Current Software Release

The current software release is Release 8.4R4. For information about obtaining the software packages, see M-series, MX-series, and T-series Upgrade and Downgrade Instructions or J-series Upgrade and Downgrade Instructions, depending on your router platform.

Resolved Issues

The following issues have been resolved since JUNOS Release 8.4R3. The identifier following the description is the tracking number in our bug database.

Platform and Infrastructure

• If both TCP and UDP probe servers are configured (the tcp and udp statements are both included at the [edit services rpm probe-server] hierarchy level) and another router sends a probe of each type simultaneously, multiple occurrences of the RMOPD_SENDMSG_FAILURE message are written to the system log. [PR/66570: This issue has been resolved.]
• On T-series platforms, if you include the indirect-next-hop statement at the [edit routing-options forwarding-table] hierarchy level for VPN routes, routing ASIC SRAM utilization increases by approximately 30 percent, or 8 bytes per route. [PR/98738: This issue has been resolved.]
• When you use aggregate bundles with fast reroute (FRR) and one of the member links fails, it causes about 10 to 16 seconds of packet loss. [PR/101295: This issue has been resolved.]
• The Packet Forwarding Engine might incorrectly log an error like the following when a member link in an aggregate goes down or up: "RT_PFE: NH IPC op 34 (GET NH BULK STATS) failed, err 5 (Invalid)." [PR/105841: This issue has been resolved.]
• Memory might not be initialized correctly on some types of ASIC used on DPCs. [PR/255204: This issue has been resolved.]
• If there are many aggregate next hops and BGP routes pointing at some of them, a quick link flap combined with the BGP route churn might cause the Packet Forwarding Engine to restart unexpectedly. [PR/268204: This issue has been resolved.]
• Under certain traffic conditions, MX-series and M320 routers with 3.0 forwarding ASICs might experience packet loss. To recover, reboot the affected DPC or FPC. [PR/268274: This issue has been resolved.]
• If an aggregated Ethernet or aggregated SONET bundle has a large number of aggregate next hops, when a new child link is added or a child interface goes down and comes up, the Packet Forwarding Engine might generate a core file. [PR/276424: This issue has been resolved.]
• If the Packet Forwarding Engine restarts frequently, it might generate a core file. [PR/276539: This issue has been resolved.]
• When packets are queued for several seconds because of interface congestion, packet CRC errors are reported in some cases. In other cases, the egress interface stops forwarding traffic (either all traffic is halted or only packets larger than 320 bytes are not forwarded). As a workaround, configure queues with a transmit rate of at least one percent of the line rate. When using strict-high priority queues, include policers to prevent interface congestion and the starving of lower-priority queues. Another alternative is to use high priority queues instead of strict-high priority queues. [PR/277853: This issue has been resolved.]
• In a routing matrix, when you take a SIB-L offline on a T640 routing node, CPU utilization might increase to 100 percent on Enhanced Scaling FPC4s on the routing node. Messages like the following are written to the system log: "HSR:name=GFPC4: Sx01 HSR 1, index=4, cookie=1 Too many crc errors(6)!". To recover, bring the SIB back online. [PR/280452: This issue has been resolved.]
• On M10i routers that have Channelized DS3 IQ PICs installed, the CFEB might generate a core file, which interrupts FPC operation also. [PR/283943: This issue has been resolved.]

User Interface and Configuration

• If you use the NETCONF API to modify the configuration database when it has been locked by another NETCONF session, or if you try to delete a configuration statement that does not exist, the NETCONF server returns both the <rpc-error> and <ok/> tag elements as children of the <rpc-reply> tag element. [PR/62664: This issue has been resolved.]
• When you add the source-address statement at the [edit system syslog] hierarchy level and commit the configuration, the JUNOS system logging utility continues to use the previous source address. [PR/272434: This issue has been resolved.]

Interfaces and Chassis

• If you remove a Gigabit Ethernet interface from an aggregated Ethernet bundle and reconfigure it as a regular interface, logical interfaces on it might restart in response to unrelated configuration changes. As a consequence, BGP or IGP protocols that use the logical interface also restart. As a workaround, restart the interface process (dcd). [PR/101413: This issue has been resolved.]
• When you issue the request chassis routing-engine master switch command to change Routing Engine mastership, the jnxRedundancySwitchover SNMP trap is not generated. (However, the event is recorded in the system log or chassis process log file if logging is appropriately configured.) [PR/254637: This issue has been resolved.]
• When you restart a 10-Gigabit Ethernet IQ2 PIC that has CoS classifiers configured on its logical interfaces, numerous messages are written to the system log during PIC initialization, stating that logical interfaces are not ready for application of classifiers. [PR/261136: This issue has been resolved.]
• For IPv6 addresses, the expected VIP count value reported in the VRRPD_VIP_COUNT_MISMATCH log message is one lower than the actual value. For example, the following message is logged when the expected value is 3: "VRRPD_VIP_COUNT_MISMATCH: Interface interface-name vrrp group group-number received packet with mismatched vip count, expected 2 got 2." [PR/261415: This issue has been resolved.]
• Input statistics for aggregated Ethernet interfaces incorrectly report zero, regardless of input traffic volume. [PR/266271: This issue has been resolved.]
• The chassis LED status returned by the MIB jnxLEDState does not reflect the actual chassis alarm LED. [PR/266326: This issue has been resolved.]
• On an M320 router with an Enhanced III FPC1, the following spurious error message about the FPC might appear on the console when you update the jinstall software package: "WARNING: Unknown FPC 0x1f4 at slot slot-number". [PR/266854: This issue has been resolved.]
• When there is an Address Resolution Protocol (ARP) entry for Virtual IP (VIP), Virtual Router Redundancy Protocol (VRRP) might not respond to ARP requests for VIP while transitioning to the master state. [PR/268627: This issue has been resolved.]
• On MX-series routers, if you include the vlan-id-range statement at the [edit interfaces interface-name unit logical-unit-number] hierarchy level for multiple interfaces and specify a large range of VLAN ID values in each case, the DPC that houses the interfaces might generate a core file and restart. [PR/271456: This issue has been resolved.]
• When you issue the show interfaces extensive command for an interface to which a Layer 2 input or output policer is applied, the value in the Dropped frames field for the policer might be a negative number. [PR/272971: This issue has been resolved.]
• When you configure the shaping rate for a logical interface on an Ethernet IQ2 PIC (by including the shaping-rate statement at the [edit class-of-service interfaces interface-name unit logical-unit-number] hierarchy level), the setting might not take effect and traffic exceeding the configured rate might still go through. [PR/273831: This issue has been resolved.]
• On an M10i router with an IQ2 PIC installed, numerous instances of the following message might be written to the system log: "cfeb cmfpc_services_pic_attach: pic 1 msg queued." [PR/275446: This issue has been resolved.]
• For interfaces in an Enhanced III FPC in an M320 router, when you apply a firewall filter that includes the next term statement at the [edit firewall filter filter-name then] hierarchy level, the filter rejects all incoming traffic. [PR/278325: This issue has been resolved.]
• On MX-series routers, if an interface in a VPLS routing instance is configured as nontagged (the encapsulation ethernet-vpls statement is included at the [edit interfaces interface-name] hierarchy level but the vlan-tagging statement is not), the interface does not forward frames with dual tags. [PR/279669: This issue has been resolved.]
• If you power off and power on a Routing Engine model RE-A-2000 on a T640 routing node (by issuing the request system power-off other-routing-engine and request system power-on other-routing-engine commands), the output of the show chassis hardware command no longer includes an entry for SPMB 1. [PR/281463: This issue has been resolved.]

Services Applications

• If you configure a large number of TCP flows (for example, 500,000) and continuously shift the traffic between two Adaptive Services or MultiServices PICs, the PICs might generate core files. [PR/235646: This issue has been resolved.]
• When you commit a configuration that does not include either the pre-shared-key statement or the local-certificate statement at the [edit security ike policy policy-name] hierarchy level, the key management process (kmd) generates a core file. [PR/267957: This issue has been resolved.]
• Services PICs (such as the Adaptive Services and MultiServices PICs) do not record correct information in the SAMPLE-RATE field in the header of the cflowd packets that they export. [PR/276142: This issue has been resolved.]

