Known Problems and Limitations

[Contents] [Prev] [Next] [Report an Error]

Known Problems and Limitations
This section identifies the known problems and limitations in this release. For more information about known problems that were discovered at customer sites, you can log in to the JUNOSe Knowledge Base at https://www2.juniper.net/kb/, enter the defect ID number in the Search by Keyword field, and click Search.

ATM

When you reload an ATM line module that is configured with NBMA circuits as passive OSPF interfaces and has established OSPF adjacencies and IBGP peers (configured on Gigabit Ethernet interfaces), the transmission of OSPF hello packets might be affected until all the NBMA interfaces have initialized. [Defect ID 46157]

Work-around: Either remove the passive OSPF interface statements on the NBMA interfaces, or statically configure the OSPF cost on the NBMA interfaces.

For PPPoE, the AAL5 inPacketDiscards counter might increment erroneously during call setup when a packet is passed directly to PPPoE for negotiation rather than being discarded. [Defect ID 51757]

Work-around: Incremental InPacketDiscards during call setup do not necessarily indicate a problem. However, investigate an excessive count because that might indicate a connection that cannot be successfully brought up for some reason, such as RADIUS denials or improper configuration.

The T3 ATM module with CT3/T3 I/O module combination no longer has sufficient memory to support all interface configurations. The number of interfaces that this module can support varies depending on the configured features, such as the depth of the interface stack or the number of policies per subscriber. When the memory limitation is reached, the router rejects configuration attempts with a resource exhausted message. [Defect ID 63424]

Work-around: Reduce the configuration, add one or more additional sets of the older design line modules and I/O modules (T3 ATM module with CT3/T3 I/O module combination) to the chassis and move subscribers to the new modules, or upgrade to an OCx/STMx/DS3-ATM line module with 4xDS3 ATM I/O module combination instead of your older module set.

B-RAS

If the router is under a heavy load, the show profile command might take longer than usual to execute. [Defect ID 41738]

Work-around: You can either delay examination of profiles until the system is less busy, or save a copy of the profile to a text file off the router.

Deleting SSC client (no sscc enable) and then reenabling SSC client (sscc enable) while the router is connected to the SDX application can result in the SRP module resetting. [Defect ID 63928]

Work-around: To safely disable and reenable SSC client on the router while the router is connected to the SDX application:

Before deleting the SSCC instance, use the show utilization command to view and baseline the CPU usage of the SRP.

Issue the no sscc enable command.

The SRP CPU usage value increases.

Monitor the SRP CPU usage until the value returns to the baseline value from step 1 (about 60 seconds).

Issue the sscc enable command to reenable SSC client.

CLI

If you configure a router with a script generated from the show configuration command that creates IP shared interfaces in the default virtual router but creates the physical interfaces in a different virtual router, the shared IP interfaces are created before the physical interfaces. Consequently, the IP shared interfaces are not configured. [Defect ID 60699]

Work-around: Run the script twice.

The show subsystem and exclude-subsystem commands show the TSM as an OC12 module. [Defect ID 36661]

When you issue a run show ppp command, the CLI changes the configuration level of the command line to Global Configuration mode rather than remaining at the level from which you issued the command. [Defect ID 52165]

Work-around: Reissue the commands necessary to reenter the desired mode.

You cannot use an underscore character (_) in an MPLS tunnel name unless you enclose the entire name in quotes. [Defect ID 31291]

In Interface Configuration mode for a major interface, the CLI displays options for protocols not supported by that interface type. [Defect ID 33307]

If your router is in Manual Commit mode, then you must issue the write memory command before you perform an SRP module switch or a manual reload. You must do this even when you have made no changes to the system configuration and the file systems are synchronized. [Defect ID 44469]

Diagnostics

When you reload the router, diagnostics might stop at the root prompt while the image for the OC3/STM1 GE/FE line module is still downloading, causing the module to reset with a panic. [Defect ID 63120]

Work-around: Reload the slot. Alternatively, when the watchdog timer on the system controller expires, it resets the line module, so that you do not have to reload the slot.

