If you try to configure a scheduler map containing two
forwarding classes that are mapped to the same queue, the class-of-service
scheduler is not applied to the Packet Forwarding Engine. As a workaround,
configure a single forwarding class for each available queue. [PR/57907]
When you configure a specific classifier for a logical
unit, it does not override the fixed classifier configured using wildcards.
[PR/68888]
On MX Series routers with Enhanced DPCs, bandwidth sharing
between two schedulers, one with high and the other with strict-high
priority, might not be as expected when the schedulers are oversubscribed.
That is, only one queue can use all of the excess bandwidth. This
issue occurs when the schedulers are configured on logical interfaces.
[PR/265603]
Configuring rewrite-rules on PPPoE IFLs is not supported.
[PR/438327]
In the cosd logs, "entries" is misspelled as "enteries."
[PR/439993]
Forwarding and Sampling
On M320 and T Series routers, when you configure interface
output sampling, packets sometimes might travel through the output
firewall. As a workaround, configure a firewall filter on the output
interface with then sample and then next-term statements.
The workaround provides the same functionality as the other configuration,
but avoids the problem behavior. [PR/70473]
Under rare circumstances, if the filter is changed while
a counter query is in progress and the system is under heavy load,
the system may crash. [PR/447033]
High Availability
A problem occurs during graceful Routing Engine switchover
(GRES) when a static route pointing to a private interface such as
fxp0 is created using the passive retain option. It is recommended
to not use the passive option along with the static route
on the private interface. [PR/412746]
Interfaces and Chassis
On aggregated SONET/SDH interfaces, the counter for drops
and errors in the show interfaces command output does not
display the correct value, because the counter does not collect data
from the constituent interfaces within the aggregate. [PR/23577]
On a 2-port OC12 ATM2 IQ interface, the total virtual
path (VP) downtime might not display correctly in the show interfaces command output. [PR/27128]
On M20 and M40 routers, when a physical layer problem
affects a SONET/SDH interface, carrier transition statistics might
not increment correctly in the output of the show interfaces extensive command. [PR/33325]
When you configure both the bundle link and constituent
links at the [edit (logical-routers logical-router-name | logical-systems logical-system-name) interfaces] hierarchy level, the constituent links do not come up. As a workaround,
configure the constituent links at the [edit interfaces] hierarchy
level. [PR/35578]
When you apply an IPSec firewall filter to match traffic
sent across a generic routing encapsulation (GRE) tunnel and originating
from the local routing platform, the local traffic is dropped. Transient
traffic is not affected. [PR/44871]
On a Link Services PIC, the CLI might incorrectly allow
you to configure a logical tunnel interface (interface identifier
lt); the resulting interface might not work correctly. [PR/49818]
If you configure IS-IS, MPLS, and graceful Routing Engine
switchover (GRES) and a switchover event occurs, the routing platform
might end the PPP IP Control Protocol (IPCP) sessions and renegotiate
them if the remote side has changed interface MTU settings prior to
the switchover event. [PR/61121]
If you configure graceful Routing Engine switchover (GRES)
and issue the request chassis routing-engine master acquire command, in rare cases the master Routing Engine might fail to relinquish
mastership, or the switchover to the backup Routing Engine might take
up to 360 seconds. [PR/61821]
For Automatic Protection Switching (APS) on SONET/SDH
interfaces, there are no operational mode commands that display the
presence of APS mode mismatches. An APS mode mismatch occurs when
one side is configured to use bidirectional mode, and the other side
is configured to use unidirectional mode. [PR/65800]
When the ATM scheduler map is programmed, the code does
not check if the early packet discard (EPD) configured on the forwarding
class exceeds the max_epd that the hardware supports. [PR/70336]
If you ping a nonexistent IPv6 address that belongs to
the same subnet as an existing point-to-point link, the packet loops
between the two point-to-point interfaces until the time-to-live expires.
[PR/94954]
The output of the show interfaces diagnostics optics command includes the "Laser rx power low alarm" field even if the
transceiver is a type (such as XENPAK) that does not support this
alarm. [PR/103444]
Hot swapping the M120 router fan tray might cause the Check CB alarm to activate. [PR/268735]
On the JCS1200 platform, when you issue the clear
-config -T switch[1] command using the management module, the
switch module returns to its factory default setting instead of the
Juniper Networks default setting. As a workaround, do not issue the
command. [PR/274399]
When you configure ILMI on an ATM interface using the ilmi statement at the [edit interfaces interface-name atm-options] hierarchy level, and a graceful Routing Engine
switchover (GRES) or unified in-service software upgrade (ISSU) event
occurs, the show ilmi command no longer returns any output.
[PR/282051]
On a router with Frame Relay multilink configured on an
MS 400 PIC or on a Channelized DS3 PIC, when the minimum links value
for the Frame Relay interface is set to 8 and a link is deactivated
from the configuration, the link remains up. [PR/285244]
On the Juniper Control System (JCS) platform, the control
and management traffic for all Routing Engines share the same physical
link on the same switch module. In rare cases, the physical link might
become oversubscribed, causing the management connection to Protected
System Domains (PSDs) to be dropped. [PR/293126]
On a Protected System Domain (PSD) configured with a large
number of BGP peers and routes (for example, 5000 peers and a million
routes), FPCs might restart during a graceful Routing Engine switchover
(GRES). [PR/295464]
When two routers are connected via SONET/SDH interfaces
that are configured as container interfaces and the Routing Engine
on one router reboots, the container interfaces on the other router
might go down and come up again. [PR/302757]
On MX Series routers, MAC address accounting in the egress
direction might not work if traffic is unidirectional, and no traffic
flows in the reverse direction for a duration longer than the aging
interval. [PR/415146]
For an IQ2 PIC logical interface, the Input Bytes counter
and the Input Packets counter might occasionally be incorrect. The
statistics are incorrect when there is significant local traffic associated
with the logical interface:
The transit Input Bytes and Packets counters for a short
duration might count backwards or might reset to zero.
