[
Contents]
[
Prev]
[
Next]
[
Report an Error]
Current Software Release
The current software release is Release 8.3R4. For information
about obtaining the software packages, see M-series, MX-series, and T-series Upgrade and Downgrade Instructions or , depending on your router
platform.
Resolved Issues
Platform and Infrastructure
- If you configure two IPv6 addresses with the same prefix
on a single logical interface, the backup Routing Engine might stop
operating. [PR/72069: This issue has been resolved.]
- If you enable logging for the Compact Forwarding Engine
Board (CFEB) on an M7i router, the router might generate a core file
and stop operating. As a temporary workaround, disable logging on
the CFEB serial console by issuing the set syslog tty disable command. [PR/77794: This issue has been resolved.]
- The MultiServices PIC might not work correctly when the
PIC is loaded and frequent commands related to the PIC are issued.
[PR/81826: This issue has been resolved.]
- If a MultiServices PIC processes more than 250 Kpps, the PPS overload field in the output from the show services
accounting errors command is erroneously set to Yes.
[PR/95312: This issue has been resolved.]
- If a small form-factor pluggable transceiver (SFP) does
not respond to a request for diagnostic data, a message is written
to the system log. The message is unnecessary because the failure
to respond has no operational impact. [PR/97718: This issue has been
resolved.]
- Under some circumstances, the interface process (ifd) is interfering with the operation of an LSI interface. [PR/102431:
This issue has been resolved.]
- On J-series Services Routers configured with an IPSec
tunnel, when you disable the loopback interface, OSPF randomly chooses
a router ID and sends a routing update to the remote router using
the IPSec tunnel endpoint, causing the packet to loop. Traffic forwarding
stops and a core file is generated. As a workaround, prevent looping
by including the router-id statement at the [edit routing-options] hierarchy level on both routers. [PR/233271: This issue has been
resolved.]
- When you configure an interface to be part of a VPN routing
and forwarding (VRF) instance and a class-of-service (CoS) DiffServ
codepoint rewrite configuration is applied to the interface, the traffic
might be sent to an incorrect egress logical interface. [PR/238368:
This issue has been resolved.]
- In certain rare circumstances, an M-series router might
generate a core file and restart when it tries to determine the best
match for a specified route prefix. [PR/239837: This issue has been
resolved.]
- When the vrf-table-label statement is deactivated
at the [edit routing-instances instance-name] hierarchy level, the counts of input bytes and packets for
the physical interface in the output of the show interfaces extensive command are twice the actual values. [PR/253946: This issue has
been resolved.]
- When an address rename operation is performed on Gigabit
Ethernet interfaces, filters are removed and then added back. The
operation can sometimes be replicated to the backup Routing Engine
as a single change. In this scenario, the backup Routing Engine attempts
to delete the filter and add it back using the index specified by
the master Routing Engine. However, the entry is not deleted, leading
to a mismatch in the index usage between the master and backup Routing
Engines, which causes the Routing Engine to produce a core file and
stop operating. [PR/258927: This issue has been resolved.]
- The UDP ping server does not respond to probes sent through
a routing instance other than the default (inet.0). [PR/260097:
This issue has been resolved.]
- If there a lot of aggregate next hops and BGP routes pointing
at some of them, a quick link flap combined with the BGP route churn
might cause the Packet Forwarding Engine to restart unexpectedly.
[PR/268204: This issue has been resolved.]
- With certain traffic patterns, MX-series and M320 routers
with 3.0 forwarding ASICs might experience packet loss. To recover,
you must reboot the affected DPC. [PR/268274: This issue has been
resolved.]
User Interface and Configuration
- The show chassis hardware command output does
not display 10-Gigabit Ethernet IQ2 PIC model and part numbers. [PR/240302:
This issue has been resolved.]
- After the following sequence of operations, all parts
of a multiword configuration statement might not be deleted: issue
the rollback or load update command to change the
configuration, commit it, issue the delete command to remove
the multiword statement from the new candidate configuration, and
commit the configuration. [PR/240983: This issue has been resolved.]
- If a client application that uses the JUNOScript Perl
module uses Telnet to connect to the JUNOScript server, the login
name or password used by the application cannot include special characters.
[PR/241236: This issue has been resolved.]
- When you grant all JUNOS permissions to users in a login
class by including the permissions all statement at the [edit system login class class-name] hierarchy
level, users in the class might not be not granted all permissions.
[PR/251722: This issue has been resolved.]
- TACACS+ accounting start/stop requests are incompatible
with the Cisco Access Control Server (ACS). The fix is to add the no-cmd-attribute-value statement at the [edit system tacplus-options] hierarchy level. When this statement is enabled, the JUNOS software
sets the value of the cmd attribute in TACACS+ accounting
start/stop requests to a null string. This is the behavior the Cisco
ACS expects in order to save accounting requests to the Accounting
file; otherwise, the requests are saved to the Administration file.
[PR/252472: This issue has been resolved.]
Interfaces and Chassis
- When you configure point-to-multipoint Frame Relay, the
router might generate a core file. [PR/82303: This issue has been
resolved.]
- If you clear IPv6 statistics, deactivate IPv6 route accounting
at the [edit forwarding-options family inet6 route-accounting] hierarchy level, and resume IPv6 traffic across an interface, the Input bytes and Input packets fields in the output
of the show interfaces extensive command might show incorrect
values. [PR/99461: This issue has been resolved.]
- On M120 routers, MX-series routers, and Enhanced III FPCs
on M320 routers, an interface might stop forwarding traffic after
it receives an IPv6 packet that has an invalid payload. The interface
still accepts traffic, but discards all outgoing packets. To recover,
reboot the FEB on M120 routers, the DPC on MX-series routers, or the
FPC on M320 routers. There is no workaround. [PR/105266: This issue
has been resolved.]
