[
Contents]
[
Prev]
[
Next]
[
Report an Error]
Previous Releases
9.2R3
The following issues have been resolved since JUNOS Release
9.2R2. The identifier following the description is the tracking number
in our bug database.
Platform and Infrastructure
- If you configure a large number of MD5 authentication
keys for BGP sessions, and then deactivate and reactivate the keys,
the router might generate a commit error and MD5 authentication might
not be applied on some of the BGP sessions. [PR/238960: This issue
has been resolved.]
- When you issue the file copy command with an
FTP path as the source or destination and include the source-address option, the specified source address is not used for establishing
a connection with the peer FTP server. [PR/240580: This issue has
been resolved.]
- Including the mirror-flash-on-disk statement
at the [edit system] hierarchy level has no effect. [PR/268474:
This issue has been resolved.]
- On MX-series platforms using Routing Engine-based sampling,
when samples are sent from the Packet Forwarding Engine to the Routing
Engine over certain interfaces, the interface Input/Output index and
next-hop address are set to 0. The following interfaces are affected: ge-x/0/y, ge-x/1/y, xe-x/2/0, and xe-x/3/0. It is not
possible in this case to match on the interface index to retrieve
data from the NetFlow collector. [PR/286089: This issue has been resolved.]
- If a small form-factor pluggable transceiver (SFP) does
not respond to a request for diagnostic data, a message is written
to the system log. The message is unnecessary because the failure
to respond has no operational impact. [PR/293212: This issue has been
resolved.]
- For individual T1 links in an MLPPP bundle, the counts
of input bytes and input packets are not reported correctly in the
“Traffic statistics” section of the output from the monitor interface t1-fpc/pic/port command. [PR/299688: This issue has
been resolved.]
- On M320 and T-series routing platforms, when member links
of a Multilink Frame Relay bundle go down and come back up, an FPC
in which a Link Services Queuing (LSQ) PIC is installed might stop
forwarding traffic and need to be rebooted. As a workaround, install
the PICs with the member links and the LSQ PIC in the same FPC. [PR/300331:
This issue has been resolved.]
- When you configure a static route on an unnumbered link,
it causes the router to reset; even rebooting does not help. You must
remove the static route configuration to restore stability to the
router. [PR/301732: This issue has been resolved.]
- As a result of the fix for PR 298073, when several multicast
route changes occur within a short period of time, the system message
log might record the following entry: “cannot perform nh operation
ADDANDGET nhop (null) type indirect index 0 errno 22.” There
is no operational impact. [PR/302530: This issue has been resolved.]
- When a line containing more than 1405 characters is pasted
from a console configured with the load merge terminal option,
the pasting process might stop after the first 1405 characters are
shown. [PR/304956: This issue has been resolved.]
- The maximum number of active security services flows on
a J-series Services Router for each platform and memory allotment
is as follows:
- J2320 router with 512 MB—20,000 flows
- J2320 router with 1 GB—45,000 flows
- J2350 router with 512 MB—30,000 flows
- J2350 router with 1 GB— 50,000 flows
- J4300 router with 512 MB—20,000 flows
- J4300 router with 1 GB—45,000 flows
- J6300 router with 512 MB—20,000 flows
- J6300 router with 1 GB—45,000 flows
- J4350 router with 512 MB—40,000 flows
- J4350 router with 1 GB—60,000 flows
- J6350 router with 512 MB—40,000 flows
- J6350 router with 1 GB—65,000 flows
- J6350 router with 2 GB—75,000 flows
These are the system maximum values. If you configure max-flows for a service set, the other service sets share whatever
is left from the system maximum value. The sum of the max-flows values for individual service sets cannot exceed the global maximum
value. If the configured total exceeds this value, the max-flows value for the last configured service set is truncated and a warning
message is logged. [PR/305350: This issue has been resolved.]
- When you attempt to upgrade J-series or JSR images with
the validate option configured, the software upgrade might
fail. As a workaround, perform the upgrade using the no-validate option. [PR/307212: This issue has been resolved.]
- During graceful Routing Engine switchover (GRES), resynchronization
between Routing Engines might fail. In this case, the “Kernel
database” field in the output of the show system switchover command reports the value “Connection error, Initialize error.”
[PR/307501: This issue has been resolved.]
- When a PE router receives a PIM Join message from a CE
router and the source for the required multicast data is another directly
connected CE router, the attempt to create a flood next hop might
initially fail. Messages including the following are written to the
system log: “NH: Failed to install flood nexthop: <index>.”
The next hop is eventually installed, so there is no operational impact.
[PR/307579: This issue has been resolved.]
- When the mirror-flash-on-disk statement is included
at the [edit system] hierarchy level and the Routing Engine
is rebooted, the following spurious message appears when you log in
to the Routing Engine: “NOTICE: System is running on alternate
media device (/dev/<device-file>).” [PR/311768: This issue
has been resolved.]
- When two BGP peers are configured to use MD5 authentication
and you issue the clear bgp neighbor command on one peer,
the following message might be written to the system log on the other
peer: “tcp_auth_ok: Packet from <address>:<identifier>
missing MD5 digest.” Traffic forwarding is not affected. [PR/312680:
This issue has been resolved.]
- When you configure the authentication-key statement,
BGP uses TCP sessions with an active MD5 digest option. Under certain
circumstances a TCP four-way handshake might fail to perform a proper
tear down of a previously established TCP session configured with
the MD5 digest option, because of problems with authentication of
the last ACK, leaving a socket on the remote router in TCP LAST_ACK
state. The router that performed a passive close and became stuck
in LAST_ACK state logs a message such as the following: “/kernel:
tcp_auth_ok: Packet from 10.0.0.46:62056 missing MD5 digest,”
for every ACK packet sent from the remote endpoint with a broken MD5
digest option. [PR/313119: This issue has been resolved.]
