Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Resolved Issues

 

This section lists the issues fixed in the Junos OS main release and the maintenance releases.

For the most complete and latest information about known Junos OS defects, use the Juniper online Junos Problem Report Search application.

Resolved Issues: Release 14.1R9

Forwarding and Sampling

  • On EX9200 switches, packets might be dropped if you change the ingress VLAN-based firewall filter without changing bind points. PR1209150

  • On EX9200 switches, if a firewall filter that has action tcp-reset is applied to an IRB interface, action tcp-reset does not work properly. PR1219953

  • During a chassis reboot and process restart, the mib2d client tries to connect to the statistics process. There are two connections established from mib2d to the statistics process. When a few MIB requests are in the queue for processing in both the connections, because of the nature of the two connections, there is a chance of a deadlock. The connection establishment of one connection is blocked by a processing request on another connection, which continues in a loop. This can cause two problems: 1. Walk on some OIDs (that is, 1.3.6.1.2.1.2 or 1.3.6.1.2.1.31) will not give results. 2. LLDP neighbor information will not be read. PR1221888

Hardware

  • On EX9200 platforms with MPC5E installed, in a high-temperature situation, the temperature thresholds for triggering the high temperature alarm and controlling fan speed are based on the FPC level. Any sensor values in the FPC that exceed the temperature threshold of the FPC trigger the actions associated with temperature thresholds. PR1199447

Interfaces and Chassis

  • On dual Routing Engine platforms, if interface changes occur on an aggregated Ethernet interface that result in marking ARP routes as down on the aggregated Ethernet interface (for example, bringing down one of the member links), because of an interface state pending operation issue on the backup Routing Engine, in a race condition, the backup Routing Engine might crash and reboot with error message panic:rnh_index_alloc: nhindex XXX could not be allocated err=X. PR1179732

  • On an EX9200-32XS, the VSC8248 firmware on the MPC crashes occasionally. PR1192914

Platform and Infrastructure

  • There was a timing issue between the Junos OS software and the I2C controllers on an MPC5E during a reboot. The software has been corrected to wait for I2C controllers to be ready before the software starts monitoring the voltage levels and current levels. PR1051902

  • A netconf syntax error is reported if the resync character is split in multiple streams. PR1161167

Routing Protocols

  • In a rare condition after a BGP session flaps, BGP updates might not be sent completely, resulting in BGP routes being shown in the advertising-protocol table on the local end but not shown in the receive-protocol table on the remote end. PR1231707

Security

  • A vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet destined to an EX Series Ethernet Switches to cause a slow memory leak. A malicious network-based packet flood of these crafted IPv6 NDP packets may eventually lead to resource exhaustion and a denial of service. PR1206593

Resolved Issues: Release 14.1R8

Platform and Chassis

  • On EX9200 switches, attempts by line cards to make unnecessary connections to the Routing Engine might generate continuous debugging-level log messages, which consume system resources. PR1113309

Resolved Issues: Release 14.1R7

Firewall Filters

  • On EX9200 switches, starting with Junos OS Release 14.1R1, 32k is the minimum value that you must configure for policer bandwidth limits. If you configure a policer bandwidth limit that is less than 32k, an error message is displayed. PR1109780

Infrastructure

  • On an EX Series switch acting as a DHCPv6 server, the server does not send a Reply packet after receiving a Confirm packet from the client; the behavior is not compliant with the RFC3315 standard. PR1025019

  • Upon BFD flapping on aggregate interfaces, the Lookup chip (XL) might send illegal packets to the center chip (XMCHIP) and compromise packet forwarding and an FPC restart is needed to recover from this condition. If Fabric path side is affected, the fabric healing process will initiate this process automatically to recover from such conditions. MPC6E/MPC5E/NG-MPC are exposed to this problem. Corrupted parcels from Lookup chip LU/XL to Center Chip (XM) can also compromise packet forwarding and report DRD parcel timeout errors. An additional parcel verification check is added to prevent sending corrupted parcels to the center chip (XM). For a possible workaround, contact JTAC for an op-script to change internal registers on MPC6E/MPC5E/NG-MPC cards. Restoration: MPC restart is needed to recover. PR1067234

  • Scheduler: Protect: Parity error for tick table single messages might appear on MPC3E/MPC4E/MPC5E/MPC6E/T4000-FPC5. PR1083959

Resolved Issues: Release 14.1R6

Dynamic Host Configuration Protocol (DHCP)

  • On EX9200 switches, the Dynamic Host Configuration Protocol (DHCP) relay feature, which enables the client interface and the server interface to be in separate virtual routing and forwarding (VRF) instances, does not work when the client interface has been configured as an integrated routing and bridging (IRB) interface. As a restoration workaround, configure the client interface by using flexible-vlan-tagging and vlan-id statements. PR1064889

