[Contents] [Prev] [Next] [Report an Error]

Current Software Release

The current software release is Release 7.4R4. For information about obtaining the software packages, see M-series and T-series Upgrade and Downgrade Instructions or J-series Upgrade and Downgrade Instructions, depending on your router platform.

Resolved Issues

The following issues have been resolved since JUNOS Release 7.4R3.4. The identifier following the description is the tracking number in our bug database.

Platform and Infrastructure

If the routing platform sends Network Discovery Protocol (NDP) solicitations, neighbors might not appear in the output of the show ipv6 neighbors command. [PR/64721: This issue has been resolved.]
On M-series or T-series routers configured with multiple logical routers, in some cases IP packets with the router-alert option set might be delivered to an incorrect logical router. [PR/67153: This issue has been resolved.]
When you configure destination or source class usage and assign a filter to the loopback interface, packets sent to an interface's broadcast or subnet address might report "(illegal size) in DESRD " in the message log. There is no operational impact. [PR/69090: This issue has been resolved.]
If the routing platform receives packets containing DHCPDISCOVER overload options, but not the end option required by RFC 2131, the DHCP server process (dhcpd) might not respond to the message. [PR/71143: This issue has been resolved.]
When GRES is enabled, a router might not synchronize an SSH key between Routing Engines. [PR/71239: This issue has been resolved.]
When you ping a remote loopback interface that has an IPv6 address configured, the show firewall command output displays the wrong byte count value. [PR/71508: This issue has been resolved.]
The JUNOS FIPS implementation of SSH incorrectly disallows use of the diffie-hellman-group1-sha1 cipher for key exchange. [PR/71559: This issue has been resolved.]
When you configure multiple ports in a flow specification route, the resulting firewall filter programming is missing the ports because of an issue in handling range matches. [PR/72942: This issue has been resolved.]
When you issue the show chassis environment command on an M40 platform, the display output of the Routing Engine Status field might be "Testing." This condition has no operational impact. [PR/74342: This issue has been resolved.]

User Interface and Configuration

Clocking Mode was inadvertently removed from the J-Web Quick Configuration. To configure it, either use the CLI or the Configuration Editor under serial-options. [PR/70373: This issue has been resolved.]
On Routing Engines with 2 GB or more of RAM installed, the J-Web interface might incorrectly report memory usage with values as high as 180 percent, whereas the show chassis routing-engine command output reflects actual memory utilization values. [PR/72390: This issue has been resolved.]
During large configuration commits, the routing protocol process (rpd) might experience unusual scheduler slips. [PR/72687: This issue has been resolved.]
In configuration private mode, when you add and deactivate different terms in the same firewall and then perform a commit, firewall terms might be reordered. [PR/72741: This issue has been resolved.]
In JUNOScript, if you include the commit synchronize statement at the [edit system] hierarchy level, the commit operation is successful, but the configuration does not propagate to the backup Routing Engine as expected. [PR/73873: This issue has been resolved.]

Interfaces and Chassis

On Fast Ethernet interfaces installed in J-series Services Routers, if you configure the interface for autonegotiation while the peer is configured for full-duplex operation, the interface might stop receiving traffic. As a workaround, explicitly set the duplex mode to either half or full on both peers. [PR/69576: This issue has been resolved.]
When you configure the per-unit-scheduler statement on a Gigabit Ethernet IQ PIC, logical interfaces on the PIC might flap. As a workaround, restart the PIC. [PR/70396: This issue has been resolved.]
When the VRRP process (vrrpd) changes mastership on an interface, a slow memory leak might occur. [PR/70551: This issue has been resolved.]
On the Routing Engine 333 (also known as RE 2.0), if the internal sensor falsely detects a very high temperature, the routing platform might start an overtemperature shutdown timer, send an SNMP trap, and log messages that a shutdown will occur in 240 seconds. [PR/70690: This issue has been resolved.]
If you provide interface descriptions that are too similar (such as the same first two characters and identical characters after the "-"), the user interface displays raw XML. There is no operational impact. [PR/71053: This issue has been resolved.]
The show interfaces lsq-fpc/pic/port.logical command times out after about 1 second and might not show LSQ statistics correctly. [PR/71200: This issue has been resolved.]
If you explicitly configure the fxp1 interface, the device control process (dcd) might terminate unexpectedly. As a workaround, remove all explicit configuration of the fxp1 interface. [PR/71426: This issue has been resolved.]
On 10-Gigabit Ethernet PICs with XENPAK, if you take the PIC offline and bring it back online, then issue the show chassis hardware command, the entry for the PIC might be displayed incorrectly as "NON-JNPR" and "UNKNOWN". [PR/72003: This issue has been resolved.]
The IPSec module on AS PICs might not handle IGMP packets correctly, causing the packets to be dropped. [PR/72642: This issue has been resolved.]
When accounting services are enabled, a memory leak develops in the Adaptive Services Module (ASM). [PR/72837: This issue has been resolved.]