The Total Input Bytes and Packet counters for a short
duration might count backwards.
This issue is transient and happens only during steady
traffic flow with significant local traffic. If the traffic is stopped
or if the local traffic is marginal compared to the total traffic
for the logical interface, then the counters will become accurate.
[PR/422109]
Under some conditions, if an interface flaps for an interval
less than the hold-down time configured value, that interface might
stop forwarding even though it shows as being UP. As a workaround,
enable traffic monitoring on the interface, or enable and disable
the interface. [PR/423065]
The JUNOS CLI allows invalid combinations of atm-l2circuit-mode encapsulation on atm-ce interfaces. The consequence of using the
wrong encapsulation combination in the CLI is that the incorrect setting
is ignored and ATM pseudowire behaves as if the configuration did
not exist. No error message will be displayed. As a workaround, configure
the correct atm-l2circuit-mode encapsulation. [PR/437253]
A Routing Engine on a T Series router might crash if you
configure IPv6 on an interface with no MAC address (such as the management
fxp0 interface or a loopback interface). As a workaround, do not configure
IPv6 addresses on T Series interfaces that do not have MAC addresses.
[PR/439252]
When you configure the payload port-data statement
at the [edit family mpls hash-key] hierarchy level on M120,
M320, or MX Series routers with E3 FPCs, the hashing algorithm might
not take the port data values into account. [PR/442223]
The 10GE XENPAK interface might flap when the transmission
gear fails over. [PR/446973]
On an MX960 router, when more than eight Dense Port Concentrators
(DPCs) (including unconfigured DPCs) are loaded, the output of the show interface extensive command can be very slow if the source
class usage destination class usage (SCU/DCU) is configured for some
units. [PR/449034]
Because the MP-SDK framework lacks aggressive constraint
checks, you should not set the policy-db-size statement at
the [edit chassis fpc fpc pic pic adaptive-services service-package extension-provider] hierarchy
level to a high value. For dynamic application awareness configurations,
the recommended values for the MP-SDK options at this hierarchy level
are as follows:
M7i routers and M10i routers with Enhanced Compact Forwarding
Engine Board (CFEB-E) do not support connectivity fault management
(CFM) with circuit cross-connect (CCC) encapsulation. [PR/449684]
For Tri-Rate Enhanced Dense Port Concentrator (DPC) interfaces,
the link LED does not reflect the correct status when the interface
speed is set to auto. [PR/466588]
The error "arp_update_iff_vrrp: IFF ae11 doesn't have
a vrrp group configured" occurs when native-vlan-id is configured
with the Virtual Router Redundancy Protocol (VRRP). [PR/468167]
When an untagged aggregated Ethernet interface is configured
with LACP and GE IQ2 PICs as the child interface, the input packet
count might constantly get decremented to zero when no data packets
arrive on the interface. The decrease in packet count is equal to
the incoming LACP packet count. [PR/471177]
MPLS Applications
If you configure a label-switched path (LSP) with the no-cspf statement at the [edit protocols mpls] hierarchy
level, the LSP might cycle up and down several times before stabilizing.
[PR/10415]
If a cross-connected circuit (CCC) traverses a forwarding-adjacency
label-switched path (LSP), traffic forwarding might be affected. [PR/60088]
When you enable per-packet load balancing on parallel
label-switched paths (LSPs), the output of the show mpls lsp ingress command might display all the routes on only one of the LSPs even
when traffic is evenly balanced across the LSPs. [PR/70487]
When there are more than five link-protected or node-link-protected
LSPs to the same destination and per-packet load balancing is enabled,
some bypass next-hops might not be part of the active route. This
can occur after a primary link goes down and comes back up. [PR/259219]
When a point-to-point LSP has a primary path and some
secondary paths that are experiencing signaling problems (when CSPF
computation is fine, but signaling keeps failing and retrying) except
for one secondary path, and a make-before-break signaling is performed
for that secondary path (that is up), due to auto-bandwidth or path
re-optimization, it is possible that the LSP's RSVP source port (LSP
ID) space may wrap. When this happens, the source port of that secondary
path will be allocated to another path, causing the PSB of the secondary
path to be associated with the other path, eventually leading to a
routing protocol process (RPD) crash.
Similarly, the branch ID and the source port ID (LSP ID) of
a point-to-multipoint LSP may wrap in some make-before-break and signaling
retry situations, causing the same RPD crash. [PR/265242]
For point-to-multipoint label-switched paths configured
for VPLS, the ping mpls command reports a 100 percent packet
loss even though the VPLS connection is active. [PR/287990]
Configuration of a non-existent IP address in the MPLS
for a label-switched path could result in a memory leakage in the
routing protocol process. [PR/459254]
The Packet Forwarding Engine will change the dependent
next-hop to discard when an IFF is deleted. [PR/459781]
If both OSPF and IS-IS update the traffic engineering
database (TED) on the same traffic engineering link, it may take
some time for OSPF to update the traffic engineering database with
the new MPLS administrative group (affinity) after the administrative
group configuration is changed. [PR/465953]
When replying to an MPLS RVSP traceroute with an MPLS
Echo Reply packet, the label-switching router (LSR) populates the
downstream IP address value with 0.0.0.0 instead
of the actual IP address. [PR/466049]
Network Management
The following groups of MIB objects do not segregate the
data they return according to the routing instance specified in an
SNMP request: vrrpMIB, jnxCosIfqStatsTable, and jnxCosQstatTable. [PR/63045]
The snmpwalk on ipNetToMediaPhysAddress may show some ARP entries missing from the output when displayed
using the show arp command. [PR/453855]
After changes are made to the firewall, and the counters
are cleared and commited, SNMP sends the wrong value for 5 seconds
and a discrepancy between the cli output and get snmp output ocurs.
