Current Software Release

The current software release is Release 8.5R4. For information about obtaining the software packages, see M-series, MX-series, and T-series Upgrade and Downgrade Instructions or J-series Upgrade and Downgrade Instructions, depending on your router platform.

Resolved Issues

Platform and Infrastructure

• When a packet's outer label is set to explicit null and the S bit is not set, the LSP ping command does not work. The JUNOS software does not comply with RFC 4182, “Removing a Restriction on the use of MPLS Explicit NULL”. [PR/74963: This issue has been resolved.]
• On M7i and M10i routers, when the system log for the CFEB becomes full, additional messages are discarded instead of overwriting the oldest messages in the log. [PR/79128: This issue has been resolved.]
• When you enable point-to-multipoint LSPs over an outgoing aggregated Ethernet interface that is configured with circuit cross-connect (CCC) switching, the LSP fails to forward traffic and the following error appears in the system log: “nh_ucast_add.” As a workaround, disable the interface and LSP, reenable them in that order, and then clear the RSVP session for the LSP. [PR/105884: This issue has been resolved.]
• On M120, M320, and MX960 routers, when you configure override input packet classification, the feature might not work. [PR/271660: This issue has been resolved.]
• On MX-series routers, when unicast RPF is configured on an interface (the rpf-check statement is included at the [edit interfaces interface-name unit logical-unit-number family inet] hierarchy level), the DPC that houses the interface might generate a core file. [PR/275466: This issue has been resolved.]
• If an aggregated Ethernet or aggregated SONET bundle has a large number of aggregate next hops, when a new child link is added or a child interface goes down and comes up, the Packet Forwarding Engine might generate a core file. [PR/276424: This issue has been resolved.]
• If you enable protocol tracing, writes to the hard drive might be blocked and daemons might delay sending packets. This PR only applies to JUNOS software 8.5R2 or higher. [PR/278580: This issue has been resolved.]
• When graceful Routing Engine switchover is configured on a dual Routing Engine system, the backup Routing Engine might generate a core file. [PR/278901: This issue has been resolved.]
• Swapping an IQ2 PIC with a Services PIC in the same PIC slot might cause the router to crash [PR/280505: This issue has been resolved.]
• On M320 and T-series routing platforms, including the logical-bandwidth-policer statement at the [edit firewall policer] hierarchy level might degrade forwarding performance, cause the Packet Forwarding Engine to generate a core file and stop functioning, or both. [PR/282169: This issue has been resolved.]
• On M10i routers that have Channelized DS3 IQ PICs installed, the Compact Forwarding Engine Board (CFEB) might generate a core file, which also interrupts FPC operation. [PR/283943: This issue has been resolved.]
• When you issue the request system software add command and include a file that does not have the .tgz extension even though it may be identical to the file with the .tgz extension available from the Juniper Networks support Web site, the router reboots. To avoid this problem, use the file names available from the Juniper Networks support Web site. [PR/283948: This issue has been resolved.]
• Under certain circumstances, DHCP discover packets might be leaked to all the configured VRFs. [PR/286139: This issue has been resolved.]
• When a packet larger than the IP MTU size was transmitted, it registered as a microcode error rather than an MTU error. [PR/294485: This issue has been resolved.]
• When you take offline a T640 routing node that has an aggregated Ethernet member link, multicast traffic does not detour to another link. [PR/294732: This issue has been resolved.]
• When an AS or MS PIC are configured as the tunnel interface, IPv6 multicast does not work over IP. The Tunnel PIC does not have this problem. [PR/296352: This issue has been resolved.]
• On routers configured with aggregated SONET or aggregated Ethernet interfaces and multicast next hops, when the aggregated interface flaps, the kernel might restart unexpectedly. [PR/298073: This issue has been resolved.]
• An MPLS frame with an explicit NULL label designated for the Routing Engine might be dropped by the PFE. [PR/298967: This issue has been resolved.]
• A configuration change or Routing Engine switchover might result in a kernel crash when firewalls, CoS, or IPSec are also configured. [PR/300831: This issue has been resolved.]
• On platforms with dual Routing Engines, the Routing Engines might dump core during processing of a BGP UPDATE message with a NEXT_HOP attribute that is a broadcast address of a local interface. [PR/302236: This issue has been resolved.]

User Interface and Configuration

• TACACS+ accounting start or stop requests are incompatible with Cisco ACS. The fix is to configure the no-cmd-attribute-value statement at the [edit system tacplus-options] hierarchy level. When this is enabled, the JUNOS software sets the value of the cmd attribute in the TACACS+ accounting start or stop requests to a null string. This is the behavior Cisco ACS expects in order to save accounting requests to the Accounting file; otherwise, the requests are saved to the Administration file. [PR/252472: This issue has been resolved.]
• When two users have a telnet or ssh session on a router, one in configure private mode and the other in configure mode, the telnet session disconnects if the user in configure mode issues the load patch command. [PR/274372: This issue has been resolved.]
• Issuing the show system rollback 1 command results in syslog messages indicating that the router's configuration has been changed by current user. [PR/278392: This issue has been resolved.]
• In JUNOS Release 8.5 and later, an attempt to log in to a router using SSH might fail with a “Could not chdir to home director: No such file or directory” error message. This problem might occur when specific user account configuration is in place and the router is configured to use the TACACS+ server for authentication. The issue arises only if the TACACS+ server has been configured with a local-user-name directive that specifies a nonexistent user. [PR/288116: This issue has been resolved.]
• When the filename in the event-script statement is not included at the [edit event-options policy policy-name then] hierarchy level, the event policy process (eventd) might generate a core file. [PR/290515: This issue has been resolved.]
• When a configuration group containing a wildcard match for a static route and qualified next hop of a broadcast interface is applied, the routing protocol process (rpd) might exit and dump core. [PR/290712: This issue has been resolved.]
• When you configure the ip-address at the [edit system radius-options attributes nas-ip-address] hierarchy level in JUNOS Release 8.5 and later, the nas-ip-address attribute is not included in the RADIUS packets. [PR/292274: This issue has been resolved.]
• In the J-Web chassis view, the 10-port Channelized E1 IQ PIC is shown with an incorrect interface position, although the interface index is correct. [PR/294957: This issue has been resolved.]

