[Contents]
[Prev]
[Next]
[Report an Error]
Previous Releases
Release 7.1R3
The following issues have been resolved since JUNOS Release 7.1R2. The
identifier following the description is the tracking number in our bug database.
Software Installation
- While installing a PC card, you might see these error messages:
“chown: wheel: illegal group name and pkg_add: couldn't change owner/group
of '<file>' to 'root.wheel'.” [PR/50755: This issue has been resolved.]
Platform and Infrastructure
- For aggregated Ethernet and aggregated SONET/SDH interfaces, if
you configure per-packet load balancing, the traffic might not be balanced
evenly. [PR/21240: This issue has been resolved.]
- On T-series platforms, when you configure virtual private LAN
service (VPLS) in a logical router, the Flexible PIC Concentrator (FPC) might
dump core. [PR/48059: This issue has been resolved.]
- If a routing platform is configured with a VPN routing and forwarding
(VRF) table label and you include the explicit-null statement at
the [edit protocols ldp] hierarchy level (for LDP) or at the [edit
protocols mpls] hierarchy level (for RSVP), and a neighbor that uses
equipment from another vendor replies with an explicit null label as the outer
label and a VRF table label as the VPN label, the VPN might stop operating.
As a workaround, remove the explicit-null statement. [PR/49544: This
issue has been resolved.]
- On ATM interfaces, when you configure multiple network addresses
on a single logical interface by including the multipoint-destination statement
at the [edit interfaces at-fpc/pic/port unit logical-unit-number family inet address ip-address] hierarchy level,
the routing platform might stop operating. As a workaround, configure a separate
logical interface for each network address. [PR/49834: This issue has been
resolved.]
- On Monitoring Services PICs configured as flow collector interfaces,
the flow collector might have exported files with the wrong timestamp after
approximately 7 weeks of continuous operation. [PR/50885: This issue has been
resolved.]
- On Channelized DS3 PICs, continual system log messages from the
t704 driver might cause an FPC to dump core. [PR/54911: This issue has been
resolved.]
- On J4300 and J6300 Services Routers, the request system snapshot
media usb partition as-primary command does not work properly. It works
correctly on J2300 Services Routers. [PR/55265: This issue has been resolved.]
- When a traceroute operation resolves over a label-switched
path (LSP), the show command output does not display MPLS label information.
[PR/55379: This issue has been resolved.]
- When a file system read/write error occurs, the Routing Engine
might enter a state in which it responds to local pings and interfaces remain
up, but no other processes are responding. As a workaround, reboot the router.
This issue has been addressed in the documentation. For more information,
please see the audit trail in this PR. [PR/55650: This issue has been resolved.]
- When you configure and enable the Virtual Router Redundancy Protocol
(VRRP) on a router, Dynamic Host Configuration Protocol (DHCP) packets might
be forwarded with an incorrect source address. [PR/56117: This issue has been
resolved.]
- Use of a NULL pointer in the kernel's tracing facility caused
the Routing Engine to restart. [PR/57355: This issue has been resolved.]
- When the Routing Engine receives Address Resolution Protocol (ARP)
packets with ether-over-atm and other Ethernet encapsulations, accounting
problems on the ARP interrupt queue might cause the Routing Engine to become
unresponsive to ARP messages. [PR/57476: This issue has been resolved.]
- On M-series routers, if an interface flaps, Dynamic Host Configuration
Protocol (DHCP) forwarding might stop working. [PR/58320: This issue has been
resolved.]
- Performing an IPv6 ping might cause the kernel to dump core and
reset. [PR/59329: This issue has been resolved.]
- On the Channelized DS3 Intelligent Queuing (IQ) PIC on M-series
routers, when you enter the show snmp mib walk command, the query
might time out. [PR/59365: This issue has been resolved.]
- On a 1-port SONET/SDH OC48c/STM16 PIC with small form-factor pluggable
transceivers (SFPs), if you configure a Layer 2 circuit trunk mode topology,
an FPC might dump core. [PR/59552: This issue has been resolved.]
- On Adaptive Services PICs, if you configure a virtual loopback
tunnel (vt-) interface and include the service-package layer-2 statement
at the [edit chassis fpc fpc-slot pic pic-slot adaptive-services] hierarchy
level, the routing platform might reboot multiple times when it is restarted.
[PR/59915: This issue has been resolved.]
- For M320 and T-series routing platforms configured with Ethernet
interfaces and BGP, if you upgrade to JUNOS Releases 6.4R4, 7.0R3, or 7.1
and later, next-hop errors might be reported and an FPC might stop operating
when Jtree memory is allocated. [PR/60081: This issue has been resolved.]
User Interface and Configuration
- If you commit a configuration with a release-specific statement
and then downgrade the JUNOS software to an earlier version that does not
support the statement, validation of the downgraded software might still succeed.
In addition, the best-effort-load option has been added to the request
system software add command to consider a configuration valid as soon
as it contains a single valid configuration option. [PR/46359: This issue
has been resolved.]
- When you try to save the configuration file to a PC card that
is in MS-DOS format, the JUNOS CLI reports an error. [PR/53286: This issue
has been resolved.]
- When an application emits the JUNOScript <get-configuration>
tag, the management process (mgd) might report a bad page fault and dump core.
[PR/57510: This issue has been resolved.]
- If the configuration is very large, issuing the load update command
might cause RPD_SCHED slip messages. [PR/57548: This issue has been resolved.]
- Configuration statements marked with the inactive tag
might appear to be changed in the output of the show | compare command,
even though they were not changed since the last commit. [PR/57593: This
issue has been resolved.]
- Load configuration Perl scripts from the junoscript-perl-7.0R1.5/examples directory
did not run correctly because of issues between the XML parser and JUNOS access
modules. [PR/57860: This issue has been resolved.]
- When you use the J-Web user interface on J-series Services Routers
to view route information, and a route is learned from multiple protocols,
the destination prefix is displayed for only one of the protocols. [PR/58704:
This issue has been resolved.]
