[Contents]
[Prev]
[Next]
[Report an Error]
Current Software Release
The current software release is Release 7.1R4. For information about
obtaining the software packages, see Upgrade to Release 7.1.
Resolved Issues
The following issues have been resolved since JUNOS Release 7.1R3. The
identifier following the description is the tracking number in our bug database.
Platform and Infrastructure
- Except for local traffic generated by the router, an outbound
IPv6 firewall filter counter does not work on the logical loopback interface.
[PR/22409: This issue has been resolved.]
- If a route is added that points to a unilist next hop with 16
(or fewer) component next hops, the Routing Engine kernel might reset unexpectedly.
[PR/55864: This issue has been resolved.]
- On routing platforms that support dual Routing Engines, if you
configure graceful Routing Engine switchover, and an indirect next hop references
a reject next hop, both Routing Engines might stop operating. [PR/58254: This
issue has been resolved.]
- If a Network Control Protocol (NCP) Terminate Request is received
on a PPP interface that does not have the family statement configured,
the Routing Engine kernel might reset unexpectedly. [PR/61459: This issue
has been resolved.]
- On J-series Services Routers, when you configure a firewall filter
containing a prefix list, firewall compiler optimization might not handle
the prefix list correctly and the forwarding process (fwdd) might dump core.
[PR/61741: This issue has been resolved.]
- On routing platforms containing a single hard drive and no compact
flash drive, if you include the reboot statement at the [edit
chassis routing-engine on-disk-failure] hierarchy level and the hard
disk fails, the statement might not take effect and the routing platform might
not reboot. [PR/61850: This issue has been resolved.]
- On E1 and T1 interface links, very low BGP and TCP throughput
might be observed. A workaround is to increase the physical interface MTU
value to 9 KB. [PR/64682: This issue has been resolved.]
User Interface and Configuration
- Issuing the show | compare configuration command might
cause the management process (mgd) to restart. [PR/54847: This issue has
been resolved.]
- If you edit the order of terms in a firewall configuration on
the master Routing Engine and then issue the commit synchronize command,
the revised term order might not be copied to the backup Routing Engine. [PR/58550:
This issue has been resolved.]
- When you issue the load update command, items in grouped
configurations might be inserted in the wrong order, especially if you add
a term in a hierarchy. [PR/59615: This issue has been resolved.]
- When you use the J-Web user interface to log on to a J-series
or M-series routing platform, even if authentication succeeds, you might see
error messages, such as “initauthconf: unable to open file: /etc/auth.conf”.
There is no operational impact. [PR/62034: This issue has been resolved.]
- When you configure a long SSH DSA or SSH RSA key (approximately
1020 bytes or larger) and commit the configuration, several “buffer
overflow” system log messages might be generated and the management
process (mgd) might dump core. [PR/62141: This issue has been resolved.]
- When you configure forwarding class attributes at the [edit
groups group-name class-of-service] hierarchy level
and try to commit the configuration, the commit might fail. As a workaround,
move the configuration statements to the [edit class-of-service] hierarchy
level. [PR/62345: This issue has been resolved.]
- JUNOS Release 6.4R4 does not recognize trailing spaces included
in secret passwords generated by encryption algorithms. Previous releases
handled this occurrence differently, causing a disparity in behavior. [PR/63967:
This issue has been resolved.]
Interfaces and Chassis
- When a small form-factor pluggable transceiver (SFP) is absent
on an SFP-based PIC, the chassis process (chassisd) might log the following
message repeatedly in the system log: “pic_set_port_info:Got cable_type
for FPC 0 PIC 3 port 1 cable num=0, str=”. [PR/56274: This issue has
been resolved.]
- On T3 interfaces, if you delete the feac-loop-respond statement
from the [edit interfaces t3-fpc/pic/port t3-options] hierarchy
level, the output of the show interfaces t3-fpc/pic/port extensive command
might display the FEAC Loopback field as Active. [PR/58569:
This issue has been resolved.]
- On ATM2 intelligent queuing (IQ) interfaces, if a circuit cross-connect
(CCC) ATM Adaptation Layer 5 (AAL5) virtual circuit (VC) receives alarm indication
signal (AIS) cells while the interface is in the CCC_DOWN state, and then
the VC stops receiving the AIS cells, most of the Operation, Administration,
and Maintenance (OAM) processing for all VCs might stop. [PR/59069: This issue
has been resolved.]
- On ATM2 intelligent queuing (IQ) interfaces, when a large number
of VCs are configured with same oam-period value at the [edit
interfaces at-fpc/pic/port unit logical-unit-number] hierarchy
level, some of the Operation, Administration, and Maintenance (OAM) cells
might be dropped and the VCs and logical interfaces might be marked randomly
as down. [PR/59183: This issue has been resolved.]
- On M10 routers, when Internet Protocol Control Protocol (IPCP)
negotiation appears to have completed, the router might restart the IPCP negotiation.
[PR/59468: This issue has been resolved.]