Interfaces and Chassis

• When you commit firewall and rpf configurations, an erroneous “nh_jtree_fe_prehandler” message might appear on the Packet Forwarding Engine (PFE). This message is informational only and does not indicate an error condition. [PR/96146: This issue has been resolved.]
• On a dual Routing Engine system with graceful Routing Engine switchover (GRES) enabled, when an IPv6 interface is configured with the loopback statement at the [edit interfaces interface-name gigether-options] hierarchy level, the backup Routing Engine might report kernel replication errors in the output of the show system switchover command. [PR/102164: This issue has been resolved.]
• When you delete or deactivate an interface on a channelized IQ PIC, the PIC might stop operating and generate a core file. [PR/102420: This issue has been resolved.]
• If there is a PIC error and the PIC is coming online again, the system might reset unexpectedly. [PR/241092: This issue has been resolved.]
• When you configure MLPPP or MLFR UNI NNI (FRF.16) bundles on link services IQ interfaces, a certain mix of traffic might cause a lower-priority queue to be starved when packets expire after not being scheduled for some time. [PR/262901: This issue has been resolved.]
• When a Fast Ethernet interface is connected to a Gigabit Ethernet interface that is configured for full duplex without autonegotiation, the information for the Fast Ethernet interface is incorrect in the “Autonegotiation information” section of the output from the show interfaces extensive command. [PR/263957: This issue has been resolved.]
• If a compression-device is mistakenly configured under an ATM interface, the JUNOS kernel might dump core, and restart. [PR/265542: This issue has been resolved.]
• Under loaded conditions, the show interfaces rlsq command output might display incorrect statistical information because the statistics replies did not arrive in time. [PR/270467: This issue has been resolved.]
• When Routing Engine mastership is repeatedly switched, routing information maintained on the master and backup Routing Engine might be out of sync, causing all Packet Forwarding Engines to reset. [PR/271141: This issue has been resolved.]
• When you issue the show interfaces extensive command for an interface to which a Layer 2 input or output policer is applied, the value in the Dropped frames field for the policer might be a negative number. [PR/272971: This issue has been resolved.]
• When graceful Routing Engine switchover (GRES) and LSQ (rlsq) interfaces are configured, the last change field in the output of the show interface redundancy command might be incorrect after a Routing Engine switchover. [PR/273248: This issue has been resolved.]
• On the M320, a signal integrity issue in old clocking hardware might generate inaccurate alarms and errors when the actual clock is working perfectly. This behavior has no operational impact and has been fixed in later releases. [PR/275308: This issue has been resolved.]
• When member links are configured to be part of RLSQ MLPPP bundle, while the RLSQ interface is yet to be configured, error “BAD_PAGE_FAULT” is reported by the kernel if “monitoring interface” is executed on this rslq logical interface. [PR/277689: This issue has been resolved.]
• For a routing node in a routing matrix, when you remove a hardware component from the chassis, alarms are cleared for that component (which is correct). However, alarms are also cleared for all other components of the same type. [PR/278672: This issue has been resolved.]
• If you power off and power on a model RE-A-2000 Routing Engine on a T640 routing node (by issuing the request system power-off other-routing-engine and request system power-on other-routing-engine commands), the output of the show chassis hardware command no longer includes an entry for SPMB 1. [PR/281463: This issue has been resolved.]
• Adding a per-unit-scheduler configuration to a one-port or two-port IQ PIC might cause errors and affect the forwarding state of the ports. [PR/282934: This issue has been resolved.]
• XGE PICs on M120 routers take an unusually long time (up to 1.5 seconds) to send remote-fault messages. [PR/287147: This issue has been resolved.]
• In JUNOS version 8.5 and later, on systems with unnecessary traceoptions enabled, or other configuration that causes high levels of hard drive activity, the Routing Engine might reset with a watchdog timeout error. No coredump is generated. As a possible workaround, change the router's configuration to eliminate unnecessary traceoptions configuration and to minimize other hard disk drive activity. [PR/288011: This issue has been resolved.]
• When you insert an OC192 SONET/SDH PIC that uses XFP optics in to an Enhanced Type 3 FPC on a T640 routing node, the FPC might generate a core file. [PR/288884: This issue has been resolved.]
• Under the following conditions, a logical interface configured for VRRP (the vrrp-group statement is included at the [edit interfaces interface-name unit logical-unit-number family family address address] hierarchy level) does not initialize properly and the output for it from the show vrrp summary command displays the value bringup in the VR State field: (1) the logical interface is configured with dual VLAN tags (the vlan-tags statement is included at the [edit interfaces interface-name unit logical-unit-number] hierarchy level, (2) the configuration for another logical interface of the same physical interface includes the vlan-id statement at the [edit interfaces interface-name unit logical-unit-number] hierarchy level. The problem can occur even though the interfaces do not belong to the same VRRP group. [PR/288975: This issue has been resolved.]
• When multicast packets are replicated to multiple outbound interfaces at a moderate traffic load, transmit packets might be corrupted. [PR/289353: This issue has been resolved.]
• On MX-series routing platforms, if you take fabric planes offline and the spare planes become active, you might see high traffic drops or continuous high fabric red drops. To recover from continuous high fabric drops, you must switch the fabric planes again. [PR/291541: This issue has been resolved.]
• SONET interfaces which are configured with interface hold up and hold down timers might remain down after an FPC reset or a PIC reset. To restore the interface, (temporarily) remove the interface hold timers. [PR/291707: This issue has been resolved.]

Services Applications

• When you commit a configuration that does not include either the pre-shared-key statement or the local-certificate statement at the [edit security ike policy policy-name] hierarchy level, the key management process (kmd) generates a core file. [PR/267957: This issue has been resolved.]
• Services PICs (such as the Adaptive Services and MultiServices PICs) do not record correct information in the SAMPLE-RATE field in the header of the cflowd packets that they export. [PR/276142: This issue has been resolved.]
• After a routing instance with an rlsq bundle is deactivated and activated and then the primary MS PIC is offlined and brought back online, a Routing Engine switchover might result in a kernel database connection error. [PR/292950: This issue has been resolved.]
• The Real-Time Streaming Protocol (RTSP) application-layer gateway (ALG) implementation was not compatible with some RTSP server implementations. [PR/292961: This issue has been resolved.]

Routing Protocols

• BGP traceoptions incorrectly reports Path Attribute flags with the EXT bit always reset. [PR/51953: This issue has been resolved.]
• If more than 1000 communities are attached to a route, the routing process (rpd) might become unresponsive. You might need to remove the communities and restart the routing process to recover. [PR/77001: This issue has been resolved.]
• The output from the show route advertising-protocol bgp neighbor-address community community-id command is not correct if you specify a particular value (such as 11111:2222) for community-id. As a workaround, specify the wildcard value *.*. [PR/265624: This issue has been resolved.]
• When you activate or deactivate an aggregate route filter (represented by the aggregatestatement at the [edit routing-options rib routing-table] hierarchy level, its contributing members are not reevaluated and the filter continues to function as it did before the change. [PR/270115: This issue has been resolved.]
• The show ospf route detail command output displays the optional-capability value for intra-area router routes only. [PR/273809: This issue has been resolved.]
• IS-IS hello packets might not be generated for 8 to 12 seconds during nonstop active routing (NSR) switchover when the Periodic Packet Management process (ppmd) is not pre-programmed ahead of the switchover time. [PR/276823: This issue has been resolved.]
• When both of the following conditions apply, a change in interface status (up or down) causes a BGP status change: (a) there are more than 255 unnumbered interfaces without a destination address (the unnumbered-address lo0.0 statement is included at the [edit interfaces interface-name unit logical-unit-number family inet] hierarchy level for more than 255 logical interfaces), (b) the BGP local address (specified by the local-address statement at the [edit protocols bgp group group-name] hierarchy level) is the last one in the list of addresses included at the [edit interfaces lo0 unit 0 family inet] hierarchy level. As a workaround, either use an unnumbered interface that has a destination address or do not set the BGP local address to an unnumbered interface. [PR/277202: This issue has been resolved.]
• When both of the following conditions apply, BGP evaluation of alternate multipaths does not work correctly: (1) an IBGP peer and an EBGP peer both provide the same prefix with the same AS path, (2) the configuration for the EBGP peer includes the multipath multiple-as statement at the [edit protocols bgp group group-name] hierarchy level but the IBGP peer's configuration does not. [PR/281447: This issue has been resolved.]
• When two Protocol Independent Multicast (PIM) any-source multicast (ASM) routers on a LAN segment have a directly attached receiver to this segment, IIF_MISMATCH error messages might be displayed preventing the creation of an (S,G) state. This problem occurs with PIM and Multicast VPN configurations. [PR/281662: This issue has been resolved.]
• Using PIM, certain multicast routing topologies might cause delays in multicast route convergence. [PR/282109: This issue has been resolved.]
• Sometimes memory blocks can become corrupted due to an invalid write in to free memory. [PR/283819: This issue has been resolved.]
• A Bidirectional Forwarding Detection (BFD) protocol session might become stuck for different reasons depending on the release in question. For JUNOS Release 8.3 or earlier, the BFD session might be in the failing state. For JUNOS Release 8.3 or later the BFD session might be in init state. As a workaround, issue the clear bfd session command to bring the session back up. [PR/286331: This issue has been resolved.]
• When BGP multipath is enabled (the multipath statement is included at the [edit protocols bgp group group-name] hierarchy level) and route updates arrive from multipath and nonmultipath peers in a certain order, load balancing across paths might stop working correctly. [PR/288694: This issue has been resolved.]
• When BGP deletes a secondary route, the routing process (rpd) might exit unexpectedly and dump core. [PR/290863: This issue has been resolved.]

