Known Problems and Limitations
This section identifies the known problems and limitations in this release. For more information about known problems that were discovered at customer sites, you can log in to the JUNOSe Knowledge Base at https://www2.juniper.net/kb/, enter the defect ID number in the Search by Keyword field, and click Search.
ATM
- The T3 ATM module with CT3/T3 I/O module combination no longer has sufficient memory to support all interface configurations. The number of interfaces that this module can support varies depending on the configured features, such as the depth of the interface stack or the number of policies per subscriber. When the memory limitation is reached, the router rejects configuration attempts with a resource exhausted message. [Defect ID 63424]
Work-around: To avoid this situation, you can do any of the following: Reduce the configuration, add one or more additional sets of the older design line modules and I/O modules (T3 ATM module with CT3/T3 I/O module combination) to the chassis and move subscribers to the new modules, or upgrade to an OCx/STMx/DS3-ATM line module with 4xDS3 ATM I/O module combination instead of your older module set.
- For PPPoE, the AAL5 inPacketDiscards counter might increment erroneously during call setup when a packet is passed directly to PPPoE for negotiation rather than being discarded. [Defect ID 51757]
Work-around: Incremental InPacketDiscards during call setup do not necessarily indicate a problem. However, we recommend you investigate an excessive count because that might indicate a connection that cannot be successfully brought up for some reason, such as RADIUS denials or improper configuration.
- When you reload an ATM line module that is configured with NBMA circuits as passive OSPF interfaces and that has established OSPF adjacencies and IBGP peers (configured on Gigabit Ethernet interfaces), the transmission of OSPF hello packets might be affected until all the NBMA interfaces have initialized. [Defect ID 46157]
Work-around: Either remove the passive OSPF interface statements on the NBMA interfaces, or statically configure the OSPF cost on the NBMA interfaces.
B-RAS
- If the router is under a heavy load, the show profile command might take longer than usual to execute. [Defect ID 41738]
Work-around: You can either delay examination of profiles until the router is less busy, or save a copy of the profile to a text file off the router.
CLI
- In Interface Configuration mode for a major interface, the CLI displays options for protocols that are not supported by that interface type. [Defect ID 33307]
- If your router is in Manual Commit mode, then you must issue the write memory command before you perform an SRP module switch or a manual reload. You must do this even when you have made no changes to the system configuration and the file systems are synchronized. [Defect ID 44469]
- The show subsystem and exclude-subsystem commands show the TSM as an OC12 module. [Defect ID 36661]
- When you issue a run show ppp command, the CLI changes the configuration level of the command line to Global Configuration mode rather than remaining at the level from which you issued the command. [Defect ID 52165]
Work-around: Reissue the commands necessary to reenter the desired mode.
Ethernet
- The FE-2 module counters might display incorrect numbers for the In Fabric Dropped Packets statistic when tunneled traffic is forwarded across the module. [Defect ID 27308]
GRE
- When you delete a virtual router that has been configured as a transport virtual router for either a GRE or DVMRP tunnel, the show configuration output displays No Router for the transport virtual router. [Defect ID 44810]
Work-around: To remove such a tunnel interface, simply omit any reference to the transport virtual router. For example, to delete interface tunnel gre:v6Tunnel transport-virtual-router No Router from the configuration, issue the command, no interface tunnel gre:v6Tunnel.
Hardware
- On the E320 router, FTP throughput is higher when an FTP server and client are connected to the same line module than when the server and client are connected to different line modules. [Defect ID 76005]
IGMP
- IGMPv3 proxy is not supported. [Defect ID 46038]
- The E-series router IGMPv3 proxy does not operate correctly in the presence of IGMPv2 queriers. [Defect ID 46039/46045]
Work-around: If an IGMPv2 router is present on the network, do not configure version 3 with the ip igmp-proxy version command on that network interface. (Version 2 is the default.)