Layer 2 Ethernet Services

• On MX-series routers, if you apply class of service (CoS) to an integrated routing and bridging (IRB) interface within a VPLS domain using virtual loopback tunnel (VT) interfaces, traffic from remote customer edge (CE) routers might not be forwarded during a graceful Routing Engine switchover. As a workaround, modify your VPLS domain to use LSI interfaces by including the no-tunnel-services statement at the [edit routing-instances instance-name protocols vpls] hierarchy level. [PR/252468: This issue has been resolved.]

General Routing

• When specifying the value of the members statement at the [edit policy-options community community-name] hierarchy level, if you use a regular expression that includes parentheses, the JUNOS software accepts values in which the parentheses are not balanced. As a result, the community might include unintended members or not include intended ones. [PR/104683: This issue has been resolved.]
• When the value of the members statement at the [edit policy-options community community-name] hierarchy level is a regular expression that begins with an integer, the JUNOS software does not always determine correctly whether the expression represents regular communities or extended communities. [PR/251510: This issue has been resolved.]

Routing Protocols

• If BGP route-target filtering is configured on the router (the route-target statement is included at the [edit protocols bgp ... family] hierarchy level), the routing protocols process (rpd) might generate a core file during initialization. [PR/77495: This issue has been resolved.]
• The RPD_PIM_NBRUP message is not written to the system log when a new PIM neighbor is discovered on an IPv6 network, as it is for new neighbors on an IPv4 network. [PR/230342: This issue has been resolved.]
• The show bgp summary command does not list IPv6 neighbors in strict numerical order by address. Instead, the neighbor with the highest address appears first, followed by the other neighbors sorted low to high. [PR/237127: This issue has been resolved.]
• When unicast reverse path forwarding is configured (the rpf-check statement is included at the [edit interfaces interface-name unit logical-unit-number family family-name] hierarchy level), the lists of routes maintained by the routing protocols process (rpd) and the operating system might become different. [PR/252489: This issue has been resolved.]
• The routing protocols process (rpd) might restart unexpectedly if it receives a BGP Flow NLRI specification with an undefined subcomponent type. [PR/274421: This issue has been resolved.]
• Under certain circumstances, an empty pair of parentheses [( )] appears after the value in the AS path: field of the output from the show route extensive command. [PR/281023: This issue has been resolved.]
• When both of the following conditions apply, BGP evaluation of alternate multipaths does not work correctly: (1) an IBGP peer and an EBGP peer both provide the same prefix with the same AS path (2) the configuration for the EBGP peer includes the multipath multiple-as statement at the [edit protocols bgp group group-name] hierarchy level but the IBGP peer’s configuration does not. [PR/281447: This issue has been resolved.]

MPLS Applications

• The routing protocols process (rpd) might not free memory properly when an interface is deactivated and reactivated. [PR/239708: This issue has been resolved.]
• When RSVP link protection is enabled, memory on an FPC might be exhausted and the FPC’s CPU utilization might reach 100 percent. [PR/265295: This issue has been resolved.]

Class of Service

• When you configure an EXP classifier for a routing instance (include the exp classifier statement at the [edit routing-instances routing-instance-name classifiers] hierarchy level), the class-of-service process (cosd) might generate a core file. [PR/101490: This issue has been resolved.]
• If a rewrite rule is not defined at the [edit class-of-service rewrite-rules] hierarchy level for every forwarding class defined at the [edit class-of-service forwarding-classes] hierarchy level, when the class-of-service process restarts (for example, when there is a graceful Routing Engine switchover), the process does not initialize internal data structures correctly. As a workaround, define a rewrite rule for every forwarding class. [PR/268541: This issue has been resolved.]
• On MX960 routers, the class-of-service process does not provide information about SNMP objects whose names begin with jnxCosQstat. As a result, SNMP queries on those objects fail with an error message. [PR/269419: This issue has been resolved.]

Forwarding and Sampling

• On M120 and MX-series routers, if you configure both a firewall filter and interface sampling for ingress traffic on the same interface (by including both the filter and sampling statements at the [edit interfaces interface-name unit logical-unit-number family inet] hierarchy level), the interface discards all incoming packets. As a workaround, implement input sampling as an action in the then section of a firewall filter. [PR/103206: This issue has been resolved.]
• If a term in firewall filter specifies a range of values for source or destination address or port, the filter might not match packets as expected. As a workaround, define the addresses and ports explicitly. [PR/265023: This issue has been resolved.]
• When a firewall policer that has the loss-priority action in its then clause is applied to multiple outbound interfaces, loss priority might not be set correctly at all interfaces. [PR/274346: This issue has been resolved.]
• At the [edit routing-options flow route route-name] hierarchy level, when a range of numeric values is selected for firewall filtering using a statement, the match condition is ignored. Such statements typically include destination-port, port, protocol, and source-port. [PR/275650: This issue has been resolved.]

Network Management

• A syntax error in the mib-rfc3811.txt MIB file prevents SNMP from using it. The file is included in the package accessible at https://download.juniper.net/ software/junos-export/release/juniper-mibs-release-signed.tgz, where release is a JUNOS release number like 8.2R4.5. [PR/80648: This issue has been resolved.]

Outstanding Issues

Software Installation

• For hard disks that were originally formatted by JUNOS Release 4.4 or earlier, after you issue the request system snapshot partition command, the router cannot boot from the hard disk. As a workaround, issue the request system snapshot command before upgrading. [PR/36742]
• When a hard disk is partitioned, the /var/empty directory might not be created. As a result, the router does not accept SSH connections. As a workaround, use the mkdir command to create the /var/empty directory. [PR/290064]