[PR/459583]
Platform and Infrastructure
On T Series routers, a Layer 2 maximum transmission unit
(MTU) check is not supported for MPLS packets exiting the routing
platform. [PR/46238]
When you configure a source class usage (SCU) name with
an integer (for example, 100) and use this source class as a firewall
filter match condition, the class identifier might be misinterpreted
as an integer, which might cause the filter to disregard the match.
[PR/50247]
On a Monitoring Services III PIC configured as a dynamic
flow capture (DFC) interface (dfc-fpc/pic/port), when you configure
the DFC interface as the next hop in a forwarding path, port-mirrored
packets might become corrupted. [PR/60799]
If you configure 11 or more logical interfaces in a single
VPLS instance, VPLS statistics might not be reported correctly. [PR/65496]
When a large number of kernel system log messages are
generated, the log information might become garbled and the severity
level could change. This behavior has no operational impact. [PR/71427]
On M320 and T Series routers, there is a process that
monitors FPCs while they transition to an online state. If an FPC
is busy and cannot complete the transition within the time limit,
the process might time out and prevent the FPC from coming online.
[PR/72364]
In the situation where a Link Services (LS) interface
to a CE router appears in the VPN routing and forwarding table (VRF
table) and a fragmentation is required, Internet Control Message Protocol
(ICMP) cannot be forwarded out of the LS interface from a remote PE
router that is in the VRF table. As a workaround, include the vrf-table-label statement in the configuration. [PR/75361]
On T Series routers, the commit operation succeeds when
you include the no-labels statement at the [edit forwarding-options
hash-key family mpls] hierarchy level, but MPLS labels are still
included in the hash key. [PR/80334]
Traceroute does not work when ICMP tunneling is configured.
[PR/94310]
Initiate doesn’t parse the configuration present
in init.conf regardless of position. [PR/94576]
On T Series and M320 routers, multicast traffic with the
"do not fragment" bit set is being dropped due to configuring a low
MTU value. The router might stop forwarding all traffic transiting
this interface if the clear pim join command is executed.
[PR/95272]
A firewall filter that matches the forwarding class of
incoming packets (that is, includes the forwarding-class statement at the [edit firewall filter filter-name term term-name from] hierarchy level)
might incorrectly discard traffic destined for the Routing Engine.
Transit traffic is handled correctly. [PR/97722]
The JUNOS Software does not support dynamic ARP resolution
on Ethernet interfaces that are designated for port mirroring. This
causes the Packet Forwarding Engine to drop mirrored packets. As a
workaround, configure the next-hop address as a static ARP entry by
including the arp ip-address statement
at the [edit interfaces interface-name] hierarchy level. [PR/237107]
When Periodic Packet Management (PPM) delegation for Bidirectional
Forwarding Detection (BFD) sessions is disabled (the delegate-processing statement is removed at the [edit routing-options ppm] hierarchy
level), the BFD sessions might be terminated (because a "state is
down" message is sent) and reestablished. [PR/280233]
When you perform an in-service software upgrade (ISSU)
on a routing platform with an FPC3 or an Enhanced FPC3 with 256 MB
of memory and the number of routes in the routing table exceeds 750,000,
route loss might occur. If route loss occurs, as a workaround, perform
either of the following tasks: (a) replace the FPC3 or Enhanced FPC3
with another FPC that has more memory, or (b) after the ISSU is complete,
reboot only the FPC3 or Enhanced FPC3. [PR/282146]
For Routing Engines rated at 850 MHz (which appear as RE-850 in the output from the show chassis hardware command), messages like the following might be written to the system
log when you insert a PC Card: “bad Vcc request” and “Device
does not support APM.” Despite the messages, operations that
involve the PC Card work properly. [PR/293301]
On a Protected System Domain, under the following conditions
an FPC might generate a core file and stop operating:
A firewall policer with a large number of counters (for
example, 20,000) is applied to a shared uplink interface, and
The FPC that houses the interface does not have a sufficiently
powerful CPU.
As a workaround, reduce the number of counters or install
a more powerful FPC. [PR/311906]
When a CFEB failover occurs on an M10i or M7i router with
4000 or more IFLs, the following message will display:
IFRT: 'IFD ioctl' (opcode 10) failed ifd 153; does not exist IFRT: 'IFD Ether autonegotiation config' (opcode 163) failed
The message has no operational impact. When the backup CFEB
becomes the active CFEB, the message will not display. [PR/400774]
On M120, M320, MX Series, and T Series routers, traceroute
leaving an LSP configured for explicit-null and no-decrement-ttl or
no-propagate-ttl, may not show the transit IP hop router immediately
after the LSP egress router. [PR/438735]
In some cases, the alarms displayed in FPM and the alarms
shown using the show chassis alarms sfc 0 command mismatch.
[PR/445895]
The SFC management interface em0 is often displayed
as fxp0 in several warning messages. [PR/454074]
If the sub-interface on an aggregate interfaces goes down,
the GRE traffic egressing that interface might not use the backup
sub-interface resulting in the GRE traffic being dropped. [PR/454751]
On MX Series routers with FPC under flow-control condition,
the keep-alive packets are dropped from the ASIC without a trace.