  • On EX9200 switches, if DHCP relay is configured using the forward-only and forward-only-replies statements at the [edit forwarding-options dhcp-relay] hierarchy level, and the DHCP local server is also configured with the forward-snooped-clients statement at the [edit system services dhcp-local-server] hierarchy level, the configuration for forward-snooped-clients takes precedence over the configuration for forward-only and forward-only-replies. As a result, DHCP message exchange between VRFs might not work as expected. PR1077016

  • On EX9200 switches, if you configure DHCP relay with the DHCP server and the DHCP client in separate routing instances, unicast DHCP reply packets (for example, a “DHCP ACK” in response to a “DHCP RENEW”) might be dropped. PR1079980

Infrastructure

  • On EX Series switches, if you change the PIM mode from sparse to dense or dense to sparse, a pfem core file might be generated. PR1087730

Network Management and Monitoring

  • On EX9200 switches, if you configure an invalid SNMP source address, SNMP traps might not be sent even after you change the SNMP source address to a valid interface address. As a restoration workaround, restart the snmpd process. PR1099802

Platform and Infrastructure

  • On an EX9200-2C-8XS line card, when the flow-detection feature is enabled under the [edit system ddos-protection] hierarchy, if suspicious control flows are received, two issues might occur on the device:

    • The suspicious control flow might not be detected on the line card.

    • After suspicious control flows are detected, they might never time out, even if traffic flows no longer violate control parameters.

    PR1102997

Resolved Issues: Release 14.1R5

Authentication and Access Control

  • On EX9200 switches, the output for the ptopoConnRemotePort MIB might display an incorrect value for portIDMacAddr. PR1061073

  • On EX9200 switches, when clients are authenticated with dynamic VLAN assignment on an interface enabled with 802.1X authentication, disabling 802.1X authentication on the interface might cause the Layer 2 Address Learning daemon (l2ald) to generate a core file. PR1064491

Dynamic Host Configuration Protocol

  • On EX9200 switches, when the switch is configured as a DHCP relay agent with option 82, and the circuit ID is configured with the CLI statement use-interface-description with the device option, then the string of the option 82 field in the DHCP DISCOVER message that is forwarded to the DHCP server should include the switch name, physical interface name, and the VLAN name. Instead, the string contains integrated routing and bridging (IRB) information in place of the physical interface name. PR1037687

Firewall Filters

  • On EX9200 switches, after upgrading Junos OS to Release 14.1R1 or later, the configuration of ipv6-payload-protocol as a firewall filter match condition might cause the related filters to stop working. PR1066725

Interfaces and Chassis

  • On EX9200 switches, when the switch receives LACP control packets from an interface other than an aggregated Ethernet (ae) interface, it forwards the packets, causing LACP peer devices that receive the packets to reset LACP connections. This might cause continuous flaps on all aggregated Ethernet interfaces and multi-chassis aggregated Ethernet interfaces. PR1034917

  • On EX9200 switches, when an MC-LAG is configured with two devices, and an MC-AE interface is deleted and then recreated, broadcast and multicast traffic that is flooded might loop for several milliseconds. PR1082775

Layer 2 Features

  • On EX9200 switches, if MVRP is configured on an aggregated Ethernet (AE) interface, MVRP might become unstable when the CLI command no-attribute-length-in-pdu is configured. PR1053664

Platform and Infrastructure

  • On EX9200 switches, the show ethernet-switching table (vlan-name | display xml) CLI command does not have the vlan-name attribute in the l2ng-l2ald-rtb-macdb XML tag. PR955910

  • On EX9200 switches, if the disable-logging option is the only configured option under the [edit system ddos-protection global] hierarchy level, the kernel might generate a core file if this option is deleted. PR1014219

  • On EX9200 switches, recurring LMEM data errors might cause a chip wedge. PR1033660

  • On EX9200 switches, a process that fails multiple times in a short period of time might not generate a core file. PR1058192

Routing Protocols

  • On EX9200 switches on which virtual private LAN service (VPLS) is enabled and the interfaces on the CE belong to multiple FPCs, when the links between the PE device and the CE device flap, or when the administrator clears the VPLS MAC table, traffic might keep flooding in the VPLS routing instance for more than 2 seconds during the MAC learning phase. PR1031791

Software Installation and Upgrade

  • Due to a software defect in Junos OS Release 14.1R5.4, we strongly discourage the use of Release 14.1R5.4 on switches that contain EX9200-40T and EX9200-40F line cards. PR1108826

Virtual Private LAN Service (VPLS)

  • On EX9200 switches on which VPLS is configured, the label-switched interface (LSI) is not associated with the VLAN when the VPLS connection is in the UP state. As a result, the switch does not flood traffic to the LSI. PR1083561

  • On EX9200 switches, when you add a VLAN to an existing virtual switch routing instance for VPLS, the label-switched interface (LSI) is not associated with the added VLAN. PR1088541

Resolved Issues: Release 14.1R4

Dynamic Host Configuration Protocol

  • When the DHCP relay agent receives a DHCP DISCOVER packet from a client while the client already has a binding on the relay that is in BOUND state, the client state will change to TERMINATED a stale entry is created in the Session Database (SDB). As the number of such stale entries increases, the SDB memory size might be exhausted, preventing new DHCP clients from obtaining an IP address lease. PR1031605