- On MX-series and M120 routers, and M320 routers with an
Enhanced III FPC, if the configuration includes the explicit-null statement at the [edit protocols mpls] or [edit protocols
ldp] hierarchy level, a DPC or FPC might reboot (but not generate
a core file) when an MPLS packet with time-to-live (TTL) equal to
0 (zero) or 1 (one) is processed at the egress of a tunnel. [PR/313319:
This issue has been resolved.]
- When an IPv6 BGP peer becomes unreachable, raw IPv6 packets
might be forwarded without the correct Layer 2 encapsulation over
an Ethernet connection. [PR/314629: This issue has been resolved.]
- When the Routing Engine hard disk fails, the compact flash
might be removed from the list of media used at boot time, instead
of the hard disk being removed. In some cases, this makes the Routing
Engine unable to initialize. [PR/389540: This issue has been resolved.]
- The output from the traceroute command includes
both the IP address and DNS hostname of each hop. The hostname information
might be incorrect for one or more hops. [PR/389794: This issue has
been resolved.]
- During recovery after the Routing Engine hard drive fails,
the JUNOS kernel might fail, causing the router to reboot. [PR/390306:
This issue has been resolved.]
- When a member link of an aggregate interface goes down
and comes back up and new forwarding information is installed during
that change-in-status period, traffic might be lost. [PR/392550:
This issue has been resolved.]
- On T-series routing platforms with aggregated SONET/SDH
interfaces, if multiple statistics requests for these interfaces are
queued at the same time, a memory corruption might occur, causing
the kernel to reset unexpectedly. [PR/393572: This issue has been
resolved.]
- In an MPLS Layer 3 VPN network, the traceroute command does not return a valid result (it returns three asterisks
[* * *] instead) for the hop between two routers when their configuration
includes both of the following features: (a) per-packet load balancing
(the load-balance per-packet statement is included at the [edit policy-options policy-statement policy-name then] hierarchy level and that policy-name statement is included at the [edit routing-options forwarding-table] hierarchy level), and (b) multiple equal-cost paths between the
routers (for example, when the encapsulation frame-relay statement
is included at the [edit interfaces interface-name] hierarchy level for a SONET/SDH interface and the same address
is specified for more than one of its logical interfaces at the [edit interfaces interface-name unit logical-unit-number family family address] hierarchy level). [PR/396280: This issue has been
resolved.]
- On M120 and MX-series routers, and on some FPCs on M320
routers, the Packet Forwarding Engine might not free memory correctly
during operations on multicast next hops. [PR/396903: This issue has
been resolved.]
- On a T1600 routing node, an FPC might stop operating while
processing an ICMP TTL expiration packet. Such packets increment the
count in the “ttl expired” field of the output from the show pfe statistics ip icmp command. [PR/398059: This issue
has been resolved.]
- On T640 and T1600 routing platforms with the Enhanced
Scaling FPC4, errors like the following might be written to the system
log: “<x> new errors (mtu error) in HDRF,lout_hdrf_poll_stats,”
“Error (code: 30, type:Minor) encountered, cmalarm_passive_alarm_signal,”
and “1 new errors in SLout OP.” There is no operational
impact. [PR/399258: This issue has been resolved.]
- On egress PE routers, the correct EXP classifier is not
applied to label-switched interfaces (LSIs) that are created by including
the vrf-table-label statement at the [edit routing-instances routing-instance-name] hierarchy level. [PR/399634:
This issue has been resolved.]
- When you install an FPC in all eight slots on a T1600
routing node configured for graceful Routing Engine switchover (the graceful-switchover statement is included at the [edit chassis
redundancy] hierarchy level), the routing node might reboot repeatedly.
As a workaround, disable GRES or remove one FPC. [PR/400267: This
issue has been resolved.]
- On J2300 Services Routers, sometimes the onboard Fast
Ethernet ports do not allow traffic to pass through, while other interfaces
are still passing traffic. [PR/406476: This issue has been resolved.]
- The traffic class byte is set to 0x00000000 in
the header of some BGP packets sent between interfaces that have IPv6
addresses, instead of the correct setting 0xc0 (INTERNETCONTROL).
[PR/406802: This issue has been resolved.]
User Interface and Configuration
- When you issue the request system (halt | power-off
| reboot) other-routing-engine lcc routing-node-index command on a TX Matrix platform, the requested operation is
performed on the TX Matrix platform instead of the specified routing
node (line-card chassis, or LCC). As a workaround, issue the command
on the routing node itself (without the lcc option). [PR/241274:
This issue has been resolved.]
- Under certain conditions, when you issue the show
configuration | compare command, the management process (mgd)
might generate a core file. [PR/281705: This issue has been resolved.]
- When TACACS+ authentication is configured and a user tries
to log in to the router over an SSH or FTP connection, the JUNOS software
does not include the remote user address in the authentication request
packet sent to the TACACS+ server. [PR/301927: This issue has been
resolved.]
Interfaces and Chassis
- If virtual channel identifiers (VCIs) for a large number
(approximately 400) of virtual connections (VCs) on an ATM DS3 interface
are changed frequently, the interface might mishandle the ATM cells.
As a result, OSPF and IS-IS neighbor adjacencies might not remain
stable. [PR/25639: This issue has been resolved.]
- On channelized T3 interfaces, the T1 loopback state does
not reflect loopbacks set by facilities data link requests using the remote-loopback-respond statement at the [edit interfaces interface-name t1-options] hierarchy level. [PR/45837:
This issue has been resolved.]
- In the output from the show interfaces extensive command, the count of REI-P errors in the “SONET path”
section is incorrect when the RDI-P error also appears in the “SONET
defects” field. [PR/256049: This issue has been resolved.]
- On a router configured for graceful Routing Engine switchover,
if the backup Routing Engine is running JUNOS Release 8.1 or later
and the master Routing Engine is running JUNOS Release 8.0 or earlier,
updates might not be made to the forwarding table. [PR/273492: This
issue has been resolved.]