- For multipoint ATM2 IQ logical interfaces, if you included the plp-to-clp statement
at the [edit interfaces at-fpc/pic/port unit logical-unit-number] hierarchy level, the packet loss priority (PLP) setting might not
have been copied to the cell loss priority (CLP) bit. A workaround is to configure
the statement for the physical interface instead, at the [edit at-fpc/pic/port atm-options] hierarchy level. [PR/61167: This issue has been resolved.]
- On ATM2 intelligent queuing (IQ) interfaces, Operation, Administration,
and Maintenance (OAM) cells might be placed into the second-highest priority
trail termination point (TTP) queue instead of the highest as expected. [PR/61188:
This issue has been resolved.]
- On ATM2 Intelligent Queuing (IQ) PICs installed in M-series and
T-series platforms, ATM PVCs that have been idle longer than a few seconds
might experience a start delay of approximately five to ten seconds, during
which the output rate is slower than normal, followed by output at the nominal
shaping rate. This situation occurs even when the ATM PVCs are not at their
shaping limit and the ATM port is transferring less than the full line-rate
potential. [PR/61746: This issue has been resolved.]
- On Gigabit Ethernet PICs with small form-factor pluggable transceivers
(SFPs), if the interface experiences link-down detection delays of up to 1
second, the operation of fast reroute might be affected. [PR/62682: This issue
has been resolved.]
- When you configure a large number of ATM virtual circuits (VCs),
Operation, Administration, and Maintenance (OAM) processing might become bursty.
In rare cases, if very large bursts happen at the same time as an anomaly
in alarm indication signal (AIS)/remote defect indication (RDI) cell reception,
OAM processing might stop operating after several days. [PR/62719: This issue
has been resolved.]
Services Applications
- After approximately 3 weeks and a few days of service, Monitoring
Services PICs might stop exporting flows because a time counter overflows.
As a workaround, restart the PIC. [PR/58333: This issue has been resolved.]
- On M7i and M10i routers configured for L2TP, if the router receives
a second Password Authentication Protocol (PAP) authentication request while
the first PAP authentication request is being processed, the L2TP process
(l2tpd) might dump core and stop operating. [PR/61207: This issue has been
resolved.]
- On Adaptive Services PICs, if you configure a dynamic IKE-based
IPSec tunnel, the tunnel might not become established with another vendor's
router. [PR/61779: This issue has been resolved.]
General Routing
- If you disable unicast reverse-path forwarding (RPF) on an interface,
the routing protocol process (rpd) might restart. [PR/41964: This issue has
been resolved.]
- When a generated route has a contributing route with an indirect
next hop, the routing protocol process (rpd) might restart unexpectedly. [PR/63208:
This issue has been resolved.]
Routing Protocols
- If you enable LDP tunneling for a label-switched path (LSP), wide-metric
changes are not reflected for the LSP. [PR/57320: This issue has been resolved.]
- When you deactivate an IP multicast scope policy with the deactivate
routing-options multicast scope-policy policy-name configuration
mode command, the policy might still appear in the output of the show
multicast scope operational mode command. [PR/61063: This issue has been
resolved.]
- If you configure a multicast scope policy in PIM sparse mode,
the PIM encapsulation (pe) interface might not be added to the downstream
interface list and the designated router (DR) might not be able to send register
packets to the rendezvous point (RP). [PR/61287: This issue has been resolved.]
- When an existing source active (SA) route to the rendezvous point
(RP) changes, the Multicast Source Discovery Protocol (MSDP) active-source
limit might not work correctly. [PR/61754: This issue has been resolved.]
- If the routing platform receives a BGP route with multiple extended
communities of type 0 (an invalid type) and then readvertises the route to
another BGP peer, the routing protocol process (rpd) might stop operating.
[PR/62814: This issue has been resolved.]
MPLS Applications
- If the routing platform reoptimizes the Constrained Shortest Path
First (CSPF) algorithm after one of the current MPLS LSP transit links goes
down, the value of the CSPF metric field in the output of the show mpls
lsp name detail command might be lower than expected and future CSPF
recomputations might not find a shorter path. [PR/64059: This issue has been
resolved.]
Class of Service
- When you apply a class-of-service (CoS) scheduler map to an interface,
the CoS process (cosd) might experience a memory leak. [PR/42465: This issue
has been resolved.]
- On TX Matrix platforms with enhanced FPCs, high-priority fabric
queues might experience tail dropping of packets when the line rate is greater
than 40 percent. [PR/64178: This issue has been resolved.]
Routing Policy and Firewall Filters
- If you reference an unused routing table in a policy statement,
then issue the commit command several times, the policy might become
corrupted and display the name of the routing table incorrectly. [PR/63351:
This issue has been resolved.]
Network Management
- The ifType value for aggregated SONET is incorrect; it
should be reported as a composite link in the MIB. [PR/61061: This issue has
been resolved.]
