Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 

Resolved Issues

This section lists the issues fixed in Junos OS Release 15.1X53 for QFX10000 switches.

For the most complete and latest information about known Junos OS defects, use the Juniper online Junos Problem Report Search application.

Resolved Issues: Release 15.1X53-D64

High Availability (HA) and Resiliency

  • The VRRP virtual address might be lost on the VRRP backup when a new logical-interface VRRP group is added or a VRRP group for a logical interface is reconfigured. PR1255978

Interfaces and Chassis

  • expr_nh_fwd_create_arp_ndp_egress_descr(),1237:nh 131650 type Compst, failed to create L2 descr failure log message; no impact on traffic or performance. PR1221831
  • During a firewall script run, a switchover is performed. The new master takes ownership and stays up, but the old master goes to db>. PR1222582
  • On QFX10000, IPv4 traffic drops when a member interface of a LAG is changed. PR1270011

Layer 2 Features

  • On QFX10000, an IPv6 double-tagged frame does not pass through the switch if the service-provider configuration style has been used. PR1254492

Network Management and Monitoring

  • The eventd process stops sending syslog messages to a configured syslog server. PR1246712
  • QFX10002 is not sending syslog messages. PR1259603

Port Security

  • Storm control might not be programmed correctly in the Packet Forwarding Engine if it is applied with a port-speed configuration in a single commit. PR1255562

Routing Protocols


  • A BGP export policy with from protocol might cause issue on a 64-bit rpd. PR1206511
  • BGP routes might be seen in the advertising-protocol table on the local end but not be seen in the receive-protocol table on the remote end. PR1231707

Security


  • NTP.org and FreeBSD have published security advisories for vulnerabilities resolved in ntpd (NTP daemon). Server-side vulnerabilities are only exploitable on systems where NTP server is enabled within the [edit system ntp] hierarchy level. A summary of the vulnerabilities that may impact Junos OS is in JSA10776. Refer to JSA10776 for more information. PR1159544, PR1234119
  • Incorrect signedness comparison in the ioctl(2) handler allows a malicious local user to overwrite a portion of the kernel memory. Refer to JSA10784 for more information, https://kb.juniper.net/JSA10784. PR1184592
  • When an IPv6 node receives an ICMPv6 PTB (Packet Too Big) message with MTU < 1280, the node will emit atomic fragments. This behavior might result in denial of service attack. And please refer to JSA10780 for more information. PR1250832

VXLAN

  • QFX100002 generated an L2ALD core file for an unknown reason at l2ald_mac_process_update_fwd_entry_mask , l2ald_mclag_update_change_for_learn_mask , logging , vlogging , vlogging_event. PR1264432

Resolved Issues: Release 15.1X53-D63

Authentication and Access Control

  • On QFX Series switches, SSH authentication may fail due to improper file ownership. PR1142992
  • In instances when an SSH-key is longer than 256 characters, the router can go into amnesiac mode and any login is denied. For example, if the authentication ssh-dsa value (the DSA public key) is configured at the [edit system login user username] hierarchy is longer than 256 characters, the router login may be denied. To avoid this problem, configure keys under 256 characters in length and disable the persist-groups-inheritance statement at the [edit system commit] if you have configured it to improve commit time performance. PR1169516

