES) and issue the request chassis routing-engine master acquire command, in rare cases the master Routing Engine might fail to relinquish mastership, or the switchover to the backup Routing Engine might take up to 360 seconds. [PR/61821]
For Automatic Protection Switching (APS) on SONET/SDH interfaces, there are no operational mode commands that display the presence of APS mode mismatches. An APS mode mismatch occurs when one side is configured to use bidirectional mode, and the other side is configured to use unidirectional mode. [PR/65800]
When the ATM scheduler map is programmed, the code does not check if the early packet discard (EPD) configured on the forwarding class exceeds the max_epd that the hardware supports. [PR/70336]
If you ping a nonexistent IPv6 address that belongs to the same subnet as an existing point-to-point link, the packet loops between the two point-to-point interfaces until the time-to-live expires. [PR/94954]
The output of the show interfaces diagnostics optics command includes the "Laser rx power low alarm" field even if the transceiver is a type (such as XENPAK) that does not support this alarm. [PR/103444]
Hot swapping the M120 router fan tray might cause the Check CB alarm to activate. [PR/268735]
On the JCS 1200, when you issue the clear -config -T switch[1] command using the management module, the switch module returns to its factory default setting instead of the Juniper Networks default setting. As a workaround, do not issue the command. [PR/274399]
When you configure ILMI on an ATM interface (include the ilmi statement at the [edit interfaces interface-name atm-options] hierarchy level) and a graceful Routing Engine switchover (GRES) or unified in-service software upgrade (ISSU) event occurs, the show ilmi command no longer returns any output. [PR/282051]
On a router with Frame Relay multilink configured on a MultiServices 400 PIC or on a Channelized DS3 PIC, when the minimum links value for the Frame Relay interface is set to 8 and a link is deactivated from the configuration, the link remains up. [PR/285244]
On the JCS 1200 platform, the control and management traffic for all Routing Engines share the same physical link on the same switch module. In rare cases, the physical link might become oversubscribed, causing the management connection to Protected System Domains (PSDs) to be dropped. [PR/293126]
On a Protected System Domain (PSD) configured with a large number of BGP peers and routes (for example, 5000 peers and a million routes), FPCs might restart during a graceful Routing Engine switchover (GRES). [PR/295464]
When two routers are connected via SONET/SDH interfaces that are configured as container interfaces and the Routing Engine on one router reboots, the container interfaces on the other router might go down and come up again. [PR/302757]
In some circumstances, after a graceful Routing Engine switchover (GRES), the new master Routing Engine sends an invalid LACP frame. As a result the aggregated interface fails. [PR/314855]
On MX-series routers, MAC address accounting at the egress might not work if traffic is unidirectional and no traffic flows in the reverse direction for a duration longer than the aging interval. [PR/415146]
Under some conditions, if an interface flaps for an interval that is less than the hold-down time configured value, an interface might stop forwarding even though it shows as being UP. As a workaround, enable traffic monitoring on the interface or enable and disable the interface. [PR/423065]
When a backup Routing Engine is replaced after a graceful Routing Engine switchover (GRES), the device control process (dcd) generates a new link local address on non-MAC interfaces like SONET. [PR/429078]
When the show interfaces extensive command is used, some interfaces may not display the correct value for Oversized Frames counter. [PR/437176]
On M Series, MX Series, and T Series routers, if you configure IPv6 on an interface with no MAC address (such as a SONET or loopback interface), it may cause the Routing Engine to restart. As a workaround, do not configure IPv6 addresses on interfaces that do not have MAC addresses. [PR/439252]
When you configure the payload port-data statement at the [edit family mpls hash-key] hierarchy level on M120, MX-series, or M320 platforms with E3 FPCs, the hashing algorithm might not take the port-data values into account. [PR/442223]
When configured for WAN-PHY framing, the pPorts on the 4-port 10-Gigabit Ethernet PIC (SAUZA) report zero for path-level errors (BIP-B3) in the output of the show interfaces extensive command. It should also be noted that the BIP-B3 counter does increment when path level errors occur. However this counter should be understood as an approximation and not an accurate accounting of the path-level error that actually occur on the link. [PR/447653]
On an MX960 router, when more than eight Dense Port Concentrators (DPCs) (including unconfigured DPCs) are loaded, the output of the show interface extensive command can be very slow if the source class usage destination class usage (SCU / DCU) is configured for some units. [PR/449034]
The master Routing Engine fails to establish a connection with the backup Routing Engine due to an auto negotiation issue with em1 interfaces. [PR/461469]
CRC error statistics appear in the CLI. [PR/464033]

Layer 2 Ethernet Services

On MX960 platforms, excessive fan speed transitions might occur. The workaround is to modify the up and down temperature thresholds. [PR/462044]

MPLS Applications

If you configure a label-switched path (LSP) with the no-cspf statement at the [edit protocols mpls] hierarchy level, the LSP might cycle up and down several times before stabilizing. [PR/10415]
If a cross-connected circuit (CCC) traverses a forwarding-adjacency label-switched path (LSP), traffic forwarding might be affected. [PR/60088]
When you modify the primary path for an MPLS LSP by using the delete protocols mpls label-switched-path lsp-path-name primary path-name command in configuration mode, followed by the set protocols mpls label-switched-path lsp-path-name primary path-name command, and then issue the commit command, the entire LSP (both primary and secondary) is torn down and then rebuilt from scratch. As a workaround, issue the delete protocols mpls label-switched-path lsp-path-name primary path-name command in configuration mode, followed by the commit command. Then issue the set protocols mpls label-switched-path lsp-path-name primary path-name command, followed by the commit command. [PR/62365]
When you enable per-packet load balancing on parallel label-switched paths (LSPs), the output of the show mpls lsp ingress command might display all the routes on only one of the LSPs even when traffic is evenly balanced across the LSPs. [PR/70487]
For point-to-multipoint LSP which is configured for VPLS, the ping mpls command reports 100 percent packet loss even though the VPLS connection is active. [PR/287990]
The monitor label-switched-path output control key "n" does not work. [PR/298814]
If both OSPF and IS-IS update the traffic engineering database (TED) on the same traffic engineering link, it may take some time for OSPF to update the traffic engineering database with the new MPLS administrative group (affinity) after the administrative group configuration is changed. [PR/465953]
When a large number (more than 100) of NGEN-MVPN P2MP LSPs based on an LSP template are active, the routing protocol daemon might fail if the LSP template is deleted and then added again. [PR/477376]

Network Management

Tcpdump is reporting max-response-time within the Internet Group Management Protocol (IGMP), in seconds, at the same time as it presents units of one-tenth of a second. [PR/424618]
Tcpdump output from the multicast listener query is not properly formatted. [PR/452992]
The snmpwalk on ipNetToMediaPhysAddress may show some ARP entries missing from the output when displayed using the show arp command. [PR/453855]
After changes are made to the firewall, and the counters are cleared and committed, SNMP sends the wrong value for 5 seconds and a discrepancy occurs between the CLI output and the get SNMP output. [PR/459583]

Platform and Infrastructure

If the tunnel destination is in VPN for GRE, then the encapsulation traffic may get black-holed due to the lookup being in the wrong forwarding table. [PR/45035].
On T-series platforms, a Layer 2 maximum transmission unit (MTU) check is not supported for MPLS packets exiting the routing platform. [PR/46238]
When you configure a source class usage (SCU) name with an integer (for example, 100) and use this source class as a firewall filter match condition, the class identifier might be misinterpreted as an integer, which might cause the filter to disregard the match. [PR/50247]
On a Monitoring Services III PIC configured as a dynamic flow capture (DFC) interface (dfc-fpc/pic/port), when you configure the DFC interface as the next hop in a forwarding path, port-mirrored packets might become corrupted. [PR/60799]
If you configure 11 or more logical interfaces in a single VPLS instance, VPLS statistics might not be reported correctly. [PR/65496]
When a large number of kernel system log messages are generated, the log information might become garbled and the severity level could change. This behavior has no operational impact. [PR/71427]
On the M320 and T-series routing platforms, there is a process that monitors FPCs while they transition to an online state. If an FPC is busy and cannot complete the transition within the time limit, the process might time out and prevent the FPC from coming online. [PR/72364]
In the situation where a Link Services (LS) interface to a CE router appears in the VPN routing and forwarding table (VRF table) and a fragmentation is required, Internet Control Message Protocol (ICMP) cannot be forwarded out of the LS interface from a remote PE router that is in the VRF table. As a workaround, include the vrf-table-label statement in the configuration. [PR/75361]
On T-series routing platforms, the commit operation succeeds when you include the no-labels statement at the [edit forwarding-options hash-key family mpls] hierarchy level, but MPLS labels are still included in the hash key. [PR/80334]
Traceroute does not work when ICMP tunneling is configured. [PR/94310]
When the configuration present in init.conf includes values in a nonstandard order, the init parser returns a syntax error. It should parse the information regardless of relative position. [PR/94576]
On T-series routers or the M320, multicast traffic with the “do not fragment” bit set is being dropped due to configuring a low MTU value. The router might stop forwarding all traffic transiting this interface if the clear pim join command is executed. [PR/95272]
A firewall filter that matches the forwarding class of incoming packets (that is, includes the forwarding-class statement at the [edit firewall filter filter-name term term-name from] hierarchy level) might incorrectly discard traffic destined for the Routing Engine. Transit traffic is handled correctly. [PR/97722]
The JUNOS software does not support dynamic ARP resolution on Ethernet interfaces that are designated for port mirroring. This causes the Packet Forwarding Engine to drop mirrored packets. As a workaround, configure the next-hop address as a static ARP entry by including the arp ip-address statement at the [edit interfaces interface-name] hierarchy level. [PR/237107]
When you commit a new configuration for nonstop active routing (NSR) on a primary Routing Engine that differs from the configuration for nonstop routing that is already running on the backup Routing Engine, the routing protocol process stops functioning on the backup Routing Engine. Traffic forwarding is not affected. [PR/253001]
Currently, the JUNOS Software cannot build an outbound serial connection through the AUX port. For example the Software cannot build an outbound serial connection to a console on an adjacent router. [PR/256818]
When Periodic Packet Management (PPM) delegation for Bidirectional Forwarding Detection (BFD) sessions is disabled (the delegate-processing statement is removed at the [edit routing-options ppm] hierarchy level), the BFD sessions might be terminated (because a "state is down" message is sent) and reestablished. [PR/280233]
When you perform an in-service software upgrade (ISSU) on a routing platform with an FPC3 or an Enhanced FPC3 with 256 MB of memory and the number of routes in the routing table exceeds 750,000, route loss might occur. If route loss occurs, as a workaround, perform either of the following tasks: (a) replace the FPC3 or Enhanced FPC3 with another FPC that has more memory, or (b) after the ISSU is complete, reboot only the FPC3 or Enhanced FPC3. [PR/282146]
For Routing Engines rated at 850 MHz which appear as RE-850 in the output for the show chassis hardware command, messages like the following might be written to the system log when you insert a PC Card: “Bad Vcc request” or “Device does not support APM.” These messages can be ignored since the operations that involve the PC Card are working properly. [PR/293301].
Next-hop marking (marked with a "-") in the show route forwarding-table command output indicates which next hops may not transmit traffic in a hierarchical load-balancing topology (for example, multiple load-balanced LSPs over multiple paths or aggregated interfaces). The forwarding-options indexed-next-hop statement was added to address hierarchical load-balancing issues, but configuring this statement may result in the next-hop marking being inaccurate, and the markings should be ignored. [PR/293306]
On a Protected System Domain, under the following conditions an FPC might generate a core file and stop operating: (a) a firewall policer with a large number of counters (for example, 20,000) is applied to a shared uplink interface, and (b) the FPC that houses the interface does not have a sufficiently powerful CPU. As a workaround, reduce the number of counters or install a more powerful FPC. [PR/311906]
The SSB servers have an error when you delete a string from the redix tree followed by a reboot. [PR/312453]
With aggregated interfaces and graceful Routing Engine switchover (GRES) enabled, when the neighboring machine goes down, the next hop turns to a hold next hop waiting to be resolved. If the next hop is resolved immediately, there is a possibility for the replicated Routing Engine to panic. [PR/394209]
When a Compact Forwarding Engine Board (CFEB) failover occurs on an M10i or M7i router that has been configured with 4k or more IFLs, the following message displays, “ IFRT: 'IFD ioctl' (opcode 10) failed ifd 153; does not exist IFRT: 'IFD Ether autonegotiation config' (opcode 163) failed.” This messages does not affect the operation of the router. When the backup CFEB becomes the active CFEB, the message will not display. [PR/400774]
On M320, M120, T-Series and MX-Series routers, traceroute egressing an LSP, configured for explicit-null and no-decrement-ttl or no-propagate-ttl, might not show the transit IP hop router immediately after LSP egress router. [PR/438735]
The following message, “authd[1083]: LICENSE_SOCKET_FAILURE: 'evConnect' failed for socket 8” appears in the system log. This message can be ignored. [PR/446331]
On M Series routers, if you disable and then enable IPv6 on an interface, routing on that interface will no longer work. [PR/459781]
The CLI statement edit system saved-core-files can only save approximately 10 core files on the router even though it is supposed to have a value range from 1 to 64. [PR/466461]
When the routing protocol daemon (rpd) fails, after rpd restarts, the daemon is sometimes unable to install new LSI logical interfaces. The following error is returned: “ENOMEM”. [PR/473774]
An FPC might stop forwarding traffic when an aggregate interface flaps and the router uses a per-prefix load balancing (which is the default configuration) for some prefixes. As a workaround, use load balancing per-packet policy for all prefixes (per-flow load balancing) or do not use the aggregate interfaces flap. [PR/477326]

