Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Resolved Issues

 

This section lists the issues fixed in the Junos OS main release and the maintenance releases.

For the most complete and latest information about known Junos OS defects, use the Juniper online Junos Problem Report Search application.

Resolved Issues: Release 15.1R7

EVPN

  • On QFX5100 switches with EVPN-VXLAN deployed, the VLAN flood index might not be programmed correctly on the Packet Forwarding Engine. As a result, ARP requests to the virtual gateway are dropped, and traffic forwarding is affected. PR1293163

  • Removing the force-up configuration statement on an active link can cause programming issues on the QFX5100. Traffic returning from the destination is not forwarded on an egress interface of the QFX5100. PR1264650

Forwarding and Sampling

  • The following error message is displayed in the system log: SNMP_EVLIB_FAILURE: PFED ran out of transfer credits with PFE.Failed to get stats. ifl index:. PR1270686

Interfaces and Chassis

  • You might be unable to commit your configuration if you modify the subnet of an IP address on an IRB interface by using the replace pattern command. PR1119713

  • On QFX3500, QFX3600, and QFX5100 switches with an MC-LAG configuration, if ARPs are resolved across VRF instances by route leaking, traffic might be dropped in scaling ARP entries. PR1241297

  • On QFX5100 Virtual Chassis, IGMP general query packets are sent back on the received interface, breaking the unicast connectivity. PR1262723

  • The output of show interface might incorrectly show interfaces as Link-mode: Auto and Speed: Auto even though a speed and duplex setting is manually configured on the interface. This issue is cosmetic in nature as the interface is indeed operating at the manually configured speed and duplex setting. PR1260986

  • Due to some register values at PHY for tuning the cable is not optimal, the interface might experience continuous flapping. PR1273861

  • Multicast Listener Discovery (MLD) messages are seen continuously on a QFX5100 if the management ports are connected through a network. The QFX5100 causes these messages because the eth0 interface generates MLD query packets every 125 seconds. On the QFX5100, there is bridging between the em0 and eth0 interfaces. The MLD packet is generated from the em0 interface with the chassis MAC address (eth0 uses the chassis MAC address). PR1277618

  • On a QFX5100-48T switch with an AE interface configured, if there is a speed setting of 1 gigabit on an AE member xe- interface, AE link might flap every time the configuration is changed, regardless of which configuration is changed. PR1284495

  • On QFX5100 switches, the 40-gigabit interface might not come up if a specific vendor-supplied direct attach copper (DAC) cable is used. PR1296011

  • On two QFX5100 switches with a connecting LAG, traffic might be forwarded over LACP-enabled aggregated Ethernet member interfaces that are detached from the aggregated Ethernet bundle as a result of deactivation of the ether-options hierarchy on the physical ports of both switches followed by its reactivation on only one of the switches. PR1302103

  • On QFX5100, QFX3500, and QFX3600 platforms, traffic loss might occur if traffic is sent through the 40-gigabit interface that is connected with peers through DWDM, and the CRC errors of the interface might also keep on increasing after the interface on the QFX side flaps. PR1309613

  • On QFX5100 platforms, transit traffic over GRE tunnels might hit the CPU and trigger a DDoS violation on L3NHOP if a specific route for the GRE tunnel destination IP is deleted. PR1315773

  • On QFX Series platforms, all the Internet Control Message Protocol (ICMP) requests that are sending to the integrated routing and bridging (IRB) interface might be dropped for 4–60 seconds if an IRB interface is configured as a gateway in a failover scenario for Virtual Chassis. PR1319146

  • The interfaces with SFP-T transceivers are detected by RSTP as LAN interface type instead of point to point. PR1341640

Layer 2 Features

  • On QFX3500, QFX3600, and QFX5100 switches, if RTG and xSTP are configured on the same VLAN, RTG interfaces might go to a blocked state and packets cannot be forwarded as expected over the RTG interfaces. PR1230750

  • On QFX5100 switches, if the reject action is configured on the last term of a filter and the filter is applied on the lo0 (loopback) interface, then a MAC address learning flap might occur when IGMP/DHCP packets are received. PR1245210

  • On QFX5100 switches, if you configure a Layer 3 interface with vlan-tags outer 0x9100.xx, then packets are dropped on this interface. PR1267178

  • On QFX5100 platforms, ARP entries might be learned on STP blocking ports if GARP reply packets or broadcast ARP reply packets are received on spanning-tree blocking ports. As a result, traffic loss might be seen. PR1324245

  • On Enhanced Layer 2 Software (ELS) platforms, a VLAN or VLAN bridge might not be added or deleted if there is an IFBD HW token limit exhaustion. PR1325217

MPLS

  • If you change the routing-options forwarding-table chained-composite-next-hop configuration while there are active MPLS LSPs, an LSP traffic loss might occur afterwards. PR1243088

  • On QFX5100 switches, unified ISSU is not supported with MPLS configuration. PR1264786

  • On QFX3500, QFX3600, and QFX5100 switches with Dynamic Host Configuration Protocol (DHCP) relay configured under Border Gateway Protocol (BGP)-Layer 3 Virtual Private Network (VPN), DHCP clients connected to the switch cannot get IP addresses over BGP-L3VPN. PR1303442