MPLS Applications

• When the routing process (rpd) tries to allocate a large number of MPLS labels, it might be restarted incorrectly due to a label space calculation error. [PR/255428: This issue has been resolved.]
• After upgrading to JUNOS Release 8.4 or later, LDP neighborship could not be established with another vendor's equipment because of a subnet mismatch. The fix adds a new configuration statement, allow-subnet-mismatch, that ignores subnet mismatch for the source address in LDP link hello packets. [PR/285933: This issue has been resolved.]
• When the target of the ping mpls rsvp command is another vendor's router, the value in the Local transmit time field is a UNIX timestamp instead of an NTP timestamp as specified by RFC 4379. [PR/289535: This issue has been resolved.]
• Packet loss can occur following an RSVP auto-bandwidth adjustment. [PR/289553: This issue has been resolved.]
• Other vendor implementations might send status TLV notification messages with the U-bit set to 0 and F-bit set to 1. While such a combination is not recommended according to RFC 5036, the JUNOS software will tear down the LDP session upon receiving such a status TLV message. [PR/290845: This issue has been resolved.]

VPNs

• When the tunnel-services statement is configured at the [edit routing-instance instance-nameprotocols vpls] hierarchy level and a VPLS interface is configured with an MTU, a virtual tunnel interface might flap due to unrelated configuration changes. As a workaround, remove the tunnel-service statement in the routing instance configuration. [PR/297141: This issue has been resolved.]

Class of Service

• When a fragmentation map is applied on a router containing IQ2 PICs, the following error message is displayed: “COS IPC op 25 (FRAGMAP TABLE UPDATE) failed, err 2 (Subtype Unknown).” [PR/239004: This issue has been resolved.]
• On M120 routers, MX-series routers, and on M320 routers with E3-FPCs, MPLS transit traffic with a label stack that performs a pop operation at the penultimate node is not shaped according to the configured transmit rate exact value, which results in more traffic being sent than should be allowed. [PR/282002: This issue has been resolved.]

Routing Policy and Firewall Filters

• On the MX platform, a firewall filter with the ip-options statement included and applied to the loopback interface might not operate correctly. [PR/283215: This issue has been resolved.]

Network Management

• As a result of a Routing Engine switchover, many processes will be restarted. During this transient stage, Simple Network Management Protocol (SNMP) agent process (snmpd) may generate a syslog message “Header version mismatch & SNMP_SMS_HDR_ERR: problem with hdr size (6) or msg size (0) message in syslog.” This issue is automatically corrected when the switchover process completes, and there is no operational impact afterwards. [PR/77668: This issue has been resolved.]
• A syntax error in the mib-rfc3811.txt MIB file prevents SNMP from using the MIB. The file is included in the package accessible at https://download.juniper.net/ software/junos-export/<release>/juniper-mibs-<release>-signed.tgz, where <release> is a JUNOS Release number such as “8.2R4.5”. [PR/80648: This issue has been resolved.]

Outstanding Issues

Software Installation

• For hard disks that were originally formatted by JUNOS Release 4.4 or earlier, after you issue the request system snapshot partition command, the router cannot boot from the hard disk. As a workaround, issue the request system snapshot command before upgrading. [PR/36742]
• If it takes too long to complete an upgrade to the FIPS version of JUNOS, the Routing Engine might restart. [PR/260513]
• When you issue the request system partition hard-disk command, the hard disk repartition fails and the disk becomes unusable. The disk can be recovered by taking a snapshot from the compact flash card and rebooting the router. [PR/269493]
• When a hard disk is partitioned, the /var/empty directory might not be created. As a result, the router does not accept SSH connections. As a workaround, use the mkdir command to create the /var/empty directory. [PR/290064]