- When graceful Routing Engine switchover is enabled and
you use the request system reboot command to reboot the master
Routing Engine, if an FPC does not establish its connection to the
new master Routing Engine before the previous master shuts down, the
FPC restarts. [PR/234207: This issue has been resolved.]
- On MX-series Ethernet services routers with dual Routing
Engines, when you include the master-only statement at the [edit interfaces fxp0 unit logical-unit-number family (inet|inet6) address address] hierarchy
level and issue the commit synchronize command, the following
message might be written to the system log on the backup Routing Engine:
“DCD_CONFIG_WRITE_FAILED: Interface fxp0, configuration write
failed for an IFA ADD: Operation not supported.” When you perform
a Routing Engine switchover, the following message might be written
to the log on both master and backup Routing Engines: “KERN_ARP_DUPLICATE_ADDR:
duplicate IP address master-only-address! sent
from address: mac-address (error count = count).” There is no operational impact. [PR/235956:
This issue has been resolved.]
- It is not valid to include the accept-data statement
at the [edit interfaces interface-name unit logical-unit-number family inet address address vrrp-group group-number] address if you
also include the virtual-address statement at that level
with a value that is the same as in the grandparent address address statement. When you try to commit such a
configuration, the following message appears: “WARNING: Can't
have accept-data and IP address owner on interface interface-name.xx,” where xx is
the interface’s logical unit number. When you configure multiple
logical interfaces on the same physical interface and include the priority 255 statement at the [edit interfaces interface-name unit logical-unit-number family inet address address vrrp-group group-number] hierarchy level on a logical interface
whose unit number is higher than any logical interface that has the
invalid configuration described above, the warning message reports
as xx the logical unit number of that (highest-numbered)
logical interface in every case, instead of reporting the unit number
of the interfaces that have the incorrect configuration. [PR/236135:
This issue has been resolved.]
- The JUNOS documentation states that if the configuration
is not the same for every port on a multiport ATM DS3 or E3 PIC, the
smallest shaping rate configured on a port is used for cell transmission
shaping on the PIC. Instead, every time a port’s shaping rate
is changed, that value is used for the PIC even if it is not the smallest
value. [PR/252837: This issue has been resolved.]
- When you delete a VLAN, the IEEE 8021p rewrite map is
deleted from the IQ PIC even if the same map is being used by other
VLANs. [PR/252869: This issue has been resolved.]
- The chassis process on the backup Routing Engine writes
the following message to its log every 20 seconds, which causes excessive
disk I/O: “mcontrol_idl_ext_handler: rx RE_INFO_IDL_EXT magic
5012.” [PR/256840: This issue has been resolved.]
- On M40e routers, SONET/SDH interfaces might experience
phase-locked loop (PLL) errors and discard packets. The PLL errors
appear in the output of the show interfaces so-fpc/pic/port extensive command as nonzero values in the fields on the line labeled PLL Lock. [PR/256946: This issue has been resolved.]
- On an M40e router, when you configure link services IQ
(lsq-) interfaces on MultiServices PICs and pair them with
Channelized OC12 PICs for failure recovery, rebooting the router might
cause remote defect indication (RDI) or alarm indication signal (AIS)
alarms for the OC12 interfaces. In other words, when you include the trigger-link-failure coc12-fpc/pic/port statement at the [edit interfaces
lsq-fpc/pic/port lsq-failure-options] hierarchy level and the router reboots,
the output of the show interfaces coc12-fpc/pic/port extensive command reports RDI-L or AIS-L in the SONET
alarms field. [PR/257419: This issue has been resolved.]
- On MX-series routers, asynchronous notification does not
work correctly for 4-port Gigabit Ethernet DPCs. [PR/259304: This
issue has been resolved.]
- If there is an Address Resolution Protocol (ARP) entry
for VIP, VRRP might not respond to ARP requests for VIP while transitioning
to master state. [PR/268627: This issue has been resolved.]
- When you configure multiple interfaces with vlan-id-range and cover a large number of VLAN IDs, the DPC might restart unexpectedly.
[PR/271456: This issue has been resolved.]
Services Applications
- Monitoring Services PICs might create cflowd records that
erroneously include zero counts for packets and bytes, and the same
value for start and end times. [PR/72492: This issue has been resolved.]
- If Network Address Port Translation (NAPT) is configured
and multiple short-lived flows are established, ports on AS PICs might
not be assigned correctly. In some cases, this situation causes the
AS PIC to stop functioning. [PR/95019, 229287: This issue has been
resolved.]
- When you configure twice NAT with static source and static
destination translation, the destination port for ICMP flows might
change (the ports are supposed to remain unchanged). [PR/96701: This
issue has been resolved.]
- On the MultiServices 400 PIC, a memory warning flag might
be set even with low traffic rates. [PR/251908: This issue has been
resolved.]
Routing Protocols
- When you disable BGP tracing by removing the traceoptions statement at the [edit protocols bgp] hierarchy level,
and then commit the configuration, the previously configured trace
file is re-created and tracing continues. [PR/69321: This issue has
been resolved.]
- When two redundant PE routers send multicast traffic towards
their MVPN backbone, the JUNOS software might not perform the actions
necessary to prevent traffic duplication. [PR/72447: This issue has
been resolved.]
- When a new PIM neighbor is discovered on an IPv6 network,
the appropriate system log message was not filed. [PR/230342: This
issue has been resolved.]
- In JUNOS Release 8.3 and later, the output from the show pim source command does not include information about nondirect
sources. [PR/253629: This issue has been resolved.]
- When you include the family route-target statement
at the [edit protocols bgp group group-name] hierarchy level, then deactivate and reactivate a routing
instance, the show route table routing-instance command no longer produces output for that routing instance,
whereas the show route table bgp.rtarget.0 command does produce
output. [PR/257011: This issue has been resolved.]