- When you issue the show interfaces diagnostics optics command and do not specify an interface name, the output is the
same as for the show interfaces command, instead of including
optic diagnostics. [PR/285978: This issue has been resolved.]
- On MX-series routers, when a DPC configured with a large
number of interfaces restarts, the chassis process (chassisd) might
write the following messages to the log: “failed to complete
channel bonding” and “reached link 5 max index value.”
[PR/292057: This issue has been resolved.]
- In JUNOS Release 9.0 and later, the monitor interface interface-name command output is missing some information.
[PR/296131: This issue has been resolved.]
- The commit operation does not fail when the configuration
includes the following invalid combination of statements: the address
specified by the source or destination statement
at the [edit interfaces gr-fpc/pic/port unit logical-unit-number tunnel] hierarchy level is the same as the interface's own
subnet address (as specified by the address statement at
the [edit interfaces gr-fpc/pic/port unit logical-unit-number family family-name] hierarchy level).
[PR/299443: This issue has been resolved.]
- On a router without redundant Routing Engines (such as
the M7i router), if the Routing Engine restarts, the router might
stop forwarding packets. As a workaround on the M7i router, issue
the request chassis cfeb restart command. [PR/301788: This
issue has been resolved.]
- When only one Routing Engine is installed in an M120 router,
on the craft interface the LEDs for the power supplies never light
up. Similarly, in the “PS LEDs” section of the output
from the show chassis craft-interface command, there is a
period in all four fields (indicating that no LEDs are lit). [PR/302504:
This issue has been resolved.]
- When you configure bandwidth management for a Protected
System Domain (PSD) by including the control-plane-bandwidth-percent statement at the [edit chassis system-domains protected-system-domain
psdn] hierarchy level, it might take up
to four hours for FPC core files to transfer to the PSD. To reduce
the transfer time to approximately 15 minutes, use one of the following
workarounds: (a) remove the control-plane-bandwidth-percent statement, or (b) set the control-plane-bandwidth-percent value to 96 on the PSD to which the FPC is assigned. [PR/304765:
This issue has been resolved.]
- When the links in a redundant LSQ bundle are not configured
at the remote site, if a graceful Routing Engine switchover occurs
and then a primary or secondary LSQ PIC goes offline, the backup Routing
Engine might generate a core file. [PR/306667: This issue has been
resolved.]
- For SONET/SDH interfaces, when the hold-time statement
is included at the [edit interfaces so-fpc/pic/port] hierarchy
level and you change the framing type from the default (SONET) to
SDH by including the framing sdh statement at the same hierarchy
level, the interface does not come up after the commit operation.
As a workaround, deactivate the hold-time statement before
changing the framing. [PR/306687: This issue has been resolved.]
- When you disable a Fast Ethernet interface, a router at
the other end of a link to the interface might not mark the link as
down. [PR/307538: This issue has been resolved.]
- The 1-port ATM2 OC48/STM12 IQ PIC might generate an RDI-P
error when it receives a packet in which the bits corresponding to
the enhanced path-RDI encoding of the G1 path overhead byte are set,
even if the formal path-RDI bit within the G1 path overhead byte is
not set. [PR/309929: This issue has been resolved.]
- On aggregated Ethernet interfaces configured for LACP
(the lacp statement is included at the [edit interfaces
aex aggregated-ether-options] hierarchy
level), if you deactivate one of the interfaces in the aggregate,
multicast traffic might not be detoured as expected. [PR/313617: This
issue has been resolved.]
- On a router with dual Routing Engines, if the hard disk
is inoperable or missing on the backup Routing Engine, no chassis
alarm is set (visible in the output of the show chassis alarms command), nor is an SNMP trap or system log message generated. The
only indication is a line like the following in the output from the show system boot-messages command: “ad<x>: not attached,
missing in Boot List.” [PR/392837: This issue has been resolved.]
- When more than one of a physical interface’s logical
interfaces is associated with a bridge domain (the family bridge statement is included at more than one [edit interfaces interface-name unit logical-unit-number] hierarchy level and each logical interface is specified as
the value for an interface statement at the [edit bridge-domains domain-name] hierarchy level), the monitor physical-interface-name command displays incorrect
values in the “Input packets” field of the “Traffic
statistics” section. [PR/397745: This issue has been resolved.]
- When Multilink Frame Relay encapsulation is configured
on an interface (the encapsulation multilink-frame-relay-uni-nni statement is included at the [edit interfaces interface-name] hierarchy level), the kernel might generate a core file. [PR/408066:
This issue has been resolved.]
Layer 2 Ethernet Services
- On MX-series routers, access ports configured for VSTP
(the interface statement corresponding to the port is included
at the [edit protocols vstp] hierarchy level) might not interoperate
properly with other vendors’ switches. [PR/390026: This issue
has been resolved.]
- On an MX-series router configured for VRRP for IPv6, during
a mastership change the original master does not relinquish mastership,
with the result that both it and the original backup are reported
as “master” in the “VR state” field of the
output from the show vrrp summary command. [PR/398399: This
issue has been resolved.]
Services Applications
- The issue arises when you configure the NAT match-direction
output statement and attach it to a interface-style service set
on an egress interface. When you explicitly configure forward and
backward rules for a NAT service set, an ICMP fragmentation-needed
message is not sent and the traffic is dropped without notification.
If the backward rule is not configured and is left implicit, this
problem is not seen. An explicit backward rule causes the ICMP error
packet to be handled as a new flow. As a workaround, do not explicitly
configure backward rules unless they are absolutely necessary. [PR/238215]
- If the Juniper-Firewall-Attribute attribute in a RADIUS
server configuration file names a policer that sets a bandwidth limit
for Layer 2 Tunneling Protocol (L2TP) sessions but not an exclude-bandwidth
limit, the bandwidth limit might not be set correctly. [PR/254503:
This issue has been resolved.]
