[Contents][Prev][Next][Report an Error]

Current Software Release

The current software release is Release 8.2R4. For information about obtaining the software packages, see M-series, MX-series, and T-series Upgrade and Downgrade Instructions or J-series Upgrade and Downgrade Instructions, depending on your router platform.

Resolved Issues

The following issues have been resolved since JUNOS Release 8.2R3.6. The identifier following the description is the tracking number in our bug database.

Platform and Infrastructure

With JUNOS Release 8.0 or higher, some XENPAK transceivers might report spurious temperature, laser bias, laser output, and receive optical power alarms that are cleared again after about 10 seconds. There is no operational impact. [PR/98428: This issue has been resolved.]

User Interface and Configuration

If the configuration includes a commit script that uses the jcs:invoke routine, the router fails to boot successfully. [PR/95960: This issue has been resolved.]

Interfaces and Chassis

On Channelized STM1 PICs, a tributary unit alarm indication signal (TU-AIS) alarm enabled for one channel might cause another channel to shut down. [PR/55357: This issue has been resolved.]
When you attempt to force a switch between a working-protect APS circuit pair by disabling the active interface, APS might not function properly. [PR/71083: This issue has been resolved.]
On J-series Services Routers, configuring more than one VRRP group on a port puts the port into promiscuous mode. Forwarding performance can be affected and duplicate ICMP messages might be sent in response to the ping command. This problem applies to 1-port Gigabit Ethernet ePIMs on all J-series platforms, and built-in Gigabit Ethernet interfaces on the J4350 and J6350 Services Routers. [PR/99796: This issue has been resolved.]
When a switchover event occurs on a routing platform with a configuration that has a large number of IPv6 routing instances configured, it is possible that the Routing Engine that was previously the master is unable to synchronize the kernel database after switchover. [PR/105268: This issue has resolved.]

Routing Protocols

If a local route is imported from another routing instance, it might not be installed in the forwarding table. A message like the following might appear in the system log: 'timestamp router rpd[PID]: KRT ADD for 10.10.10.10/32 => { ifl interface-index addr 10.10.10.10 } failed, error "ENOENT -- Item not found". [PR/234918: This issue has been resolved.]

Class of Service

On J-series Services Routers, if you configure a single policy statement that includes both the from community match condition (to match BGP communities) and the then forwarding-class action (to apply a class-of-service forwarding class), the policy might not work and the router might generate the following system log message: “kernel: RT_PFE: RT msg op 12 (Undefined) failed, err 5 (Invalid).” [PR/73885: This issue has been resolved.]

Forwarding and Sampling

On an M120 router, if the then statement in a firewall filter (at the [edit firewall filter filter-name term term-name] hierarchy level) includes both a policer statement and a count statement, the filter might not handle packets as specified by the configuration. [PR/105465: This issue has been resolved.]
Depending on the configuration, firewall processes might leak memory when a commit operation is performed. [PR/230772: This issue has been resolved.]

Outstanding Issues

Software Installation

For hard disks that were originally formatted by JUNOS Release 4.4 or earlier, after you issue the request system snapshot partition command, the router cannot boot from the hard disk. As a workaround, issue the request system snapshot command before upgrading. [PR/36742]