- When route reflection is enabled for a BGP group, the
routing protocol process (rpd) might generate a core file.
[PR/258134: This issue has been resolved.]
- When a link goes down briefly (for 50 milliseconds, for
example) and comes back up, equal-cost multipath (ECMP) load balancing
might stop working correctly. If both links in an ECMP group flap
in this way at the same time, IP traffic might not be forwarded to
certain destination addresses (MPLS traffic is not affected). [PR/259611:
This issue has been resolved.]
- When unicast reverse path forwarding (uRPF) is configured
and you unconfigure a routing instance, the routing protocol process
(rpd) might generate a core file and restart. [PR/259727:
This issue has been resolved.]
- If you issue the show route extensive command
while the routing protocol process (rpd) is resolving BGP routes,
the process might generate a core file and restart. [PR/260527: This
issue has been resolved.]
MPLS Applications
- On M120 and MX-series routers and M320 Enhanced III FPCs,
when an MPLS-encapsulated IPv4 packet that is padded to meet the
minimum Layer 2 frame size (for example, 64 bytes for frames on Ethernet
media) exits an LSP, the egress interface might stop forwarding packets.
This can happen when the router is configured as a PE router in a
VPN or is the penultimate node of an LSP. To recover, reboot the FPC
(on MX-series or M320 routers) or the FEB (on M120 routers) that houses
the affected interface. [PR/251042: This issue has been resolved.]
- When you add a secondary path to a label-switched path
(by including the secondary statement at the [edit protocols
mpls label-switched-path] hierarchy level) and commit the configuration,
the routing protocol process might generate a core file. [PR/251288:
This issue has been resolved.]
- RSVP packets with the router alert (RA) option that are
received from a customer edge (CE) router in a Layer 3 VPN VRF instance
are incorrectly forwarded using the forwarding table for the master
instance. As a result, Layer 3 VPN customer applications that use
RSVP do not work correctly. There is no workaround. [PR/251850: This
issue has been resolved.]
- If an MPLS LSP configured with fast reroute is not advertised
into the IGP, that LSP might reuse an old unicast list and traffic
might not be forwarded. [PR/253352: This issue has been resolved.]
Class of Service
- If you modify the buffer size in a class-of-service scheduler,
the FPC might reset. [PR/99780: This issue has been resolved.]
- The behavior aggregate (BA) classifier is not applied
to a logical interface configured to use ether-over-atm-llc encapsulation. [PR/255742: This issue has been resolved.]
- For IQ PICs on M-series and T-series routing platforms
and Enhanced Queuing DPCs on MX-series routers, when a scheduler map
includes a queue configured with priority strict-high, in
certain situations (such as when a PIC to which the scheduler map
is applied restarts) the incorrect buffer size might be calculated
for the queue. [PR/256263: This issue has been resolved.]
- When the rewrite-rules statement is included
at the [edit interfaces interface-name unit logical-unit-number] hierarchy level and the PIC
that houses the interface restarts, the configured rewrite rules might
not be reapplied to the interface. [PR/256585: This issue has been
resolved.]
- When a PIC goes offline and then online, the following
message might appear on the Packet Forwarding Engine console: “cosman_compute_mad_state:
No ifd for ifd_index interface-device-index.”
There is no operational effect unless a delay buffer is configured.
[PR/257814: This issue has been resolved.]
- On MX960 routers, the class-of-service process does not
provide information about SNMP objects whose names begin with jnxCosQstat. As a result, SNMP queries on those objects fail
with an error message. [PR/269419: This issue has been resolved.]
Forwarding and Sampling
- If you configure a policer with a burst size limit larger
than 67 MB, interfaces to which the policer is applied might not forward
traffic. On some platforms the limit is higher, and the limit also
depends on the available bandwidth. [PR/99758: This issue has been
resolved.]
- A filter match against the time-to-live (TTL) or IP option
fields does not work on M120 and MX-series routers. [PR/231915: This
issue has been resolved.]
- When you commit a configuration that includes a large
number of interfaces, routing instances, and policers, the firewall
process (dfwd) might generate a core file. [PR/253440: This issue
has been resolved.]
- Firewall filters that include the source-address statement at the [edit firewall filter filter-name term term-name from] hierarchy level might
not process traffic correctly. As a workaround, reorder the terms
in the filter. [PR/262491: This issue has been resolved.]
Outstanding Issues
Software Installation
- For hard disks that were originally formatted by JUNOS
Release 4.4 or earlier, after you issue the request system snapshot
partition command, the router cannot boot from the hard disk.
As a workaround, issue the request system snapshot command
before upgrading. [PR/36742]
Platform and Infrastructure
- When the Monitoring Services PIC is overloaded, the output
from the show services accounting flow-detail command might
freeze. [PR/32896]
- On T-series platforms, a Layer 2 maximum transmission
unit (MTU) check is not supported for MPLS packets arriving at egress
provider edge (PE) routers. [PR/46238]
- When you configure a source class usage (SCU) name with
an integer (for example, 100) and use this source class as a firewall
filter match condition, the class identifier might be misinterpreted
as an integer, which might cause the filter to disregard the match.
[PR/50247]
- When a Monitoring Services PIC is overloaded with traffic,
the FPC might take the PIC offline and repeatedly send the same error
message. The error message does not affect normal operation of the
FPC and other PICs. As a workaround, restart the FPC and bring the
PIC online. [PR/55981]
- Even if you do not configure IPSec, the key management
process (kmd) opens UDP port 500. [PR/59054]
- If you configure several DNS servers by including the name-server statement at the [edit system] hierarchy
level, the JUNOS software uses only the first three configured DNS
servers. [PR/59172]
- When a dynamic flow capture interface (dfc-fpc/pic/port) is configured as the next hop in a forwarding path, port-mirrored
packets are corrupted. [PR/60799]
- On an M320 router with an Enhanced FPC Type 2, an interrupt
might be sent to an interface that has transitioned to the Down state.