- When a PPP session on a dedicated interface is terminated,
associated static routes might remain in the routing table. [PR/309771:
This issue has been resolved.]
- Input packet counters do not increment for IPSec packets
on an AS or MultiServices PIC (sp- interface) over a multilink
bundle. [PR/314456: This issue has been resolved.]
- Network address translation (NAT) is not performed correctly
for Real-Time Streaming Protocol (RTSP) methods when the Content-Length
field is set to 0 (zero). [PR/393171: This issue has been resolved.]
- When you configure L2TP with link fragmentation and interleaving
(LFI), the MultiServices PIC drops a significant number of MLPPP fragments.
[PR/401247: This issue has been resolved.]
General Routing
- Enabling traceoptions with certain trace levels
for DHCP might cause the DHCP process to dump core. [PR/301102: This
issue has been resolved.]
Routing Protocols
- When an IPv6 duplicate address is detected, the interface
stops forwarding but IS-IS and OSPF3 continue to announce the interface
as a valid route. However, the address is unreachable and all traffic
destined to or through the interface is dropped. [PR/296740: This
issue has been resolved.]
- When you run the snmpwalk query for multicast
interfaces in a routing instance, the logical interface might not
appear in the query. [PR/297470: This issue has been resolved.]
- On a router with dual Routing Engines that is configured
for nonstop active routing (NSR) and graceful Routing Engine switchover,
if the backup-router or inet6-backup-router statement
is included at the [edit system] hierarchy level, the static
route to the backup destination is not deleted on the backup Routing
Engine when you activate nonstop active routing. [PR/305597: This
issue has been resolved.]
- When you include the stale-routes-time statement
at the [edit protocols bgp graceful-restart] hierarchy level,
but omit the graceful-restart statement at the [edit
routing-options] hierarchy level, the commit operation fails
with the following message: “Error in neighbor <address>
of group <group-name>: graceful restart must be enabled in routing-options
too.” [PR/307034: This issue has been resolved.]
- When you re-add a previously deleted or deactivated address statement for an interface’s IPv6 address on a
PIM upstream neighbor (at the [edit interfaces interface-name unit logical-unit-number family inet6] hierarchy level), the addition does not register at the downstream
neighbor. On the downstream neighbor, the value in the “Upstream
interface” and “Upstream neighbor” fields remains
“unknown” in the output from the show pim join extensive command. As a workaround, issue the clear pim join command.
[PR/309972: This issue has been resolved.]
- Protocol Independent Multicast (PIM) might not work correctly
when NSR (nonstop routing) is enabled. Sometimes you might receive
the following error message: “cannot perform nh operation ADDANDGET
nhop (null) type indirect index 0 errno 22.” [PR/314279: This
issue has been resolved.]
- If unicast routes towards a multicast source are updated
via BGP static routing and an IPv6 address on a BGP peer router is
deactivated and reactivated, multicast forwarding does not function
correctly. [PR/386781: This issue has been resolved.]
- If the source address for IPv6 multicast traffic is resolved
by a static route, information about an upstream neighbor might not
be updated after a graceful Routing Engine switchover event (the value
“unknown” appears in both the “Upstream interface”
and “Upstream neighbor” fields in the output from the show pim join extensive command). [PR/389856: This issue has
been resolved.]
- When a PE router receives an external LSA of type 7 (NSSA)
that has a matching VPN tag or has the DN (down) bit set, it nevertheless
includes the advertised route in its OSPF route calculation. According
to RFC 4576, it must ignore such routes. [PR/391733: This issue has
been resolved.]
- On a router configured for nonstop active routing (NSR),
when you apply a BGP import policy and issue the clear bgp neighbor address soft command to reset BGP, the policy does
not take effect. (In terms of configuration statements, the nonstop-routing statement is included at the [edit routing-options] hierarchy
level and the import policy-name statement
at the [edit protocols bgp group group-name neighbor address] hierarchy level.) As
a workaround, either disable nonstop active routing or issue the clear bgp neighbor address command without
the soft option, which forces BGP peers to reestablish their
sessions. [PR/396291: This issue has been resolved.]
- When two BGP peers establish a session, they negotiate
the hold time to use for keepalive messages. If one of the peers uses
a nondefault hold-time value (that is, the hold-time statement
is included at the [edit protocols bgp group group-name] hierarchy level in its configuration), and either of the peers
goes down immediately after the session is established, the hold timer
incorrectly expires after the default interval instead of the negotiated
interval. [PR/396823: This issue has been resolved.]
- If the route to a multicast source address is learned
using BGP and the upstream interface goes down, PIM might not detect
the outage. As a consequence, the value “unknown” appears
in the “Upstream interface” and “Upstream neighbor”
fields of the output from the show pim join extensive command.
[PR/397410: This issue has been resolved.]
- If you specify an IPv6 address as a value for the ssm-groups statement at the [edit routing-options multicast] hierarchy level, the SSM group does not work as expected. As a workaround,
specify only IPv4 addresses. [PR/399352: This issue has been resolved.]
- If PIM sources are accessed via different addresses on
the same neighbor, and PIM is deactivated and reactivated on the neighbor,
the “Upstream interface” and “Upstream neighbor”
fields of the output from the show pim join extensive command
continue to report the value “unknown” after the neighbor
is active. [PR/400573: This issue has been resolved.]
- When you enable distributed periodic packet management
(by including the delegate-processing statement at the [edit routing-options ppm] hierarchy level), BFD packets are
transmitted on a queue other than queue 3 (queue 0 or 4 depending
on the JUNOS version). If system load allows it, disable distributed
PPM as a workaround. [PR/400907: This issue has been resolved.]
- When you issue the show ospf database advertising-router command and a NULL argument is passed to the command, the routing
protocol process (rpd) might stop operating. [PR/401437: This issue
has been resolved.]