Platform and Infrastructure

When the Monitoring Services PIC is overloaded, the output from the show services accounting flow-detail command might freeze. [PR/32896]
On T-series platforms, a Layer 2 maximum transmission unit (MTU) check is not supported for MPLS packets exiting the routing platform. [PR/46238]
When you configure a source class usage (SCU) name with an integer (for example, 100) and use this source class as a firewall filter match condition, the class identifier might be misinterpreted as an integer, which might cause the filter to disregard the match. [PR/50247]
On a T640 routing platform, you can exceed the hardware limit of the platform if you configure link protection by including the link-protection statement at the [edit protocols mpls label-switched-path lsp-name] hierarchy level, or if you configure a triple-push operation by including the exp-push-push-push statement at the [edit class-of-service interfaces interface-name unit logical-unit-number rewrite-rules] hierarchy level in conjunction with VLAN tagging and Ethernet-based Layer 2 circuit configuration. In the case of link protection, the problem is transitory while the platform changes to link-protection mode. [PR/51688]
When a Monitoring Services PIC is overloaded with traffic, the FPC might take the PIC offline and repeatedly send the same error message. The error message does not affect normal operation of the FPC and other PICs. As a workaround, restart the FPC and bring the PIC online. [PR/55981]
Even if you do not configure IPSec, the key management process (kmd) opens UDP port 500. [PR/59054]
If you configure several DNS servers by including the name-server statement at the [edit system] hierarchy level, the JUNOS software uses only the first three configured DNS servers. [PR/59172]
On a Monitoring Services III PIC configured as a dynamic flow capture interface (dfc-fpc/pic/port), when you configure the next hop in a forwarding path, port-mirrored packets might become corrupted. [PR/60799]
On an M320 router with an Enhanced FPC Type 2, an interrupt might be sent to an interface that has transitioned to the Down state. An error will be recorded for this event. [PR/61236]
Packet capture is not supported with MLPPP encapsulation. However, the CLI does not prevent you from enabling packet capture on an interface with MLPPP encapsulation. If packet capture is enabled in the input direction on an interface with MLPPP encapsulation, input packets on that interface are captured on the output interfaces. [PR/64615]
If you configure 11 or more logical interfaces in a single VPLS instance, VPLS statistics might not be reported correctly. [PR/65496]
In a routing matrix configured for graceful Routing Engine switchover (GRES), when the master Routing Engine of a T640 routing node (line-card chassis, or LCC) enters debug mode, it does not release mastership. [PR/66308]
When a large number of kernel system log messages are generated, the log information might become garbled and the severity level could change. This behavior has no operational impact. [PR/71427]
If you configure two IPv6 addresses with the same prefix on a single logical interface, the backup Routing Engine might stop operating. [PR/72069]
On M320 and T-series routing platforms, there is a process that monitors FPCs while they transition to an online state. If an FPC is busy and cannot complete the transition within the time limit, the process might time out and prevent the FPC from coming online. [PR/72364]
If you configure the same IPv6 address on the fxp0 interface and another public interface within the same routing instance, the backup Routing Engine might restart. [PR/72573]
On M320 and T-series routing platforms, when you configure the local gateway of an IPSec tunnel in a routing instance, IPSec might not function properly over a generic routing encapsulation (GRE) tunnel. [PR/73864]
When a packet's outer label is set to explicit null and the S bit is not set, the LSP ping command does not work. The JUNOS software does not comply with RFC 4182, Removing a Restriction on the use of MPLS Explicit NULL. [PR/74963]
If the next-hop protocol set by the Routing Engine control plane is incorrect, the Packet Forwarding Engine might fail to install a next hop and the following system log messages might be generated: “r-peer /kernel: RT_PFE: NH IPC op 2 (CHANGE NEXTHOP) failed, err 5 (Invalid)”, “r-peer feb L2RW: Unsupported ethernet protocol Decap.”, “r-peer feb L2RW: Fails Encapsulation Generation”, “r-peer feb NH(nh_ucast_add): failed to install decap L2 program for Decap.” There is no operational impact. [PR/75103]
For J-series Services Routers, if you send a real-time performance monitoring (RPM) probe through an IPSec tunnel and the probe includes the hardware-timestamp statement at the [edit services rpm probe owner-name test test-name] hierarchy level, RPM icmp-ping type probes might not work. [PR/75927]