Routing Protocols

The CLI allows you to commit a configuration that specifies a value higher than 32 for the metric statement at the [edit protocols dvmrp interface all] hierarchy level, however values higher than 32 are invalid. [PR/33429]
If a router receives a Pragmatic General Multicast (PGM) Source Path Message (SPM), it does not create a forwarding cache, nor does it forward the message to other routers as a heartbeat, as specified in RFC 3208. Also, the router’s multicast cache might time out if it does not receive actual PGM data (ODATA) for more than 6 minutes. As a workaround, configure the PGM source application to send PGM ODATA at least once every 6 minutes. The ODATA acts as the heartbeat message in lieu of the SPM messages and ensures that the multicast and forwarding caches are created and updated. [PR/37504]
When you configure damping globally and use the import policy to prevent damping for specific routes, and a new route is received from a peer with the local interface address as the next hop, the route is added to the routing table with default damping parameters, even though the import policy has a nondefault setting. As a result, damping settings do not change appropriately when the route attributes change. [PR/51975]
If a BGP group is created but without any defined peers, a warning message appears when the configuration is committed. [PR/63279]
When you issue the show ldp traffic-statistics command, the following system log message might be generated for all forwarding equivalence classes (FECs) with an ingress counter set to zero: "send rnhstats GET: error: ENOENT -- Item not found." [PR/67647]
If ICMP tunneling is enabled on the router and you configure a new logical system that does not have ICMP tunneling enabled, the feature is globally disabled. [PR/81884]
When the flow of multicast traffic changes because an OSPFv3 link goes down, the output from the show multicast statistics inet6 command reports incorrect values in the In kbytes and In packets fields for the new ingress interface. [PR/234969]
When you commit a new configuration for nonstop routing (NSR) on a primary Routing Engine that differs from the configuration for NSR that is already running on the backup Routing Engine, the routing protocol process stops functioning on the backup Routing Engine only. Traffic forwarding is not affected. [PR/254379]
Disabling the PIM protocol by including the disable statement at the [protocols pim] hierarchy level can cause the router to stop operating until that statement is removed. As a workaround, use the deactivate protocols pim command instead. [PR/274478]
The show isis statistics command displays all of the IS-IS packet statistics. [PR/401351]
When you configure the BFD event flag trace option, the backup Routing Engine might report a down -> down event repeatedly and fill up the trace file. As a workaround, disable the use of BFD trace options to prevent excess disk usage. [PR/405022]
OSPF and IS-IS differ in how they handle the addition of a better internal or external route (smaller IGP metric) route into the protocol internal routing table. IS-IS flushes all next-hop information (including LSP next hops) when learning a better prefix, despite equal cost LSP tunnels whereas OSPF does not. However, this does not cause any issues with respect to load balancing. [PR/408702]
PIM mistakenly prefers a more specific hidden route over an active less specific route as the reverse path forwarding (RPF) route to the MCAST source. [PR/411385]
When the state for an IGMP group is exclude and the source list is non-empty, the traffic for the excluded sources will still be received and sent as if it were in the exclude state. [PR/422190]
The rendezvous point (RP) is not learned on a router where auto-rp discovery is configured. A mismatch occurs between the PIM interface configuration on a router where auto-rp discovery is configured and on a router where auto-rp mapping is configured. For example, one router has an IFL with PIM configured and the other has an IFL with PIM disabled. As a workaround, ensure that PIM is enabled on all IFLs on both routers. [PR/445917]
The BGP strip confederation logic does not include the number of memory segments to check. This leads to it running on random data, causing the routing protocol process (RPD) to fail. [PR/465624]
When a dampened route is restored, the accepted count for the peer in the show BGP summary output does not increment. [PR/473567]
If multipath is enabled on an ASBR running InterAS Option B, and there are multiple external neighbors advertising a VPN prefix during every commit (reconfig) that involves RPD then BGP generates a different label from the VPN prefix that was previously advertised to the peers that are a part of the AS. [PR/479754]
The MVPN c-multicast traffic is duplicated onto the LAN segment since the interface mismatch is not processed within the PIM. This causes a problem because the interface mismatch is needed to trigger an assert to prevent traffic duplication. As a workaround, configure PIM under the main instance. [PR/481467]

Services Applications

The show services accounting flow-detail extensive command sometimes displays incorrect information about input and output interfaces. [PR/40446]
On Adaptive Services PICs configured for IPsec tunnel redundancy, if there are a large number of tunnels, sometimes a few of the tunnels might switch over to the backup tunnel. [PR/46733]
The clear services stateful-firewall flows command may cause the Juniper Networks Multiservices DPC to fail. This command should be avoided. [PR/472386]
When a routing platform is configured for graceful Routing Engine switchover and Adaptive Services (AS) PIC redundancy, and a switchover to the backup Routing Engine occurs, the redundant services interface (rsp-) always activates the primary services interface (sp-), even if the secondary interface was active before the switchover. [PR/59070]
For Adaptive Services II PICs, even if you do not configure flow collector services, a temporary file might be created every 15 minutes in the /var/log/flowc/ directory. The file is deleted if there are no clients, and re-created only when a client connects and attempts to write to the file. [PR/75515]
When the PGCP configuration contains values for RTCP traffic management for sustained-data-rate or peak-data-rate (at the [edit pgcp gateway gateway-name h248-properties traffic-management sustained-data-rate rtcp] hierarchy level), SIP calls may fail with error code 500 (Internal Server Error). The default values of the RTCP SDR and PDR are 5% of RTP's SDR and PDR. If the configuration overrides these values and sets RTCP's SDR to be higher than the PDR, media gates for calls will not be created, and the call is rejected with error code 500. [PR/400618]
When you configure Layer 2 TP with link fragmentation and interleaving (LFI), the MultiServices PIC drops a significant number of MLPPP fragments. [PR/401247]
The GRES feature for high availability (HA) doesn't work for IDP in JUNOS 9.4. This problem occurs with dual Routing Enginess where the IDP deamon doesn't run on the Routing Engines when it is configured as the secondary. In addition, command forwarding for the IDP security package download or install does not work properly between the dual Routing Enginess. [PR/406252]
On an M7i or M10i router with the enhanced CFEB, if you issue the deactivate forwarding-options sampling command, sampling stops for both IPv4 and IPv6 traffic. If you subsequently issue the activate forwarding-options sampling command, sampling resumes but only for IPv4 traffic. [PR/415140]
The Multilink Point-to-Point Protocol (MLPPP) reassembly logic does not perform a strict out-of-order check. In a multi-CPU packet handling environment, packets arriving later may be processed before the first. [PR/430296]
When a Session Initiation Protocol (SIP) malformed packet that is not compliant to RFC 2543 in ch.6.40 and is received by the SIP Application-level gateway (ALG), it might cause the Service PIC to restart. [PR/467600]

Subscriber Access Management

When dynamic IP address assignment is configured, if there is only one address left in the address allocation pool and an attempt to authenticate with a service fails (because, for example the authentication request specifies an invalid service name), a subsequent authentication attempt for the service also fails. The following messages might appear in the log for the authentication process (authd): "assigned address address in use, trying next available" and "Unable to assign an address." [PR/305516]
Demux GRES is not supported in JUNOS 9.4. [PR/410567]