- If you attempt to log in to a J-series Services Router by using
the J-Web user interface and your user profile uses RADIUS or TACACS+ authentication,
you might receive the error “FATAL ERROR: Unable to authenticate to
the management daemon! Please retry your log in attempt.” As a workaround,
log in to the router using a Telnet session or log in as root. [PR/59425:
This issue has been resolved.]
- When you issue the show path | display inheritance | display
xml command, if the configuration statement referenced in the path is
part of a configuration group, the output might display the <groups>
tag unexpectedly. [PR/59616: This issue has been resolved.]
Interfaces and Chassis
- On J-series Services Routers, when you press the rescue configuration
button, it might get stuck. This causes the router to behave as if the button
were held for longer than five seconds, causing the configuration to revert
to the factory default. [PR/47985: This issue has been resolved.]
- Prior to JUNOS Release 7.1R2, you could not configure the mtu statement
at the [edit interfaces interface-name unit logical-unit-number family
mpls] hierarchy level by using the CLI. [PR/48370: This issue has been
resolved.]
- The number of flows removed by the clear services stateful-firewall
flows command is typically half the number of flows indicated by the
output of the show services stateful-firewall flows count command.
[PR/48735: This issue has been resolved.]
- On M320, T-series, and TX Matrix platforms, when you take a 10
Gigabit Ethernet PIC with XENPAK offline and bring it online again, the output
of the show chassis hardware command displays inconsistent small
form-factor pluggable transceiver (SFP) information. [PR/51389: This issue
has been resolved.]
- On M320 routers, if you took a Switch Interface Board (SIB) offline,
removed it from the chassis, and then reinserted it, the router might have
generated the following temperature-related error message: “CHASSISD_SENSOR_RANGE_NOTICE:
SIB 1 temperature is -60 degrees C, which is outside operating range.”
This was a temporary condition and subsequent temperature readings by the
SIB were correct. [PR/51793: This issue has been resolved.]
- On J-series platforms, the following T1 BERT algorithms return
zero after a test run: pseudo-2e20-o153, 2e7-1, and pseudo-2e9-o153. [PR/51890:
This issue has been resolved.]
- To enable CoS to work correctly with a generic routing encapsulation
(GRE) tunnel key, you might have to delete the GRE key and add it back again.
[PR/55687: This issue has been resolved.]
- In certain scenarios on flow collector PICs, a memory overload
condition might cause the PIC to reset. [PR/55700: This issue has been resolved.]
- On ATM2 Intelligent Queuing (IQ) PICs, if you commit a configuration
change for an interface, point-to-multipoint ATM VCs might reset. [PR/56942:
This issue has been resolved.]
- The show services nat pool command does not show NAT
pools configured for destination static NAT. There is no workaround. [PR/57140:
This issue has been resolved.]
- On link services intelligent queuing (IQ) interfaces configured
on an AS PIC, if you configure OSPF version 3, multicast IPv6 protocol packets
that are larger than the IPv6 protocol MTU of an multilink PPP (MLPPP) bundle
might not be fragmented correctly or delivered successfully. [PR/57228: This
issue has been resolved.]
- The show services accounting flow-detail terse command
output displays source and destination ports incorrectly. A workaround is
to use show services accounting flow-detail without the terse option.
[PR/57310: This issue has been resolved.]
- When you use modems and L2TP access concentrators (LACs) to run
L2TP in a multilink environment, but do not configure Link Control Protocol
(LCP) renegotiation, the L2TP process (lt2pd) might reset. As a workaround,
configure LCP renegotiation. [PR/57321: This issue has been resolved.]
- On Adaptive Services PICs, if you do not configure any terms in
an IPSec rule, the PIC might stop operating. [PR/57339: This issue has been
resolved.]
- When you use modems to run L2TP multilink, the L2TP process (lt2pd)
might reset. [PR/57569: This issue has been resolved.]
- When you configure the lcp-renegotiation statement on
L2TP interfaces, PPP multilink does not work. [PR/57621: This issue has been
resolved.]
- On Adaptive Services (AS) 2 PICs, when you modify a stateful firewall
rule, the AS2 PIC might dump core. [PR/57734: This issue has been resolved.]
- On M20 routers, when the over-temperature threshold is reached,
the chassis process (chassisd) notes the current time and waits for four minutes
(240 seconds). If the temperature reading goes below the over-temperature
threshold, the software does not zero out the hold time. [PR/57855: This issue
has been resolved.]
- On flow collection interfaces configured on Monitoring Services
PICs, when the flow collector transfers files to a remote location, in some
cases the PIC might dump core. [PR/58128: This issue has been resolved.]
- On a T640 routing node, if you remove a Power Entry Module (PEM),
the alarm message on the LCD craft interface and the output of the show
chassis environment command might not always be consistent. [PR/58210:
This issue has been resolved.]
- After approximately 3 weeks and a few days of service, Monitoring
Services PICs might stop exporting flows because a time counter overflows.
As a workaround, restart the PIC. [PR/58333: This issue has been resolved.]
- On M-series routers, when you disable an ATM interface and commit
the configuration, the device control process (dcd) might generate the following
error message: “UI_CONFIGURATION_ERROR: Process: dcd, path: [edit interfaces],
statement: at-fpc/pic/port,
missing vpi or promiscuous-mode.” [PR/58403: This issue has been resolved.]
- If you configure PPP encapsulation and IPv6 on a SONET/SDH interface
and connect the interface to another vendor's router, the IPv6 Control Protocol
(IPv6CP) negotiation might not be compatible. [PR/58433: This issue has been
resolved.]
- On an M7i or M10i router configured as an L2TP LNS, if you change
the configuration at the [edit services l2tp] hierarchy level and
commit the change, the router stops sending accounting messages to the configured
RADIUS server for any incoming or existing PPP sessions. The same behavior
occurs when you issue the restart l2tp-service soft operational mode
command. As a workaround, restart the L2TP process (l2tpd) by entering the restart
l2tp-service command. [PR/58488: This issue has been resolved.]