Platform and Infrastructure

• When the Monitoring Services PIC is overloaded, the output from the show services accounting flow-detail command might freeze. [PR/32896]
• On T-series platforms, a Layer 2 maximum transmission unit (MTU) check is not supported for MPLS packets exiting the routing platform. [PR/46238]
• When you configure a source class usage (SCU) name with an integer (for example, 100) and use this source class as a firewall filter match condition, the class identifier might be misinterpreted as an integer, which might cause the filter to disregard the match. [PR/50247]
• When a Monitoring Services PIC is overloaded with traffic, the FPC might take the PIC offline and repeatedly send the same error message. The error message does not affect normal operation of the FPC and other PICs. As a workaround, restart the FPC and bring the PIC online. [PR/55981]
• Even if you do not configure IPSec, the key management process (kmd) opens UDP port 500. [PR/59054]
• If you configure several DNS servers by including the name-server statement at the [edit system] hierarchy level, the JUNOS software uses only the first three configured DNS servers. [PR/59172]
• On a Monitoring Services III PIC configured as a dynamic flow capture (DFC) interface (dfc-fpc/pic/port), when you configure the DFC interface as the next hop in a forwarding path, port-mirrored packets might become corrupted. [PR/60799]
• In the output of the show pfe statistics notification command, the value is incorrect in the field labeled options or ttl expired (not RE-destined). [PR/64951]
• If you configure 11 or more logical interfaces in a single VPLS instance, VPLS statistics might not be reported correctly. [PR/65496]
• If you see warnings like the following: "Warning: Block size restricts cylinders per group to xx." You can safely ignore them. This type of message indicates the maximum number of cylinders per cylinder group as determined by various other parameters. This warning message no longer appears in JUNOS Release 8.5 and later. [PR/65917]
• In a routing matrix configured for graceful Routing Engine switchover (GRES), when the master Routing Engine of a T640 routing node (line-card chassis, or LCC) enters debug mode, it does not release mastership. [PR/66308]
• If you incorrectly configure an aggregate interface, a physical interface does not get added in to the aggregate bundle even if you have corrected the configuration. [PR/69348]
• When a large number of kernel system log messages are generated, the log information might become garbled and the severity level could change. This behavior has no operational impact. [PR/71427]
• On M320 and T-series routing platforms, there is a process that monitors FPCs while they transition to an online state. If an FPC is busy and cannot complete the transition within the time limit, the process might time out and prevent the FPC from coming online. [PR/72364]
• If you configure the same IPv6 address on the fxp0 interface and another public interface within the same routing instance, the backup Routing Engine might restart. [PR/72573]
• On M320 and T-series routing platforms, when you configure the local gateway of an IPSec tunnel in a routing instance, IPSec might not function properly over a generic routing encapsulation (GRE) tunnel. [PR/73864]
• In the situation where a Link Services (LS) interface to a CE router appears in the VPN routing and forwarding table (VRF table) and if fragmentation is required, Internet Control Message Protocol (ICMP) cannot be forwarded out of the LS interface from a remote PE router that is in the VRF table. As a workaround, include the vrf-table-label statement in the configuration. [PR/75361]
• For J-series Services Routers, if you send a real-time performance monitoring (RPM) probe through an IPSec tunnel and the probe includes the hardware-timestamp statement at the [edit services rpm probe owner-name test test-name] hierarchy level, RPM icmp-ping type probes might not work. [PR/75927]
• When you configure the router to log activity with a firewall filter or perform Routing Engine-based sampling, and heavy traffic passes through the router, the following error message might be displayed: “PKTR DMA age error cell counter incremented.” The error indicates that there might be some packet loss in firewall filter logging or Routing Engine-based sampling. However, transit traffic is not affected. [PR/78712]
• On M160 and M40e routers, a hardware error on the Switch Fabric Module (SFM) might cause the board to reboot. [PR/79236]
• When routes in the routing table for a VPLS routing instance go up and down, the count in the requests to learn an existing route field of the output from the show system statistics vpls command might show a high count (in the tens of thousands) and numerous instances of the following message might be written to the system log: /kernel: vpls_learn_l2addr(): identical addr and ifl existed: addr <mac-address>, ifl <interface-index>. There is no operational impact. [PR/80262]
• On the T-series routing platform, when you include the no-labels statement at the [edit forwarding-options hash-key family mpls] hierarchy level, the statement is added to the configuration; however, MPLS labels are still included in the hash key. [PR/80334]
• For Gigabit Ethernet intelligent queuing (IQ) PICs installed in M-series and T-series routing platforms, system log messages for SFP receive power, laser bias, and temperature alarms might alternate between set and clear. These messages are mostly cosmetic and do not affect performance of the routing platform. [PR/80393]
• If you configure a policer for BGP traffic and a new BGP neighbor is added, it might cause other established BGP sessions to flap. [PR/80599]
• On Fast Ethernet and Gigabit Ethernet PICs, LACP is not supported on an aggregated Ethernet interface that is configured with either extended-vlan-vpls encapsulation or ethernet-vpls encapsulation. As a workaround, use vlan-vpls encapsulation on the aggregated Ethernet interface. This limitation does not apply to aggregated Ethernet interfaces configured on Gigabit Ethernet IQ2 PICs. [PR/94480]
• A firewall filter that matches the forwarding class of incoming packets (that is, includes the forwarding-class class-name statement at the [edit firewall filter filter-name term term-name from] hierarchy level) might incorrectly discard traffic destined for the Routing Engine. Transit traffic is handled correctly. [PR/97722]
• On J-series Services Routers, you cannot use a USB device that provides U3 features (such as the U3 Titanium device from SanDisk Corporation) as the media device during system boot. You must remove the U3 support before using the device as a boot medium. For the U3 Titanium device, you can use the U3 Launchpad Removal Tool on a Windows-based system to remove the U3 features. The tool is available for download at http://www.sandisk.com/Retail/Default.aspx?CatID=1415. (To restore the U3 features, you can use the U3 Launchpad Installer Tool accessible at http://www.sandisk.com/Retail/Default.aspx?CatID=1411.) [PR/102645]
• Juniper Networks does not currently support dynamic ARP resolution on Ethernet interfaces that are designated for port mirroring. This causes the Packet Forwarding Engine to drop mirrored packets. As a workaround, you can configure the next-hop address as a static ARP entry by including arp ip-address statement at the [edit interfaces interface-name] hierarchy level. [PR/237107]
• When a GRE tunnel is configured over multiple physical paths with load-balancing enabled, it might affect GRE keepalive operation and transit traffic. [PR/251652]
• The IP Option Errors section in the output from the show pfe statistics ip options command does not include counters for all possible types of errors. [PR/254653]
• When you designate a 10-Gigabit Ethernet interface as a link in an aggregated Ethernet bundle (by including the 802.3ad aexstatement at the [edit interfaces ge-fpc/pic/port gigether-options] hierarchy level) and commit the configuration, the operating system might generate a core file and stop operating. [PR/262424]
• On an M20 router, when you include the route-accounting statement at the [edit forwarding-options family inet6] hierarchy level, the following message might appear in the system log: Error requesting SET BOOLEAN, illegal setting 32. The software is functioning correctly. The error can be ignored. [PR/273762]
• In I-chip platforms, if LSI is enabled for an aggregate child physical interface and the child physical interface is not a member the physical interface of multi-physical interface stream (for example, 10x1GE), the child physical interface statistics are double counted. [PR/274396]
• When a GGSN C-PIC sends a packet larger than the MTU of the outgoing interface in a default VRF, ICMP error messages that indicate fragmentation is needed do not reach the C-PIC. [PR/276392]
• Due to a limitation in the Packet Forwarding Engine (PFE), VPN traffic received on a physical interface on an IQ2 PIC might not be counted on the parent aggregated Ethernet physical interface. [PR/284162]
• If a small form-factor pluggable transceiver (SFP) does not respond to a request for diagnostic data, a message is written to the system log. The message is unnecessary because the failure to respond has no operational impact. [PR/293212]
• When a Multilink Point-to-Point Protocol (MLPPP) link is incorrectly added to a Multilink Frame Relay (MLFR) bundle, the kernel crashes. [PR/294885]
• On an M320 router with redundant Routing Engines, when you deactivate an IP address on a 10-Gigabit Ethernet interface and then add a new IP address, the backup Routing Engine might produce a core dump. [PR/297274]
• When CLNS is configured over a logical tunnel interface, the source MAC address gets corrupted. [PR/304323]

User Interface and Configuration

• On M20 routers, after a Routing Engine mastership switchover, it might not be possible to enter CLI configuration mode on the new master Routing Engine. Also, the request system reboot and request system halt commands do not clearly fail but do not return the CLI prompt either. [PR/64899]
• In the J-Web configuration editor, when you select System > Syslog > File > "filename" > Explicit priority, the J-Web Event Viewer does not show the event ID. When you select System > Syslog > Time format > milliseconds, the J-Web Event Viewer does not filter messages. [PR/70523]
• If the configuration includes both commit scripts (at the [edit system scripts commit] hierarchy level) and control characters from the International Organization for Standardization (ISO) C0 set (included at any hierarchy level), an attempt to commit the configuration fails. As a workaround, remove the control characters. [PR/82384]
• Support for the traceoptions log file is provided for the event scripts. [PR/235912]
• The logical router administrator can modify and delete master administrator-only configurations by performing local operations such as issuing the load override, load replace, and load update commands. [PR/238991]
• When an M-series or T-series router is upgraded from JUNOS to JUNOS-FIPS, the request system snapshot command does not work. As a workaround issue a request system snapshot force-fmt command from the shell. This issue is not present for upgrades from an older version of JUNOS-FIPS to a newer version of JUNOS-FIPS. [PR/252640]
• Even though the trace permission is included at the [edit system login class class-namepermissions] hierarchy level, users who belong to the login class receive the following error when they issue the show log command: error: permission denied: log. As a workaround, add the trace-admin permission to the list of permissions. [PR/278950]
• Sometimes, depending on the configuration, key administration might fail to see an MD5 key configured for a BGP peer as part of a group configuration. [PR/283238]
• Use of system log regular expressions to refine the logged messages does not work properly. [PR/295523]