Services Applications

If more than 200 RADIUS requests are outstanding in the router and some of these requests have been retried more than three times, the L2TP process (l2tpd) might stop working. [PR/70357: This issue has been resolved.]
Under certain circumstances, the L2TP process (l2tpd) might consume up to 100 percent of the CPU time in an infinite loop. [PR/71588: This issue has been resolved.]
In L2TP LNS sessions, the calling-station-id and called-station-id values are truncated in the RADIUS accounting start record. [PR/71564: This issue has been resolved.]
LCP MRU renegotiation causes incorrect assumption of local and remote MRU values. Depending on size, this might result in packet drops. [PR/71716: This issue has been resolved.]
On M10i platforms, L2TP LNS sessions handled L2TP sequence numbers slowly and incorrectly. This might have caused multiple router connections to enter the wait-connect state. [PR/72083: This issue has been resolved.]
When an Adaptive Services PIC is configured with stateful firewall rules and NAT services, and the netshow algorithm is running, the PIC might stop functioning. [PR/73745: This issue has been resolved.]

General Routing

Changing the route distinguisher in a routing instance might cause interfaces to become unusable, even though the interface stays up. [PR/65324: This issue has been resolved.]
If the next hop for a BGP route changes during a graceful restart, forwarding might be disrupted. [PR/72154: This issue has been resolved.]
Because insufficient memory was allocated for an internal data structure, in some cases the routing protocol process (rpd) corrupted other adjacent data structures and restarted. [PR/71447: This issue has been resolved.]

Routing Protocols

If you perform an snmpwalk on the multicast ipMRouteTable at the same time that a deleted route is being processed, the snmpwalk function might stop at the entry for the deleted route and the remaining entries might be ignored. [PR/53196: This issue has been resolved.]
When a multicast VPN is used, a PIM interface mode configuration change can cause the routing protocol process (rpd) to dump core. [PR/69288: This issue has been resolved.]
Enabling a PIM multicast distribution tree (MDT) might lead to high CPU utilization and cause the routing protocol process (rpd) to dump core. [PR/70063: This issue has been resolved.]
When several BGP sessions are established simultaneously that have both the family route-target and family inet-vpn statements enabled for the neighbor or group, the routing protocol process (rpd) might restart. [PR/71170: This issue has been resolved.]
The IS-IS routing software did not check whether the hostname length is nonzero before creating an entry in the internal database, which led to a creation of an erroneous zero-length hostname type, length, and value (TLV) #137. Link-state PDU updates containing zero-length TLVs might be rejected by other vendors' routing software. [PR/73638: This issue has been resolved.]
IS-IS routing software does not properly mask out set host bits in invalid advertisements of IP reachability and external IP reachability type, length, and value (TLV) messages. [PR/73802: This issue has been resolved.]
When the local iBGP peer within a virtual router instance advertises to its remote iBGP peer static or IGP routes imported from a second local virtual router instance, it might include a malformed AS-Path attribute in the Update message. [PR/73951: This issue has been resolved.]
On M-series and T-series platforms, when IS-IS adjacencies are present, the routing protocol process (rpd) might stop operating in some cases. [PR/74496: This issue has been resolved.]

MPLS Applications

When you issue the show mpls lsp extensive command, the output shows only the Record Route Object (RRO) for the Constrained Shortest Path First (CSPF) computation after the signaled path is up. The output of the show mpls lsp extensive command has now been changed to display all successful CSPF results (in the form of a sequence of source route), regardless of whether the signaled LSP is up or not. [PR/71132: This issue has been resolved.]
When applying an egress policy in LDP for prefixes that arrive at the router as BGP labeled routes, LDP might use the implicit null label instead of a real label. [PR/72478: This issue has been resolved.]