Outstanding Issues
Software Installation
- For hard disks that were originally formatted by JUNOS Release
4.4 or earlier, after you issue the request system snapshot partition command,
the router cannot boot from the hard disk. As a workaround, issue the request
system snapshot command before upgrading. [PR/36742]
Platform and Infrastructure
- When you configure a Challenge Handshake Access Protocol (CHAP)
local name with more than 128 characters, characters beyond 128 are truncated
and the authentication does not succeed because the access-profile client
names of sending and receiving interfaces do not match. As a workaround, configure
the local name to have no more than 128 characters. [PR/20532]
- When the Monitoring Services PIC is overloaded, the output from
the show services accounting flow-detail command might freeze. [PR/32896]
- When you enable graceful Routing Engine switchover with the graceful-switchover
enable statement at the [edit chassis redundancy] hierarchy
level and then issue the request system halt both-routing-engines command
on the master Routing Engine, the master Routing Engine might halt and the
backup Routing Engine might take over mastership but not halt. As a workaround,
issue the request system halt both-routing-engines command on the
backup Routing Engine to halt both Routing Engines. [PR/35328]
- On M-series and T-series routing platforms, when an IPv6 router
solicitation is sent, the JUNOS software does not add an entry to its neighbor
cache. [PR/42312]
- On T-series platforms, a Layer 2 maximum transmission unit (MTU)
check is not supported for MPLS packets arriving at egress provider edge (PE)
routers. [PR/46238]
- If a router receives rapid multicast traffic from various groups
or sources that do not have entries in the forwarding table, the router might
generate the “router-name feb NH: resolutions from iif X throttled”
system log message and might delay the installation of forwarding table entries
for some of these multicast packets. [PR/46474]
- On T-series platforms, the MPLS time-to-live (TTL) byte is not
copied into the IP TTL byte at the penultimate hop-popping (PHP) router. [PR/47927]
- If you upgrade the routing platform from JUNOS Release 6.2R2.4
to JUNOS Release 6.2R2.5 by issuing the request system software add command,
the Routing Engine might restart. [PR/49194]
- When you configure a source class usage (SCU) name with an integer
(for example, source-class 100) and use this source class as a firewall
filter match condition, the routing platform might interpret the class identifier
as an integer, which in turn might cause the filter to disregard the match.
[PR/50247]
- On a T640 routing platform, you can exceed the hardware limit
of the platform if you configure link protection by including the link-protection statement
at the [edit protocols mpls label-switched-path lsp-name]
hierarchy level, or if you configure a triple-push operation by including
the exp-push-push-push statement at the [edit class-of-service
interfaces interface-name unit logical-unit-number rewrite-rules]
hierarchy level in conjunction with VLAN-tagging, and Ethernet-based Layer
2 circuit configuration. In the case of link protection, the problem is transitory
while the platform changes to link-protection mode. [PR/51688]
- When you include the vrf-table-label statement at the [edit
routing-instances] hierarchy level, MPLS packets with label-switched
interface (LSI) labels that arrive on core-facing ATM or Frame Relay interfaces
are not counted. [PR/51733]
- When you configure destination class usage along with the port-mirroring
feature, port-mirroring might stop working. [PR/51916]
- On J-series Services Routers, when you include the vrf-table-label statement
at the [edit routing-instances routing-instance-name]
hierarchy level, the incoming traffic is considered to come from the internal
label-switched interface (LSI) associated with the VRF instance. The original
incoming logical interface is unknown, so the traffic is not accounted for
by the original incoming logical unit. Furthermore, the LSI is an internal
interface and has no accounting support. [PR/53148]
- When a Monitoring Services PIC is overloaded with traffic, the
FPC might take the PIC offline and repeatedly send the same error message.
The error message does not seem to affect normal operation of the FPC and
remaining PICs. As a workaround, restart the FPC or bring the PIC online.
[PR/55981]
- For Ethernet-based interfaces in a Layer 2 circuit topology, if
you apply the same circuit cross-connect (CCC) input filter on multiple logical
interfaces in different VLANs, and the state of the associated physical interface
changes from up to down to up, all Layer 2 circuit traffic might travel over
only one of the logical interfaces. As a workaround, apply a unique CCC input
filter to each logical interface. [PR/57276]
- On a J-series Services Router, if you configure a Dynamic Host
Control Protocol (DHCP) server and DHCP request traffic arrives at a rate
of 100 packets per second or more, the DHCP process (dhcpd) might drop some
of the requests. [PR/58250]
- On a 2-port OC3 ATM2 Intelligent Queuing (IQ) PIC installed in
an M-series router, if both ports use a single input stream and you deactivate
one of the two ATM physical interfaces, the VPN routing and forwarding (VRF)
table label feature is not supported. [PR/58814]
- On J-series Services Routers, if the Packet Forwarding Engine
runs out of memory, the forwarding process (fwdd) might dump core. [PR/59020]
- Even if you do not configure IPSec, the key management process
(kmd) opens UDP port 500. [PR/59054]
- On TX Matrix platforms, if the platform receives traffic containing
40 byte packets sent at 98% line rate, the platform might achieve only a 94%
throughput rate. [PR/59660]
- On M40e and M160 routers, if you issue an unsupported operational
command to display JTREE information, the Switching and Forwarding Module
(SFM) might stop operating. As a workaround, issue the show route ip command.