- The default value for the IGMPv3 proxy unsolicited report interval timer should be 1 second rather than 10 seconds (the value for v2). [Defect ID 46040]
- The E-series router does not log a warning when it receives an IGMPv2 query but is not configured to use IGMPv2 on the interface. [Defect ID 46046]
- When more than about 100,000 mapped OIF entries are configured on a virtual router, issuing the no virtual router command for this and other virtual routers does not delete all the virtual routers within the deletion timeout interval (3 minutes). The virtual routers do eventually delete after this timeout. [Defect ID 63882]
IP
Work-around: You can issue the ip alwaysup command to prevent the route from being removed from the IP routing table after the interface is shut down.
- IP interface statistics become inconsistent when a slot is reset, because some traffic (such as control traffic) might be destined for the SRP module and is therefore counted elsewhere. [Defect ID 26697]
- Removing the IPv6 license while IPv6 users are active on an L2TP connection might also affect IPv4 users on the L2TP connection. [Defect ID 65853]
Work-around: Issue the l2tp shutdown command, then issue the no l2tp shutdown command.
- If you have a large configuration on a hybrid module combination (OC3/STM-1 GE/FE line module with the OC3-2 GE APS I/O module), boot from NVS, and issue the slot erase command before booting has completed, the line module resets. [Defect ID 64104]
Work-around: To recover from the error, issue the slot reload command anytime after the module begins to reset.
- When MPLS and IS-IS are configured on Ethernet interfaces, you cannot delete the interface after the IP address is removed. This issue is not a problem on Ethernet VLAN interfaces. [Defect ID 66813]
Work-around: Issue the no mpls command to disable MPLS, then delete the interface.
IPSec
- During a warm restart after a system failover, the SRP module can take several minutes to resume the normal exchange of UDP/IP packets to applications. During this restart time, the E-series router does not send or receive dead peer detection (DPD) keepalives, which are used to verify connectivity between the router and its peers. The length of the restart time depends on the number of interfaces—if the restart time is too long, remote peers might determine that the connection from them to the E-series router is broken and then shut down an IPSec tunnel that has DPD enabled. In the worst case, all IPSec tunnels might be shut down. [Defect ID 65132]
IS-IS
- If LSPs are announced into IS-IS, then the IS-IS routes cannot be used for multicast RPF checks, because LSPs are unidirectional. [Defect ID 28526]
Work-around: Configure static RPF routes with native hops when LSPs are autoroute announced to IS-IS.
MLD
- MLDv2 proxy is not supported. [Defect ID 46038]
- The E-series router MLDv2 proxy does not operate correctly in the presence of MLDv1 queriers. [Defect ID 46039/46045]
Work-around: If an MLDv1 router is present on the network, configure version 1 with the ipv6 mld-proxy version command on that network interface. (Version 2 is the default.)
- The default value for the MLDv2 proxy unsolicited report interval timer should be 1 second rather than 10 seconds (the value for v1). [Defect ID 46040]
- The E-series router does not log a warning when it receives an MLDv1 query but is not configured to use MLDv1 on the interface. [Defect ID 46046]
MLPPP
- Failure to meet all of the following conditions for fragmented packets can result in an incorrect operation during packet classification of the resulting reassembled packet: [Defect ID 50111]
- The initial fragment of a packet must either contain the entire MLPPP packet or be greater than 128 bytes.
- The fragment size of the peer must not be lower than 128 bytes.
- The initial fragment of a packet must be larger than subsequent fragments of that packet.
Work-around: Display the local and peer endpoint discriminators via the show mlppp interface full command to help debug the problem.
MPLS
- If LSPs are announced into IGPs, then the IGP routes cannot be used for multicast RPF checks, because LSPs are unidirectional. [Defect ID 28526]
Work-around: Configure static RPF routes with native hops when LSPs are autoroute announced to IGPs.
- You cannot use an underscore character (_) in an MPLS tunnel name. [Defect ID 31291]
- Reoptimization of routes with fast reroute does not happen after a failure unless you have configured a path option. [Defect ID 44317]
Work-around: When you configure a bypass tunnel to protect an interface, also configure a path option on the primary tunnel. The path option then enables the ingress router of the primary tunnel to set up a reoptimized tunnel in the event of a failure in a protected link.