Platform and Infrastructure

• When the Monitoring Services PIC is overloaded, the output from the show services accounting flow-detail command might freeze. [PR/32896]
• On T-series platforms, a Layer 2 maximum transmission unit (MTU) check is not supported for MPLS packets exiting the routing platform. [PR/46238]
• When you configure a source class usage (SCU) name with an integer (for example, 100) and use this source class as a firewall filter match condition, the class identifier might be misinterpreted as an integer, which might cause the filter to disregard the match. [PR/50247]
• When a Monitoring Services PIC is overloaded with traffic, the FPC might take the PIC offline and repeatedly send the same error message. The error message does not affect normal operation of the FPC and other PICs. As a workaround, restart the FPC and bring the PIC online. [PR/55981]
• Even if you do not configure IPSec, the key management process (kmd) opens UDP port 500. [PR/59054]
• If you configure several DNS servers by including the name-server statement at the [edit system] hierarchy level, the JUNOS software uses only the first three configured DNS servers. [PR/59172]
• On a Monitoring Services III PIC configured as a dynamic flow capture (DFC) interface (dfc-fpc/pic/port), when you configure the DFC interface as the next hop in a forwarding path, port-mirrored packets might become corrupted. [PR/60799]
• Packet capture is not supported with MLPPP encapsulation. However, the CLI does not prevent you from enabling packet capture on an interface with MLPPP encapsulation. If packet capture is enabled in the input direction on an interface with MLPPP encapsulation, input packets on that interface are captured on the output interfaces. [PR/64615]
• In the output of the show pfe statistics notification command, the value is incorrect in the field labeled options or ttl expired (not RE-destined). [PR/64951]
• If you configure 11 or more logical interfaces in a single VPLS instance, VPLS statistics might not be reported correctly. [PR/65496]
• In a routing matrix configured for graceful Routing Engine switchover (GRES), when the master Routing Engine of a T640 routing node (line-card chassis, or LCC) enters debug mode, it does not release mastership. [PR/66308]
• During a Routing Engine switchover, Flexible PIC Concentrators (FPCs) might reset multiple times. [PR/70857]
• When a large number of kernel system log messages are generated, the log information might become garbled and the severity level could change. This behavior has no operational impact. [PR/71427]
• If you configure two IPv6 addresses with the same prefix on a single logical interface, the backup Routing Engine might stop operating. [PR/72069]
• On M320 and T-series routing platforms, there is a process that monitors FPCs while they transition to an online state. If an FPC is busy and cannot complete the transition within the time limit, the process might time out and prevent the FPC from coming online. [PR/72364]
• If you configure the same IPv6 address on the fxp0 interface and another public interface within the same routing instance, the backup Routing Engine might restart. [PR/72573]
• On M320 and T-series routing platforms, when you configure the local gateway of an IPSec tunnel in a routing instance, IPSec might not function properly over a generic routing encapsulation (GRE) tunnel. [PR/73864]
• When a packet’s outer label is set to explicit null and the S bit is not set, the LSP ping command does not work. The JUNOS software does not comply with RFC 4182, Removing a Restriction on the use of MPLS Explicit NULL. [PR/74963]
• When a link services interface to a CE router appears in the VPN routing and forwarding table (VRF table) and fragmentation is required, the interface does not forward Internet Control Message Protocol (ICMP) messages from a remote PE router that is also in the VRF table. As a workaround, include the vrf-table-label statement at the [edit routing-instances routing-instance-name] hierarchy level. [PR/75361]
• For J-series Services Routers, if you send a real-time performance monitoring (RPM) probe through an IPSec tunnel and the probe includes the hardware-timestamp statement at the [edit services rpm probe owner-name test test-name] hierarchy level, RPM icmp-ping type probes might not work. [PR/75927]
• When you configure the router to log activity with a firewall filter or perform Routing Engine–based sampling, and heavy traffic passes through the router, the following error message might be displayed: “PKTR DMA age error cell counter incremented”. The error indicates that there might be some packet loss in firewall filter logging or Routing Engine–based sampling. However, transit traffic is not affected. [PR/78712]
• On M160 routers, if the router generates the system log message “router fpcX DXO: Plane 2, links inactive (0x00),” traffic loss and loss of routing protocol adjacencies might occur. [PR/78795]
• On M7i and M10i routers, when the system log for the CFEB becomes full, additional messages are discarded instead of overwriting the oldest messages in the log. [PR/79128]
• On M160 and M40e routers, a hardware error on the Switch Fabric Module (SFM) might cause the board to reboot. [PR/79236]
• When routes in the routing table for a VPLS routing instance go up and down, the count in the requests to learn an existing route field of the output from the show system statistics vpls command might show a high count (in the tens of thousands) and numerous instances of the following message might be written to the system log: "/kernel: vpls_learn_l2addr(): identical addr and ifl existed: addr mac-address, ifl interface-index.” There is no operational impact. [PR/80262]
• On T-series routing platforms, the commit operation succeeds when you include the no-labels statement at the [edit forwarding-options hash-key family mpls] hierarchy level, but MPLS labels are still included in the hash key. [PR/80334]
• For Gigabit Ethernet intelligent queuing (IQ) PICs installed in M-series and T-series routing platforms, system log messages for SFP receive power, laser bias, and temperature alarms might alternate between set and clear. These messages are mostly cosmetic and do not affect performance of the routing platform. [PR/80393]
• ARP records learned in a VPN routing and forwarding (VRF) instance are not cleared when the peer interface goes down. [PR/82247]
• On Fast Ethernet and Gigabit Ethernet PICs, LACP is not supported on an aggregated Ethernet interface that is configured with either extended-vlan-vpls encapsulation or ethernet-vpls encapsulation. As a workaround, use vlan-vpls encapsulation on the aggregated Ethernet interface. This limitation does not apply to aggregated Ethernet interfaces configured on Gigabit Ethernet IQ2 PICs. [PR/94480]
• When aggregated Ethernet interfaces handle a large volume of multicast traffic, the kernel might generate system log messages that include the following text: “request type type did not expect ipc reply type type subtype subtype uniquifier uniquifier.” [PR/95931]
• A firewall filter that matches the forwarding class of incoming packets (that is, includes the forwarding-class class-name statement at the [edit firewall filter filter-name term term-name from] hierarchy level) might incorrectly discard traffic destined for the Routing Engine. Transit traffic is handled correctly. [PR/97722]
• During system boot on J-series Services Routers, you cannot use as the media device a USB device that provides U3 features (such as the U3 Titanium device from SanDisk Corporation). You must remove the U3 support before using the device as a boot medium. For the U3 Titanium device, you can use the U3 Launchpad Removal Tool on a Windows-based system to remove the U3 features. The tool is available for download at http://www.sandisk.com/Retail/Default.aspx?CatID=1415. (To restore the U3 features, you can use the U3 Launchpad Installer Tool accessible at http://www.sandisk.com/Retail/Default.aspx?CatID=1411.) [PR/102645]
• In JUNOS Release 8.0 and later, when you include the static-host-mapping hostname statement at the [edit system] hierarchy level, and then specify that hostname as the value of the source-address statement at the [edit system ntp], [edit system radius-server address], or [edit system tacplus-server address] hierarchy level, the JUNOS software rejects the address with the error message "error: invalid value: hostname." [PR/105347]
• When you enable point-to-multipoint LSPs over an outgoing aggregated Ethernet interface that is configured with circuit cross-connect (CCC) switching, the LSP fails to forward traffic and the following error appears in the system log: "nh_ucast_add." As a workaround, disable the interface and LSP, reenable them in that order, and then clear the RSVP session for the LSP. [PR/105884]
• In the output from the show interfaces aex extensive command, the value in the Output bytes: field might not increment correctly for individual member interfaces listed in the Link section. [PR/228849]
• When IPSec is configured on a logical interface and the protocol family is IPv6, graceful Routing Engine switchover (GRES) might fail if an MTU change is attempted on that interface. [PR/230128]
• On J-series Services Routers, a multilink interface operates correctly when fragments are in round-robin fashion and arrive in order. However, if the fragments are out of order, the interface experiences some latency during packet reassembly and might lose packets. [PR/240019]
• When graceful switchover and redundant LSQ (rlsq-) interfaces are configured, the kernel on the backup Routing Engine might generate a core file. [PR/241502]
• The IP Option Errors section in the output from the show pfe statistics ip options command does not include counters for all possible types of errors. [PR/254653]
• When you designate a 10-Gigabit Ethernet interface as a link in an aggregated Ethernet bundle (by including the 802.3ad aex statement at the [edit interfaces ge-fpc/pic/port gigether-options] hierarchy level) and commit the configuration, the operating system might generate a core file and stop operating. [PR/262424]
• When you change interface configuration from point-to-point encapsulation to Frame Relay encapsulation, the routing platform kernel might generate a core file and stop operating. [PR/265025]
• On an M20 router, when you include the route-accounting statement at the [edit forwarding-options family inet6] hierarchy level, the following message might appear in the system log: "Error requesting SET BOOLEAN, illegal setting 32." The software is in fact functioning correctly. [PR/273762]
• On MX-series routers, when unicast RPF is configured on an interface (the rpf-check statement is included at the [edit interfaces interface-name unit logical-unit-number family inet] hierarchy level), the DPC that houses the interface might generate a core file. [PR/275466]
• On M320 and T-series routing platforms, including the logical-bandwidth-policer statement at the [edit firewall policer] hierarchy level might degrade forwarding performance, cause the Packet Forwarding Engine to generate a core file and stop functioning, or both. [PR/282169]
• In the output from the show interfaces aex extensive command, some counters for input bytes and packets in VPN traffic might not increment correctly if the bundle member that receives them is a physical interface on an IQ2 PIC. [PR/284162]

User Interface and Configuration

• On M20 routers, after a Routing Engine mastership switchover, it might not be possible to enter CLI configuration mode on the new master Routing Engine. Also, the request system reboot and request system halt commands do not clearly fail but do not return the CLI prompt either. [PR/64899]
• In the J-Web configuration editor, when you select System>Syslog >File >filename >Explicit priority, the J-Web event viewer does not show the event ID. When you select System>Syslog >Time format>Millisecond, the J-Web event viewer does not filter messages. [PR/70523]
• If a static route’s next hop is simultaneously edited by two private edit sessions, it might cause a commit conflict and the loss of some next-hop entries. [PR/72039]
• If neither a name server nor static host mappings are configured on a router, JUNOScope software manager operations fail if they require the manager to access the JUNOScope server (an example is copying over software during an upgrade). [PR/82165]
• If the configuration includes both commit scripts (at the [edit system scripts commit] hierarchy level) and control characters from the International Organization for Standardization (ISO) C0 set (included at any hierarchy level), an attempt to commit the configuration fails. As a workaround, remove the control characters. [PR/82384]
• A user cannot log in to the J-Web client through RADIUS or TACACS authentication if the user profile already has authorization parameters specified on the server side. As a workaround, ensure that the user profile parameters are not specified or are set with empty values on the server. [PR/94445]
• If the active configuration on a router includes a large number of groups and apply-groups statements, and you use the load update command to load a candidate configuration that does not include many such groups or statements, the subsequent commit operation can take a long time. Similarly, the commit synchronize operation might take a long time if the active configuration on the backup Routing Engine includes many groups and apply-groups statements and the configuration on the master Routing Engine does not. [PR/229017]
• In some cases, when you commit a configuration that includes the apply-groups statement, the routing protocols process (rpd) restarts even though the configuration in the applied group is not related to routing protocols (for example, when the group defines usernames at the [edit system login] hierarchy level). [PR/259740]
• Even though the trace permission is included at the [edit system login class class-name permissions] hierarchy level, users who belong to the login class receive the following error when they issue the show log command: "error: permission denied: log." As a workaround, add the trace-admin permission to the list of permissions. [PR/278950]

