Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
ContentIndex
  
[+] Expand All
[-] Collapse All

No index entries found.

Related Documentation

  • New and Changed Features
  • Changes in Behavior and Syntax
  • Known Behavior
  • Known Issues
  • Documentation Updates
  • Migration, Upgrade, and Downgrade Instructions
  • Product Compatibility

Resolved Issues

This section lists the issues fixed in Junos OS Release 15.1F5 for the MX Series and T Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 15.1F5

General Routing

  • With "chassis maximum-ecmp 64" configured, when there is a route having 64 ECMP LSP next-hops and CoS-based forwarding (CBF) is enabled with 8 forwarding class (64*8=512 next-hops), not all next-hops will be installed on Packet Forwarding Engine due to crossing the boundary in the kernel when number of ECMP next-hops is large than 309. PR917732
  • On an MX Series Virtual Chassis platform, when we restart one or both of the standby Routing Engines, the log message "ksyncd_select_control_plane_proto: rhost_sysctlbyname_get: No such file or directory" might be observed as the ksyncd daemon attempts to select a communication protocol (UDP/TCP). After several tries, it will fall back to TCP and proceed as normal. PR945925
  • On MX240/480/960/2010/2020 platforms with Junos OS Release 15.1R1 or later, the process health monitor process (pmond) is not available on the Routing Engine. The msppmond process on the MS-MIC/MS-MPC tries to connect to the pmond process on Routing Engine continuously but fails. This will result in additional traffic between the MS-MIC/MS-MPC and the Routing Engine, causing high CPU utilization. PR1014584
  • On all routing platforms M/MX/T routing platforms with BGP configured to carry flow-specification route, in case of deleting a filter term and policer, then add the same term and policer back (it usually happens in race condition when adding/deleting/adding the flow routes), since confirmation from dfwd for the deleting policer might not be received before attempting to add the same policer, the rpd would skip sending an add operation for it to dfwd. As a result, when the filter term is sent to dfwd and tell it to attach to the policer, dfwd had already deleted the policer, and since rpd skipped re-adding it, dfwd will reject the attach filter with policer not found error and rpd will crash correspondingly. PR1052887
  • When flag is specified under ipsec-vpn traceoptions to trace IPsec operations, no message is logged to the specified trace file as expected. The issue impacts on debug capability only. PR1073705
  • When configuring the large-scale firewall filter (e.g, with 10K terms on input/output) on either FPC5 or MPC3/4/5/6, traffic drop might occur due to allocation limits. PR1093275
  • When route convergence occurred, the new gateway address is not updated correctly in inline-jflow route-record table (route-record table is used by sampling), and the sampling traffic forwarding might be affected, but normal routing would be not affected. PR1097408
  • Fragmenting a special host outbound IP packet with an invalid IP header length (IP header length is greater than actual memory buffer packet header length) can trigger NULL mbuf accessing and dereferencing, which might lead to a kernel panic. PR1102044
  • During NSR Routing Engine switchover, there might be a control plane black window for inline BFD causing the BFD session to flap. This is a day-1 issue, and tuning the retrans timer would solve the problem. But since these timers have to meet RFC compliance, we cannot really do that. Today we have the retrans timer as 1000 milliseconds. The workaround would be to configure a higher retrans timer value. PR1105980
  • On MX240/480/960 Series routers with MS-DPC, customer is running BGP over IPSec. This BGP session has a BFD session tied to it. The BGP session is up but the BFD session remains in INIT state. The issue might be seen with any service configured with multi-hop BFD enabled. Traffic forwarding will not be affected. PR1109660
  • This issue is a regression defect introduced in Junos OS Release 11.4R11, 12.1R10, 12.2R8, 12.3R6, 13.2R4, 13.3R2, 14.1R1. After upgrading to those releases containing the original fix, when there is no export policy configured for the forwarding table to select a specific LSP, whenever routes are resolved over RSVP (for example, due to aggressive auto-bandwidth), the resolver will spend considerable amount of time on the resolver tree, which contributes to the baseline increase in rpd/Routing Engine CPU. PR1110854
  • On MX Series routers containing multiple Packet Forwarding Engines such as MX240/MX480/MX960/MX2010/MX2020, with MPC3E/MPC4E/MPC5E/MPC6E cards, if the routers have GRE decap, then certain packet sizes coming via these line cards, at very high rate can cause these line cards to exhibit a lockup, and one or more of their Packet Forwarding Engines corrupt traffic towards the router fabric. PR1117665
  • During the LSP switchover, the hiwatermark might get set to an unexpectedly high value. The issue happens due to an incorrect reference point taken while calculating the Max avg BW in the last interval, and this results in an incorrect Highest Watermark BW in the autobandwidth stats. PR1118573
  • MX Series router acting as an L2TP access concentrator (LAC) might not recognize the MLPPP protocol field (0x003d) in the inbound PPP packet from the customer premise equipment (CPE) and could disconnect the session not respecting idle-timeout. The traffic forwarding might be affected. PR1123233
  • On MX Series platforms, the MS-MPC crash might occur. The exact trigger of the issue is unknown; normally, this issue might happen over long hours (e.g, within a week) of traffic run (e.g, running HTTP/HTTPS/DNS/RTSP/TFP/FTP traffic profile). PR1124466
  • In an EVPN scenario, the EVPN route table between the master Routing Engine and backup Routing Engine would be different (unused garbage routes will appear) once Routing Engine switchover (e.g, by rebooting the "old" master Routing Engine or performing a graceful Routing Engine switchover) is performed, which might cause a kernel crash on the new master Routing Engine in some cases. PR1126195
  • When Junos OS devices use the Link Layer Discovery Protocol (LLDP) , the command “show lldp neighbors”' displays the contents of PortID Type, Length, and Value (TLV) received from the peer in the field 'Port Info', and it could be the neighbor's port identifier or port description. A Junos OS CLI configuration statement can select which “interface-name” or “SNMP ifIndex” to generate for the PortID TLV, so we do not have any problem as long as two Junos OS devices are connected for LLDP, but we might have an interoperability issue if another vendor device that can map the configured 'port description' in the PortID TLV is used. In this case, Junos OS displays the neighbor's PortDescription TLV in the Port info field, and if the peer sets the port description whose TLV length is longer than 33 byte (included), Junos OS is not able to accept the LLDP packets and then discards the packets as errors. The PortID TLV is given as : "the port id tlv length = port description field length + port id subtype(1B)". PR1126680
  • In multi-homing Ethernet VPN (EVPN), if there are two loopback addresses and the router-id and the primary loopback addresses are different on the designated forwarder (DF) PE, when the link between CE and DF PE is down, the Type 4 route of old DF not deleted properly from the backup PE, causing the new DF election failure. The traffic forwarding will be affected. As a workaround, we should configure a single primary loopback address and remove "router-id" configuration statements on both multi-homing PEs. PR1126875
  • On MX Series routers with MS-MIC (or possibly, MS-MPC is affected as well), changing the configuration of sampling input parameters, such as "rate" under forwarding-options, is not reflected without restarting the line card. PR1131227
  • CLI output of "clear services sessions" gives an impression to the user that the session is marked for deletion in case of delayed delete, but the XML output "clear services sessions|display xml"of the above command says "session removed." Ideally both should convey the same message to the user. The changes have been made to make sure CLI and XML information given to the user in sync. PR1132006
  • When customers do changes under "protocol router-advertisement interface X" (such as changing timers, etc.), they expect that a commit would trigger a new router-advertisement being sent out to notify hosts about configuration changes. However, this does not seem to be the case, unfortunately. It makes the router information to expire on hosts and causes obvious loss of connectivity for the hosts. PR1132345
  • The subscribers login rate could be degraded when IGMP/MLD is enabled on the dynamic demux interface. PR1134558
  • MXVC-Same subnet VC-heartbeat polling failed to recover. PR1136119
  • On MX Series platforms with MIC3-3D-1X100GE-CFP, after unified In-Service Software Upgrade (ISSU), the Junos OS upgrade is successful, but the 100GE port will be down, and the traffic forwarding will be affected. PR1136269
  • While checking JNH pool usage on MPC cards, the error listed below might be logged due to the fact that those cards do not have physical bulk DMEM. This has been addressed by adding an extra check in the code before fetching the data from the card. NPC4(faraday-re1 vty)# sh jnh 0 pool usage EDMEM overall usage: [NH////////|FW////////|CNTR///////////|HASH/////|ENCAPS////|--------------- ---------] 0 4.0 8.0 14.0 18.0 22.0 32.0M Next Hop [*******************|------|RRRRRRRRRRRRRRRRRRRRRRRRRRR] 4.0M (36% | 64%) Firewall [|-------------------------|RRRRRRRRRRRRRRRRRRRRRRRRRRR] 4.0M (1% | 99%) Counters [****************************|--------------------------------------------- ------] 6.0M (35% | 65%) HASH [****************************************************] 4.0M (100% | 0%) ENCAPS [******************************************************] 4.1M (100% | 0%) Shared Memory - NH/FW/CNTR/HASH/ENCAPS [-------------------------------------------------------------------------- ------] 10.0M (0% | 100%) NPC4(faraday-re1 vty)# [Feb 4 09:39:55.377 LOG: Err] jnh_partitions_show_usage_helper(8835): Error from (PFE 0) jnh_partitions_get_usage_stats. PR1136481
  • In a IGMP oversubscriber environment with the configuration statement "remove-when-no-subscribers" configured, after performing graceful Routing Engine switchover, subscribers with multicast joins cannot re-login when the subscriber logs out before it sends an IGMP leave in the new master. PR1136646
  • Insufficient time to allow an MPC5/MPC6 card to lock on the clocking source during FPC boot time might cause the Major Alarm raised due to "PLL Error." PR1137577
  • On MS-MIC, TCP session Up/Down causes JSERVICES_NAT_* and JSERVICES_SESSION_* messages even though severity level "none" is configured for services. PR1137596
  • When successive back-to-back commits are performed on a scaled configuration, there could be a timeout or a delay in completing the commit check operation. PR1139206
  • Using several Junos OS 15.1 daily builds post 15.1Rx, the IPFIX flow data for ICMPv6 packets, value of ICMPv6 type, and code (icmpTypeCodeIPv6) are wrongly stored as L4 source port (sourceTransportPort). This issue is observed on both MPC7E and MPC3E. This issue now fixed and committed to 15.1F5. PR1139986
  • JNH periodically attempts to recover memory no longer in use. Recently, when firewall address space was expanded to 16M, a side effect was triggered -- memory recovery was extended to 16M as well. On the Hercules line card, Firewall does not use a small block of IDMEM, causing JNH to attempt the return of the unused memory. There is no mechanism for recovery of IDMEM, therefore, this message is displayed. Excepting the syslog impact, there is no further effect on the line card. PR1140021
  • In Junos OS Release 15.1F4, "show chassis environment" "Routing Engine 0 CPU" does not show Routing Engine CPU temperature as Junos OS Release 15.1F4 does not have the fix to make available the CPU temperature in Junos OS from HOST. "Routing Engine 0 CPU" instead shows the maximum of the Routing Engine inlet and exhaust sensors reading. PR1140187
  • On VMX platforms with Junos OS Release 14.1R5 and later, when traffic runs over an extended period of time (e.g., 10 hours), Scheduler Oinker messages might be seen on fpc 0 for various threads. The threads are mostly Packet Forwarding Engine Manager, COS HALP, and Idle. This is unlikely to affect traffic. PR1140360
  • After removing a child link from AE bundle, the AE interface statistics in the SNMP MIB might show a spike. PR1140533
  • From Junos OS Release 14.1R4, 14.2R3, 15.1, and later, when a firewall filter is applied to NG-MPC, after system reboot, the Routing Engine might go into amnesiac mode. PR1141101
  • On MX Series platforms with FPC3, the octets of IPv4 source and destination addresses in the firewall log are listed reverse; this might affect troubleshooting. The IPv6 log works fine. This is a minor issue, there is no other service impact. PR1141495
  • The unified in-service software upgrade (ISSU) never works fine the when hyper-mode feature is enabled on enhanced MPCs such as MPC3E, MPC4E, MPC5E, and MPC6E. Prior to Junos OS Release 15.1R3/15.1F4/14.1X51-D60, both ukernel image and ucode image are getting upgraded to normal mode; while from those releases and later, traffic will be dropped on Enhanced MPCs, the issue can be recovered by rebooting enhanced MPCs. PR1144648
  • In certain affected Junos OS releases, executing "show arp" or "clear arp" might trigger a kernel panic. This is caused by insufficient buffer space in the routing socket requested by the "arp" utility. PR1145920
  • When a route in VRF has a indirect next hop, and the indirect next hop is pointing to an interface which is using an un-numbered address, then the route in the VRF table might be stuck in the KRT queue. PR1147776
  • On MX Series platforms, in a multicast subscriber management environment (e.g., IGMP is configured for subscribers in dynamic profile), when nonstop active routing (NSR) is enabled, if the routing protocol process (rpd) is busy or hundreds of multicast groups are active (e.g., 250), the missing multicast entries issue might be seen after performing Routing Engine switchover twice or more (i.e., the first Routing Engine switchover works fine, and the issue might occur from the second switchover and onward). As a workaround, this issue could be avoided by issuing the CLI command "restart smg-service" on the backup Routing Engine after every switchover. PR1149065
  • When a routing instance is configured with "routing-instances <instance name> routing-options localized-fib," then VPN localization might fail, causing all routes for the affected routing instance to be installed on all Packet Forwarding Engines. PR1149840:
  • Commit error after attempting to delete all guaranteed rates on all traffic-control-profiles associated with demux0 [edit] lab@mx480-J12_09# commit re0: [edit class-of-service interfaces] 'demux0' IFL excess rate not allowed on interface (demux0), please specify guaranteed rate on at least one IFL error: configuration check-out failed. PR1150156
  • Routers using inline Layer 2 services might experience fabric degradation and FPC restart. This problem is amplified by fragmented and out-of-order packets. This log entry might be seen during the error state: Host Loopback:HOST LOOPBACK WEDGE DETECTED IN PATH ID 0. PR1153750