  • When there is an error during creation of the RSVP Path state (in the PSB data structure), the data structure itself is freed but some associated memory is not freed. This is causing a memory leak. It is unlikely that this error condition would happen on an NSR master Routing Engine (or when no NSR is configured). But on the NSR backup Routing Engine, there are more likely to be conditions that cause the path state creation to fail, thus exposing the memory leak in the error-handling code. PR1328974

Multicast Protocols

  • On QFX5100 switches, the following error messages might be displayed with a multicast configuration or multicast traffic. The messages do not indicate traffic impact; however, multicast statistics might not work due to these messages: Feb 15 07:28:49 switch fpc0 brcm_ipmc_get_multicast_stats:3947 brcm_ipmc_stat_get failure Feb 15 07:28:49 switch fpc0 brcm_rt_stats:1906 brcm_ipmc_get_multicast_stats failure err=-7 . PR1255497

Network Management and Monitoring

  • On QFX3500, QFX3600, or QFX5100 with SNMP enabled, if an interface connected to a VoIP product has the Link Layer Discovery Protocol (LLDP) and LLDP-MED enabled, l2cpd might generate core files repeatedly. PR1317114

Platform and Infrastructure

  • In rare cases, the Packet Forwarding Engine might drop the TCP RST (reset) packet from the Routing Engine side while doing GRES or flapping an interface, and traffic might be dropped. PR1269202

  • On a QFX5100 switch, if a fan module is removed, a major alarm is raised instead of a minor alarm. PR1291622

Routing Policy and Firewall Filters

  • On QFX Series switches, issuing a show policy command for a policy that has a parameter of load-balance consistent-hash might cause the rpd to crash. PR1200997

  • On all platforms running under Junos OS with vrf-target auto configured under [edit routing-instances], the rpd might crash after an unrelated configuration change. PR1301721

Routing Protocols

  • QFX5100 switches might not send router advertisement packets to clients when igmp-snooping is configured on a user VLAN, and the end clients connected to the devices might lose IPv6 connectivity. PR1238906

  • On QFX Series platforms in an MC-LAG (active-active) environment, on a VRRP backup chassis, when you add a new VRRP group or reconfigure a VRRP group for a logical interface, the Layer 3 forwarded traffic might be dropped on the VRRP backup chassis due to loss of the VRRP virtual address. PR1255978

  • In a VCF scenario that includes an EX4300 switch, if fabric-tree-root is configured, then the broadcast, unknown, and multicast (BUM) traffic might not be forwarded. PR1257984

  • On QFX3500, QFX3600, and QFX5100 switches, BGP packets with an IPv6 link local address as a destination address are not punted to the CPU, so the BGP session is not established. PR1267565

  • On QFX5100 switches, when you are adding or deleting routes on a system with a large number of routes, in rare cases, the fxpc process might access an already freed-up memory space, causing the fxpc process to crash and restart with a core file generated. PR1271825

  • On QFX5100-24Q and QFX5100-48S, if IPv6 link local packets are from a member other than the first member of a channelized interface (for example, xe-0/1/2:1, xe-0/1/2:2, or xe-0/1/2:3), IPv6 packets are dropped. PR1283065

  • If the number of Ref count entries used by a firewall filter applied on a loopback interface is more than 255, log message dc-pfe: list_destroy(): non-empty list (1) is displayed after the firewall filter configuration is committed. PR1286209

Security

  • If a MAC move limit is configured to drop traffic, QFX Series switches might forward traffic instead of dropping traffic when the MAC move limit is exceeded. PR1105372

  • If a Media Access Control Security (MACsec) session flaps, dot1x might crash and generate a core file, and then the MACsec session is not established. PR1251508

  • On standalone QFX5100 switches or on QFX5100 Virtual Chassis or Virtual Chassis Fabric (VCF), Media Access Control Security (MACsec) licenses might not be added. PR1269667

  • If storm control is enabled with the shutdown action on QFX3500, QFX3600, or QFX5100, the interface with DN and SCTL flags lose the SCTL flag and remain permanently down after GRES. PR1290246

Software-Defined Networks (SDN)

  • On QFX5100 switches, if OpenFlow is configured with interfaces and controller options, then the OpenFlow session might flap constantly. PR1323273

Resolved Issues: Release 15.1R6

High Availability (HA) and Resiliency

  • On QFX5100 and EX4600 switches, during a nonstop software upgrade (NSSU), if an aggregated Ethernet (AE) interface is configured with multiple subinterfaces across multiple Flexible PIC Concentrators (FPCs), the AE interface might go down. PR1227522

  • On a QFX5100 switch, you cannot perform an in-service software upgrade from Junos OS Release 14.1X53-D30 to Junos OS Release 14.1X53-D40. As a workaround, during a maintenance window, download the new software version, perform a regular software upgrade, and reboot the switch. PR1229272

Interfaces and Chassis

  • On QFX5100 Virtual Chassis, DHCPv6 binding might fail if the server and the client are in different virtual routing and forwarding (VRF) instances. PR1167693

  • Output from show chassis environment says fan tray testing/absent in QFX3500 Virtual Chassis with EX4300. PR1200638

  • The backup link in the aggregated link is not forwarding the traffic when the primary link goes down in the following configuration with Junos OS Release 15.1R4: root# show interfaces ge-0/0/10 ether-options { 802.3ad { ae0; primary; } } {master:0}[edit] root# show interfaces ge-0/0/19 ether-options { 802.3ad { ae0; backup; } }. PR1208614