On the T-series routing platform, some MPLS traffic patterns might not load-balance correctly. The workaround is to include the label-1, label-2, and label-3 configuration statements at the [edit forwarding-options hash-key family mpls] hierarchy level to achieve acceptable load balancing. [PR/76227]
When you configure the router to log activity with a firewall filter or perform Routing Engine-based sampling, and heavy traffic passes through the router, the following error message might be displayed: "PKTR DMA age error cell counter incremented". The error indicates that some packet loss might be occurring for firewall filter logging or Routing Engine-sampling. However, transit traffic is not affected. [PR/78712]
On M160 routers, if the router generates the system log message “router fpc5 DXO: Plane 2, links inactive (0x00),” traffic loss and loss of routing protocol adjacencies might occur. [PR/78795]
On M160 and M40e routers, a hardware error on the Switch Fabric Module (SFM) might cause the board to reboot. [PR/79236]
On the T-series routing platform, when you include the no-labels configuration statement at the [edit forwarding-options hash-key family mpls] hierarchy level, the statement is added to the configuration; however, MPLS labels are still included in the hash key. [PR/80334]
For Gigabit Ethernet intelligent queuing (IQ) PICs installed in M-series and T-series routing platforms, system log messages for SFP receive power, laser bias, and temperature alarms might alternate between set and clear. These messages are mostly cosmetic and do not affect performance of the routing platform. [PR/80393]
The AE interface stops functioning when the extended-vlan-vpls encapsulation is configured and LACP is enabled. [PR/81826]
ARP records learned in a VPN routing and forwarding (VRF) instance are not cleared when the peer interface goes down. [PR/82247]
The extended Dynamic Host Configuration Protocol (DHCP) relay agent feature does not function properly on a nondefault logical router. Although the JUNOS CLI permits you to include the dhcp-relay statement at the following hierarchy levels, the feature does not work properly:
- [edit logical routers logical-router-name forwarding-options]
- [edit logical routers logical-router-name routing-instances routing-instance-name forwarding-options]
[PR/82275]
On Fast Ethernet and Gigabit Ethernet PICs, LACP is not supported on an aggregated Ethernet interface that is configured with either extended-vlan-vpls encapsulation or ethernet-vpls encapsulation. As a workaround, use vlan-vpls encapsulation on the aggregated Ethernet interface. This limitation does not apply to aggregated Ethernet interfaces configured on Gigabit Ethernet IQ2 PICs. [PR/94480]
When aggregated Ethernet interfaces handle a large volume of multicast traffic, the kernel might generate system log messages that include the following text: "request type <type> did not expect ipc reply type <type> subtype <subtype> uniquifier <uniquifier>". [PR/95931]
A firewall filter that matches the forwarding class of incoming packets (that is, includes the forwarding-class class statement at the [edit firewall filter filter-name term term-name from] hierarchy level) might incorrectly discard traffic destined for the Routing Engine. Transit traffic is handled correctly. [PR/97722]
On T-series platforms, if you include the indirect-next-hop statement at the [edit routing-options forwarding-table] hierarchy level for VPN routes, routing ASIC SRAM utilization increases by approximately 30 percent. [PR/98738]
On J-series Services Routers, you cannot use a USB device (such as the U3 Titanium from SanDisk Corporation) that provides U3 features as the media device during system boot. You must remove the U3 support before using the device as external media. For the U3 Titanium device, you can use the U3 Launchpad Removal Tool on a Windows-based system to remove the U3 features. The tool is available for download at http://www.sandisk.com/Retail/Default.aspx?CatID=1415. (To restore the U3 features, you can use the U3 Launchpad Installer Tool accessible at http://www.sandisk.com/Retail/Default.aspx?CatID=1411.) [PR/102645]
When an address rename operation is performed on Gigabit Ethernet interfaces, filters are removed and then added back. The operation can sometimes be replicated to the backup Routing Engine as a single change. In this scenario, the backup Routing Engine attempts to delete the filter and add it back using the index specified by the master Routing Engine. However, the entry is not deleted, leading to a mismatch in the index usage between the master and backup Routing Engines, causing a kernel panic. [PR/258927]