[PR/59688]
- On T-series routing platforms, if packets that match the packet-length statement
in a firewall filter have internal data appended to them, they might be ignored
by the match condition. [PR/62183]
- When you enable LDP using two incoming and two outgoing links,
load balancing stops working, because IP destination address information is
ignored in the hash calculation. [PR/65049]
User Interface and Configuration
- When establishing an SSH connection using s/key for one-time passwords
(OTP)—also known as challenge/response authentication—the challenge
might not be displayed by the CLI, even though a response is required. As
a workaround, first use the telnet command and supply the relevant
login to obtain the challenge string. Do not enter a response; instead just
close the Telnet session. Then use the ssh command, use the same
login, and enter the response based on the challenge obtained from the Telnet
session. [PR/38715]
- For J-series Services Routers, when you do not include the configuration-servers statement
at the [edit system autoinstallation] hierarchy level, excessive
autoinstallation delay might occur. [PR/50248]
Interfaces and Chassis
- On aggregated SONET/SDH interfaces, the counter for drops and
errors in the show interfaces command output does not display the
correct value, because the counter does not collect data from the constituent
interfaces within the aggregate. [PR/23577]
- On ATM interfaces, when the IP address of a remote device is changed,
the output of the show ilmi interface command on the local routing
platform might continue to display the old IP address for the remote device.
[PR/24126]
- On channelized E1 interfaces, you might be able to configure clocking
on ds-fpc/pic/port:n interfaces,
where n is not unit 0. This is an invalid configuration
and might cause a clocking selection problem on the other channels. [PR/24722]
- If virtual channel identifiers (VCIs) for a large number (approximately
400) of virtual connections (VCs) on an ATM DS3 interface are changed frequently,
the interface might mishandle the ATM cells. As a result, OSPF and IS-IS neighbor
adjacencies might not remain stable. [PR/25639]
- On a 2-port OC12 ATM2 IQ interface, the total virtual path (VP)
downtime might not display correctly in the show interfaces command
output. [PR/27128]
- On a 2-port OC12 ATM2 IQ interface, if you configure and then
change the virtual path (VP) setting, the SNMP jnxAtmVpTotalDownTime counter
might be reset. [PR/27131]
- When you configure a shaping rate greater than the speed of an
OC3 link on an OC3 ATM2 IQ interface, the configuration might commit but the
actual shaping rate is less than the interface speed. [PR/27459]
- On ATM2 IQ interfaces, when you include the atm-l2circuit-mode statement
at the [edit chassis fpc slot-number pic pic-number] hierarchy
level, the control word with the sequence number 0 is not treated as an unsequenced
packet. [PR/31392]
- On ATM2 IQ interfaces, when you configure the atm-l2circuit-mode statement
at the [edit chassis fpc slot-number pic pic-number] hierarchy
level, the control-word sequence number is not reset to 1 after the transmit
sequence number reaches 65,535. [PR/31669]
- On ATM2 IQ interfaces, when you include the atm-l2circuit-mode
aal5 statement at the [edit chassis fpc slot-number pic pic-number] hierarchy
level, the initial control word sequence number is not set to 1. [PR/31974]
- On M20 and M40 routers, when a physical layer problem affects
a SONET/SDH interface, carrier transition statistics might not increment correctly
in the output of the show interfaces extensive command. [PR/33325]
- When you configure both the bundle link and constituent links
at the [edit logical-routers logical-router-name interfaces]
hierarchy level, the constituent links do not come up. As a workaround, configure
the constituent links at the [edit interfaces] hierarchy level. [PR/35578]
- On DS3 and E3 ATM2 IQ interfaces, when you configure ATM point-to-multipoint
permanent virtual circuits (PVCs), the following error messages might appear
in the system log: “/kernel: RT_COS: COS IPC op 4 (CLASS TO IFL) failed,
err 1 (Unknown),” “ssb BCHIP 0: invalid entry type 127 at stream
8 channel 0 for ifl 83,” and “ssb COSMAN: mapping table bind to
ifl 83 failed.” There is no operational impact. [PR/36524]
- On logical tunnel (lt) interfaces, if you configure IPv6
addresses and an interior gateway protocol (IGP) between peering lt logical
interfaces, the peer interfaces might not be able to establish an adjacency.