  • On QFX Series switches, LLDP does not work on management and internal Ethernet (em) interfaces. PR1224832

  • On QFX Series switches, in rare cases, the Link Up / Down notification from the Packet Forwarding Engine (PFE) to the Routing Engine might need a bit of time, so the PFE-side interface and remote device interface show Admin Up and Link Up, but the CLI might show the interface in Admin Down and Link Down. When this issue happens, it might last about 30 seconds. PR1227947

  • A QFX5100-48S or QFX5100-96S might incorrectly list the media type of an SFP-T copper module as “fiber” in the output of show interface. PR1240681

Layer 2 Features

  • On QFX5100 switches, if you configure an aggregated Ethernet (AE) interface in a VLAN associated with a VNI, the AE interface might stop forwarding traffic. Also, even after you delete the VXLAN configuration, the problem persists. PR1213701

  • On QFX5100 switches, an fxpc process might generate a core file. PR1231071

  • MAC learning will be very slow when clearing MAC addresses in cases of scale MAC learning (128k). PR1240114

Multiprotocol Label Switching (MPLS)

  • Ping over LSP shows different behavior in regards to HLIM. PR1179518

  • On EX Series and QFX Series switches, if you change a Layer 2 circuit configuration from Ethernet CCC encapsulation to VLAN CCC encapsulation, traffic losses might occur at the pseudowire tunnel initiation point. PR1222888

Network Management and Monitoring

  • Despite the EX4300 switch or QFX5100 switch being configured with the network analytics feature, the analytics process might not run. As a result, the network analytics feature might be unable to collect traffic, queue statistics, and generate reports. PR1165768, PR1184720

  • The Digital Optical Monitoring (DOM) MIB jnxDomCurrentTable for 1G SFP interfaces does not return any value. PR1218134

Port Security

  • On QFX3500, DHCP binding might not work when untrusted ARP inspection is enabled in the snooping device. PR1229399

Routing Policy and Firewall Filters

  • On QFX5100 switches, firewall filters that contain policers might not process packets correctly if TCAM entries are programmed over multiple slices of TCAM memory space. Firewall filter terms are programmed as TCAM entries in the TCAM memory table. The auto-expansion function over multiple slices might fail with policers being attached to firewall filter terms. PR1232926

Routing Protocols

  • In a QFX5100 Virtual Chassis or Virtual Chassis Fabric (VCF), if the master Routing Engine crashes when nonstop active routing (NSR) is configured and the [edit system] switchover-on-routing-crash statement is set, the Virtual Chassis or VCF fails to perform the switchover to the backup Routing Engine. The switchover-on-routing-crash statement helps to prevent loss of traffic during a Routing Engine switchover when NSR is enabled by switching immediately over to the backup Routing Engine. PR1220811

  • On EX4600 and QFX Series switches with unicast-in-lpm configured, EBGP packets with ttl=1 and non-EBGP packets with ttl=1, whether destined for the device or even transit traffic, both go to the same queue. This might result in dropping of valid EBGP packets, resulting in EBGP flap. PR1227314

  • On QFX5100 switches running Junos OS Release 14.1X53-D30.3, when you apply an IPv6 firewall filter, the system might crash with a PFE panic. PR1234729

  • On a QFX5100 switch, Gratuitous Address Resolution Protocol (GARP) reply packets are not updating the Address Resolution Protocol (ARP) table. GARP request packets, however, are updating the ARP table as expected. PR1246988

  • On QFX5100 switches, multicast route leaking does not support a Layer 3 interface (IPv4) as an upstream port. As a workaround, use an integrated routing and bridging (IRB) interface. PR1250430

Software-Defined Networking (SDN)

  • On QFX5100 switches, OVSDB traffic might be dropped after Layer 2 learning is restarted. PR1177012

Resolved Issues: Release 15.1R5

Class of Service (CoS)

  • In an ETS configuration, if transmit-rate is configured at queue-level, the guaranteed rate should be configured at the TCP level. If not, a syslog message is logged about configuration failure. The configuration is not pushed to the kernel/PFE. On a QFX5100 Virtual Chassis, when a member joins, since the configuration check is already done on the master, the configuration is sent to members. Because the guaranteed rate is configured as 0, the logic to calculate the transmit-rate fails. PR1195498

Firewall Filters

  • On QFX5100 switches, the DSCP action modifier of a family inet firewall filter does not properly modify or mark the DSCP bits on packets matching the firewall filter. PR1205072

  • On QFX5100 switches, port-range-optimize (both source and destination) might fail to be programmed into the hardware for an inet output filter. PR1211576

Infrastructure

  • On QFX5100 and EX4600 switches, in a rare timing condition, if there was already a request to gather some info from the QSFP and remove it at the same time, the Packet Forwarding Engine manager (fxpc) might crash. PR1151295

  • On an EX4300 switch in a VCF, if a Layer 3 AE interface is looped back with a Layer 2 port in the same VLAN, then traffic with the same destination MAC to the AE interface is dropped (for example, the ping address of the AE interface). PR1157283

  • On QFX5100-48T, when issuing show interface extensive or show interface media, the Local resolution: section of the Autonegotiation information section indicates that flow control is enabled for both tx and rx even though flow control has been explicitly configured as disabled and the disabled state is indicated in the top portion of the output. PR1168511