User Interface and Configuration

If you use NETCONF to modify the configuration datastore when it has been locked by another NETCONF session, or if you try to delete a configuration statement that does not exist, you see both <rpc-error> and <ok/> at the same time in the <rpc-reply> tag. [PR/62664]
In the J-Web configuration editor, when you select System>Syslog >File >Messages >Explicit priority, the J-Web event viewer does not show the event ID. When you select System>Syslog >Time format>Millisecond, the J-Web event viewer does not filter messages. [PR/70523]
If a static route's next hop is simultaneously edited by two private edit sessions, it might cause a commit conflict and loss of some next-hop entries. [PR/72039]
If the configuration includes both commit script (at the[edit system scripts commit] hierarchy level) and control characters from the ISO C0 set (included at any hierarchy level), an attempt to commit the configuration fails. The workaround is to remove the control characters from the configuration. [PR/82384]
A user cannot log in to the J-Web client through RADIUS or TACACS authentication if the user profile already has authorization parameters specified on the server side. As a workaround, ensure that the user profile parameters are not specified or are set with empty values on the server. [PR/94445]

Interfaces and Chassis

On aggregated SONET/SDH interfaces, the counter for drops and errors in the show interfaces command output does not display the correct value, because the counter does not collect data from the constituent interfaces within the aggregate. [PR/23577]
On ATM interfaces, when the IP address of a remote device is changed, the output of the show ilmi interface command on the local routing platform might continue to display the old IP address for the remote device. [PR/24126]
On channelized E1 interfaces, you might be able to configure clocking on ds-fpc/pic/port:n interfaces, where n is not unit 0. This is an invalid configuration and might cause a clocking selection problem on the other channels. [PR/24722]
If virtual channel identifiers (VCIs) for a large number (approximately 400) of virtual connections (VCs) on an ATM DS3 interface are changed frequently, the interface might mishandle the ATM cells. As a result, OSPF and IS-IS neighbor adjacencies might not remain stable. [PR/25639]
On a 2-port OC12 ATM2 IQ interface, the total virtual path (VP) downtime might not appear correctly in the show interfaces command output. [PR/27128]
On a 2-port OC12 ATM2 IQ interface, if you configure and then change the virtual path (VP) setting, the SNMP jnxAtmVpTotalDownTime counter might be reset. [PR/27131]
On an OC3 ATM2 intelligent queuing (IQ) interface, when you configure a shaping rate greater than the speed of the OC3 link and commit the configuration, the actual shaping rate might be less than the interface speed. [PR/27459]
On ATM2 IQ interfaces, when you configure the atm-l2circuit-mode statement, the control word sequence number is not reset to 1 after the transmit sequence number reaches 65,535. [PR/31669]
On MPLS networks, even when the atm-l2circuit-mode aal5 statement at the [edit chassis fpc fpc-slot pic pic-slot] hierarchy level is included in the configuration, the CLP and EFCI bits are not carried across a Layer 2 circuit. [PR/31735]
On M20 and M40 routers, when a physical layer problem affects a SONET/SDH interface, carrier transition statistics might not increment correctly in the output of the show interfaces extensive command. [PR/33325]
When you configure both the bundle link and constituent links at the [edit logical-routers logical-router-name interfaces] hierarchy level, the constituent links do not come up. As a workaround, configure the constituent links at the [edit interfaces] hierarchy level. [PR/35578]
On ATM2 DS3 and E3 interfaces, when you configure ATM point-to-multipoint permanent virtual circuits (PVCs), the following error messages might appear in the system log: “/kernel: RT_COS: COS IPC op 4 (CLASS TO IFL) failed, err 1 (Unknown),” “ssb BCHIP 0: invalid entry type 127 at stream 8 channel 0 for ifl 83,” and “ssb COSMAN: mapping table bind to ifl 83 failed.” There is no operational impact. [PR/36524]
When an ATM interface configured for CCC encapsulation receives MPLS packets that exceed 484 bytes, the packets can overflow the buffer and cause the ATM PIC to hang. As a workaround, take the PIC offline and bring it back online. [PR/39918]
When an IPSec firewall filter is applied to match traffic sent across a generic routing encapsulation (GRE) tunnel and originating from the local routing platform, the local traffic is dropped. Transient traffic is not affected. [PR/44871]
On channelized T3 interfaces, the T1 loopback state does not reflect loopbacks set by facilities data link requests using the remote-loopback-respond statement at the [edit interfaces interface-name t1-options] hierarchy level. [PR/45837]
When the data-link connection identifier (DLCI) is greater than 335 on a Link Services PIC with Multilink Frame Relay (MLFR) configured, the ping command might fail. [PR/49567]
On a Link Services PIC, the CLI might incorrectly allow you to configure a logical tunnel interface (interface identifier lt); however, the resulting interface might not work correctly. [PR/49818]
If an MLPPP LSQ bundle carries a large volume of link fragmentation and interleaving (LFI) traffic and a small proportion of multilink traffic, packets might be dropped on the egress constituent links. [PR/56664]
For ISDN dialer interfaces in a J-series Services Router, when you configure the no-keepalives statement at the [edit interfaces dl0 unit logical-unit-number] hierarchy level and you issue the show interfaces dl0 command, the Link flags field might still show keepalives. [PR/58520]
If you disable an adaptive services interface by including the disable statement at the [edit interfaces sp-fpc/pic/port] hierarchy level and then delete the disable statement from the configuration, IPSec service is not reset correctly. As a workaround, either issue the deactivate services command followed by the activate services command, or issue the request chassis pic offline fpc-slot slot-number pic-slot pic-number command followed by the request chassis pic online fpc-slot slot-number pic-slot pic-number command. [PR/58522]
When you take an ISDN interface offline on a J-series Services Router, the LEDs on the ISDN interface card might not turn off. [PR/59536]