User Interface and Configuration

The configuration CLI does not warn the user if the same UID is configured for multiple users. [PR/55774]
Performance is considerably slower for users who have permissions controlled by Juniper-Allow commands and Juniper-Deny commands and have complex regular expressions configured under these same commands. The workaround is to define the expressions in the allow-configuration and deny-configuration commands in a restrictive manner. [PR/63248]
When the get-configuration or load-configuration commands are run using JUNOScript, these events are not recorded in the system log. [PR/64544]
On M20 routers, after a Routing Engine mastership switchover, it might not be possible to enter CLI configuration mode on the new master Routing Engine. Also, the request system reboot and request system halt commands do not clearly fail but do not return the CLI prompt either. [PR/64899]
The Junoscript Perl module for NETCONF does not support the configuration-text. [PR/82004]
The logical system administrator can modify and delete master administrator-only configurations by performing local operations such as issuing the load override, load replace, and load update commands. [PR/238991]
A user belonging to a login class with limited rights to modify a specific firewall filter cannot use the insert command to reorder firewall terms. [PR/310872]
The IPv6 PMTU discovery time out variable is ip6_pmtu_timeout instead of path_mtu_timeout. [PR/315133]
Users who have super user privileges have their access restricted to view permission when they login through the Terminal Access Controller Access Control System. [PR/388053]
False messages occur on the backup routing engine (RE) when executing commit sync command. [PR/395716]
Using the filter config-text in the NETCONF get-config command results in a syntax error and the router configuration cannot be returned in ASCII format. [PR/430799]
The JUNOScope AIS script deployment feature applies a configlet to the router which includes an optional parameter, load-scripts-from-flash. The load-scripts-from-flash parameter may cause conflicts in existing commit-scripts if the scripts are stored on a hard drive. [PR/434574]

VPNs

When you modify the frame-relay-tcc statement at the [edit interfaces interface-name unit logical-unit-number] hierarchy level of a Layer 2 VPN, the connection for the second logical interface might not come up. As a workaround, restart the chassis process (chassisd) or reboot the router. [PR/32763]
Traffic might not flow when an ATM interface is used as the access circuit on an M120 router. [PR/255160]
When a provider edge (PE) router acts as the auto-RP mapping agent for a PIM multicast instance within a Multiprotocol BGP Layer 3 VPN, the rendezvous point (RP) elections are handled correctly on other routers in the VPN, but do not work on the mapping agent. Also, when you issue the show pim rps instance command on the mapping agent router, no RP information appears. [PR/305325]
For a VRF instance configured for PIM, MVPN, and provider tunnels (the pim and mvpn statements are included at the [edit routing-instances vpn-name protocols] hierarchy level and the provider-tunnel statement is included at the [edit routing-instances vpn-name] hierarchy level), when PIM is deactivated and reactivated, it fails to install type-5 (source-active) routes in the instance-name.mvpn.0 routing table. This issue arises only when remote C-multicast joins are configured on the ingress provider edge (PE) router (as displayed by the show mvpn c-multicast command). [PR/306983]
When an LSP switches from a primary path to a bypass path, Layer 2 circuits might go down and come up again, resulting in a packet loss. [PR/309085]
When you configure inter-AS VPLS with MAC processing at the autonomous system (AS) boundary router along with multihoming, and if a designated forwarding AS boundary router fails and then comes back up again, traffic flowing to the local AS from the other AS’s boundary router might be lost. The loss occurs in the time period (tenths of a second) during which the old designated forwarding AS boundary router is taking back the role of designated forwarder. [PR/312730]
Under certain circumstances, if BGP is configured as the provider edge (PE) router to CE router protocol in a Layer 3 VPN routing instance, renaming the routing instance can cause the provider edge (PE) router to CE router session to stay down. [PR/399275]
In Layer 2 CCC scenario packets where the size is less than 64 bytes, the scenario packets may be erroneously padded when forwarded through an Ethernet uplink. As a consequence, the packet sizes arriving at the remote end will not correspond to the originally sent ones. [PR/420037]
On a BGP Layer 3 VPN provider edge router with a combination of: (1) label-per-nexthop in the VRFs, (2) configuration of the same IP Addresses in different VRFs, (and 3) a need for an indirect next-hops within the VRFs, then label routes, with an indirect next hop, may be created incorrectly in the master instance table mpls.0. [PR/436404]
After the ingress provider edge (PE) router for an NG MVPN instance performs a GRES event, the egress routers could fail to install a new forwarding state for the multicast traffic. Clearing the BGP session on the ingress router can restore traffic to all egress routers. [PR/441392]

Resolved for 9.4R4

Class of Service

After the aggregate chassis configuration is deactivated then activated, the classifier might not be properly applied on aggregate interfaces. [PR/442240: This issue has been resolved.]
After a GRES switchover, packets might not be properly classified. [PR/452169: This issue has been resolved.]
For Software Releases 9.3R4.4 or 9.4R3.5 in an MPLS environment, when T Series or TX Series routers perform PHP, unpredictable values maybe written to the IP TTL field of egress IP packets. This problem occurs on T-Series Enhanced Scaling FPCs (FPC Type 3-ES, FPC Type 4-ES) and when the router is performing PHP. [PR/463989: This issue has been resolved.]
MX Series and M120 routers may have incorrect transmit-rate values programmed for interface output queues. [PR/467103: This issue has been resolved.]

Forwarding and Sampling

When upgrading from JUNOS Release 8.x to JUNOS 9.1 and above, sampled process may restart over time. This problem occurs because of processes that take larger memory due to the as-path record size which was changed from 16 to 32 bit to accommodate ASN 4 byte support in JUNOS Release 9.1 or later. [PR/448521: This issue has been resolved.]

General Routing

The show helper statistics and clear helper statistics statements are not available on the Mx Series platform for the following JUNOS Software Releases: 9.3R4, 9.4R4, 9.5R3, and 9.6R2. [PR/445240 This issue has been resolved.]

High Availability

When you issue the show chassis ethernet-switch statistics command on a routing platform with graceful Routing Engine switchover enabled, the two Routing Engines might be unable to exchange information for about 2 seconds. [PR/233779: This issue has been resolved.]
After an ISSU software upgrade on the MX Series router, you might see a kernel database replication error for an ISSU prepare timeout and a core dump. This problem may be due to issues with the allocated schedulers after the ISSU. This issue is seen only with Gigabit Ethernet Enhanced Queuing IP Services DPCs. [PR/427694] [PR/427694: This issue has been resolved.]

Interfaces and Chassis

XFP-OC192-SR may report XFP read fail, retry for 1 times randomly. This is a cosmetic issue and does not affect the interface functionality. [PR/262883:This issue has been resolved.]
A hardware issue in the DFPGA causes interruptions to occur from links (non-zero) that are not configured or enabled in the PIC and then cause the system log to overload and eventually leads to a PC failure. [PR/455877: This issue has been resolved.]
Improper functioning of VRRP over AE interfaces occurs with a native-vlan-id configuration. [PR/468167: This issue has been resolved.]
When an untagged aggregated Ethernet interface is configured with LACP and GE IQ2 PICs as the child interface, the input packet count might be constantly decremented to zero when no data packets arrive on the interface. The decrease in packet count is equal to the incoming LACP packet count. [PR/471177: This issue has been resolved.]
When a Tri-Rate copper small form-factor pluggable transceiver (SFP) is installed in a DPCE-R-20GE-2XGE board and is replaced with a SFP-LX/SFP-SX, the link fails. [PR/473127: This issue has been resolved.]

MPLS Applications

When a point-to-point LSP has a primary path and some secondary paths that are experiencing signaling problems (when CSPF computation is fine, but signaling keeps failing and retrying) except for one secondary path, and a make-before-break signaling is performed for that secondary path (that is up), due to auto-bandwidth or path re-optimization, it is possible that the LSP's RSVP source port (LSP ID) space may wrap. When this happens, the source port of that secondary path will be allocated to another path, causing the PSB of the secondary path to be associated with the other path, eventually leading to a routing protocol process (RPD) crash.
Similarly, the branch ID and the source port ID (LSP ID) of a point-to-multipoint LSP may wrap in some make-before-break and signaling retry situations, causing the same RPD crash. [PR/265242: This issue has been resolved.]
Configuration of a non-existent IP address in the MPLS path for an LSP could result in memory leakage in the RPD. [PR/459254: This issue has been resolved.]
When the hop-limit is enabled under the protocols mpls label-switched-path syntax and the FRR is enabled, the detour path may not be established successfully. [PR/462074: This issue has been resolved.]
The mplsResourceTunnelTable reports bandwidth in bps instead of kbps. [PR/432716: This issue has been resolved.]
In a PE router, when an uplink is deactivated, the MPLS LSP BFD session over this link may not switch to other uplinks. [PR/454071: This issue has been resolved.]
When MPLS traceroute is executed in downstream mapping TLV (TLV 2), the reply packet contains misleading values because of an MPLSOAMD error. [PR/454796: This issue has been resolved.]

Platform and Infrastructure

On MX, M120, or M320 with E-3FPC platforms, a logical interface flap may trigger a jtree memory leak. [PR/403472: This issue has been resolved.]
Following an FPC reset, the next-hop route pointing to the service PIC interface running RPM might be incorrect. [PR/438599: This issue has been resolved.]
Catastrophic events such as the FPC failing corrupts next hop databases. In such cases, panic is caused by a stack overflow/recursion and can result in a core dump. [PR/448074: This issue has been resolved.]
A reboot fails on the Routing Engine line card chassis of the TX Matrix Router due to an incorrect NTP query. [PR/450217: This issue has been resolved.]
MX-series tunnel interfaces configured on DPC show traffic incorrectly on other interfaces. [PR/450844: This issue has been resolved.]
In certain situations on the T-Series or M320 routers, if the aggregated Ethernet (AE) uplink comes up after the Layer 3 VPN routing-instance is configured, the Layer 3 VPN traffic might get black-holed. [PR/451635: This issue has been resolved.]
The FPC experiences a heap memory leak when Ethernet OAM protocols are configured. The workaround is to disable the Ethernet OAM protocols. [PR/453842: This issue has been resolved.]
Due to a JUNOS software issue, M120 FEB/FPCx can overreact to CPU L2 cache single-bit-error. As a result, it reboots by a single-bit-error event. [PR/457157: This issue has been resolved.].
On MX Series or M120 or M320 platforms with E3-FPC, every change or removal of the local interface address might trigger a jtree memory leak of 16 bytes. The same memory leak happen if you delete the logical unit of an interface or the entire interface and then perform changes to the Firewall filter attached to the loopback interface. This leak occurs if there is a loopback firewall filter configured. If you remove the loopback filter, jtree memory is not freed. [PR/457717: This issue has been resolved.]
When IP packets are received and transmitted using IRB in VPLS instances where these packets require fragmentation, the interface may stop transmitting. [PR/458423: This issue has been resolved.]
On M Series and T Series Platforms the PFE might fail or assert without a failure with the Ethernet transmit ring buffer overflow condition. [PR/462934: This issue has been resolved.]