  • On QFX5100 switches, packet loss and framing errors might be observed on QSFP+40GE-LX4 transceiver. PR1177499

  • On EX4300, EX4600, QFX3500, QFX3600, and QFX5100 switches with vlan-rewrite configured on an AE interface, a VLAN rewrite might fail and result in traffic loss. PR1186821

  • On QFX5100 switches that are running with VXLAN Open vSwitch Database (OVSDB), the Packet Forwarding Engine manager (fxpc) might crash and generate a core file because of heap memory exhaustion on the kernel. This is a specific issue with OVSDB and does not affect multicast VXLAN. PR1187299

  • After you add or remove a PEM on a QFX5100 switch, the show chassis environment pem command does not display the correct Current(A) and Power(A) usage. PR1204850

  • If a QFX5100 switch or VCF is configured with IGMP snooping without any PIM-related configuration, a mcsnoopd memory leak might occur when the device receives PIM hello packets that need to be forwarded further. When PIM hello packets are arriving on the device, 12 bytes are allocated for every PIM hello packet, causing an increase in the memory consumed by the mcsnoopd process. PR1209773

MPLS

  • On QFX5100 switches or a QFX3500 or QFX3600 Virtual Chassis, IP packet frames of 1500 bytes might drop when family mpls is configured on a logical interface. PR1199919

  • On QFX5100 switches with MPLS and LDP enabled, for packets with incoming labels that must perform a penultimate hop popping (PHP) operation on the QFX5100 switch, occasionally the packets are not processed and are dropped. PR1190437

Platform and Infrastructure

  • The Packet Forwarding Engine manager daemon (fxpc) might crash on an QFX5100 switch if multiple processes attempt to access the Ethernet-switching table/database at the same time. PR1146937

  • On EX4600 or QFX5100 switches or Virtual Chassis or Virtual Chassis Fabric (VCF), when you reconfigure or modify the Unified Forwarding Table (UFT) profile, the device automatically restarts (for the UFT configuration to take effect). When this happens in a Virtual Chassis or Virtual Chassis Fabric (VCF) environment, the Virtual Chassis or VCF might become unstable and fail to recover, and the Virtual Chassis or VCF (all member devices) must be rebooted to reestablish stable operation. To avoid this situation, configure the UFT profile when you initially set up the device. After the fix, for standalone switches and Virtual Chassis with a single member, it works as before. For a Virtual Chassis or VCF with more than one member, the member does not restart, and the system generates a syslog message that tells you to restart the system manually when you change the UFT configuration. PR1152102

  • On QFX3500 or QFX5100 switches, when parity errors occur on interfaces, they might affect the memory management unit (MMU) memories. MMU counters can be corrupted, the interface buffers might be stuck, and there might be interface flaps and traffic loss on the affected ports. As a workaround (restoration only), reboot the system. PR1169700

  • In a QFX5100 Virtual Chassis, if the master is halted or rebooted with some limited MAC persistence timer set, then in a specific sequence the IRB MAC does not get programmed correctly in the BCM. PR1188092

  • On QFX3500, QFX3600, QFX5100, and EX4600 switches, if a routing loop is created, the TTL of the packet does not reduce to 0 and the packet is not dropped. PR1196354

  • On QFX3500, QFX3600, QFX5100, and EX4600 switches, if you disable an IRB interface, reboot the switch, and then reenable the IRB interface, the IRB interface might not be reachable. PR1196380

  • On a Virtual Chassis Fabric, you might see an error such as MMU ERR Type: 1B error, Addr: 0x001052cf, module: 42, which indicates that there was an ECC error in the PFE MMU counter memory. ECC errors are corrected by the hardware without software intervention and are corrected only when a packet hits that memory. Reading an ECC-errored entry always generates an interrupt; however, the error will only be corrected when the packet hits the memory. Because this is a counter memory, the counter thread reads this memory continuously, and hence you see continuous error messages. PR11968162

  • On QFX5100 switches, Rx power low warning set messages might be logged continuously for channelization ports that are in the DOWN state with snmpwalk running in the background. PR1204988

  • There are basically three arguments—periodic, diagnostic, and tx—for the lcdd_cmd -f 0 -d chassism -c command, and this top-level command requires different numbers of arguments. If any one of the arguments is missing when the command is executed on a QFX3500 or QFX3600 switch, chassisd might crash. PR1206328

  • On QFX5100 and EX4600 switches, in rare cases, the fxpc process might crash and restart with a core file generated upon LPM route install failure. After the switch restarts, services are restored. PR1212685

Routing Protocols

  • On QFX5100 switches, the routing protocol process (rpd) fails to respond to any new CLI routing commands (for example, show mpls lsp terse). The rpd is forking a child process while processing a show command. When the subprocess tries to exit, it attempts to close the management socket being used by the show command. This failure might cause the rpd subprocess to crash and generate a core file. It also removes the rpd pid file, which prevents the rpd from processing any new CLI commands even though the original rpd process continues to run normally. PR1111526

Spanning-Tree Protocols

  • On QFX5100 and EX4600 switches, in a scenario where MSTP, RSTP, orVSTP is configured to prevent a Layer 2 network loop, xSTP convergence might fail on an interface that is configured with flexible-vlan-tagging and encapsulation of extended-vlan-bridge. PR1179167