- When you configure multilink PPP (MLPPP) on multilink or link
services interfaces and connect a Juniper Networks router to another vendor's
router, the maximum received reconstructed unit (MRRU) values might not match,
and the connection might not be established. As a workaround, increase the
MRRU on the vendor's interface by 4 bytes. [PR/58536: This issue has been
resolved.]
- When you configure an interface with an unnumbered address and
commit the configuration, the following error message might be displayed even
when the configuration is valid: “warning: identical local address is
found on different interfaces.” [PR/58876: This issue has been resolved.]
- On ATM2 intelligent queuing (IQ) interfaces installed in M320
routers, if you configure Automatic Protection Switching (APS) and the APS-protected
interface in the admin-down state receives packets, the protected
interface might still process the packets. [PR/59152: This issue has been
resolved.]
- If you include the none option at the [edit services
service-set service-set-name syslog host hostname services] or [edit
interfaces sp-fpc/pic/port services-options
syslog host hostname services] hierarchy level and
try to commit the configuration, the commit fails. [PR/59244: This issue has
been resolved.]
- For L2TP sessions, when you include the dedicated option
for multiple logical interfaces with at the [edit interfaces interface-name unit logical-unit-number dial-options] hierarchy level, but use the same name for each interface
by including the l2tp-interface-id statement at the same hierarchy
level, the interfaces might host shared sessions, instead of a single dedicated
session. As a workaround, configure a unique L2TP interface ID for each logical
interface with the l2tp-interface-id statement. [PR/59252: This issue
has been resolved.]
- On ES PICs installed in M-series routers, if you issue the show
interfaces es-fpc/pic/port command,
it might take awhile for the output to be displayed. [PR/59962: This issue
has been resolved.]
- For link services intelligent queuing (IQ) interfaces configured
for MLPPP on Adaptive Services PICs, if you manually configure a maximum received
reconstructed unit (MRRU) value, or deactivate and reactivate the interfaces
in an MLPPP bundle, the family inet MTU might have the same value
as the MRRU or there might be a family inet MTU mismatch between
peer interfaces. As a workaround, deactivate and reactivate the interfaces
in the MLPPP bundle on both sides of the connection. [PR/60407: This issue
has been resolved.]
- ATM IQ OAM cells are being put into the second-highest priority
TTP queue instead of the highest. This change places the OAM cells into the
highest priority TTP queue instead. [PR/61188: This issue has been resolved.]
- On M7i and M10i routers configured for L2TP, if the router receives
a second PAP authentication request while the first PAP authentication request
is being processed, the L2TP process (l2tpd) might dump core and stop operating.
[PR/61207: This issue has been resolved.]
General Routing
- If you configure a forwarding-table export policy to reject a
BGP route, installing the policy might cause the route to be hidden in the
routing table and might prevent that route from being advertised. [PR/55482:
This issue has been resolved.]
- When you configure multicast and the routing platform experiences
route flapping, if a reverse path forwarding (RPF) route is evaluated in the
main inet.0 routing table during a classless interdomain routing
(CIDR) check (ipCidr_qualified), the routing protocol process (rpd) might
stop operating and dump core. [PR/56679: This issue has been resolved.]
- When a static route has more than one next hop configured and
a route resolves over this static route, the routing protocol process (rpd)
might stop operating. [PR/58365: This issue has been resolved.]
- If you issue the show route advertising-protocol bgp command,
the routing protocol process (rpd) might dump core. [PR/58492: This issue
has been resolved.]
- When you create a static route within a routing instance, then
deactivate the instance and add another static route to it, the routing protocol
process (rpd) might stop operating. [PR/58852: This issue has been resolved.]
- If you enable cflowd or export an LSP mapping policy into the
forwarding table, the routing protocol process (rpd) might dump core. [PR/58888:
This issue has been resolved.]
Routing Protocols
- If the upstream interface to the source is the same as the interface
where the receiver joins group G, the PIM sparse mode designated router fails
to trigger a PIM (S,G) join message upstream. As a result, the traffic might
flow down the PIM shared tree and the source-specific tree might not be built.
[PR/30916: This issue has been resolved.]
- When you configure a Layer 3 VPN routing instance with a generic
routing encapsulation (GRE) tunnel for a provider edge to customer edge (PE
to CE) link, the routing protocol process (rpd) might cause high CPU utilization.
A workaround is to include the vrf-table-label statement at the [edit
routing-instances routing-instance-name] hierarchy
level. [PR/50129: This issue has been resolved.]
- When a BGP group with the family inet-vpn statement enabled
contained a multiple of 32 established peers and you added another peer (for
example, a 33rd or 65th peer), the routing process (rpd) might have restarted
as the new peer transitioned to the established state. Adding further peers
did not cause any problems until the next multiple of 32 was reached. [PR/52357:
This issue has been resolved.]
- While switching to a new reverse path forwarding (RPF) interface,
PIM might not send a prune message to the old upstream neighbor. [PR/56353:
This issue has been resolved.]
- After a reverse path forwarding (RPF) change, the initial PIM
trigger join does not contain all the <S,G> nodes. [PR/57144: This issue
has been resolved.]
- For RIP next generation (RIPng) networks, if the routing platform
sends a request packet to obtain the neighbor's entire routing table but the
request contains an incorrect prefix value (such as 0), the neighbor router
might not respond to the request and the routes might not be sent until the
next scheduled routing update (transmitted every 30 seconds). [PR/58069: This
issue has been resolved.]
- If you issue the show multicast usage command, the routing
protocol process (rpd) might restart. [PR/58074: This issue has been resolved.]
- If a router receives an IPv6 PIM hello packet with an invalid
secondary neighbor address, the routing protocol process (rpd) might restart.
[PR/58612: This issue has been resolved.]
- If the router receives an Multicast Listener Discovery version
2 (MLDv2) membership report message with more than one group record, the routing
protocol process (rpd) might restart. [PR/58613: This issue has been resolved.]
- When you configure the multiple-as statement at the [edit
protocols bgp group group-name multipath] or [edit
protocols bgp group group-name neighbor name multipath] hierarchy
level, only one path from each neighboring AS (other than the AS of the active
BGP path) is accepted as an alternative path. [PR/59092: This issue has been
resolved.]