[PR/470334]
The VPN label does not get pushed on the label stack for
Routing Engine–generated traffic with l3vpn-composite-next-hop
activated. [PR/472707]
Routing Protocols
When a multicast scope is added dynamically, and an (s,g)
multicast stream is flowing, the multicast group might not be dropped
until the multicast receivers leave the group and multicast cache
entry (for the s,g) times out. [PR/11660]
The CLI allows you to commit a configuration that specifies
a value higher than 32 for the metric statement at the [edit protocols dvmrp interface all] hierarchy level, but values
higher than 32 are invalid. [PR/33429]
If a router receives a Pragmatic General Multicast (PGM)
Source Path Message (SPM), it does not create a forwarding cache,
nor does it forward the message to other routers as a heartbeat, as
specified in RFC 3208. Also, the router’s multicast cache might
time out if it does not receive actual PGM data (ODATA) for more than
6 minutes. As a workaround, configure the PGM source application to
send PGM ODATA at least once every 6 minutes. The ODATA acts as the
heartbeat message in lieu of the SPM messages and ensures that the
multicast and forwarding caches are created and updated. [PR/37504]
When you configure damping globally and use the import
policy to prevent damping for specific routes, and a new route is
received from a peer with the local interface address as the next
hop, the route is added to the routing table with default damping
parameters, even though the import policy has a nondefault setting.
As a result, damping settings do not change appropriately when the
route attributes change. [PR/51975]
If a BGP group is created without any defined peers, a
warning message no longer appears when the configuration is committed.
[PR/63279]
When you issue the show ldp traffic-statistics command, the following system log message might be generated for
all forwarding equivalence classes (FECs) with an ingress counter
set to zero: "send rnhstats GET: error: ENOENT -- Item not found."
[PR/67647]
If ICMP tunneling is enabled on the router and you configure
a new logical system that does not have ICMP tunneling enabled, the
feature is globally disabled. [PR/81884]
When the flow of multicast traffic changes because an
OSPFv3 link goes down, the output from the show multicast statistics
inet6 command reports incorrect values in the In kbytes and In packets fields for the new ingress interface. [PR/234969]
When you commit a new configuration for nonstop routing
(NSR) on a primary Routing Engine that differs from the configuration
for NSR that is already running on the backup Routing Engine, the
routing protocol process stops functioning on the backup Routing Engine
only. Traffic forwarding is not affected. [PR/254379]
When the state for an IGMP group is exclude and
the source list is non-empty, the traffic for the excluded
sources will still be received and sent as if it were in the exclude
state. [PR/422190]
The rendezvous point (RP) is not being learned on a router
with auto-rp discovery configured, when there is a mismatched PIM
interface configuration on a router with auto-rp discovery configured
and on a router with auto-rp mapping configured. For example, one
router having an IFL with PIM configured and the other having an IFL
with PIM disabled. As a workaround, ensure that PIM is enabled on
all IFLs on both routers. [PR/445917]
On a router with VPNs configured, modifying or adding
configuration might cause the 'age' of the secondary routes to reset
to 0. [PR/447802]
An interface with a higher priority is not elected as
a PIM DR when a default priority is not used on one side. [PR/453561]
For a certain error condition during negotiation with
a very old router, the sending of the 4–byte AS capability is
not consistent with the sending of the other capabilities. [PR/462930]
When a Flexible PIC Concentrator reboots or an interface
is temporarily deactivated, two RPD_PIM_NBRDOWN messages are logged
for every PIM neighbor affected. However, only one RPD_PIM_NBRUP messages
is logged when the service is restored. This could lead to inconsistencies
in any management software. [PR/472873]
When a dampened route is restored, the accepted count
for the peer in the show bgp summary output does not increment.
[PR/473567]
Services Applications
The show services accounting flow-detail extensive command sometimes displays incorrect information about input and
output interfaces. [PR/40446]
On Adaptive Services PICs configured for IPSec tunnel
redundancy, if there are a large number of tunnels, a few of the tunnels
might switch over to the backup tunnel. [PR/46733]
When a routing platform is configured for graceful Routing
Engine switchover (GRES) and Adaptive Services (AS) PIC redundancy,
and a switchover to the backup Routing Engine occurs, the redundant
services interface (rsp-) always activates the primary services interface
(sp-), even if the secondary interface was active before the switchover.
[PR/59070]
For Adaptive Services II PICs, even if you do not configure
flow collector services, a temporary file might be created every 15
minutes in the /var/log/flowc/ directory. The file is deleted
if there are no clients, and re-created only when a client connects
and attempts to write to the file. [PR/75515]
When using L2TP services on M Series routers, every session
or tunnel connection and disconnection causes memory leak. [PR/312961]
With the E-CFEB on M7i and M10i routers, If you configure
a firewall filter with an action of sampling and then apply the filter
to the interface, all packets received on the PIC are corrupt and
consequently dropped. [PR/408802]
When two different filters with different source-port
values are configured in the X-JTap-Cdest-Source-Port parameter
of the filter specification, an "Invalid filter specification" error
occurs. [PR/447855]
When the Border Signaling Gateway (BSG) configuration
contains a policy that has a term with regular expressions, configuration
changes do not take effect immediately after you receive the message
that the commit process is complete. The time it takes for the configuration
to take effect depends on how many regular expressions are in your
term.
For example, if you have a term with four regular expressions,
configuration changes do not take effect until 50 seconds after you
receive the message that the commit process is complete. This behavior
occurs whether you have a list or regular expressions (for example,
regular-expression [sip:88824.* sip:88821.* sip:88822.sip:88823.*])
or you group regular expressions using the | symbol (for example,
"sip:88821.*|sip:88822.*|sip:88823.*|sip:88824.*").