Virtual Chassis

  • On a non-mixed QFX5100 Virtual Chassis Fabric (VCF) or Virtual Chassis, LACP might flap when the switch in the master Routing Engine role is rebooted using the CLI or because of a power cycle. This issue is not experienced after a Routing Engine switchover. As a workaround, configure a slow LACP timeout. PR1034377

  • On a VCF platform, the memory usage limitation for the vccpd process is 131 MB in memory. Any VCP port flapping will cause a small memory leak (256 KB~1 MB) in the VCF. If the memory usage reached is 131 MB, then the vccpd will crash and create a core file and then restart. In the meantime, a member of the VCF will disconnect from VCF; this will have a service impact until the vccpd comes up again. PR1158798

Resolved Issues: Release 15.1R4

Class of Service (CoS)

  • On QFX5100 and EX4600 switches, ICMP, SSH, and ARP traffic generated by the switch might be forwarded to queue 7 (network-control); the default behavior is that the traffic would be forwarded to queue 0 (best-effort). PR1178188

Interfaces and Chassis

  • On a QFX5100 Virtual Chassis, if you configure an aggregated Ethernet interface as an OVSDB interface with multiple subinterfaces that are configured under different VXLAN domains, removal of the last but one AE subinterface might reset VXLAN settings on the physical port that are part of the AE interface, resulting in packet drops. PR1150467

  • On QFX Series and EX Series switches, if you configure VRRP with an MC-LAG between the master and backup switches, both VRRP members of IRB interfaces might stay in the master state after a software upgrade. PR1157075

  • On QFX5100 switches, if a trunk interface is a VXLAN port, tagged frames matching the native VLAN ID might be sent out with the native VLAN tagged. PR1164850

  • If a QFX5100 Virtual Chassis is created with a QFX5100-48S in the routing-engine role and a QFX5100-48T in the linecard role, ports of the QFX5100-48T might be shown as having media type Fiber. PR1166810

  • On QFX5100 switches, if you enable aggregated Ethernet links by deleting the disable command, LACP core files might be generated. PR1173562

Layer 2 Features

  • On a QFX5100 switch, if you delete a VLAN and create a new VLAN with a different VLAN ID but use the same VNI, and you commit those changes within a single commit, a MAC learning failure might occur on the newly created VLAN. These system logging messages might be displayed:

    • fpc0 BRCM-VIRTUAL,brcm_vxlan_hw_add(),263:Failed to Program vxlan bd(22) token(0xf) status(-8)

    • fpc0 BRCM-VIRTUAL,brcm_virtual_bd_add(),626:Cannot create Virtual-BD for bd(22)

    • fpc0 BRCM-VIRTUAL,brcm_virtual_port_add(),101:Port(ge-0/1/2) add came before bd(22) add

    • fpc0 LBCM-L2,pfe_bcm_l2_addr_delete_by_vlan(),52:delete L2 entries associated with bd 21(65535) failed(-4)

    PR1161574

  • On QFX5100 and EX4600 switches, every time a MAC address is learned, some messages might be output to syslog and be repeated frequently. The logged messages have no impact on service traffic. PR1171523

Platform and Infrastructure

  • On QFX Series mixed Virtual Chassis Fabric (VCF), software rollback with the force option (request system software rollback force) might not work. PR1028666

  • In a Virtual Chassis Fabric (VCF) with three or four spine devices, the spine devices operating in the linecard role cannot assume the Routing Engine role, including in cases where the master or backup Routing Engine fails. PR1115323

  • In a Virtual Chassis or a Virtual Chassis Fabric (VCF), issuing the clear arp command might not clear ARP entries. PR1159447

  • If DHCP packets with MPLS tags are sent to the CPU on a QFX5100 node acting as a PHP node, the logical interfaces index on the packet notification might not be set correctly, and the DHCP packets might be dropped. PR1164675

  • On a QFX5100 switch with an integrated routing and bridging (IRB) interface configured as a Layer 3 interface and with two hosts (Host A and Host B) connected to the switch, if you deactivate the IP address on Host A and then configure the same IP address on Host B, the outgoing interface of the IP address might not be changed in the ARP table. PR1166400

  • Some interfaces might be down after you disable and then reenable autonegotiation on QFX5100-48T interfaces that are connected to QFX3500 SFP-T interfaces. As a workaround, restart the Packet Forwarding Engine. PR1168581

Routing Policy and Firewall Filters

  • On QFX5100 switches, starting with Junos OS Release 15.1R3, forwarding-class mcast configurations are not supported in port-based firewall filters. PR1088313

Routing Protocols

  • On QFX Series switches, when a neighbor device sends a flood of Link Layer Discovery Protocol (LLDP) traffic bigger than 1000 pps to the QFX Series switch, Link Aggregation Control Protocol (LACP) flaps might be seen on unrelated interfaces. PR1058565

  • On QFX5100 and EX4600 switches, if you use the Network Configuration Protocol (NETCONF) to add or delete firewall filters on an integrated bridging and routing (IRB) interface, the Packet Forwarding Engine Manager (fxpc) might generate a core file. PR1155692

  • On QFX5100 and EX4600 switches, when a limit traffic filter is configured with TTL=1 packets accepted on the loopback interface, the host-bound unicast packets with TTL=1 (for example, OSPF packets) might be dropped. PR1161936