As a workaround, configure different IPv6 link-local addresses on each of
the peers. [PR/37537]
- When an ATM interface configured for CCC encapsulation receives
MPLS packets that exceed 484 bytes, the packets can overflow the buffer and
cause the ATM PIC to hang. As a workaround, take the PIC offline and bring
it back online. [PR/39918]
- When an IPSec firewall filter is applied to match traffic sent
across a generic routing encapsulation (GRE) tunnel and originating from the
local routing platform, the local traffic is dropped. Transient traffic is
not affected. [PR/44871]
- On channelized T3 interfaces, the T1 loopback state does not reflect
loopback set by facilities data link requests using the remote-loopback-respond statement
at the [edit interfaces interface-name t1-options] hierarchy
level. [PR/45837]
- On ATM2 intelligent queuing (IQ) interfaces, if you configure
class of service (CoS) for a Layer 2 circuit trunk, and then change the CoS
configuration, the trunk might go down and not return to service. As a workaround,
take the PIC offline and then bring it back online with the request chassis
pic (offline | online) commands. [PR/45856]
- The largest ping size allowed between T1 interfaces is 28400 bytes.
[PR/46120]
- On ATM2 intelligent queuing (IQ) interfaces, when you configure
the oam-period statement at the [edit interfaces at-fpc/pic/port atm-options
vpi vpi-number] hierarchy level, and a virtual channel
identifier (VCI) within the virtual path identifier (VPI) receives F5 Operation,
Administration, and Maintenance (OAM) alarm indication signal (AIS)/remote
defect indicator (RDI) cells, sometimes the VCI is not marked as down. [PR/46558]
- When the data-link connection identifier (DLCI) is greater than
335 on a Link Services PIC with Multilink Frame Relay (MLFR) configured, the ping command
might fail. [PR/49567]
- On a Link Services PIC, the CLI might incorrectly allow you to
configure a logical tunnel interface (interface identifier lt); the
resulting interface might not work correctly. [PR/49818]
- On ATM2 IQ interfaces, if you configure OAM F4 on the physical
interface by including the oam-liveness and oam-period statements
at the [edit interfaces at-fpc/pic/port atm-options
vpi identifier] hierarchy level, and the remote
interface goes down and comes up again, the VP might not come up again. As
a workaround, deactivate and reactivate the interface. To avoid this problem,
configure OAM on the logical interface by including the oam-liveness and oam-period statements
at the [edit interfaces interface-name unit logical-unit-number] hierarchy
level. [PR/51435]
- When OAM loopback cells are not received on an ATM interface,
the router marks the interface down and logs a message. But when the interface
is marked up as a result of receiving the loopback cells, the router does
not log an interface up message. [PR/51942]
- PPP over Ethernet (PPPoE) interfaces do not support idle-timeout configuration.
[PR/52150]
- Changes to DS0 timeslots on a channelized interface do not synchronize
with the parent multilink frame relay (MLFR) bundles on the Link Services
II PIC. The new interface speed is updated on the channelized interface but
the link speed tracked on the MLFR bundle displays the original value. As
a workaround, deactivate and reactivate the channelized interface. [PR/53030]
- You cannot include a PPP over Ethernet (PPPoE) interface in a
routing instance. [PR/53081]
- On interfaces configured with virtual LAN (VLAN) identifiers,
PPP over Ethernet (PPPoE) does not work. [PR/54844]
- When you deactivate and reactivate a remote LSQ interface, the show
interface lsq-fpc/pic/port extensive command
might display erroneous counter values for the LSQ bundle. [PR/54855]
- On Channelized STM1 PICs, a tributary unit alarm indication signal
(TU-AIS) alarm enabled for one channel might cause another channel to shut
down. [PR/55357]
- If an MLPPP LSQ bundle carries a large volume of link fragmentation
and interleaving (LFI) traffic and a small proportion of multilink traffic,
packets might be dropped on the egress constituent links. [PR/56664]
- When E1 links in G704 framed mode are used as constituent links
of an LSQ interface, random early detection (RED) drops might occur. As a
workaround, configure framing unframed at the [edit interfaces interface-name e1-options] hierarchy
level on the constituent E1 links or configure an extra 4 percent link layer
overhead on the LSQ interface. [PR/57080]
- On 1-port 10-Gigabit Ethernet PICs with XENPAK installed in an
M320 or T-series routing platform, when you bring the PIC online, sometimes
the following error message might be logged: “XGE(x/y): runaway interrupt
count (1000001).” [PR/57376]
- On link services interfaces configured for Multilink PPP (MLPPP),
if you try to connect a routing platform running JUNOS Release 6.4R3 or later
to another vendor's router that uses a maximum received reconstructed unit
(MRRU) value of less than 1500 bytes, the routing platform uses the wrong
MRRU value in the Link Control Protocol (LCP) negotiation and the MLPPP session
is not established. [PR/57950]
- If you disable an adaptive services interface by including the disable statement
at the [edit interfaces sp-fpc/pic/port] hierarchy
level and then delete the disable statement from the configuration,
IPSec service is not reset correctly. As a workaround, either issue the deactivate
services command followed by the activate services command,
or issue the request chassis pic offline fpc-slot slot-number pic-slot pic-number command
followed by the request chassis pic online fpc-slot slot-number pic-slot pic-number command.