An error will be recorded for this event. [PR/61236]
- Packet capture is not supported with MLPPP encapsulation.
However, the CLI does not prevent you from enabling packet capture
on an interface with MLPPP encapsulation. If packet capture is enabled
in the input direction on an interface with MLPPP encapsulation, input
packets on that interface are captured on the output interfaces. [PR/64615]
- If you configure 11 or more logical interfaces in a single
VPLS instance, VPLS statistics might not be reported correctly. [PR/65496]
- When the master Routing Engine of an LCC enters debug
mode, it does not release mastership. [PR/66308]
- When a large number of kernel system log messages are
generated, the log information might become garbled and the severity
level could change. This behavior has no operational impact. [PR/71427]
- On M320 and T-series routing platforms, there is a process
that monitors FPCs while they transition to an online state. If an
FPC is busy and cannot complete the transition within the time limit,
the process might time out and prevent the FPC from coming online.
[PR/72364]
- If you configure the same IPv6 address on the fxp0 interface and another public interface within the same routing instance,
the backup Routing Engine might restart. [PR/72573]
- On M320 and T-series routing platforms, when you configure
the local gateway of an IPSec tunnel in a routing instance, IPSec
over a GRE tunnel might not function properly. [PR/73864]
- A J4350 or J6350 router running JUNOS Release 8.0 will
not function properly if the Channelized T1/E1/ISDN PRI PIM or the
Avaya TGM550, TIM510, TIM514, or TIM521 VoIP modules are installed
on the router. Ensure the following:
- Before you install a Channelized T1/E1/ISDN PRI PIM, upgrade
the router to JUNOS Release 8.1 or later.
- Before you install Avaya VoIP modules, upgrade the router
to JUNOS Release 8.2 or later.
- Before you downgrade from JUNOS Release 8.3, 8.2,
or 8.1 to Release 8.0, remove any Channelized T1/E1/ISDN PRI
PIMs or Avaya VoIP modules installed on the router. [PR/74308]
- The LSP ping command does not function when a
packet’s outer label is set to explicit null and the S bit is
not set. The JUNOS software is not in conformance with RFC 4182, Removing a Restriction on the use of MPLS Explicit NULL. [PR/74963]
- For J-series Services Routers, if you send a real-time
performance monitoring (RPM) probe through an IPSec tunnel and the
probe includes the hardware-timestamp statement at the [edit services rpm probe owner-name test test-name] hierarchy level, RPM icmp-ping type probes might not work. [PR/75927]
- When you configure the router to log activity with a firewall
filter or perform Routing Engine-based sampling, and heavy traffic
passes through the router, the following error message might be displayed:
“PKTR DMA age error cell counter incremented.” The error
indicates that there might be some packet loss in firewall filter
logging or Routing Engine-based sampling. However, transit traffic
is not affected. [PR/78712]
- On M160 routers, if the router generates the system log
message “router fpc5 DXO: Plane 2, links inactive (0x00),”
traffic loss and loss of routing protocol adjacencies might occur.
[PR/78795]
- On M160 and M40e routers, a hardware error on the Switch
Fabric Module (SFM) might cause the board to reboot. [PR/79236]
- On T-series routing platforms, when you include the no-labels statement at the [edit forwarding-options hash-key
family mpls] hierarchy level, the statement is added to the configuration;
however, MPLS labels are still included in the hash key. [PR/80334]
- For Gigabit Ethernet intelligent queuing (IQ) PICs installed
in M-series and T-series routing platforms, system log messages for
SFP receive power, laser bias, and temperature alarms might alternate
between set and clear. These messages are mostly cosmetic and do not
affect performance of the routing platform. [PR/80393]
- On the M120 router, for a Forwarding Engine Board (FEB)
redundancy group that does not have a primary FEB configured, when
a switchover from a nonprimary FEB occurs, the backup FEB does not
reboot and the Flexible PIC Concentrators (FPCs) connected to the
previously active FEB remain online. The backup FEB could take minutes
to obtain the entire forwarding state from the Routing Engine following
a switchover. If you do not want the interfaces to remain online during
the switchover for a nonprimary FEB, configure a primary FEB for the
redundancy group at the [edit chassis redundancy feb] hierarchy
level. [PR/80946]
- On Fast Ethernet and Gigabit Ethernet PICs, LACP is not
supported on an aggregated Ethernet interface that is configured with
either extended-vlan-vpls encapsulation or ethernet-vpls encapsulation. As a workaround, use vlan-vpls encapsulation
on the aggregated Ethernet interface. This limitation does not apply
to aggregated Ethernet interfaces configured on Gigabit Ethernet IQ2
PICs. [PR/94480]
- When aggregated Ethernet interfaces handle a large volume
of multicast traffic, the kernel might generate system log messages
that include the following text: “request type type did not expect ipc reply type type subtype subtype uniquifier uniquifier.”