  • On EX9200 switches, Dynamic Host Configuration Protocol (DHCP) relay functionality might stop working and DHCP will not form new bindings when the number of subscribers exceeds 1000. PR1033921

Interfaces and Chassis

  • On EX9200 switches, in an MC-LAG scenario, a MAC address might incorrectly point to an inter-chassis control link (ICL) after a MAC move from a single-home LAG to the MC-LAG. PR1034347

Platform and Infrastructure

  • On EX9200 switches, the restart chassis-control CLI command might cause loss of unicast traffic. PR1026125

  • On EX9200 switches, if the switch receives an ARP packet when the Forwarding Information Base (FIB) has exceeded the limit of 262144 routes, the kernel might generate a core file. PR1028714

Spanning Tree Protocols

  • On EX9200 switches running the VLAN Spanning Tree Protocol (VSTP), incoming BPDUs might not be included in the output of the show spanning-tree statistics interface command. PR847405

Resolved Issues: Release 14.1R3

Layer 2 Features

  • On EX Series switches, an Ethernet Switching daemon (eswd) memory leak might occur in the following two conditions:

    • If a VLAN acquires a VLAN index of 0 when the VLAN is deleted, but memory is not freed accordingly.

    • In a Multiple VLAN Registration Protocol (MVRP) scenario, when a VLAN map entry is deleted, but memory is not freed accordingly.

    PR956754

Interfaces and Chassis

  • On EX9200 switches, virtual private LAN service (VPLS) might not work as expected, causing traffic loss. PR993029

  • On EX9200 switches, in a BOOTP relay agent scenario, DHCPACK messages responding to DHCPINFORM messages might not be forwarded to the DHCP client if these ACK messages are sent from a DHCP server that is different from the DHCP server in the DHCP relay agent's binding table. PR994735

  • On an EX9200 switch, if the underlying Layer 2 interface of an IRB interface is changed from access mode to trunk mode and bidirectional traffic is sent from an interface on the same switch that has been changed from IRB over Layer 2 to Layer 3 mode, the Layer 3 traffic toward the IRB interface might be dropped and PPE thread timeout errors might be displayed. As a workaround, deactivate and then reactivate the Layer 2 trunk interface underlying the IRB interface where the traffic drop occurs. PR995845

  • On EX9200 switches that are configured in a multicast scenario with PIM enabled, an (S,G) discard route might stop programming if the switch receives resolve requests from an incorrect reverse-path-forwarding (RPF) interface. Once the issue occurs, the (S,G) state might not be updated when the switch receives multicast traffic from the correct RPF interfaces, and multicast traffic might be dropped. PR1011098

Platform and Infrastructure

  • On EX9200 switches, when apply-groups is used in the configuration, the expansion of interfaces <*> apply-groups is done against all interfaces during the configuration validation process, even if apply-groups is configured only under a specific interface stanza. This issue does not affect the configuration; if the configuration validation passes, apply-groups is expanded only on interfaces for which apply-groups is configured. PR967233

Routing Protocols

  • On an EX9200 switch with an IGMP configuration in which two receivers are joined to the same (S,G) and IGMP immediate-leave is configured, when one of the receivers sends a leave message for the (S,G), the other receiver might not receive traffic for one through two minutes. PR979936

Resolved Issues: Release 14.1R2

Interfaces and Chassis

  • On EX9200 switches, if you configure the interface alias feature, the feature might not work as expected and interfaces might go up and down after commit. PR981249

  • On EX9200 switches, the configuration statement mcae-mac-flush is not available in the CLI; it is missing from the [edit vlans] hierarchy level. PR984393

  • On EX9200 switches, when the native VLAN is configured on a LAG trunk interface, if the native VLAN is modified (for example, if the native VLAN ID is changed or if the native VLAN is disabled), a Packet Forwarding Engine thread timeout might occur, a chip error message such as fpc0 LUCHIP(1) PPE_5 Errors thread timeout error might be displayed, and traffic might be affected. PR993080

  • On EX9200 switches with multichassis link aggregation group (MC-LAG) interfaces configured, the Layer 2 address learning process (l2ald) might crash and a core file might be generated if you configure an MC-LAG interface with the mac-rewrite statement. PR997978

Platform and Infrastructure

  • On an EX9200 switch working as a DHCP server, when you delete an IRB interface or change the VLAN ID of a VLAN corresponding with an IRB interface, the DHCP process (jdhcpd) might create a core file after commit, because a stale interface entry in the jdhcpd database has been accessed. PR979565

  • On EX9200 switches, if you configure the interface alias feature, the feature might not work as expected and interfaces might go up and down after commit. PR981249

Routing Protocols

  • On EX9200 switches with IGMP snooping enabled on an IRB interface, some transit TCP packets might be incorrectly handled as IGMP packets, causing packets to be dropped. PR979671