[PR/58522]
- On M10i routers configured with GRES, when Routing Engine 1 is
the master Routing Engine, the fxp0 interface link state is always
up, even when the port on the interface is not connected. [PR/58911]
- If you try to convert a Gigabit Ethernet interface into an aggregated
Ethernet interface by using a single commit, the routing platform might experience
a DCD_CONFIG_WRITE failure and dump core. As a workaround, issue separate
commits—one to rename the interface and a second to add the interface
into the bundle. [PR/59185]
- For T3 channels on channelized DS3 intelligent queuing (IQ) interfaces,
when you include the holdtime statement at the [edit interfaces
t3-fpc/pic/port] hierarchy
level, the T3 interface might not restart when you take the PIC offline and
bring it back online. As a workaround, deactivate and reactivate the T3 interface,
and delete the holdtime statement from the T3 interface configuration.
[PR/59263]
- On a Channelized E1 Intelligent Queuing (IQ) PIC, when you configure
Frame Relay encapsulation on a point-to-multipoint interface and issue the ping command,
the ping might fail. As a workaround, reconfigure the interface as a point-to-point
interface. [PR/61074]
- If a Routing Engine switchover occurs because of GRES, and APS
is used in a multirouter configuration, traffic on the APS-protected circuit
might be lost for up to five seconds. [PR/64211]
- When the protect circuit interface comes online, the interface
process marks it as up and installs new routes, which replace the original
routes through the working interface. Later, when the APS process marks the
protect circuit interface down, the routing process deletes its routes and
changes the routes back to the working circuit. Packet loss occurs after the
protect circuit routes are deleted and before the working circuit routes are
added. [PR/65038]
- Deactivating the inactive interface and then reactivating it might
sometimes cause changes to the status of the other interface in the APS group.
[PR/65041]
- If you configure protection lockout on an interface and unidirectional
mode is in use, and if the working circuit fails and then is restored, the
receive side of the channel erroneously remains on the protect circuit. [PR/65051]
Services Applications
- The output of the show services nat pool command displays
duplicate entries for a single Network Address Translation (NAT) pool. [PR/34678]
- The anomaly threshold for intrusion detection services (IDS) does
not take effect on J-series platforms. [PR/46577]
- On Adaptive Services PICs configured for IPSec tunnel redundancy,
if there are a large number of tunnels, sometimes a few of the tunnels might
switch over to the backup tunnel. [PR/46733]
- The local-id fqdn statement at the [edit services
ipsec-vpn ike policy policy-name] hierarchy level
has no effect. [PR/46908]
- On routing platforms configured for Internet Key Exchange (IKE)-based
IPSec, if a remote peer using other vendors' equipment does not renegotiate
the IKE security association (SA) when it is about to expire and continues
to send dead peer detection (DPD) requests on the same SA, the routing platform
might not be able to reply to these messages. [PR/47004]
- If the socket buffer becomes full on a remote router, you cannot
clear all the IPSec security associations (SAs) from the router. [PR/55189]
- For flow collection services interfaces, if you include a description
for ifalias in the format statement at the [edit services
flow-collector file-specification file-specification-name name-format] hierarchy
level, the interface might generate files with nonexistent SNMP indices in
the filename. [PR/57382]
- On Monitoring Services II PICs configured for flow collection
services, during memory overload conditions, the flow collector interface
might create files lacking cflowd records and these files might not be sent
to the external FTP server. [PR/62599]
- When you modify a flow collection configuration and commit the
changes, the system log might contain error messages regarding the commit.
These messages do not affect the operation of the router and can be ignored.
[PR/64201]
General Routing
- T1 interfaces might flap continuously with flooding network control
messages, which causes excessive tail-drop on the network-control queue.
As a workaround, increase the size of the network-control queue. [PR/55898]
- When you configure the vrf-target statement at the [edit
routing-instances instance-name] hierarchy level,
a routing instance name with a space is not allowed. [PR/57153]
- If you configure an aggregate route or generated route with a
large number of contributing routes and then issue the show route extensive or show
route detail command, the routing protocol process (rpd) might experience
scheduler slips. As a workaround, issue the show route brief or show
route terse command. [PR/60411]
- If you delete or deactivate the rib inet.0 statement
at the [edit routing-options] hierarchy level, this action might
not remove the static routes configured under the statement. [PR/61533]
Routing Protocols
- When you include the as-path atomic-aggregate statement
at the [edit routing-options aggregate defaults as-path] hierarchy
level to manually add the ATOMIC_AGGREGATE attribute on a BGP AS path, the
attribute is not added. [PR/2527]
- When you issue the show pim statistics command to view
traced PIM protocol traffic, messages sent to the rendezvous point (RP) might
not increment the Register counter. [PR/13887]
- When you issue the mtrace command from a UNIX client,
the router does not respond to a query that requires multicast response, but
responds correctly to any query that requires unicast response. As a result,
the first two probes time out. The third probe is the unicast response probe,
which usually succeeds. [PR/17237]
- If you issue the ospfNbrAddressLessIndex SNMP query for
an interface configured with an IP address, you might receive output containing
the value of the SNMP interface index instead of the value 0 suggested by
RFC 1850. [PR/20104]
- When IS-IS is configured on a transit router and graceful restart
occurs, a neighboring router might tear down the old path and create a new
label-switched path (LSP). [PR/31632]
- Distance Vector Multicast Routing Protocol (DVMRP) interface configuration
allows one to configure an invalid metric. Values larger than 32 are not valid.