The time that it takes the software to apply the configuration
changes increases exponentially with the number of regular expressions
in your configuration. [PR/448474]
MS-PIC may crash while handling Real-Time Streaming Protocol
(RTSP) flows. [PR/455649]
The error message "appid_init_shm: Appid shmem could not
be created or already exists. Errno:17" displays during the switchover
process even though the graceful Routing Engine switchover (GRES)
completes successfully. [PR/457143]
On MX960 routers, the NAT "ports in use" count displayed
using the show services nat pool detail command is greater
than the SFW flow count displayed using the show services stateful-firewall
flows count command. [PR/466506]
When a SIP malformed packet that is not compliant with
RFC 2543 in ch.6.40 is received by the SIP Alg, the service PIC might
restart. [PR/467600]
Software Installation and Upgrade
Upgrading with ISSU from JUNOS Release 9.4R2 to any other
release results in the loss of control traffic due to the loss of
keepalives. This causes interfaces to go down and will result in the
loss of respective adjacencies for all configured protocols. This
problem only exists in JUNOS Release 9.4R2. [PR/439385]
Subscriber Access Management
When dynamic IP address assignment is configured, if there
is only one address left in the address allocation pool and an attempt
to authenticate with a service fails (because, for example the authentication
request specifies an invalid service name), a subsequent authentication
attempt for the service also fails. The following messages might appear
in the log for the authentication process (authd): "assigned address address in use, trying next available" and "Unable to
assign an address." [PR/305516]
User Interface and Configuration
The CLI does not warn if multiple users are configured
with the same user-id. [PR/55774]
On M20 routers, after a Routing Engine mastership switchover,
it might not be possible to enter CLI configuration mode on the new
master Routing Engine. Also, the request system reboot and request system halt commands do not clearly fail but do not
return the CLI prompt either. [PR/64899]
The logical system administrator can modify and delete
master administrator-only configurations by performing local operations
such as issuing the load override, load replace,
and load update commands. [PR/238991]
Users who have superuser privileges will sometimes have
their access restricted to view permission only. [PR/388053]
When the filter config-text is used in the NETCONF get-config command, a syntax error occurs and the router configuration
cannot be returned in ASCII format. [PR/430799]
Selecting the Monitor port for any port in the Chassis
Viewer page takes the user to the common Port Mirroring page instead
of the corresponding Monitoring page of the selected port. [PR/446890]
Considerable performance penalty is experienced when CLI
config commands are executed by users whose permissions for configuration
are controlled by "allow-configuration and/or deny-configuration"
knobs and when complex regular expressions are used with these knobs.
It is recommended to define the regex in the allow-configuration and
deny-configuration knob in a restrictive manner. [PR/465934]
The router does not return the username in the accounting
packet sent to the RADIUS server. The following issues have been noticed:
The acc-start uses the "remote" username despite the real
username being available.
The interim-update has no username.
The stop message has no username.
[PR/472704]
VPNs
When you modify the frame-relay-tcc statement
at the [edit interfaces interface-name unit logical-unit-number] hierarchy level of a Layer 2
VPN, the connection for the second logical interface might not come
up. As a workaround, restart the chassis process (chassisd) or reboot
the router. [PR/32763]
Traffic might not flow when an ATM interface is used as
the access circuit on an M120 router. [PR/255160]
For a VRF instance configured for PIM, MVPN, and provider
tunnels (the pim and mvpn statements are included
at the [edit routing-instances vpn-name protocols] hierarchy level and the provider-tunnel statement is included
at the [edit routing-instances vpn-name] hierarchy level), when PIM is deactivated and reactivated, it fails
to install type-5 (source-active) routes in the instance-name.mvpn.0 routing table. This issue arises only when remote c-multicast
joins are configured on the ingress PE router (as displayed by the show mvpn c-multicast command). [PR/306983]
When you configure inter-AS VPLS with MAC processing at
the autonomous system (AS) boundary router along with multihoming,
and if a designated forwarding AS boundary router fails and then comes
back up again, traffic flowing to the local AS from the other AS’s
boundary router might be lost. The loss occurs in the time period
(tenths of a second) during which the old designated forwarding AS
boundary router is taking back the role of designated forwarder. [PR/312730]
Under certain circumstances, if BGP is configured as the
PE router to CE router protocol in a Layer 3 VPN routing instance,
renaming the routing instance can cause the PE router to CE router
session to stay down. [PR/399275]
The IPv6 multicast packet forwarding fails when a VT interface
is configured for multicast in the egress PE with NGEN-MVPN. [PR/431957]
On MX, M120 and new EIII FPCs on M320 routers, the ISO/Connectionless
Network Service (CLNS) packets over the translational cross-connect
(TCC) are dropped in the case of frame relay, even though the family
TCC has been configured to switch family iso on the frame relay interface.
[PR/462052]
The routing protocol process may crash if the Routing
Engine containing the auto-RD configuration for l2vpn/vpls routing
instances is rebooted. [PR/469847]
Previous Releases
The following issues have been resolved since JUNOS Release
9.5R2. The identifier following the description is the tracking number
in our bug database.
Class of Service
In JUNOS Release 8.4 and later, the commit or commit check operation fails if a rewrite rule is defined both
at the [edit class-of-service interfaces interface-name unit logical-unit-number rewrite-rules] hierarchy level and in a configuration group (defined at the [edit groups] hierarchy level) that is applied to that interface.
The correct behavior is for the directly applied rule to override
the rule inherited from the configuration group. [PR/261229: This
issue has been resolved.]
When you set the port speed of a multirate SONET Type
2 PIC to OC3, it does not correctly change the CoS speed value within
the Packet Forwarding Engine. The speed value remains OC12, which
results in unexpected CoS behavior. There is no workaround. [PR/279617:
This issue has been resolved.]