[PR/95931]
- A firewall filter that matches the forwarding class of
incoming packets (that is, includes the forwarding-class class statement at the [edit firewall filter filter-name term term-name from] hierarchy level) might incorrectly discard traffic destined for
the Routing Engine. Transit traffic is handled correctly. [PR/97722]
- If you enable the indirect-jtree statement for
VPN routes on T-series platforms, routing ASIC SRAM utilization increases
by approximately 30 percent. [PR/98738]
- When you use aggregate bundles with fast reroute (FRR)
and one of the member links fails, it causes about 10 to 16 seconds
of packet loss. [PR/101295]
- When you change interface configuration from point-to-point
encapsulation to Frame Relay encapsulation, the routing platform kernel
might generate a core file and stop operating. [PR/265025]
User Interface and Configuration
- If you use NETCONF to modify the configuration datastore
when it has been locked by another NETCONF session, or if you try
to delete a configuration statement that does not exist, you see both <rpc-error> and <ok/> at the same time in the <rpc-reply> tag. [PR/62664]
- In the J-Web configuration editor, when you select System>Syslog >File >Messages >Explicit priority,
the J-Web event viewer does not show the event ID. When you select System>Syslog >Time format>Millisecond, the J-Web
event viewer does not filter messages. [PR/70523]
- If a static route’s next hop is simultaneously edited
by two private edit sessions, it might cause a commit conflict and
the loss of some next-hop entries. [PR/72039]
- The extended Dynamic Host Configuration Protocol (DHCP)
relay agent feature does not function properly on a nondefault logical
router. Although the JUNOS CLI permits you to include the dhcp-relay statement at the following hierarchy levels, the feature does not
work properly:
-
[edit logical routers logical-router-name forwarding-options]
-
[edit logical routers logical-router-name routing-instances routing-instance-name forwarding-options] [PR/82275]
- A user cannot log into the J-Web client through RADIUS
or TACACS authentication if the user profile already has authorization
parameters specified on the server side. As a workaround, ensure that
the user profile parameters are not specified or are set with empty
values on the server. [PR/94445]
- When you delete the apply-groups statement in
configurations that include a large number of groups, it can cause
delays in processing commit synchronize requests. [PR/229017]
Interfaces and Chassis
- On aggregated SONET/SDH interfaces, the counter for drops
and errors in the show interfaces command output does not
display the correct value, because the counter does not collect data
from the constituent interfaces within the aggregate. [PR/23577]
- On ATM interfaces, when the IP address of a remote device
is changed, the output of the show ilmi interface command
on the local routing platform might continue to display the old IP
address for the remote device. [PR/24126]
- On channelized E1 interfaces, you might be able to configure
clocking on ds-fpc/pic/port:n interfaces,
where n is not unit 0. This is an invalid
configuration and might cause a clocking selection problem on the
other channels. [PR/24722]
- If virtual channel identifiers (VCIs) for a large number
(approximately 400) of virtual connections (VCs) on an ATM DS3 interface
are changed frequently, the interface might mishandle the ATM cells.
As a result, OSPF and IS-IS neighbor adjacencies might not remain
stable. [PR/25639]
- On a 2-port OC12 ATM2 IQ interface, the total virtual
path (VP) downtime might not appear correctly in the show interfaces command output. [PR/27128]
- On a 2-port OC12 ATM2 IQ interface, if you configure and
then change the virtual path (VP) setting, the SNMP jnxAtmVpTotalDownTime counter might be reset. [PR/27131]
- On an OC3 ATM2 intelligent queuing (IQ) interface, when
you configure a shaping rate greater than the speed of the OC3 link
and commit the configuration, the actual shaping rate might be less
than the interface speed. [PR/27459]
- On ATM2 IQ interfaces, when you configure the atm-l2circuit-mode statement, the control word sequence number is not reset to 1 after
the transmit sequence number reaches 65,535. [PR/31669]
- On M20 and M40 routers, when a physical layer problem
affects a SONET/SDH interface, carrier transition statistics might
not increment correctly in the output of the show interfaces extensive command. [PR/33325]
- When you configure both the bundle link and constituent
links at the [edit logical-routers logical-router-name interfaces] hierarchy level, the constituent links do not come
up. As a workaround, configure the constituent links at the [edit
interfaces] hierarchy level. [PR/35578]
- On ATM2 DS3 and E3 interfaces, when you configure ATM
point-to-multipoint permanent virtual circuits (PVCs), the following
error messages might appear in the system log: “/kernel: RT_COS:
COS IPC op 4 (CLASS TO IFL) failed, err 1 (Unknown),” “ssb
BCHIP 0: invalid entry type 127 at stream 8 channel 0 for ifl 83,”
and “ssb COSMAN: mapping table bind to ifl 83 failed.”
There is no operational impact. [PR/36524]
- When an ATM interface configured for CCC encapsulation
receives MPLS packets that exceed 484 bytes, the packets can overflow
the buffer and cause the ATM PIC to hang. As a workaround, take the
PIC offline and bring it back online. [PR/39918]
- When an IPSec firewall filter is applied to match traffic
sent across a generic routing encapsulation (GRE) tunnel and originating
from the local routing platform, the local traffic is dropped. Transient
traffic is not affected. [PR/44871]
- On channelized T3 interfaces, the T1 loopback state does
not reflect loopbacks set by facilities data link requests using the remote-loopback-respond statement at the [edit interfaces interface-name t1-options] hierarchy level. [PR/45837]
- When the data-link connection identifier (DLCI) is greater
than 335 on a Link Services PIC with Multilink Frame Relay (MLFR)
configured, the ping command might fail. [PR/49567]
- On a Link Services PIC, the CLI might incorrectly allow
you to configure a logical tunnel interface (interface identifier lt); however, the resulting interface might not work correctly.
