[
Contents]
[
Prev]
[
Next]
[
Report an Error]
Current Software Release
The current software release is Release 8.1R4. For information
about obtaining the software packages, see M-series, MX-series, and T-series Upgrade and
Downgrade Instructions or J-series Upgrade and Downgrade Instructions, depending on your router
platform.
Resolved Issues
The following issues have been resolved since JUNOS Release
8.1R3. The identifier following the description is the tracking number
in our bug database.
Platform and Infrastructure
- If you enable the copy-PLP and filter-class features simultaneously,
an unusable topology might be installed in the Packet Forwarding Engine,
and control traffic might not be handled properly by the system. As
a workaround, disable either the copy-PLP or the filter-class feature.
[PR/62511: This issue has been resolved.]
- Route records for Routing Engine-based sampling are exported
to the AS PIC, even when the records are not needed by the AS PIC.
This action consumes valuable memory resources on the AS PIC. [PR/75550:
This issue has been resolved.]
- On Intelligent Queuing (IQ) or IQ2 PICs, if you include
the per-unit-scheduler statement on a logical interface and
the interface goes down or is deleted from the configuration and added
again, the PIC might run out of memory and stop operating. [PR/78000:
This issue has been resolved.]
- On M20 routers, if you take an FPC offline, extract a
PIC, reinsert the PIC, and attempt to bring the FPC online, the online
operation might fail, the System and Switching Board (SSB) might dump
core, and the router might reboot automatically. [PR/78988: This issue
has been resolved.]
- If you configure some types of LSPs (such as point-to-multipoint
LSPs, LSPs in a VPLS domain, changing LSP types and clearing the RSVP
session on the transit router, etc.), the router might stop operating
and restart when the LSPs transition down and up. [PR/81961: This
issue has been resolved.]
- When an aggregated interface is used for indirect next-hop
resolution and you enable per-prefix load balancing, packets might
not be able to exit the aggregated interface. As workaround, configure
per-packet load balancing for the aggregated interface. [PR/94439:
This issue has been resolved.]
- When you enable graceful Routing Engine switchover, if
a TCP connection is closed and two consecutive switchovers occur,
any new TCP connections to the same destination on the new master
Routing Engine might fail to become established. [PR/98275: This issue
has been resolved.]
- On OC768 PICs installed in Type 4 FPCs, if the routing
platform experiences heavy, bursty traffic conditions, almost all
traffic going through one queue might be dropped by the random early
detection (RED) algorithm. As a workaround, reboot the FPC. [PR/228909:
This issue has been resolved.]
- If a routing platform uses an aggregated Ethernet interface
as the only internal (IGP) facing interface and has many external
peering sessions on other interfaces not traversing the aggregated
Ethernet interface, when the aggregated Ethernet interface goes down
and up several times, the memory buffer of the routing platform might
overflow. This can cause a switchover to the backup Routing Engine
(on dual Routing Engine platforms) or cause the Routing Engine to
become unreachable (on single Routing Engine platforms). [PR/236258:
This issue has been resolved.]
- If you configure a large number of MD5 authentication
keys for BGP sessions, and then deactivate and reactivate the keys,
the router might generate a commit error and MD5 authentication might
not be applied on some of the BGP sessions. [PR/237690: This issue
has been resolved.]
User Interface and Configuration
- If you delete and then reconfigure an applied configuration
group that does not contain any configuration data, the routing protocol
process (rpd) might generate a core file and stop operating. [PR/63677:
This issue has been resolved.]
- According to RFC 3986, port numbers can be optional in
secure copy (scp) transfer syntax. The JUNOS CLI accepts the syntax
with or without a colon to separate the hostname from the port number,
but the UNIX shell requires a colon. However, the scp transfer accepts
the syntax only if a colon is not used. The fix to this PR enables
routers to handle “zero digit” port numbers. [PR/66375:
This issue has been resolved.]
- When either or both of the allow-command and deny-command statements are included for a login class at the [edit system login class class-name] hierarchy
level, users who belong to the class might experience long delays
when trying to connect to the router (for example, to start a CLI,
JUNOScript, or NETCONF session). [PR/95042: This issue has been resolved.]
- When you configure commit script management at the [edit groups group-name system commit] hierarchy
level and commit the configuration, the CLI session terminates. As
a workaround, configure commit script management at the [edit
system commit] hierarchy level. [PR/96917: This issue has been
resolved.]
- If you include the traceoptions statement in
a configuration that also includes the apply-groups statement,
the JUNOS software process responsible for generating the trace might
generate a core file and stop functioning. The process might continue
to malfunction when restarted. [PR/101491: This issue has been resolved.]
- During reboot of the router, the previously active configuration
is automatically committed. If the commit operation does not completely
succeed and you then issue the show configuration command,
the JUNOS management process (mgd) generates a core file and stops
functioning. [PR/102442: This issue has been resolved.]
- If you configure a user login class containing deny-commands, and the regular expression that is used to define which commands
are denied includes a top-level statement or command (such as configure), the user might still be able to gain access to the
statement or command. [PR/228617: This issue has been resolved.]
- When you reference apply groups in a routing instance
and attempt to commit the configuration, the commit operation might
fail and cause foreign file propagation (ffp) and management process
(mgd) core dumps. [PR/233470: This issue has been resolved.]
Interfaces and Chassis
- On Channelized STM1 PICs, a tributary unit alarm indication
signal (TU-AIS) alarm enabled for one channel might cause another
channel to shut down. [PR/55357: This issue has been resolved.]
- When you manually disable the active Automatic Protection
Switching (APS) interface to switch between the working and protect
circuits, APS might not function properly. [PR/71083: This issue has
been resolved.]
- If you modify a time slot on a member link of a redundant
link services (rlsq-) interface bundle when the Routing Engine
is unusually busy (because of route flaps, for example), that particular
member link might stop forwarding traffic. [PR/78591: This issue
has been resolved.]
- On Adaptive Services (AS) PICs, if the PIC receives a
large amount of traffic, CPU utilization is high, and there are many
memory transactions, some components in the PIC might become stuck
and stop processing frames. [PR/94287: This issue has been resolved.]