Class of Service (CoS)

  • On MX104 platforms, when applying the "rate-limit" and the "buffer-size" on the logical tunnel (lt-) interface on the missing MIC (not inserted on MPC), a commit failure with error message would occur. As a workaround, this issue could be avoided by applying the "rate-limit and "buffer-size" on the inserted MIC, then commit. PR1142182
  • "op 8 (COS Blob) failed" messages might be seen in the syslog for vmx when rebooting the FPC. PR1156450

Forwarding and Sampling

  • On MX80 and MX104 platforms, applying a firewall filter with an MX Series specific match condition will raise the following warning message: Filter <filter_name> is MX Series specific; will not get installed on DPCs for interface <interface_name>. This warning message is needed for the other modular-type MX Series platforms since they can have DPC and MPC mixed. But the message is not needed for MX80 and MX104 platforms since they only have the MX series-based Packet Forwarding Engine. Although the warning message indicates that the relevant firewall filter is not installed, the firewall filter is correctly installed into the Packet Forwarding Engine. Thus, the user can ignore the message in case it is logged on MX80 and MX104 platforms. PR1138220
  • On MX Series-based platforms, in race condition, when using the policer that has the configuration statement "bandwidth-percent" configured (e.g., set firewall policer XXX if-exceeding bandwidth-percent 80), if the logical interface (IFL) bandwidth change and the filter bind message arrive at the Packet Forwarding Engine out of order (e.g., when changing the bandwidth of the IFL or rebooting the FPC), the "bandwidth-percent" policer might end up using physical interface (IFD) bandwidth for "bandwidth-percent" computation. PR1154034

High Availability (HA) and Resiliency

  • On MX240/480/960/2010/2020 platforms with Junos OS Release 15.1R1 and later, in a high-scale scenario (e.g., there are 4 million routes or more), the connection between Routing Engine and the FPC(s) might flap after performing graceful Routing Engine switchover (GRES). The other symptoms are intermittent packet drops between the Routing Engine and FPC during regular operation without performing GRES and scaled scenario. PR1146548
  • Unified ISSU between Junos OS Release 15.1F3 and earlier to Junos OS release 15.1F4, and ISSU between releases from Junos OS Release 15.1F4 to Junos OS Release 15.1F5 will result in a core dump and could lead to PR1161491. The same might happen when the ISSU is done from 14.2R4/R5 to 15.1F5 only. This issue happens due to an inconsistency in port numbering between two port types in the releases. There could be other consequences due to this issue in the upgraded release that might hamper functionality on some types of ports only. PR1161491

Infrastructure

  • In scaling setup (in this case, there are 1000 VLANs, 1000 bridge domains, 120 IRB interfaces, 120 VRRP instances, BGP, and IGP), if the routing protocols are deactivated and activated, there might be a chance that the pending route stats are not cleaned up, which will cause the stats infrastructure to have stale pointers and lead to memory corruption in socket layers. The system might go to the db prompt because of this. All the traffic going through the router will be dropped. PR1146720

Interfaces and Chassis

  • On dual Routing Engine platforms, when adding the logical interfaces (IFLs) and committing, due to the device control process (dcd) on the backup Routing Engine might fail to process the configuration and keep it in the memory. In some cases (not happening all the time), it might be observed that the memory of the dcd keeps increasing on the backup Routing Engine. PR1014098
  • jnxBoxDescr is reworded for MXVC to replace the platform type with a more general representation that replaces the specific member platform type with "Virtual Chassis." Old virtual chassis text example: jnxBoxDescr.0 = member0 Juniper MX240 Internet Backbone Router. New virtual chassis text example: jnxBoxDescr.0 = member0 Juniper MX Virtual Chassis Internet Backbone Router. NOTE: The MIB design for jnxBoxAnatomy "top-level" chassis information works properly for a standalone chassis, but does not fully represent virtual chassis multi-member configurations because it is capable of providing information for only one physical chassis. (The remainder of the jnxBoxAnatomy MIB "containers" properly support the inventory of a multi-member configuration.) MX virtual chassis provides another MIB, jnxVirtualChassisMemberTable, to supply the equivalent "top-level" information. PR1024660
  • MS-DPC might crash when allocating chain-composite next hop in an enhanced LAG scenario. PR1058699
  • During failure notification state machine, CFM does not correctly transit from DEFECT CLEARING state to RESET once the error indication has been cleared. As a consequence, all the forthcoming errors will be considered post errors and will be reported right away without incurring the fngAlarmTime. This is a cosmetic problem. PR1096346
  • When DHCP subscribers are terminated at specific routing-instances and the interface stack is IP demux over vlan-subinterface over AE interface, there might be a memory leak in the kernel AE iffamily when subscribers log in/log out. PR1097824
  • The following CLI configuration statement needs to be used for the CFM session to work: "set chassis aggregated-devices disable-lag-enhanced." Enhanced-lag is enabled by default in the system when the system is configured with enhanced-ip. CFM is not supported with enhanced-lag at present. PR1116826
  • If two redundant logical tunnel (rlt) sub-interfaces are configured in the same subnet and in the same routing-instance, a sub-interface will be down (this is expected), but if the sub-interface is removed from the routing-instance later, after disabling and enabling the rlt interface, a sub-interface might remain in the down state unless you remove the configuration of the rlt interface and then do a rollback. PR1127200
  • In the dual Routing Engines scenario with fast-synchronize configuration, an interface is added as part of an interface-set configuration. When the interface is deactivated, as fast-synchronize is configured, the commit check operation is not executed on the backup Routing Engine. Due to this, the commit check error is not caught and the commit operation is forwarded to the backup Routing Engine, also resulting in error conditions at run time. PR1128038
  • MXVC-specific behavior for SNMP walk of jnxOperating* containers was divergent from the physical MX Series. Returned to vergence. PR1136414
  • When micro Bidirectional Forwarding Detection (BFD) sessions are configured for link aggregation group (LAG), the device control process (DCD) acts as the client to the micro BFD session. In order to monitor the connection between client (DCD) and server(BFD), the client needs to exchange keepalive hello packets with the server. To send hello packets, DCD needs to move out of IDLE phase to CONFIG_BFD phase, which is the reason for the following log messages: dcd.c:585 dcd_new_phase_if_idle() INFO : Current phase is IDLE, going to phase CONFIG_BFD usage.c:75 dcd_trace_times() INFO : Phase Usage for IDLE : user 0.001 s, sys 0.000 s, wall 60.019 s dcd.c:717 dcd_new_phase() INFO : New phase is CONFIG_BFD usage.c:75 dcd_trace_times() INFO : Phase Usage for CONFIG_BFD : user 0.000 s, sys 0.000 s, wall 0.000 s dcd.c:717 dcd_new_phase() INFO : New phase is IDLE There is no functionality impact; however, these messages might flood the logs. As a workaround, we can filter out these messages from being written to the log file according to this KB article. PR1144093
  • In MX-VC or VRR platforms running Junos OS Releases of 15.1 built before about February 2016, the following cosmetic warning message will be displayed upon commit: [edit] 'chassis' warning: WARNING: MPC reboot or chassis reboot is required to use MIC aware dynamic power management feature on already plugged-in MPCs. PR1144295
  • Customer might see errors when doing 'show interface interface-set queue <if set>' for a pure numeric interface-set name. router> show interfaces interface-set queue 803 error: cannot decode interface name `803': invalid device name. PR1154667
  • MX Series Routing Engine high CPU due to stale ifmon process. PR1162521

Layer 2 Features

  • There is a bug in code of handling the redistribution of PPM (periodic packet management) Transmit and Adjacency entries for LACP, when the Interface entry is in pending distribution state. This issue might cause a ppmd crash after graceful Routing Engine switchover. PR1116741