On ISDN interfaces in a J-series Services Router, if you configure the vrf-table-label statement at the [edit routing-instances instance-name] hierarchy level, packets might be dropped from the connection. [PR/59718]
On ISDN dialer interfaces in a J-series Services Router, if you configure the minimum-links statement at the [edit interfaces dl0 unit logical-unit-number] hierarchy level and then deactivate the BRI interface associated with the dialer interface, the output packets counter displayed in the output of the show interfaces dl0 command might continue to increment. [PR/59986]
On ISDN dialer interfaces in a J-series Services Router, when you configure the load-threshold 100 statement at the [edit interfaces dl0 unit logical-unit-number dialer-options] hierarchy level and the 56-Kbps bandwidth threshold is exceeded, the interface does not support additional network traffic and might not activate another BRI interface. [PR/60045]
On J-series Services Routers, if you oversubscribe an E1 interface, latency on the high priority queue might be higher than expected. As a workaround, configure a shaping rate on the E1 interface that is equal to the line rate minus the E1 framing overhead. [PR/60595]
If you configure IS-IS, MPLS, and graceful Routing Engine switchover (GRES) and a switchover event occurs, the routing platform might end the PPP IP Control Protocol (IPCP) sessions and renegotiate them if the remote side has changed interface MTU settings prior to the switchover event. [PR/61121]
If you configure graceful Routing Engine switchover and issue the request chassis routing-engine master acquire command, in rare cases the master Routing Engine might fail to relinquish mastership or the switchover to the backup Routing Engine might take up to 360 seconds. [PR/61821]
For Automatic Protection Switching (APS) on SONET/SDH interfaces, there are no operational mode commands that display the presence of APS mode mismatches. An APS mode mismatch occurs when one side is configured to use bidirectional mode, and the other side is configured to use unidirectional mode. [PR/65800]
For aggregated Ethernet interfaces on T640 and TX Matrix platforms, the show interfaces extensive command sometimes reports extremely large incorrect values in the Dropped packets column of the Queue counters output. As a workaround, issue the clear interfaces statistics command. [PR/65857]
J4350 and J6350 Services Routers might not have enough data buffers to meet expected delay-bandwidth requirements. This might degrade class-of-service (CoS) performance with smaller-sized packets (500 bytes or less). [PR/73054]
On M20 routers, when you start the router with Routing Engine 0 and System and Switching Board (SSB) 0 as master components, issue the request chassis routing-engine master switch command, and then log in to Routing Engine 1 and issue the request chassis ssb master switch and request system reboot commands, the online LED light might remain lit on both SSBs. [PR/74283]
On J-series Services Routers, if you configure an IPSec-over-GRE tunnel, there might be fragmentation issues. As a workaround, delete the clear-dont-fragment statement and the mtu statement on the GRE interface, and include the tunnel-mtu 9192 statement at the [edit services ipsec-vpn rule rule-name term term-name then] hierarchy level on both sides of the connection. [PR/74377]
On J-series Services Routers, the counts of input and output bytes and packets in the output of the show interfaces dl0 extensive command (for example, in the Traffic statistics section of the output) might be incorrect. [PR/77922]
On the M120 router, for a Forwarding Engine Board (FEB) redundancy group that does not have a primary FEB configured, when a switchover from a nonprimary FEB occurs, the backup FEB does not reboot, and the Flexible PIC Concentrators (FPCs) connected to the previously active FEB remain online. The backup FEB could take minutes to obtain the entire forwarding state from the Routing Engine following a switchover. If you do not want the interfaces to remain online during the switchover from a nonprimary FEB, configure a primary FEB for the redundancy group at the [edit chassis redundancy feb] hierarchy level. [PR/80946]
On J4350 and J6350 Services Routers, if the MTU is set to more than 6KB for a built-in Gigabit Ethernet port or a 1-port Gigabit Ethernet ePIM, packets might be discarded with an FCS error. [PR/82245]
When point-to-multipoint Frame Relay is configured, a core dump might occur. [PR/82303]
If you ping a nonexistent IPv6 address that belongs to the same subnet as an existing point-to-point link, the packet loops between the two point-to-point interfaces until the time to live expires. [PR/94954]
If the delay between VRRP advertisement packets is set to a small value (such as 100 ms) for a number of VRRP groups, and the router configuration is changed and committed several times in quick succession, the VRRP mastership state might be unstable. In other words, if the value of the fast-interval statement at the [edit interfaces interface-name unit logical-unit-number family inet address address vrrp-group group-number] hierarchy level is "100" for several VRRP groups, and configuration changes are committed several times in quick succession (even changes at other levels of the hierarchy), a VRRP backup router might assume mastership and immediately release it again. As a workaround, set the value of the fast-interval statement to 300 or higher. [PR/102111]
The output of the show interfaces diagnostics optics command includes the Laser rx power low alarm field even if the transceiver is a type (such as XENPAK) that does not support this alarm. [PR/103444]
When a Routing Engine on a routing platform with dual Routing Engines initially boots up as the backup, several router processes might fail to start. [PR/104159]
When IPSec is configured on a logical interface and the protocol family is IPv6, graceful Routing Engine switchover might fail if an MTU change is attempted on that interface. [PR/230128]
When committing a configuration with a large number of new logical interfaces on a Channelized OC-12 IQ PIC and the q-pic-large-buffer statement is included at the [edit chassis fpc slot-numberpic pic-number] hierarchy level, some of the interfaces might not get added. As a workaround, create fewer new logical interfaces at one time and commit the configuration after each set of interfaces is created. [PR/262190]