[PR/49818]
- If an MLPPP LSQ bundle carries a large volume of link
fragmentation and interleaving (LFI) traffic and a small proportion
of multilink traffic, packets might be dropped on the egress constituent
links. [PR/56664]
- For ISDN dialer interfaces in a J-series Services Router,
when you configure the no-keepalives statement at the [edit interfaces dl0 unit logical-unit-number] hierarchy level and you issue the show interfaces dl0 command, the Link flags field might still show keepalives. [PR/58520]
- If you disable an adaptive services interface by including
the disable statement at the [edit interfaces sp-fpc/pic/port] hierarchy level and then delete the disable statement
from the configuration, IPSec service is not reset correctly. As a
workaround, either issue the deactivate services command
followed by the activate services command, or issue the request chassis pic offline fpc-slot slot-number pic-slot pic-number command followed by
the request chassis pic online fpc-slot slot-number pic-slot pic-number command. [PR/58522]
- When you take an ISDN interface offline on a J-series
Services Router, the LEDs on the ISDN interface card might not turn
off. [PR/59536]
- On ISDN interfaces in a J-series Services Router, if you
configure the vrf-table-label statement at the [edit
routing-instances instance-name] hierarchy
level, packets might be dropped from the connection. [PR/59718]
- On ISDN dialer interfaces in a J-series Services Router,
if you configure the minimum-links statement at the [edit
interfaces dl0 unit logical-unit-number] hierarchy level and then deactivate the BRI interface associated
with the dialer interface, the output packets counter displayed in
the output of the show interfaces dl0 command might continue
to increment. [PR/59986]
- On ISDN dialer interfaces in a J-series Services Router,
when you configure the load-threshold 100 statement at the [edit interfaces dl0 unit logical-unit-number dialer-options] hierarchy level and the 56-Kbps bandwidth threshold
is exceeded, the interface does not support additional network traffic
and might not activate another BRI interface. [PR/60045]
- On J-series Services Routers, if you oversubscribe an
E1 interface, latency on the high-priority queue might be higher
than expected. As a workaround, configure a shaping rate on the E1
interface that is equal to the line rate minus the E1 framing overhead.
[PR/60595]
- If you configure IS-IS, MPLS, and graceful Routing Engine
switchover (GRES) and a switchover event occurs, the routing platform
might end the PPP IP Control Protocol (IPCP) sessions and renegotiate
them. [PR/61121]
- If you configure graceful Routing Engine switchover and
issue the request chassis routing-engine master acquire command,
in rare cases the master Routing Engine might fail to relinquish mastership,
or the switchover to the backup Routing Engine might take up to 360
seconds. [PR/61821]
- For Automatic Protection Switching (APS) on SONET/SDH
interfaces, there are no operational mode commands that display the
presence of APS mode mismatches. An APS mode mismatch occurs when
one side is configured to use bidirectional mode, and the other side
is configured to use unidirectional mode. [PR/65800]
- For aggregated Ethernet interfaces on T640 and TX Matrix
platforms, the show interfaces extensive command sometimes
reports extremely large incorrect values in the “Dropped packets”
column of the “Queue counters” output. As a workaround,
issue the clear interfaces statistics command. [PR/65857]
- J4350 and J6350 Services Routers might not have the requisite
data buffers needed to meet expected delay-bandwidth requirements.
This might cause degradation of class-of-service (CoS) performance
with small packets. [PR/73054]
- On M20 routers, when you start the router with Routing
Engine 0 and System and Switching Board (SSB) 0 as master components,
issue the request chassis routing-engine master switch command,
and then log in to Routing Engine 1 and issue the request chassis
ssb master switch and request system reboot commands,
the online LED lights for both SSBs might remain lit. [PR/74283]
- On J-series Services Routers, if you configure an IPSec-over-GRE
tunnel, there might be fragmentation issues. As a workaround, delete
the clear-dont-fragment statement and the mtu statement
on the GRE interface, and include the tunnel-mtu 9192 statement
at the [edit services ipsec-vpn rule rule-name term term-name then] hierarchy level on
both sides of the connection. [PR/74377]
- On J-series Services Routers, the counts of input and
output bytes and packets in the output of the show interfaces
dl0 extensive command (for example, in the “Traffic statistics”
section of the output) might be incorrect. [PR/77922]
- On J-series 4350 and 6350 Services Routers, when you insert
a TGM550 PIM and the TGM is in reset state, the router might not respond
to any show chassis commands for up to 5 seconds. [PR/78695]
- On the M120 router, for a Forwarding Engine Board (FEB)
redundancy group that does not have a primary FEB configured, when
a switchover from a nonprimary FEB occurs, the backup FEB does not
reboot and the FPCs connected to the previously active FEB remain
online. The backup FEB could take minutes to obtain the entire forwarding
state from the Routing Engine following a switchover. If you do not
want the interfaces to remain online during the switchover from a
nonprimary FEB, configure a primary FEB for the redundancy group at
the [edit chassis redundancy feb] hierarchy level. [PR/80946]
- On J4350 and J6350 Services Routers, if the MTU is set
to more than 6 KB for a built-in Gigabit Ethernet port or a 1-port
Gigabit Ethernet ePIM, packets might be discarded with a frame check
sequence (FCS) error. [PR/82245]
- If you ping a nonexistent IPv6 address that belongs to
the same subnet as an existing point-to-point link, the packet loops
between the two point-to-point interfaces until the time to live expires.
[PR/94954]
- If the delay between VRRP advertisement packets is set
to a small value (such as 100 ms) for a number of VRRP groups, and
the router configuration is changed and committed several times in
quick succession, the VRRP mastership state might be unstable. In
other words, if the value of the fast-interval statement
at the [edit interfaces interface-name unit logical-unit-number family inet address address vrrp-group group-number] hierarchy level
is 100 for several VRRP groups, and configuration changes
are committed several times in quick succession (even changes at other
levels of the hierarchy), a VRRP backup router might assume mastership
and immediately release it again. As a workaround, set the value
of the fast-interval statement to 300 or higher.
[PR/102111]
- On J-series Services Routers running JUNOS Release 8.3
or later, a Channelized T1/E1/ISDN PRI PIM running firmware version
2.3 or earlier might not initialize or might have clocking problems.
After an upgrade to JUNOS Release 8.3 or later, verify the firmware
version of any Channelized T1/E1/ISDN PRI PIM by issuing the show
system firmware command. If the firmware version is not 2.4 or
later, contact Juniper Networks support. [PR/102638]
- The output of the show interfaces diagnostics optics command includes the “Laser rx power low alarm” field,
even if the transceiver is a type (such as XENPAK) that does not support
this alarm. [PR/103444]
- When IPSec is configured on a logical interface and the
protocol family is IPv6, graceful Routing Engine switchover (GRES)
might fail if an MTU change is attempted on that interface. [PR/230128]
- When you issue the show chassis ethernet-switch statistics command on a routing platform with graceful Routing Engine switchover
enabled, the two Routing Engines might be unable to exchange information
for about 2 seconds. [PR/233779]
Services Applications
- The output of the show services nat pool command
displays duplicate entries for a single Network Address Translation
(NAT) pool. [PR/34678]
- The output of the show services accounting flow-detail
extensive command might report input and output interfaces incorrectly.