- When the configuration for APS unidirectional mode is
deactivated or deleted, the system might never switch to bidirectional
mode, even if that mode is explicitly configured. As a workaround,
deactivate APS on both the working and protect circuits and then reactivate
it. [PR/96801: This issue has been resolved.]
- With JUNOS Release 8.0 or higher, some XENPAK transceivers
might report spurious temperature, laser bias, laser output, and receive
optical power alarms that are cleared again after about 10 seconds.
There is no operational impact. [PR/98428: This issue has been resolved.]
- During high congestion, 10-Gigabit Ethernet XENPAK PICs
might trigger some very confusing messages as a result of packet loss.
The fix replaces the error system log messages with counters that
indicate the error count for “txxg” and “rxxg”
interrupt registers. [PR/100022: This issue has been resolved.]
- For link services intelligent queuing (LSQ) interfaces
configured on AS PICs, if you configure an FRF.16 bundle that contains
the minimum-links statement, and then deactivate and reactivate
one of the interfaces that is part of the bundle, the other active
interfaces might not rejoin the bundle when the modified interface
is reactivated and the bundle comes back up. This issue only happens
if there is an explicit configuration change. [PR/101109: This issue
has been resolved.]
- For AS PICs or MultiServices PICs, if a link services
queuing (LSQ) bundle goes down because of minimum-link member settings,
the class-of-service bandwidth for the bundle is not applied correctly
after the bundle comes back up. [PR/101119: This issue has been resolved.]
- When an M120 router or an MX-series Ethernet Services
Router is operating as a penultimate node for a transit bypass tunnel,
link protection might not function properly. As a workaround, include
the explicit-null statement at the [edit protocols mpls] hierarchy level on the egress node of the bypass tunnel so that
the router is no longer operating as a penultimate node. [PR/101833:
This issue has been resolved.]
- On 1-port SONET/SDH OC768 interfaces, when you include
the no-concatenate statement at the [edit chassis fpc fpc-slot pic pic-slot] hierarchy
level, the interfaces might take a long time to come up. [PR/102764:
This issue has been resolved.]
- In certain circumstances, a channelized Intelligent Queuing
(IQ) PIC might generate a core file and stop operating. [PR/103268:
This issue has been resolved.]
- When you issue the show interfaces extensive command
for an interface on an M-series router that uses ethernet-ccc encapsulation, the values in the “Input rate” field
of the output might be incorrect. [PR/103527: This issue has been
resolved.]
- If you configure an interface to be stacked VLAN initially
and then change it to flexible VLAN, the management process (dcd)
does not register the new change. As a workaround, deactivate and
reactivate the interface. [PR/105626: This issue has been resolved.]
- When the 802.1p rewrite table is created, the bit order
for the packet loss priority (PLP) and TCP protocol fields might be
reversed. [PR/228710: This issue has been resolved.]
- On 10-Gigabit Ethernet IQ2 PICs, the default weighted
random early detection (WRED) profile is incorrect, causing incorrect
RED handling on queue 0. [PR/228742: This issue has been resolved.]
- When you issue the monitor interface command
for an OC768 PIC running at line rate, the byte count and bps rate
values are longer than the space allotted for them, which causes the
delta value to appear on the line below instead of the same line.
[PR/229494: This issue has been resolved.]
- On Channelized OC12 intelligent queuing (IQ) interfaces,
the output-traffic-control-profile statement at the [edit
class-of-service interfaces interface-name] hierarchy level is not supported. [PR/229880: This issue has been
resolved.]
- When scheduler maps are applied to more than one interface,
the interface process (dcd) might not release memory that it has allocated.
[PR/230770: This issue has been resolved.]
Services Applications
- Monitoring Services PICs might create cflowd records that
erroneously include zero counts for packets and bytes, and the same
value for start and end times. [PR/72492: This issue has been resolved.]
- Because of interoperability issues or network failures
or retries, a router might receive an IPCP CONF-REQ message even after
IPCP is up. When this happens, the PPP stack transitions from IPCP
up to IPCP down. When the CONF-ACK message is finally received, a
second IPCP up event occurs. [PR/73334: This issue has been resolved.]
- When you configure the DLSW protocol, the lt-0/0/0 interface, and other interfaces and then commit the configuration,
DLSW might not become established between peers. As a workaround,
restart the DLSW process on both peers to establish the DLSW connection.
[PR/79493: This issue has been resolved.]
- If initiator and response packets for TCP flows arrive
at nearly the same time, the Adaptive Services PIC might generate
a core file and stop functioning. [PR/94388: This issue has been resolved.]
- If a large number of flows expire in a short period of
time, the Adaptive Services PIC might generate a core file and stop
functioning. [PR/101117: This issue has been resolved.]
- When you configure a Session Initiation Protocol (SIP)
application-level gateway (ALG) on an AS PIC, the PIC might stop operating
and generate a core file. [PR/103973: This issue has been resolved.]
- A reverse route for a remote proxy network that is shared
by multiple dynamic end point tunnels might be deleted if any of the
tunnels stops functioning. [PR/105656: This issue has been resolved.]
- When multiple Layer 2 Tunneling Protocol (L2TP) tunnels
from different tunnel groups are being set up simultaneously, the
same tunnel identifier might be assigned to more than one tunnel and
some tunnel attributes might be assigned to the wrong L2TP session.
As a workaround, issue the clear services l2tp tunnel command
to clear the L2TP tunnels. [PR/233184: This issue has been resolved.]
Routing Protocols
- If you include the remove-private statement at
the [edit routing-instances instance-name protocols bgp group group-name] hierarchy
level, the private autonomous system (AS) number might not be removed
from the AS path for routes advertised to peers. [PR/78141: This issue
has been resolved.]
- In rare cases, processing an upstream assert message for
an (S,G) node that was previously marked as deleted might cause the
routing protocol process (rpd) to reset unexpectedly. [PR/80253: This
issue has been resolved.]
- When you include the always-compare-med statement
at the [edit protocols bgp path-selection] hierarchy level,
the routing protocol process (rpd) might generate a core file (but
it continues to run). [PR/99220: This issue has been resolved.]