  • On a QFX3500 switch, if you configure one interface with PIM and the interface sends hello packets, and then you change its PIM hello-interval from non-zero to 0, the interface sends hello packets continuously. PR1166236

  • On QFX5100 switches, if you apply a firewall filter on the loopback interface with the match condition for packets with TTL 0/1 and with policer set as the action, the term does not catch the packets. PR1166936

Security

  • On QFX Series switches, up to four port-mirroring analyzers can be configured, which can have up to four ingresses and egresses total for all input stanzas. If the count of ingresses plus egresses is greater than four, the analyzers do not work properly. PR1168528

Software-Defined Networks (SDN)

  • On QFX5100 switches, the openflowd process might generate a core file. PR1142563

Virtual Chassis and Virtual Chassis Fabric (VCF)

  • On QFX5100 Virtual Chassis, if you insert some SFP or SFP+ optics in a port, that port might go down and might not read any other optics. As a workaround, reboot the chassis. PR1144190

  • On QFX5100 Virtual Chassis, Virtual Chassis ports (VCPs) might not be auto-configured if the ports are connected while other ports are being converted. PR1159242

  • On an EX4600 Virtual Chassis or a QFX Series Virtual Chassis or Virtual Chassis Fabric (VCF), if you convert the Virtual Chassis port (VCP) to a network port by issuing the request virtual-chassis vc-port delete command, broadcast and multicast traffic might be dropped due to the port remaining programmed as a VCP in the hardware. PR1159461

Resolved Issues: Release 15.1R3

Note

Some resolved issues at Release 15.1R3 apply to both QFX Series and EX Series switches. Those shared issues are listed in this section.

Authentication and Access Control

  • On EX4300, EX4600, EX9200, and QFX5100 switches configured for 802.1X authentication, if the VLAN assigned to an access port is changed, then the supplicants authenticated are disconnected and the users are not able to authenticate anymore. PR1148486

Bridging and Learning

  • On EX4300 and QFX Series switches with PVLAN configured, if secondary VLANs (isolated VLANs or community VLANs) are configured with vlan-name, after binding or unbinding the isolated or community VLANs in the primary VLAN, packet loss might occur between existing VLANs. PR1144667

Class of Service (CoS)

  • On QFX Series switches with Data Center Bridging and Capability Exchange (DCBX) enabled, when you are configuring a guaranteed minimum rate of transmission for a CoS traffic control profile, the Layer 2 Control Protocol daemon (l2cpd) might crash during the initial LACP setup. PR1143216

  • On EX4600 and QFX5100 switches, when the Virtual Router Redundancy Protocol (VRRP) priority is modified to change the VRRP mastership after cosd restart (or device restart), packets might be dropped on interfaces that have both inet and inet6 families enabled. PR1105963

  • On QFX5100 and EX4600 switches, if you channelize a 40-Gigabit Ethernet QSFP+ interface into four 10-Gigabit Ethernet ports and try to apply the CoS configuration to one of the specific channels, multicast traffic might get dropped. PR1108103

  • On QFX5100 and EX4600 switches, if an interface that is enabled for flow control is connected to an EX Series switch (except EX9200), even low-rate traffic (host-bound traffic) received might cause a MAC pause frame to be sent from the interface to the peer device, and other transmitting traffic from the interfaces might be affected (for example, LACP flapping might occur). PR1113937

Dynamic Host Control Protocol

  • On QFX5100 switches that are configured with the include-option-82 nak option so that Dynamic Host Configuration Protocol (DHCP) servers include option 82 information in NAK messages, two copies of option-82 might be appended to DHCP ACK packets. PR1064969

  • On EX9200 and QFX5100 switches, when DHCP relay is configured with the DHCP server and DHCP client in separate routing instances, unicast DHCP reply packets, for example, DHCPACK in response to a lease renewal request, might be dropped. PR1079980

  • On an EX Series or QFX Series switch configured as a DHCP client, the length of the DHCP vendor ID is always 60 in DHCP discover packets when the vendor class ID is configured, although the actual vendor-id name is less than 60. As per RFC 2132, the code for this option ("Vendor class identifier") is 60, and its minimum length is 1. PR1123111

Firewall Filters

  • On EX4600 and QFX Series switches, if filter-based forwarding (FBF) is configured on an IRB interface that is also enabled for Virtual Router Redundancy Protocol (VRRP), when the host uses the VIP address as the gateway, the switch does not forward packets from that host to the destination routing instance through FBF. This is expected behavior based on the implementation of family inet filters. As a workaround, configure the hosts to use the physical IP address of the IRB interface rather than the VRRP VIP address as the gateway. PR1025312

  • On QFX5100 switches with DHCP relay enabled, if there is a firewall filter with the term "then log" configured, DHCP clients might fail to get IP addresses from a DHCP server. This occurs because the DHCP-relay traffic on the switch drops as the result of rate-limiting. PR1041513

  • On EX4600 and QFX Series switches, you might not be able to commit the configuration when the arp-type match condition is configured in a firewall filter. PR1084579

  • On QFX5100 switches, in the absence of any match condition in filters used for filter-based forwarding (FBF) that are applied to IPv4 traffic, IPv6 traffic coming in on the same interface might get filtered as well. PR1145667