- When you issue the mtrace source command and the route to the source is defined in the routing
table for a PIM nonforwarding instance (that is, not in the main instance
table, inet.0), the command fails with the following messages: “...giving
up” and “Timed out receiving responses.” [PR/403033:
This issue has been resolved.]
- When peers in different BGP peer groups have similar export
policies such that identical advertisements are sent, the routing
protocols process (rpd) might generate a core file and become unresponsive
when the backup Routing Engine comes online. [PR/404471: This issue
has been resolved.]
- When certain statements are included at the [edit
protocols bgp group group-name] hierarchy
level, the routing protocols process (rpd) might generate a core file
and stop operating in some circumstances. [PR/404667: This issue has
been resolved.]
- A SNMP walk of the downstream interfaces of point-to-multipoint
multicast routes might cause the routing protocol process (rpd) to
dump core. [PR/405505: This issue has been resolved.]
- PIM mistakenly prefers a more specific hidden route over
an active less specific route as the RPF route to the MCAST source.
This issue has been fixed. [PR/411385: This issue has been resolved.]
MPLS Applications
- When both CSPF and link protection are enabled, in rare
instances the routing protocol process (rpd) might generate a core
file and restart. [PR/266126: This issue has been resolved.]
- If an ingress LSP detects a routing loop (reported as
“Routing loop detected [number times]”
in the output from the show mpls lsp name lsp-name extensive command), it might stop handling traffic. [PR/293686:
This issue has been resolved.]
- After some types of network events (for example, when
an interface goes down and comes back up), LDP routes might be removed
incorrectly from the inet.3 routing table. As a workaround, restart
all LDP sessions. [PR/297144: This issue has been resolved.]
- When a CCC comes back up after an interruption of network
connectivity, the MPLS routing table does not record the label change
for CCC appropriately, and traffic is not sent through the CCC connection.
[PR/306043: This issue has been resolved.]
- When you issue the traceroute mpls ldp command,
the MPLS OAM process (mplsoamd) might generate a core file. [PR/307732:
This issue has been resolved.]
- If there is a single hop to an LDP neighbor and the source
address of the received LDP Link Hello address is the same as the
LDP Targeted Hello source address, when the LDP link neighbor and
target LDP neighbor go down and come back up in a certain sequence,
the Layer 2 circuit connection might remain inactive (reported as
“VC-Dn” in the “St” field of the entry for
the neighbor in the output from the show l2circuit connections command). To return the connection to the active state, issue the clear ldp neighbor address command. [PR/312672:
This issue has been resolved.]
- If an RSVP LSP configured with LDP tunnels initiates auto
bandwidth adjustments, LDP might fail to send keepalive messages,
which could trigger LDP Session flap as a result of hold-down timer
expiration. As a workaround, increase the LDP keepalive-timeout value at the [edit protocols ldp] hierarchy level from
the default (30 seconds) to 90 seconds. [PR/407707: This issue has
been resolved.]
VPNs
- The time-to-live (TTL) threshold value is not propagated
correctly for VPNs that use IPv6 addresses. This might cause multiple
entries for the same address in the output from the traceroute command. [PR/257497: This issue has been resolved.]
- If you take a PIC offline that hosts a large number (for
example, 1000) of CE-facing interfaces in a Layer 2 VPN, the routing
protocols process (rpd) might generate a core file. [PR/300601: This
issue has been resolved.]
- When a logical tunnel (lt-) interface forwards
a multicast packet, it incorrectly sets the destination MAC address.
[PR/304516: This issue has been resolved.]
- In a VPLS dual-homed configuration, sometimes traffic
loss might occur for approximately 20 seconds during switchover from
the backup to the primary interface. [PR/404605: This issue has been
resolved.]
High Availability
- When a Routing Engine switchover takes place, the kernel
might generate a core file. [PR/301327: This issue has been resolved.]
Class of Service
- When configuration for an interface is added at the [edit class-of-service interfaces] hierarchy level, the value
in the ”Output rate” field of the output from the show interfaces command might stop incrementing. The condition
persists even if the CoS configuration is deactivated. As a workaround,
deactivate and reactivate the interface at the [edit interfaces] hierarchy level. [PR/405280: This issue has been resolved.]
Forwarding and Sampling
- When you configure Routing Engine-based sampling (by including
the sampling statement at the [edit forwarding-options] hierarchy level), 4-byte AS numbers might be incorrectly reported
as 2-byte numbers in the output from the monitor start sampled command. [PR/310276: This issue has been resolved.]
- If a prefix list specified at the [edit firewall family
inet6 filter filter-name term term-name from source-prefix-list] hierarchy level includes an IPv4 address,
the commit operation fails with the following message: “Invalid
inet6 addr: ‘<ipv4-address>/<prefix-length>’.”
[PR/310299: This issue has been resolved.]
- Specifying peer as the value for the autonomous-system-type statement at the [edit forwarding-options sampling output cflowd hostname] hierarchy level has no effect (the exported
information is the same as when the value origin is specified).
[PR/310313: This issue has been resolved.]
Network Management
- When some PIC types are taken offline and brought back
online, an SNMP linkUp trap is not generated for some of the logical
interfaces. [PR/294667: This issue has been resolved.]
- The JUNOS software does not generate an SNMP linkDown
trap when an interface's state (represented by the ifOperStatus object)
changes from “up” to “lowerLayerDown.” The
trap is required by RFC 2863. [PR/297829: This issue has been resolved.]
- When you enable firewall counters for IPv4 and IPv6 traffic
on an interface (by including the count statement at the [edit firewall family (inet | inet6) filter filter-name term term-name then] hierarchy level and
the filter statement at the [edit interfaces interface-name unit logical-unit-number family (inet | inet6)] hierarchy level), the show snmp
mib walk jnxFWCounterByteCount command might not display all
of the counters. [PR/313194: This issue has been resolved.]