- When a BGP routing table is removed, the routing protocol
process (rpd) might stop operating and generate a core file. [PR/99777:
This issue has been resolved.]
- When a routing table is updated with information from
RIP, the routing protocol process (rpd) might generate a core file
and stop operating. [PR/105027: This issue has been resolved.]
- When an OSPF area border router (ABR) receives two or
more summary link-state advertisements (LSAs) that have the same identifier
but different prefix lengths, the routing protocol process (rpd) might
stop operating. [PR/230127: This issue has been resolved.]
- If a policy with a community delete action deletes all
communities, the routing process will leak memory. [PR/230207: This
issue has been resolved.]
- When multiple MPLS LSPs are configured, the mplsTunnelReoptimized trap is triggered on every expiration of the value set for the optimize-timer statement at the [edit protocols mpls label-switched-path lsp-name] hierarchy level. In addition, including
the no-trap statement at the [edit protocols mpls log-updown] hierarchy level does not block the traps defined in RFC 3812, Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) Management
Information Base (MIB). [PR/231678: This issue has been
resolved.]
MPLS Applications
- When an LDP neighbor's IP address changes, information
about the previous address persists in the newly established LDP session,
along with the new address. When the previous address times out, the
FEC for the neighbor's loopback address might be mistakenly removed.
As a workaround, clear the LDP session when the address changes.
[PR/103001: This issue has been resolved.]
- An error in the Constrained Shortest Path First (CSPF)
software might cause the routing protocol process (rpd) to generate
a core file and stop operating. [PR/103777: This issue has been resolved.]
- MPLS graceful restart might not function in the main routing
protocol process (rpd) if one or more logical routers are configured.
[PR/228195: This issue has been resolved.]
Class of Service
- Unusually high memory allocation might occur for link
services (ls-) interface queues because the queues' buffer
allocation is not based on bundle bandwidth. As a workaround, apply
a scheduler map to the multilink bundle, with buffer sizes configured
to be a fraction of the original buffer sizes. The maximum buffer
size allocated to the multilink bundle interface does not affect other
interfaces as long as the sum of buffer sizes of the queues on the
multilink interface equals a fraction of the maximum buffer size.
[PR/70562: This issue has been resolved.]
- When the policer action involves setting the loss priority
or the forwarding class, the policer counter is not incremented. [PR/96341:
This issue has been resolved.]
- If you modify the buffer size in a class-of-service scheduler,
the FPC might reset. [PR/99780: This issue has been resolved.]
- If you include the scheduler-map statement at
the [edit class-of-service interfaces aeX] hierarchy level and a member link of the aggregated Ethernet
interface goes down or comes back up, traffic forwarding on the routing
platform halts for approximately 400 milliseconds. [PR/102200: This
issue has been resolved.]
- Some JUNOS processes, including the class-of-service process
(cosd), might not correctly release memory that they have allocated.
[PR/230771: This issue has been resolved.]
Forwarding and Sampling
- On all platforms, certain combinations of load override and rollback operations might cause firewall filters configured
for the VPLS, CCC, and TCC families not to work correctly. To restore
correct performance, deactivate and reactivate each interface on which
the filters are applied. [PR/95140: This issue has been resolved.]
- When you configure an interface in a logical router and
apply a firewall filter, the software allows you to delete the firewall
filter from the configuration while the interface still references
it. When you commit the configuration, the system returns a warning
message: “Referenced filter filter-name of family family-type is not defined”,
but allows the commit operation to succeed. [PR/98442: This issue
has been resolved.]
- On T-series routing platforms only, if local traffic generated
by the Routing Engine is not classified properly, forwarding-class
filters might not work properly. [PR/98943: This issue has been resolved.]
- After you commit a configuration, some processes (including
the firewall process [dfwd]) might fail to release memory that they
allocate while reading the configuration. [PR/230772: This issue has
been resolved.]
Network Management
- If there is a communication failure when the router processes
an SNMP request from the SNMP process (snmpd), the routing protocol
process (rpd) might dump core. [PR/69969: This issue has been resolved.]
- When a large number of trap packets are sent in a short
interval and the packets are kept in the trap queue with more than
two trap destinations configured, the SNMP process (snmpd) runs out
of memory. [PR/98306: This issue has been resolved.]
- On J4350 and J6350 routers, the engine-id use-mac-address statement at the [edit snmp] hierarchy level is not supported.
[PR/98711: This issue has been resolved.]
- When forwarding MPLS LSP traps with a nondefault context
(for example, from a nondefault logical router or routing instance),
the SNMP process (snmpd) might dump core. [PR/100851: This issue has
been resolved.]
- The minimum value for the size statement at the [edit snmp traceoptions file] is 10000, which is less
than the minimum value of 10240 that applies to tracing configuration
at other hierarchy levels. Attempts to commit a configuration with
the value 10000 wrongly fail, because the verification software
applies the standard minimum of 10240. [PR/101560: This issue
has been resolved.]
- The Management Information Base (MIB) process (mib2d)
sometimes generates a core file and logs the message “SNMP_GET_ERROR2:
jnxDCUsEntry get-next failed for dcu index/name: index1 index1 index2 index2 (Operation timed out)." [PR/228471: This issue
has been resolved.]
Outstanding Issues
Software Installation
- For hard disks that were originally formatted by JUNOS
Release 4.4 or earlier, after you issue the request system snapshot
partition command, the router cannot boot from the hard disk.
As a workaround, issue the request system snapshot command
before upgrading. [PR/36742]
Platform and Infrastructure
- When the Monitoring Services PIC is overloaded, the output
from the show services accounting flow-detail command might
freeze. [PR/32896]
- On T-series routing platforms, a Layer 2 maximum transmission
unit (MTU) check is not supported for MPLS packets arriving at egress
provider edge (PE) routers. [PR/46238]
- When you configure a source class usage (SCU) name with
an integer (for example, 100) and use this source class as a firewall
filter match condition, the class identifier might be misinterpreted
as an integer, which might cause the filter to disregard the match.