Routing Protocols

Disabling the PIM protocol with the set protocols pim disable statement can cause the router to stop operating until that statement is removed. As a workaround, use deactivate protocols pim instead. [PR/274478: This issue has been resolved.]
BGP NSR, configured with route-flap dampening, causes an error after the initial state synchronization completes when dampening occurs on some prefixes at the same time as the Initial state synchronization occurs between the master and the backup RPD. [PR/312098: This issue has been resolved.]
On routers that are running OSPF and advertising an indication LSA for a DC incapable neighbor, a corruption might occur in the router which causes the RPD to fail. There is no workaround. [PR/406276: This issue has been resolved.]
In a scaled BGP configuration with NSR configured, under rare scenarios, BGP might misinterpret socket fullness and close the session instead of retrying. [PR/443507: This issue has been resolved.]
When non-stop routing (NSR) is enabled, alternate paths for BGP prefixes with identical attributes may not be copied to the backup Routing Engine upon an Routing Engine switchover or in other situations when the backup Routing Engine needs to get routing updates from the master Routing Engine. [PR/458402: This issue has been resolved.]
When BGP NSR is configured along with sampling (under forwarding-options sampling), duplicate updates for some prefixes could be sent during RE switchover. [PR/458669: This issue has been resolved.]
On a certain error condition during negotiation with a very old router, the sending of the the 4byte-AS capability was not consistent with the sending of the the other capabilities. [PR/462930: This issue has been resolved.]
The router might fail if a non existent table is referenced when using the rib-groups statement. [PR/467332: This issue has been resolved.]
If a reject route is present for the address of an Multicast Source Discovery protocol (MSDP) SA originator, the routing protocol process (RPD) might crash. [PR/469142: This issue has been resolved.]
If the routing options forwarding-table indirect-next-hop statement is set in the configuration, every commit that changes a parameter related to routing results in several minutes of 90 percent or more CPU load by the routing protocol process (RPD). The workaround is to turn off the knob. [PR/475117: This issue has been resolved.]
When performing an ISSU upgrade, the BGP session might flap due to differences in the negotiation of keepalive messages between versions. [PR/476285: This issue has been resolved.]
The routing protocol process (RPD) CPU usage may increase if both BGP multipath and family inet-mpvn are configured under BGP. [PR/479574: This issue has been resolved.]

Services Applications

While using the dynamic endpoint configuration for IPsec services, and dedicated interfaces on the same gateway address, only the first interface configured in a given routing instance is able to forward traffic. [PR/448498: This issue has been resolved.]
MultiServices PIC (MS-PIC) fails while handling RTSP flows. [PR/455649: This issue has been resolved.]
When using the Service PIC or the Service DPC with statefull firewall and NAT service, and some specific SIP traffic, the PIC might fail. [PR/459378: This issue has been resolved.]
A problem occurs when you are clearing the state with a connection reset using a RST packet. [PR/466506: This issue has been resolved.]
An Application-level gateway (ALG), may cause memory corruption when certain flows in the session are closed ahead of the main initiator flow. [PR/475436: This issue has been resolved.]
The router reader translation is incorrectly performed by SIP Application-level gateway (ALG) when it contains only an IP address and the port is not specified. [PR/482998: This issue has been resolved.]
The route header is not translated properly by SIP Application-level gateway (ALG). [PR/483014: This issue has been resolved.]
The SIP parser drops the “200 OK for REGISTER” message if the contact has multiple entries. [PR/483030: This issue has been resolved.]

User Interface and Configuration

During commit synchronize, the backup Routing Engine logs the commands to the TACACS+ server. As a result, the commit synchronize process takes a long time to commit. [PR/424255: This issue has been resolved.]
When issuing the set cli complete-on-space off command, unexpected CLI authorization behavior might occur. [PR/426916: This issue has been resolved.]
A memory leak occurs in the event daemon (eventd) upon executing event scripts. However, the leak is slow (8,000 to 24,000 per script execution). [PR/457989: This issue has been resolved.]
The router does not return the username in the accounting packet sent to the RADIUS server. The following issues have been noticed:
- The acc-start uses the "remote" username despite the real username being available.
- The interim-update has no username.
- The stop message has no username.
[PR/472704]

VPNs

If you create new VPLS instances with a provider-tunnel point-to-multipoint (P2MP) label-switched path template, the routing protocol daemon (RPD) might restart, creating P2MP LSP paths. [PR/442544: This issue has been resolved.]
The routing protocol process fails if the Routing Engine containing the auto-RD configuration for Layer 2 VPNs or VPLS routing instances is rebooted. [PR/469847: This issue has been resolved.]
The VPLS instance on the MX960 does not learn the remote CE MAC address after issuing the clear vpls mac-address command. [PR/476020: This issue has been resolved.]

Previous Release

Resolved for 9.4R3

Software Installation and Upgrade

On MX platform (MX960, MX480, and MX240), after performing JUNOS upgrade using ISSU procedure, if any interface running PIM flaps, PIM adjacency on this flapped interface may not come up. As a workaround, deactivate or delete the interface from [edit protocols pim interfaces] configuration and add it back. [PR/453485: This issue has been resolved.]

Platform and Infrastructure

On the M320 and T-series routing platforms, when you configure the local gateway of an IPsec tunnel in a routing instance, IPsec might not function properly over a generic routing encapsulation (GRE) tunnel. [PR/73864: This issue has been resolved.]
A large volume of next-hop changes in a short period may cause a small number of packets being lost or sent to the wrong destination. [PR/411567: This issue has been resolved.]
Under rare circumstances, it is possible for the kernel to panic on the TX Matrix LCC or on the SRX platform following a Routing Engine switchover or RDP connection timeout between the LCC and SCC. [PR/416973: This issue has been resolved.]
In JUNOS Release 9.3R1 or higher, on Juniper Networks routers with Type 4 FPCs or T1600 routers, multicast traffic is not counted within the interface statistics counters once class-of-service rewrite rules have been applied to the interface. [PR/420681: This issue has been resolved.]
If a duplicate address is detected for IPv6 family on an Ethernet interface, the DAD does not get restarted even after the interface goes down and comes up. [PR/421241: This issue has been resolved.]
If a duplicate address is detected for IPv6 family on an Ethernet interface, the DAD does not get restarted even after the interface goes down and comes up. The has been fixed in 9.3 and above released after April 23rd, 2009. [PR/424741: This issue has been resolved.]
The input statistics of the AE interface shows the wrong value if the member link is part of IQ-2 PIC. [PR/429771: This issue has been resolved.]
On MX-series platforms, the FPC might reboot without a core dump if the DWDM is incorrectly configured. Either disconnect the offending link or configure the disable statement at the [edit interfaces] hierarchy level to stop the FPC reboots. [PR430703: This issue has been resolved.]
When configuring Proxy ARP on unnumbered interfaces, the router can incorrectly answer address collision detection ARP requests, causing DHCP clients to decline the offered address. [PR431192: This issue has been resolved.]
When you configure flow monitoring on a T1600 router with a T640 or T1600 Enhanced Scaled FPC4, if both input and output traffic are located on the same bottom Packet Forwarding Engine, the next hop address and output interface are set to 0. [PR/431567: This issue has been resolved.]
On MX-series and M120 routers, and M320 routers with an Enhanced III FPC, if the VRF configuration includes the vrf-table-label statement, a DPC or FPC might have an error when an MPLS packet with time-to-live (TTL) equal to 0 (zero) or 1 (one) is processed at the egress provider edge (PE) router. [PR/436017: This issue has been resolved.]
The Address Resolution Protocol (ARP) retry count might be incorrect. For example, instead of sending out the first five retries every second, the third and consequent retries might be sent out every 15 seconds. [PR/436580: This issue has been resolved.]
In JUNOS 9.1 or earlier, when MVPN is configured with auto-RP and there is a change in the RP of the default routing instance then an RP address changes and an Layer 2 descriptor leak occurs. [PR/436637: This issue has been resolved.]
On MX-series platform with a Combo DPC (20-port 1-Gigabit Ethernet 2-port 10-Gigabit Ethernet), if the family mpls statement is included at the [edit interfaces <interface-name><unit><logical-unit-number>] hierarchy level for the any 1-Gigabit Ethernet port of a DPC slot, the show interfaces statisticscommand reports zero values for input traffic at all ports. This issue does not affect the input traffic statistics for the 10-Gigabit Ethernet ports. This is a cosmetic issue and does not affect functionality. [PR/436653: This issue has been resolved.]
SCU configuration causes the PFE to drop some host-bound packets on M320 and T-series routers [PR/438261: This issue has been resolved.].
Following an FPC reset, the next-hop route pointing to the service PIC interface running RPM might be incorrect. [PR/438599: This issue has been resolved.].
Under certain circumstances intelligent queuing PIC might not be able to boot properly on E3-FPC. [PR/438678: This issue has been resolved.].
When the FPCs for T1600-FPC4-ES, T640-FPC4-1P-ES, T640-FPC1-ES, T640-FPC2-ES, and T640-FPC3-ES receive corrupted cells through high-speed links, they might unnecessarily reboot and report the following system log error message: "Unrecoverable Error: Flist gtop bit toggled !." No reset is needed to recover from this condition. [PR/441844: This issue has been resolved.].
In JUNOS Version 9.3 or later and on T1600, TX or T640 Platform installed with one of the following Flexible PIC Concentrators (FPC's) T1600-FPC4-ES,T640-FPC4-1P-ES,T640-FPC4-ES,T640-FPC1-ES,T640-FPC2-ES and T640-FPC3-ES, the jtree memory might get corrupted once routes are deleted while the traffic is send to those prefixes. This can result in permanent or transient packet drops. One or more of following symptoms might get logged in the system log:
- SRCHIP(1): 131072 Discards – stack underflow
- SRCHIP(1): 129735 Discards - truncated key - next hop
- SRCHIP(1): 4670347 Multicast list discard route entries
- SRCHIP(1): 4670347 Multicast list discard route entries
- SRCHIP(1): SOF (58) >= DMA length (46) (Read Channel)
- SRCHIP(1): RKME int_status 0x300
- SRCHIP(1): 14486 Discards - illegal BTT
- SLCHIP(1): 1617082 new errors (illegal link) in DESRD last stream 0 last lout_key 0xabd0e
- SLCHIP(1): 1622998 new errors (packet error) in HDRF, lout_hdrf_poll_stats
There is no workaround and an FPC reboot might be needed to recover. [PR/441844: This issue has been resolved.].
On T1600, TX Matrix, or T640 routers installed with one of the following Flexible PIC Concentrators (FPCs)—T1600-FPC4-ES, T640-FPC4-1P-ES, T640-FPC4-ES, T640-FPC1-ES, T640-FPC2-ES and T640-FPC3-ES—and JUNOS Version 9.3 or higher, jtree memory might get corrupted once routes are deleted while traffic is send to those prefixes. This can result in permanent or transient packet drops. One or more of the following symptoms might be logged in the system log:
- SRCHIP(1): 131072 Discards - stack underflow
- SRCHIP(1): 129735 Discards - truncated key - next hop
- SRCHIP(1): 4670347 Multicast list discard route entries
- SRCHIP(1): SOF (58) >= DMA length (46) (Read Channel)
- SRCHIP(1): RKME int_status 0x300
- SRCHIP(1): 14486 Discards - illegal BTT
- SLCHIP(1): 1617082 new errors (illegal link) in DESRD last stream 0 last lout_key 0xabd0e
- SLCHIP(1): 1622998 new errors (packet error) in HDRF, lout_hdrf_poll_stats
There is no workaround and an FPC reboot might be needed to recover. [PR/443171: This issue has been resolved.]
The kernel may have an error due to loss of a watchdog if several packets are sent out from the routing engine through an aggregated synchronous optical networking (SONET) interface when the logical interface is down and the physical interface is up. [PR/449361: This issue has been resolved.].
FIPS 140-2 Level 2 mode operation is not supported, when dual REs are in the router. [PR/449750: This issue has been resolved.].
In an Layer 3 VPN PE carrying multicast routes, an error in the kernel crash might occur when an FPC homing on an aggregate Ethernet interface is restarted. [PR/452999: This issue has been resolved.].
Due to a JUNOS software issue, M120 FEB/FPCx can overreact to CPU L2 cache single-bit-error. As a result, it reboots by a single-bit-error event. [PR/457157: This issue has been resolved.].