Interfaces and Chassis

• On aggregated SONET/SDH interfaces, the counter for drops and errors in the show interfaces command output does not display the correct value, because the counter does not collect data from the constituent interfaces within the aggregate. [PR/23577]
• On ATM interfaces, when the IP address of a remote device is changed, the output of the show ilmi interface command on the local routing platform might continue to display the old IP address for the remote device. [PR/24126]
• On channelized E1 interfaces, you might be able to configure clocking on ds-fpc/pic/port:n interfaces, where n is not unit 0. This is an invalid configuration and might cause a clocking selection problem on the other channels. [PR/24722]
• If virtual channel identifiers (VCIs) for a large number (approximately 400) of virtual connections (VCs) on an ATM DS3 interface are changed frequently, the interface might mishandle the ATM cells. As a result, OSPF and IS-IS neighbor adjacencies might not remain stable. [PR/25639]
• On a 2-port OC12 ATM2 IQ interface, the total virtual path (VP) downtime might not appear correctly in the show interfaces command output. [PR/27128]
• On a 2-port OC12 ATM2 IQ interface, if you configure and then change the virtual path (VP) setting, the SNMP jnxAtmVpTotalDownTime counter might be reset. [PR/27131]
• On an OC3 ATM2 intelligent queuing (IQ) interface, when you configure a shaping rate greater than the speed of the OC3 link and commit the configuration, the actual shaping rate might be less than the interface speed. [PR/27459]
• On ATM2 IQ interfaces, when you configure the atm-l2circuit-mode statement at the [edit chassis fpc slot-number pic pic-number] hierarchy level, the control word sequence number is not reset to 1 after the transmit sequence number reaches 65,535. [PR/31669]
• On M20 and M40 routers, when a physical layer problem affects a SONET/SDH interface, carrier transition statistics might not increment correctly in the output of the show interfaces extensive command. [PR/33325]
• When you configure both the bundle link and constituent links at the [edit logical-routers logical-router-name interfaces] hierarchy level, the constituent links do not come up. As a workaround, configure the constituent links at the [edit interfaces] hierarchy level. [PR/35578]
• On ATM2 DS3 and E3 interfaces, when you configure ATM point-to-multipoint permanent virtual circuits (PVCs), the following error messages might appear in the system log: “/kernel: RT_COS: COS IPC op 4 (CLASS TO IFL) failed, err 1 (Unknown),” “ssb BCHIP 0: invalid entry type 127 at stream 8 channel 0 for ifl 83,” and “ssb COSMAN: mapping table bind to ifl 83 failed.” There is no operational impact. [PR/36524]
• When an ATM interface configured for circuit cross-connect (CCC) encapsulation receives MPLS packets that exceed 484 bytes, the packets can overflow the buffer and cause the ATM PIC to hang. As a workaround, take the PIC offline and bring it back online. [PR/39918]
• When you apply an IPSec firewall filter to match traffic sent across a generic routing encapsulation (GRE) tunnel and originating from the local routing platform, the local traffic is dropped. Transient traffic is not affected. [PR/44871]
• On channelized T3 interfaces, the T1 loopback state does not reflect loopbacks set by facilities data link requests using the remote-loopback-respond statement at the [edit interfaces interface-name t1-options] hierarchy level. [PR/45837]
• On a Link Services PIC with Multilink Frame Relay (MLFR) configured, the ping command might fail when the data-link connection identifier (DLCI) is greater than 335. [PR/49567]
• On a Link Services PIC, the CLI might incorrectly allow you to configure a logical tunnel interface (interface identifier lt); the resulting interface might not work correctly. [PR/49818]
• If an MLPPP LSQ bundle carries a large volume of link fragmentation and interleaving (LFI) traffic and a small proportion of multilink traffic, packets might be dropped on the egress constituent links. [PR/56664]
• For ISDN dialer interfaces in a J-series Services Router, when you configure the no-keepalives statement at the [edit interfaces dl0 unit logical-unit-number] hierarchy level and you issue the show interfaces dl0 command, the Link flags field might still show Keepalives. [PR/58520]
• If you disable an adaptive services interface by including the disable statement at the [edit interfaces sp-fpc/pic/port] hierarchy level and then delete the disable statement from the configuration, IPSec service is not reset correctly. As a workaround, either issue the deactivate services command followed by the activate services command, or issue the request chassis pic offline fpc-slot slot-number pic-slot pic-number command followed by the request chassis pic online fpc-slot slot-number pic-slot pic-number command. [PR/58522]
• On ISDN interfaces in a J-series Services Router, if you include the vrf-table-label statement at the [edit routing-instances instance-name] hierarchy level, packets might be dropped from the connection. [PR/59718]
• On ISDN dialer interfaces in a J-series Services Router, if you include the minimum-links statement at the [edit interfaces dl0 unit logical-unit-number] hierarchy level and then deactivate the BRI interface associated with the dialer interface, the output packets counter displayed in the output of the show interfaces dl0 command might continue to increment. [PR/59986]
• On ISDN dialer interfaces in a J-series Services Router, when you include the load-threshold 100 statement at the [edit interfaces dl0 unit logical-unit-number dialer-options] hierarchy level and the 56-Kbps bandwidth threshold is exceeded, the interface does not support additional network traffic and might not activate another BRI interface. [PR/60045]
• When a switchover event occurs on a routing platform configured with IS-IS, MPLS, and graceful Routing Engine switchover (GRES), the routing platform might end the PPP IP Control Protocol (IPCP) sessions and renegotiate them if the remote side has changed interface MTU settings prior to the switchover event. [PR/61121]
• If you configure graceful Routing Engine switchover and issue the request chassis routing-engine master acquire command, in rare cases the master Routing Engine might fail to relinquish mastership, or the switchover to the backup Routing Engine might take up to 360 seconds. [PR/61821]
• For Automatic Protection Switching (APS) on SONET/SDH interfaces, there are no operational mode commands that display the presence of APS mode mismatches. An APS mode mismatch occurs when one side is configured to use bidirectional mode, and the other side is configured to use unidirectional mode. [PR/65800]
• For aggregated Ethernet interfaces on T640 and TX Matrix platforms, the show interfaces extensive command sometimes reports extremely large incorrect values in the Dropped packets column of the Queue counters output. As a workaround, issue the clear interfaces statistics command. [PR/65857]
• For some types of Gigabit Ethernet interfaces on J4350 and J6350 Services Routers, if you configure loopback mode (by including the loopback statement at the [edit interfaces interface-name gigether-options] hierarchy level), the interface goes down. This applies to the four built-in Gigabit Ethernet ports (ge-0/0/0 through ge-0/0/3) and the 1-port Gigabit Ethernet ePIM. [PR/72381]
• J4350 and J6350 Services Routers might not have enough data buffers to meet expected delay-bandwidth requirements. Lack of data buffers might degrade CoS performance with smaller-sized packets (500 bytes or less). [PR/73054]
• On M20 routers, when you start the router with Routing Engine 0 and System and Switching Board (SSB) 0 as master components, issue the request chassis routing-engine master switch command, and then log in to Routing Engine 1 and issue the request chassis ssb master switch and request system reboot commands, the ONLINE LED might remain lit on both SSBs. [PR/74283]
• If you include the per-unit-scheduler statement at the [edit interfaces interface-name] hierarchy level, the operating system might generate a core file. [PR/74406]
• On J-series Services Routers, the counts of input and output bytes and packets in the output of the show interfaces dl0 extensive command (for example, in the Traffic statistics section of the output) might be incorrect. [PR/77922]
• The JUNOS software does not always correctly handle MTU settings for individual protocol families, as configured by including the mtu statement at the [edit interfaces interface-name unit logical-unit-number family family-name] hierarchy level. Specifically: 1) If you explicitly set the MTU to the default value and then remove the mtu statement, the User-MTU flag in the output from the show interfaces command is not removed for the logical interface. 2) When you remove the mtu statement for a nonnegotiable interface, the MTU value is not reset to the default. 3) When you explicitly set the mtu statement to the default value, the User-MTU flag might not be set correctly. [PR/77975]