Forwarding and Sampling

In J-series Services Router ISDN configurations, TTL offset was computed incorrectly. [PR/60400: This issue has been resolved.]
When a firewall filter processes a filter add message for a flow-specific port match, the bytes might not be swapped correctly. [PR/65898: This issue has been resolved.]

Outstanding Issues

Software Installation

For hard disks that were originally formatted by JUNOS Release 4.4 or earlier, after you issue the request system snapshot partition command, the router cannot boot from the hard disk. As a workaround, issue the request system snapshot command before upgrading. [PR/36742]

Platform and Infrastructure

When the Monitoring Services PIC is overloaded, the output from the show services accounting flow-detail command might freeze. [PR/32896]
On T-series platforms, a Layer 2 maximum transmission unit (MTU) check is not supported for MPLS packets arriving at egress provider edge (PE) routers. [PR/46238]
When you configure the source-class usage (SCU) name as an integer (for example, source-class 100), the class ID is the same as the integer value (100). [PR/50247]
On a T640 routing platform, you can exceed the hardware limit of the platform if you configure link protection by including the link-protection statement at the [edit protocols mpls label-switched-path lsp-name] hierarchy level, or if you configure a triple-push operation by including the exp-push-push-push statement at the [edit class-of-service interfaces interface-name unit logical-unit-number rewrite-rules] hierarchy level in conjunction with VLAN tagging and Ethernet-based Layer 2 circuit configuration. In the case of link protection, the problem is transitory while the platform changes to link-protection mode. [PR/51688]
When you configure destination class usage along with the port-mirroring statement, port mirroring might stop working. [PR/51916]
On M-series and J-series routing platforms, when you include the vrf-table-label statement at the [edit routing-instances routing-instance-name] hierarchy level, the incoming traffic is considered to come from the internal label-switched interface (LSI) associated with the VRF instance. The original incoming logical interface is unknown, so the traffic is not accounted for by the original incoming logical unit. Furthermore, the LSI is an internal interface and has no accounting support. [PR/53148]
When a Monitoring Services PIC is overloaded with traffic, the FPC might take the PIC offline and repeatedly send the same error message. The error message does not seem to affect normal operation of the FPC and PICs. As a workaround, restart the FPC and bring the PIC online. [PR/55981]
Even if you do not configure IPSec, the key management process (kmd) opens UDP port 500. [PR/59054]
When a dynamic flow capture interface (dfc-fpc/pic/port) is configured as the next hop in a forwarding path, port-mirrored packets are corrupted. [PR/60799]
On T-series routing platforms, packets that otherwise match the packet-length condition in a firewall filter have internal data appended to them, which causes the packets to be ignored by the match condition. [PR/62183]
When a large number of kernel system log messages are generated, the log information might become garbled and the severity level could be changed. This behavior has no operational impact. [PR/71427]
If one logical interface is assigned two IPv6 addresses belonging to same subnet, the backup Routing Engine might restart. [PR/72069]
If you configure the same IPv6 address on fxp0 and on another public interface within the same routing instance, the backup Routing Engine might restart. [PR/72573]
Routing Engine-generated packets matching IPv6 output firewall filter terms whose actions include "discard" cause a memory leak. This memory leak might eventually cause the router to stop operating. As a workaround, replace the "discard" action with the "reject" action. [PR/73763]

User Interface and Configuration

When using S/Key with an SSH connection, the challenge might not get displayed. [PR/38715]
If you use the NETCONF API to modify the configuration database when it has been locked by another NETCONF session, or if you try to delete a configuration statement that does not exist, the NETCONF server returns both the <rpc-error> and <ok/> tag elements as children of the <rpc-reply> tag element. [PR/62664]
When you modify the date on the router, the time at which an event should be generated might be changed from its original configuration (through the event-options generate-event event-name time-of-day time-of-day configuration statement). As a workaround, issue the commit full command after modifying the date on the router. [PR 66801]
In J-Web, when you select system log > file > messages > explicit-priority, J-Web Event Viewer does not show the event ID. When you select system > system log > time-format > milliseconds, J-Web Event Viewer does not filter messages. [PR/70523]
If a static route's next hop is simultaneously edited by two private edit sessions, it might cause a commit conflict and loss of some next-hop entries. [PR/72039]