User Interface and Configuration

When you set the time-zone statement at the [edit system] hierarchy, it might cause the backup Routing Engine to lock the configuration. As a result, you would no longer be able to reboot the Routing Engine or perform any commits. To clear the issue, you must log into the backup Routing Engine and issue the clear system commit command. [PR/309100: This issue has been resolved.]
Wildcard apply groups do not work properly in JUNOS Releases 9.1, 9.2, 9.3R1 and 9.3R2. [PR/425355: This issue has been resolved.]
When you issue the commit confirmedcommand on a TX Matrix platform, it might not roll back to the original configuration as expected when the commit is not confirmed. [PR/425642: This issue has been resolved.]
The SSH/Telnet sessions may timeout for a longer than usual period of time if a user or password is not provided. [PR/428116: This issue has been resolved.]
After the following steps an idle sync-other-re process may be shown in the configuration mode.
- Enable GRES and perform a commit synchronize on the backup RE.
- Perform a request chassis routing-engine master acquire on the backup RE after the GRES is ready.
[PR/433164: This issue has been resolved.]
When you configure traceoptions at the [edit system scripts commit] hierarchy level, the router sometimes produces commit errors. [PR/438289: This issue has been resolved.]

Interfaces and Chassis

On channelized OC12 intelligent queuing (IQ) interfaces, incoming code violation path (CV-P) messages might not trigger the sending of remote error indication path (REI-P) messages. [PR/47188: This issue has been resolved.]
In TX Matrix router, the show chassis fpc fpc-number command returns an error instead of showing FPC information when the FPC number is greater than 8. [PR/387956: This issue has been resolved.]
On the T1/E1 Circuit Emulation PIC, if you specify an invalid value for the payload-size statement at the [edit interfaces (t1 | e1)-fpc/pic/port satop-options] hierarchy level, the DS1 alarm LOF is raised, as reported in the output from the show interfaces (t1 | e1)-fpc/pic/port:channel command.
The valid values for the payload-size statement are as follows:
- In T1 mode, a multiple of 24 in the range 24 to 1024
- In E1 mode, a multiple of 32 in the range 64 to 1024
[PR/395143: This issue has been resolved.]
When you reboot an FPC while it is coming on line and if the FPC adding process is interrupted before it is successfully completed, the chassis process does not operate properly. [PR/400676: This issue has been resolved.]
The output for queue counters under the CLI command show interfaces extensive may be incorrect when traffic is passed at near maximum throughput to 10GE Iq2, Iq2E or ADPC. [PR/401431: This issue has been resolved.]
In JUNOS Release 9.3R1 and later, SONET Automatic Protection Switching (APS) does not work correctly on the 4-port Channelized OC3/STM1 Circuit Emulation PIC with SFP. [PR/402068: This issue has been resolved.]
Incorporating any changes in the interfaces configuration results in a small leak in the dcd process. The leak is at the rate of 16 bytes per interface configured per commit. [PR/411596: This issue has been resolved.]
The XML output is not correct when the vrrp track interface is configured. [PR/414734: This issue has been resolved.]
When you configure LACP on an AE interface, the counters with the show interfaces extensive command might display unexpected values. This problem occurs for logical interfaces that have an iif_index that matches the default iif_index of the data stream. [PR/418054: This issue has been resolved.]
The PPP MTU value of an interface protocol on a peer might change as a result of an irrelevant configuration change and cause the PPP MTU negotiation to fail. [PR/421706: This issue has been resolved.]
On the M-series platform (M10i), without a redundant rear fan tray all fans run at high speed. This is software issue. [PR/422061: This issue has been resolved.]
Using disable under an aggregate member can lead the interface to be flagged in the HARDDOWN state despite being physically up. Deactivate/Activate the interface to fix the problem. [PR/422933: This issue has been resolved.]
The address family of aggregated Ethernet child next hops was incorrectly set to the address family of the protocol interface, instead of the address family of the parent next hop. This effectively set the next-hop status of the aggregate's member links to a Discard state on the PFE. The situation can occur when the router is not receiving ARP replies over the bundle interface. Workaround to avoid this issue is to configure static ARP on AE bundles. [PR/425802: This issue has been resolved.]
When you change a hardware Field Replacement Unit (FRU) in the chassis, the craft process (craftd) might fail upon re-initializing the device list and an error results. This does not affect normal operation of the FRU. [PR/429171: This issue has been resolved.]
On MX480 and MX960, the FAN led stays green even when the FAN tray is pulled out. [PR/429521: This issue has been resolved.]
A NULL pointer reference in ifinfo, caused by loss of synchronization between GRES enabled routing-engines.. [PR/430112: This issue has been resolved.]
During the Switching and Forwarding Module (SFM) switchover process, the algorithm to switch over the SFM and take the FPC off line had a flaw and did not clear the hard and soft errors on each FPC. [PR/433616: This issue has been resolved.]
In rare cases the configured logical unit, family and address may be absent on an interface after the configuration is committed. If you encounter the problem, issue the CLI command restart interface-control which will apply the configuration. [PR/433659: This issue has been resolved.]
For some interfaces, when configured with the WAN-PHY framing mode, the monitor interface command might be missing some counters. [PR/435775: This issue has been resolved.]
Too many ATM2 error interrupts might cause the FPC to panic. [PR/438073: This issue has been resolved.]
In the output of the show chassis pic fpc-pic—slot command, the 40–Port Gigabit Ethernet DPC with SFP might be shown erroneously as 1000LH instead of 1000EX. [PR/438753: This issue has been resolved.]
When the sum of the shaping rate for the logical interfaces for a physical interface is greater than the physical interface's bandwidth and a rate limit is applied to one of the logical interface queues, the bandwidth limit for the queue will be based on a scaled down logical interface shaping rate value rather than the configured logical interface shaping rate. [PR/441413: This issue has been resolved.]
On M-series routers, BGP sessions flap when any configuration (even irrelevant) change happens. As a workaround, make the difference between configured MRRU and MTU to be greater than eight. [PR/442688: This issue has been resolved.]
When the ingress router re-signals an RSVP session, traffic could egress a disabled SONET interface that is part of an APS group using container interfaces. Switching the APS interfaces resolves the problem. [PR/443295: This issue has been resolved.]
If VRRP tracks a cloned route then the cloned route will always be treated as down. The reason is that the Unicast cloned routes do not get added to routing table. [PR/446408: This issue has been resolved.]

Layer 2 Ethernet Services

For MX480 only: The temperature gap between the MX480 fan speed-up and slow-down has changed from 0 degree Celsius to 5 degree Celsius. Before the change, the fan will speed up at maximum temperature of 54 Celsius and slow down to 53 Celsius (0 degree gap). After the change, the fan will speed up at maximum temperature of 56 Celsius and slow down to 49 Celsius (5 degree gap). [PR/394651: This issue has been resolved.]
Addition of LSI IFL to a VPLS routing instance after the remote VPLS site is configured on provider edge (PE) routers creates a core dump. [PR/424213: This issue has been resolved.]
Upon issuing the clear dhcp relay bindings all command, not all access-internal routes are deleted from the route table for DHCP subscribers being terminated on dynamic demux interfaces. The routes point to demux interfaces that are not present anymore. Associated ARP entries and DHCP bindings appear to be properly cleared. [PR/425279: This issue has been resolved.]
The relay-option-60 configuration stops working under a configured group if something else is changed under that group. [PR/434373: This issue has been resolved.]
After the MX–series Router reboots, no DHCP packets reach the JDHCPD log. [PR/448269: This issue has been resolved.]