• On the M120 router, for a Forwarding Engine Board (FEB) redundancy group that does not have a primary FEB configured, when a switchover from a nonprimary FEB occurs, the backup FEB does not reboot and the Flexible PIC Concentrators (FPCs) connected to the previously active FEB remain online. The backup FEB could take minutes to obtain the entire forwarding state from the Routing Engine following a switchover. If you do not want the interfaces to remain online during the switchover for a nonprimary FEB, configure a primary FEB for the redundancy group at the [edit chassis redundancy feb] hierarchy level. [PR/80946]
• On J4350 and J6350 Services Routers, if the MTU is set to more than 6KB for a built-in Gigabit Ethernet port or a 1-port Gigabit Ethernet ePIM, packets might be discarded with an FCS error. [PR/82245]
• If you ping a nonexistent IPv6 address that belongs to the same subnet as an existing point-to-point link, the packet loops between the two point-to-point interfaces until the time to live expires. [PR/94954]
• If the 2-port Gigabit Ethernet IQ PIC unexpectedly goes offline or loses power, interfaces on the PIC might fail to come back online. As a workaround, manually take the PIC offline and bring it back online. [PR/96718]
• Flow control is enabled for Ethernet interfaces by default, but when they join an aggregated Ethernet bundle they are supposed to inherit the setting for a bundle, which by default is “disabled.” Instead, they retain their enabled setting. As a workaround, include the flow-control or no-flow-control statement at the [edit interfaces aex aggregated-ether-options] hierarchy level to set flow control for the bundle and all member interfaces. [PR/99186]
• If the delay between VRRP advertisement packets is set to a small value (such as 100 ms) for a number of VRRP groups, and the router configuration is changed and committed several times in quick succession, the VRRP mastership state might be unstable. In other words, if the value of the fast-interval statement at the [edit interfaces interface-name unit logical-unit-number family inet address address vrrp-group group-number] hierarchy level is 100 for several VRRP groups, and configuration changes are committed several times in quick succession (even changes at other levels of the hierarchy), a VRRP backup router might assume mastership and immediately release it again. As a workaround, set the value of the fast-interval statement to 300 or higher. [PR/102111]
• On J-series Services Routers running JUNOS Release 8.3 or later, a Channelized T1/E1/ISDN PRI PIM running firmware version 2.3 or earlier might not initialize or might have clocking problems. After an upgrade to JUNOS Release 8.3 or later, verify the firmware version of any Channelized T1/E1/ISDN PRI PIM by issuing the show system firmware command. If the firmware version is not 2.4 or later, contact Juniper Networks customer support (see Requesting Technical Support). [PR/102638]
• The output of the show interfaces diagnostics optics command includes the Laser rx power low alarm field even if the transceiver is a type (such as XENPAK) that does not support this alarm. [PR/103444]
• When IPSec is configured on a logical interface and the protocol family is IPv6, graceful Routing Engine switchover (GRES) might fail if an MTU change is attempted on that interface. [PR/230128]
• When you configure the default-address-selection statement at the [edit system] hierarchy level, Routing Engine graceful restart may cause GPRS support node (GGSN) services to be unreachable. [PR/232197]
• When you issue the show chassis ethernet-switch statistics command on a routing platform with graceful Routing Engine switchover enabled, the two Routing Engines might be unable to exchange information for about 2 seconds. [PR/233779]
• When a redundant power supply is removed from an M7i or M10i router, the show chassis environment command correctly shows the supply’s status as Absent, but continues to display a temperature for it. [PR/241055]
• Under certain circumstances, the chassis process (chassisd) does not correctly attach a PIC during initialization of its host FPC. [PR/241221]
• On M120 routers, MultiServices PICs might fail to come online after graceful Routing Engine switchover. [PR/250819]
• When you configure an IPv6 address as the primary or preferred address for an interface (by including the primary or preferred statement at the [edit interfaces interface-name unit logical-unit-number family inet6 address ipv6-address] hierarchy level) and commit the configuration, messages like the following are written to the system log: "DCD_CONFIG_WRITE_FAILED: Interface 'interface-name' configuration write failed for an IFA CHANGE: Operation not supported". [PR/258531]
• In the IPv6 transit statistics section of the output from the show interfaces command for an interface that has an IPv6 address, the counts of input and output bytes and packets sometimes go down over time instead of increasing monotonically. [PR/260704]
• When you configure MLFR UNI NNI (FRF.16) bundles on link services IQ interfaces, a certain mix of traffic might cause a lower-priority queue to be starved when packets expire after not being scheduled for some time. [PR/262901]
• When a Fast Ethernet interface is connected to a Gigabit Ethernet interface that is configured for full duplex without autonegotiation, the information for the Fast Ethernet interface is incorrect in the Autonegotiation information section of the output from the show interfaces extensive command. [PR/263957]
• When you enable graceful Routing Engine switchover on the router and passive OAM monitoring on an interface (by including the oam-period disable all statement at the [edit interfaces at-fpc/pic/port atm-options vpi index] hierarchy level) and commit the configuration, the backup Routing Engine generates a core file and restarts. [PR/266265]
• The chassis process (chassisd) does not release allocated memory correctly after executing the show chassis hardware extensive command. [PR/268925]
• On J-series Services Routers, Ethernet frames smaller than 64 bytes might not pass through an IPSec tunnel. [PR/268965]
• On a router configured for graceful Routing Engine switchover, if the backup Routing Engine is running JUNOS Release 8.1 or later and the master Routing Engine is running JUNOS Release 8.0 or earlier, updates might not be made to the forwarding table. [PR/273492]
• When you restart an IQ2 PIC, interfaces might not be taken down correctly. As a result, traffic continues to be directed to the interfaces and is lost. [PR/276125]
• For a routing node in a routing matrix, when you remove a hardware component from the chassis, alarms are cleared for that component (which is correct), but also for all components of the same type. [PR/278672]
• When a physical interface in a link services IQ multilink bundle goes down and comes up again, the PIC might generate a core file and write a message like the following to the PIC console: ""coredump requested by CPU 12: thread hogged CPU." As a workaround, include the drop-timeout 0 statement at the [edit interfaces lsq-fpc/pic/0] hierarchy level to prevent the failure. [PR/281696]
• On a router with Frame Relay multilink configured on an MS 400 PIC or on a channelized DS3 PIC, when the minimum links value for the Frame Relay interface is set to 8 and a link is deactivated from the configuration, the link remains up. [PR/285244]
• When you insert an OC-192 SONET/SDH PIC that uses XFP optics into an Enhanced Type 3 FPC on a T640 routing node, the FPC might generate a core file. [PR/288884]
• Under the following conditions, a logical interface configured for VRRP (the vrrp-group statement is included at the [edit interfaces interface-name unit logical-unit-number family family address address] hierarchy level) does not initialize properly and the output for it from the show vrrp summary command displays the value bringup in the VR State field: (1) the logical interface is configured with dual VLAN tags (the vlan-tags statement is included at the [edit interfaces interface-name unit logical-unit-number] hierarchy level) (2) the configuration for another logical interface of the same physical interface includes the vlan-id statement at the [edit interfaces interface-name unit logical-unit-number] hierarchy level. The problem can occur even though the interfaces do not belong to the same VRRP group. [PR/288975]