- In a RIPv2 network, if the routing table limit is reached and
a new RIPv2 route is learned, a memory leak might occur. [PR/59557: This
issue has been resolved.]
- If you configure a router with PIM bootstrap router protocol and
a rendezvous point (RP) with more than 70 group ranges, the routing protocol
process (rpd) might restart. [PR/59759: This issue has been resolved.]
- If you configure PIM and Multicast Source Discovery Protocol (MSDP),
MSDP receives data encapsulated packets from a peer that does not have any
PIM receivers, and PIM continuously adds multicast discard routes, the Packet
Forwarding Engine might run out of memory. [PR/60148: This issue has been
resolved.]
- When you deactivate a scope policy, the show multicast scope command
still lists it as active. [PR/61063: This issue has been resolved.]
MPLS Applications
- Because of topology constraints, fast-reroute detours might perform
link protection only. They do not revert to performing node protection when
it becomes available. [PR/57146: This issue has been resolved.]
- When the main label-switched path (LSP) is down and the software
attempts to reoptimize detours that are protecting the LSP, the routing process
might reset. [PR/57779: This issue has been resolved.]
- For backup and bypass RSVP label-switched paths (LSPs) configured
with static paths, if you configure the link-protection statement
at the [edit protocols rsvp interface interface-name] hierarchy
level, and the LSPs fail, the message “fatal error, code = -7”
might be generated but might not specify clearly what the error is. [PR/57820:
This issue has been resolved.]
VPNs
- When you remove an entire Layer 2 VPN site from a configuration
or you make a modification that unintentionally causes the site configuration
to be deleted and then readded (such as a change to the site ID or the encapsulation
type), the routing protocol process (rpd) might fail in unrelated components,
such as BGP. [PR/56080: This issue has been resolved.]
- On a single-tagged Gigabit Ethernet intelligent queuing (IQ) port,
if you configure the input-vlan-map pop statement at the [edit
interfaces interface-name unit logical-unit-number] hierarchy
level, Internetwork Packet Exchange (IPX) traffic might be dropped across
the cross-connect. [PR/56421: This issue has been resolved.]
- If you configure a Layer 3 VPN routing instance and then change
the route distinguisher, some traffic might seem to disappear from the original
routing instance and appear in a new routing instance. As a workaround, restart
the routing protocol process (rpd). [PR/58101: This issue has been resolved.]
- Issuing the show l2circuit connections command causes
the routing protocol process (rpd) to restart. [PR/59849: This issue has
been resolved.]
- If you configure link protection for an LDP-over-RSVP label-switched
path (LSP), and these VPN routes are readvertised over a VPN-EBGP session,
the routing platform might attempt to install routes with a swap/triple-push
operation and the routing protocol process might dump core continuously. As
a workaround, disable link protection. [PR/59908: This issue has been resolved.]
Forwarding and Sampling
- If you upgrade a routing platform from JUNOS Release 6.4 to Release
7.1R2 or later, the firewall filter process (dfwd) might stop operating. As
a workaround, limit the number of sequential, contiguous next-term actions
in the firewall filter configuration to a maximum of 40 terms. [PR/58608:
This issue has been resolved.]
- When a large sampling dump needs to be gzipped, the sampling process
might leave (at most) one gzip process in zombie state. [PR/60545: This issue
has been resolved.]
- When output packet filtering is performed on packets generated
by the Routing Engine, the egress interface might be mistaken for the ingress
interface. [PR/60726: This issue has been resolved.]
Routing Policy and Firewall Filters
- If you configure a long autonomous system (AS) path at the [edit
policy-options as-path-group group-name as-path path-name] hierarchy
level, you might not be able to commit the configuration. [PR/60261: This
issue has been resolved.]
Network Management
- When a subagent (SA) control block is not found and a duplicate
request is filtered, the SNMP process might leak memory. [PR/58353: This issue
has been resolved.]
- Under heavy traffic conditions, if an SNMP subagent misinterprets
the length of a message and writes beyond the end of its message buffer, the
system might generate the log message “SNMPD_SUBAGENT_NO_RESOURCES:
No resources available for subagent (/var/run/mib2d): Resource temporarily
unavailable” and the MIB II process (mib2d) might dump core. [PR/58526:
This issue has been resolved.]
- Some Epilogue debug messages related to trap generation were logged
at the LOG_ERR level, instead of LOG_DEBUG. [PR/58863: This issue has been
resolved.]
- For ATM2 intelligent queuing (IQ) PICs, when you enter the show
snmp mib get command multiple times, the ATM class-of-service (CoS) values
are not updated. As a workaround, use the show snmp mib walk command.
[PR/59245: This issue has been resolved.]
- You might be able to include the unsupported inform statement
at the [edit snmp v3 notify notify-name type] hierarchy
level. [PR/59998: This issue has been resolved.]
Release 7.1R2
The following issues have been resolved since JUNOS Release 7.1R1. The
identifier following the description is the tracking number in our bug database.
Platform and Infrastructure
- After a Routing Engine switchover, the ipip interface
goes down and might stop forwarding traffic. [PR/37021: This issue has been
resolved.]
- When a target address was used as a next hop and static route
reachability changed from reachable to stale, IPv6 neighbor
solicitation (NS) packets might have been sent as unicast instead of multicast
at the Media Access Control (MAC) address level, causing other vendor's equipment
to discard these unicast NS packets. [PR/45704: This issue has been resolved.]
- When you configure a T-series routing platform with the no-propagate-ttl statement
at the [edit protocols mpls] hierarchy level, the router might assign
transit MPLS packets a time-to-live (TTL) value of 255 after a swap operation.
In JUNOS Releases 7.1R1.2 and 7.2, the issue is resolved for T-series transit
routing platforms. [PR/51663: This issue has been resolved.]
- Virtual Router Redundancy Protocol (VRRP) packets are not filtered
by a loopback interface (lo0) firewall. As a workaround, configure
the VRRP filter on a logical interface, rather than on lo0. [PR/52146:
This issue has been resolved.]