[PR/50247]
- On a T640 routing platform, you can exceed the hardware
limit of the platform if you configure link protection by including
the link-protection statement at the [edit protocols
mpls label-switched-path lsp-name] hierarchy
level, or if you configure a triple-push operation by including the exp-push-push-push statement at the [edit class-of-service
interfaces interface-name unit logical-unit-number rewrite-rules] hierarchy level in conjunction with VLAN tagging
and Ethernet-based Layer 2 circuit configuration. In the case of link
protection, the problem is transitory while the platform changes to
link-protection mode. [PR/51688]
- On M-series and J-series routing platforms, when you include
the vrf-table-label statement at the [edit routing-instances routing-instance-name] hierarchy level, the incoming
traffic is considered to come from the internal label-switched interface
(LSI) associated with the VRF instance. The original incoming logical
interface is unknown, so the traffic is not accounted for by the original
incoming logical unit. Furthermore, the LSI is an internal interface
and has no accounting support. [PR/53148]
- When a Monitoring Services PIC is overloaded with traffic,
the FPC might take the PIC offline and repeatedly send the same error
message. The error message does not affect normal operation of the
FPC and PICs. As a workaround, restart the FPC and bring the PIC online.
[PR/55981]
- Even if you do not configure IPSec, the key management
process (kmd) opens UDP port 500. [PR/59054]
- If you configure several DNS servers by including the name-server statement at the [edit system] hierarchy
level, the JUNOS software uses only the first three configured DNS
servers. [PR/59172]
- When a dynamic flow capture interface (dfc-fpc/pic/port) is configured as the next hop in a forwarding path, port-mirrored
packets are corrupted. [PR/60799]
- On an M320 router with an Enhanced FPC Type 2, when an
interrupt is sent to an interface that has transitioned to the Down
state, an error is recorded for this event. [PR/61236]
- Packet capture is not supported with MLPPP encapsulation.
However, the CLI does not prevent you from enabling packet capture
on an interface with MLPPP encapsulation. If packet capture is enabled
in the input direction on an interface with MLPPP encapsulation, input
packets on that interface are captured on the output interfaces. [PR/64615]
- If you configure 11 or more logical interfaces in a single
VPLS instance, VPLS statistics might not be reported correctly. [PR/65496]
- For TX Matrix platforms configured with graceful Routing
Engine switchover (GRES), when the master Routing Engine of a line-card
chassis (LCC) enters debug mode, it does not release mastership. [PR/66308]
- If a router receives multicast packets that fail a reverse-path
forwarding (RPF) check on an interface and the packets do not have
an existing multicast forwarding entry, the following log entry might
appear: “resolutions from iif X throttled.”
[PR/71205]
- When a large number of kernel system log messages are
generated, the log information might become garbled and the severity
level could change. This behavior has no operational impact. [PR/71427]
- If you configure two IPv6 addresses with the same prefix
on a single logical interface, the backup Routing Engine might stop
operating. [PR/72069]
- On M320 and T-series routing platforms, there is a process
that monitors FPCs while they transition to an online state. If an
FPC is busy and cannot complete the transition within the time limit,
the process might time out and prevent the FPC from coming online.
[PR/72364]
- If you configure the same IPv6 address on the fxp0 interface and another public interface within the same routing instance,
the backup Routing Engine might restart. [PR/72573]
- For M320 and T-series routing platforms, when you configure
the local gateway of an IPSec tunnel in a routing instance, IPSec
over a generic routing encapsulation (GRE) tunnel might not function
properly. [PR/73864]
- A J4350 or J6350 router running JUNOS Release 8.0 will
not function properly if the Channelized T1/E1 PIM or the Avaya TGM550,
TIM510, TIM514, or TIM521 VoIP modules are installed on the router.
Ensure the following:
- Before you install a Channelized T1/E1 PIM, upgrade the
router to JUNOS Release 8.1 or later.
- Before you install Avaya VoIP modules, upgrade the router
to JUNOS Release 8.2 or later.
- Before you downgrade from JUNOS 8.3, 8.2, or 8.1 to JUNOS
8.0, remove any Channelized T1/E1 PIMs or Avaya VoIP modules installed
on the router.
[PR/74308]
- When the outer label of a packet is set to explicit null
and the S bit is not set, the LSP ping command might not
work. The JUNOS software does not conform with RFC 4182, Removing a Restriction on the use of MPLS Explicit NULL. [PR/74963]
- For J-series Services Routers, if you send a real-time
performance monitoring (RPM) probe through an IPSec tunnel and the
probe includes the hardware-timestamp statement at the [edit services rpm probe owner-name test test-name] hierarchy level, RPM icmp-ping type probes might not work. [PR/75927]
- On J-series Services Routers, when two links are part
of an MLPPP bundle and the link belonging to the bundle on the remote
end is disabled, the output of the show interfaces t1-fpc/pic/port statistics detail command on the local end displays double
the value for the Input bytes: field. When the link on the
remote end is re-enabled, the value for the Input bytes: field is correct. [PR/78692]
- When you configure the router to log activity with a firewall
filter or perform Routing Engine-based sampling, and heavy traffic
passes through the router, the following error message might be displayed:
“PKTR DMA age error cell counter incremented”. The error
indicates that some packet loss might be occurring for firewall filter
logging or Routing Engine-sampling. However, transit traffic is not
affected. [PR/78712]
- On M160 routers, if the router generates the system log
message “router fpc5 DXO: Plane 2, links inactive (0x00),”
traffic loss and loss of routing protocol adjacencies might occur.