High Availability (HA) and Resiliency

  • When nonstop routing (NSR) is configured in a group, and that group applied to routing-options, NSR sometimes fails. To prevent NSR failure, configure the nonstop-routing statement directly at the [edit routing-instances routing-instance-name routing-options] hierarchy. PR1168818
  • On QFX10000 switches, when nonstop active routing (NSR) is configured with a Label Distribution Protocol (LDP) export policy or an L2 smart policy, the routing protocol process (rpd) on the backup RE may crash when LDP tries to delete a filtered label binding. To avoid this issue, remove the LDP export policy or the l2-smart-policy statement at the [edit protocols ldp] hierarchy level or [edit routing-instances routing-instance-name protocols ldp] hierarchy level. PR1211194
  • On QFX10000 switches operating with Layer 3 VPN and configured to allow chained composite next hops for devices handling ingress or transit traffic in the network, packets may not be forwarded after they pass through the generic routing encapsulation (GRE) tunnel. This issue is observed on routers operating with Layer 3 VPN that also include the statement chained-composite-next-hop ingress at the [edit routing-options forwarding-table] hierarchy level. When configured in this manner, the Packet Forwarding Engine cannot push VPN labels for packets. As a result, packets arriving at the next-hop destination cannot be forwarded. PR1215382

Interfaces and Chassis

  • In MC-LAG environments on QFX10000 switches, partial packet loss may occur due to a delay in the Address Resolution Protocol (ARP)/Neighbor Discovery (ND) state being synchronized between MC-LAG peers. This issue has been observed between two routers (Router A and Router B). During Graceful Routing Engine switchover (GRES)/In-Service Software Upgrade (ISSU) on Router A, if an ARP entry ages out for hosts/servers on Router B, Router B re-arps to Router A. A possible reply may be received, but during the GRES/ISSU window, this state is not synchronized. Inter-Chassis Control Protocol (ICCP) is used to exchange control information between the MC-LAG peers, and ICCP is not operating during the GRES switchover. The ARP request is not resolved until Router A is fully rebooted. During this switchover window, packet loss may occur. To minimize the occurrence of this issue, increase the ARP timeout for the system-wide ARP aging timer, include the statement aging-timer minutes at the [edit system arp] hierarchy level. PR1079736
  • On QFX10000 switches, the show interfaces interface-name extensive output does not display the Physical Coding Sublayer (PCS) statistics. PR1211160
  • On QFX10008 and QFX10016 switches, an error message such as expr_cos_rw_nh_qix_get @ 150: Unable to get chip num for ill:994 on mc-ae status-control active node might be displayed after an ARP request is sent. These messages are only for information and have no functional impact on the operation of the switches. PR1228080
  • On QFX10000 switches, removal or insertion of a transceiver for a LAG member when the LAG bundle is configured as a member of thousands of VLANs (for example, 4093 VLANs for the ICL in this PR) might cause high CPU utilization in the Packet Forwarding Engine for a few seconds, preventing critical protocols from running in a timely manner and causing timeouts for BFD sessions, LACP, and so on. Such timeouts might lead to ICL or ICCP flaps and ARP flushes in the MC-LAG topology. As a workaround, avoid unplanned removals or insertions of transceivers for LAG members. If the transceiver removal or insertion is necessary, remove the corresponding interface from the LAG bundle by using CLI configuration commands before you remove or insert transceivers. PR1229547
  • On QFX10000 switches configured with MC-LAG, Cisco Discovery Protocol (CDP) packets with destination address 01:00:0c:cc:cc:cc loop. To resolve this issue, place a firewall filter on the interchassis link (ICL) of both peers to discard these packets. PR1237227

MPLS

  • RSVP local revertive mode is supported by default on all Juniper Networks routers running Junos OS. In instances when global revertive mode is configured to override the default RSVP local revertive mode by including the no-local-reversion statement at the [edit protocols rsvp] hierarchy, it is observed that sometimes during link failure, a link-protected route is associated indefinitely with the bypass label-switched path (LSP). This occurs when an interface is brought down on which the packet state block (PSB or new path) is established before the RSVP PSB switchover. This is a timing issue. PR1091774
  • On QFX10000 switches, when changing the routing-options forwarding-table chained-composite-next-hop configuration while there are active MPLS LSPs, an LSP traffic loss may be observed afterwards. PR1243088
  • On QFX10000 switches running in a virtual routing and forwarding (VRF) environment and configured for Dynamic Host Configuration Protocol (DHCP) Relay, DHCP offer packets (with an MPLS header) are dropped on the ingress MPLS interface. PR1243936