When a CoS classifier is applied to a logical unit with
a wildcard (*), the default classifier is removed after the Routing
Engine reboots. [PR/427848: This issue has been resolved.]
A packet drop is seen when a logical unit is configured
with the per-unit-scheduler. [PR/429961: This issue has been resolved.]
On M320 routers, when the Tunnel PIC is on a standard
FPC, multicast traffic conforming to Internet draft-rosen-vpn-mcast-08.txt
might be subject to incorrect CoS queuing and rewrite. [PR/433142:
This issue has been resolved.]
The CoS DSCP classifier might not work properly on a redundant
LSQ interface. [PR/435701: This issue has been resolved.]
After the aggregate chassis configuration is deactivated
then activated, the classifier might not be properly applied on aggregate
interfaces. [PR/442240: This issue has been resolved.]
The OC3/12 Multi-Rate PIC may not be able to transmit
any packets. [PR/444077: This issue has been resolved.]
When an Intelligent Queuing PIC is taken offline and brought
back online, the chassis scheduler map configured may be changed to
[95,0,0,5]. The workaround is to deactivate the chassis scheduler
map before taking the PIC offline and activate the configuration after
the PIC comes back online. [PR/444543: This issue has been resolved.]
Forwarding and Sampling
When a filter term has "next term" as the action, the
action may be shown in the firewall log as "unknown" for the matched
outgoing packets. [PR/421810: This issue has been resolved.]
If 1) an input-list or output-list is configured on an
interface in a logical system, 2) the filters in the list are defined
under the firewall hierarchy of the main router, and 3) a prefix list
defined under the policy options of the main router is referenced
by one of the filters in the list, the commit will fail with the error
message "Referenced prefix-list xxx is not defined." [PR/427253: This
issue has been resolved.]
General Routing
When attempting to use a framed route from a RADIUS client,
rpd may core if there is no static route table. [PR/432447: This issue
has been resolved.]
Interfaces and Chassis
In a TX Matrix router, the show chassis fpc fpc-number command returns an error instead of showing
FPC information when the FPC number is greater than 8. [PR/387956:
This issue has been resolved.]
When you reboot an FPC while it is coming online and if
the FPC adding process is interrupted before it successfully completes,
the chassis process does not operate properly. [PR/400676: This issue
has been resolved.]
When traffic is passed at near maximum throughput to any
queuing IQ2 or IQ2E PICs or DPCs, the show interfaces xe-fpc-pic—port extensive command
output for queue counters might be incorrect. [PR/401431: This issue
has been resolved.]
Incorporating any changes in the interfaces configuration
results in a small leak in the dcd process. The leak is at the rate
of 16 bytes per interface configured per commit. [PR/411596: This
issue has been resolved.]
When you configure LACP on an aggregated Ethernet interface,
the counters displayed by the show interface extensive command
might show unexpected values. This problem occurs for logical interfaces
that have an incoming interface index value that matches the default
index of the data stream. [PR/418054: This issue has been resolved.]
On the M320 router, clearing statistics with the clear
interfaces statistics command might take up to 10 seconds. [PR/421520]
The PPP MTU value of an interface protocol on a peer might
change as a result of an irrelevant configuration change and cause
the PPP MTU negotiation to fail. [PR/421706: This issue has been
resolved.]
Using disable under an aggregate member can lead the interface
to be flagged in the HARDDOWN state despite being physically up. Deactivate
and activate the interface to fix the problem. [PR/422933: This issue
has been resolved.]
During the Switching and Forwarding Module (SFM) switchover
process, the algorithm to switch over the SFM and take the FPC offline
does not clear the hard and soft errors on each FPC. [PR/433616:
This issue has been resolved.]
In the output of the show chassis pic fpc-pic—slot command, the
40–port Gigabit Ethernet DPC with SFP might be shown erroneously
as 1000LH instead of 1000EX. [PR/438753: This issue has been resolved.]
When the same logical interface is deleted from the default
system and added into the logical system, the Routing Engine might
fail. [PR/441284: This issue has been resolved.]
When the sum of the shaping rate for the logical interfaces
for a physical interface is greater than the physical interface's
bandwidth and a rate limit is applied to one of the logical interface
queues, the bandwidth limit for the queue will be based on a scaled
down logical interface shaping rate value rather than the configured
logical interface shaping rate. [PR/441413: This issue has been resolved.]
When the ingress router resignals an RSVP session, traffic
could egress a disabled SONET interface that is part of an APS group
using container interfaces. Switching the APS interfaces resolves
the problem. [PR/443295: This issue has been resolved.]
Layer 2 Ethernet Services
Upon issuing the clear dhcp relay bindings all command, not all access-internal routes are deleted from the route
table for DHCP subscribers being terminated on dynamic demux interfaces.
The routes point to demux interfaces that are not present anymore.
Associated ARP entries and DHCP bindings appear to be properly cleared.
[PR/425279: This issue has been resolved.]
The relay-option-60 configuration stops working
under a configured group if something else is changed under that group.
[PR/434373: This issue has been resolved.]
After the MX Series router reboots, no DHCP packets reach
the JDHCPD log. [PR/438269: This issue has been resolved.]
MPLS Applications
On an M Series or T Series router, when an MPLS label-switched
path (LSP) reoptimizes or changes path and a signaling failure occurs
along that path, then the path change will not happen until the next
LSP reoptimization event. [PR/401343: This issue has been resolved.]
The load-balancing spread is affected when both the primary
and the first secondary LSP are out of commission. [PR/422596: This
issue has been resolved.]