[PR/40446]
- When you configure intrusion detection service (IDS) on
J-series platforms, including the threshold statement at
the [edit services ids rule rule-name term term-name then logging] hierarchy level has no effect.
[PR/46577]
- On Adaptive Services PICs configured for IPSec tunnel
redundancy, if there are a large number of tunnels, sometimes a few
of the tunnels might switch over to the backup tunnel. [PR/46733]
- On routing platforms configured for Internet Key Exchange
(IKE)-based IPSec, if a remote peer using other vendors’ equipment
does not renegotiate the IKE security association (SA) when it is
about to expire and continues to send dead peer detection (DPD) requests
on the same SA, the routing platform might not be able to reply to
these messages. [PR/47004]
- If the socket buffer becomes full on a remote router,
you cannot clear all the IPSec security associations (SAs) from the
router. [PR/55189]
- When a routing platform is configured for graceful Routing
Engine switchover and Adaptive Services (AS) PIC redundancy, and a
switchover to the backup Routing Engine occurs, the redundant services
interface (rsp-) only uses the primary services interface
(sp-) if the primary interface is operational. [PR/59070]
- On Monitoring Services and Monitoring Services II PICs,
under certain circumstances, outgoing packets might be dropped. As
a workaround, restart the PIC. [PR/59432]
- On Monitoring Services II PICs configured for flow collection
services, during memory overload conditions, the flow collector interface
might create files lacking cflowd records and these files might not
be sent to the external FTP server. [PR/62599]
- When you modify a flow collection configuration and commit
the changes, the system log might contain error messages regarding
the commit operation. These messages do not affect the operation of
the router and can be ignored. [PR/64201]
- On J-series Services Routers, an SNMP query returns a
zero value for the datalink switching (DLSw) MIB object dlswTConnTcpConfigKeepAliveInt even if you implement keepalives. [PR/70002]
- For Adaptive Services II PICs, even if you do not configure
flow collector services, a temporary file might be created every 15
minutes in the /var/log/flowc/ directory. The file is deleted
if there are no clients, and re-created only when a client connects
and attempts to write to the file. [PR/75515]
- The JUNOS software does not issue a warning when you configure
an address as both the destination IP address of a voice-over-IP (vp-) interface and the primary address of another interface
on the router. This configuration is not valid, and can disrupt forwarding
of traffic to the voice-over-IP interface. [PR/75535]
- On J4350 and J6350 Services Routers, when you insert a
Telephony Gateway Module (TGM) 550 PIM and the PIM is in a reset state,
the router might not respond to any show chassis commands
for up to 5 seconds. [PR/78695]
Routing Protocols
- When you include the as-path atomic-aggregate statement at the [edit routing-options aggregate defaults as-path] hierarchy level to manually add the ATOMIC_AGGREGATE attribute
on a BGP AS path, the attribute is not added. [PR/2527]
- When you issue the show pim statistics command
to view traced PIM protocol traffic, messages sent to the rendezvous
point (RP) might not increment the Register counter. [PR/13887]
- When you issue the mtrace command from a UNIX
client, the router does not respond to a query that requires multicast
response, but responds correctly to any query that requires unicast
response. As a result, the first two probes time out. The third probe
is the unicast response probe, which usually succeeds. [PR/17237]
- When you configure a DVMRP interface, the CLI incorrectly
allows you to configure a metric higher than 32. Values higher than
32 are not valid. [PR/33429]
- If a router receives a Pragmatic General Multicast (PGM)
Source Path Message (SPM), it does not create a forwarding cache,
nor does it forward the message to other routers as a heartbeat, as
specified in RFC 3208. Also, the router's multicast cache might time
out if it does not receive actual PGM data (ODATA) for more than 6
minutes. As a workaround, configure the PGM source application to
send PGM ODATA at least once every 6 minutes. The ODATA acts as the
heartbeat message in lieu of the SPM messages and ensures that the
multicast and forwarding caches are created and updated. [PR/37504]
- If you configure the sham-link statement at the
[edit routing-instances instance-name protocols
ospf area] or [edit routing-instances instance-name protocols ospf] hierarchy level on a provider edge (PE) router,
extraneous OSPF link-state advertisements (LSAs) might be added. In
some cases, this can result in a routing loop between the customer
edge (CE) and PE routers. [PR/40000]
- The address fields in the BGP MIB are not compatible with
IPv6 address lengths. [PR/51150]
- When you configure damping globally and use the import
policy to not damp specific routes, and a new route is received from
a peer with the local interface address as the next hop, the route
is added to the routing table with default damping parameters, even
though the import policy has a nondefault setting. As a result, damping
settings do not change appropriately when the route attributes change.
[PR/51975]
- When the IGMP/MLD SSM-Map feature is enabled on a LAN
interface with multiple receiving hosts, the router might continue
to forward traffic for the group until the IGMP group membership timeout
interval expires, even though all receivers might have already left
the group. [PR/61538]
- When you issue the show ldp traffic-statistics command, the following system log message might be generated for
all forwarding equivalence classes (FECs) with an ingress counter
set to zero: “send rnhstats GET: error: ENOENT—Item not
found.” [PR/67647]
- If a router has ICMP tunneling enabled and you add a logical-router
configuration that does not enable this feature, ICMP tunneling will
be disabled globally. [PR/81884]
- The IGMP MIB software reports the internal ifIndex value instead of the snmpIfIndex value for the index of
the table. [PR/98358]
- When routes are exported into OSPF and then OSPF is deactivated,
the routing protocol process (rpd) might generate a core file and
stop operating. [PR/232362]
MPLS Applications
- If you configure a label-switched path (LSP) with the no-cspf statement at the [edit protocols mpls] hierarchy
level, the LSP might cycle up and down several times before stabilizing.