Interfaces and Chassis

On aggregated SONET/SDH interfaces, the counter for drops and errors in the show interfaces command output does not display the correct value because the counter does not collect data from the constituent interfaces within the aggregate. [PR/23577]
On ATM interfaces, when the IP address of a remote device is changed, the output of the show ilmi interface command on the local routing platform might continue to display the old IP address for the remote device. [PR/24126]
On channelized E1 interfaces, you might be able to configure clocking on ds- fpc / pic / port : n interfaces, where n is not unit 0. This is an invalid configuration and might cause a clocking selection problem on the other channels. [PR/24722]
If virtual channel identifiers (VCIs) for a large number (approximately 400) of virtual connections (VCs) on an ATM DS3 interface are changed frequently, the interface might mishandle the ATM cells. As a result, OSPF and IS-IS neighbor adjacencies might not remain stable. [PR/25639]
On a 2-port OC12 ATM2 IQ interface, the total virtual path (VP) downtime might not be displayed correctly in the show interfaces command output. [PR/27128]
On a 2-port OC12 ATM2 IQ interface, if you configure and then change the virtual path (VP) setting, the SNMP jnxAtmVpTotalDownTime counter might be reset. [PR/27131]
When you configure a shaping rate greater than the speed of an OC3 link on an OC3 ATM2 IQ interface, the configuration might be successfully committed, but the actual shaping rate is less than the interface speed. [PR/27459]
On ATM2 IQ interfaces, when you include the atm-l2circuit-mode statement at the [edit chassis fpc slot-number pic pic-number] hierarchy level, the control word with the sequence number 0 is not treated as a nonsequenced packet. [PR/31392]
On ATM2 IQ interfaces, when you configure the atm-l2circuit-mode statement, the control-word sequence number is not reset to 1 after the transmit sequence number reaches 65,535. [PR/31669]
On ATM2 IQ interfaces, when you include the atm-l2circuit-mode aal5 statement at the [edit chassis fpc slot-number pic pic-number] hierarchy level, the initial control word sequence number is not set to 1. [PR/31974]
On M20 and M40 routers, when a physical layer problem affects a SONET/SDH interface, carrier transition statistics might not increment correctly in the output of the show interfaces extensive command. [PR/33325]
When you configure both the bundle link and constituent links at the [edit logical-routers logical-router-name interfaces] hierarchy level, the constituent links do not come up. As a workaround, configure the constituent links at the [edit interfaces] hierarchy level. [PR/35578]
On DS3 and E3 ATM2 IQ interfaces, when you configure ATM point-to-multipoint permanent virtual circuits (PVCs), the following error messages might appear in the system log: “/kernel: RT_COS: COS IPC op 4 (CLASS TO IFL) failed, err 1 (Unknown),” “ssb BCHIP 0: invalid entry type 127 at stream 8 channel 0 for ifl 83,” and “ssb COSMAN: mapping table bind to ifl 83 failed.” There is no operational impact. [PR/36524]
When an ATM interface configured for CCC encapsulation receives MPLS packets that exceed 484 bytes, the packets can overflow the buffer and cause the ATM PIC to hang. As a workaround, take the PIC offline and bring it back online. [PR/39918]
When an IPSec firewall filter is applied to match traffic sent across a generic routing encapsulation (GRE) tunnel and originating from the local routing platform, the local traffic is dropped. Transient traffic is not affected. [PR/44871]
On channelized T3 interfaces, the T1 loopback state does not reflect loopbacks set by facilities data link requests using the remote-loopback-respond statement at the [edit interfaces interface-name t1-options] hierarchy level. [PR/45837]
When the data-link connection identifier (DLCI) is greater than 335 on a Link Services PIC with Multilink Frame Relay (MLFR) configured, the ping command might fail. [PR/49567]
On a Link Services PIC, the CLI might incorrectly allow you to configure a logical tunnel interface (interface identifier lt); however, the resulting interface might not work correctly. [PR/49818]
If you deactivate or activate an aggregated Ethernet interface, the Packet Forwarding Engine might report errors. [PR/50090]
On ATM2 IQ interfaces, if you configure OAM F4 on the physical interface by including the oam-liveness and oam-period statements at the [edit interfaces at-fpc/pic/port atm-options vpi identifier] hierarchy level, and the remote interface goes down and comes up again, the VP might not come up again. As a workaround, deactivate and reactivate the interface. To avoid this problem, configure OAM on the logical interface by including the oam-liveness and oam-period statements at the [edit interfaces interface-name unit logical-unit-number] hierarchy level. [PR/51435]
When you deactivate and reactivate a remote LSQ interface, the show interface lsq-fpc/pic/port extensive command might display erroneous counter values for the LSQ bundle. [PR/54855]
On Channelized STM1 PICs, a tributary unit alarm indication signal (TU-AIS) alarm enabled for one channel might cause another channel to shut down. [PR/55357]