Services Applications

• The output of the show services nat pool command displays duplicate entries for a single Network Address Translation (NAT) pool. [PR/34678]
• The show services accounting flow-detail extensive command sometimes displays incorrect information about input and output interfaces. [PR/40446]
• When you configure intrusion detection service (IDS) on J-series platforms, including the threshold statement at the [edit services ids rule rule-name term term-name then logging] hierarchy level has no effect. [PR/46577]
• On Adaptive Services PICs configured for IPSec tunnel redundancy, if there are a large number of tunnels, sometimes a few of the tunnels might switch over to the backup tunnel. [PR/46733]
• On routing platforms configured for Internet Key Exchange (IKE)-based IPSec, if a remote peer using other vendors’ equipment does not renegotiate the IKE security association (SA) when it is about to expire and continues to send dead peer detection (DPD) requests on the same SA, the routing platform might not be able to reply to these messages. [PR/47004]
• If the socket buffer becomes full on a remote router, you cannot clear all the IPSec security associations (SAs) from the router. [PR/55189]
• When a routing platform is configured for graceful Routing Engine switchover and Adaptive Services (AS) PIC redundancy, and a switchover to the backup Routing Engine occurs, the redundant services interface (rsp-) always activates the primary services interface (sp-), even if the secondary interface was active before the switchover. [PR/59070]
• On Monitoring Services I and Monitoring Services II PICs, if the export channel to the external cflowd collector is closed, cflowd records might be lost. As a workaround, restart the PIC. [PR/59432]
• On Monitoring Services II PICs configured for flow collection services, during memory overload conditions, the flow collector interface might create files lacking cflowd records and these files might not be sent to the external FTP server. [PR/62599]
• When you modify a flow collection configuration and commit the changes, the system log might contain error messages regarding the commit operation. These messages do not affect the operation of the router and can be ignored. [PR/64201]
• On J-series Services Routers, an SNMP query returns a zero value for the data link switching (DLSw) MIB object dlswTConnTcpConfigKeepAliveInt even if you implement keepalives. [PR/70002]
• For Adaptive Services II PICs, even if you do not configure flow collector services, a temporary file might be created every 15 minutes in the /var/log/flowc/ directory. The file is deleted if there are no clients, and re-created only when a client connects and attempts to write to the file. [PR/75515]
• The JUNOS software does not issue a warning when you configure an address as both the destination IP address of a voice-over-IP (vp-) interface and the primary address of another interface on the router. This configuration is not valid, and can disrupt forwarding of traffic to the voice-over-IP interface. [PR/75535]
• On J4350 and J6350 Services Routers, when an Avaya TGM550 PIM is in reset state, the Services Router might not respond to show chassis commands for up to 5 seconds. [PR/78695]
• When you configure flow monitoring version 9 with MPLS or MPLS-IPv4 templates on a TX Matrix platform (by including the appropriate statements at the [edit services flow-monitoring version9] hierarchy level), connected routing nodes might generate a core file. Similarly, with dual Routing Engines, when you perform the commit synchronize operation on a routing platform that has dual Routing Engines, graceful Routing Engine switchover enabled, and the aforementioned flow monitoring version 9 configuration, the backup Routing Engine generates a core file. [PR/98372]
• It is not valid to specify the value aes-192-cbc or aes-256-cbc for the algorithm statement at the [edit security ipsec security-association sa-name manual direction direction encryption] hierarchy level. An attempt to commit the configuration fails (which is appropriate), but the error message refers to the wrong algorithm: "aes-128-cbc algorithm is not supported for IKE and IPSec configuration in security hierarchy." [PR/228971]
• When the packet gateway receives a packet that has TransactionID set to zero, the TransactionID in its reply might be a number other than zero. [PR/229145]
• On MultiServices PICs, when you configure Packet Gateway Control Protocol (PGCP) and include an incorrect value for the inactivity timer, the router might generate error code 442 when it should be generating error code 449. [PR/229150]
• When a port pool runs out of resources, the packet gateway sends error code 500 instead of the code specified in the ITU-T H.248 standard (510). [PR/229157]
• On a MultiServices 400 PIC, when you configure dynamic flow capture (DFC), if the PIC receives large amounts of data and Dynamic Tasking Control Protocol (DTCP) traffic, in some cases the interface might go down and the PIC might not be able to reestablish a connection with the Routing Engine. [PR/230189]
• On MultiServices PICs installed in T640 routing nodes, when you configure Packet Gateway Control Protocol (PGCP) and issue the show services pgcp termination termination-id command, only one termination is displayed in the output. [PR/230949]
• When the Packet Gateway Control Protocol (PGCP) gateway receives a request in which the TransID field includes the value 4294967295, the gateway might restart. [PR/233315]
• The PG process returns an Error 500 (-100) when an add request is sent by the PGC process. [PR/233497]
• When the packet gateway controller (PGC) sends a message to the packet gateway (such as an AU [audit] message), it specifies an event ID. The packet gateway might incorrectly include a different event ID in its reply. [PR/233500]
• If you send an erroneous add command, a zero termination ID is created on the PG and can be displayed using the show services pgcp terminations command. [PR/233542]
• The show services pgcp gates gateway-name command does not display the Differentiated Services code point (DSCP) value properly. [PR/234264]
• On MX-series Ethernet services routers, when you deactivate the internal-node statement at the [edit class-of-service interfaces interface-sets interface-set-name] hierarchy level, the internal node might not be deactivated. [PR/235076]
• On routers configured for Packet Gateway Control Protocol (PGCP), if the packet gateway uses a long string (longer than 80 characters) to represent the termination ID, the gateway might fail to return the full termination name when an event is reported. [PR/235512]
• The output from the show services pgcp root-termination command does not reflect changes to certain settings. [PR/236141]
• On some J-series Services Routers, when you press the F10 key to save and exit from BIOS configuration mode, the operation might not work as expected. As a workaround, use the Save and Exit option from the Exit menu. This issue affects J4350 and J6350 routers with BIOS Version 080011 and J2320 and J2350 routers with BIOS Version 080012. [PR/237721]
• On some J-series Services Routers, the Clear NVRAM option in the BIOS configuration mode does not work as expected. This issue affects J4350 and J6350 routers with BIOS Version 080011 and J2320 and J2350 routers with BIOS Version 080012. To help mitigate this issue, keep records of any changes you make to the BIOS configuration, so that you can revert to the default BIOS configuration as needed. [PR/237722]
• When a packet-gateway subtract command does not include an audit descriptor, an inappropriate error message is returned: ‘ER=444{"An unknown descriptor was received}.’ [PR/240758]
• The Adaptive Services II PIC might suddenly generate a core file and stop operating. [PR/251960]
• When you open an FTP connection from the JUNOS CLI and issue the mget command on the FTP client, the operation might stop suddenly. In this situation, the output from the show services stateful-firewall conversations service-set set-name command for the FTP connection refers to TCP port 0, which is not a valid value. [PR/271380]

General Routing

• LDP sessions might go down and remain in an inoperative state for a long time (one indication is that the value OpenSent or Closing persists over time in the State: field of the output from the show ldp session extensive command). This problem occurs when BGP must evaluate a large number of AS paths as required by the following configuration: (1) the value of each of several as-path policy-name statements at the [edit policy-options] hierarchy level is a regular expression containing a large number of AS path index numbers (2) such policies are each specified as the value of a from as-path statement at the [edit policy-options policy-statement statement-name] hierarchy level (3) several such policy statements are specified as values for the import statement at the [edit protocols bgp] hierarchy level. [PR/229273]
• If the “from” clause in a policy refers to the routing table used by a VPN routing and forwarding (VRF) instance, and you change the route distinguisher for that VRF instance, the routes in the routing table become unusable. In terms of configuration statements, the routing table is the value of the rib statement at the [edit policy-options policy-statement policy-name term term-name from] hierarchy level, and the route distinguisher is defined by the route-distinguisher statement at the [edit routing-instances routing-instance-name] hierarchy level for the VRF instance. As a workaround, deactivate the policy-statement statement temporarily while changing the route distinguisher. [PR/254398]

Layer 2 Ethernet Services

• On MX-series routers, when you configure VPLS over an LSI interface, classification does not work on the egress PE router for traffic flowing from the core of the network to the egress CE router. [PR/240777]
• On MX-series routers running JUNOS Release 8.4 and later, entries in the MAC address table expire three times faster than on MX-series routers running JUNOS Release 8.3 and earlier, and on M-series and T-series routing platforms running any release of the JUNOS software (including JUNOS Release 8.4 and later). To configure the correct effective value on MX-series routers running JUNOS Release 8.4 and later, specify a value for the mac-table-aging-time statement at the [edit protocols l2-learning] hierarchy level that is three times the desired value. For example, if you want the expiration time to be 15 seconds, specify 45 seconds. [PR/241485]