Documentation

The JUNOSe 6.0.x and 6.1.x documentation sets erroneously included a section on CE-Side Load Balancing for Martini Layer 2 Transport in the Configuring BGP/MPLS VPNs chapter of the JUNOSe Routing Protocols Configuration Guide, Vol. 2, This section describes how an E-series router can interoperate with an 802.3ad switch for Ethernet link aggregation. In the Release 7.0.x documentation set, this section will be moved to the Configuring Layer 2 Services over MPLS chapter of the JUNOSe Routing Protocols Configuration Guide, Vol. 2.

The JUNOSe 6.0.0 Release Notes erroneously included Appendix B, Local Authentication Server. That functionality is not available in any 6.0.x release.

Earlier versions of the Configuring IS-IS chapter in the JUNOSe Routing Protocols Configuration Guide, Vol. 1 erroneously list the maximum number of ECMP paths to be 32 in the IS-IS features list. The maximum-paths command description and the system maximums appendix in the Release Notes list the correct ECMP paths maximum of 16. [Defect ID 56431]

Ethernet

The FE-2 module counters might display incorrect numbers for the In Fabric Dropped Packets statistic when tunneled traffic is forwarded across the module. [Defect ID 27308]

GRE

When you delete a virtual router that has been configured as a transport virtual router for either a GRE or DVMRP tunnel, the show configuration output displays No Router for the transport virtual router. [Defect ID 44810]

Work-around: To remove such a tunnel interface, simply omit any reference to the transport virtual router. For example, to delete interface tunnel gre:v6Tunnel transport-virtual-router No Router from the configuration, issue the command, no interface tunnel gre:v6Tunnel.

Hardware
The OC3/STM1 GE/FE line module and OC3-2 GE APS I/O module pair is unsupported in this release. Installing this module pair into a chassis that is running the JUNOSe 6.1.0 software results in the following log messages:
ERROR 03/09/2005 14:38:43 os: IcLoader: atmhybDiag.cmp not installed
ERROR 03/09/2005 14:38:43 os: IcLoader: atmhybBoot.cmp not installed
ERROR 03/09/2005 14:38:44 os: IcLoader: atmhybStartup.exe not installed
ERROR 03/09/2005 14:38:44 os: IcLoader: atmhybFpgas.cmp not installed
ERROR 03/09/2005 14:38:50 os: IcLoader: atmhyb.exe not installed
In addition, the show version command displays a disabled (image error) state for this module pair.

When a spare OC3/OC12 line card switches over for a primary line card, the primary line card diagnostics might not correctly identify the I/O module behind it as now functioning with the spare line card. In this case, the primary line card might attempt to load software onto an I/O module that is not available, resulting in an error.

Work-around: Revert control back to the primary line module. [Defect ID 64721]

IGMP

When more than about 100,000 mapped OIF entries are configured on a virtual router, issuing the no virtual router command for this and other virtual routers does not delete all the virtual routers within the deletion timeout interval (3 minutes). The virtual routers do eventually delete after this timeout. [Defect ID 63882]

IGMPv3 proxy is not supported. [Defect ID 46038]

The E-series router does not log a warning when it receives an IGMPv2 query but is not configured to use IGMPv2 on the interface. [Defect ID 46046]

The default value for the IGMPv3 proxy unsolicited report interval timer is supposed to be 1 second, compared with 10 seconds for v2. [Defect ID 46040]

The E-series router IGMPv3 proxy does not operate correctly in the presence of IGMPv2 queriers. [Defect ID 46039/46045]

Work-around: If an IGMPv2 router is present on the network, do not configure version 3 with the ip igmp-proxy version command on that network interface. (Version 2 is the default.)

IP

If you have a large configuration on a hybrid module combination (OC3/STM-1 GE/FE line module with the OC3-2 GE APS I/O module), boot from NVS, and then issue the slot erase command before booting has completed, the line module resets. [Defect ID 64104]

Work-around: Issue the slot reload command to recover from the error.