If an MLPPP LSQ bundle carries a large volume of link fragmentation and interleaving (LFI) traffic and a small proportion of multilink traffic, packets might be dropped on the egress constituent links. [PR/56664]
On 1-port 10 Gigabit Ethernet PICs with XENPAK installed in an M320 or T-series routing platform, when you bring the PIC online, sometimes the following error message might be logged: “XGE(x/y): runaway interrupt count (1000001).” [PR/57376]
For ISDN dialer interfaces in a J-series Services Router, when you configure the no-keepalives statement at the [edit interfaces dl0 unit logical-unit-number] hierarchy level and you issue the show interfaces dl0 command, the output might display default keepalive settings. [PR/58520]
If you disable an adaptive services interface by including the disable statement at the [edit interfaces sp-fpc/pic/port] hierarchy level and then delete the disable statement from the configuration, IPSec service is not reset correctly. As a workaround, either issue the deactivate services command followed by the activate services command, or issue the request chassis pic offline fpc-slot slot-number pic-slot pic-number command followed by the request chassis pic online fpc-slot slot-number pic-slot pic-number command. [PR/58522]
If you try to convert a Gigabit Ethernet interface into an aggregated Ethernet interface by using a single commit, the routing platform might experience a DCD_CONFIG_WRITE failure and dump core. As a workaround, issue separate commits: one to rename the interface and a second to add the interface into the bundle. [PR/59185]
When you take an ISDN interface offline on a J-series Services Router, the LEDs on the ISDN interface card might not turn off. [PR/59536]
On ISDN interfaces in a J-series Services Router, if you configure the vrf-table-label statement at the [edit routing-instances instance-name] hierarchy level, packets might be dropped from the connection. [PR/59718]
On ISDN dialer interfaces in a J-series Services Router, if you configure the minimum-links statement at the [edit interfaces dl0 unit logical-unit-number] hierarchy level and then deactivate the BRI interface associated with the dialer interface, the output packets counter displayed in the output of the show interfaces dl0 command might continue to increment. [PR/59986]
On ISDN dialer interfaces in a J-series Services Router, when you configure the load-threshold 100 statement at the [edit interfaces dl0 unit logical-unit-number dialer-options] hierarchy level and the 56-Kbps bandwidth threshold is exceeded, the interface does not support additional network traffic and might not activate another BRI interface. [PR/60045]
On J-series Services Routers, if you oversubscribe an E1 interface, latency on the high-priority queue might be higher than expected. As a workaround, configure a shaping rate on the E1 interface that is equal to the line rate minus the E1 framing overhead. [PR/60595]
In rare cases, under GRES configuration, the master Routing Engine might fail to relinquish mastership and the switchover to the backup Routing Engine could take up to 360 seconds. [PR/61821]
On J4300 and J6300 Services Routers with a G.SHDSL PIM, at a line rate of 320 kbps, ping fails to work with an AdTran DSLAM. [PR/62177]
On J4300 and J6300 Services Routers with a G.SHDSL PIM, at a line rate of 448 kbps, the line flaps and ping fails to work with an AdTran DSLAM. [PR/62179]
For 320-Kbps and 256-Kbps line rates only, when the software is bringing up the G.SHDSL line with an AdTran DSLAM, the line takes more than a minute to negotiate successfully. [PR/62462]
For Automatic Protection Switching (APS) on SONET/SDH interfaces, there are no operational mode commands that display the presence of APS mode mismatches. An APS mode mismatch occurs when one side is configured to use bidirectional mode, and the other side is configured to use unidirectional mode. [PR/65800]
On J-series Services Routers, when an ISDN dialer interface is configured as a watch list and is then deactivated and connected as a backup interface and a commit is performed, the dialer interface will not dial out even if the primary interface is down. As a workaround, disable the primary interface and perform a commit. Then enable the primary interface and perform a commit. [PR/67355]
When an M40e router chassis repeatedly sends a "failed reading voltage" error message, it might indicate that an incorrect power supply (M20 instead of M40e router) is installed. [PR/70868]
On a Serial PIM of a J-series Services Router, the member link of an MLPPP bundle might show large, incorrect values for input and output counters when the remote end of the serial connection is not operating. The problem might also happen when the logical interface configuration is deactivated and reactivated. This condition has no operational impact, and after a few minutes the counter values are automatically corrected. [PR/72241]
On J-series Services Routers, if you configure an IPSec-over-GRE tunnel, there might be fragmentation issues. As a workaround, delete the clear-dont-fragment statement and the mtu statement on the GRE interface, and include the tunnel-mtu 9192 statement at the [edit services ipsec-vpn rule rule-name term term-name then] hierarchy level on both sides of the connection. [PR/74337]