Services Applications

When using L2TP services on M-Series router, every session or tunnel connection and disconnection will leak memory. [PR/312961: This issue has been resolved.]
The LPDFD, which is an internal JUNOS module, causes a memory leak resulting in the memory utilization to increasing constantly. The router might not have services configured, however LPDFD logs aggressively under the /mfs directory and also under a file system which does not reside on the disk but on the memory of the router. [PR/427488: This issue has been resolved.]
A TCP-based stateful firewall flow might remain active after the service interface inactivity timeout expires even though the corresponding TCP session is already closed. Several iterations of Reset and TCP keepalive messages might be exchanged between the peers before the flow is completely closed. [PR/446960: This issue has been resolved.]
While using the dynamic endpoint configuration for IPsec services, and dedicated interfaces on the same gateway address, only the first interface configured in a given routing instance is able to forward traffic. [PR/448498: This issue has been resolved.]
When using the Service PIC or the Service DPC with Statefull firewall and NAT service, and some specific SIP traffic, the PIC might fail. [PR/459378: This issue has been resolved.]

Subscriber Access Management

When a RADIUS initiated disconnect is attempted on a client session which does not have time-based accounting enabled, the generic authentication service process (authd) currently logs out the session and cleans up, but does not send an Ack message back to the requesting server. This may lead the RID server to retry even though the subscriber has already been successfully logged out. This problem occurs when volume-based accounting is configured or when no accounting is configured for the subscriber. It does not occur when time-based accounting is configured for that subscriber. . [PR/417765: This issue has been resolved.]

Routing Protocols

When more than one external path originates from the same autonomous system (AS), the JUNOS software does not comply with the RFC 5004 path selection algorithm. [PR/392819: This issue has been resolved.]
Deactivation of routing instances might cause the routing protocol process (rpd) to create a soft assertion failure. [PR/396122: This issue has been resolved.]
In some cases (for example, after a repeated power-down event), one of the internal database files (/var/db/lmpd-name-id.db) becames corrupt, causing the lmpd system process to fail on commit. As a workaround, delete the file and commit again. [PR/403129: This issue has been resolved.]
If a multiaccess interface is disabled, the disabled link is advertised in the router LSA after a Routing Engine switchover. [PR/418559: This issue has been resolved.]
If OSPF is in overload mode on the standby Routing Engine but not in overload mode on the primary Routing Engine, it may take a long time to install OSPF routes on the standby Routing Engine. [PR/421636: This issue has been resolved.]
In certain cases, BGP might not clear its data structures correctly when all members of a peer group go down and the peer group is deleted. [PR/423060: This issue has been resolved.]
In a large scale BGP multipath configuration, the BGP multipath calculation can consume much of the CPU’s processing ability, causing the routing process to slow down significantly. [PR/424360: This issue has been resolved.]
If RIP authentication is turned on, updates may get dropped on sequence number mismatch because they are not processed in the order they are received. [PR/429297: This issue has been resolved.]
The assert condition is not valid for cases where the pif is flapped. [PR/429392: This issue has been resolved.]
Community types are allocated randomly to the members in the community list and as a result the extended communities are treated as a regular community which causes errors in the MPLS VRF Route import functionality. [PR/430728: This issue has been resolved.]
With Non-Stop Routing enabled for BGP, it is possible that the master and backup RPD instances will fail to establish and maintain synchronized state. [PR/434162: This issue has been resolved.]
If a static route is pointing to a discard configuration, a failure may happen when the router attempts to collect the multicast statistic data. [PR/434298: This issue has been resolved.]
A Layer 3 VPN BGP using the show bgp neighbor command shows local-id 0.0.0.0 as output when NSR is enabled. [PR/434321: This issue has been resolved.]
With BGP multipath configured, BGP traceoption flags may not be refreshed after a change in the traceoption flag configuration. [PR/436440: This issue has been resolved.]
Embedded RP is not created upon receiving trigger from multicast traffic. Deactivating and activating the configuration fixes the problem. [PR/437893: This issue has been resolved.]
If PIM is disabled, embedded rendezvous point (RP) configurations might cause continuous routing protocol process (rpd) failures. [PR/438159: This issue has been resolved.]
When you configure auto-rp, if the rendezvous point (RP) configuration is deactivated and then reactivated on the provider edge router, the router fails to rediscover the RP announced by the customer edge router. [PR/438356: This issue has been resolved.]
If a rib is referenced within the FROM clause of a policy statement, the statement might be changed on every commit. This can lead to route flaps on every commit if the statement is used as the import policy for a rib group which in turn is referenced in OSPF. [PR/441557: This issue has been resolved.]
RPD may fail if a VRF routing instance is re-configured in a single commit from the Draft-Rosen MVPN to the Next-Generation MVPN with RSVP-TE inclusive provider-tunnels. [PR/442391: This issue has been resolved.]
When you configure the path-selection always-compare-med statement at the [edit protocols bgp] hierarchy level, BGP multipath might not find all the eligible paths. [PR/444629: This issue has been resolved.]
TTL for the BGP listen socket has changed from 64 to 255 to provide support for GTSM. [PR/449160: This issue has been resolved.]

General Routing

A RPD error occurs after you commit changes to a routing instance configuration. [PR/425126: This issue has been resolved.]

MPLS Applications

MPLS LSP auto-policing bandwidth was not applied to VPN routes. [PR/95326: This issue has been resolved.]
For M–series and T–series Juniper routers only: When a MPLS label-switched-path (LSP) re-optimizes or changes path and there is a signaling failure along that path, then the path change will not happen until the next LSP re-optimization event. [PR/401343: This issue has been resolved.]
The load balancing spread is affected when both the primary and the first secondary LSP are out of commission. [PR/422596: This issue has been resolved.]
When you upgrade from a pre-9.2 release to 9.2 or later, the upgrade fails if you configure set protocols ldp log-updown trap disable. [PR/432003: This issue has been resolved.]
The mplsResourceTunnelTable reports bandwidth in BPS instead of KBPS. [PR/432716: This issue has been resolved.]
MPLS LSP auto-bandwidth adjustment may stop working when while RSVP signals for the path, either optimization is initiated or the LSP goes down. [PR/438157: This issue has been resolved.]

VPNs

Applying configuration changes that remove both static P2MP LSP and a static MVPN provider tunnel group configuration, can result in RPD failure. To avoid this problem, first remove the provider-tunnel configuration and than the LSP P2MP configuration. [PR/288456: This issue has been resolved.]
When deleting a Layer 2 VPN routing instance and then adding a new VPLS routing instance using the same interface within the same commit, RPD fails. [PR/291407: This issue has been resolved.]
Multicast group addresses ending with .232 are classified as SSM groups when using multicast VPNs. These routes will not be installed in the multicast VPN routing table and all traffic destined to these destinations will be dropped. As a workaround, include the asm-override-ssm statement at the [edit routing-instances routing-options multicast] hierarchy level. [PR/426811: This issue has been resolved.]
When multicast code handles logical interface mismatch notification, it finds the active route from the (S,G); this is the route that should get installed in the forwarding plane, leading to the mismatch. Multicast then sends the mismatch notification to the protocol that owns the active route. While it is finding the active route, multicast ignores the MVPN route and the mismatch notification is dropped. [PR/431211: This issue has been resolved.]
While configuring an Layer 2 VPN routing instance, if the protocols Layer 2 VPN stanza is not included as part of the routing instance configuration when a commit is performed and instead is added during a later commit, the Layer 2 VPN session associated with this routing instance may not come up. [PR/449494: This issue has been resolved.]

Multicast Applications

When the state for an IGMP group is exclude and the source list is non-empty, the traffic for the excluded sources is still being sent and received, as if the state were exclude(g, 0). It operates this way because there does not appear to be a need for this requirement in working networks and PIM does not handle this well. For example, traffic is does not always reach its destination. [PR/422190: This issue has been resolved.]

High Availability

The MIB definitions, jnxPicXDpcCombo10X1GE and jnxPicXQDpcCombo10X1GE for Combo DPC PICs, are missing in the database which cause errors in the chassis process (chassisd) logs. [PR/418489: This issue has been resolved.]
When IPv6 is configured in an IPIP tunnel and if GRES and NSR are enabled, the backup RE might display a replication error. [PR/420102: This issue has been resolved.]
ISSU on M-series for M10i with CFEB-E might fail. [PR/429552: This issue has been resolved.]
The TX LCC has an error when ARP entries time out and are added back. This issue occurs on JunOS 9.0 and above released after August 14th 2007 and in 8.5R3.3 and 8.5 releases released after October 17th 2008. [PR/450698: This issue has been resolved.]

Class of Service

In JUNOS Release 8.4 and later, the commit or commit-check operation fails if a rewrite rule is defined both at the [edit class-of-service interfaces interface-name unit logical-unit-number rewrite-rules] hierarchy level and in a configuration group (defined at the [edit groups] hierarchy level) that is applied to that interface. The correct behavior is for the directly applied rule to override the rule inherited from the configuration group. [PR/261229: This issue has been resolved.]
Setting the port speed of a multirate POS type 2 PIC to OC3 does not correctly change the CoS speed value within the PFE. The speed is left at OC12. This will result in unexpected CoS behavior. There is no workaround. [PR/279617: This issue has been resolved.]
When you use wildcards to configure class-of-service attributes for interfaces on IQ and IQ2 PICs, the scheduler map specified for the interface might be applied to the chassis stream. Performing a Routing Engine switchover in this situation might cause the chassis scheduler map to be removed. As a workaround, you can explicitly configure a chassis scheduler map with the scheduler-map-chassisstatement at the [edit class-of-services interfaces] hierarchy level. [PR/425710: This issue has been resolved.]
When a CoS Classifier is applied to a logical unit with a wildcard (*), the default classifier is removed after the routing engine reboots. [PR/427848: This issue has been resolved.]
The packet drop cannot be brought down to zero. How ever, with this fix the packet drop should reduce by nearly half. [PR/429961: This issue has been resolved.]
For draft- rosen multicast traffic: An incorrect COS queuing and rewrite may be seen on M320 routers when the Tunnel PIC is on a standard FPC. [PR/433142: This issue has been resolved.]
On M320 routers, when the Tunnel PIC is on a standard FPC, multicast traffic conforming to Internet draft-rosen-vpn-mcast-08.txt might be subject to incorrect CoS queuing and rewrite [PR/433142: This issue has been resolved.]
The CoS DSCP classifier might not work properly on a redundant LSQ interface. [PR/435701: This issue has been resolved.]
After the aggregate chassis configuration is deactivated then activated, the classifier might not be properly applied on aggregate interfaces. [PR/442240: This issue has been resolved.]
After FPC restart the classifier might not be properly applied to the aggregate members if they have LACP configured. This error message can be seen: Jun 4 12:43:02 sting-re1 fpc0 SLCHIP(0): Unable to fathom what channel used by IFL 68 Jun 4 12:43:02 sting-re1 fpc0 SLCHIP(0): error 1 in setting QoS table 1 for ifl 68 Jun 4 12:43:02 sting-re1 fpc0 COSMAN: lchip write failed, lchip 0 while binding IFL(68) to classifier(1) Jun 4 12:43:02 sting-re1 fpc0 SLCHIP(0): Unable to fathom what channel used by IFL 68 Jun 4 12:43:03 sting-re1 fpc0 SLCHIP(0): error 1 in setting QoS table 1 for ifl 68 Jun 4 12:43:03 sting-re1 fpc0 COSMAN: lchip write failed, lchip 0 while binding IFL(68) to classifier(1)
The problem is seen on 9.3, 9.4 releases shipped after 08/15/2008. Deactivating and activating class-of-service will fix the problem. [PR/442418: This issue has been resolved.]
The OC-3/12 Multi-Rate PIC may not be able to transmit any packet. [PR/444077: This issue has been resolved.]
When an intelligent queuing PIC is offlined and onlined, the chassis scheduler map might change to [95,0,0,5]. As a workaround, deactivate the chassis scheduler map before offlining PIC and then activate the chassis scheduler map after PIC comes online. [PR/444543: This issue has been resolved.]
Tail drops are not seen in the routing engine (RE) CLI output. [PR/446617: This issue has been resolved.]