Services Applications

The output of the show services nat pool command displays duplicate entries for a single Network Address Translation (NAT) pool. [PR/34678]
The output of the show services accounting flow-detail extensive command might report input and output interfaces incorrectly. [PR/40446]
When you configure intrusion detection services (IDS) on J-series platforms, including the threshold statement at the [edit services ids rule rule-name term term-name then logging] hierarchy level has no effect. [PR/46577]
On Adaptive Services PICs configured for IPSec tunnel redundancy, if there are a large number of tunnels, sometimes a few of the tunnels might switch over to the backup tunnel. [PR/46733]
On routing platforms configured for Internet Key Exchange (IKE)-based IPSec, if a remote peer using other vendors' equipment does not renegotiate the IKE security association (SA) when it is about to expire and continues to send dead peer detection (DPD) requests on the same SA, the routing platform might not be able to reply to these messages. [PR/47004]
If the socket buffer becomes full on a remote router, you cannot clear all the IPSec security associations (SAs) from the router. [PR/55189]
When a routing platform is configured for graceful Routing Engine switchover and Adaptive Services (AS) PIC redundancy, and a switchover to the backup Routing Engine occurs, the redundant services interface (rsp-) only uses the primary services interface (sp-), even if the secondary interface was active before the switchover. [PR/59070]
On Monitoring Services I and Monitoring Services II PICs, if the export channel to the external cflowd collector is closed, cflowd records might be lost. As a workaround, restart the PIC. [PR/59432]
On Monitoring Services II PICs configured for flow collection services, during memory overload conditions, the flow collector interface might create files lacking cflowd records and these files might not be sent to the external FTP server. [PR/62599]
When you modify a flow collection configuration and commit the changes, the system log might contain error messages regarding the commit operation. These messages do not affect the operation of the router and can be ignored. [PR/64201]
On J-series Services Routers, an SNMP query returns a zero value for the data-link switching (DLSw) MIB object dlswTConnTcpConfigKeepAliveInt even if you implement keepalives. [PR/70002]
Monitoring PICs might create erroneous cflowd records with zero packet and byte counts and an identical start and end time. [PR/72492]
For Adaptive Services II PICs, even if you do not configure flow collector services, a temporary file might be created every 15 minutes in the /var/log/flowc/ directory. The file is deleted if there are no clients, and recreated only when a client connects and attempts to write to the file. [PR/75515]
The destination IP address assigned to a VP interface can be a duplicate of the address assigned to another interface on the router. This can cause issues with forwarding traffic appropriately to the VP interface. [PR/75535]
On J4350 and J6350 Services Routers, when you insert a Telephony Gateway Module (TGM) 550 PIM and the PIM is in a reset state, the router might not respond to any 'show chassis' commands for up to five seconds. [PR/78965]
When you configure twice NAT with static source and destination translation, ICMP ports are modified in error. For static configuration flows, ports should remain unchanged. [PR/96701]
If Network Address Port Translation (NAPT) is configured and multiple short-lived flows are established, ports on AS PICs might not be assigned correctly. In some cases, this situation causes the AS PIC to stop functioning. [PR/229287]