If you have enabled ipInterface logging at a priority of debug, the acknowledgment that an interface has been deleted from the line modules can return to the SRP module after the layers beneath IP have deleted their interfaces. Consequently, the original name of the interface cannot be resolved or displayed in the log, and the system instead displays the ifIndex of the IP interface. [Defect ID 32624]

Work-around: This behavior has no functional effect other than that the log is misleading. However, previous log events indicate that the interface deletion was beginning.

IP interface statistics become inconsistent when a slot is reset, because some traffic (such as control traffic) might be destined for the SRP module and is therefore counted elsewhere. [Defect ID 26697]

The ip route permanent command does not work properly. [Defect ID 34303]

Work-around: You can issue the ip alwaysup command to prevent the route from being removed from the IP routing table after the interface is shut down.

The show ip route summary command displays the following message for a routing table that has never had a route added to it. [Defect ID 50622]

Last route added/deleted: null by Invalid

IPSec

When you upgrade from Release 5.2.x or lower to Release 5.3.x or higher, any IKE preshared keys in the configuration are not preserved keys in the newer release, because the higher releases use a different encryption format. [Defect ID 63897]

Work-around: Use the key command to re-enter the preshared keys in plaintext format after the upgrade. You cannot use the masked-key command to enter a a key encrypted in the lower releases, because the encryption format has changed.

IPv6

IPv6 does not support ECMP round-robin. [Defect ID 64347]

L2TP

When you use L2TP tunnel switching, the number of tunnel-service interfaces might exceed the provisioned limit in the course of normal operations. The output of the show tunnel-server command shows that the active count has exceeded the maximum. [Defect ID 57985]

Line Module Redundancy

The system incorrectly displays the temperature for a primary line module and I/O module combination that has a spare line module and I/O module combination configured for redundancy.

After switchover to the redundant configuration, the show environment all command output fails to display the temperature for the inactive primary line module in the IOA Temperature table. It also incorrectly displays the temperature of the inactive primary I/O module under the slot number of the active redundant line module.[Defect ID 61856]

MLD

MLDv2 proxy is not supported. [Defect ID 46038]

The E-series router does not log a warning when it receives an MLDv1 query but is not configured to use MLDv1 on the interface. [Defect ID 46046]

The default value for the MLDv2 proxy unsolicited report interval timer is supposed to be 1 second, compared with 10 seconds for v1. [Defect ID 46040]

The E-series router MLDv2 proxy does not operate correctly in the presence of MLDv1 queriers. [Defect ID 46039/46045]

Work-around: If an MLDv1 router is present on the network, configure version 1 with the ipv6 mld-proxy version command on that network interface. (Version 2 is the default.)

MLPPP

Failure to meet all of the following conditions for fragmented packets can result in an incorrect operation during packet classification of the resulting reassembled packet: [Defect ID 50111]

The initial fragment of a packet must either contain the entire MLPPP packet or be greater than 128 bytes.

The fragment size of the peer must not be lower than 128 bytes.

The initial fragment of a packet must be larger than subsequent fragments of that packet.

Multilink PPP does not detect illegal bundle members. [Defect ID 3012]

Work-around: Display the local and peer endpoint discriminators via the show mlppp interface full command to help debug the problem.

Possible fragment corruption by Cisco 7200 might prevent an E-series router from reassembling MLPPP fragments received from the Cisco product when the number of fragments is equal to or greater than 4. [Defect ID 50120]

MPLS

An MPLS classifier list is implicitly configured on the router by default, even if you have not configured MPLS on the router. [Defect ID 59141]

If LSPs are announced into IGPs, then the IGP routes cannot be used for multicast RPF checks, because LSPs are unidirectional. [Defect ID 28526]

Work-around: Configure static RPF routes with native hops if LSPs are autoroute announced to IGPs.

Reoptimization of routes with fast reroute does not happen after a failure unless you have configured a path option.