Services Applications

The output of the show services nat pool command displays duplicate entries for a single Network Address Translation (NAT) pool. [PR/34678]
When you configure intrusion detection services (IDS) on J-series platforms, including the threshold statement at the [edit services ids rule rule-name term term-name then logging] hierarchy level has no effect. [PR/46577]
On Adaptive Services PICs configured for IPSec tunnel redundancy, if there are a large number of tunnels, sometimes a few of the tunnels might switch over to the backup tunnel. [PR/46733]
On routing platforms configured for Internet Key Exchange (IKE)-based IPSec, if a remote peer using other vendors' equipment does not renegotiate the IKE security association (SA) when it is about to expire and continues to send dead peer detection (DPD) requests on the same SA, the routing platform might not be able to reply to these messages. [PR/47004]
If the socket buffer becomes full on a remote router, you cannot clear all the IPSec security associations (SAs) from the router. [PR/55189]
For flow collection services interfaces, if you include a description for ifalias in the format option at the [edit services flow-collector file-specification file-specification-name name-format] hierarchy level, the interface might generate files with nonexistent SNMP indices specified in the filename. [PR/57382]
When a routing platform is configured for graceful Routing Engine switchover and Adaptive Services (AS) PIC redundancy, and a switchover to the backup Routing Engine occurs, the redundant services interface (rsp-) only uses the primary services interface (sp-) if the primary interface is operational. [PR/59070]
On Monitor I and II PICs, under certain circumstances, outgoing packets might be dropped. [PR/59432]
In memory overload conditions, the Monitoring Services II PIC might create files with no flow records and these files might not be sent to the external FTP server. [PR/62599]
When you delete a virtual routing-instance that includes a services interface and then roll back the configuration, the forwarding table is marked as deleted. For logical services interfaces in any routing instance and in the service set, the key management process (kmd) adds the corresponding decrypt route in the corresponding forwarding table. When you deactivate the routing instance, the corresponding forwarding table is deleted only if all routes in the table are deleted. However, in this case, since the service set still exists, the decrypt routes are not deleted. As a result, the forwarding table is marked as deleted, but is not actually deleted. [PR/63607]
When you modify a flow collection configuration and commit the changes, the system log might contain error messages regarding the configuration commit. These messages do not affect the operation of the router and can be ignored. [PR/64201]
Some probe types require particular options to be configured using specific attributes. For example, the udp-ping-timestamp statement requires a minimum data size of 12. The minimum data size for TCP probe packets is 1. Using a smaller value (or none) for data size results in a commit error. [PR/69765]
On J-series Services Routers, the value for the DLSw MIB dlswTConnTcpConfigKeepAliveInt should be nonzero. [PR/70002]

General Routing

A T1 interface might continue flapping with flooding network control messages. This can cause excessive tail-drop on the network-control queue. The workaround is to increase the capacity of the network-control queue. [PR/55898]
If you issue the show ldp traffic-statistics command, the following system log message might be generated for all forwarding equivalence classes (FECs) with an ingress counter set to zero: "send rnhstats GET: error: ENOENT -- Item not found." [PR/67647]