[PR/10415]
- The local bandwidth log for a Constrained Shortest Path
First computation might show an incorrect value. [PR/21369]
- If a circuit cross-connect (CCC) traverses a forwarding
adjacency (FA) label-switched path (LSP), traffic forwarding might
be affected. [PR/60088]
- RSVP graceful restart does not function for LSPs that
have a forwarding adjacency (FA) label-switched path (LSP) as a next
hop. [PR/60256]
- When you modify the primary path for an MPLS LSP by using
the delete protocols mpls label-switched-path lsp-path-name primary path-name command in configuration
mode, followed by the set protocols mpls label-switched-path lsp-path-name
primary path-name command, and then issue the commit command, the entire LSP (both primary and secondary) is torn down
and then rebuilt from scratch. As a workaround, issue the delete
protocols mpls label-switched-path lsp-path-name primary path-name command in configuration
mode followed by the commit command. Then issue the set
protocols mpls label-switched-path lsp-path-name primary path-name command followed by
the commit command. [PR/62365]
- When you enable per-packet load balancing on parallel
label-switched paths (LSPs), traffic is evenly balanced across the
paths even though the output of the show mpls lsp ingress command might display all the routes on only one of the LSPs. [PR/70487]
- You can query transit routers using the jnxRSVPMIB only. [PR/103134]
VPNs
- When you modify the frame-relay-tcc statement
at the [edit interfaces interface-name unit logical-unit-number] hierarchy level of a Layer 2
VPN, the connection for the second logical interface might not come
up. As a workaround, restart the chassis process (chassisd) or reboot
the router. [PR/32763]
- Layer 2 circuits configured using logical tunnel interfaces
with Ethernet VPLS encapsulation do not come up. [PR/100161]
Class of Service
- When you configure an ES PIC, a log message similar to
“fpc0 LCHIP(3): Unable to fathom what channel used by IFD 432”
might be displayed. There is no operational impact. [PR/36184]
- If you deactivate or activate an aggregated Ethernet interface,
the Packet Forwarding Engine might report errors. [PR/50090]
- When a logical tunnel (lt) interface is the outbound
interface, JUNOS software does not support the IEEE-802.1p rewrite
rule. [PR/55903]
- If you try to configure a scheduler map containing two
forwarding classes that are mapped to the same queue, the class-of-service
scheduler is not applied to the Packet Forwarding Engine. As a workaround,
configure a single forwarding class for each of the available queues.
[PR/57907]
- On M-series routers connected by VLAN CCCs and configured
with QoS, when EF traffic is generated from CE2 to CE2, the PE1 router
properly marks the packets with default EXP bits and sends the packets
out queue 1, but the intermediary router forwards all the packets
through queue 0 instead of sending them through the EF queue. The
workaround is to include the no-control-word statement at
any of the following hierarchy levels: [edit logical-routers logical-router-name protocols l2circuit neighbor address interface interface-name], [edit protocols l2circuit neighbor address interface interface-name], [edit logical-routers logical-router-name routing-instances routing-instance-name protocols l2vpn], or [edit routing-instances routing-instance-name protocols l2vpn]. [PR/65280]
- When you configure a specific classifier for a logical
unit, it does not override the fixed classifier configured using wildcards.
[PR/68888]
- If you configure CoS traffic control profiles on every
logical interface by using the “*” wildcard to represent
the interfaces, the configuration cannot be committed. In other words,
the commit operation fails if you include the input-traffic-control-profile and output-traffic-control-profile statements at the [edit class-of-services interfaces interface-name-fpc/pic/port *] hierarchy level. [PR/100690]
- On M120, M320, and MX-series routers, if the value set
by the transmit-rate statement at the [edit class-of-service
schedulers scheduler-name] hierarchy level
is larger than the value set by the buffer-size statement
at that level, forwarding latency is greater than expected. [PR/233213]
Forwarding and Sampling
- When you configure interface output sampling on T-series
routing platforms, packets might pass through the output firewall.
As a workaround, configure a firewall filter on the output interface
with the then sample statement and the then next term statement. [PR/70473]
- On M120 and MX-series routers, if you configure both a
firewall filter and interface sampling for ingress traffic on the
same interface (by including both the filter and sampling statements at the [edit interfaces interface-name unit logical-unit-number family inet] hierarchy
level), the interface discards all incoming packets. As a workaround,
implement input sampling as an action in the then section
of a firewall filter. [PR/103206]
- If a term in a firewall filter specifies a range of values
for the source or destination address or port, the filter might not
match packets as expected. As a workaround, define the addresses and
ports explicitly. [PR/265023]
Routing Policy and Firewall Filters
- The extended Dynamic Host Configuration Protocol (DHCP)
relay agent feature does not function properly on a nondefault logical
router. Although the JUNOS CLI permits you to include the dhcp-relay statement at the following hierarchy levels, the feature does not
work properly:
-
[edit logical routers logical-router-name forwarding-options]
-
[edit logical routers logical-router-name routing-instances routing-instance-name forwarding-options] [PR/82275]
Network Management
- The following groups of MIB objects do not segregate the
data they return according to the routing instance specified in an
SNMP request: vrrpMIB, jnxCosIfqStatsTable, and jnxCosQstatTable. [PR/63045]
- Sometimes the default routing instance (configured at
the default logical router level) does not report the physical interface
associated with the logical interface. [PR/66793]
[
Contents]
[
Prev]
[
Next]
[
Report an Error]