[PR/78795]
- On M160 and M40e routers, a hardware error on the Switch
Fabric Module (SFM) might cause the board to reboot. [PR/79236]
- On the T-series routing platform, when you include the no-labels configuration statement at the [edit forwarding-options
hash-key family mpls] hierarchy level, the statement is added
to the configuration; however, MPLS labels are still included in the
hash key. [PR/80334]
- A firewall filter that matches the forwarding class of
incoming packets (that is, includes the forwarding-class statement
at the [edit firewall filter filter-name term term-name from] hierarchy level) might incorrectly
discard traffic destined for the Routing Engine. Transit traffic is
handled correctly. [PR/97722]
- For T-series routing platforms, if you enable an indirect
jtree for VPN routes, the routing ASIC SRAM utilization might increase
by approximately 30 percent. [PR/98738]
- If you try to commit a configuration that contains a large
number of keys and security associations, a commit error might be
seen and the keys might not take effect. [PR/237690]
User Interface and Configuration
- If you use NETCONF to modify the configuration datastore
when it has been locked by another NETCONF session, or if you try
to delete a configuration statement that does not exist, you see both <rpc-error> and <ok/> at the same time in the <rpc-reply> tag. [PR/62664]
- When you modify the date on the router, the time at which
an event should be generated might change from its original configuration
at the [edit event-options generate-event event-name time-of-day hh:mm:ss] hierarchy level. As a workaround, issue the commit full command after modifying the date on the router.
[PR/66801]
- In J-Web, when you select system log >
file > messages > explicit-priority, the J-Web Event Viewer does
not show the event ID. When you select system > system
log > time-format > milliseconds, the J-Web Event Viewer does
not filter messages. [PR/70523]
- If a static route's next hop is simultaneously edited
by two private edit sessions, it might cause a commit conflict and
the loss of some next-hop entries. [PR/72039]
- On M120 routers, if you remove an active Forwarding Engine
Board (FEB) from the chassis without taking it offline, traffic might
experience delays after FEB switchover. This issue appears only when
the interfaces are installed on a Type 3 FPC or OC192 CFPC. [PR/95491]
- If the configuration includes a commit script that uses
the jcs:invoke routine, the router fails to boot successfully.
[PR/95960]
Interfaces and Chassis
- On aggregated SONET/SDH interfaces, the counter for drops
and errors in the show interfaces command output does not
display the correct value, because the counter does not collect data
from the constituent interfaces within the aggregate. [PR/23577]
- On ATM interfaces, when the IP address of a remote device
is changed, the output of the show ilmi interface command
on the local routing platform might continue to display the old IP
address for the remote device. [PR/24126]
- On channelized E1 interfaces, you might be able to configure
clocking on ds-fpc/pic/port:n interfaces,
where n is not unit 0. This is an invalid
configuration and might cause a clocking selection problem on the
other channels. [PR/24722]
- If virtual channel identifiers (VCIs) for a large number
(approximately 400) of virtual connections (VCs) on an ATM DS3 interface
are changed frequently, the interface might mishandle the ATM cells.
As a result, OSPF and IS-IS neighbor adjacencies might not remain
stable. [PR/25639]
- On a 2-port OC12 ATM2 IQ interface, the total virtual
path (VP) downtime might not appear correctly in the show interfaces command output. [PR/27128]
- On a 2-port OC12 ATM2 IQ interface, if you configure and
then change the virtual path (VP) setting, the SNMP jnxAtmVpTotalDownTime counter might be reset. [PR/27131]
- On an OC3 ATM2 intelligent queuing (IQ) interface, when
you configure a shaping rate greater than the speed of the OC3 link
and commit the configuration, the actual shaping rate might be less
than the interface speed. [PR/27459]
- On ATM2 IQ interfaces, when you configure the atm-l2circuit-mode statement, the control word sequence number is not reset to 1 after
the transmit sequence number reaches 65,535. [PR/31669]
- On M20 and M40 routers, when a physical layer problem
affects a SONET/SDH interface, carrier transition statistics might
not increment correctly in the output of the show interfaces extensive command. [PR/33325]
- When you configure both the bundle link and constituent
links at the [edit logical-routers logical-router-name interfaces] hierarchy level, the constituent links do not come
up. As a workaround, configure the constituent links at the [edit
interfaces] hierarchy level. [PR/35578]
- On DS3 and E3 ATM2 IQ interfaces, when you configure ATM
point-to-multipoint permanent virtual circuits (PVCs), the following
error messages might appear in the system log: “/kernel: RT_COS:
COS IPC op 4 (CLASS TO IFL) failed, err 1 (Unknown),” “ssb
BCHIP 0: invalid entry type 127 at stream 8 channel 0 for ifl 83,”
and “ssb COSMAN: mapping table bind to ifl 83 failed.”
There is no operational impact. [PR/36524]
- When an ATM interface configured for CCC encapsulation
receives MPLS packets that exceed 484 bytes, the packets can overflow
the buffer and cause the ATM PIC to hang. As a workaround, take the
PIC offline and bring it back online. [PR/39918]
- When an IPSec firewall filter is applied to match traffic
sent across a generic routing encapsulation (GRE) tunnel and originating
from the local routing platform, the local traffic is dropped. Transient
traffic is not affected. [PR/44871]
- On channelized T3 interfaces, the T1 loopback state does
not reflect loopbacks set by facilities data link requests using the remote-loopback-respond statement at the [edit interfaces interface-name t1-options] hierarchy level. [PR/45837]
- When the data-link connection identifier (DLCI) is greater
than 335 on a Link Services PIC with Multilink Frame Relay (MLFR)
configured, the ping command might fail. [PR/49567]
- On a Link Services PIC, the CLI might incorrectly allow
you to configure a logical tunnel interface (interface identifier lt); however, the resulting interface might not work correctly.