Routing Protocols

When you include the as-path atomic-aggregate statement at the [edit routing-options aggregate defaults as-path] hierarchy level to manually add the ATOMIC_AGGREGATE attribute on a BGP AS path, the attribute is not added. [PR/2527]
When you issue the show pim statistics command to view traced PIM protocol traffic, messages sent to the rendezvous point (RP) might not increment the Register counter. [PR/13887]
When you issue the mtrace command from a UNIX client, the router does not respond to a query that requires multicast response, but responds correctly to any query that requires unicast response. As a result, the first two probes time out. The third probe is the unicast response probe, which usually succeeds. [PR/17237]
For DVMRP, you might be able to configure an invalid metric value of 32 or more at the [edit protocols dvmrp interface interface-name metric] hierarchy level. The CLI help specifies an invalid range of values for this statement. [PR/33429]
When virtual links are configured on a router, OSPF graceful restart might not work as expected. [PR/36947]
If you configure Bidirectional Forwarding Detection (BFD) and graceful restart for OSPF or IS-IS, graceful restart might not work as expected. [PR/37106]
If a router receives a Pragmatic General Multicast (PGM) Source Path Message (SPM), it does not create a forwarding cache, nor does it forward the message to other routers as a heartbeat, as specified in RFC 3208. Also, the router's multicast cache might time out if it does not receive actual PGM data (ODATA) for more than 6 minutes. As a workaround, configure the PGM source application to send PGM ODATA at least once every 6 minutes. The ODATA acts as the heartbeat message in lieu of the SPM messages and ensures that the multicast and forwarding caches are created and updated. [PR/37504]
Bidirectional Forwarding Detection (BFD) might not work as expected within a logical router. [PR/38332]
If secondary addresses are configured on an interface, Bidirectional Forwarding Detection (BFD) might establish a session for only one address at a time on a random basis. [PR/38498]
If you configure the sham-link statement at the [edit routing-instances instance-name protocols ospf area] or [edit routing-instances instance-name protocols ospf] hierarchy level on a provider edge (PE) router, extraneous OSPF link-state advertisements (LSAs) might be added. In some cases, this can result in a routing loop between the customer edge (CE) and PE routers. [PR/40000]
OSPF trace information might include misleading authentication data for outbound packets. [PR/43254]
The address fields in the BGP MIB are not compatible with IPv6 address lengths. [PR/51150]
If you include the vpn-group-address statement at the [edit routing-instance routing-instance-name protocols pim] hierarchy level in a routing instance of type VRF, and you change the router ID or loopback address value in a master routing instance, the router might lose connectivity with other provider edge (PE) routers for the VPN. As a workaround, deactivate the vpn-group-address statement at the [edit routing-instance instance-name protocols pim] hierarchy level, commit the configuration, reactivate the statement, and commit the configuration again. [PR/51839]
When you configure damping globally and use the import policy to not damp specific routes, and a new route is received from a peer with the local interface address as the next hop, the route is added to the routing table with default damping parameters, even though the import policy has a nondefault setting. As a result, damping settings do not change appropriately when the route attributes change. [PR/51975]
When the IGMP/MLD SSM-Map feature is enabled on a LAN interface with multiple receiving hosts, the router might continue to forward traffic for the group until the IGMP group membership timeout interval expires, even though all receivers might have already left the group. [PR/61538]
Numbered point-to-point interfaces are displayed twice in the output of various show ospf commands. [PR/68254]
The TTL value for PIM Graft messages (which are unicast) is set to 64 instead of 1. [PR/70123]
When a SONET interface flaps because of transport path errors, BGP might also flap. To resolve the issue, you must address the transport errors that are causing the interface to reset. For defects that get cleared very quickly, increasing the hold-time might avoid interface resetting, but make sure you take the necessary precautions while configuring hold-time. [PR/72570]

MPLS Applications

If you configure a label-switched path (LSP) with the no-cspf statement at the [edit protocols mpls] hierarchy level, the LSP might cycle up and down several times before stabilizing. [PR/10415]
The local bandwidth log for a Constrained Shortest Path First computation might show an incorrect value. [PR/21369]
Per-prefix forwarding does not support multiple-weight next hops. If you forward traffic over a transit router on which the fast-reroute statement is configured at the [edit protocols mpls label-switched-path lsp-name] hierarchy level, the backup information is not passed to the Packet Forwarding Engine. [PR/22755]
After a label-switched path (LSP) is established, increasing the LSP bandwidth beyond what is available does not bring down the LSP. The show mpls lsp command displays the configured bandwidth value rather than the actual bandwidth used. [PR/40164]
If you include the explicit-null statement at the [edit protocols bgp family inet labeled-unicast] hierarchy level, the traceroute command might not work properly. [PR/44814]
If you issue the show mpls lsp statistics command on an ingress router with the slower Routing Engine (RE2) and there are many label-stacked VPNs, the Packet Forwarding Engine might restart. [PR/51305]
If a cross-connected circuit (CCC) traverses a forwarding adjacency (FA) label-switched path (LSP), traffic forwarding might be affected. [PR/60088]
RSVP graceful restart does not function for LSPs that have a forwarding adjacency (FA) label-switched path (LSP) as a next hop. [PR/60256]
When you modify the primary path for an MPLS LSP by using the delete protocols mpls label-switched-path lsp-path-name primary path-name command in configuration mode, followed by the set protocols mpls label-switched-path lsp-path-name primary path-name command, and then issue the commit command, the entire LSP (both primary and secondary) is torn down and then rebuilt from scratch. As a workaround, issue the delete protocols mpls label-switched-path lsp-path-name primary path-name command in configuration mode followed by the commit command. Then issue the set protocols mpls label-switched-path lsp-path-name primary path-name command followed by the commit command. [PR/62365]
If you configure a point-to-multipoint label-switched path (LSP) and a point-to-multipoint transmit switch and commit the configuration, the routing protocol process (rpd) might stop operating and dump core. [PR/67488]
When you configure MPLS primary and secondary LSPs along with link protection or fast reroute and issue the clear mpls lsp command after the sessions are up, the secondary and primary LSPs might take the same path. [PR/72274]