- On J4300 and J6300 Services Routers, the request system snapshot
media usb partition as-primary command does not work properly. It works
correctly on J2300 Services Routers. [PR/55265: This issue has been resolved.]
- When a traceroute operation resolves over a label-switched
path (LSP), the show command output does not display MPLS label information.
[PR/55379: This issue has been resolved.]
- In certain scenarios, a Monitoring Services PIC might not come
up again after being restarted. [PR/55868: This issue has been resolved.]
- Requests for statistics from ES interfaces might produce incorrect
SA statistics and report an error in the log file. [PR/55970: This issue has
been resolved.]
- On non-Enhanced FPCs on M-series routers, if you configure the no-propogate-ttl statement
at the [edit protocols mpls] hierarchy level, the time to live (TTL)
for IP packets transiting a label-switched path (LSP) is reset to the TTL
of the MPLS packet. This often causes an increase in the IP TTL value. [PR/56025:
This issue has been resolved.]
- When you configure and enable the Virtual Router Redundancy Protocol
(VRRP) on a router, Dynamic Host Configuration Protocol (DHCP) packets might
be forwarded with an incorrect source address. [PR/56117: This issue has been
resolved.]
- If you enable load balancing and it uses MPLS labels and IP payload
for hashing index calculation, the J-Tree SRAM memory might leak when the
label-switched path (LSP) flaps. [PR/56213: This issue has been resolved.]
- When the master Routing Engine is in alarm indication signal (AIS)
/ remote defect indication (RDI) state, the backup Routing Engine incorrectly
adds one extra timeout call after Operation, Administration, and Maintenance
(OAM) timer expiration. If the AIS/RDI condition persists for more than 9
hours, the backup Routing Engine resets after running out of kernel callout.
[PR/56787: This issue has been resolved.]
- On non-Enhanced FPCs on M-series routers, label-switched paths
(LSPs) configured with the no-propagate-ttl statement at the [edit
protocols mpls] hierarchy level might fail to pass traffic. [PR/57257:
This issue has been resolved.]
- Use of a NULL pointer in the kernel's tracing facility caused
the Routing Engine to restart. [PR/57355: This issue has been resolved.]
User Interface and Configuration
- On a backup Routing Engine, extended user permissions were not
replicated for template users. A workaround was to update both Routing Engines
with the same version of the JUNOS software. [PR/55428: This issue has been
resolved.]
- Using the J-Web interface to set OSPF interface authentication
does not work properly. As a workaround, use the CLI to configure OSPF interfaces
that require authentication, so that you can configure the OSPF interface
and its authentication at the same time. [PR/55840: This issue has been resolved.]
- Inactive configurations were showing up as changed even after
a fresh commit. [PR/57593: This issue has been resolved.]
Interfaces and Chassis
- You cannot configure maximum transmission unit (MTU) values on
generic routing encapsulation (GRE) interfaces on routing platforms running
JUNOS Release 6.3 and later. [PR/27357: This issue has been resolved.]
- On 4-port OC3 SONET/SDH interfaces, when you commit a configuration
containing an invalid maximum transmission unit (MTU), the routing platform
might not generate an error message. [PR/46190: This issue has been resolved.]
- On Channelized intelligent queuing (IQ) OC12 PICs, the LOL (loss
of light) defect and alarm were not detected and reported. [PR/46888: This
issue has been resolved.]
- On Adaptive Services PICs, when you configure dynamic source Network
Address Translation (NAT), and the routing platform establishes two consecutive
sessions using the same client-server and same application service, some sessions
might stall temporarily and then become established. [PR/48015: This issue
has been resolved.]
- On aggregated Ethernet interfaces, a next-hop database update
is not performed for logical interface link-state changes. This update is
only done for physical interface link-state changes. [PR/51402: This issue
has been resolved.]
- Virtual private LAN service (VPLS) circuits with IPSec tunnels
configured on an Adaptive Services PIC might drop packets with a maximum transmission
unit (MTU) value greater than 1400 unless the don't fragment (df) bit is set.
[PR/52835: This issue has been resolved.]
- On LSQ interfaces, Layer 2 overhead was not considered in QoS
computations. This might have caused fragment loss at egress interfaces as
a result of link oversubscription. [PR/53156: This issue has been resolved.]
- Under certain traffic load conditions, PPP keepalive packets might
be dropped and a PPP over Ethernet (PPPoE) session might go down. [PR/54995:
This issue has been resolved.]
- On ATM interfaces with Automatic Protection Switching (APS), both
the working and protect circuits were erroneously placed in enabled state
at the same time because of a file corruption issue. [PR/55493: This issue
has been resolved.]
- The source IP address of ICMP packets sent by intermediate nodes
is not subjected to Network Address Translation. [PR/55605: This issue has
been resolved.]
- To enable CoS to work correctly with a generic routing encapsulation
(GRE) tunnel key, you might have to delete the GRE key and add it back again.
[PR/55687: This issue has been resolved.]
- In certain scenarios on flow collector PICs, a memory overload
condition might cause the PIC to reset. [PR/55700: This issue has been resolved.]
- On Adaptive Services PICs, if a UDP port scan is sent from an
untrusted host to a trusted host, the intrusion detection system (IDS) table
entries and system log messages are listed correctly, but might indicate incorrectly
that the attack originates from the trusted host. Additionally, if a TCP
port scan is sent from an untrusted host to a trusted host, system log messages
might lack the physical interface and logical interface unit of the attack
source. [PR/56054: This issue has been resolved.]
- If you assign an identical name in a class-of-service fragmentation
map and a scheduler map, the fragmentation map might not be correctly installed
on a Link Services II bundle interface. As a workaround, do not assign the
same name in both mappings. [PR/56083: This issue has been resolved.]
- External clocking mode was not set on T1 interfaces. [PR/56131:
This issue has been resolved.]
- On Channelized STM1 intelligent queuing (IQ) PICs, an E1 channel
in unframed framing mode might erroneously report an alarm indication signal
path (AIS-P) error on the remote end. A workaround is to change the framing
mode to G704. [PR/56141: This issue has been resolved.]