[PR/49818]
- On Gigabit Ethernet PICs installed in M7i routers, if
you rename an active Gigabit Ethernet interface as an aggregated Ethernet
interface, and then add the original interface into the bundle, the
router might stop operating. As a workaround, commit the configuration
after you rename the interface and issue a second commit when you
add the interface to the aggregated Ethernet bundle. [PR/55106]
- If an MLPPP LSQ bundle carries a large volume of link
fragmentation and interleaving (LFI) traffic and a small proportion
of multilink traffic, packets might be dropped on the egress constituent
links. [PR/56664]
- For ISDN dialer interfaces in a J-series Services Router,
when you configure the no-keepalives statement at the [edit interfaces dl0 unit logical-unit-number] hierarchy level and you issue the show interfaces dl0 command, the Link flags field might still show keepalives. [PR/58520]
- If you disable an adaptive services interface by including
the disable statement at the [edit interfaces sp-fpc/pic/port] hierarchy level and then delete the disable statement
from the configuration, IPSec service is not reset correctly. As a
workaround, either issue the deactivate services command
followed by the activate services command, or issue the request chassis pic offline fpc-slot slot-number pic-slot pic-number command followed by
the request chassis pic online fpc-slot slot-number pic-slot pic-number command. [PR/58522]
- On M160 and M40e routers, when you commit a configuration
change, the router might generate a system log message that erroneously
reports the master Packet Forwarding Engine Clock Generator (PCG)
status as removed or offline. [PR/58716]
- When you take an ISDN interface offline on a J-series
Services Router, the LEDs on the ISDN interface card might not turn
off. [PR/59536]
- On ISDN interfaces in a J-series Services Router, if you
configure the vrf-table-label statement at the [edit
routing-instances instance-name] hierarchy
level, packets might be dropped from the connection. [PR/59718]
- On ISDN dialer interfaces in a J-series Services Router,
if you configure the minimum-links statement at the [edit
interfaces dl0 unit logical-unit-number] hierarchy level and then deactivate the BRI interface associated
with the dialer interface, the output packets counter displayed in
the output of the show interfaces dl0 command might continue
to increment. [PR/59986]
- On ISDN dialer interfaces in a J-series Services Router,
when you configure the load-threshold 100 statement at the [edit interfaces dl0 unit logical-unit-number dialer-options] hierarchy level and the 56-Kbps bandwidth threshold
is exceeded, the interface does not support additional network traffic
and might not activate another BRI interface. [PR/60045]
- On ATM2 intelligent queuing (IQ) interfaces, if you include
the disable option at the [edit interfaces at-fpc/pic/port atm-options vpi vpi-number oam-period] hierarchy level, the virtual path (VP) continues monitoring F4 Operation,
Administration, and Maintenance (OAM) cells and might tear down the
VP after receiving a single alarm indication signal (AIS) F4 OAM cell.
[PR/60166]
- On J-series Services Routers, if you oversubscribe an
E1 interface, latency on the high-priority queue might be higher
than expected. As a workaround, configure a shaping rate on the E1
interface that is equal to the line rate minus the E1 framing overhead.
[PR/60595]
- If you configure IS-IS, MPLS, and graceful Routing Engine
switchover (GRES) and a switchover event occurs, the routing platform
might end and renegotiate PPP IP Control Protocol (IPCP) sessions.
[PR/61121]
- If you configure graceful Routing Engine switchover and
issue the request chassis routing-engine master acquire command,
in rare cases the master Routing Engine might fail to relinquish mastership,
or the switchover to the backup Routing Engine might take up to 360
seconds. [PR/61821]
- For Automatic Protection Switching (APS) on SONET/SDH
interfaces, there are no operational mode commands that display the
presence of APS mode mismatches. An APS mode mismatch occurs when
one side is configured to use bidirectional mode, and the other side
is configured to use unidirectional mode. [PR/65800]
- For aggregated Ethernet interfaces on T640 and TX Matrix
platforms, the show interfaces extensive command sometimes
reports extremely large incorrect values in the Dropped packets column of the Queue counters output field. As a workaround,
issue the clear interfaces statistics command. [PR/65857]
- On J-series Services Routers, when an ISDN dialer interface
is configured as a watch list and is then deactivated and connected
as a backup interface and you issue the commit command, the
dialer interface will not dial out even if the primary interface is
down. As a workaround, disable the primary interface and issue the commit command. Then, enable the primary interface and issue
another commit command. [PR/67355]
- On J-series Services Routers with multilink-frame-relay-uni-nni (FRF.16) encapsulation, when you issue the show interfaces queue command, the kernel returns only the bundle statistics for FRF.16
and does not return the queue statistics; hence the command fails.
[PR/69565]
- J4350 and J6350 Services Routers might not have the requisite
data buffers needed to meet expected delay-bandwidth requirements.
This might cause degradation of class-of-service (CoS) performance
with smaller-sized packets. [PR/73054]
- If the encapsulation is set to Ethernet on a logical tunnel
interface, configuration of the point-to-point statement
at the [edit logical-routers logical-router-name interfaces interface-name unit logical-unit-number] hierarchy level should give an error on commit. [PR/73437]
- On M20 routers, when you start the router with Routing
Engine 0 and System and Switching Board (SSB) 0 as master components,
issue the request chassis routing-engine master switch command,
and then log into Routing Engine 1 and issue the request chassis
ssb master switch and request system reboot commands,
the online LED lights for both SSBs might remain lit. [PR/74283]
- On J-series Services Routers, if you configure an IPSec-over-GRE
tunnel, there might be fragmentation issues. As a workaround, delete
the clear-dont-fragment statement and the mtu statement
on the GRE interface, and include the tunnel-mtu 9192 statement
at the [edit services ipsec-vpn rule rule-name term term-name then] hierarchy level on
both sides of the connection. [PR/74377]
- On J-series Services Routers, dialer interface traffic
statistics from the output of the show interfaces dl0 extensive command does not display Input/Output bytes in bytes per
second or Input/Output packets in packets per second. [PR/77922]
- When you configure point-to-multipoint Frame Relay, the
router might generate a core file. [PR/82303]
- If you ping a nonexistent IPv6 address that belongs to
the same subnet as an existing point-to-point link, the packet loops
between the two point-to-point interfaces until the time-to-live expires.