Routing Protocols

When you include the as-path atomic-aggregate statement at the [edit routing-options aggregate defaults as-path] hierarchy level to manually add the ATOMIC_AGGREGATE attribute on a BGP AS path, the attribute is not added. [PR/2527]
When you issue the show pim statistics command to view traced PIM protocol traffic, messages sent to the rendezvous point (RP) might not increment the Register counter. [PR/13887]
When you issue the mtrace command from a UNIX client, the router does not respond to a query that requires multicast response, but responds correctly to any query that requires unicast response. As a result, the first two probes time out. The third probe is the unicast response probe, which usually succeeds. [PR/17237]
When you configure a DVMRP interface, the CLI incorrectly allows you to configure a metric higher than 32. Values higher than 32 are not valid. [PR/33429]
When virtual links are configured on a router, OSPF graceful restart might not work as expected. [PR/36947]
If a router receives a Pragmatic General Multicast (PGM) Source Path Message (SPM), it does not create a forwarding cache, nor does it forward the message to other routers as a heartbeat, as specified in RFC 3208. Also, the router's multicast cache might time out if it does not receive actual PGM data (ODATA) for more than 6 minutes. As a workaround, configure the PGM source application to send PGM ODATA at least once every 6 minutes. The ODATA acts as the heartbeat message in lieu of the SPM messages and ensures that the multicast and forwarding caches are created and updated. [PR/37504]
If secondary addresses are configured on an interface, Bidirectional Forwarding Detection (BFD) might establish a session for only one address at a time on a random basis. [PR/38498]
If you configure the sham-link statement at the [edit routing-instances instance-name protocols ospf area] or [edit routing-instances instance-name protocols ospf] hierarchy level on a provider edge (PE) router, extraneous OSPF link-state advertisements (LSAs) might be added. In some cases, this can result in a routing loop between the customer edge (CE) and PE routers. [PR/40000]
The address fields in the BGP MIB are not compatible with IPv6 address lengths. [PR/51150]
When you configure damping globally and use the import policy to not damp specific routes, and a new route is received from a peer with the local interface address as the next hop, the route is added to the routing table with default damping parameters, even though the import policy has a nondefault setting. As a result, damping settings do not change appropriately when the route attributes change. [PR/51975]
When the IGMP/MLD SSM-Map feature is enabled on a LAN interface with multiple receiving hosts, the router might continue to forward traffic for the group until the IGMP group membership timeout interval expires, even though all receivers might have already left the group. [PR/61538]
When you issue the show ldp traffic-statistics command, the following system log message might be generated for all forwarding equivalence classes (FECs) with an ingress counter set to zero: "send rnhstats GET: error: ENOENT -- Item not found." [PR/67647]
If ICMP tunneling is enabled on the router and you configure a new logical router that does not have ICMP tunneling enabled, the feature is globally disabled. [PR/81884]
On a provider edge (PE) router configured with Multiprotocol BGP-based multicast VPNs and connected directly to a receiver, if you modify the multicast VPN import target with the import-target statement at the [edit routing-instances instance-name mvpn route-target] hierarchy level, the BGP route reflector might fail to readvertise the multicast VPN routes. As a workaround, issue the clear bgp neighbor soft command on the route reflector to force it to readvertise all multicast VPN routes without resetting the BGP sessions. [PR/104192]
If you configure a forwarding table policy to select a certain next hop to be used for forwarding, whenever this policy is changed or whenever the chosen next hop changes, each affected route is reevaluated and updated in the kernel, causing a longer than expected delay. New RSVP LSPs are created because of LSP reoptimization, triggering the lengthy process of reevaluating and updating each route that has the new LSP as its forwarding next hop. The old LSP is torn down before this process can be completed which causes packet loss. [PR/252796]

Multicast

When a policy with a prefix list is applied to a PIM interface and then another policy with a prefix list is added to or deleted from the router configuration, the routing protocol process (rpd) might restart. The newly added or deleted policy does not need to be applied to a PIM interface in order for the restart to occur. As a workaround, first deactivate the PIM neighbor policy on all PIM interfaces. Then add or delete the other policy. Finally, reactivate the PIM neighbor policy. [PR/262032]

MPLS Applications

If you configure a label-switched path (LSP) with the no-cspf statement at the [edit protocols mpls] hierarchy level, the LSP might cycle up and down several times before stabilizing. [PR/10415]
The local bandwidth log for a Constrained Shortest Path First computation might show an incorrect value. [PR/21369]
If a circuit cross-connect (CCC) traverses a forwarding adjacency (FA) label-switched path (LSP), traffic forwarding might be affected. [PR/60088]
RSVP graceful restart does not function for LSPs that have a forwarding adjacency (FA) label-switched path (LSP) as a next hop. [PR/60256]
When you modify the primary path for an MPLS LSP by using the delete protocols mpls label-switched-path lsp-path-name primary path-name command in configuration mode, followed by the set protocols mpls label-switched-path lsp-path-name primary path-name command, and then issue the commit command, the entire LSP (both primary and secondary) is torn down and then rebuilt from scratch. As a workaround, issue the delete protocols mpls label-switched-path lsp-path-name primary path-name command in configuration mode followed by the commit command. Then issue the set protocols mpls label-switched-path lsp-path-name primary path-name command followed by the commit command. [PR/62365]
If you configure a point-to-multipoint label-switched path (LSP) and a point-to-multipoint transmit switch and commit the configuration, the routing protocol process (rpd) might stop operating and dump core. [PR/67488]
When you enable per-packet load balancing on parallel label-switched paths (LSPs), traffic is evenly balanced across the paths even though the output of the show mpls lsp ingress command might display all the routes on only one of the LSPs. [PR/70487]