MPLS

  • In MPLS scenarios, removing the "family mpls" configuration from an outgoing interface might cause inet and/or inet6 next hops associated with that interface to unexpectedly transit to dead state. Even adding back "family mpls" cannot restore it. PR1067915
  • For advertising IPV6 packets over the MPLS GRE tunnel, the IPv6 address gets stuck in KRT queue. PR1113967
  • When a PLR is a non-Juniper router, Juniper ingress node might stay on the bypass tunnel and ignore the CSPF result. PR1138252
  • When a link fails on an RSVP LSP which has link-protection or node-link-protection configured, the PLR (point of local repair) will initiate a bypass LSP and the RSVP LSP will be tunneled on this bypass LSP. However, if now the bypass LSP is brought down because there is a link failure on it, the PLR might only send out a session_preemted PathErr message to the upstream node without sending a ResvTear message. Hence the ingress node does not receive a ResvTear message and the RSVP LSP is not immediately torn down. The RSVP LSP will remain UP for more than 2 minutes until the RSB (Resv sate block) on the ingress's downstream node gets timed out and it sends a ResvTear message to the ingress. PR1140177
  • There is no entropy label for LDP route in a scenario of LDP tunneling across a single hop RSVP LSP with label 0 (explicit-null) used. As workaround, either remove LDP tunneling or RSVP explicit-null will resolve the issue. PR1142357
  • This issue is related to inter-op between multi-vendor scenario. This fix will add sub-object RRO which will help change of label during FRR active scenario. PR1145627
  • With NSR enabled and LDP configured, the rpd process might crash and restart on the new master Routing Engine after a Routing Engine switchover. PR1155002

Network Management and Monitoring

  • A merge conflict was incorrectly resolved by changing the SNMP trap value of jnxDomLaneNotifications to 26. The correct value will always be 25. PR1145144
  • When polling SNMP IF-MIB table on VMX platforms, the unicast packet counters, such as "ifInUcastPkts" and "ifHCOutUcastPkts" are always zero for IFD (port- level) interfaces. PR1155895

Platform and Infrastructure

  • When using MX2020 platforms in a Virtual Chassis (VC) environment, if the Virtual Chassis port (VCP) is located on the local Packet Forwarding Engine whose number is greater than 63 (i.e., VCP is located on local slot 16 or higher), the multicast traffic that should be sent to VCP will be dropped internally due to a software issue. As a workaround, please configure the VCP ports on the local chassis (local MX2020) slot 0 to 15, not 16 or higher. PR1008676
  • On MX Series-based platforms, when learning the MAC address from the pseudo-IFL (for example, label-switched interface), if the MAC address is aged out in the source FPC where the MAC got learned, due to the delay (around 2 to 3 milliseconds) of MAC address deleting message processed in the source FPC and the egress FPC (destination FPC of the traffic), the MAC address might be deleted first from the egress Packet Forwarding Engine but get added again during these 2-3 milliseconds time intervals (As there is continuous traffic coming on the egress FPC destined to this MAC, the MAC query is generated and sent to the Routing Engine and source FPC. Since the source FPC has not yet processed the MAC-deleted message, it sends the response, so stale MAC will get added on the egress Packet Forwarding Engine). In this situation, no L2 flooding would occur for the "unknown" unicast (since the MAC address is present on the egress Packet Forwarding Engine). PR1081881
  • With ECMP-FRR enabled, after rebooting the FPC which hoisting some ECMP links, the ECMP-FRR might not work. Clearing any of BGP sessions (that is the part of ECMP) could help to clear this issue. PR1101051
  • For IPv6 packet with "no next header" in Hop-By-Hop header, if the Hop-By-Hop header length field value is large than 112, the router will drop such packet and log the following error: PPE PPE HW Fault Trap: Count 105, PC 60ce, 0x60ce: ipv6_input_finished_parsing LUCHIP(3) PPE_10 Errors lmem addr error PR1130735
  • NTP.org published a security advisory for thirteen vulnerabilities in NTP software on Oct 21st, 2015. These vulnerabilities may allow remote unauthenticated attackers to cause Denial(s) of Service(s), disruption of service(s) by modification of time stamps being issued by the NTP server from malicious NTP crafted packets, including maliciously crafted NTP authentication packets and disclosure of information. This can impact DNS services, as well as certificate chains, such as those used in SSL/https communications and allow attackers to maliciously inject invalid certificates as valid which clients would accept as valid. PR1132181
  • Too many duplicate ACK messages are generated from Packet Forwarding Engine for TCP control connection with Routing Engine. This could cause: 1. MX-VC DDoS protection violation for VC-control low queue and makds MXVC split. 2. Cause Routing Engine and FPC high CPU utilization. PR1133293
  • With scaled firewall filters attached to interfaces (e.g. 10k+ filters), running "show configuration" command can cause high CPU of the mgd process. As a workaround, we can use "show configuration |display set" command to view the configuration. PR1134117
  • On ungraceful exit of telnet (quit/shell logout), perm and env files created by pam were not deleted. PR1142436
  • When the CLI command "show pfe statistics exceptions | match reject" is executed CPROD thread in the Packet Forwarding Engine may hog the CPU and result in FPC crash. PR1142823
  • Sometimes Inline jflow incorrectly reports SNMP index of internally generated LSI interface instead of SNMP Index of Actual outgoing interface in Information Element ID 14 in VPLS IPFIX flow records. PR1143699
  • In certain affected Junos OS releases, executing "nhinfo -d" shell command might trigger a kernel panic. This is caused by insufficient buffer space in the routing socket requested by the "nhinfo" utility. PR1148220
  • When the configuration with 6K BFD sessions with 50ms is committed, few BFD sessions may flap while coming up. PR1148977
  • On MX2010 and MX2020 platform, when error that causes adapter card (ADC)/Switch Fabric Board (SFB) initialization failure occurs (e.g. when Switch Processor Mezzanine Board (SPMB) is bringing up the ADC/SFB which has hardware issue), the SPMB crash occurs. PR114991
  • When the NTP server address is configured in VRF table and reachable from inet.0 by static configuration (for example, by configuring static/route/next-table/VRF.inet.0), and NTP source-address is configured, the ntpd (the Network Time Protocol daemon running on NTP client) might pick the wrong source-address instead the configured source-address. As a result, NTP server cannot reply the NTP packet back. PR1150005
  • Two interrupts are received from the FPGA on the control board of the MX2010/MX2020 platforms for every i2c transaction triggered from software. Only one is expected. PR1151674
  • During the unified ISSU upgrade, line cards may crash causing service impact. When the lines cards come up, there may be a programming issue as a secondary impact and some IFLs may not pass traffic. Affected line cards need to be rebooted to recover from this condition. PR1152048
  • On MX Series routers with Junos OS release 14.2R5-S1, when we specify a multiservice (ms-) interface to add a timestamp to Real-time Performance Monitor (RPM) probe messages, it will cause the mspmand process to crash and the MS-MPC/MS-MIC keep crashing. As a workaround, we should configure RPM to perform timestamping either on the Routing Engine (Routing Engine based RPM) or on an installed MPC Packet Forwarding Engine (Inline-RPM). PR1152785
  • Fixed an issue with Inline Jflow where the Observation Domain field in exported IPFIX datagrams were always using the value attributed for LU0 in MPCs with multiple LUs per forwarding-engine. PR1152854
  • On MX Series platform, when MPC goes down ungracefully, other MPC in the chassis will experience "destination timeout". Due to this event, auto fabric-healing will get triggered due to "destination timeout" condition. Due to the software issue the fabric-healing starts from Phase-1 and in some cases it can go upto Phase-2 causing all other MPCs to be restarted. PR1156069
  • From Junos OS release 15.1F5 and later, the hidden configuration statement "filter-list-template" will be enabled by default for all firewall filters on MX Series based platforms to use a common program on MX Series boards for all interfaces that use the same filter list. This can save MX Series board microkernel memory and DMEM memory. The hidden configuration statement "no-filter-list-template" can be configured to disable this behavior. PR1157079
  • Fixed an issue on where MX Series cards could crash while programming a firewall filter containing flexible-match-mask. PR1157759
  • With Junos OS Release 15.1F2 and later, when inline sampling is enabled on MX Series-based FPC, the srrd (Sampling Route-Record Daemon) process would be created to maintain, collect and export JFLOW records. On a regular time intervals, the srrd scans through the sampling database for any update/change in the record. In a scaled environment with more route churn, for example 1.14M routes, the scan process might hog CPU for more than 2.5sec which leads to FPC crash. In some situations, the scan process can run for longer time without causing FPC crash, but it can cause BFD sessions to flap. PR1158154
  • The following commit warning may be seen when using configure private and multi-line comments. This causes the commit to not complete. warning: outgoing comment does not match patch. PR1161566

Routing Policy and Firewall Filters

  • When a malformed prefix is used to test policy (command "test policy <policy name> <prefix>"), and the malformed prefix has a dot symbol in the mask filed (e.g. x.x.x.x/.24), the rpd process might crash. PR1144161
  • From Junos OS Release 13.2R1, an attempt to commit a configuration with a dangling conditional policy referring a non-existent/inactive routing-instance will be permitted. If we have a conditional policy referring an active routing-instance, deleting/deactivating this routing-instance and then committing will cause the rpd process crash. As a workaround, we should always make sure that conditional policies are referring active routing-instances. PR1144766