Routing Protocols

• When you include the as-path atomic-aggregate statement at the [edit routing-options aggregate defaults as-path] hierarchy level to manually add the ATOMIC_AGGREGATE attribute on a BGP AS path, the attribute is not added. [PR/2527]
• When you issue the show pim statistics command to view traced PIM protocol traffic, messages sent to the rendezvous point (RP) might not increment the Register counter. [PR/13887]
• When you issue the mtrace command from a UNIX client, the router does not respond to a query that requires multicast response, but responds correctly to any query that requires unicast response. As a result, the first two probes time out. The third probe is the unicast response probe, which usually succeeds. [PR/17237]
• The CLI allows you to commit a configuration that specifies a value higher than 32 for the metric statement at the [edit protocols dvmrp interface all] hierarchy level, but values higher than 32 are invalid. [PR/33429]
• If a router receives a Pragmatic General Multicast (PGM) Source Path Message (SPM), it does not create a forwarding cache, nor does it forward the message to other routers as a heartbeat, as specified in RFC 3208. Also, the router’s multicast cache might time out if it does not receive actual PGM data (ODATA) for more than 6 minutes. As a workaround, configure the PGM source application to send PGM ODATA at least once every 6 minutes. The ODATA acts as the heartbeat message in lieu of the SPM messages and ensures that the multicast and forwarding caches are created and updated. [PR/37504]
• If you configure the sham-link statement at the [edit routing-instances instance-name protocols ospf area] or [edit routing-instances instance-name protocols ospf] hierarchy level on a provider edge (PE) router, extraneous OSPF link-state advertisements (LSAs) might be added. In some cases, this can result in a routing loop between the customer edge (CE) and PE routers. [PR/40000]
• The address fields in the BGP MIB are not compatible with IPv6 address lengths. [PR/51150]
• When you configure damping globally and use the import policy to prevent damping for specific routes, and a peer sends a new route that has the local interface address as the next hop, the route is added to the routing table with default damping parameters, even though the import policy has a nondefault setting. As a result, damping settings do not change appropriately when the route attributes change. [PR/51975]
• When the Internet Group Management Protocol (IGMP) multicast listener discovery (MLD) source-specific multicast (SSM)-Map feature is enabled on a LAN interface with multiple receiving hosts, the router might continue to forward traffic for the group until the IGMP group membership timeout interval expires, even though all receivers might have already left the group. [PR/61538]
• When the configuration for an Ethernet interface includes both the interface-type p2p and ldp-synchronization statements at the [edit protocols ospf area area-id interface interface-name] hierarchy level, during initialization of LDP sessions OSPF advertises the maximum cost metric for both the point-to-point and stub links of the interface. This is inconsistent with other interface types (such as SONET/SDH), on which OSPF advertises the maximum metric cost for the point-to-point link only. [PR/66885]
• When you issue the show ldp traffic-statistics command, the following system log message might be generated for all forwarding equivalence classes (FECs) with an ingress counter set to zero: “send rnhstats GET: error: ENOENT -- Item not found.” [PR/67647]
• If ICMP tunneling is enabled on the router and you configure a new logical router that does not have ICMP tunneling enabled, the feature is globally disabled. [PR/81884]
• For the igmpInterfaceIfIndex object in the Internet Group Management Protocol (IGMP) MIB (IGMP-STD-MIB), the routing platform reports the ifIndex value of the logical interface instead of the expected snmpIfIndex value for the index of the table. [PR/98358]
• When you specify a link-local interface for the interface statement at the [edit routing-options rib inet6.0 static route address/mask-length qualified-next-hop address] hierarchy level, the commit operation fails with the message "RT: next-hop interface-name is not point-to-point." [PR/99293]
• When the first PIM Join message for a group within a configured SSM group range is received, a forwarding cache entry for the group is created even if doing so violates the reuse or suppression values specified at the [edit routing-options multicast forwarding-cache threshold] hierarchy level. [PR/103225]
• When a new receiver joins a multicast group that already has a receiver upstream of the RP, the new receiver might not receive multicast traffic for up to 120 seconds. [PR/228708]
• When routes are exported into OSPF and then OSPF is deactivated, the routing protocol process (rpd) might generate a core file and stop operating. [PR/232362]
• When the flow of multicast traffic changes because an OSPFv3 link goes down, the output from the show multicast statistics inet6 command reports incorrect values in the In kbytes and In packets fields for the new ingress interface. [PR/234969]
• When PIM receives an (*,G) leave and an (S,G) join for an (S,G) entry that has been pruned and when the neighbor entry is deleted, the JP state for the (S,G) join is not deleted, resulting in PIM going into an infinite loop. [PR/235978]
• If you disable an interface, delete one of its addresses, and reenable it, the correct NSSA LSAs might not be sent. As a result, traffic is lost because OSPF neighbors that retain the deleted address as a next hop in their routing tables continue forwarding traffic to it. [PR/238360]
• The # SECRET-DATA flag is appended to the authentication-type statement at the [edit protocols isis level level] hierarchy level. The flag is only appropriate for encrypted passwords (for example, for the authentication-key statement at the same hierarchy level). [PR/239648]
• PIM anycast does not work correctly when the traffic source is connected to the rendezvous-point router. [PR/256637]
• The output from the show route advertising-protocol bgp neighbor-address community community-id command is not correct if you specify a particular value (such as 11111:2222) for community-id. As a workaround, instead specify the wildcard value *.*. [PR/265624]
• When you activate or deactivate an aggregate route filter (represented by the aggregate statement at the [edit routing-options rib routing-table] hierarchy level, its contributing members are not reevaluated and the filter continues to function as before the change. [PR/270115]
• If you configure an OSPF point-to-point interface in a routing instance (by including the interface-type p2p statement at the [edit routing-instances routing-instance-name protocols ospf area area-id interface interface-name] hierarchy level) and redistribute the interface into the main routing instance (by including the rib-group group-name statement at the [edit routing-instances routing-instance-name protocols ospf] hierarchy level and the import-rib [ inet.0 ] statement at the [edit routing-options rib-group group-name] hierarchy level), the interface is not redistributed and messages like the following appear in the system log: " cannot perform nh operation ADDANDGET nhop 0.0.0.0 type unicast index 0 errno 45." [PR/271130]
• When both of the following conditions apply, a change in interface status (up or down) causes a BGP status change: (a) there are more than 255 unnumbered interfaces without a destination address (the unnumbered-address lo0.0 statement is included at the [edit interfaces interface-name unit logical-unit-number family inet] hierarchy level for more than 255 logical interfaces) (b) the BGP local address (specified by the local-address statement at the [edit protocols bgp group group-name] hierarchy level) is the last one in the list of addresses included at the [edit interfaces lo0 unit 0 family inet] hierarchy level. As a workaround, either use an unnumbered interface that has a destination address or do not set the BGP local address to an unnumbered interface. [PR/277202]
• Using PIM, certain multicast routing topologies might cause delays in multicast route convergence. [PR/282109]
• When BGP multipath is enabled (the multipath statement is included at the [edit protocols bgp group group-name] hierarchy level) and route updates arrive from multipath and nonmultipath peers in a certain order, load balancing across paths might stop working correctly. [PR/288694]

MPLS Applications

• If you configure a label-switched path (LSP) with the no-cspf statement at the [edit protocols mpls] hierarchy level, the LSP might cycle up and down several times before stabilizing. [PR/10415]
• If a circuit cross-connect (CCC) LSP traverses a forwarding-adjacency LSP, traffic forwarding might be affected. [PR/60088]
• RSVP graceful restart does not function for LSPs that have a forwarding adjacency (FA) label-switched path (LSP) as a next hop. [PR/60256]
• When you modify the primary path for an MPLS LSP by using the delete protocols mpls label-switched-path lsp-path-name primary path-name command in configuration mode, followed by the set protocols mpls label-switched-path lsp-path-name primary path-name command, and then issue the commit command, the entire LSP (both primary and secondary) is torn down and then rebuilt from scratch. As a workaround, issue the delete protocols mpls label-switched-path lsp-path-name primary path-name command in configuration mode followed by the commit command. Then issue the set protocols mpls label-switched-path lsp-path-name primary path-name command followed by the commit command. [PR/62365]
• When you enable per-packet load balancing on parallel label-switched paths (LSPs), the output of the show mpls lsp ingress command might display all the routes on only one of the LSPs even when traffic is evenly balanced across the LSPs. [PR/70487]
• On M-series and T-series routing platforms, if MPLS traffic is being forwarded on the secondary path of an LSP when the primary path is also functional, the Traffic statistics section of the output from the monitor label-switched-path lsp-name command might show incorrect values. [PR/80591]
• On an M-series router configured for LDP, if you use the jinstall package to upgrade the JUNOS software, the following spurious error message might appear on the console: "Routing protocols process: task_get_port: getservbyname("ldp", "tcp") failed, using port 646." [PR/102209]
• The show mpls lsp detail command does not display an LSP’s setup and hold priorities (the Priorities field is omitted) if they are set to their default values, even if the defaults are set explicitly at the [edit protocols mpls label-switched-path path-name priority] hierarchy level. As a workaround, issue the show mpls lsp defaults command to display the priority values. [PR/103128]
• On an M120 router, the ping mpls rsvp command fails when an LSP is configured for link protection (the link-protection statement is included at the [edit protocols mpls label-switched-path lsp-name] hierarchy level) and traffic is being routed through the bypass LSP. [PR/233693]
• When refresh reduction extensions are enabled on RSVP interfaces, MPLS LSPs might not be established with other vendors’ routers. As a workaround, remove the aggregate statement and add the no-aggregate statement at the [edit protocols rsvp interface interface-name] hierarchy level. [PR/235636]
• In the output from the show mpls lsp command, the column labeled ActivePath is about 16 characters wide. When the name of an LSP path is longer than that, subsequent values on the line do not align correctly with their headers. [PR/237229]
• When RSVP Resv messages (generated by another vendor’s routers) include the Node-Id subobject in an RRO, a bypass LSP with node-link protection is not established as configured. [PR/237491]
• If you change the authentication method for an LDP session from an authentication key to an authentication key chain (or vice versa), unrelated LDP sessions might go down along with the directly affected LDP session. In terms of configuration statements, this means changing between the authentication-key and authentication-key-chain statements at the [edit protocols ldp session session-id] hierarchy level. [PR/258395]
• When the target of the ping mpls rsvp command is another vendor’s router, the value in the Local transmit timed field is a UNIX timestamp instead of an NTP timestamp as specified by RFC 4379. [PR/289535]