Interfaces and Chassis

• On aggregated SONET/SDH interfaces, the counter for drops and errors in the show interfaces command output does not display the correct value, because the counter does not collect data from the constituent interfaces within the aggregate. [PR/23577]
• On ATM interfaces, when the IP address of a remote device is changed, the output of the show ilmi interface command on the local routing platform might continue to display the old IP address for the remote device. [PR/24126]
• If virtual channel identifiers (VCIs) for a large number (approximately 400) of virtual connections (VCs) on an ATM DS3 interface are changed frequently, the interface might mishandle the ATM cells. As a result, OSPF and IS-IS neighbor adjacencies might not remain stable. [PR/25639]
• On a 2-port OC12 ATM2 IQ interface, the total virtual path (VP) downtime might not appear correctly in the show interfaces command output. [PR/27128]
• On a 2-port OC12 ATM2 IQ interface, if you configure and then change the virtual path (VP) setting, the SNMP jnxAtmVpTotalDownTime counter might be reset. [PR/27131]
• On an OC3 ATM2 intelligent queuing (IQ) interface, when you configure a shaping rate greater than the speed of the OC3 link and commit the configuration, the actual shaping rate might be less than the interface speed. [PR/27459]
• On the ATM2 IQ PIC, when you configure the atm-l2circuit-mode statement at the [edit chassis fpc slot-number pic pic-number] hierarchy level, the control word sequence number is not reset to 1 after the transmit sequence number reaches 65,535. [PR/31669]
• On M20 and M40 routers, when a physical layer problem affects a SONET/SDH interface, carrier transition statistics might not increment correctly in the output of the show interfaces extensive command. [PR/33325]
• When you configure both the bundle link and constituent links at the [edit logical-routers logical-router-name interfaces] hierarchy level, the constituent links do not come up. As a workaround, configure the constituent links at the [edit interfaces] hierarchy level. [PR/35578]
• On ATM2 DS3 and E3 interfaces, when you configure ATM point-to-multipoint permanent virtual circuits (PVCs), the following error messages might appear in the system log: “/kernel: RT_COS: COS IPC op 4 (CLASS TO IFL) failed, err 1 (Unknown),” “ssb BCHIP 0: invalid entry type 127 at stream 8 channel 0 for ifl 83,” and “ssb COSMAN: mapping table bind to ifl 83 failed.” There is no operational impact. [PR/36524]
• When an ATM interface configured for circuit cross-connect (CCC) encapsulation receives MPLS packets that exceed 484 bytes, the packets can overflow the buffer and cause the ATM PIC to hang. As a workaround, take the PIC offline and bring it back online. [PR/39918]
• When you apply an IPSec firewall filter to match traffic sent across a generic routing encapsulation (GRE) tunnel and originating from the local routing platform, the local traffic is dropped. Transient traffic is not affected. [PR/44871]
• On a Link Services PIC with Multilink Frame Relay (MLFR) configured, the ping command might fail when the data-link connection identifier (DLCI) is greater than 335. [PR/49567]
• On a Link Services PIC, the CLI might incorrectly allow you to configure a logical tunnel interface (interface identifier lt); the resulting interface might not work correctly. [PR/49818]
• If an MLPPP LSQ bundle carries a large volume of link fragmentation and interleaving (LFI) traffic and a small proportion of multilink traffic, packets might be dropped on the egress constituent links. [PR/56664]
• For ISDN dialer interfaces in a J-series Services Router, when you configure the no-keepalives statement at the [edit interfaces dl0 unit logical-unit-number] hierarchy level and you issue the show interfaces dl0 command, the Link flags field might still show Keepalives. [PR/58520]
• On ISDN interfaces in a J-series Services Router, if you include the vrf-table-label statement at the [edit routing-instances instance-name] hierarchy level, packets might be dropped from the connection. [PR/59718]
• On ISDN dialer interfaces in a J-series Services Router, if you include the minimum-links statement at the [edit interfaces dl0 unit logical-unit-number] hierarchy level and then deactivate the BRI interface associated with the dialer interface, the output packets counter displayed in the output of the show interfaces dl0 command might continue to increment. [PR/59986]
• On ISDN dialer interfaces in a J-series Services Router, when you include the load-threshold 100 statement at the [edit interfaces dl0 unit logical-unit-number dialer-options] hierarchy level and the 56-Kbps bandwidth threshold is exceeded, the interface does not support additional network traffic and might not activate another BRI interface. [PR/60045]
• If you configure IS-IS, MPLS, and graceful Routing Engine switchover (GRES) and a switchover event occurs, the routing platform might end the PPP IP Control Protocol (IPCP) sessions and renegotiate them if the remote side changed interface MTU settings before the switchover event. [PR/61121]
• If you configure graceful Routing Engine switchover and issue the request chassis routing-engine master acquire command, in rare cases the master Routing Engine might fail to relinquish mastership, or the switchover to the backup Routing Engine might take up to 360 seconds. [PR/61821]
• For Automatic Protection Switching (APS) on SONET/SDH interfaces, there are no operational mode commands that display the presence of APS mode mismatches. An APS mode mismatch occurs when one side is configured to use bidirectional mode, and the other side is configured to use unidirectional mode. [PR/65800]
• J4350 and J6350 Services Routers might not have enough data buffers to meet expected delay-bandwidth requirements. Lack of data buffers might degrade CoS performance with smaller-sized packets (500 bytes or less). [PR/73054]

• The JUNOS software does not always correctly handle MTU settings for individual protocol families, as configured by including the mtu statement at the [edit interfaces interface-name unit logical-unit-number family family-name] hierarchy level. Specifically:

  1. If you explicitly set the MTU to the default value and then remove the mtu statement, the User-MTU flag in the output from the show interfaces command is not removed for the logical interface.
  2. When you remove the mtu statement for a nonnegotiable interface, the MTU value is not reset to the default.
  3. When you explicitly set the mtu statement to the default value, the User-MTU flag might not be set correctly.
  [PR/77975]
• If you include the disable statement at the [edit interfaces interface-name] hierarchy level to disable the ingress interface for a SONET link between two routers that are not configured for APS or other link protection, the egress interface might not be notified. This can cause traffic loss. [PR/78831]
• On the M120 router, for a Forwarding Engine Board (FEB) redundancy group that does not have a primary FEB configured, when a switchover from a nonprimary FEB occurs, the backup FEB does not reboot, and the Flexible PIC Concentrators (FPCs) connected to the previously active FEB remain online. The backup FEB could take minutes to obtain the entire forwarding state from the Routing Engine following a switchover. If you do not want the interfaces to remain online during the switchover for a nonprimary FEB, configure a primary FEB for the redundancy group at the [edit chassis redundancy feb] hierarchy level. [PR/80946]
• On J4350 and J6350 Services Routers, if the MTU is set to more than 6 KB for a built-in Gigabit Ethernet port or a 1-port Gigabit Ethernet ePIM, packets might be discarded with an FCS error. [PR/82245]
• If you ping a nonexistent IPv6 address that belongs to the same subnet as an existing point-to-point link, the packet loops between the two point-to-point interfaces until the time to live expires. [PR/94954]
• If the delay between VRRP advertisement packets is set to a small value (such as 100 ms) for a number of VRRP groups, and the router configuration is changed and committed several times in quick succession, the VRRP mastership state might be unstable. In other words, if the value of the fast-interval statement at the [edit interfaces interface-name unit logical-unit-number family inet address address vrrp-group group-number] hierarchy level is 100 for several VRRP groups, and configuration changes are committed several times in quick succession (even changes at other levels of the hierarchy), a VRRP backup router might assume mastership and immediately release it again. As a workaround, set the value of the fast-interval statement to 300 or higher. [PR/102111]
• The output of the show interfaces diagnostics optics command includes the Laser rx power low alarm field even if the transceiver is a type (such as XENPAK) that does not support this alarm. [PR/103444]
• For Gigabit Ethernet interfaces on J-series Services Routers, the link-mode and speed statements at the [edit interfaces ge-fpc/pic/port] hierarchy level are mutually dependent; that is, if you include one, you must include the other. If you do not, the interface process generates a warning and uses autonegotiated values. For Gigabit Ethernet interfaces on other routing platform types, the speed statement is not available, so including the link-mode statement alone is valid. Nevertheless, the interface process writes the following message to its log and the system log: Speed and linkmode duplex settings are mutually required. (Note further that the link-mode statement is actually nonoperational on non-J-series routing platforms, because the only valid value for it is the default, full-duplex.) [PR/228857]
• On channelized DS3 interfaces, if you include the family mlfr-end-to-end statement at the [edit interfaces ivnterface-name unit logical-unit-number] hierarchy level for a logical interface that has a smaller index number than another logical interface for which you include the encapsulation frame-relay-ppp statement at the [edit interfaces ivnterface-name unit logical-unit-number] hierarchy level, the commit operation fails with the error message Link encapsulation type is not valid for device type. As a workaround, configure the indicated family statement on a logical interface with a larger index than the logical interface configured with the indicated encapsulation statement. [PR/229071]
• When you configure the default-address-selection statement at the [edit system] hierarchy level, Routing Engine graceful restart may cause GPRS support node (GGSN) services to be unreachable. [PR/232197]
• When you issue a show chassis ether-switch statistics command while redundancy is enabled, there is a loss of communication between the two redundant REs for about 2 seconds. [PR/233779]
• On serial interfaces transmitting either 64-byte or 128-byte packets, the effective bandwidth falls when the interface is highly oversubscribed. [PR/235753]
• When a redundant power supply is removed from an M7i or M10i router, the show chassis environment command correctly shows the supply's status as Absent, but continues to display a temperature for it. [PR/241055]
• On a J-series router, when you upgrade a serial interface to JUNOS Release 8.0 and later, Frame-Relay encapsulation might not work. Frame Relay does work with JUNOS Releases 7.0 though 7.6. [PR/241610]
• When you configure an IPv6 address as the primary or preferred address for an interface (by including the primary or preferred statement at the [edit interfaces interface-name unit logical-unit-number family inet6 address ipv6-address] hierarchy level) and commit the configuration, messages like the following are written to the system log: DCD_CONFIG_WRITE_FAILED: Interface interface-name configuration write failed for an IFA CHANGE: Operation not supported. [PR/258531]
• On ATM1 PICs, the effective shaping rate is lower than that specified by the values you configure when including the shaping statement at the [edit interfaces interface-name unit logical-unit-number] hierarchy level. As a workaround, set values appropriate for a shaping rate 4.5 percent higher than desired. [PR/268763]
• If you configure the number of minimum links eight, deactivated interfaces are not counted as down and active interfaces are still brought up. [PR/285244]
• The interface hold-timer might not work for channelized subinterfaces. [PR/294654]
• When there was a change in priority or tracking info, the state machine would reset and you would see VRRP go through an idle-backup-master transition. [PR/303701]

Services Applications

• The output of the show services nat pool command displays duplicate entries for a single Network Address Translation (NAT) pool. [PR/34678]
• The show services accounting flow-detail extensive command sometimes displays incorrect information about input and output interfaces. [PR/40446]
• When you configure intrusion detection service (IDS) on J-series platforms, including the threshold statement at the [edit services ids rule rule-name term term-name then logging] hierarchy level has no effect. [PR/46577]
• On Adaptive Services PICs configured for IPSec tunnel redundancy, if there are a large number of tunnels, sometimes a few of the tunnels might switch over to the backup tunnel. [PR/46733]
• On routing platforms configured for Internet Key Exchange (IKE)-based IPSec, if a remote peer using other vendors’ equipment does not renegotiate the IKE security association (SA) when it is about to expire and continues to send dead peer detection (DPD) requests on the same SA, the routing platform might not be able to reply to these messages. [PR/47004]
• If the socket buffer becomes full on a remote router, you cannot clear all the IPSec security associations (SAs) from the router. [PR/55189]
• When a routing platform is configured for graceful Routing Engine switchover and Adaptive Services (AS) PIC redundancy, and a switchover to the backup Routing Engine occurs, the redundant services interface (rsp-) always activates the primary services interface (sp-), even if the secondary interface was active before the switchover. [PR/59070]
• On Monitoring Services I and Monitoring Services II PICs, if the export channel to the external cflowd collector is closed, cflowd records might be lost. As a workaround, restart the PIC. [PR/59432]
• On Monitoring Services II PICs configured for flow collection services, during memory overload conditions, the flow collector interface might create files lacking cflowd records, and these files might not be sent to the external FTP server. [PR/62599]
• When you modify a flow collection configuration and commit the changes, the system log might contain error messages regarding the commit operation. These messages do not affect the operation of the router and can be ignored. [PR/64201]
• On J-series Services Routers, an SNMP query returns a zero value for the data link switching (DLSw) MIB object dlswTConnTcpConfigKeepAliveInt even if you implement keepalives. [PR/70002]
• For Adaptive Services II PICs, even if you do not configure flow collector services, a temporary file might be created every 15 minutes in the /var/log/flowc/ directory. The file is deleted if there are no clients, and re-created only when a client connects and attempts to write to the file. [PR/75515]
• The destination IP address assigned to a VP interface can be a duplicate of the address assigned to another interface on the router. This can cause issues with forwarding traffic appropriately to the VP interface. [PR/75535]
• On J4350 and J6350 Services Routers, when you insert a Telephony Gateway Module (TGM) 550 PIM and the PIM is in a reset state, the router might not respond to any show chassis commands for up to 5 seconds. [PR/78695]
• In BIOS configuration mode, pressing the F10 key to complete a save and exit does not work as expected. The alternative to using the F10 key is to use the Save and Exit option from the Exit menu. Regardless of which J-series image is loaded on the router, this issue can be seen on the J4350 and J6350 routers with BIOS Version 080011 and on the J2320 and J2350 routers with BIOS Version␣080012. [PR/237721]
• The Clear NVRAM option in BIOS configuration mode does not work as expected. Regardless of which J-series image is loaded on the router, this issue can be seen on the J4350 and J6350 routers with BIOS Version 080011 and on the J2320 and J2350 routers with BIOS Version 080012. To help address this issue, you need to note any changes you make to the BIOS configuration. This allows you to revert to the default BIOS configuration when needed. [PR/237722]
• When a packet-gateway subtract command does not include an audit descriptor, an inappropriate error message is returned: ER=444{"An unknown descriptor was received. [PR/240758]
• You might not be able to deactivate and reactivate Packet Gateway Control Protocol (PGCP) services and services state. [PR/253513]
• The gate inactivity duration for CLI values was changed from a default value of 0 to 5, changing the range to 5 to 86,400 (it was 0 to 86,400). A zero value is no longer valid. [PR/253517]
• The JUNOS software incorrectly sends a data inactivity notify message when a termination is OutofService. [PR/254873]
• JUNOS does not reset the T-MAX timer when receiving a provisional response. The T-MAX timer should be reset once a provisional response (pending) is received by the packet gateway controller (PGC). However, the packet gateway (PG) fails to reset and does not send the expected service change with disconnect message to the PGC before the T-MAX or T-Super timers expire. [PR/255360]
• The tmax-retransmission-delay statement configured at the [edit services pgcp gateway gateway-name h248-timers] hierarchy level does not function correctly. If you configure a value of 60 seconds, the packet gateway (PG) should send the first notify message to the packet gateway controller (PGC) in 60 seconds. If no message is received after 60 seconds, the PG should send a ServiceChange message with method Disconnect. However, after 10 Notify messages are sent by the PG, it sends a ServiceChange message with a duration of 11 seconds (even though it should be 60 seconds). [PR/255386]
• An inactivity notification is sent by the packet gateway (PG) even when inactivity is detected on the Real Time Control Protocol (RTCP) flow. [PR/256115]
• The value in a ServiceChange(Disconnect) message from the router might be 1. It should be the version negotiated between the router and the PGC. This is typically version 3. [PR/256857: This problem is resolved.] [PR/256857]
• When the packet gateway (PG) SIP-TCP (LATCH) Terminations are changed by a Modify message to out of service, the PG should not perform Latch or Relatch operations when the packet is received on the BB or AC side. However, the PG appears to perform the Latch operation and sends a NOTIFY message regarding this operation to the packet gateway controller (PGC). [PR/259356]