Packet Mirroring
- During RADIUS-based mirroring of L2TP interfaces, packets are not mirrored if there is no IPv4 interface in the default virtual router that is configured in the line module on which the secure policy is attached. [Defect ID 58851]
Policy Management
- Classification on source or destination route class is not supported on non-ASIC-based line modules nor on the CAM-based line modules (ES2-S1 4G LM, OC-48, and GE-2 modules). The JUNOSe Policy and QoS Configuration Guide incorrectly states that route class is supported on all line modules.
PPPoE
- The E-series router erroneously accepts a PADI with a payload length of 0 instead of rejecting it and incrementing the PPPoE Invalid PAD packet length counter. [Defect ID 48356]
QoS
- When the SDX software attempts to attach a QoS profile to a tunneled session, the router ignores the request and the profile is not attached. [Defect ID 73887]
RADIUS
- In some cases the JUNOSe documentation uses a different RADIUS VSA name than the name listed in the JUNOSe RADIUS dictionary. The following table lists the attribute number, the VSA name used in the dictionary, and the corresponding name used in the documentation. The table does not list VSA names that are the same in the dictionary and the documentation.
- When a RADIUS server fails and the deadtime is nonzero, the router does not attempt to send requests to the failed server for the deadtime period. However, in round-robin access mode, the failed server is still treated as the primary server when its turn comes up. As a consequence, all requests for the failed server are sent on to the next server in the list. Because that server is already acting as primary for its proper turn, this has the effect of doubling the burden on the next server in line after a failed server, even with deadtime active. If deadtime is zero, there is no waiting period and the router attempts to send requests to the failed server immediately, then passes the requests to the next server in line. As in the nonzero deadtime case, this doubles the burden on that next server. [Defect ID 63746]
SONET
- You cannot use the highest sensitivity bit-error rate setting (a value of 9) associated with APS/MSP alarm when you issue the threshold sd-ber command to configure a cOCx/STMx line module with cOC12-APS-capable IOAs. [Defect ID 72861]
Work-around: Use only a value in the range 5-8 when you issue the threshold sd-ber command for this module combination, as in the following example:
host1(config)#controller sonet 2/1
host1(config-controll)#aps group boston
host1(config-controll)#aps protect
host1(config-controller)#threshold sd-ber 6
Stateful SRP Switchover (High Availability)
- When IP tunnels are configured on an HA-enabled router and the tunnel server module (TSM) carrying these tunnels is reloaded, HA transitions to the pending state. HA remains in the pending state for 10 minutes following the successful reloading of the TSM. This amount of time allows for IP tunnel relocation and for the tunnels to become operational again on the TSM. If an SRP switchover occurs while HA is in the pending state, the router performs a cold restart.
- After a stateful SRP switchover, each layer of the interface columns must reconstruct its interfaces from the mirrored information. While the interfaces are being reconstructed the SRP module cannot send or receive frames, including the protocol frames that signal graceful restart behavior with OSPF and IS-IS peers. If the configured hold time is too short, peers might mistakenly declare the adjacency down during the time in which the graceful restart is taking place. [Defect ID 65132]
Work-around: Increase the hold time to provide sufficient time for interface synchronization before the peers declare the adjacency down.
- For OSPF, use the ip ospf dead-interval command to set the hold time. We recommend that you use Bidirectional Forwarding Detection (BFD) with a longer OSPF dead interval to achieve fast failure detection.
- For IS-IS, use the isis hello-interval and isis hello-multiplier commands to set the hold time.
We recommend the following hold times for each protocol, based on the number of interfaces.
System
- The system displays the following error message when the SRP module on the E320 router is booting: [Defect ID 46029]
Port 0 link down. Check line connection.
Failed to start device dc.
You can safely ignore this message, because the link subsequently becomes operational.
- Memory resources are consumed by the new code and initialization data associated with new features supported in each JUNOSe software release. Certain configurations that worked with previous JUNOSe releases exhaust SRP or line module memory with Release 5.1.0 or higher releases. Specifically, configurations that can result in a large number of unique policies might exceed the available memory in SRP modules with 512 MB of memory or line modules with 128 MB of memory. The published maximum values for interfaces, routes, and virtual routers have not been reduced, because they are still valid for most configurations. [Defect ID 52329]
Work-around: If this condition occurs in your network, contact Juniper Networks Customer Services and Support to discuss your options.