VPNs

When you modify the frame-relay-tcc statement at the [edit interfaces interface-name unit logical-unit-number] hierarchy level of a Layer 2 VPN, the connection for the second logical interface might not come up. As a workaround, restart the chassis process (chassisd) or reboot the router. [PR/32763]
If you configure a Layer 2 circuit across a logical tunnel interface that uses ethernet-vpls encapsulation, the Layer 2 circuit connection might not come up. As a workaround, use "ethernet" encapsulation on the logical tunnel interface. [PR/100161]

Class of Service

When you configure an ES PIC, a log message similar to “fpc0 LCHIP(3): Unable to fathom what channel used by IFD 432” might be displayed. There is no operational impact. [PR/36184]
If you deactivate or activate an aggregated Ethernet interface, the Packet Forwarding Engine might report errors. [PR/50090]
If you include the dscp-ipv6 statement at the [edit class-of-service interfaces interface-name unit logical-unit-number classifiers] hierarchy level and then deactivate it or delete it from the configuration, the default IPv6 classifier is not activated. As a workaround, manually configure the default option with the dscp-ipv6 statement. [PR/54906]
When a logical tunnel (lt) interface is the outbound interface, JUNOS software does not support the IEEE-802.1p rewrite rule. [PR/55903]
If you try to configure a scheduler map containing two forwarding classes that are mapped to the same queue, the class-of-service scheduler is not applied to the Packet Forwarding Engine. As a workaround, configure a single forwarding class for each of the available queues. [PR/57907]
On M-series routers connected by VLAN CCCs and configured with QoS, when EF traffic is generated from CE2 to CE2, the PE1 router properly marks the packets with default EXP bits and sends the packets out queue 1, but the intermediary router forwards all the packets through queue 0 instead of sending them through the EF queue. The workaround is to include the no-control-word statement at any of the following hierarchy levels: [edit logical-routers logical-router-name protocols l2circuit neighbor address interface interface-name], [edit protocols l2circuit neighbor address interface interface-name], [edit logical-routers logical-router-name routing-instances routing-instance-name protocols l2vpn], or [edit routing-instances routing-instance-name protocols l2vpn]. [PR/65280]
When you configure a specific classifier for a logical unit, it does not override the fixed classifier configured using wildcards. [PR/68888]
If you configure CoS traffic control profiles on every logical interface by using the '*' wildcard to represent the interfaces, the configuration cannot be committed. In other words, the commit operation fails if you include the input-traffic-control-profile and output-traffic-control-profile statements at the [edit class-of-services interfaces type-fpc/pic/port *] hierarchy level. [PR/100690]

Forwarding and Sampling

When you perform Routing Engine-based sampling without a Monitoring Services II PIC installed, the /var/log/sampled trace file reports that it is unable to update the collector configuration. This message can be ignored. [PR/68198]
When you configure interface output sampling on T-series routing platforms, packets might pass through the output firewall. As a workaround, configure a firewall filter on the output interface with the then sample statement and the then next term statement. [PR/70473]
On the M120 router, you can configure a burst size limit larger than 60 percent of the bandwidth, but such a limit exceeds the hardware's capacity. The resulting policer has invalid parameters, so interfaces to which it is applied might be unable to forward traffic. [PR/99758]
A filter match against the TTL or IP option fields does not work on I-chip-based routers. [PR/231915]

Network Management

The following groups of MIB objects do not segregate the data they return according to the routing instance specified in an SNMP request: vrrpMIB, jnxCosIfqStatsTable, and jnxCosQstatTable. [PR/63045]
Sometimes the default routing instance (configured at the default logical router level) does not report the physical interface associated with the logical interface. [PR/66793]

[Contents][Prev][Next][Report an Error]