9.2R2
The following issues have been resolved since JUNOS Release
9.2R1. The identifier following the description is the tracking number
in our bug database.
Platform and Infrastructure
- When you configure aggregated interfaces as core-facing
links, translational cross-connect (TCC) might not work properly.
[PR/267867: This issue has been resolved.]
- When you partition the hard drive after upgrading the
compact flash, the partition sizes in some cases received slightly
incorrect values as a result of bsdlabel behavior. This prevented
mirror-flash-on-disk from working properly. [PR/270154: This issue
has been resolved.]
- On MX-series Ethernet Services routers, if a label-switched
interface (LSI) is enabled for an xe member link that is
part of an aggregated Ethernet (ae) interface, the xe interface statistics are counted twice. [PR/274396: This issue has
been resolved.]
- When you issue the request system snapshot command
on Routing Engine RE-3 after upgrading to 1GB compact flash, it might
make a corrupt copy on the hard drive. [PR/291295: This issue has
been resolved.]
- In an environment with many active multicast routes and
one or more aggregated interfaces as downstream interfaces, when an
aggregated interface flaps or an FPC containing an aggregated interface
restarts, the kernel might restart unexpectedly. This issue is seen
in networks with greater than 1000 multicast routes. The chance of
kernel restarts increases as the number of multicast routes increases
or the number of downstream aggregated interfaces increases. [PR/292521:
This issue has been resolved.]
- When a Multilink Point-to-Point Protocol (MLPPP) link
is incorrectly added to a Multilink Frame Relay (MLFR) bundle, the
kernel resets unexpectedly. [PR/294885: This issue has been resolved.]
- An MPLS frame with an explicit NULL label designated for
the Routing Engine might be dropped by the Packet Forwarding Engine.
[PR/298967: This issue has been resolved.]
- When you configure an unnumbered interface to borrow from
a loopback or non-Ethernet interface and also configure unrestricted
proxy ARP on the unnumbered interface, the incoming proxy-ARP requests
are dropped. As a workaround, configure the unnumbered interface to
borrow from any Ethernet interface. [PR/301101: This issue has been
resolved.]
- On platforms with dual Routing Engines, the Routing Engines
might dump core during processing of a BGP UPDATE message with a NEXT_HOP
attribute that is a broadcast address of a local interface. [PR/302236:
This issue has been resolved.]
- When you configure Connectionless Network Service (CLNS)
on an lt interface, the source MAC address becomes corrupted.
[PR/304323: This issue has been resolved.]
- The maximum number of active security services flows on
a J-series Services Router for each platform and memory allotment
is as follows:
- J2320 router with 512 MB—20,000 flows
- J2320 router with 1 GB—45,000 flows
- J2350 router with 512 MB—30,000 flows
- J2350 router with 1 GB—50,000 flows
- J4300 router with 512 MB—20,000 flows
- J4300 router with 1 GB—45,000 flows
- J4350 router with 512 MB—40,000 flows
- J4350 router with 1 GB—60,000 flows
- J6300 router with 512 MB—20,000 flows
- J6300 router with 1 GB—45,000 flows
- J6350 router with 512 MB—40,000 flows
- J6350 router with 1 GB—65,000 flows
- J6350 router with 2 GB—75,000 flows
These are the system maximum values. If you configure max-flows for a service set, the other service sets share whatever
is left from the system maximum value. The sum of the max-flows values for individual service sets cannot exceed the global maximum
value. If the configured total exceeds this value, the max-flows value for the last configured service set is truncated and a warning
message is logged. [PR/305350: This issue has been resolved.]
User Interface and Configuration
- Under the following conditions, the commit operation might
fail with the syntax error “inactive: group group-name { ... }”: (a) you use the configure private command
to enter configuration mode, (b) a BGP group is deactivated, and (c)
you change another BGP group’s name. As a workaround, use the configure command to enter configuration mode. [PR/300917: This
issue has been resolved.]
- When you invoke a commit or commit check operation for a configuration that includes forwarding-table filters,
the firewall process (dfwd) might generate a core file and restart.
[PR/301806: This issue has been resolved.]
- Deactivating a configuration node via transient change
does not work when applied using a commit script from JUNOS Release
9.1 and later; it causes all the transient changes to be discarded.
The fix for PR 294131 made updates in the transient-change implementation
that broke some of the transient-change behaviors. This fix reverts
the updates made as part of PR 294131. A separate PR will handle updates
to the transient-change implementation. [PR/307352: This issue has
been resolved.]
Interfaces and Chassis
- If you configure a compression-device on an ATM
interface by mistake, the JUNOS kernel might dump core and restart.
[PR/265542: This issue has been resolved.]
- If you enable nonstop active routing (NSR) and perform
a commit synchronize when the backup Routing Engine is not
available, the system provides a warning message. To expedite protocol
synchronization, issue the restart routing command on the
backup Routing Engine when it comes up. [PR/277993: This issue has
been resolved.]
- When you repeatedly perform BGP nonstop active routing
(NSR) procedures, the routing protocol process (rpd) dumps core on
every third or fourth switchover. [PR/288783: This issue has been
resolved.]
- The commit operation does not fail when the configuration
includes the following invalid combination of statements: the address
specified by the source or destination statement
at the [edit interfaces gr-fpc/pic/port unit logical-unit-number tunnel] hierarchy level is the same as the interface’s
own subnet address (as specified by the address statement
at the [edit interfaces gr-fpc/pic/port unit logical-unit-number family family-name] hierarchy level).
[PR/299443: This issue has been resolved.]
- When you configure VRRP on a logical interface on an IQ2
PIC, the reported logical interface statistics are incorrect. The
problem is compounded if there is no transit traffic on the logical
interface, because additional bytes might be erroneously included.
[PR/303151: This issue has been resolved.]