Multicast Protocols

  • For devices populated with a master and backup routing engines (RE) and configured for nonstop active routing (NSR) and Protocol Independent Multicast (PIM) configuration, the routing protocol process (RPD) may crash on the backup RE due to a memory leak. This leak occurs when the backup RE handling mirror updates about PIM received from the master RE deletes information about a PIM session from its database. But due to a software defect, a leak of 2 memory blocks (8 or 16 bytes) may occur for every PIM leave. If the memory is exhausted, the rpd may crash on the backup RE. There is no impact seen on the master RE when the rpd crashes on the backup RE. Use the show system processes extensive command to check the memory. PR1155778

Platforms and Chassis

  • On QFX10000 switches, the routing protocol process (rpd) may eventually become exhausted and crash when Layer 2 Circuit, Layer 2 VPN, or virtual private LAN service (VPLS) configurations are committed. These commit activities may create a small memory leak of 84 bytes in the rpd. If the rpd memory is exhausted, recovery can be accomplished by retarting rpd. If nonstop routing (NSR) is configured, the master Routing Engine can be switched over to the standby Routing Engine, causing the master rpd to exit and restart and free the leaked memory. PR1220363
  • When ICMP traffic is directed towards a local interface on a QFX10000 switch, high latency and jitter may be observed. While this issue is not service impacting, it can indicate an incorrect performance metric when troubleshooting traffic concerns. PR1221053
  • On QFX10000 switches, the routing protocol process (rpd) sometimes is interrupted and halted when it tries to free a session reference block. This can occur when the memory redzone check fails when attempting to free reference memory block. The fail is caused when the redzone check receives an address that is not the beginning of a memory block. PR1232742
  • On QFX10002 switches, when you plug in a USB, FRU insertion messages such as RE0 & ?CAMGETPASSTHRU ioctl failed cam_lookup_pass: Inappropriate ioctl for device? might be displayed. These are harmless messages and will not be displayed after you have removed the USB. PR1233037
  • On QFX10000 switches, a power entry module (PEM) may be wrongly detected as offline, repeatedly triggering an SNMP trap. Shortly after the SNMP traps are generated, the PEM is detected as being online again. PR1233537
  • On QFX10000 switches, the routing protocol process (rpd) sometimes crashes and produces a core-dump. This issue is observed when there is a full internet feed and a BGP peer goes down. PR1250978

Routing Protocols

  • When a BGP speaker (router) has multiple peers configured in a BGP group, there is sometimes an inaccurate count of prefixes. This occurs when the BGP speaker receives a route from a peer and re-advertises the route to another peer within the same group. In such instances, the MIB object jnxBgpM2PrefixOutPrefixes for peers in the same group reports the total number of advertised prefixes in the group. MIB value jnxBgpM2PrefixOutPrefixes is defined as being used on a per-peer basis. However, it is instead being used to report prefixes on a per-group basis. To display an accurate number of advertised prefixes, use the show bgp neighbor command. PR1116382
  • On QFX10002 switches, if the MAC age timer is set to a value greater than that of the ARP age timer, after the ARP ages out, MAC and MAC+IP is advertised by all ESI peers regardless of which device learns ARP locally. As a workaround, set the MAC age timer to a value less than that of the ARP age timer. PR1238718

Software-Defined Networking (SDN)

  • On QFX Series switches with Virtual Ethernet VPN (EVPN) deployed, the routing protocol process (rpd) may crash if the following commands are executed:
    • show evpn database neighbor neighbor-name vlan-id vlan-id mac-address address
    • show evpn database vlan-id vlan-id mac-address address
    • show evpn database vlan-id vlan-id mac-address address instance instance-name

