Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 

Outstanding Issues in Junos OS Release 12.3X50 for the QFX Series

The following issues are outstanding in Junos OS Release 12.3X50. The identifier following the description is the tracking number in our bug database.

For the latest, most complete information about outstanding and resolved issues with the Junos OS software, see the Juniper Networks online software defect search application at http://www.juniper.net/prsearch .

Ethernet Switching

  • On a QFX3500 switch, when you configure Q-in-Q tunneling on an interface, persistent MAC learning does not happen. The MAC entries are learned as dynamic entries. [PR/720380]

Hardware

  • On a QFX3500 switch, the QSFP+ module might not be recognized by the switch. This happens only when you insert the QSFP+ module and does not happen during operation. As a workaround, remove and reinsert the QSFP+ module. [PR/793124]

Interfaces and Chassis

  • On a QFX3500 switch, if you enable extended mode (to enable port xe-0/1/0) and you also configure a large number of BFD sessions, the sfid process CPU usage might be higher than expected. [PR/896939]
  • On a QFX3500 switch, if you move the aggregated Ethernet interfaces from one routing instance to another, it is possible that one or more of the link aggregation groups might be declared down even though all of the member interfaces are up. As a workaround, disable and enable each member link of the affected LAG to bring the LAG to the up state. [PR/612277]
  • On a QFX3500 switch, configuring the traceoptions statement at the [edit forwarding-options helpers] hierarchy level has no effect. As a workaround, configure the traceoptions statement with the level all and flag all options at the [edit system services dhcp] hierarchy level. [PR/716981]
  • On a QFX3500 switch, if you enable the flag option for PIM trace options, the trace options log might display the wrong source IP address for outgoing register messages. [PR/735035]
  • On a QFX3500 switch, the show iccp operational command output shows the registered client daemons even if no Interchassis Control Protocol (ICCP) peer is configured. The show iccp operational command always shows registered modules regardless of whether or not ICCP peers are configured. [PR/741964]
  • On a QFX3500 switch with a multichassis link aggregation group (MC-LAG), the ICCP connection is not established if you add an authentication key and then delete it only at the global ICCP level. Authentication works correctly at the ICCP peer level. To work around the problem, delete the ICCP configuration and then add it again. [PR/745522]
  • On a QFX3500 switch, if you enable backup liveness detection for a multichassis LAG by including the iccp peer peer-ip-address backup-liveness-detection backup-peer-ip ip-address at the [edit protocols] hierarchy level, and if the backup liveness packets are lost because of a temporary failure on the link, then both of the Node devices in the multichassis LAG remain active. If this happens, both of the Node devices send packets to the connected server. [PR/748755]
  • On a QFX3600 standalone switch, if you have a firewall filter with a term having both the count and analyzer action modifiers, the value of the counter associated with the term is reset to 0 when you modify the configuration for the analyzer. [PR/797094]
  • On a QFX3500 switch, if the following events happen in this order—ICCP goes down, and the multichassis agreggated Ethernet (MC-AE) interface on the active node goes down—a double failover occurs. In this scenario, the standby node does not detect what happens on the active node, proceeds as if the active node were up, and blocks the interchassis link (ICL) traffic. The ICL traffic is not forwarded. [PR/797950]
  • When a monitored xle (40-Gigabit Ethernet) interface on a QFX3500 switch fails, other interfaces also fail. [PR/807009]
  • On a QFX3500 switch, some MAC addresses might not be replicated on MC-LAG peers. To work around this problem, clear the MAC table. [PR/813138]
  • On a QFX3500 switch with an MC-LAG configured for Layer 2, if the interchassis control link (ICL) interface fails and recovers, multicast traffic is flooded to all of the ports in the VLAN. The PFE flag Ip4McastFloodMode for the VLAN is changed to MCAST_FLOOD_ALL. [PR/814106]
  • On a QFX3500 switch with an MC-LAG, if ICCP fails, the status of remote MC-AE peers is unknown. Even if a peer is configured as standby, traffic is not redirected to this peer because it is assumed that this peer is down. This behavior is not seen on an active peer. [PR/816488]
  • On a QFX3500 switch, when an MC-AE (multichassis aggregated Ethernet) interface is converted to an AE (aggregated Ethernet) interface, it retains some MC-AE properties, which causes the interface to fail. To work around the problem, restart LACP (Link Aggregation Control Protocol). [PR/817325]
  • On a QFX3600 switch, using the vlan-range statement when you create VLAN members does not work on 40-Gigabit Ethernet (xle) interfaces. [PR/821542]
  • On a QFX3500 switch with MC-AE MAC synchronization enabled, an MC-LAG peer can resolve ARP entries for an MC-LAG RVI with either of the MC-LAG peer MACs. If the downstream traffic is sent with one MAC address (MAC1) but the peer has resolved the MAC address with a different MAC address (MAC2), there is a possibility that MAC2 might not be learned by any of the access layer switches. This can result in flooding of the upstream traffic for MAC2. To work around this problem, make sure that the downstream traffic is sent from both MC-LAG peers periodically. This prevents the MAC addresses from aging out. [PR/822855]