Forwarding and Sampling

For a filter whose last term has a next-term statement, if the filter: 1) is applied individually, and 2) is within the term of another filter, or is applied in an input-list or an output-list, then the firewall process will commit with errors in the log and the filters might not be applied. [PR/395561: This issue has been resolved.]
When a filter term has next term as the action, the action may be shown in the firewall log as unknown for the matched outgoing packets. [PR/421810: This issue has been resolved.]
If an input-list or output-list is configured on an interface in a logical system and the filters in the list are defined under the firewall hierarchy of the main router, and a prefix list defined under the policy-options of the main router is referenced by one of the filter in the list, the commit will be failed with error message "Referenced prefix-list xxx is not defined". This problem affects 9.3 or later. [PR/427253: This issue has been resolved.]
Upon changing policers on a Aggregate Ethernet interface, the DPC might reboot. [PR/431635: This issue has been resolved.]
Policers could not be modified after a system upgrade because of a flaw in the parser routine: when the current item is deleted, the parser cannot proceed to the next item. With the fix, the routine in the forwarding process (dwfd) has been modified so that the next item in the object tree is fetched before the current object is parsed. [PR/433418: This issue has been resolved.]

Network Management

When the SNMP get responses is larger than 9 KB, a Message too long log is reported but no SNMP gets a response failure with a code tooBig is sent back to the source. [PR/389559: This issue has been resolved.]
If the kernel is slow to respond to interface status requests made by Management Information Base II (MIB II) process (mib2d), it could be that MIB II process, is blocking the request. In addition, if there is an interface flap (link down followed by up) it is possible for the MIB II process to only recognize the latest state and sends a link down trap. [PR/421585: This issue has been resolved.]
When subagents are slow in responding to SNMP queries, the SNMP process continues to buffer the incoming SNMP requests. SNMP memory becomes exhausted after the buffer increases to a bigger value, which causes the SNMP process to fail. [PR/430106: This issue has been resolved.]
When Routing Engine 1 (RE1) is reloaded, the Management Information Base II (MIB II) process (mib2d) fails.[PR/436218: This issue has been resolved.]
When the master SNMP process (snmpd) restarts on a TX Matrix platform, the SNMP subagent running on the line-card chassis (LCC) chassis process (chassisd) tries to register MIB objects with the master snmpd. If the registration progress enters in infinite loop, it causes the master snmpd to consume high CPU utilization. [PR/438085: This issue has been resolved.]

9.4R2

The following issues have been resolved since JUNOS Release 9.4R1. The identifier following the description is the tracking number in our bug database.

Software Installation and Upgrade

The ARP aging time configuration in the system configuration stanza in JUNOS Release 9.4R1 is incompatible with the ARP aging configuration in JUNOS Release 9.3R1 or earlier and JUNOS Release 9.4R2 or later. If you have configured system arp aging-timer aging-time on an M-series, MX-series, or T-series routing platform running JUNOS Release 9.4R1 and upgrade to JUNOS Release 9.4R2 or downgrade to JUNOS Release 9.3R1, the router will display configuration errors on booting up after the upgrade or downgrade. As a workaround, delete the arp aging-timer aging-time configuration in the system configuration stanza before you upgrade or downgrade from JUNOS Release 9.4R1, and reapply the configuration after you complete the upgrade or downgrade. [PR/ 425221: This issue has been resolved.]

Platform and Infrastructure

You might encounter output drops with the 10–Gigabit Ethernet PICs. The output drops occur because the software incorrectly calculates the number of queues for polling statistics in a 10-Gigabit Ethernet PIC, even though it is different from other PICs. [PR/277693: This issue has been resolved.]
The MX Tri-rate DPC does not support MAC accounting and returns the following message: "error: MAC accounting and policing not supported." [PR/387919: This issue has been resolved.]
When you have configured the vrf-table-label statement at the [edit routing-instances routing-instance-name] hierarchy level for a VRF routing instance, IPv4 and IPv6 MTU error notification is not handled properly. On M320 routers with an incoming FPC as SFPC and an outgoing FPC as FFPC, large IPv6 packets are not being detected and discarded properly. [PR/397334: This issue has been resolved.]
When the Routing Engine requests numerous statistics that surpass a set boundary, "PFEMAN: Couldn't write..." messages might be logged and DPC core dumps might occur. [PR/398233: This issue has been resolved.]
When you configure per-packet load balancing, outgoing traffic is dropped on T640 routers. The problem is exacerbated if you have configured two PFE instances. [PR/402031: This issue has been resolved.]
Aggregate bundle child interface statistics do not account for the packets sent to a demux interface using an AE bundle as the underlying interface. [PR/403570: This issue has been resolved.]
When ifd channel mode is of type HYBRID, LSI statistics are counted every time ifl_stats are collected for each logical interface. This causes the LSI input counters to be incremented by a multiple of the logical interfaces. [PR/404857: This issue has been resolved.]
With the E-CFEB on the M10i router, the backup Routing Engine will go to the database prompt when GRES and NSR are enabled with a Layer 2 circuit configuration. [PR/409075]
The show pfe statistics command is not displaying the I-CHIP Ipktwr packet drop counts. [PR/416477: This issue has been resolved.]
Under rare circumstances, it is possible for the kernel to panic on the TX Matrix LCC or on the SRX platform following a Routing Engine switchover or RDP connection timeout between the LCC and SCC. [PR/416973: This issue has been resolved.]
For multicast traffic, if the OIF is on an aggregated interface and its member link is on a different PFE (for example, 7/1/0 and 6/1/0), multicast traffic might be lost after the FPC, which has IIF for the multicast, is rebooted. [PR/418583: This issue has been resolved.]
Initial ARP packets are discarded by the default ARP policer because when a T1600’s FPC restarts, the current credit is initialized to JT_POL_SR_CURRENT_CREDIT_MAX, which is 0xFFFFF. This has a high negative value in SR, so packets are dropped until it goes down. As a workaround, you can initialize the current credit to max_credit_limit (which is equal to (credit_limit / Rate) * time_credit), approximately equal to TC. [PR/419909: This issue has been resolved.]
The SNMP remote operations process (rmopd) might fail after configuring a BGP neighbor with a local address. [PR/420504: This issue has been resolved.]
In JUNOS Release 9.3R1 or higher, on Juniper Networks routers with Type 4 FPCs or T1600 routers, multicast traffic is not counted within the interface statistics counters once class-of-service rewrite rules have been applied to the interface. [PR/42068: This issue has been resolved.]
On the MX-series router, when you configure MPLS and a tunnel configuration on the same GE DPC, the tunnel interface shows traffic as the sum of the traffic of the other GE interfaces on the DPC. This is a cosmetic issue and does not affect functionality. [PR/422274: This issue has been resolved.]

Interfaces and Chassis

In OC768-over-OC192 mode on the 4-port OC192c PIC, when you change the clocking internal statement to clocking external at the [edit interfaces interface-name] hierarch level, the clock may not come up. [PR/395847: This issue has been resolved.]
The AE bundle statistics (issue the monitor interface traffic command) on T640 routers display a high value when the FPC is taken offline. There is no issue with the TX matrix. [PR/399451: This issue has been resolved.]
Aggregate bundle child interface statistics do not account for the packets sent to a demux interface using an AE bundle as the underlying interface. [PR/403570: This issue has been resolved.]
With the E-CFEB on M7i and M10i routers, total traffic loss might occur after a CFEB switchover. [PR/407608: This issue has been resolved.]
With the IQ2 interface, the queue scheduler will not work as expected for shaped L2TP sessions. Only the rate limit will work on a per queue basis. This problem is not present for Enhanced IQ2 interfaces. [PR/409590:This issue has been resolved.]
When a 10GE interface of a DPC is connected to a faulty optical card which is causing the link state to change at a very high rate, the DPC might fail. [PR/411072: This issue has been resolved.]
The valid range for timeslot under e1-options in channelised E1 (CE1) interfaces of Enhanced Intelligent Queuing (IQE) PICs is 2 through 32. This option is used to create fractional E1 interfaces. [PR/416800: This issue has been resolved.]
When a Layer 2 Policer is applied to the egress interface of a router, the dropped frame statistics might show incorrect information. [PR/419181: This issue has been resolved.]
On an IQ2 PIC, the slow aging interval might be overwritten with a value of 202 seconds. This causes the MAC entry to be removed between 6 and 7 minutes. [PR/419510: This issue has been resolved.]

Services Applications

With the E-CFEB on M7i and M10i routers, If you configure a firewall filter with an action of sampling and then apply the filter to the interface, all the packets received on the PIC are corrupt and consequently dropped. [PR/408802: This issue has been resolved.]
On an M7i or M10i with the enhanced CFEB, if you issue the deactivate forwarding-options sampling command sampling stops for both IPv4 and IPv6 traffic. If you then issue the activate forwarding-options sampling command, sampling resumes for only IPv4 traffic. [PR/415140: This issue has been resolved.]
If you are setting the option refresh rate using the flow monitoring feature supported in version 9 and you set the lowest rate to IPv6 and the highest rate to IPv4, the device will treat IPv6 as having the lowest rate. [PR/416788: This issue has been resolved.],

Layer 2 Ethernet Services

When you configure GRES on the MX-series router, the SIB might not initialize if you reboot both Routing Engines simultaneously, or reboot the router with only one Routing Engine installed. [PR/408359: This issue has been resolved.]
Integrated routing and bridging (IRB) configured over VPLS or Multicast might not be reachable. As a workaround, clear the ARP table with the clear arp command. [PR/418438: This issue has been resolved.]