VPNs

• When you modify the frame-relay-tcc statement at the [edit interfaces interface-name unit logical-unit-number] hierarchy level of a Layer 2 VPN, the connection for the second logical interface might not come up. As a workaround, restart the chassis process (chassisd) or reboot the router. [PR/32763]
• If a provider edge (PE) router configured for BGP-based VPLS loses connectivity with local customer edge (CE) routers, the PE router might drop all pseudowires to other PE routers. If you have configured an integrated routing and bridging (IRB) interface in a VPLS instance on the PE router, the loss of connectivity to CE routers means that traffic from the IRB interface to the CE routers is blocked. [PR/238718]

Class of Service

• When you configure an ES PIC, a message similar to the following might be written to the system log: “fpc0 LCHIP(3): Unable to fathom what channel used by IFD id.” There is no operational impact. [PR/36184]
• If you deactivate or activate an aggregated Ethernet interface, the Packet Forwarding Engine might report errors. [PR/50090]
• When a logical tunnel (lt) interface is the outbound interface and you include the ieee-802.1 statement at the [edit class-of-service interfaces lt-fpc/pic/port unit logical-unit-number rewrite-rules] hierarchy level, the commit operation fails. [PR/55903]
• If you try to configure a scheduler map containing two forwarding classes that are mapped to the same queue, the class-of-service scheduler is not applied to the Packet Forwarding Engine. As a workaround, configure a single forwarding class for each available queue. [PR/57907]
• On M-series routers connected by VLAN circuit cross-connects (CCCs) and configured with class of service (CoS), when explicit forwarding (EF) traffic is generated from the ingress customer edge router (CE1) to the egress customer edge router (CE2), the ingress provider edge router (PE1) properly marks the packets with default EXP bits and sends the packets out queue 1, but the intermediary core router forwards all traffic through queue 0 instead of sending it through the EF queue. As a workaround, include the no-control-word statement at any of the following hierarchy levels: [edit logical-routers logical-router-name protocols l2circuit neighbor address interface interface-name], [edit protocols l2circuit neighbor address interface interface-name], [edit logical-routers logical-router-name routing-instances routing-instance-name protocols l2vpn], or [edit routing-instances routing-instance-name protocols l2vpn]. [PR/65280]
• When you configure a specific classifier for a logical unit, it does not override the fixed classifier configured using wildcards. [PR/68888]
• If you configure CoS traffic control profiles on every logical interface by using the * wildcard to represent the interfaces, the configuration cannot be committed. In other words, the commit operation fails if you include the input-traffic-control-profile and output-traffic-control-profile statements at the [edit class-of-service interfaces type-fpc/pic/port *] hierarchy level. [PR/100690]
• On M120, M320, and MX-series routers, if the value set by the transmit-rate statement at the [edit class-of-service schedulers scheduler-name] hierarchy level is larger than the value set by the buffer-size statement at that level, forwarding latency is greater than expected. [PR/233213]
• If you configure the tri-color statement at the [edit class-of-service] hierarchy level, the drop counters in the output of the show interfaces queue command appear to not work for medium-high (yellow) priority traffic and low (green) priority traffic. The drop counter for high priority traffic (red) functions normally. [PR/258499]
• In JUNOS Release 8.4 and later, the commit or commit-check operation fails if a rewrite rule is defined both at the [edit class-of-service interfaces interface-name unit logical-unit-number rewrite-rules] hierarchy level and in a configuration group (defined at the [edit groups] hierarchy level) that is applied to that interface. The correct behavior is for the directly applied rule to override the rule inherited from the configuration group. [PR/261229]
• If you apply an IEEE classifier to a logical unit in an interface wildcard (for example, by including the ieee-802.1 classifier-name statement at the [edit class-of-service interfaces ge-* unit logical-unit-number] hierarchy level) and apply a different classifier to a logical unit of a specific interface whose name matches the wildcard (ge-4/1/0 is an example in this case), the classifier on the specific interface does not work correctly. [PR/267189]
• The output from the show class-of-service interface interface-name command includes the Input scheduler map field even when you configure egress-only mode for the PIC that houses the interface (by including the mode egress-only statement at the [edit chassis fpc slot-number pic slot-number traffic-manager] hierarchy level). [PR/275038]
• When you restart an M320 router, FPCs that house IQ PICs might generate a core file during initialization and stop operating. In this situation, an FPC's status is Present in the output from the show chassis fpc detail command. As a workaround, remove all FPCs before restarting the router, restart the router, and insert the FPCs one at a time, waiting for each to initialize before inserting the next one. [PR/286286]

Forwarding and Sampling

• On M320 and T-series routing platforms, when you configure interface output sampling, packets sometimes might travel through the output firewall. As a workaround, configure a firewall filter on the output interface with then sample and then next term statements. The workaround provides the same functionality as the other configuration, but avoids the problem behavior. [PR/70473]
• When you issue the Packet Forwarding Engine command show filter counters on T-series routing platforms, the Packet Forwarding Engine might generate a core file. [PR/105224]
• On an MX960 router, an STP configuration might take a long time to converge if the router was previously running RSTP and had learned one million or more MAC addresses. [PR/231377]
• If next term is the last statement in the then section of a firewall filter (at the [edit firewall filter filter-name term term-name] hierarchy level) and no next term is configured, the commit or commit check operation fails, even if the filter is not actually applied to an interface. [PR/256375]

Routing Policy and Firewall Filters

• The extended Dynamic Host Configuration Protocol (DHCP) relay agent feature does not function properly on a nondefault logical router. Although the commit operation succeeds when you include the dhcp-relay statement at the following hierarchy levels, the feature does not work properly:

  • [edit logical routers logical-router-name forwarding-options]
  • [edit logical routers logical-router-name routing-instances routing-instance-name forwarding-options]
  [PR/82275]
• On MX-series routers configured for Ethernet Operation, Administration, and Management (OAM), if you enable bridging and configure 100 connectivity fault management (CFM) sessions, installation or deletion of firewall filters takes longer than expected. This issue also occurs when you change VLAN properties in the configuration from VLAN tagging to flexible VLAN tagging. [PR/231830]

Network Management

• The following groups of MIB objects do not segregate the data they return according to the routing instance specified in an SNMP request: vrrpMIB, jnxCosIfqStatsTable, and jnxCosQstatTable. [PR/63045]
• The output from the snmpwalk command might not report the physical interface associated with the logical interface for the default routing instance (configured at the default logical-router level). [PR/66793]
• When you commit a configuration that includes the max-queues-per-interface statement at the [edit chassis fpc slot pic slot] hierarchy level, the MIB II process (mib2d) might generate a core file and stop operating. [PR/99197]
• If an element number in an MIB object’s OID is greater than 2147483647 (2³¹–1), the snmp mib walk and snmp mib get commands fail. [PR/237856]