Layer 2 Features

  • On a QFX3500 switch, port mirroring does not work with 802.1Q subinterfaces that have unit numbers other than 0. (You configure 802.1Q subinterfaces using the vlan-tagging statement.) [PR/701498]
  • On a QFX3500 switch, MAC table entries might not age out properly if the MAC address is assigned to a private VLAN. To work around this issue, you can restart the Ethernet switching process (eswd) to flush out all of the stale MAC entries. [PR/707487]
  • On a QFX3500 switch, a port mirroring analyzer configured to match on ingress packets in a VLAN does not match protocol data units (PDUs) for Layer 2 protocols (for example, STP or LACP). These Layer 2 Control PDUs are not mirrored to the output interface or to the VLAN configured in the analyzer. [PR/725710]
  • On a QFX3500 switch, if you enable Layer 2 protocol tunneling and there are a large number of VLANs configured, the show ethernet-switching layer2-protocol-tunneling statistics command might not work. In this case, Layer 2 tunneling works properly, but the CLI command does not display any output. [PR/739027]
  • On a QFX3500 switch, if you include the no-path-mtu-discovery statement at the [edit system internet-options] hierarchy level, the switch retains path MTU discovery instead of disabling the feature. [PR/826599]
  • On a QFX3500 or QFX3600 switch, if you configure a private VLAN on a multichassis link aggregation interface, MAC addresses learned on the interface are also learned by the private secondary VLANs. If you later delete the private VLAN (including its secondary VLANs), the Ethernet switching table still includes entries for learned MAC addresses on the secondary VLANs. [PR/835472]

Layer 3 Features

  • The show isis route inet6 operational command is not available on a QFX3500 switch even though IPv6 is supported on the switch. [PR/820139]
  • The show route protocol ospf3 operational command is not available on a QFX3500 switch even though the OSPFv3 protocol is supported on the switch. [PR/820151]
  • On a QFX3500 switch, if you enable per-packet load balancing in an IPv6 network by including the load-balance per-packet statement at the [edit policy-options policy-statement policy-statement-name then] hierarchy level, load balancing might not work, and traffic might flow only over a single link. [PR/820915]
  • On a QFX3500 switch, no ICMP redirects are sent for IPv6 packets when the incoming and outgoing interface are the same and the source address and the next hop are in the same subnet. However, the original packets are correctly forwarded to the outgoing interface. [PR/825173]
  • If you configure two QFX3500 switches in a VRRP group to have the same VRRP priority, VRRP might not correctly use their IP addresses to decide which switch is the master for the group, which can result in both devices being the master. If there is a second VRRP group configured on the two switches, one switch might be the master for both groups. [PR/827557]
  • On a QFX3500 switch, an EBGP session may not be established if it is configured with an IPv6 address that matches the pattern xx00:x::x/x. For example, an EBGP session with the IPv6 address 2200:1::1/120 might not come up. To prevent this problem, set the BGP multihop TTL value to be greater than 1 by configuring the ttl x statement at the [edit protocols bgp multihop] hierarchy level on the BGP peers that use an address that matches this pattern. You can also prevent the problem by using IPv6 addresses that do not match this pattern. [PR/830126]
  • On a QFX3500 switch, if you include the fast-interval statement at the [edit interfaces interface-name unit logical-unit-number family inet address ip-address vrrp-group group-number] hierarchy level, VRRP advertisement frames might not be sent. [PR/832208]
  • On a QFX3500 switch, the output of the show vrrp extensive command might display the VRRP advertisement packets field with a value of zero even when packets are being advertised. [PR/834289]