[PR/33429]
- When virtual links are configured on a router, OSPF graceful restart
might not work as expected. [PR/36947]
- If you configure Bidirectional Forwarding Detection (BFD) and
graceful restart for OSPF or IS-IS, graceful restart might not work as expected.
[PR/37106]
- If a router receives a Pragmatic General Multicast (PGM) Source
Path Message (SPM), it does not create a forwarding cache, nor does it forward
the message to other routers as a heartbeat, as specified in RFC 3208. Also,
the router's multicast cache might time out if it does not receive actual
PGM data (ODATA) for more than 6 minutes. As a workaround, configure the PGM
source application to send PGM ODATA at least once every 6 minutes. The ODATA
acts as the heartbeat message in lieu of the SPM messages and ensures the
multicast and forwarding caches are created and updated. [PR/37504]
- Bidirectional Forwarding Detection (BFD) might not work as expected
within a logical router. [PR/38332]
- If secondary addresses are configured on an interface, Bidirectional
Forwarding Detection (BFD) might establish a session for only one address
at a time on a random basis. [PR/38498]
- If you include the sham-link statement at the [edit
routing-instances instance-name protocols ospf area]
or [edit routing-instances instance-name protocols
ospf] hierarchy level on a provider edge (PE) router, extraneous OSPF
link-state advertisements (LSAs) might be added. In some cases, this can result
in a routing loop between the customer edge (CE) and PE routers. [PR/40000]
- On a provider edge (PE) router configured for multicast over Layer
3 VPNs, if you enable PIM in a routing instance and on a GRE tunnel through
the provider core network, the router might not be able to establish PIM neighbor
relationships over the GRE tunnel and the routing protocol process might restart.
As a workaround, use an interface other than a GRE interface when connecting
to the provider core network. [PR/40124]
- During reverse path forwarding (RPF) changes, PIM might send assert
messages over a SONET/SDH interface. When the downstream interface is pruned
from the PIM join state, the associated assert state is not removed, causing
the router to continue generating assert messages periodically. [PR/46212]
- The address fields in the BGP MIB are not compatible with IPv6
address lengths. [PR/51150]
- If you include the pim vpn-group-address statement at
the [edit protocols] hierarchy level in a routing instance of type
VRF, and you change the router ID or loopback address value in a master routing
instance, the router might lose connectivity with other provider edge (PE)
routers for the VPN. As a workaround, deactivate the vpn-group-address statement
at the [edit routing-instance instance-name protocols
pim] hierarchy level, commit the configuration, reactivate the statement,
and commit the configuration again. [PR/51839]
- When you configure damping globally and use the import policy
to not damp specific routes, and a new route is received from a peer with
the local interface address as the next hop, the route is added to the routing
table with default damping parameters, even though the import policy has a
nondefault setting. As a result, damping settings do not change appropriately
when the route attributes change. [PR/51975]
- When a router receives a flood of PIM prune packets from its downstream
neighbor, triggered pruning might not work correctly. [PR/57108]
- If you configure a routing platform as a provider edge (PE) router
and a BGP router reflector or AS boundary router, then configure a routing
table group in a VPN routing and forwarding (VRF) instance to share unicast
routes with the instance.inet.2 routing table (used for multicast
reverse path forwarding [RPF] information), and if you advertise these routes
to the BGP inet-vpn multicast family, the routing protocol process
(rpd) might restart. [PR/61005]
- BGP multipath over internal BGP or multihop sessions might not
operate correctly. [PR/61235]
- If you configure IS-IS to run IPv6 between two logical routers
in the same physical router by including a logical-router configuration, IS-IS
routes might not get installed into the inet6.0 routing table. The
workaround is to manually configure unique IPv6 link-local addresses on the
interfaces that connect the two logical routers. [PR/61530]
- When the Internet Group Management Protocol (IGMP) multicast listener
discovery (MLD) source-specific multicast (SSM)-Map feature is enabled on
a LAN interface with multiple receiving hosts, the router might continue to
forward traffic for the group until the IGMP group membership timeout interval,
even though all receivers might have already left the group. [PR/61538]
- When you modify an IS-IS configuration and commit the changes,
memory corruption might occur and the routing protocol process (rpd) might
dump core. [PR/63826]
MPLS Applications
- If you configure a label-switched path (LSP) with the no-cspf statement
at the [edit protocols mpls] hierarchy level, the LSP might cycle
up and down several times before stabilizing. [PR/10415]
- The local bandwidth log for a Constrained Shortest Path First
computation might show an incorrect value. [PR/21369]
- Per-prefix forwarding does not support multiple-weight next hops.