- Automatic Protection Switching (APS) does not support graceful
restart. [PR/56190: This issue has been resolved.]
- If you configure a maximum transmission unit (MTU) value on an
underlying interface, the forwarding process (fwdd) might dump core. Configure
the value on a PPP over Ethernet (PPPoE) interface rather than on the underlying
interface. [PR/56388, 56393: This issue has been resolved.]
- When you assign a PPP interface an IP address with a netmask of
less than 30, the interface might not come up in some cases, depending on
the IP address assigned to the remote end of the link. [PR/56493: This issue
has been resolved.]
- On Adaptive Services PICs, service sets configured with application-protocol values
of exec or rpc at the [edit applications application name] hierarchy
level might drop flows. [PR/56623]
- When you use modems and Ascend L2TP access concentrators (LACs)
to run L2TP multilink and do not configure Link Control Protocol (LCP) renegotiation,
the L2TP process (lt2pd) might reset. [PR/57321, 57569: This issue has been
resolved.]
General Routing
- When you enable auto-export at the [edit routing-options] hierarchy
level, the routing process might restart unexpectedly. [PR/55461: This issue
has been resolved.]
Routing Protocols
- Processing a reverse path forwarding (RPF) change might cause
the routing protocol process (rpd) to dump core. [PR/45801: This issue has
been resolved.]
- When you configure logical routers, Bidirectional Forwarding Detection
(BFD) support is not available. [PR/51924: This issue has been resolved.]
- When another vendor's router is acting as an upstream router and
there are multiple downstream routers, PIM processing of multicast VPNs might
cause interoperability issues. If one of the downstream routers sends a prune
for an earlier join, another router on the same LAN must send a prune override
(if it still has the receivers) to continue receiving the traffic. [PR/55730:
This issue has been resolved.]
- Under certain circumstances, the Multicast Source Discovery Protocol
(MSDP) can consume large quantities of memory. [PR/55807: This issue has been
resolved.]
- When the routing protocol process generates a PIM Join/Prune message
for a large number of sources to a single group, a memory corruption might
occur. [PR/55948: This issue has been resolved.]
- PIM sparse mode Rendezvous Point (RP) functionality does not work
properly on provider edge J-series Services Routers. A workaround is to configure
an available customer edge router as the local RP. [PR/56542: This issue has
been resolved.]
- If you establish dynamic tunnels between two provider edge (PE)
routers in Layer 3 VPNs and then unconfigure the tunnels and configure an
RSVP label-switched path (LSP) between the two PE routers in the same commit,
the routing protocol process (rpd) dumps core. [PR/56580: This issue has been
resolved.]
- When you have configured a large number of groups, the PIM join
information sent at the first periodic join might not include all groups.
[PR/56605: This issue has been resolved.]
- Under some circumstances when you configure multicast routing
and perform mtrace operations, the routing protocol process might
restart. [PR/56636: This issue has been resolved.]
- When Juniper Networks and other vendors' routing platforms have
bootstrap router-related configurations in which bsr-priority is
set to 0, it might cause interoperability issues resulting in constant
flapping of rendezvous point (RP) data sent by the bootstrap router. As a
workaround, either configure a nonzero bsr-priority on the other
vendor's router or ensure that its IP address is higher than that of the Juniper
Networks routing platform. [PR/56660: This issue has been resolved.]
- After a reverse path forwarding (RPF) change, the initial PIM
trigger join does not contain all the S,G nodes. [PR/57144: This
issue has been resolved.]
MPLS Applications
- In some complex topologies, RSVP fast reroute configuration might
cause detours at a transit hop to flap continuously for indefinite periods.
You can observe a continually changing recorded route display at the ingress
router in this situation. [PR/56656: This issue has been resolved.]
- On LSP Ping echo request packets, the IP time to live (TTL) is
not set to 1 as per the latest draft standard. [PR/56939: This issue has been
resolved.]
- When you configure the traceoptions statement at the [edit
routing-options] hierarchy level and set the state flag, the
router generates a number of unnecessary traffic engineering messages. [PR/57117:
This issue has been resolved.]
- Because of topology constraints, fast-reroute detours might perform
link protection only. They do not revert to performing node protection when
it becomes available. [PR/57146: This issue has been resolved.]
Class of Service
- When the JUNOS software pops the outer label of a payload header
to encode a new label-switched path (LSP), the inner label's EXP field is
rewritten with the current classification result, even when you have explicitly
disabled EXP rewriting. [PR/42244: This issue has been resolved.]
- If you include the class-of-service statement at the [edit
protocols mpls label-switched-path] hierarchy level with a nonzero value,
this setting might affect other label-switched paths (LSPs) on the same logical
interface. To restore normal rewrite operation, remove the class-of-service statement
from LSP configuration, then disable and reenable the affected transit LSPs.
[PR/51025: This issue has been resolved.]
- On Gigabit Ethernet IQ PICs, if you apply class of service to
logical interfaces without a default classifier, all packets sent to 0 percent
queues (queues 1 and 2) might be dropped. As a workaround, manually specify
a transmission rate and buffer size of 1 percent for queues 1 and 2. Another
workaround is to include the per-unit-scheduler statement at the [edit
interfaces ge-0/0/0] hierarchy level and use VLAN encapsulation instead
of Ethernet encapsulation. [PR/55048: This issue has been resolved.]
Routing Policy and Firewall Filters
- On M320 and T-series routing platforms, if you configure the from
forwarding-class statement at the [edit firewall family ccc filter filter-name term term-name] hierarchy level, the firewall filter compiler (dfwc) might terminate. [PR/55573:
This issue has been resolved.]
Network Management
- When you configure both passive monitoring and flow collector
functionality for multiple PICs and SNMP is polling jnxPMonFlowTable and jnxCollFileState,
the router might encounter SNMP get-next failures after a reboot.
As a workaround, either stop SNMP polling during a router reboot or deactivate
passive monitoring during reboot. [PR/55816: This issue has been resolved.]