- In a Protected System Domain with a large number of LSPs
configured (for example, 50,000), an FPC might generate a core file
when you issue the show pfe route mpls command repeatedly.
[PR/303349: This issue has been resolved.]
- When a change occurred in VRRP priority or tracking information,
it caused the state machine to reset. As a result, VRRP went through
an idle-backup-master transition. With the fix, the reset is avoided
and VRRP continues to be the master/backup. [PR/303701: This issue
has been resolved.]
- When you configure bandwidth management for a Protected
System Domain (you include the control-plane-bandwidth-percent statement at the [edit chassis system-domains protected-system-domain
psd number] hierarchy level), any FPC core
files that are generated might take up to 4 hours to completely transfer
onto the PSD. There are two workarounds, if you need to generate a
FPC core file within a 15-minute time frame, either one can be applied:
either remove the control-plane-bandwidth-percent statement
or set the control-plane-bandwidth-percent value to 96 percent
for the PSD that owns the particular FPC. [PR/304765: This issue has
been resolved.]
- When the links of an RLSQ bundle are not configured at
the remote site and a Routing Engine switchover is performed followed
by taking a primary or secondary LSQ PIC offline, the backup Routing
Engine might reset. [PR/306667: This issue has been resolved.]
- When you configure bridge options (under bridge domains)
for a specific trunk interface and the bridge domain is part of the
default virtual switch, the configuration does not work properly.
[PR/307000: This issue has been resolved.]
- When the vlan-id and vlan-tagging configuration
changes for a bridge domain, the multicast snooping process might
reset unexpectedly. This should not affect bridge functionality and
the snooping process should recover automatically. [PR/307322: This
issue has been resolved.]
Services Applications
- If Network Address Port Translation (NAPT) is configured
and multiple short-lived flows are established, ports on MS PICs might
not be assigned correctly. In some cases, this situation causes the
MS PIC to stop functioning. [PR/300553, 304088: This issue has been
resolved.]
Routing Protocols
- When you configure the stale-routes-time statement
at the [edit protocols bgp graceful-restart] hierarchy level
along with nonstop active routing (NSR), or in default mode (without
graceful restart or nonstop active routing configured at the [edit
routing-options] hierarchy level), it causes a commit error.
[PR/307034: This issue has been resolved.]
- When you enable nonstop-routing at the [edit
routing-options] hierarchy level and configure the router as
an AS boundary router or a route reflector for a VPN address family,
and the router has routing-instance configuration for locally attached
VPN sites, deactivating and then activating the routing-instance configuration
causes the VPN routes not to be imported into the routing-instance
(VRF) tables. [PR/307770: This issue has been resolved.]
- When BGP advertises static routes to unnumbered interfaces
by means of a policy, it causes the routing protocol process (rpd)
to reset unexpectedly. [PR/308465: This issue has been resolved.]
- When the length of the next-hop network address field
in MP_REACH_NLRI is incorrectly set, the JUNOS software mistakenly
sends error code 3, subcode 1 (Malformed Attribute List). The appropriate
error code is 3, subcode 9 (Optional attribute error). [PR/308628:
This issue has been resolved.]
MPLS Applications
- When you configure the traffic-engineering mpls-forwarding statement for a link-protected point-to-multipoint LSP, RSVP creates
two link-protection routes, which eventually causes the routing protocol
process (rpd) to dump core. [PR/303993: This issue has been resolved.]
- If two point-to-multipoint branch LSPs share the same
incoming interface, and one of them comes up after the other during
a remerge event at a transit router, the in-label for both LSPs is
marked “Discard,” as reported by the show route table
mpls.0 command. [PR/306312: This issue has been resolved.]
- When there is a direct and targeted LDP neighbor to the
same IP address and the neighbor is flapping, the routing process
might terminate abnormally under certain circumstances. [PR/308178:
This issue has been resolved.]
- If there is a single hop to an LDP neighbor and the source
address of the received LDP Link Hello address is the same as the
LDP Targeted Hello source address, when the LDP link neighbor and
target LDP neighbor go down and come back up in a certain sequence,
the Layer 2 circuit connection might remain inactive (reported as
VC-Dn in the S field of the entry for the neighbor in the output from
the show l2circuit connections command). To return the connection
to the active state, issue the clear ldp neighbor command.
[PR/312672: This issue has been resolved.]
VPNs
- A dynamic change to the provider tunnel type might cause
the routing protocol process (rpd) to generate a core file. [PR/305081:
This issue has been resolved.]
- In rare cases, changes to the encapsulation or MAC address
on a PE router’s CE-facing interface, followed by a nonstop
active routing (NSR) event, might disrupt Layer 2 circuit communications.
The show l2circuit connections command reports an MTU Mismatch
(MM) status for the Layer 2 circuit connection on the remote PE router.
To restore communications on the local PE router, deactivate and reactivate
the l2circuit configuration stanza at the [edit protocols] hierarchy level. To avoid the error, include the ignore-mtu-mismatch statement at the [edit protocols l2circuit local-switching interface interface-name] hierarchy level for every interface.
[PR/306453: This issue has been resolved.]
Class of Service
- On J-series Services Routers, MLPPP bundles with congested
member links on which fragmentation is active might interfere with
other bundles within the same system and trigger high latency or packet
drops. As a possible workaround, configure the shaping rate on the
bundle with fragmentation enabled to avoid flow control from the member
link. [PR/281985: This issue has been resolved.]
- When you delete CoS interface scheduler-map configurations,
the allocated IDs are not removed from the Packet Forwarding Engine.
As a result, when the new CoS interface configuration is applied,
a system log message shows no profile space available. [PR/292223:
This issue has been resolved.]
Forwarding and Sampling
- When you include the route-accounting statement
at the [edit forwarding-options family inet6] hierarchy level,
the sampling process (sampled) might generate a core file. [PR/291455:
This issue has been resolved.]