For JUNOS Release 9.5 and later, when the show mpls
lsp p2mp statistics egress command is entered, the Packets and
Bytes fields should display as "NA" for egress LSP sessions. The statistics
should display meaningful numbers only for ingress and transit LSP
sessions. Instead, the fields display as 0 with the show mpls
lsp p2mp statistics egress command. This is changed to NA after
including the no-tunnel-services statement at the [edit
routing-instances vpls1 protocols vpls] hierarchy level. [PR/429001:
This issue has been resolved.]
If you have disabled the trap statement at the
[edit protocols ldp log-updown] hierarchy level, upgrading
to JUNOS Release 9.2 and later from a release previous to 9.2 will
fail. [PR/432003: This issue has been resolved.]
Network Management
When subagents are slow in responding to SNMP queries,
the SNMP process continues to buffer the incoming SNMP requests.
SNMP memory becomes exhausted after the buffer increases to a bigger
value, which causes the SNMP process to dump core. [PR/430106: This
issue has been resolved.]
When Routing Engine 1 (RE1) is reloaded, the Management
Information Base II (MIB II) process (mib2d) dumps core. [PR/436218:
This issue has been resolved.]
When the master SNMP process (snmpd) restarts on a TX
Matrix router, the SNMP subagent running on the line-card chassis
(LCC) chassis process (chassisd) tries to register MIB objects with
the master snmpd. If the registration progress enters an infinite
loop, the master snmpd will start high CPU utilization. [PR/438085:
This issue has been resolved.]
Platform and Infrastructure
On M320 and T Series routers, when you configure the local
gateway of an IPSec tunnel in a routing instance, IPSec might not
function properly over a generic routing encapsulation (GRE) tunnel.
[PR/73864: This issue has been resolved.]
On MX Series routers using Routing Engine-based sampling,
when samples are sent from the Packet Forwarding Engine to the Routing
Engine over certain interfaces, the interface Input/Output index and
next-hop address are set to 0. The following interfaces are affected:
ge-x/0/y, ge-x/1/y, xe-x/2/0, and xe-x/3/0. It is not possible in
this case to match on the interface index to retrieve data from the
flow collector. [PR/286089: This issue has been resolved.]
If a duplicate address is detected for IPv6 family on
an Ethernet interface, the DAD does not get restarted even after the
interface goes down and comes up. [PR/421241: This issue has been
resolved.]
On the M320 router, clearing statistics with the clear
interfaces statistics command might take up to 10 seconds. [PR/421520:
This issue has been resolved.]
On M10i routers with I-chip based E-CFEBs, IQ2 PIC ISSU
is not supported. Take the IQ2 PIC offline before initiating ISSU
on M10i routers. [PR/421988: This issue has been resolved.]
When you configure an aggregated Ethernet interface as
unnumbered, the router might fail. As a workaround, do not configure
aggregated Ethernet interfaces with unnumbered addresses. [PR/428345:
This issue has been resolved.]
On MX Series routers, the FPC might reboot without a core
dump when the DWDM is incorrectly configured, and that incorrect configuration
will cause many link flaps. As a workaround, either disconnect the
offending link or include the disable statement at the [edit interfaces] hierarchy level to stop the FPC reboots. [PR/430703:
This issue has been resolved.]
When configuring proxy-arp on unnumbered interfaces, the
router can incorrectly answer address-collision-detection ARP requests,
causing DHCP clients to decline the offered address. [PR/431192: This
issue has been resolved.]
When you configure flow monitoring on a T1600 router with
a T640 or T1600 Enhanced Scaled FPC4, if both input and output traffic
are located on the same bottom Packet Forwarding Engine, the next-hop
address and output interface are set to 0. [PR/431567: This issue
has been resolved.]
On M120, M320, and MX Series routers with an Enhanced
III FPC, if the VRF configuration includes the vrf-table-label statement, a DPC or FPC might dump the core when an MPLS packet
with time-to-live (TTL) equal to 0 (zero) or 1 (one) is processed
at the egress provider edge (PE) router. [PR/436017: This issue has
been resolved.]
The Address Resolution Protocol (ARP) retry count might
be incorrect: instead of sending out the first 5 retries every second,
the third and consequent retries might be sent out every 15 seconds.
[PR/436580: This issue has been resolved.]
On an MX Series router with a Combo DPC (20-port 1-Gigabit
Ethernet 2-port 10-Gigabit Ethernet), if the family mpls statement
is included at the [edit interfaces interface-name unit logical-unit-number] hierarchy level
for the 1-Gigabit Ethernet port of a DPC slot, the show interfaces
statistics command reports zero values for input traffic at all
ports. This issue does not affect the input traffic statistics for
the 10-Gigabit Ethernet ports. This is a cosmetic issue and does
not affect functionality. [PR/436653: This issue has been resolved.]
SCU configuration causes the PFE to drop some host-bound
packets on M320 and T Series routers. [PR/438261: This issue has been
resolved.]
Under certain circumstances Intelligent Queuing PICs might
not be able to boot properly on E3-FPCs. [PR/438678: This issue has
been resolved.]
When certain FPCs (T1600-FPC4-ES, T640-FPC4-1P-ES, T640-FPC1-ES,
T640-FPC2-ES, and T640-FPC3-ES) receive corrupted cells via high-speed
links, they might unnecessarily reboot and report the following system
log error message: “Unrecoverable Error: Flist gtop bit toggled
!”. No reset is needed to recover from this condition. [PR/441844:
This issue has been resolved.]