General Routing

• LDP sessions might go down and remain in an inoperative state for a long time (one indication is that the value OpenSent or Closing persists over time in the State: field of the output from the show ldp session extensive command). This problem occurs when BGP must evaluate a large number of AS paths as required by the following configuration:

  1. The value of each of several as-path policy-name statements at the [edit policy-options] hierarchy level is a regular expression containing a large number of AS path index numbers.
  2. Such policies are each specified as the value of a from as-path statement at the [edit policy-options policy-statement statement-name] hierarchy level.
  3. Several such policy statements are specified as values for the import statement at the [edit protocols bgp] hierarchy level.
  [PR/229273]
• If the from clause in a policy refers to the routing table used by a VPN routing and forwarding (VRF) instance, and you change the route distinguisher for that VRF instance, the routes in the routing table become unusable. In terms of configuration statements, the routing table is the value of the rib statement at the [edit policy-options policy-statement policy-nameterm term-name from] hierarchy level, and the route distinguisher is defined by the route-distinguisher statement at the [edit routing-instances routing-instance-name] hierarchy level for the VRF instance. As a workaround, deactivate the policy-statement statement temporarily while changing the route distinguisher. [PR/254398]

Routing Protocols

• When you include the as-path atomic-aggregate statement at the [edit routing-options aggregate defaults as-path] hierarchy level to manually add the ATOMIC_AGGREGATE attribute on a BGP AS path, the attribute is not added. [PR/2527]
• The metric-out statement at the [edit protocols protocol-name group] hierarchy level incorrectly takes precedence over the metric-out statement configured under the neighbor configuration for the same group. [PR/31848]
• The CLI allows you to commit a configuration that specifies a value higher than 32 for the metric statement at the [edit protocols dvmrp interface all] hierarchy level, but values higher than 32 are invalid. [PR/33429]
• If you configure the sham-link statement at the [edit routing-instances instance-name protocols ospf area] or [edit routing-instances instance-name protocols ospf] hierarchy level on a provider edge (PE) router, extraneous OSPF link-state advertisements (LSAs) might be added. In some cases, this can result in a routing loop between the customer edge (CE) and PE routers. [PR/40000]
• When you configure damping globally and use the import policy to prevent damping for specific routes, and a new route is received from a peer with the local interface address as the next hop, the route is added to the routing table with default damping parameters, even though the import policy has a nondefault setting. As a result, damping settings do not change appropriately when the route attributes change. [PR/51975]
• When you issue the show ldp traffic-statistics command, the following system log message might be generated for all forwarding equivalence classes (FECs) with an ingress counter set to zero: “send rnhstats GET: error: ENOENT -- Item not found.” [PR/67647]
• When routes are propagated across IBGP, the show bgp group statistics command output does not display AS numbers correctly. [PR/69098]
• If ICMP tunneling is enabled on the router and you configure a new logical router that does not have ICMP tunneling enabled, the feature is globally disabled. [PR/81884]
• If ICMP tunneling is enabled on the router and you configure a new logical router that does not have ICMP tunneling enabled, the feature is globally disabled. [PR/81884]
• When you specify a link-local interface for the interface statement at the [edit routing-options rib inet6.0 static route address/mask-length qualified-next-hop address] hierarchy level, the commit operation fails with the message RT: next-hop interface-name is not point-to-point. [PR/99293]
• When the flow of multicast traffic changes because an OSPFv3 link goes down, the output from the show multicast statistics inet6 command reports incorrect values in the In kbytes and In packets fields for the new ingress interface. [PR/234969]
• Access-Internal routes are not entered in to the forwarding table for unnumbered Ethernet interfaces. [PR/252220]
• The address for the flow route is terminated at 348 characters. It is a cosmetic issue and affects the flow route display in show route. [PR/273385]
• Multicast Source Discovery Protocol (MSDP) incorrectly reports a non-existant security association (SA), resulting in the SA remaining in Protocol Independent Multicast (PIM) when it is deleted in the MSDP. [PR/277310]