Routing Protocols

  • On dual Routing Engine platform with GRES and NSR enabled, after Routing Engine switchover, the rpd might crash when trying to destroy a CNH NH (composite next hop, for example, it would be created in PIM, L3VPN, MVPN scenario and so on) with valid reference on it. It is because that during switchover (while backup rpd switches to master), there is a transition period where rpd switched to master mode but KRT is still in backup mode. If KRT (still in backup mode) receives a CNH addition followed by Route additions using this CNH during this phase, it would result in CNH in KRT with valid route references yet on expiry queue. It is hard to reproduce, in this case, it occurs after Routing Engine switchovers consecutively at two times. PR1086019
  • IGMPv2 working in v2/v1 compatibility mode does not ignore v2 Leave messages received on a bridge-domain's L2 member interface. Moreover, an IGMP snooping membership entry for the respective group at this L2 member interface will be timed out immediately upon IGMPv2 Leave reception, even when there are some other active IGMP hosts attached to this L2 member interface. It might breaks multicast forwarding for this L2 member interface. PR1112354
  • When two (or more) route target communities of MP-BGP route match to two (or more) route target communities in VRF import policy of a RI duplicate routing entries might be installed in the RI. In the output of 'show route table <RI name>.inet.0 detail' two identical routing entries appear with one being marked as 'Inactive reason: Not Best in its group - No difference'. When such duplicate routing information is to be deleted, rpd process process will crash. PR1113319
  • During many types of configuration changes, especially including import policy, BGP has the need to re-evaluate the routes it has learned from peers impacted by the configuration change. This re-evaluation involves re-running import policy to see if there is any changes to the learned routes after applying the new policy. This work is done in the background as part of an "Import Evaluation" job. When BGP is reconfigured a second time, and the "Import Evaluation job" has not completed, it is necessary to re-run the job from the beginning if there's another change to policy or something with similar impact. This state is noted as "Import Evaluation Pending". However, in this case, there was a bug that caused BGP to always enter the pending state upon reconfiguration, regardless of whether relevant changes were made to import or other similarly impactful configuration. The result is that once it is necessary to start re-evaluation of the routes for a peer, even trivial configuration changes that happen too quickly will cause the "Import Evaluation job" to need to run again as a result of the "Pending" flag being set. To avoid the issue, please ensuring that "ImportEval" is not present in a BGP peer's Flags output from the CLI (show bgp neighbor) prior to doing even trivial commits. PR1120190
  • In multicast environment, when the RP is FHR (first hop router) and it has MSDP peers, when the rpf interface on RP changed to MSDP facing interface, due to the multicast traffic is still on the old rpf interface, a multicast discard route will be installed and traffic loss will be seen. PR1130238
  • On dual Routing Engine platform with Bidirectional Forwarding Detection (BFD) protocol enabled, after graceful Routing Engine switchover (GRES), the periodic packet management process (ppmd) might crash on backup Routing Engine due to a software defect. PR1138582
  • RPD cores while processing PIM hellos. There is no known workaround for this problem. RPD core seems to happen sometimes when a *g and sg's vanishes mostly due to LHR becoming a Non-DR from a DR. PR1140230
  • With NSR configured, when the BFD sessions are replicated on backup Routing Engine, the master will not send the source address, instead backup Routing Engine will query the kernel to get the source address. In rare cases, the query might fail, resulting in the source address as all zeros. Later, if a GRES switchover happens, new master will have this all zeros source address. When BFD packet with this source address is send out, the other end will drop the BFD session due to no matching session (source address). PR1145612
  • Core seen when BMP station was passive, and the BMP Collector was terminated non-gracefully, and BMP station was not properly cleaned up. PR1154017
  • When a BFD session is configured over an Aggregated Ethernet interface located on a MPC and the MX Series chassis is set to non-enhanced IP or Ethernet network service mode, with Junos OS version 15.1F2 or later, the BFD session might be unstable. PR1162716

User Interface and Configuration

  • Junoscript traceoptions are available. PR1062421
  • When entering the "restart r" incomplete command in the CLI, the command "restart routing" is executed. It should throw an error like "error: invalid daemon: r". PR1075746
  • From Junos OS Release 13.2R1 and later, the committed process might crash while committing large configurations in a single commit, for example, committing 250k lines of config on top of existing configuration. This issue is due to a lack of storage space for current and running configurations. PR1159462

VPNs

  • For a next-generation multicast VPN (NG-MVPN) using ingress replication provider tunnels, if both IPv4 and IPv6 are configured, when receiver PE advertises different labels for IPv4 and IPv6 in type-1 BGP route, the source PE will create two provider tunnels to carry IPv4 and IPv6 traffic both and causing duplicated multicast traffic. PR1128376
  • If one VRF has Draft-Rosen 6 MVPN for IPv4 and Next-Generation MVPN for IPv6, when walking through SNMP MIB for MvpnSpmsiTable, the rpd process may hit NULL pointer and crash. The routing protocols are impacted and traffic disruption will be seen due to loss of routing information. PR1145241

Resolved Issues: 15.1F4

Class of Service (CoS)

  • This PR does optimization in AE SNMP handling. If all the links in an AE bundle go down, then any COS SNMP query for this AE IFD/IFL will return cached values. PR1140440

Forwarding and Sampling

  • On all Junos OS platforms, when both the filter and the policer are configured for an interface, in rare cases, the policer template may not be received by Packet Forwarding Engine (from the Routing Engine) when it is referenced by the filter term (normally the policer template gets received before the filter term referencing it which is ensured by mechanism in Routing Engine kernel). In this situation, the FPC would crash due to this timing issue. This issue might be avoid by the recommended steps below: 1. Deactivate the physical interface (IFD) and commit 2. Enable any filter and policer that attached to the interface (e.g. IFL) and commit 3. Activate interface back. PR1128518

General Routing

  • No performance or functional impact. Can be safely ignored. "Ignore the PTP message (2) as this MPC doesn't support EEC" should be moved from notice to debug level. PR1020161
  • There is a remote loop back feature in 802.3ah standard, where one end can put remote end into remote-loopback mode by sending enable loopback control lfm PDU. In remote loopback, all incoming packets (except lfm packets) are sent back on wire as it is. Transmit or receive of lfm packets should not be affected when an interface is in remote loopback mode. On VMX platform when we configure the lfm remote-loopback we run into problem state. In problem state we see that the LFM packets sent from node which is in loopback state is not reaching the peer end hence we will not see the remote entity information for the "run show oam ethernet link-fault-management" command on peer router. PR1046423
  • After executing CLI command "show route extensive", routing protocol process (rpd) may get into infinite loop and not respond anymore because the command may get executed a couple of times itself. In this situation, rpd high CPU utilization (running over 90% sometimes) might be seen on the device, and also the memory which used to store the command output would not be freed during those executions (in normal utilization, the memory uses about 160KB, but in problematic situation, it can swell to 3GB size), which would lead to rpd crash eventually after memory exhaustion. PR1104090
  • When Bridge domain in PBB-EVPN Routing instance is modified to add/remove ISIDs BD can get stuck in destroyed state. This happens when ISIDs in the Bridge domain are changed from 1 to many or many to 1. This is only noticed during configuration changes or initial deployment. PR1107625
  • In rare condition, after Routing Engine switchover, the MPC PIC might be offline, and some error messages might be seen. PR1110590
  • On dual Routing Engine MX Series platform, the "xe" interfaces of any of the line cards below may flap during unified in-service software upgrade (ISSU) due to missing support. The flapping may not happen every time and the probability of occurrence would increase if more number of SFP+ (e.g. SFP+-10G-SR) are connected on the FPC. The affected line cards are, * MIC3-3D-10XGE-SFPP * MPC4E-3D-32XGE-SFPP, MPC4E-3D-2CGE-8XGE * MPC5E-40G10G, MPC5EQ-40G10G * MX2K-MIC6-24XE, MX2K-MIC6-24XE-OTN. PR1118379
  • On MX240/MX480/MX960/MX2010/MX2020 products with MPC2E-3D-NG/MPC2E-3D-NG-Q/MPC3E-3D-NG/MPC3E-3D-NG-Q with MIC-3D-4XGE-XFP, IFD flap detection is much slower. It might lead to high FRR time, some traffic might be lost. PR1122589
  • This is a cosmetic issue that vMX firewall logs may show wrong packet length for dropped packets. PR1124855
  • With BGP configured on CE-faced interfaces (in VRFs), doing 'show route' frequently may cause rpd to slowly leak memory. The leak rate will be one memory block of the size necessary to hold the instance name of the routing instance for a BGP neighbor. If the rpd process memory is exhausted, the rpd process might crash, and the routing protocols are impacted and traffic disruption will be seen due to loss of routing information. You can check rpd memory usage with "show task memory brief" command. PR1124923
  • In multihoming EVPN scenario and the customer facing interface is an AE interface, after moving an interface from the EVPN instance into a VPLS instance, traffic loss might be seen on CE facing FPC. PR1126155
  • EVPN route attributes like the label and Ethernet segment identifier (ESI) may be missing from EVPN family routes installed by BGP. PR1126770
  • In 15.1F3 RPD core can be seen on previous master after performing Routing Engine switchover. PR1128023
  • In current Juniper Networks implementation, the IPv6 multicast Router Advertisement timer is not uniformly distributed value between MinRtrAdvInterval and MaxRtrAdvInterval as described in RFC 4861. PR1130329
  • On MX Series based line card, multiple modifications of firewall filter might cause lookup chip error and traffic blackhole, following jnh_free error messages could help to identify this issue: messages: fpc1 jnh_free(10212): ERROR [FW/3]:1 Paddr 0x006566a9, addr 0x2566a9, part_type 0call_stack 0x40497574 0x418ffa84 0x41900028 0x418ecf94 0x41861690. PR1131828
  • 100G interface in MPC3E is not coming up after unified ISSU in sync. PR1136269

Interfaces and Chassis

  • The adaptive load balancing counters are always zero for aggregated Ethernet (AE) bundles on MICs or MPCs of MX Series routers. PR1101257
  • The following CLI configuration statement needs to be used for CFM session to work. "set chassis aggregated-devices disable-lag-enhanced". Enhanced-lag is enabled by default in the system when the system is configured with enhanced-ip. CFM is not supported with enhanced-lag at present. PR1116826
  • On Junos OS platform, an aggregate-ethernet bundle having more than one member link can show incorrect speed which would not match to the total aggregate bandwidth of all member links. The issue would be seen when LFM is enabled on the aggregate-ethernet bundle. The issue would be triggered when one of the member link flaps. Although after the flap, the current master Routing Engine would show correct aggregate speed, the backup Routing Engine would report incorrect value. In this state, when Routing Engine mastership is switched, the new master Routing Engine (which was backup) will show incorrect value. One of the side-effect of this issue is that RSVP also reflects incorrect Bandwidth availability for the affected aggregate-ethernet bundle, thus can cause under-utilization of the link with LSP having bandwidth constraints. PR1121631
  • Since a bug which was introduced in 15.1R1, loopback sub-interfaces always have a Flag down in the output of CLI command "show interfaces". PR1123618
  • The connectivity fault management (CFM) log message "Adjacency up" should only be logged when the router first detects remote MEP or the peer interface goes down and up causing adjacency failure for this remote MEP. But now it is incorrectly logged when any peer set/clear the Remote defect indication (RDI) bit in continuity check messages (CCMs). PR1125164

Layer 2 Features

  • For Routing Engine generated packet with VLAN tag, if the outgoing interface is an LT interface, the VLAN tag will not be removed even the LT interface is configured with untagged encapsulation. PR1118540
  • In some rare scenarios, the MVRP PDU might be unable to be transmitted, which could cause memory leak in layer 2 control plane daemon (l2cpd), and finally results in the l2cpd process crash. PR1127146

MPLS

  • When local bandwidth accounting for inactive /adaptive standby path figures that there is not enough bandwidth to fit it in an already full link and brings it down, CSPF will not be retried on the path unless there is some change in TE database. PR1129602

Network Management and Monitoring

  • On Junos OS releases 13.1X42/14.1X51/15.1R1/15.1R2, the SNMP average response time in the output of "show snmp statistics extensive" is incorrectly calculated and might be observed with negative value. PR1112521