If you forward traffic over a transit router on which the fast-reroute statement
is configured at the [edit protocols mpls label-switched-path lsp-name]
hierarchy level, the backup information is not passed to the Packet Forwarding
Engine. [PR/22755]
- After a label-switched path (LSP) is established, increasing the
LSP bandwidth beyond what is available does not bring down the LSP. The show
mpls lsp command displays the configured bandwidth value rather than
the actual bandwidth used. [PR/40164]
- If you include the explicit-null statement
at the [edit protocols bgp family inet labeled-unicast] hierarchy
level, the traceroute command might not work properly. [PR/44814]
- If a vendor's equipment employs proprietary type, length, and
value (TLV) information, the ping mpls command might have interoperability
issues because the JUNOS software cannot understand the proprietary TLV information.
[PR/51084]
- If you issue the show mpls lsp statistics command on
an ingress router with a slower Routing Engine (RE2) and there are many label-stacked
VPNs, the Packet Forwarding Engine might restart. [PR/51305]
- If a cross-connected circuit (CCC) traverses a forwarding-adjacency
label-switched path (LSP), traffic forwarding might be affected. [PR/60088]
- RSVP graceful restart does not function for LSPs that have a forwarding
adjacency (FA) label-switched path (LSP) as a next hop. [PR/60256]
- When you modify the primary path for an MPLS LSP by using the delete
protocols mpls label-switched-path lsp-path-name primary path-name command
in configuration mode, followed by the set protocols mpls label-switched-path lsp-path-name primary path-name command, and then issue the commit command, the entire LSP
(both primary and secondary) is torn down and then rebuilt from scratch. As
a workaround, issue the delete protocols mpls label-switched-path lsp-path-name primary path-name command in configuration mode followed by the commit command. Then
issue the set protocols mpls label-switched-path lsp-path-name primary path-name command
followed by the commit command. [PR/62365]
VPNs
- For IPv6 VPNs running on Gigabit Ethernet and Fast Ethernet interfaces, ping and traceroute operations
do not work from local provider edge (PE) routers to remote PE and customer
edge (CE) routers. [PR/28502]
- When you change the encapsulation to frame-relay-tcc at
the [edit interfaces interface-name unit logical-unit-number]
hierarchy level of a Layer 2 VPN, the connection for the second logical interface
might not come up. As a workaround, restart the chassis process (chassisd)
or reboot the router. [PR/32763]
Class of Service
- When you configure an ES PIC, a log message similar to “fpc0
LCHIP(3): Unable to fathom what channel used by IFD 432” might be displayed.
There is no operational impact. [PR/36184]
- When you remove or omit the shaping-rate statement from
a scheduled VLAN configuration, the routing platform might drop large numbers
of packets. [PR/47057]
- On ATM2 IQ PICs configured to use alternate VC CoS mode, when
the traffic pattern on low-priority queues is changed, the high-priority queue
sends less than the expected amount of traffic. As a workaround, raise the
high-priority queue weight. [PR/50178]
- The error message indicating that an IEEE 802.1 rewrite rule cannot
be applied on a nontagged interface references a classifier instead of a rewrite
rule. There is no operational impact. [PR/50980]
- When a logical tunnel (lt) interface is the outbound
interface, the JUNOS software does not support the IEEE-802.1p rewrite rule.
[PR/55903]
- On J-series Services Routers, even if you oversubscribe a T1 interface
that is part of a multilink PPP (MLPPP) bundle, the output of the show
interfaces queue ls-fpc/pic/port and show
interfaces queue t1-fpc/pic/port commands
might not display any queue drops. [PR/57516]
- If you try to configure a scheduler map containing two forwarding
classes that are mapped to the same queue, the class-of-service scheduler
is not applied to the Packet Forwarding Engine. As a workaround, configure
a single forwarding class for each of the available queues. [PR/57907]
- If you configure a scheduler map and a random early detection
(RED) drop profile that uses a fill level of 100%, and the routing platform
receives traffic that oversubscribes the queue scheduler, the Resource
errors counter in the output of the show interfaces extensive command
increases and packets going to other queues and interfaces might be impacted.
[PR/60215]
- On J-series Services Routers, if you oversubscribe an E1 interface,
latency on the high priority queue might be higher than expected. As a workaround,
configure a shaping rate on the E1 interface that is equal to the line rate
minus the E1 framing overhead. [PR/60595]
Forwarding and Sampling
- On a T640 routing node, the sampling process (sampled) might write
to a sampling output file inconsistently or might fail to export cflowd records
as expected. As a workaround, restart the sampling process. [PR/31021]
Network Management
- If field-replaceable unit (FRU) uptime exceeds 248 days and you
perform an snmpwalk() function on a router using the jnxOperatingUptime MIB
object, negative values might be reported in the Get response messages. [PR/55469]
[Contents]
[Prev]
[Next]
[Report an Error]