Work-around: When you configure a bypass tunnel to protect an interface, also configure a path option on the primary tunnel. The path option then enables the ingress router of the primary tunnel to set up a reoptimized tunnel in the event of a failure in a protected link. [Defect ID 44317]

Multicast IP

A router failure can occur if you issue the multicast group port limit command to reduce the port limit after the router reaches the current limit.

Work-around: Set the multicast port limit before you enable any interfaces. [Defect ID 64707]

OSPFv3
The no and default versions of some OSPFv3 commands erroneously require that you specify a value with keywords that take values in the affirmative version of the command. The CLI displays an incomplete command message as in the following example. [Defect ID 58934]
host1(config-if)#ipv6 ospf hello-interval 99
host1(config-if)#no ipv6 ospf hello-interval% Incomplete command
Work-around: If you encounter this problem, specify a value with the keyword. The value does not have to be a previously configured value. For example:
host1(config-if)#no ipv6 ospf hello-interval 10000
Packet Mirroring

During RADIUS-based mirroring of L2TP interfaces, packets are not mirrored if there is no IPv4 interface in the default virtual router that is configured in the line module on which the secure policy is attached. [Defect ID 58851]

Work-around: Ensure that at least one IPv4 interface in the default virtual router is configured for the line module on which the secure policy is attached.

PIM

The router can reset with a processor exception 0x300 in task mgtmv4_ctrl_3 in the following circumstances: PIM is enabled, multicast routes are present, and multicast routes are received on an outgoing interface of an mroute at the same time that you disable multicast routing. [Defect ID 60655]

PPPoE

The E-series router erroneously accepts a PADI with a payload length of 0 instead of rejecting it and incrementing the PPPoE Invalid PAD packet length counter. [Defect ID 48356]

QoS

The OC3/STM1 GE/FE line module can reset when the QoS traffic class is moved to autostrict priority while the traffic is running. [Defect ID 63789]

RADIUS

When a RADIUS server fails and the deadtime is nonzero, the router does not attempt to send requests to the failed server for the deadtime period. However, in round-robin access mode, the failed server is still treated as the primary server when its turn comes up. As a consequence, all requests for the failed server are sent on to the next server in the list. Because that server is already acting as primary for its proper turn, this has the effect of doubling the burden on the next server in line after a failed server, even with deadtime active. If deadtime is zero, there is no waiting period and the router attempts to send requests to the failed server immediately, then passes the requests to the next server in line. As in the nonzero deadtime case, this doubles the burden on that next server. [Defect ID 63746]

SNMP

SNMP requests to the following system MIB variables for line modules that are configured as redundant spares will return noSuchName:

juniSystemModuleCurrentType

JuniSystemModuleType

juniSystemModuleExpectedType

JuniSystemModuleType

If a line module failure causes a redundant spare to become online active, noSuchName is still returned on access to these above system MIB variables. [Defect ID 59875]

Textual errors in the juniMplsAC.mi2 MIB file can result in the inability to compile the MPLS agent compatibility MIB using some compilers (for example, Castlerock SNMPc V7.0). In addition, not having the rfc3811.mi2 MIB file results in the inability to compile standard MIB RFC 3813. [Defect ID 64880]

Work-around: Edit the juniMplsAC.mi2 file as follows:

Insert a new line after line 37 that contains four spaces followed by the word DESCRIPTION. For example:

" DESCRIPTION

NOTE: Do not include the quotation marks in the new line. The quotation marks are provided to better illustrate the four spaces preceding DESCRIPTION.

"

Delete line 220.

Delete line 231.

Before attempting to compile RFC 3813, manually copy RFC 3811 to your MIB directory.