High Availability (HA) and Resiliency

  • On QFX5100 switches with a minimum interval for a Bidirectional Forwarding Detection (BFD) session configured to less than a second, the pre-ISSU check might be successful and continue to implement the ISSU, causing the BFD session to flap. The expected behavior is that the pre-ISSU check for the BFD session fails and ISSU is aborted. PR1132797

Infrastructure

  • On QFX3500, QFX3600, and QFX5100 switches, when family ethernet-switching is configured on an interface that is also configured with encapsulation extended-vlan-bridge , then transit packets (for example, IP, ping, or Q-in-Q packets) might be dropped on this interface. PR1078076

  • On a QFX3500 switch with nonstop active routing (NSR) enabled, deleting a routing-instance or logical-system configuration might cause a soft assert of the rpd process. If NSR is not enabled, after you delete a routing-instance or logical-system configuration, executing the restart routing command might trigger this issue, too. This issue has no functional impact. PR1102767

  • On a Virtual Chassis formed with QFX3500 and QFX3600 switches, CPU consumption might be high if a greater than usual amount of host traffic goes to a VRRP backup node. PR1124038

Interfaces and Chassis

  • On QFX5100 switches, the maximum number of LAGs is now 1000. PR1082043

  • On a QFX5100 Virtual Chassis, the MAC address is not learned on an aggregated Ethernet (AE) interface configured as a VXLAN Layer 2 port and with the interface mode configured as access. The issue is observed only with AE interfaces that span multiple Virtual Chassis members and when the member node is rebooted or power cycled. PR1112790

  • On QFX5100 switches, if an mc-ae member link is deleted and then re-added on an MC-LAG node, there could be a traffic loss of about 2 seconds. PR1146206

  • On QFX5100 switches, a child member might drop the incoming Link Aggregation Control Protocol (LACP) frames when this child member is moved from an access-mode VXLAN LAG interface to a trunk-mode VXLAN LAG interface. PR1153042

  • On QFX5100 and EX4600 switches, the Gigabit Ethernet (ge) interface might stop forwarding traffic when you hot-swap a transceiver from SFP-SX to SFP-T. PR1144485

Layer 2 Features

  • On QFX5100 and EX4600 switches running under Junos OS Release 14.1X53-D10 or later, when DHCPv6 solicitation packets go through the device with Q-in-Q configured, the packets might be dropped by peers because the S-tag has not been added. PR1103793

  • On EX4300, EX4600, and QFX Series switches, if a trunk port is deleted and then reconfigured as an access port in the same commit, the Layer 2 address learning daemon (l2ald) might generate a core file. PR1105255

  • On EX4600 and QFX5100 switches, the VLAN Spanning Tree Protocol (VSTP) bridge protocol data units (BPDUs) might be reinjected to the Packet Forwarding Engine and not be sent out of an interface when the interface has been added to the VSTP configuration and is configured with flexible-vlan-tagging. PR1117540

  • On QFX5100 switches, if you configure a PVLAN inter-switch link on an existing working trunk port, normal VLAN traffic might break. PR1118728

  • On EX4300, EX4600, and QFX Series switches, traffic received on the backup redundant trunk group (RTG) link might get forwarded to other interfaces following an RTG link failover. PR1119654

  • If you reboot one FPC in a two-member Virtual Chassis, the traffic might not exit from the FPC after the FPC comes back online and rejoins the Virtual Chassis, and local registers might be incorrectly cleared if the port number is the same on both the master and backup. PR1124162

  • On a QFX5100 Virtual Chassis, traffic might not pass the inter-member when the firewall filter is applied to the ingress interface using the interface vlan option. PR1138714

  • On QFX5100 and EX4600 switches, after you delete one logical interface from one VLAN that is configured with multiple logical interfaces, the MAC address for other logical interfaces might not be learned again. PR1149396

MPLS

  • On QFX5100 switches, a ping from the customer edge (CE) to the provider edge (PE) (last-hop router [LHR]) lo0 interface does not go through with explicit-null (RSVP). PR1145437

Multicast

  • On EX4600 and QFX Series switches, IGMP snooping might not be enabled after you reboot the switch. You might see the same issue after you run a nonstop software upgrade (NSSU) on the switch. PR1082453

Platform and Infrastructure

  • Setting link speed to 100 Mbps does not work in the following situations:

    • When network interfaces are used on an EX4600

    • When an EX4600-EM-8F expansion module is installed in a QFX5100-24Q switch or EX4600 switch

    PR1032557

  • On EX Series and QFX Series switches, issuing the show interfaces extensive command or polling SNMP OID ifOutDiscards provides a drop count of zero. PR1071379

  • On QFX5100 switches, the wrong source IP address is being used when the switch initiates traffic and em0 is configured with a 192.168.1.x/16 subnet and after the switch has been upgraded with the force-host option. PR1071517

  • On EX4600 and QFX Series switches, MAC addresses on one VLAN might be installed in the hardware but be missing from the Ethernet-switching table if the following steps were taken and if A + B >= 4096:

    1. Configured vlan-id-list for a VLAN range "A" with a commit.

    2. Deleted the VLAN range "A" and re-added the VLAN range "B" in the same commit.

    PR1074919

  • On QFX3500 switches, if you remove 1-Gigabit Ethernet SFP transceivers from ports 0-5/42-47 and then insert 10-Gigabit Ethernet SFP+ transceivers in the same ports, the 10GE SFP+ transceivers might not be detected. PR1085634