    PR1119301

Software Installation and Upgrade

  • In some rare instances on QFX10002 switches, no network ports are detected following a software upgrade and the subsequent reboot sequence. The switch can experience this state due to a hardware failure or CPU memory issue that triggers an Inter-integrated Circuit (I2C) transaction failure. If it is not a hardware failure, rebooting the switch clears the issue. If it is a hardware failure, rebooting the switch will not provide recovery and a Return Material Authorization (RMA) for the affected part must be made. PR1247753

Resolved Issues: Release 15.1X53-D62

Interfaces and Chassis

  • On QFX10000 switches, the kernel might fail to allocate IFBD tokens, with the error message IFBD hw token couldn't be allocated for <interface>, even though there are enough IFBD tokens, and thus you might be unable to assign some VLANs to the related interfaces. PR1216464
  • On a QFX10002 switch, 40 Gigabit Ethernet ports can take up to 4 seconds to link when using JNP-QSFP-40G-LR4 optical transceivers. PR1219336
  • On QFX10000 switches, on aggregated Ethernet interfaces with adaptive load balancing enabled, frequent link flaps might result in zero active members in the LAG bundle, causing memory leaks and eventually causing an FPC crash. The FPC restarts automatically after the crash. PR1236046

Network Management and Monitoring

  • On QFX10000 switches, IPv6 MIB statistics for jnxIpv6IfInOctets and jnxIpv6IfOutOctets for an aggregated Ethernet (AE) bundle show double the count that is shown in CLI output. PR1230923

Resolved Issues: Release 15.1X53-D61

Interfaces and Chassis

  • On QFX10000 switches, in a multichassis link-aggregation group (MC-LAG) configuration, the all option at the [edit protocols igmp-snooping vlan] hierarchy level does not work. As a workaround, enable IGMP snooping on a per-VLAN basis on each of the MC-LAG peers. PR1180494
  • On QFX10000 switches, traffic might drop on an aggregated Ethernet interface in the following scenario:

    Topology:

    • The AE has two child members connected to the same PFE.
    • The child port numbers should be < 32.

    Trigger and symptoms: When an AE member is removed by a physical OIR of a transceiver or by deactivating the member port configuration, traffic is lost in the AE interface. The problem does not happen if the AE members are spread across multiple PFEs or across FPCs. As a workaround, disable the AE interface and then reenable it.

    PR1210220

MPLS

  • On QFX10000 switches, when MPLS automatic bandwidth allocation is configured for an LSP, disabling the configuration might generate an RPD core file. PR1152449

Routing Protocols

  • On QFX10000 switches, VRRPv2 for IPv4 is not working correctly. A router with a physical interface with the highest IPv4 address preempts mastership even in case of a priority tie. The feature works correctly for IPv6 address families. PR1204969
  • On QFX10000 switches, whenever a host moves from one leaf switch to another leaf switch, the ARP entry for that host is not updated in the remote leaf switch or switches. As a workaround, restart the l2ald process. PR1210195
  • With an EVPN-VXLAN configuration, QFX10000 switches do not forward DHCP relay packets from remote VTEPs. PR1209499

Software-Defined Networking (SDN)

  • On QFX10000 switches, during an upgrade to Junos OS Release 15.1X53-D60, OVSDB-based MAC learning might fail and traffic loss might occur. The output from the show ovsdb commit failures CLI command might show commit failures. PR1207165

Resolved Issues: Release 15.1X53-D32

Interfaces and Chassis

  • If you commit a huge configuration on a QFX10000 switch, in rare cases some ports are not activated. PR1160220
  • On a QFX10008 switch, a 100-Gigabit optical interface might not activate if the interface is disabled and enabled several times. PR1160236
  • On a QFX10002 switch, the major alarm LED may light even though there are no alarms. PR1160248

Network Management and Monitoring

  • On QFX10000 switches, when sFlow is configured and traffic is routed out of a link aggregation interface, the SNMP index of the output port might not be displayed, which means that the traffic flows cannot be monitored. PR1161197

Related Documentation

Modified: 2017-06-26