SRP Redundancy
One of the following log messages is displayed if stateful SRP switchover (HA) attempts to initialize when the standby Flash disk is full:
CRITICAL ha "[1] The flash disk on the standby SRP is full, unable to enable HA"
CRITICAL ha "[2] The flash disk on the standby SRP is full, unable to enable HA"
If you subsequently issue the show redundancy srp command, the following criterion is displayed:
host1#show redundancy srp
high-availability state:  disabled
current redundancy mode:  high-availability
last activation type:     warm-switch
Criteria Preventing High Availability from being Active
-------------------------------------------------------
             criterion                 met
------------------------------------   ---
Space is available on Standby Flash?   No
Work-around: Free sufficient space on the standby SRP module's Flash disk so that a synchronize command can succeed, then issue the reload standby srp command to clear the error. [Defect ID 62172]

Stateful SRP Switchover (High Availability)

When high availability is enabled, if the SRP module switches over while the slot erase command is executing, the slot that is being erased comes up in the administratively disabled state on the newly active SRP module. [Defect ID 53397]

Work-around: Reissue the slot erase command.

Stateful SRP switchover currently defers IP transmit and receive functions until interface synchronization is complete. If the number of IP interfaces is greater than 4000, the time required to complete interface synchronization exceeds the default dead interval timers for OSPF and IS-IS graceful restart. If graceful restart does not finish in the required time, IGP reestablishes its adjacencies after interface synchronization is complete. A resolution to this issue is being addressed for a future release. [Defect ID 64416]

Workaround: Increase the IGP timers to provide sufficient time for interface synchronization before the peers declare the adjacency down.

When IP tunnels are configured on an HA-enabled router and the tunnel server module (TSM) carrying these tunnels is reloaded, HA transitions to the pending state. HA remains in the pending state for 10 minutes following the successful reloading of the TSM so IP tunnel relocation can occur and the tunnels can become operational again on the TSM. If an SRP switchover occurs while HA is in the pending state, the router performs a cold reboot.

Subscriber Interfaces

The CLI permits the configuration of subscriber interfaces over interfaces where the feature has not been fully qualified. [Defect ID 49482]

Work-around: Configure subscriber interfaces over the following interfaces only: bridged Ethernet over ATM, Fast Ethernet (with and without VLANs), Gigabit Ethernet (with and without VLANs), IP over ATM, and POS. For dynamic subscriber interfaces, ensure that profiles permit the creation of subscriber interfaces over the following interfaces only: bridged Ethernet over ATM, Fast Ethernet (with and without VLANs), and Gigabit Ethernet (with and without VLANs).

System

After a system reload some ATM subinterfaces might remain in the Absent state. [Defect ID 60287]

Work-around: Reload appropriate line modules separately to bring them back up.

You cannot delete the ipInterface log after you delete the corresponding IP interface. You can still add filters to other interfaces, and add a filter to the same interface if you recreate it after deletion. [Defect ID 34842/45063]

Work-around: Remove the filter before you remove the interface. Alternatively, if you remove the interface first, then you must remove all filters associated with all IP interfaces.

During line module failover and reversion testing, the SNMP description before failure (OC3 quad port, ATM) changes (to OCX ATM). [Defect ID 51364]

Work-around: Reload the router or switch the SRP modules to reinstate the correct SNMP description.

Issuing the show interface gigabit ethernet command for the OC3-2 GE APS I/O module reports an MAU type of Unknown for an installed SFP, even though the SFP is valid. [Defect ID 61526]

Memory resources are consumed by the new code and initialization data associated with new features supported in each JUNOSe software release. Certain configurations that worked with previous JUNOSe releases exhaust SRP or line module memory with Release 5.1.0 or higher releases. Specifically, configurations that can result in a large number of unique policies might exceed the available memory in SRP modules with 512 MB of memory or line modules with 128 MB of memory. The published maximum values for interfaces, routes, and virtual routers have not been reduced, because they are still valid for most configurations. [Defect ID 52329]

Work-around: If this condition occurs in your network, contact Juniper Networks Customer Services and Support to discuss your options.

[Contents] [Prev] [Next] [Index] [Report an Error]

juniSystemModuleCurrentType	JuniSystemModuleType
juniSystemModuleExpectedType	JuniSystemModuleType