- Under some circumstances, when you add a prefix at the [edit policy-options prefix-list list-name] hierarchy level, the commit might fail with one of the following
error messages: “Check-out failed for Firewall daemon (/usr/sbin/dfwd)
without details” or “configuration check-out failed.”
[PR/305510: This issue has been resolved.]
- For Routing Engine based-sampling, 4-byte AS numbers were
not reported appropriately. [PR/310276: This issue has been resolved.]
9.2R1
The following issues have been resolved since JUNOS Release
9.1R2. The identifier following the description is the tracking number
in our bug database.
Software Installation and Upgrade
- On an M320 router, when you perform an in-service software
upgrade (ISSU), destination class accounting statistics might not
be restored properly. [PR/284647: This issue has been resolved.]
Platform and Infrastructure
- When graceful Routing Engine switchover (GRES) and multicast
are both configured on a router, the master Routing Engine kernel
might dump core because of inconsistencies between the multicast forwarding
database on the master Routing Engine and the multicast forwarding
database on the backup Routing Engine. [PR/100795]
- When you use aggregate bundles with FRR, packet loss occurs
for about 10 to 16 seconds when one of the member links fails. [PR/101295]
- If Layer 2 encapsulation is larger than 34 bytes, the
Packet Forwarding Engine might restart unexpectedly. [PR/240080]
- On an MX-series routing platform, a DPC with 10-Gigabit
Ethernet interfaces might report the same interface statistics on
all ports of the same PIC slot if the first interface has the family mpls statement configured. As a workaround, do not configure
the family interface on the first port of the PIC slot. [PR/262607]
- On M10i routers that have Channelized DS3 IQ PICs installed,
the Compact Forwarding Engine Board (CFEB) might generate a core file,
which interrupts FPC operation. [PR/283943: This issue has been resolved.]
- On a J-series router configured to capture packets, certain
conditions might trigger messages similar to the following: “Apr
7 15:00:07 lhotse fwdd[2911]: ipc_msg_write: IPC message type: 13,
subtype: 4 exceeds MTU, mtu 1550, length 1552.” These messages
indicate that some packets not have been captured as expected. There
is no impact on traffic passing though the router. [PR/285242: This
issue has been resolved.]
- Under certain circumstances, DHCP discover packets might
be leaked to all the configured VRFs. [PR/286139: This issue has
been resolved.]
Interfaces and Chassis
Services Applications
- When you commit a configuration that does not include
either the pre-shared-key statement or the local-certificate statement at the [edit security ike policy policy-name] hierarchy level, the key management process (kmd) generates
a core file. [PR/267957: This issue has been resolved.]
- In JUNOS Release 9.1, a license feature was introduced
for all customer edge (CE) platforms. As a result, on M120 routers
(a designated CE platform) whenever you configure L2TP sessions and
tunnels with RADIUS authentication, the following message might be
displayed:
- profile user1 {
- ##
- ## Warning: requires 'subscriber-authentication' license
- ##
- authentication-order radius;
- }
In the system log, the following message might appear:
“regress@turkey# Apr 1 16:13:22 turkey alarmd[4669]: Alarm
cleared: License color=YELLOW, class=CHASSIS, reason=Per Subscriber
Radius Authentication usage requires a license Apr 1 16:13:22 turkey
alarmd[4669]: LICENSE_EXPIRED: License for feature subscriber-authentication(31)
expired.” This has no effect on the generation of the L2TP tunnels
and sessions. [PR/277424: This issue has been resolved.]
Routing Protocols
- BGP traceoptions incorrectly reports Path Attribute flags
with the EXT bit always reset. [PR/51953: This issue has been resolved.]
- If more than 1000 communities are attached to a route,
the routing process (rpd) might become unresponsive. Removing the
communities and restarting the routing process might be necessary
to recover. [PR/77001: This issue has been resolved.]
- When routes are exported into OSPF and then OSPF is deactivated,
the routing protocol process (rpd) might generate a core file and
stop operating. [PR/232362: This issue has been resolved.]
- The show ospf route detail command output displays
optional-capability values for intra-area router routes only. [PR/273809:
This issue has been resolved.]
- In JUNOS Release 9.0 and later, the multicast snooping
process (snoopd) leaks memory even if it is not configured. As a workaround,
disable the process if it is not required. [PR/279378: This issue
has been resolved.]
- When PIM is used, certain multicast routing topologies
might cause delays in multicast route convergence. [PR/282109: This
issue has been resolved.]
- When you enable BGP multipath (by including the multipath statement at the [edit protocols bgp group group-name] hierarchy level) and route updates arrive from multipath and
nonmultipath peers in a certain order, load balancing across paths
might stop working correctly. [PR/288694: This issue has been resolved.]
- When BGP deletes a secondary route, the routing process
(rpd) might exit unexpectedly and dump core. [PR/290863: This issue
has been resolved.]
MPLS Applications
- When the target of the ping mpls rsvp command
is another vendor’s router, the value in the “Local transmit
time” field is a UNIX timestamp instead of an NTP timestamp,
as specified by RFC 4379. [PR/289535: This issue has been resolved.]
- Packet loss can occur following an RSVP auto-bandwidth
adjustment. [PR/289553: This issue has been resolved.]
VPNs
- When nonstop active routing (NSR) is enabled and you issue
the restart routing command on the master Routing Engine,
VPLS connections on the backup Routing Engine might not be re-established
quickly. To speed up the synchronization process, issue the restart
routing command on the backup Routing Engine. [PR/282095: This
issue has been resolved.]
- The delete routing-instances vpls protocols vpls mtu command does not reset the MTU to its default value. As a workaround,
deactivate and then reactivate the VPLS instance to set the MTU to
the default value of 1500. [PR/288026: This issue has been resolved.]
Network Management
[
Contents]
[
Prev]
[
Next]
[
Report an Error]