  • On QFX5100 switches, adding or removing virtual routing and forwarding (VRF) instances that have many logical interfaces in the link aggregation group (LAG) might cause Link Aggregation Control Protocol (LACP) flapping. PR1087615

  • On EX4600 and QFX5100 switches, when Spanning Tree Protocol (STP) is enabled on an S-VLAN, that S-VLAN's STP bridge data protocol unit (BPDU) packets might be dropped by the S-VLAN interface if the S-VLAN interface is an aggregated Ethernet (AE) interface. PR1089331

  • On EX4600 and QFX5100 switches, when flow control is configured on an interface, and pause frames are sent to this interface, the interface might go down. PR1098055

  • On QFX Series switches, removing or inserting one QSFP might cause the pfe process to crash. PR1098385

  • On EX4600 and QFX5100 switches with Q-in-Q, if the native VLAN is configured on a Q-in-Q interface connected to a customer edge (CE), the packets going out with the native VLAN ID (customer-VLAN) are still tagged. PR1105247

  • On a QFX Series Virtual Chassis Fabric (VCF) or Virtual Chassis with graceful Routing Engine switchover (GRES) enabled, the backup Routing Engine might continuously reboot after you configure forward-and-send-to-re or forward-only under the [edit interface interface-name unit unit-number family inet targeted-broadcast] hierarchy. PR1106151

  • On a QFX5100 VCF in auto-provisioned mode, when adding a new leaf device to the VCF, you should zeroize the device and reboot by using the request system zeroize command if the new leaf device has been configured with any command. The issue (interface still up) might be observed at the time of the reboot until the Packet Forwarding Engine reinitializes the interfaces. PR1106194

  • On EX4300 and QFX Series switches, the analytics daemon (analyticsd) runs on devices even if there is no analytics configuration, which might cause system instability because of the high number of files opened by analyticd. PR1111613

  • On QFX5100 Virtual Chassis, multiple PFEMAN disconnects and reconnects between the master and backup within a short period of time can cause the backup to generate core files. PR1123379

  • On EX4300, EX4600, EX9200, and QFX Series switches, the lldp-med-bypass feature does not work. PR1124537

  • On QFX3500 and QFX5100 switches, if you commit an et inet interface with an MPLS configuration and the no-redirects statement, the operation might cause no protocol ARP for the specific logical interface in the Packet Forwarding Engine, and traffic is not sent out. PR1138310

  • On QFX Series and EX4600 switches, if an aggregated Ethernet (AE) interface is used as an ECMP next hop (load balance), traffic is not hashed evenly to all member interfaces correctly. PR1141571

  • On EX4200, EX4300, EX4550, EX4600, and QFX5100 switches with Media Access Control Security (MACsec) enabled on an AE subinterface, MACsec might not work because the MACsec Key Agreement (MKA) session is not established with a peer after flexible-vlan-tagging is configured on the AE interface. PR1133528

  • On QFX5100 switches, if you delete an autonegotiate configuration on a 10-gigabit interface (xe), the interface goes down as expected because the autonegotiate setting is not matching with that on the peer interface. However, the interface might come up after the reboot even though autonegotiate is still disabled. PR1144718

  • On EX Series and QFX Series switches, if interface-mac-limit is configured on an interface range, the commit might fail. PR1154699

Routing Protocols

  • On a standalone QFX Series switch, if you configure a nested firewall filter and then attempt to commit the configuration, the firewall compiler process (dfwc) might crash and generate a core file, leading to commit failure. PR1094428

  • On a QFX VCF, if the switch works as part of a target subnet, while receiving the targeted broadcast traffic, the packets might be forwarded to the destination with the switch's MAC address as the destination MAC address, where it should be converted into a Layer 2 broadcast frame with destination MAC address FFFF.FFFF.FFFF. PR1114717

  • On QFX5100 switches, you might see the soc_mem_read: invalid index -1 for memory EGR_L3_INTF log message. You can ignore the message; there is no functional impact on the switch. PR1126035

Software-Defined Networks (SDN)

  • In an OpenFlow scenario with QFX5100 or EX9200 as the virtual switch, the openflowd process might crash after you issue the show openflow statistics tables command. PR1131697

Spanning-Tree Protocols

  • On QFX5100 switches, when an STP configuration is initially applied to an interface and the interface is down at that moment, executing show or clear spanning-tree statistic interface might cause the Layer 2 control protocol process (l2cpd) to crash. PR1152396

Storage and Fibre Channel

  • On EX4500 and QFX Series switches with Data Center Bridging Capability Exchange (DCBX) enabled, when the DCBX neighbor is up and then receives a normal Link Layer Discovery Protocol (LLDP) packet (without DCBX TLVs) on the same port as the DCBX packets, the device might ignore the DCBX packets, causing session timeouts and a reset of the priority-based flow control (PFC) settings. PR1095265

Virtual Chassis and Virtual Chassis Fabric (VCF)

  • On a Virtual Chassis Fabric (VCF), a small amount of Layer 3 unicast packet loss (for example, 0.2 - 0.3 sec) might be seen when a leaf node that is not in the traffic path is rebooted. PR976080

  • On a QFX Series Virtual Chassis Fabric (VCF), rebooting a leaf node might change the size of the VCF, resulting in a flood loop of the unicast or multicast traffic. To fix the issue, use the new configuration statement fabric-tree-root. PR1093988