Platform and Infrastructure

  • When one of the "deny-commands" is incorrectly defined on the profile of TACACS+ server, all "deny-commands" regexes is ignored, which leads to an over-permissive profile without any warning. PR1078238
  • In 64-bit Junos OS environment, the Representational State Transfer (REST) API fails to start when configured with "set system services rest ...". PR1097266
  • After changing an outer vlan-tags, the ifl is getting programmed with incorrect stp state (discarding), so the traffic is getting dropped. PR1121564
  • When MX2020 or MX2010 is running with Freebsd10 based 15.1 Junos OS image, I2C error will be seen sporadically. tcbc i2c accelerator error: Group 0xX device 0xXX cmd timedout 984 usecs If the i2c error happens on voltage sensor, and it reaches count limit (9 times), chassis alarm will be shown up like this. 1 alarms currently active Alarm time Class Description 2015-09-10 06:42:40 UTC Minor CB 1 Volt Sensor Fail Those are cosmetic error but there is no way to clear the chassis alarm other than offline/online the FRU. PR1122821
  • On MX Series-based platform, when fragmented packets go through the inline NAT (including source NAT, destination NAT, and twice NAT), the TCP/UDP checksum would not be correctly updated. In this situation, checksum error would occur on the remote end (inside and outside device). Non-fragmented packets would not be affected by the issue. If possible, this issue could be avoided by either of the following workarounds, * Enable "ignore-TCP/UDP-Checksum errors" at the inside or outside device which processes TCP/UDP data OR * Make sure there will not be any fragments subjected to inline NAT functionality by appropriate MTU adjustment or setting PR1128671
  • Parity error at ucode location which has instruction init_xtxn_fields_drop_or_clip will lead to a LU Wedge. LU is lookup ASIC inside the MX Series platform. The LU wedge will cause the fabric self ping to fail which will lead to a FPC reset. This is a transient HW fault, which will be repaired after the FPC reset. There is no RMA needed unless the same location continues to fail multiple times. PR1129500
  • NTP.org published a security advisory for thirteen vulnerabilities in NTP software on Oct 21st, 2015. These vulnerabilities may allow remote unauthenticated attackers to cause Denial(s) of Service(s), disruption of service(s) by modification of time stamps being issued by the NTP server from malicious NTP crafted packets, including maliciously crafted NTP authentication packets and disclosure of information. This can impact DNS services, as well as certificate chains, such as those used in SSL/https communications and allow attackers to maliciously inject invalid certificates as valid which clients would accept as valid. PR1132181
  • PPE thread timeout trap may cause XM chip wedge, it will not affect MQ based FPC. PR1136973
  • On MX2020, when we remove whole power of a power zone, and then put the power back to the zone, FANTray LED stays Amber and FANTray LED on craft card stays OFF, and do not revert to green (FANTray LED) or ON (Craft LED) until we reboot the entire chassis system or hot swap that FAN tray. For Zone 0(PSM 0 to 8), FAN 1 shows the above described behavior. For Zone 1(PSM 9 to 17), FAN 3 shows the above described behavior. PR1138209

Routing Protocols

  • There may be stale bfd session after changing physical interface mtu. It may also cause bfd session to flap continuously or to stay in down state. PR1116666
  • When an interface is associated with a Bidirectional Forwarding Detection (BFD) session, if changing the unit number of the interface (for example, change the unit number for a running BFD session from ge-1/0/0.2071 to ge-1/0/0.285), the device may fail to change the name due the missing check for logical interface (IFL) index change. In addition, this is a software issue and may not have any service impact. PR1118002
  • When protocol MSDP is configured and then deleted, the NSR sync status for MSDP might stuck in "NotStarted", and unified ISSU might fail on master Routing Engine with reason "CHASSISD_ISSU_ERROR: Daemon ISSU Abort -1(NSR sync not complete: MSDP)". PR1129003
  • In multicast environment, when the RP is FHR (first hop router) and it has MSDP peers, when the rpf interface on RP is changed to MSDP facing interface, due to the multicast traffic is still on the old rpf interface, a multicast discard route will be installed and traffic loss will be seen. PR1130238
  • On dual Routing Engine platforms, due to software issue, OSPF (including both OSPFv2 and OSPFv3) "DoNotAge" bit (e.g. source of LSA has flood-reduction feature enabled) is not mirrored to backup routing protocol process (rpd). In this situation, after performing nonstop active routing (NSR) switchover, the LSA on new master rpd remains without "DoNotAge" bit set. Once the LSA reaches OSPF max age, the router will flood LSA purge hence route flapping might be seen on all routers under the OSPF topology. PR1131075
  • When applying add-path prefix-policy to neighbor level, all neighbors are separated into different update groups. This is not the expected behavior. There is no service impact. But if all the neighbors are configured under one peer group with huge number of peer groups, the scaling/performance will go down. PR1137501

Services Applications

  • The Point-to-Point Tunneling Protocol (PPTP) ALG is used for tunneling Point-to-Point Protocol (PPP) packets over an IP network. But if the router configures session-limit-per-prefix, the PPTP-ALG does not work. PR1128484

VPNs

  • In L2circuit environment, if one PE has pseudowire-status-tlv configured but remote has not, and at the same time, this PE does not support control-word but remote does, then it will not send changed local status code to remote PE. In a rare condition, after enable status-tlv support at remote end, the l2circuit might get stuck in "RD" state on remote PE. PR1125438

Resolved Issues: 15.1F3

General Routing

  • In MX Virtual Chassis (MX-VC) environment, if the private local nexthops and routes pointing to private local next hops are sent to Packet Forwarding Engine from the master Routing Engine and not sent to the backup Routing Engine, then a Routing Engine switchover happens. Now as the new master Routing Engine does not know about such next hops and routes, they are not cleaned up. When a next hop with same index is added on new master Routing Engine and sent to Packet Forwarding Engine, the Packet Forwarding Engine might crash due to a stale next hop. PR951420
  • In a Layer 3 wholesale configuration, DHCPv6 advertise messages might be sent out with source MAC all zeros if the subscriber is terminated on the demux interface in a non-default routing instance. For subscribers on default instance, there is no such issue observed. PR972603
  • Earlier the output of "show agent sensors | display xml" used to show sensor details and the attached server and export-profile details at the same level in xml output. This is confusing since there are multiple sensor data listed for this command and all will be shown with same indentation. After this change, the output of "show agent sensors | display xml" will be shown as the following with each <sensor> tag covering a single sensor's xml data. root@Router# run show agent sensors | display xml <rpc-reply xmlns:junos=URl>

    <sensor-information>

    <sensor>

    <sensor-name>name-of-sensor-here </sensor-name>

    <resource-name> resource-path </resource-name>

    <sensor-id>scope-id</sensor-id>

    <resource-filter>resource-filter-name </resource-filter>

    <server-information>

    <server-name>streaming-server-name </server-name>

    <scope-id>scope-id</scope-id>

    <remote address>remote-address </remote address>

    <remote-port>remote-port</remote-port>

    </server-information>

    <profile-information>

    <profile-name>export-profile-name </profile-name>

    <rep-interval>reporting-interval</rep-interval>

    <local-address>local-address </local-address>

    <local-port>local-port </local-port>

    <timestamp>timeticks </timestamp>

    <serverformat>server-export-format </serverformat>

    <transport>transport </transport>

    <dscp>code-point </dscp>

    <forwarding-class>forwarding-class </forwarding-class>

    </<profile-information>

    </sensor>

    <sensor>

    ...

    </sensor>

    PR1037064

  • Upon BFD flapping on aggregate interfaces, the Lookup chip (XL) might send illegal packets to the center chip (XMCHIP) and compromise packet forwarding and an FPC restart is needed to recover from this condition. If Fabric path side is affected, the fabric healing process will initiate this process automatically to recover from such conditions. Only MPC5E or MPC6E are exposed to this problem. PR1067234
  • When VMX is deployed, initially there is no management port configuration, so configuration needs to be applied by serial console. The console for VMX is set to 9600 baud rate. With this rate, only a small number of configuration lines can be pasted at a time. PR1068152
  • ICMP echo_reply traffic with applications like IPsec will not work with the MS-MIC and MS-MPC cards in an asymmetric traffic environment since these cards employ a stateful firewall by default. The packet will be dropped at the Stateful Firewall since it sees an ICMP Reply that has no matching session. PR1072180
  • Remnant routes seen in old master Routing Engine after Routing Engine switchover in non GRES scenario. PR1075404
  • In a two member MX Series Virtual Chassis (MXVC) environment, when "set virtual-chassis no-split-detection" is configured, if split master condition happens, which is caused by split events (i.e. loss of all adjacencies by link failure, FPC restarts, chassis power-down, Routing Engine reboots, etc), then once the VCP adjacency is formed again, the current design could not determine the best chassis to win the protocol mastership election properly. Instead, only the final election step (that is, choose the member device with the lowest MAC address) is used to elect the master device (protocol master of the VC, or VC-M). PR1090388
  • The OpenSSL project has published a set of security advisories for vulnerabilities resolved in the OpenSSL library in June and July 2015. Junos OS is affected by one or more of these vulnerabilities. Refer to JSA10694 for more information. PR1095598
  • High latency might be observed when continuous IPv6 pings are sent to VMX platform. PR1096403
  • When route convergence occurred, the new gateway address is not updated correctly in inline-jflow route-record table (route-record table is used by sampling), and the sampling traffic forwarding might be affected, but normal routing would be not affected. PR1097408
  • Some of the new revisions (for example, REV 30, REV 31) of the MICs can not come up with NG-MPC2 or NG-MPC3 line card. We can check the MIC version by CLI command "show chassis hardware detail | no-more". root@user> show chassis hardware detail | no-more Hardware inventory: Item Version Part number Serial number Description .. FPC 2 REV 14 750-054901 CADJ3871 MPC3E NG PQ & Flex Q CPU REV 11 711-045719 CADN5465 RMPC PMB MIC 0 REV 30 750-028392 CAEB9203 3D 20x 1GE(LAN) SFP <<<<<<REV>PR1100073
  • After Junos OS Release 13.3R1, IPCMON infrastructure is added to debug IPCs between PFEMAN and the Routing Engine. When convergence occurs, string processing of IPCMOM will take added time. Then the slow convergence will be seen. It is a performance issue, and it is visible in scaled scenario (for example, more than 100K routes). As a workaround, execute the command "set pfe ipclog filter clear" to disable IPC logging on all FPCs. PR1100851
  • In broadband edge (BBE) environments, for example, if the interface-set is created corresponding to SVLAN, then multiple logouts and logins will create a new interface-set index. When the interface-set index range goes above 65535, executing CLI command "show interfaces interface-set queue egress" will cause 100% CPU usage. As a workaround, we can use the specified interface-set name instead of using the wildcard. PR1101648
  • Non-queuing MPC5E might crash continuously if rate-limit under transmit-rate for scheduler is applied. As a workaround, do not configure rate-limit and use firewall policer for forwarding-class instead. MPC5EQ is not exposed. PR1104495
  • A vulnerability in OpenSSH may allow a remote network based attacker to effectively bypass restrictions on number of authentication attempts, as defined by MaxAuthTries settings on Junos OS. This may enable brute force password attacks to gain access to the device. Background: The PAM (Pluggable Authentication Modules) library provides a flexible framework for user authentication and session setup / teardown. It is used not only in the base system, but also by a large number of third-party applications. Various authentication methods (UNIX, LDAP, Kerberos etc.) are implemented in modules which are loaded and executed according to predefined, named policies. These policies are defined in /etc/pam.conf, /etc/pam.d/<policy name>, /usr/local/etc/pam.conf, or /usr/local/etc/pam.d/<policy name>. The PAM API is a de facto industry standard which has been implemented by several parties. FreeBSD uses the OpenPAM implementation. This issue is assigned CVE-2015-5600. PR1106752
  • On MX Series platform with "subscriber-management" enabled, while high-scaled subscribers (for example, 126K dual-stack DHCP v4/v6 subscribers over VLAN demux) log in/log out at high rate, MPCs and MICs that hold subscribers might crash after the bbe-smgd process restarts. PR1109280
  • In the scenario that the power gets removed from the MS-MPC, but the Routing Engine is still online (for example, on MX960 platform with high-capacity power supplies that split into two separate power zones, when the power zone for the MS-MPC line card loses power by switching off the PEM that supports the MS-MPC situated slot), if the power goes back (for example, switch on the PEM), the MS-MPC might be seen as "Unresponsive" (checked via CLI command "show chassis fpc") and not coming up back online due to failure of reading memory. PR1112716
  • On MX-VC with heartbeat connection, if it is in a scaled subscribers environment, when power down both VCM Routing Engines, there might be a delay (minutes) for backup chassis to be master and during which time, traffic blackhole might be seen. PR1115026
  • No decrement ttl does not work for incoming v6 traffic over mpls ipv4 core. PR1115203
  • For MPC6E with CFP2, there was a race condition between the Interrupt service routine and the periodic, as a result interface up/down will not happen for laser off/on. PR1115989
  • On MX Series platforms, the 10G Tunable SFP/SFP+ can not be tuned in Junos OS Release 15.1R2. PR1117242
  • The rpd process might crash when executing CLI command "show evpn database" with the combination of "vlan-id" and "mac-address". PR1119301