Release 7.1R1
The following issues have been resolved since JUNOS Release 7.0R1. The
identifier following the description is the tracking number in our bug database.
Platform and Infrastructure
- If you disabled the shell statement at the [edit
groups global system login user username] hierarchy
level and then used secure FTP (SFTP) to connect to a routing platform, you
might have encountered the following error message: “Received message
too long 174420594." [PR/32583]
- If you enabled Message Digest 5 (MD5) authentication over a BGP
connection, the maximum segment size (MSS) for TCP connections did not take
into account the size of the MD5 options. As a result, the MSS value was 1460
instead of 1440, as recommended by RFC 2385. [PR/47171]
- If you included the no-redirects statement at the [edit
system] and [edit interfaces interface-name unit logical-unit-number family
inet] hierarchy levels, and then removed the statement at both hierarchy
levels, Layer 2 rewrites might not have operated correctly. [PR/47941]
- When an interface went down, packets were not purged. [PR/50939]
- When a flow collector transmitted a file and received a result
code 250 from the FTP server, the flow collector erroneously retransmitted
the file. This occurred when the file transmission was successful and the
flow collector sent a quit request to the FTP server but did not receive the
quit response and timed out. [PR/51430]
- On J-series Services Routers, issuing the request system snapshot
media usb command caused the router to become unresponsive. [PR/51483]
- If you changed the default flow collector file specifications
repeatedly, the information might not have downloaded correctly. Resetting
the PIC set the file specifications back to the default values. [PR/51977]
- When you included the payload ip statement at the [edit
forwarding-options family mpls] hierarchy level and there were many MPLS
next hops for aggregated interfaces, forwarding table memory might have been
exhausted. A workaround was to remove the payload ip statement from
the configuration. [PR/52008]
- If you replaced a Link Services PIC with an IQ PIC, or replaced
an IQ PIC with a Link Services PIC, the channel entries in the routing tables
might have been created incorrectly. [PR/52025]
- A router might have responded to an IPv6 neighbor solicitation
with an IPv6 neighbor advertisement that had an incorrect Layer 2 address.
[PR/52029]
- If you configured a firewall filter with a discontiguous mask
in a destination-address match, the filter might have blocked addresses that
should not have been blocked. [PR/52085]
- If you configured a firewall filter that matched on network control
DiffServ code point (DSCP) values and used a bandwidth percent policer, all
outbound BGP traffic on the interface was blocked. [PR/52212]
- On a Link Services PIC, you could not include a member logical
interface at the [edit routing-instances routing-instance-name] hierarchy
level. [PR/52343]
- On TX Matrix platforms, when you configured PIM at the [edit
routing-instance] hierarchy level and issued the chassis redundancy
graceful-switchover enable command, and then switched from the active
Routing Engine to a backup, the operating system might have terminated abruptly.
A workaround was to avoid configuring this combination or to avoid performing
Routing Engine switchover with this configuration. [PR/52394]
- On a T-series platform, Layer 3 default per-packet load balancing
did not occur. A workaround was to configure Layer 3 load balancing explicitly.
[PR/52554]
- On a Frame Relay or ATM interface used as the provider (P) to
provider edge (PE) connection, if you included the vrf-table-label statement
at the [edit routing-instances] hierarchy level, traffic utilizing
the vrf-table-label statement was not accounted for in the physical
interface statistics. [PR/52644]
- If the remote end of a PPP link rejected the Network Control Protocol
(NCP) address configuration option, NCP might not have come up on the link.
[PR/53128]
User Interface and Configuration
- On TX Matrix platforms, when you configured a global filter by
including the filter statement at the [edit forwarding-options
family family] hierarchy level, the commit failed
with the error message: "Filter filter-name is
not defined" even though filter-name is defined.
A workaround was to include the filter statement at the [edit
group re0 forwarding-options family family] and [edit
group re1 forwarding-options family family] hierarchy
levels. [PR/49523]
- When the management process (mgd) failed to find the juniper.conf file
in the /config directory, it might have produced the misleading error
message: "failure to locate juniper.conf.0." [PR/52428]
- In the J-Web user interface, if you activated IPSec and did not
activate stateful firewall rules, the JUNOS software erroneously reported
that a license for the stateful firewall feature was required. [PR/51572]
- Because there was no lock protection for rollback transactions,
a user could have inappropriately changed the configuration while the commit
was completing, which jeopardized the integrity of the transaction. [PR/53046]
Interfaces and Chassis
- The output for the show interfaces controller command
might not have displayed correctly. [PR/35987]
- For Multilink PPP (MLPPP), when the Link Control Protocol (LCP)
state was up while the Network Control Protocol (NCP) was down, the router
might have rejected remote NCP requests. [PR/46966]
- On Channelized T3 PICs, the software allowed you to configure
DLCI 64, even though sparse-DLCI mode was not set. This might have affected
traffic behavior. [PR/49321]
- On aggregated SONET/SDH interfaces, when you deactivated a member
link or cleared statistics, the input and output packet/byte counters were
incorrect. There was no workaround. [PR/50013]
- Repeatedly issuing the show services accounting command
depleted the packet resources on the PIC. [PR/50304]
- If you issued the show chassis scb | display xml command
multiple times, the output might have shown erroneous up-time values. There
was no operational impact. [PR/51064]
- On an ATM2 IQ interface, it was possible to include the per-unit-scheduler statement
at the [edit interfaces interface-name] hierarchy
level, even though this configuration is not supported. This might have caused
the router to become unresponsive. [PR/51759]
- On Gigabit Ethernet IQ PICs when the Gigabit Ethernet interface
was part of an aggregated bundle, traffic drops occurred. [PR/52181]
- On the Adaptive Services PIC, when heavy ICMP, H323, or RTSP traffic
was sent, memory was not being released. [PR/52280]
- When you configured a TX Matrix platform as a provider edge (PE)
router, the Address Resolution Protocol (ARP) did not acquire information
across circuit cross-connect (CCC) to aggregated Ethernet Layer 2 VPNs and
remote interface switches. [PR/52549]
- If you left a PC card in the PC card slot, the chassis process
(chassisd) continued to restart after the router was rebooted, rendering the
router inoperable. [PR/52643]
- When you configured Layer 2 Tunneling Protocol (L2TP) and accounting,
L2TP failed to authenticate RADIUS users. [PR/54849]
Routing Protocols
- If you configured Internet Group Management Protocol version 2
(IGMPv2), IGMP packets might have contained Query Response Interval values
set in seconds rather than tenths of a second. [PR/44426]
- The routing protocol process (rpd) might have restarted while
handling a (*,G) register-stop request. [PR/47644]
- If you committed a configuration when a BGP statistics collection
request was in progress, the routing protocol process (rpd) might have dumped
core. A workaround was to disable the collection of BGP traffic statistics.