On T1600, TX Matrix, or T640 routers installed with one
of the following Flexible PIC Concentrators (FPCs)—T1600-FPC4-ES,
T640-FPC4-1P-ES, T640-FPC4-ES, T640-FPC1-ES, T640-FPC2-ES and T640-FPC3-ES—and
JUNOS Release 9.3 or later, jtree memory might get corrupted once
routes are deleted while traffic is send to those prefixes. This can
result in permanent or transient packet drops. One or more of the
following symptoms might be logged in the system log:
SRCHIP(1): 131072 Discards - stack underflow
SRCHIP(1): 129735 Discards - truncated key - next hop
SRCHIP(1): 4670347 Multicast list discard route entries
SRCHIP(1): SOF (58) >= DMA length (46) (Read Channel)
SRCHIP(1): RKME int_status 0x300
SRCHIP(1): 14486 Discards - illegal BTT
SLCHIP(1): 1617082 new errors (illegal link) in DESRD
last stream 0 last lout_key 0xabd0e
SLCHIP(1): 1622998 new errors (packet error) in HDRF,
lout_hdrf_poll_stats
There is no workaround and an FPC reboot might be needed
to recover. [PR/443171: This issue has been resolved.]
Routing Protocols
Deactivation of routing instances might cause the routing
protocol process (rpd) to create a soft assertion core dump. [PR/396122:
This issue has been resolved.]
If a multiaccess interface is disabled, after a Routing
Engine switchover the disabled link is advertised in the router link-state
advertisement (LSA). [PR/418559: This issue has been resolved.]
If OSPF is in overload mode on the standby Routing Engine
but not in overload mode on the primary Routing Engine, it may take
a long time to install OSPF routes on the standby Routing Engine.
[PR/421636: This issue has been resolved.]
Community types are allocated at random to the members
in the community list. As a result, sometimes extended communities
are treated as simple and vice versa. This causes problems with the
VRF import code. [PR/430728: This issue has been resolved.]
If static route pointing to discard is configured, a core
may happen when the router tries to collect the multicast statistic
data. [PR/434298: This issue has been resolved.]
BGP in L3VPN will show local-id 0.0.0.0 in output from
the show bgp neighbor command when NSR is enabled. [PR/434321:
This issue has been resolved.]
When you configure support for alternate loop-free routes
through the link-protection statement and you configure
PIM join-load-balance, the backup paths will be used in load-balancing
PIM joins along with the active path. [PR/434996: This issue has been
resolved.]
With BGP multipath configured, BGP traceoption flags may
not be refreshed after a change in the traceoption flag configuration.
[PR/436440: This issue has been resolved.]
Embedded RP is not created upon receiving a trigger from
multicast traffic. Deactivating and activating the configuration to
solve the issue. [PR/437893: This issue has been resolved.]
If PIM is disabled, embedded rendezvous point (RP) configurations
might cause continuous routing protocol process (rpd) cores. [PR/438159:
This issue has been resolved.]
When you configure auto RP, if the rendezvous point (RP)
configuration is deactivated and then reactivated on the provider
edge router, the router fails to rediscover the RP announced by the
customer edge router. [PR/438356: This issue has been resolved.]
If a RIB is referenced within the from clause of a policy
statement, the statement might be changed on every commit. This can
lead to route flaps on every commit if the statement is used as the
import policy for a RIB group which in turn is referenced in OSPF.
[PR/441557: This issue has been resolved.]
RPD may crash if a VRF routing instance is reconfigured
in a single commit from Draft-Rosen MVPN to Next-Gen MVPN with RSVP-TE
inclusive provider tunnels. [PR/442391: This issue has been resolved.]
When you configure the path-selection always-compare-med statement at the [edit protocols bgp] hierarchy level,
BGP multipath might not find all the eligible paths. [PR/444629: This
issue has been resolved.]
TTL for the BGP listen socket has changed from 64 to 255
to provide support for GTSM. [PR/449160: This issue has been resolved.]
Services Applications
When using L2TP services on M Series routers, every session
or tunnel connection and disconnection will leak memory. [PR/312961:
This issue has been resolved.]
When the IDP config, service sets, and interfaces are
committed separately, the IDP policy push will fail. [PR/434624: This
issue has been resolved.]
User Interface and Configuration
When you set the time-zone statement at the [edit system] hierarchy level, it might cause the backup Routing
Engine to lock the configuration. As a result, you would no longer
be able to reboot the Routing Engine or perform any commits. To clear
the issue, you must log in to the backup Routing Engine and issue
the clear system commit command. [PR/309100: This issue has
been resolved.]
In JUNOS Release 9.5, the time it takes to commit a configuration
is significantly improved when the configuration is very big (for
example, for 250K firewall filters or 64K IFLs). With small or medium
configurations however, the improvement in commit time is not as noticeable
or might even seem slower because of features added in JUNOS Release
9.5. [PR/417957: This issue has been resolved.]
The dynamic-db policies feature works under logical systems
but the user needs to restart the logical router after any changes
or commits to the dynamic policy configuration at the [edit logical-systems] hierarchy level in the dynamic-db. [PR/418969: This issue has been
resolved.]
When you issue the commit confirmed command on
a TX Matrix router, it might not roll back to the original configuration
as expected when the commit is not confirmed. [PR/425642: This issue
has been resolved.]
If you try to use the system-generated certificate displayed
in JWEB, you will see commit errors [PR/432208: This issue has been
resolved.]
When you configure trace options at the [edit system
scripts] hierarchy level, the router sometimes produces commit
errors. [PR/438289: This issue has been resolved.]
VPNs
Applying configuration changes that remove both a static
point-to-multipoint LSP and a static MVPN provider tunnel group configuration
can cause the routing protocol process (rpd) to reset unexpectedly.
To avoid this problem, first delete the provider tunnel configuration,
then the LSP configuration. [PR/288456: This issue has been resolved.]
When you delete a Layer 2 VPN routing instance and add
a new VPLS routing instance using the same interface within the same
commit, the routing protocol process (rpd) might dump core. [PR/291407:
This issue has been resolved.]