[PR/94954]
- On 10-Gigabit Ethernet PICs with XENPAK, the media access
control (MAC) chip counter is interpreted incorrectly. [PR/96829]
- On channelized OC12 circuits, interchassis Automatic Protection
Switching (APS) failover takes longer than expected. [PR/98488]
- For 1-port Gigabit Ethernet ePIMs installed in J-series
Services Routers or built-in Gigabit Ethernet interfaces on the J4350
and J6350 Services Routers, if you configure more than one VRRP group
on a port to place the port into promiscuous mode and then you issue
a ping command, forwarding performance can be affected and
duplicate ICMP messages might be sent in response to the ping command. [PR/99796]
- The output of the show interfaces diagnostics optics command includes the “Laser rx power low alarm” field
even if the transceiver (such as XENPAK) is a type that does not support
this alarm. [PR/103444]
- For link services queuing (LSQ) interfaces configured
on AS PICs or MultiServices PICs, if you try to include the unit
1023 statement at the [edit interfaces lsq-fpc/pic/port] hierarchy
level and then commit the configuration, you might receive the following
error message: “ifl number: linkservice pic unit number out
of range (0 to 1023).” [PR/237983]
Services Applications
- The output of the show services nat pool command
displays duplicate entries for a single Network Address Translation
(NAT) pool. [PR/34678]
- The output of the show services accounting flow-detail
extensive command might report input and output interfaces incorrectly.
[PR/40446]
- When you configure intrusion detection services (IDS)
on J-series platforms, including the threshold statement
at the [edit services ids rule rule-name term term-name then logging] hierarchy level has no effect.
[PR/46577]
- On Adaptive Services PICs configured for IPSec tunnel
redundancy, if there are a large number of tunnels, sometimes a few
of the tunnels might switch over to the backup tunnel. [PR/46733]
- On routing platforms configured for Internet Key Exchange
(IKE)-based IPSec, if a remote peer using other vendors' equipment
does not renegotiate the IKE security association (SA) when it is
about to expire and continues to send dead peer detection (DPD) requests
on the same SA, the routing platform might not be able to reply to
these messages. [PR/47004]
- If the socket buffer becomes full on a remote router,
you cannot clear all the IPSec security associations (SAs) from the
router. [PR/55189]
- When a routing platform is configured for graceful Routing
Engine switchover and Adaptive Services (AS) PIC redundancy, and a
switchover to the backup Routing Engine occurs, the redundant services
interface (rsp-) only uses the primary services interface
(sp-) if the primary interface is operational. [PR/59070]
- On Monitor Services and Monitor Services II PICs, under
certain circumstances, outgoing packets might be dropped. As a workaround,
restart the PIC. [PR/59432]
- On Monitoring Services II PICs configured for flow collection
services, during memory overload conditions, the flow collector interface
might create files lacking cflowd records and these files might not
be sent to the external FTP server. [PR/62599]
- When you modify a flow collection configuration and commit
the changes, the system log might contain error messages regarding
the commit. These messages do not affect the operation of the router
and can be ignored. [PR/64201]
- On J-series Services Routers, an SNMP query returns a
zero value for the data-link switching (DLSw) MIB dlswTConnTcpConfigKeepAliveInt even if you implement keepalives. [PR/70002]
- For Adaptive Services II PICs, even if you do not configure
flow collector services, a temporary file might be created every 15
minutes in the /var/log/flowc/ directory. The file is deleted
if there are no clients, and re-created only when a client connects
and attempts to write to the file. [PR/75515]
- On J4350 and J6350 Services Routers, when you insert a
Telephony Gateway Module (TGM) 550 PIM and the PIM is in a reset
state, the router might not respond to any show chassis commands
for up to 5 seconds. [PR/78695]
Routing Protocols
- When you include the as-path atomic-aggregate statement at the [edit routing-options aggregate defaults as-path] hierarchy level to manually add the ATOMIC_AGGREGATE attribute
on a BGP AS path, the attribute is not added. [PR/2527]
- When you issue the show pim statistics command
to view traced PIM protocol traffic, messages sent to the rendezvous
point (RP) might not increment the Register counter. [PR/13887]
- When you issue the mtrace command from a UNIX
client, the router does not respond to a query that requires multicast
response, but responds correctly to any query that requires unicast
response. As a result, the first two probes time out. The third probe
is the unicast response probe, which usually succeeds. [PR/17237]
- When you configure a DVMRP interface, the CLI incorrectly
allows you to configure a metric higher than 32. Values higher than
32 are not valid. [PR/33429]
- When virtual links are configured on a router, OSPF graceful
restart might not work as expected. [PR/36947]
- If a router receives a Pragmatic General Multicast (PGM)
Source Path Message (SPM), it does not create a forwarding cache,
nor does it forward the message to other routers as a heartbeat, as
specified in RFC 3208. Also, the router's multicast cache might time
out if it does not receive actual PGM data (ODATA) for more than 6
minutes. As a workaround, configure the PGM source application to
send PGM ODATA at least once every 6 minutes. The ODATA acts as the
heartbeat message in lieu of the SPM messages and ensures that the
multicast and forwarding caches are created and updated. [PR/37504]
- If secondary addresses are configured on an interface,
Bidirectional Forwarding Detection (BFD) might establish a session
for only one address at a time on a random basis. [PR/38498]
- If you configure the sham-link statement at the
[edit routing-instances instance-name protocols
ospf area] or [edit routing-instances instance-name protocols ospf] hierarchy level on a provider edge (PE) router,
extraneous OSPF link-state advertisements (LSAs) might be added. In
some cases, this can result in a routing loop between the customer
edge (CE) and PE routers. [PR/40000]
- OSPF trace information might include misleading authentication
data for outbound packets. [PR/43254]
- The address fields in the BGP MIB are not compatible with
IPv6 address lengths. [PR/51150]
- If you include the vpn-group-address statement
at the [edit routing-instance routing-instance-name protocols pim] hierarchy level in a routing instance of type
VRF, and you change the router ID or loopback address value in a master
routing instance, the router might lose connectivity with other provider
edge (PE) routers for the VPN. As a workaround, deactivate the vpn-group-address statement at the [edit routing-instance instance-name protocols pim] hierarchy level, commit
the configuration, reactivate the statement, and commit the configuration
again. [PR/51839]
- When you configure damping globally and use the import
policy to not damp specific routes, and a new route is received from
a peer with the local interface address as the next hop, the route
is added to the routing table with default damping parameters, even
though the import policy has a nondefault setting. As a result, damping
settings do not change appropriately when the route attributes change.