[PR/50946]
- When a BGP group with the family inet-vpn statement enabled
contained a multiple of 32 established peers and you added another peer (for
example, a 33rd or 65th peer), the routing process (rpd) might have restarted
as the new peer transitioned to the established state. Adding further peers
did not cause any problems until the next multiple of 32 was reached. [PR/52357]
- When an OSPFv3 network link-state advertisement (LSA) was generated,
all other network LSAs with the same ID as the new one were purged by the
originating system before it flooded the new network LSA. [PR/52678]
- If you included the no-redirects statement at the [edit
interfaces interface-name unit logical-unit-number family family] hierarchy
level, an interface might not have worked correctly in an IPv4 multicast topology,
even though the interface name was included at the [edit protocols isis
interface] hierarchy level. [PR/52770]
- If PIM had an (S,G) entry with no corresponding (*,G) and an interface
status changed, the routing protocol process (rpd) might have stopped operating.
[PR/52868]
- If an IS-IS pseudo-node LSP was received with IPv4 Router ID type/length/value
(Router ID TLV) in it (this situation is unusual and has no operational impact),
and if the IS-IS trace was on, the router might have stopped operating. [PR/52917]
- If PIM was configured with an import policy that contained a source-address
filter, and the router received a (*,G) join, the router might have restarted.
[PR/52935]
- Processing of a PIM hello with the same address as one of its
interface addresses could have caused PIM to lose its own neighbor information.
Eventually, this could have caused the routing protocol process (rpd) to become
unresponsive. [PR/53087]
- If a packet with a sequence number of 0 was received, RIP2 Message
Digest 5 (MD5) authentication failed. [PR/53203]
MPLS Applications
- If you had RSVP shared explicit (SE) reservation style specified
but had different setup and hold priorities, two bandwidth reservations on
a congested link might have caused the routing protocol process (rpd) to dump
core. [PR/46859]
- Following an interface flap, a routing loop might have occurred
that caused two adjacent Label Distribution Protocol (LDP) peers to install
Multiprotocol Label Switching (MPLS) forwarding state for the forwarding equivalence
class (FEC) corresponding to the interface address of the interface connecting
them. The problem happened only in a mixed environments where some of the
routers implemented independent control and others implemented ordered control.
[PR/49624]
- If you included the no-propagate-ttl statement at the [edit
protocols mpls] hierarchy level, the IPv4 rewrite function on the Layer
3 VPN egress PE node became disabled. [PR/50210]
- If hundreds to thousands of fast reroute-protected label-switched
paths (LSPs) originated at the same ingress provider edge (PE) router and
were destined toward the same egress PE router, and the ingress router performed
sorting, CPU utilization for the routing protocol process (rpd) on the ingress
router might have reached 95 percent. [PR/50342]
- If you configured RSVP between an M-series or T-series routing
platform and another vendor's equipment, the RSVP Integrity object might not
have been negotiated successfully and establishment of the RSVP neighbor adjacency
might have failed. [PR/50771]
- When a topology changed, and IGP changed its metric to destinations,
there was an opportunity for some LSPs to migrate to the new metric, while
others stayed on the old metric. This caused higher-metric routes to be excluded
from forwarding consideration. Thus it appeared that certain labels disappeared
from the Packet Forwarding Engine. The situation corrected itself after a
few seconds. [PR/51788]
- If you configured fast reroute and refresh reduction for a label-switched
path (LSP), the routing platform might have provided only downstream link
protection for the penultimate router. This occurred even when downstream
node protection was possible. [PR/52538]
- If you changed the MPLS MTU on a GRE tunnel interface, the change
did not take effect unless the interface was deactivated and reactivated.
[PR/52720]
- On logical routers, you could not include the graceful-restart statement
at the [edit logical-routers logical-router-name protocols
rsvp] hierarchy level. [PR/54694]
Class of Service
- For M-series platforms, the mpls-inet-both-non-vpn option
at the [edit interfaces interface-name unit logical-unit-number rewrite-rules
exp default protocol] hierarchy level did not work as expected. [PR/50568]
- On IQ PICs, when you changed the frame check sequence (FCS) size
from 16 bits to 32 bits, the CoS shaping parameters were not modified as expected.
[PR/50665]
Routing Policy and Firewall Filters
- If you deactivated members of a BGP community and committed the
configuration twice, the routing protocol process (rpd) might have restarted.
[PR/52744]
Network Management
- On ATM1 and ATM2 IQ PICs, if you performed a tcpdump operation,
for example, tcpdump -i at-3/1/0.100 -c 10 -s 1600 -w atm2_snap.pcap,
the output file was not readable. [PR/51880]
- The SNMP engine did not properly parse SNMP frames that were encoded
with more bytes that necessary. This problem generated the error message:
“ASN1 parse error.” [PR/52101]
- On a collector interface, when the jnxColllfTable object
was queried or overload traps were sent, the MIB II process (mib2d) did not
release used memory. When memory was not available, the MIB II process (mib2d)
might have dumped core. [PR/52750]
- The M10 platform has two temperature sensors in the chassis, and
the output of the show chassis hardware command erroneously reported
the second sensor as a chassis midplane. [PR/52969]
[Contents]
[Prev]
[Next]
[Report an Error]