Infrastructure

  • Only the following directories and files are preserved when upgrading from a build prior to Release 15.1 to Release 15.1 (FreeBSD 10) . config/ /etc/localtime /var/db/ /var/etc/master.passwd /var/etc/inetd.conf /var/etc/pam.conf /var/etc/resolv.conf /var/etc/syslog.conf /var/etc/localtime /var/etc/exports /var/etc/extensions.allow /var/preserve/ /var/tmp/baseline-config.conf /var/tmp/preinstall_boot_loader.conf Anything else not listed above is deleted/formatted during the upgrade to the freebsd10 version of Junos OS. PR959012
  • When "show version detail" CLI command has been executed, it will call a separate gstatd process with parameter "-vvX". Because the gstatd could not recognize these parameters, it will run once without any parameter then exit. In result of "show version detail", following information could be seen: user@mx960> show version detail Hostname: mx960 Model: mx960 Junos: 13.3R6-S3 JUNOS Base OS boot [13.3R6-S3] JUNOS Base OS Software Suite [13.3R6-S3] JUNOS Kernel Software Suite [13.3R6-S3] JUNOS Crypto Software Suite [13.3R6-S3] <snipped> file: illegal option -- v usage: gstatd [-N] gstatd: illegal option -- v usage: gstatd [-N] <snipped> At the same time, log lines like following might be recorded in syslog: Aug 25 17:43:35 mx960 file: gstatd is starting. Aug 25 17:43:35 mx960 file: re-initialising gstatd Aug 25 17:43:35 mx960 mgd[14304]: UI_CHILD_START: Starting child '/usr/sbin/gstatd' Aug 25 17:43:35 mx960 gstatd: gstatd is starting. Aug 25 17:43:35 mx960 gstatd: re-initialising gstatd Aug 25 17:43:35 mx960 gstatd: Monitoring ad2 Aug 25 17:43:35 mx960 gstatd: switchover enabled Aug 25 17:43:35 mx960 gstatd: read threshold = 1000.00 Aug 25 17:43:35 mx960 gstatd: write threshold = 1000.00 Aug 25 17:43:35 mx960 gstatd: sampling interval = 1 Aug 25 17:43:35 mx960 gstatd: averaged over = 30 Aug 25 17:43:35 mx960 mgd[14304]: UI_CHILD_STATUS: Cleanup child '/usr/sbin/gstatd', PID 14363, status 0x4000 Aug 25 17:43:35 mx960 mgd[14304]: UI_CHILD_EXITED: Child exited: PID 14363, status 64, command '/usr/sbin/gstatd' PR1078702
  • On MX Series platform with Junos OS Release 15.1R1 or above, while a core dump is in progress, if we try to access the dump directory, due to the deadlock defect, the system might hang and crash. As a workaround, we should not access the "/var/crash" directory till the core dump is complete. PR1087082
  • On dual Routing Engine platform, if GRES is configured (triggered by "on-disk-failure"), when a disk I/O failure occurs on the master Routing Engine due to hardware issue (for example, SSD failure), the graceful Routing Engine switchover might not be triggered immediately after initial IO failure has been detected. As a result, Routing Engine might enter a state in which it responds to local pings and interfaces remain up, but no other processes are responding. PR1102978
  • With scaled configuration or there are memory leaks, if the virtual memory is running very low, the kernel might crash and the device will go in db prompt continuously due to a recursion issue. PR1117548
  • show route vpn-localization command does not show any output, but if xml format is requested, then xml output of the same command works. PR1125280

Interfaces and Chassis

  • On MX Series router, the physical or logical interfaces (ifd/ifl) might be created and marked UP before resetting FPCs' fabric planes are brought up and ready to forward traffic. As a result, traffic might be black-holed during the time window. This window of traffic black-hole is particular long if the chassis is heavily populated with line-cards, for example, the router has large scale of configuration (routes or subscribers), and coupled with a lot of FPC reset, such as upon a node power up/reset. PR918324
  • When issuing a CFM LTR from CE, link state reply, received from MX Series, acting as MHF does not contain Reply Egress TLV if ingress and ingress logical interface are located on the same IFD. PR1044589
  • During subscriber login/logout the following error log might occur on the device configured with GRES/NSR. /kernel: if_process_obj_index: Zero length TLV! /kernel: if_pfe: Zero length TLV (pp0.1073751222). PR1058958
  • For Junos OS Release 13.3R1 and later releases, after multiple (e.g. 26) iterations of graceful Routing Engine switchover (GRES), the TNP address of management interface might be deleted incorrectly during switchover, which leads to all FPCs to be offline. PR1060764
  • Trap messages do not get logged on logical interface (ifl) after deleting "no-traps" configuration statement, in spite of setting explicit "traps". PR1087913
  • On MX240 or MX480 platform with at least two DC modules (PN: 740-027736) equipped, when shutting down one of the PEMs and then turning it on again, even when the PEM is functioning, the "PEM Fan Fail" alarm might be observed on the device due to software logic bug. There is no way to clear the ALARM_REASON_PS_FAN_FAIL for I2C_ID_ENH_CALYPSO_DC_PEM once it has been raised. PR1106998
  • On all Junos OS platforms, if the "HDD /var" slice (for example, "/dev/ad1s1f" depending on the type of Routing Engine) is not mounted (for example, label missing, file system corrupted beyond repair, HDD/SDD is removed from the boot list, etc), the system may build emergency "/var/", however, no alarm or trap is generated due to the incorrect operation of the ata-controller. Although the boot messages may present the logs, it may not be sufficient enough to identify the issue before encountering other problems (for example, Junos OS upgrade failure and the Routing Engine may hang in a recovery shell). In addition, as a method to check where Routing Engine is running from, a manual check could be done as below, user@re0> show system storage | match " /var$" /dev/ad2s1f 34G 18G 13G 57% /var <<<<Indicate that>show system storage | match " /var$" <<<<NO output> PR1112580

Layer 2 Features

MPLS

  • On dual Routing Engine platform with GRES, the kernel synchronization process (ksyncd) may crash on the backup Routing Engine when adding of route pointing to indirect nexthop on system. PR1102724
  • From Junos OS Release 13.2R1 and later, in MPLS L3VPN scenario, when "l3vpn-composite-nexthop" configuration statement is enabled on a PE router and an interface style service set is attached to the ingress interface, the L3VPN packets with the MPLS labels will be sent to the service card and dropped. As a workaround, we should disable "l3vpn-composite-nexthop". PR1109948
  • If "optimize-timer" is configured under P2MP branch LSP, this branch LSP will not be re-established if link flap on egress node. If "optimize-timer" is configured at protocols/mpls level, issue could be avoided. PR1113634

Network Management and Monitoring

  • In rare cases, when the mib2d process attempts connection with the snmpd process and there are pending requests waiting to be finished, the mib2d process might crash and the CPU utilization is high around the same time as the crash happens. PR1076643
  • While the router is rebooting and SNMP polling is not stopped, SNMP requests might land on mib2d process before Routing Engine protocol mastership is resolved, causing the mib2d process crash. PR1114001