VPNs

For IPv6 VPNs running on Gigabit Ethernet and Fast Ethernet interfaces, ping and traceroute operations do not work from local provider edge (PE) routers to remote PE and customer edge (CE) routers. [PR/28502]
When you modify the frame-relay-tcc statement at the [edit interfaces interface-name unit logical-unit-number] hierarchy level of a Layer 2 VPN, the connection for the second logical interface might not come up. As a workaround, restart the chassis process (chassisd) or reboot the router. [PR/32763]
If you configure 11 or more logical interfaces, VPLS statistics might not be reported correctly. [PR/65496]
When you enable per-packet load balancing, traffic is evenly balanced among all parallel label-switched paths (LSPs), regardless of the state of the control plane. [PR/70487]

Class of Service

When you configure an ES PIC, a log message similar to “fpc0 LCHIP(3): Unable to fathom what channel used by IFD 432” might be displayed. There is no operational impact. [PR/36184]
On ATM2 IQ PICs configured to use alternate VC CoS mode, when the traffic pattern on low-priority queues is changed, the high-priority queue can send less traffic than it should be able to send. As a workaround, you can raise the high-priority queue weight. [PR/50178]
The JUNOS software does not support the IEEE-802.1p rewrite rule when an lt interface is the outbound interface. [PR/55903]
If you try to configure a scheduler map containing two forwarding classes that are mapped to the same queue, the class-of-service scheduler is not applied to the Packet Forwarding Engine. As a workaround, configure a single forwarding class for each available queue. [PR/57907]
On J-series Services Routers, under certain circumstances the forwarding process (fwdd) might dump core and reset while executing CoS instructions. To avoid this condition, separate the shape state from the scheduler state. [PR/67912]
When you configure a specific classifier for a logical unit, it does not override the fixed classifier configured using wildcards. [PR/68888]
Unusually high memory allocation might occur for link services (ls) interface queues, because the queues' buffer allocation is not based on bundle bandwidth. [PR/70562]
When you use wildcards to configure logical interfaces, the configuration includes a default scheduler map even though per-logical-interface queuing is not configured and the interface is not residing on a PIC that supports logical interface queuing. [PR/71529]

Forwarding and Sampling

On a T640 routing node, the sampling process (sampled) might write to a sampling output file inconsistently or might fail to export cflowd records as expected. As a workaround, restart the sampling process. [PR/31021]
When you perform Routing Engine-based sampling without a Collector PIC installed, the /var/log/sampled trace file reports that it is unable to update the collector configuration. This message can be ignored. [PR/68198]
Packets may go through the output firewall in some cases. The workaround is to use a firewall filter on the output interface with "then sample; then next term;". There is no difference in the functionality of these two configurations. [PR/70743]

Routing Policy and Firewall Filters

If the software cannot find a referenced policy, the routing protocol process (rpd) might dump core. [PR/67098]

Network Management

The following groups of MIB objects do not segregate the data they return according to the routing instance specified in an SNMP request:
- vrrpMIB
- jnxCosIfqStatsTable
- jnxCosQstatTable
[PR/63045]
Sometimes, the default routing instance (configured at the default logical router level) does not report the physical interface associated with the logical interface. [PR/66793]

[Contents] [Prev] [Next] [Report an Error]