MPLS Applications

• If you configure a label-switched path (LSP) with the no-cspf statement at the [edit protocols mpls] hierarchy level, the LSP might cycle up and down several times before stabilizing. [PR/10415]
• If a circuit cross-connect (CCC) traverses a forwarding adjacency (FA) label-switched path (LSP), traffic forwarding might be affected. [PR/60088]
• RSVP graceful restart does not function for LSPs that have a forwarding adjacency (FA) label-switched path (LSP) as a next hop. [PR/60256]
• When you enable per-packet load balancing on parallel label-switched paths (LSPs), the output of the show mpls lsp ingress command might display all the routes on only one of the LSPs even when traffic is evenly balanced across the LSPs. [PR/70487]
• On M-series and T-series routing platforms, if MPLS traffic is being forwarded on the secondary path of an LSP when the primary path is also functional, the Traffic statistics section of the output from the monitor label-switched-path lsp-namecommand might show incorrect values. [PR/80591]
• The show mpls lsp detail command does not display an LSP's setup and hold priorities (the Prioritiesfield is omitted) if they are set to their default values, even if the defaults are set explicitly at the [edit protocols mpls label-switched-path path-name priority] hierarchy level. As a workaround, issue the show mpls lsp defaultscommand to display the priority values. [PR/103128]
• On an M120 router, the ping mpls rsvp command fails when an LSP is configured for link protection (the link-protection statement is included at the [edit protocols mpls label-switched-path lsp-name] hierarchy level) and traffic is being routed through the bypass LSP. [PR/233693]
• In the output from the show mpls lsp command, the column labeled ActivePath is about 16 characters wide. When the name of an LSP path is longer than that, subsequent values on the line do not align correctly with their headers. [PR/237229]
• When more than 5 link-protected or node-link-protected label-switched paths (LSPs) to the same destination are used with per-packet load balancing, some bypass next-hops might not be included in the active route. This can occur after a primary link flap. [PR/259219]
• On M-series and T-series routers, when an MPLS LSP is optimized, the MPLS MIB counters associated with the path change event are not updated. [PR/265931]
• Sometimes a traffic engineered label-switched path (LSP) remains up when it should go down. [PR/300919]
• When a Layer 2 circuit comes back up after a disruption, it remains attached to the old label, so traffic does not pass through the Layer 2 circuit connection. [PR/306043]

VPNs

• When you modify the frame-relay-tcc statement at the [edit interfaces interface-name unit logical-unit-number] hierarchy level of a Layer 2 VPN, the connection for the second logical interface might not come up. As a workaround, restart the chassis process (chassisd) or reboot the router. [PR/32763]
• When VPLS nonstop active routing is enabled and you modify the VPLS instance (for example, change the instance type or its route distinguisher), the routing process (rpd) might stop and the system might produce a core dump. [PR/231234]
• Traffic might not flow when an ATM interface is used as the access circuit on an M120 router. [PR/255160]

Class of Service

• When you configure an ES PIC, a message similar to the following might be written to the system log: “fpc0 LCHIP(3): Unable to fathom what channel used by IFD id.” There is no operational impact. [PR/36184]
• If you deactivate or activate an aggregated Ethernet interface, the Packet Forwarding Engine might report errors. [PR/50090]
• When a logical tunnel (lt) interface is the outbound interface, JUNOS software does not support the IEEE 802.1p rewrite rule. [PR/55903]
• If you try to configure a scheduler map containing two forwarding classes that are mapped to the same queue, the class-of-service scheduler is not applied to the Packet Forwarding Engine. As a workaround, configure a single forwarding class for each available queue. [PR/57907]
• On M-series routers connected by VLAN circuit cross-connects (CCCs) and configured with class of service (CoS), when explicit forwarding (EF) traffic is generated from the ingress customer edge router (CE1) to the egress customer edge router (CE2), the ingress provider edge router (PE1) properly marks the packets with default EXP bits and sends the packets out queue 1, but the intermediary core router forwards all traffic through queue 0 instead of sending it through the EF queue. As a workaround, include the no-control-word statement at any of the following hierarchy levels: [edit logical-routers logical-router-name protocols l2circuit neighbor address interface interface-name], [edit protocols l2circuit neighbor address interface interface-name], [edit logical-routers logical-router-name routing-instances routing-instance-name protocols l2vpn], or [edit routing-instances routing-instance-name protocols l2vpn]. [PR/65280]
• When you configure a specific classifier for a logical unit, it does not override the fixed classifier configured using wildcards. [PR/68888]
• Adding and deleting an interface many times by configuring the scheduler-map-chassis statement at the [edit class-of-service interfaces ge-1/1/port] hierarchy level might cause a memory leak in the class-of-service process (cosd). As a workaround, restart the class-of-service (CoS) process (cosd). [PR/82546]
• If you configure CoS traffic control profiles on every logical interface by using the * wildcard to represent the interfaces, the configuration cannot be committed. In other words, the commit operation fails if you include the input-traffic-control-profile and output-traffic-control-profile statements at the [edit class-of-services interfaces type-fpc/pic/port *] hierarchy level. [PR/100690]
• On MX-series routers, when you configure VPLS over an LSI interface, classification does not work on the egress PE router for traffic flowing from the core of the network to the egress CE router. [PR/240777]
• If you configure the tri-color statement at the [edit class-of-service] hierarchy level, the drop counters for the show interfacs queue command appear to not work for the medium-high (yellow) priority traffic and the low (green) prioirty traffic. The drop counter for the high priority traffic (red) functions normally. [PR/258499]
• In JUNOS Release 8.4 and later, the 'commit' or 'commit-check' operation fails if a rewrite rule is defined both at the [edit class-of-service interfaces interface-nameunit logical-unit-number rewrite-rules] hierarchy level and in a configuration group (defined at the [edit groups] hierarchy level) that is applied to that interface. The correct behavior is for the directly applied rule to override the rule inherited from the configuration group. [PR/261229]
• The output from the show class-of-service interface interface-name command includes the Input scheduler map field even when you configure egress-only mode for the PIC that houses the interface (by including the mode egress-only statement at the [edit chassis fpc slot-number pic slot-number traffic-manager] hierarchy level). [PR/275038]

Forwarding and Sampling

• On M320 and T-series routing platforms, when you configure interface output sampling, packets sometimes might travel through the output firewall. As a workaround, configure a firewall filter on the output interface with the then sample statement and the then next term statements. The workaround provides the same functionality as the other configuration, but avoids the problem behavior. [PR/70473]

Routing Policy and Firewall Filters

• The extended Dynamic Host Configuration Protocol (DHCP) relay agent feature does not function properly on a nondefault logical router. This means that although the JUNOS CLI permits you to include the dhcp-relay statement at the following hierarchy levels, the feature does not work properly when you do so:

  • [edit logical-routers logical-router-name forwarding-options]
  • [edit logical-routers logical-router-name routing-instances]
  • [edit logical-routers logical-router-name routing-instances routing-instance-name forwarding-options]
  [PR/82275]
• On MX-series routers running JUNOS Release 8.4 and later, entries in the MAC address table expire three times faster than on MX-series routers running JUNOS Release 8.3 and earlier, and on M-series and T-series routing platforms running any release of the JUNOS software (including JUNOS Release 8.4 and later). To configure the correct effective value on MX-series routers running JUNOS Release 8.4 and later, specify a value for the mac-table-aging-time statement at the [edit protocols l2-learning] hierarchy level that is three times the desired value. For example, if you want the expiration time to be 15 seconds, specify 45 seconds. [PR/241485]

Network Management

• The following groups of MIB objects do not segregate the data they return according to the routing instance specified in an SNMP request: vrrpMIB, jnxCosIfqStatsTable, and jnxCosQstatTable. [PR/63045]
• When you commit a configuration that includes the max-queues-per-interface statement at the [edit chassis fpc slot pic slot] hierarchy level, the MIB II process (mib2d) might generate a core file and stop operating. [PR/99197]
• If an element number in an MIB object's OID is greater than 2,147,483,647 (2 to the 31st power, minus 1), the snmp mib walk and snmp mib get commands fail. [PR/237856]