Platform and Infrastructure

  • In the Network Time Protocol (NTP) configuration, if the specified source ip address is not in current routing-instance, the router will use primary address of interface (which will be used to send packet) as source address, Client routers will treat the NTP packets as incorrect packets, and then NTP synchronization fails. PR872609
  • On MX Series based line card, when GRE keepalive packets are received on a Packet Forwarding Engine that is different from the tunnel interface hosted, the keepalive message will apply the firewall filter configured on default instance loopback interface. PR934654
  • When the 'enhanced-hash-key services-loadbalancing' feature is used by MX Series based line cards, load balancing flows across multiple service PICs via the source-address do not work when internal BGP (IBGP) is used to steer traffic to the inside service-interface. For example the operator will see on the stateful firewall that the same source-address has flows across multiple service interfaces. PR1034770
  • If with both MPC/MSDPC and other type of DPCs equipped, for local switching at mesh group level, split horizon on PW interfaces will not work and this would cause packets to loop back to same PW interface. PR1084130
  • The MIB counter or "show pfe statistics traffic" shows junk PPS and invalid total traffic output counter. PR1084515
  • On MX Series platform, if ingress "multicast-replication" is configured, the throughput of the multicast may get reduced due to unnecessary threads during Packet Forwarding Engine operation. In addition, only the performance of multicast traffic may get influenced (some of the multicast packets may get dropped on the Packet Forwarding Engine) by the issue. This PR has fixed/enhanced the performance. Now the performance limit should only be capped by fabric bandwidth in ingress Packet Forwarding Engine. In addition, before this fix, there was a limitation that VPLS/Bridging can't run with ingress-replication feature as its BUM traffic can't be handled by ingress-replication feature . This PR removed that limitation as well. Now BUM traffic for VPLS/Bridging is following normal multicast replication path even with ingress-replication feature. PR1089489
  • In 64-bit Junos OS environment, the Representational State Transfer (REST) API fails to start when configured with "set system services rest ...". PR1097266
  • On MX Series platform, if ingress "multicast-replication" is configured, the throughput of the multicast may get reduced due to unnecessary threads during Packet Forwarding Engine operation. In addition, only the performance of multicast traffic may get influenced (some of the multicast packets may get dropped on the Packet Forwarding Engine) by the issue. PR1098489
  • On MX Series-based platform, before creating a new unilist next hop, there is a check to see if there are at least 512k DoubleWords (DWs) free. So, even the attempting next hop requires only a small amount of memory (for example, < 100 DWs). If there is not enough free DWs (that is, 512k), the check will fail, and the end result is that the control plane will quit adding this next hop prematurely - stopping at ~80% of capacity. With the fix, it will check for 64k free DWs which is a lower reference watermark for the available resource, thereby ensuring that it can allocate resource. PR1099753
  • From Junos OS Release 14.1 and later, IPv6 mobility packets with Heartbeat option that the length of the mobility header (including the Ethernet encapsulation and main IPv6 header) extends beyond 128 Bytes will be discarded as bad IPv6 option packet due to a logic error in packet handling. PR1100442
  • Large scaled inline BFD session (in this case, 6000 inline BFD sessions) are loaded with the minimum-interval value 50ms. If FPC restarts, some BFD sessions might flap. PR1102116
  • A remote attacker can cause a denial of service to the Trio Chipset (Trinity) MPC due to maliciously crafted uBFD packets that are received directly, via VPN, MPLS, multicast, broadcast, on vt-interfaces, or otherwise. This issue affects both IPv4 and IPv6 traffic in both ethernet, and non-ethernet physical environments, such as ATM, or SONET, where the crafted packet is received over physical interfaces. If processed from a DPC through to the MPC then in-transit traffic will not be susceptible. In 6PE scenario, if the system is not using LSI/vt then not susceptible. If processed via MPC line card will be affected, the MPC line card will crash. If processed via endpoint receiving MPC line card terminating tunneling protocols such as MPLS/IPSec VPNs, etc. will be affected, this is considered in-transit traffic scenario. This crash can happen when the crafted packet is directed directly to the lo0 interface IP/physical interface IP/broadcast IPv4 / IPv6 address of the Physical interface As a workaround, we can apply a control plane (lo0) filter to drop uBFD packets. This issue is assigned CVE-2015-7748. For more information, click here. PR1102581
  • On MPC3E/MPC4E line card, when the feature "flow-detection" is enabled (under "ddos-protection" hierarchy), if suspicious control flow is received, two issues may occur on the device: Issue 1: sometimes, the suspicious control flow may not get detected on the line cards Issue 2: once the suspicious control flows are detected, they may never time out even if the corresponding packets stop PR1102997
  • The following fields have been added to v10 Sampling (IPFIX) template and data packets: - SAMPLING RATE - SAMPLING INACTIVE TIMEOUT - SAMPLING ACTIVE TIMEOUT - TOTAL PACKETS EXPORTED - TOTAL FLOWS EXPORTED. PR1103251
  • On MX Series platform, when using the 64-bit image, if the configuration statement "source-address" is configured for the "radius-server" as the following, the RADIUS request may not be sent to RADIUS server due to the failure of setting the "source-address" on the device. user@re0> show configuration system radius-server .. source-address 10.1.1.1; <<<<< The configuration statement that may cause the issue. PR1103517
  • On T4000 platform with FPC Type-5 equipped, after performing unified ISSU, due to the fact that only 6 out of 16 temperature sensors may get initialized, the temperature reading for the line card may be shown as "Absent". PR1104240
  • Due to a software defect found in Release 13.3R7.3 and Release 14.1R5.4 inclusively, Juniper Networks strongly discourages the use of Junos OS 13.3R7.3 on routers with MQ-based MPC. This includes MX Series with MPC1, MPC2; and all mid-range MX Series. PR1108826
  • DHCP End options (option 255) is missing by DHCP-relay agent (where 20 bytes DHCP options 82 inserted) for client DHCP discover message with 19bytes padding. PR1110939
  • An IPv4 filter configured to use the filter block with term that has both "from precedence" and another non 5-tuple (i.e. not port, protocol, address) will cause an XL/EA based board to reboot. Example: set firewall family inet filter FILTER fast-filter-lookup set firewall family inet filter FILTER term TERM from precedence PRECEDENCE set firewall family inet filter FILTER term TERM from tcp-established. PR1112047
  • MXVC- Traffic being dropped on egress VCP Packet Forwarding Engine (invalid fabric token) PR1112752
  • When inline BFD sessions and inline jflow are configured on the same Packet Forwarding Engine, with the increasing of active flows (about 65k), the BFD session might flap constantly and randomly because the outgoing BFD packets are dropped. PR1116886
  • Inline 6rd and 6to4 support for XL and XL-XM based platforms. PR1116924
  • On MX Series-based FPC, when MPLS-labled fragmented IPv6 packets are arriving at PE router (usually seen in 6PE and 6VPE scenario), the Packet Forwarding Engine might mistakenly detect such IPv6 header and then drop these packets as "L3 incompletes" in the output of "show interface extensive". PR1117064
  • When static inline NAT translation is used, if the translated source-prefix or destination-prefix is modified for one NAT rule, it may impact the other NAT rules as well. PR1117197
  • On MX Series-based line card, the firewall filter may have some issues when matching on Authentication Header (AH) protocol. This can affect VRRP (among others) when authentication is used, and a Routing Engine firewall filter is matching on protocol AH. As a workaround, we can change the filter to match on other criteria (e.g. source or destination address). PR1118824

Routing Protocols

  • Issue in populating isisRouterTable values. Some entries are not filled correctly. This does not block/affect the functionality of IS-IS or other components. PR1040234
  • On large-scale BGP RIB, advertised-prefixes counter might show incorrect value due to a timing issue. PR1084125
  • When polling SNMP OID isisPacketCounterTable 1.3.6.1.2.1.138.1.5.3, the rpd process might crash. PR1101080
  • Static BFD does not update interface name after changing the interface unit name. PR1118002

Software Installation and Upgrade

  • In certain conditions, when /var is not mounted from a persistent filesystem, executing a Junos OS upgrade will have unexpected results. This is caused by an inexact check of whether we are running from an Emergency VAR. PR1112334

VPNs

  • In scenario involving pseudowire redundancy where CE facing interface in the backup neighbor (can be non-standby, standby, hot-standby type), if the virtual circuit (VC) is not present for the CE facing interface, the CE facing interface may go up after committing an unrelated VC interface configuration (e.g. changing description of another VC interface) even though the local pseudowire status is in down state. PR1101886

Resolved Issues: 15.1F2

Class of Service (CoS)

  • In SNMP environment, when performing multiple walks or parallel snmpget for same interface at the same time (for example, SNMP bulk get/walk, or SNMP polling from multiple devices) on CoS related MIBs (jnxCos table), if the interface state changes or the request gets timeout when FPC is responding the request, memory leak of Class-of-Service process (cosd) about 160 bytes (up to 1500 bytes) may occur, which may cause cosd to crash eventually when limit is exceeded. PR1058915
  • On MX Series platform configured for IP network-services (default) and with MS-DPC/Tunnel-Interface, virtual-tunnel (vt) interfaces are created automatically to support ultimate-hop-popping upon enabling "protocol rsvp". These interfaces are associated with default IP and MPLS classifiers along with MPLS re-write rule. When "protocol rsvp" is disabled/enabled or MS-DPC/FPC (with tunnel-service) restarts, the vt interfaces are deleted and re-added to the system. However during the deletion, these interfaces are not getting released from cosd process and thus leads to memory leak in cosd. PR1071349

General Routing

  • On MX104 router with SONET/SDH OC3/STM1 (Multi-Rate) MIC. In rare condition, if the MIC is plugged out from MX104, the Packet Forwarding Engine might crash, and the traffic forwarding will be affected. These MICs belong to SONET/SDH OC3/STM1 (Multi-Rate) MIC: * MIC-3D-8OC3OC12-4OC48 * MIC-3D-4OC3OC12-1OC48 * MIC-3D-8CHOC3-4CHOC12 * MIC-3D-4CHOC3-2CHOC12 * MIC-3D-8DS3-E3 * MIC-3D-8CHDS3-E3-B * MIC-3D-1OC192-XFP PR997821
  • On MX Series platform with MS-MPC/MS-MIC, if the "dump-on-flow-control" configuration statement is configured, traffic loss and the mspmand process crash might be observed when the MS-PIC comes up with traffic. PR1037086
  • If default-address-selection configuration statement is configured on MX-VC, VC-heartbeat connection between member chassis may be unable to come up. PR1041194
  • Queue stats on LSQ interfaces are not properly cleaned up when queuing is enabled on the IFD and the queues hosted at IFD level. This happens when there is a subsequent delete and create of LSQ interface (not always though). PR1044340
  • On MX Series-based platform, when the feature flow-control is disabled (enabled by default) by using "no-flow-control" configuration statement (for example, under "gigether-options" hierarchy), after bringing up or rebooting the MPC, due to the fact that status of the hardware may not be updated correctly, the flow control on that MAC may remain enabled. PR1045052
  • In subscriber management environment, the Berkeley Database (DB) may get into deadlock state. It is brought on by multiple daemons attempting to simultaneously access or update the same subscriber or service record. In this case, because the access to DB was blocked by device control daemon (dcd), the subscriber management infrastructure daemon (smid) fails to recover the DB. Consequently, the router may stop responding to all the login/logout requests as well as statistics activity. This timing-related issue is most likely to occur during login or logout and when the system is busy. PR1054292
  • On MX Series routers, the interrupt-driven basis link down detection (an interrupt-driven link-down notification is generated to trigger locally attached systems to declare the interface down within a few milliseconds of failure) may fail after performing a unified in-service software upgrade (ISSU). The interrupt might have been prevented after performing unified ISSU because the interrupt registers were disabled before unified ISSU but never restored afterwards. PR1059098
  • In an IPsec load-balancing environment using MS-MPC cards, the ICMP request and ICMP reply can go through two different IPsec tunnels due to asymmetric routing; that is, ICMP request goes through one PIC, and ICMP reply goes through another PIC. Because of this, the ICMP reply will get dropped and never reach the other side of the IPsec tunnel. PR1059940
  • Due to incomplete fix, in releases containing PR869773 fix, rate limit drops are seen for Ingress queuing even though rate-limit is not configured or supported for ingress. PR1061256
  • On MX Series router with MPC2E-3D-NG/MPC3E-3D-NG/MPC5/MPC6 linecards, the Ethernet frame loss measurement (ETH-LM) feature does not work. PR1064994
  • When a route points to an aggregated multiservices (AMS) logical interface, then after manually bouncing this logical interface by disabling and then enabling it again, aggregate next hop referred by that route will have child unicast next hop pointing to .discard.0 interface instead of member interface (mams) . As a result, traffic ingress on MPC card and routed to that route will be discarded. PR1065944
  • If there are application-sets matching conditions in the NAT rule, NAT port might leak after deleting applications under application-set in live network. PR1069642
  • With basic NAT44, when the router receiving packets on GRE tunnel, NAT was dropping all protocols other than PPTP on GRE tunnel. PR1069872
  • Higher baseline CPU utilization and periodic CPU spikes might be seen on XM-based MPC as compared to MPC-3D-16XGE-SFPP cards due to the following reasons: On XM-based MPC, low priority threads which monitor various things in the background on a periodic basis such as voltage, temperature, stats counters, hardware status and so on are existed. When the system is idle, these threads are allowed to take more of the load, and that is why higher baseline CPU/CPU spikes are seen. This does not prevent other higher priority threads from running when they have to, as these are non-critical activities being done in the background and hence is a non impacting issue. PR1071408
  • overhead-accounting frame-mode command does not work on 100GbE CFP MIC, 100GbE CXP MIC, 2x40GbE QSFP MIC, and 10x10GbE SFPP MIC on MPC3E-3D-NG-Q, MPC3E-3D-NG, MPC2E-3D-NG-Q, and MPC2E-3D-NG. PR1072001
  • This may be a false log message - the risk of false log is minor; however, the underlying error, for example, continuous fi recorder timeout, may impact traffic and can be major. When the specific log message is observed in the message file, please advise customer to investigate if there are continuous fabric errors, such as late cell, cell timeout and so on, on the reporting line card and recover those errors first. PR1081771
  • MACsec using static secure association key (SAK) security mode does not work properly on MX80 routers and FPC slots other than slot 0 of MX104 routers. PR1086117
  • On MX Series based line card, if a rlsq interface is receiving continuous fragmented traffic, doing rlsq switchovers couple of times might cause FPC to crash and reboot. PR1088300
  • Some of the new revisions (for example, REV 30, REV 31) of the MICs cannot come up with NG-MPC2 or NG-MPC3 line card. We can check the MIC version by CLI command "show chassis hardware detail | no-more". root@user> show chassis hardware detail | no-more Hardware inventory: Item Version Part number Serial number Description .. FPC 2 REV 14 750-054901 CADJ3871 MPC3E NG PQ & Flex Q CPU REV 11 711-045719 CADN5465 RMPC PMB MIC 0 REV 30 750-028392 CAEB9203 3D 20x 1GE(LAN) SFP Fan Tray 0 REV 05 740-014971 TP5127 Fan Tray Fan Tray 1 REV 05 740-014971 TP5103 Fan Tray. PR1100073
  • Non-queuing MPC5E might crash continuously if rate-limit under transmit-rate for scheduler is applied. As a workaround, do not configure rate-limit and use firewall policer for forwarding-class instead. MPC5EQ is not exposed. PR1104495