Subscriber Access Management

When a RADIUS initiated disconnect is attempted on a client session which does not have time-based accounting enabled, the generic authentication service process (authd) currently logs out the session and cleans up, but does not send an Ack message back to the requesting server. This may lead the RID server to retry even though the subscriber has already been successfully logged out. This problem occurs when volume-based accounting is configured or when no accounting is configured for the subscriber. It does not occur when time-based accounting is configured for that subscriber. [PR/417765: This issue has been resolved.]

General Routing

On a TX Matrix with JUNOS Release 9.1 and above, configuring the generate statement at the [edit routing-options] hierarchy level with a reference to a policy results in the commit not completing successfully. [PR/416380: This issue has been resolved.]

Routing Protocols

On a router with dual Routing Engines and NSR configured, the backup RPD may go down in rare instances while processing an indirect next hop delete. [PR/302731: This issue has been resolved.]
When you transition an MVPN configuration from sparse mode to dense mode, you might need to restart routing to ensure that dense mode (DM) is flooding properly over the core router's default multicast distribution tree (MDT). [PR/398110: This issue has been resolved.]
If GRES is not enabled, on a Routing Engine switchover the routing protocol process (rpd) on the new backup Routing Engine quits before cleaning up the forwarding table. [PR/402372: This issue has been resolved.]
Within JUNOS software Release (9.3R1) or higher with a Type 4 FPC or T1600, multicast traffic is not counted in the interface statistics after the class-of-service (COS) rewrite rules have been applied to the interface. [PR/420681: This issue has been resolved.]

VPNs

If MAC addresses are learned within a VPLS instance, CE devices will communicate directly even though the no-local-switching statement configured. [PR/419976: This issue has been resolved.]
Multicast group addresses ending with .232 are classified as SSM groups when using multicast VPNs. These routes will not be installed in the Multicast VPN routing table and all traffic destined to these destinations will be dropped. As a workaround, include the asm-override-ssm statement at the [edit routing-instances routing-options multicast] hierarchy level. [PR/426811: This issue has been resolved.]

Forwarding and Sampling

The policer value does not change dynamically on changing the shaping rate. The policer keeps the initial value. As a workaround, deactivate and activate the filter. [PR/286663: This issue has been resolved.]

9.4R1

The following issues have been resolved since JUNOS Release 9.3 R1. The identifier following the description is the tracking number in our bug database.

Platform and Infrastructure

When the Routing Engine hard disk fails, the compact flash might be removed from the list of media used at boot time, instead of the hard disk being removed. In some cases, this makes the Routing Engine unable to initialize. [PR/389540: This issue has been resolved.]
On M120 and MX-series routers, and on some FPCs on M320 routers, the Packet Forwarding Engine might not free memory correctly during operations on multicast next hops. [PR/396903: This issue has been resolved.]
On a T1600 routing node, an FPC might stop operating while processing an ICMP TTL expiration packet. Such packets increment the count in the ttl expired field of the output from the show pfe statistics ip icmp command. [PR/398059: This issue has been resolved.]
On egress provider edge (PE) routers, the correct EXP classifier is not applied to label-switched interfaces (LSIs) that are created by including the vrf-table-label statement at the [edit routing-instances routing-instance-name] hierarchy level. [PR/399634: This issue has been resolved.]
When you install an FPC in all eight slots on a T1600 routing node configured for graceful Routing Engine switchover (the graceful-switchover statement is included at the [edit chassis redundancy] hierarchy level), the routing node might reboot repeatedly. As a workaround, disable GRES or remove one FPC. [PR/400267: This issue has been resolved.]

User Interface and Configuration

When you issue the request system (halt | power-off | reboot) other-routing-engine lcc routing-node-index command on a TX Matrix platform, the requested operation is performed on the TX Matrix platform instead of the specified routing node (line-card chassis, or LCC). As a workaround, issue the command on the routing node itself (without the lcc option). [PR/241274: This issue has been resolved.]
On routers that do not use JUNOS software licensing (for example, the M7i, M10i, M40e, and T-series routing platforms) the alarm process (alarmd) nevertheless updates a license-tracking file every 60 seconds. This causes excessive disk activity. As a workaround, become the root user and create an empty directory called /config/license. To determine if a router supports licensing, issue the show system license command. On routers that do not support licensing, the command returns the message "syntax error, expecting <command>” and we recommend the workaround. [PR/308466: This issue has been resolved.]

Interfaces and Chassis

On MX-series routers, when a DPC configured with a large number of interfaces restarts, the chassis process (chassisd) might write the following messages to the log: "failed to complete channel bonding" and "reached link 5 max index value." [PR/292057: This issue has been resolved.]
When only one Routing Engine is installed in an M120 router, on the craft interface the LEDs for the power supplies never light up. Similarly, in the PS LEDs section of the output from the show chassis craft-interface command, there is a period in all four fields (indicating that no LEDs are lit). [PR/302504: This issue has been resolved.]
When Multilink Frame Relay encapsulation is configured on an interface (the encapsulation multilink-frame-relay-uni-nni statement is included at the [edit interfaces interface-name] hierarchy level), the kernel might generate an error. [PR/408066: This issue has been resolved.]

Services Applications

Network address translation (NAT) is not performed correctly for Real-Time Streaming Protocol (RTSP) methods when the Content-Length field is set to 0 (zero). [PR/393171: This issue has been resolved.]

Subscriber Access Management

If you create multiple subscriber sessions on a logical interface at the same time, some clients might not initialize correctly. The show dhcp server binding detail command reports the value act-prof in the State column for these clients. [PR/303778: This issue has been resolved.]

Layer 2 Ethernet Services

When more than one of a physical interface's logical interfaces is associated with a bridge domain (the family bridge statement is included at more than one [edit interfaces interface-name unit logical-unit-number] hierarchy level and each logical interface is specified as the value for an interface interface-name statement at an [edit bridge-domains domain-name] hierarchy level), the monitor physical-interface-name command displays incorrect values in the Input packets field of the Traffic statistics section. [PR/397745: This issue has been resolved.]

Routing Protocols

On a router with dual Routing Engines that is configured for nonstop active routing (NSR) and graceful Routing Engine switchover, if the backup-router or inet6-backup-router statement is included at the [edit system] hierarchy level, the static route to the backup destination is not deleted on the backup Routing Engine when you activate NSR. [PR/305597: This issue has been resolved.]
If the route to a multicast source address is learned using BGP and the upstream interface goes down, PIM might not detect the outage. As a consequence, the value unknown appears in the Upstream interface and Upstream neighbor fields of the output from the show pim join extensive command. [PR/397410: This issue has been resolved.]
If PIM sources are accessed via different addresses on the same neighbor, and PIM is deactivated and reactivated on the neighbor, the Upstream interface and Upstream neighbor fields of the output from the show pim join extensive command continue to report the value unknown after the neighbor is active. [PR/400573: This issue has been resolved.]
When peers in different BGP peer groups have similar export policies such that identical advertisements are sent, the routing protocols process (rpd) might generate an error and become unresponsive when the backup Routing Engine comes online. [PR/404471: This issue has been resolved.]

MPLS Applications

When the load-balance bandwidth statement is included at the [edit protocols rsvp] hierarchy level on a router with two LSPs to a destination, the balance coefficient is set to zero for the next-hop interfaces in the MPLS forwarding table entry for the route to the destination that is marked with (S=0) (in other words, in the output from the show route forwarding-table family mpls extensive command, the record with the header Destination: index(S=0) has Next-hop interface entries where the Balance field does not appear). [PR/257570: This issue has been resolved.]
When both CSPF and link protection are enabled, in rare instances the routing protocol process (rpd) might generate an error and restart. [PR/266126: This issue has been resolved.]

High Availability

On an MX-series router configured for VRRP for IPv6, during a mastership change the original master does not relinquish mastership, with the result that both it and the original backup are reported as master in the VR state field of the output from the show vrrp summary command. [PR/398399: This issue has been resolved.]
On a router configured for nonstop active routing (NSR), if you perform the following sequence of steps, the routing protocols process (rpd) on the backup Routing Engine might generate an error: remove a Layer 2 VPN routing instance (that is, one for which the configuration includes the instance-type l2vpn statement at the [edit routing-instances routing-instance-name] hierarchy level), commit the configuration, immediately create a new Layer 2 VPN routing instance, and commit the configuration. [PR/401057: This issue has been resolved.]

Class of Service

When you update a CoS rewrite rule, the changes are not applied to active multicast streams, but only to streams created after the change. As a workaround, clear all active multicast streams after updating the rule. [PR/266341: This issue has been resolved.]

Issues in JUNOS Software Release 9.4 for M-series, MX-series, and T-series Routing Platforms

Current Software Release

Outstanding Issues for 9.4R4

Class of Service

Forwarding and Sampling

High Availability

Interfaces and Chassis

Layer 2 Ethernet Services

MPLS Applications

Network Management

Platform and Infrastructure

Routing Protocols

Services Applications

Subscriber Access Management

User Interface and Configuration

VPNs

Resolved for 9.4R4

Class of Service

Forwarding and Sampling

General Routing

High Availability

Interfaces and Chassis

MPLS Applications

Platform and Infrastructure

Routing Protocols

Services Applications

User Interface and Configuration

VPNs

Previous Release

Resolved for 9.4R3

Software Installation and Upgrade

Platform and Infrastructure

User Interface and Configuration

Interfaces and Chassis

Layer 2 Ethernet Services

Services Applications

Subscriber Access Management

Routing Protocols

General Routing

MPLS Applications

VPNs

Multicast Applications

High Availability

Class of Service

Forwarding and Sampling

Network Management

9.4R2

Software Installation and Upgrade

Platform and Infrastructure

Interfaces and Chassis

Services Applications

Layer 2 Ethernet Services

Subscriber Access Management

General Routing

Routing Protocols

VPNs

Forwarding and Sampling

9.4R1

Platform and Infrastructure

User Interface and Configuration

Interfaces and Chassis

Services Applications

Subscriber Access Management

Layer 2 Ethernet Services

Routing Protocols

MPLS Applications

High Availability

Class of Service

Related Topics