[PR/51975]
- When the IGMP/MLD SSM-Map feature is enabled on a LAN
interface with multiple receiving hosts, the router might continue
to forward traffic for the group until the IGMP group membership timeout
interval expires, even though all receivers might have already left
the group. [PR/61538]
- If you issue the show ldp traffic-statistics command,
the following system log message might be generated for all forwarding
equivalence classes (FECs) with an ingress counter set to zero: “send
rnhstats GET: error: ENOENT -- Item not found.” [PR/67647]
- If you enable ICMP tunneling on the router and then configure
a new logical router that does not have ICMP tunneling enabled, the
feature is disabled globally. [PR/81884]
- For the igmpInterfaceIfIndex object in the Internet
Group Management Protocol (IGMP) MIB (IGMP-STD-MIB), the routing platform
reports the ifIndex value of the logical interface rather
than the expected snmpIfIndex value for the index of the
table. [PR/98358]
- When routes are exported into OSPF and then you deactivate
OSPF, the routing protocol process (rpd) might generate a core file
and stop operating. [PR/232362]
MPLS Applications
- If you configure a label-switched path (LSP) with the no-cspf statement at the [edit protocols mpls] hierarchy
level, the LSP might cycle up and down several times before stabilizing.
[PR/10415]
- The local bandwidth log for a Constrained Shortest Path
First computation might show an incorrect value. [PR/21369]
- If a cross-connected circuit (CCC) traverses a forwarding
adjacency (FA) label-switched path (LSP), traffic forwarding might
be affected. [PR/60088]
- RSVP graceful restart does not function for LSPs that
have a forwarding adjacency (FA) label-switched path (LSP) as a next
hop. [PR/60256]
- When you modify the primary path for an MPLS LSP by using
the delete protocols mpls label-switched-path lsp-path-name primary path-name command in configuration
mode, followed by the set protocols mpls label-switched-path lsp-path-name
primary path-name command, and then issue the commit command, the entire LSP (both primary and secondary) is torn down
and then rebuilt from scratch. As a workaround, issue the delete
protocols mpls label-switched-path lsp-path-name primary path-name command in configuration
mode followed by the commit command. Then issue the set
protocols mpls label-switched-path lsp-path-name primary path-name command followed by
the commit command. [PR/62365]
- If you configure a point-to-multipoint label-switched
path (LSP) and a point-to-multipoint transmit switch and commit the
configuration, the routing protocol process (rpd) might stop operating
and dump core. [PR/67488]
- When you enable per-packet load balancing on parallel
label-switched paths (LSPs), traffic is evenly balanced across the
paths even though the output of the show mpls lsp ingress command might display all the routes on only one of the LSPs. [PR/70487]
- If you include the | resolve option when you
issue the show ldp neighbor and show ldp session commands, addresses might not be resolved in the output. [PR/77732]
VPNs
- When you modify the frame-relay-tcc statement
at the [edit interfaces interface-name unit logical-unit-number] hierarchy level of a Layer 2
VPN, the connection for the second logical interface might not come
up. As a workaround, restart the chassis process (chassisd) or reboot
the router. [PR/32763]
- If you configure a Layer 2 circuit across a logical tunnel
interface that uses Ethernet VPLS encapsulation, the Layer 2 circuit
connection might not come up. As a workaround, configure Ethernet
encapsulation on the logical tunnel interface. [PR/100161]
Class of Service
- When you configure an ES PIC, a log message similar to
“fpc0 LCHIP(3): Unable to fathom what channel used by IFD 432”
might be displayed. There is no operational impact. [PR/36184]
- If you deactivate or activate an aggregated Ethernet interface,
the Packet Forwarding Engine might report errors. [PR/50090]
- The JUNOS software does not support the IEEE-802.1p rewrite
rule when a logical tunnel interface (lt) is the outbound
interface. [PR/55903]
- If you try to configure a scheduler map containing two
forwarding classes that are mapped to the same queue, the class-of-service
scheduler is not applied to the Packet Forwarding Engine. As a workaround,
configure a single forwarding class for each of the available queues.
[PR/57907]
- On M-series routers connected by VLAN circuit cross-connects
(CCCs) and configured with class of service (CoS), when explicit forwarding
(EF) traffic is generated from the ingress customer edge router (CE1)
to the egress customer edge router (CE2), the ingress provider edge
router (PE1) properly marks the packets with default EXP bits and
sends the packets out queue 1, but the intermediary core router forwards
all traffic through queue 0 instead of sending it through the EF queue.
As a workaround, include the no-control-word statement at
any of the following hierarchy levels: [edit logical-routers logical-router-name protocols l2circuit neighbor address interface interface-name], [edit protocols l2circuit neighbor address interface interface-name], [edit logical-routers logical-router-name routing-instances routing-instance-name protocols l2vpn], or [edit routing-instancesrouting-instance-name protocols l2vpn]. [PR/65280]
- When you configure a specific classifier for a logical
unit, it does not override the fixed classifier configured using wildcards.
[PR/68888]
- On J-series Services Routers, if you configure a single
policy statement that includes both the from community match
condition (to match on BGP communities) and the then forwarding-class action (to apply a class-of-service forwarding class), the policy
might not work and the router might generate the following system
log message: “kernel: RT_PFE: RT msg op 12 (Undefined) failed,
err 5 (Invalid).” [PR/73885]
Forwarding and Sampling
- When you perform Routing Engine-based sampling without
a Collector PIC installed, the /var/log/sampled trace file
reports that it is unable to update the collector configuration. This
message can be ignored. [PR/68198]
- There is an issue with the configuration of interface
output sampling on T-series routing platforms. Packets might pass
through the output firewall. The workaround is to configure a firewall
filter on the output interface with the then sample statement
and the then next term statement. There is no difference
in the functionality for these two configurations. [PR/70473]
Network Management
- The following groups of MIB objects do not segregate the
data they return according to the routing instance specified in an
SNMP request: vrrpMIB, jnxCosIfqStatsTable, and jnxCosQstatTable. [PR/63045]
- Sometimes the default routing instance (configured at
the default logical router level) does not report the physical interface
associated with the logical interface. [PR/66793]
[
Contents]
[
Prev]
[
Next]
[
Report an Error]