Multicast Features

  • On a QFX3500 switch with a large number of VLANs configured (thousands of VLANs), if you enable or disable IGMP snooping on the VLANs, the system may take several minutes to implement the change. [PR/722774]
  • If you configure multiple QFX3500 switches in a Layer 2 network to be IGMP queriers, the switch with the greater (higher) IGMP querier source address is the querier for the network. If you change the source address on the other switch so that it has the greater address, it should become the querier, but this does not occur. [PR/836699]

Network Management and Monitoring

  • On QFX3500 switches, ingress and egress sFlow technology sampling can be enabled only on interfaces that are configured with the logical unit 0. sFlow technology sampling does not work on 802.1Q subinterfaces with a nonzero logical unit number. [PR/693879]
  • On a QFX3500 switch, the SSH connection limit set for a routing instance does not take effect. Instead, the global SSH connection limit is enforced. There is no workaround. [PR/828542]
  • On a QFX3500 switch, if you configure remote port mirroring so that packets are mirrored on egress from an interface that is a member of a VLAN and you also configure an IP address as the output, the GRE encapsulated mirrored packet does not have the correct VLAN tag when it is sent to the analyzer device. [PR/832247]

Routing Protocols

  • On a QFX3500 switch, issuing the restart routing immediate operational command causes temporary traffic loss, as follows:

    1. Traffic loss occurs while the routing process restarts.
    2. Traffic is recovered.
    3. Traffic is lost again for a brief period.

    [PR/708864]

  • On a QFX3500 switch, the output of the show msdp brief command might display incorrect values for the SA count field. [PR/732115]
  • On a QFX3500 switch, if you configure a firewall filter with more than 128 policers and attempt to apply the filter to a Layer 3 interface in the output direction, the commit operation fails, and the filter is not created. [PR/745327]

Security

  • On a QFX3500 switch, if you configure a two-color policer with a burst size limit of less than 1 megabyte, the policer might not police traffic to the specified bandwidth limit. [PR/814055]
  • On a QFX3500 switch, if you configure dynamic ARP inspection (DAI), valid ARP packets might be blocked and 40-Gigabit Ethernet (xle) interfaces might not receive these ARP packets. [PR/827819]
  • On a QFX3500 switch, the ttl and hop-count statements at the [edit firewall family inet6 filter filter-name term term-name from] hierarchy level might be missing in the context-sensitive help for this configuration level. [PR/830133]
  • On a QFX3500 switch, a problem can occur if you configure three firewall filters and the following is true for each filter:
    • Each filter has 255 terms.
    • The first 128 terms in each filter include a three-color-policer statement.

    In this situation, the third filter might not be installed by the system.

    To prevent this problem, change the order of the terms in the third filter so that the terms without a three-color-policer statement are configured before the terms that have a three-color-policer statement. If this does not correct the problem, make the same change to the first two filters. [PR/838135]

Storage

  • On a QFX3500 switch, the message Load Rebalance is In-Progress is displayed after you execute the request fibre-channel proxy load-rebalance fabric fabric name operational command, even if the load does not need to be rebalanced. [PR/830302]

User Interface and Configuration

  • On a QFX3500 switch, you can use the vlans vlan-name interface interface-name mapping-range statement to map a range of customer VLANs to a range of service VLANs instead of using multiple vlans vlan-name interface interface-name mapping (push | swap) statements to configure Q-in-Q tunneling or VLAN translation on a per-VLAN basis. If you enter the first statement and configure a range in which the first value is larger than the second value (which is unsupported), you see an error message that does not clearly describe the problem. [PR/728938]
  • On a QFX3500 switch, the log messages of IP addresses assigned by the DHCP server are not displayed unless the level flag is set in the traceoptions file. [PR/729571]
  • On QFX3500 switches, although the igmp-snooping statement at the [edit routing-instances instance-name protocols] hierarchy level is visible, it is not supported. When you configure IGMP snooping in a routing instance, the configuration does not work. [PR/729629]
  • On the QFX Series, if you configure an interface range and make the range a member of a VLAN, a problem occurs if you later remove an interface from the range. In this situation, the interface that you remove from the range is not removed from the VLAN. [PR/780290]

Related Documentation

Modified: 2015-04-10