Infrastructure

  • A reboot is needed if "chassis network services enhanced-ip" is configured on MX Series Universal Edge 3D Routers or on T4000 Routers with type 5 FPCs. Without the reboot, performing unified ISSU might cause the new master Routing Engine to crash and go to the db> prompt. PR1013262
  • The issue was the gstatd for 64 bit was not getting to the correct path in the code and due to that gstat process was failing to start. PR1074084

Interfaces and Chassis

  • On dual Routing Engines platforms, as a High Availability (HA) method, master Routing Engine should relinquish mastership when both Routing Engine-to-Packet Forwarding Engine and Routing Engine-to-other-Routing Engine interfaces are down (this can be achieved only when GRES is enabled). But now on dual Routing Engines platforms except M10i and M20, master Routing Engine does not relinquish the mastership in such conditions, even executing CLI "request chassis routing-engine master acquire" on backup Routing Engine can not help. In such conditions, no FPC can be online without the connection to master Routing Engine. With the fix, the backup Routing Engine will take up the mastership automatically if both the internal link interfaces are down. PR878227
  • On Ethernet PICs with longer hold down timer configured, flapping interface within the hold time might cause traffic loss longer than the hold period. PR1040229
  • When configuring the Virtual Router Redundancy Protocol (VRRP) on an interface which is included in a routing-instance via applying groups setting, if changes are made to the interface, the VRRP process (vrrpd) memory leak might be observed on the device. PR1049007
  • In Virtual Router Redundancy Protocol (VRRP) environment, after restarting the FPC, due to the Router Advertisement (RA) deletion is being incorrectly sent to routing protocol process (rpd) by VRRP process, the ICMPv6 may not be activated on the corresponding interfaces on the router that is acting as the master. In this case, no RA message could be sent out. PR1051227
  • The "show chassis network-services" command might not show the correct configured value when executed on the backup Routing Engine. This command should only be executed on the master Routing Engine. PR1054915
  • On DPC only chassis, after software upgrade or not graceful Routing Engine switchover, Ethernet OAM related LAG bundles might not come up due to the Link Fault Management (LFM) packets arrive on AE interface instead of physical link interface. PR1054922
  • Two redundant logical tunnels (rlt) interfaces are configured with statement "per-unit-mac-disable" enabled. After configuring the second one, the first rlt interface goes down. rlt0 { logical-tunnel-options { per-unit-mac-disable; <<<<<< } } PR1055005
  • The CLI description of the new 100-Gigabit Metro DWDM OTN PIC (PTX-2-100G-WDM-M) is different from the existing 100-Gigabit DWDM OTN PIC (P1-PTX-2-100G-WDM). The 100-Gigabit Metro DWDM OTN PIC's transceiver is identified as OTN-100G-M in the output from the show chassis hardware CLI command and the cable type is identified as 100G METRO in the output from the show chassis pic CLI command. PR1055325
  • There is a mismatch in mac statistics, few frames go unaccounted. This is a day-1 issue with the software fetching of mac statistics. The snap and clear bits were set together on pm3393 chip driver software, so it used to happen that even before the copy of stats to shadow registers happened, clear was happening which used to go unaccounted. Now rollover mechanism has been implemented and tested for 2 continuous days and everything is fine. PR1056232
  • When "set chassis lcc 0 offline" is used on SCC and committed, the configuration gets synced on LCC. However, when "delete chassis lcc 0 offline" is used on SCC, we need to do commit two times on SCC in order to sync the configuration on LCC being brought online. PR1058994
  • In multichassis link aggregation groups (MC-LAGs) environment, the MC-LAG peers have the MAC and port information and can forward the traffic appropriately. If a single VLAN on ICL interface is modified to a different VLAN, and then the administrator rolls back the VLAN configuration to the original one, the remote MAC might be stuck in the "Pending" state and not be installed in the bridge MAC-table, which causes the traffic forwarding to be affected. PR1059453
  • When the Maximum Receive Unit (mru) value is not set under group-profile ppp-options hierarchy, a default value (1492) will be used. If mru value is set, the new value will take effect. But if the configured mru value is deleted from the group profile, the mru value remains the configured one and fails to fall back to the default one. PR1059720
  • On MX Series routers, INET MTU (PPP payload MTU, that is IP header plus data excluding any L2 overhead) is being set to lowest MRU of either MX (local device) or peer. This behavior is not inline with ERX behavior, which is set to min(local MTU, peer MRU). This might cause the packet drops in the customer network in the downstream path. PR1061155
  • In connectivity fault management (CFM) environment, if an AE interface is included in MEP interfaces, and if there is another AE interface configured without any child link (even this AE is not participating in OAM), the CFM sessions might not come up after Routing Engine restart or switchover. PR1063962
  • Error message is continuously logged every second after a particular copper-SFP [P/N:740-013111] is plugged into a disabled port on MIC. ***** error message **** mic_sfp_phy_program_phy: ge-*/*/* - Fail to init PHY link mic_periodic_raw: MIC(*/*) - Error in PHY periodic function PQ3_IIC(WR): no target ack on byte 0 (wait spins 2) PQ3_IIC(WR): I/O error (i2c_stat=0xa3, i2c_ctl[1]=0xb0, bus_addr=0x56) mic_i2c_reg_set - write fails with bus 86 reg 29 mic_sfp_phy_write:MIC(*/*) - Failed to write SFP PHY link 0, loc 29 mic_sfp_phy_mdio_sgmii_lnk_op: Failed to write: ifd = 140 ge-*/*/*, phy_addr: 0, phy_reg: 29 ala88e1111_reg_write: Failed (20) to write register: phy_addr 0x0, reg 0x1d Fails in function ala88e1111_link_init PR1066951
  • To ensure that the router or switch is reachable for management purposes while it boots or if the routing protocol process fails to start properly, we can configure a backup router, which is a router that is directly connected to the local router or switch (that is, on the same subnet) through its private management interface (for example, fxp0 or me0). When a backup router running IPv6 and a static route to reach the management network are configured, some invalid IPv6 routes are added to default forwarding-table on the master or the backup Routing Engine. PR1100981

Layer 2 Features

  • BGP peer configured between two routers over lt (logical tunnel) interface, if deactivating and activating scaled configuration a few times, in rare condition, the lt interface might reject all the ARP reply packets, and hence the ARP resolution does not happen over this interface. Thus, the unicast routes are not in the correct states, and ping to such an lt interface will fail. PR1059662
  • LACP partner system ID is shown incorrectly when the AE member link is connected to a different device, which might misguide while troubleshooting the LAG issues. PR1075436
  • The Enhanced LAG feature is enabled in network-service enhanced-ip mode, but it is not supported in enhanced-ethernet mode. PR1087982

MPLS

  • The entropy label value allocated at times falls in the reserved mpls label range(0-15). The label value is calculated based on load balancing information and hence only certain mpls flows may encounter this issue. PR1014263
  • With BGP labeled-unicast egress protection enabled in a Layer 3 VPN, the protected node advertises primary BGP labeled unicast routes that need protection. When there is next-hop change for a labeled route, for example, deactivating/activating egress-protection configuration statement or route churn, the memory might be exhausted which leads to the rpd process crash. PR1061840
  • When fast-reroute, node-link-protection, or link-protection is configured, if a Shared Risk Link Group (SRLG) is associated with a link used by an LSP ingressing at a router, then on deleting the SRLG configuration from the router, the SRLG entry still stays in the SRLG table even after the re-optimization of this LSP. PR1061988
  • When CSPF computes the path for node-protected bypass, it considers only the SRLG group configured on next-hop interface along the primary path. However it doesn't consider the SRLG group on next-to-next-hop interface to adequately provide diverse path between primary and node-protected bypass. PR1068197
  • When a primary LSP gets re-routed due to better metric, Link/Node protection for this LSP is expected to come up within 7 seconds provided the bypass-lsp protecting the next-hop link/node is already available. However in some corner cases, the Link/Node protection for re-routed primary LSP will not come up within 7 seconds even with bypass-lsp availability. The PR fixes this issue and reduces the delay of associating bypass-lsp with primary-lsp from 7 seconds to 2 seconds. PR1072781
  • In MPLS environment, if one of minimum-signaling-bandwidth/merging-bandwidth/splitting-bandwidth/maximum-s ignaling-bandwidth is configured, or derived as value 0, the routing protocol process (rpd) may crash when lsp-splitting or lsp-merging (for example, when the traffic comes up/down) occurs. As a workaround, due to the logic of the configuration statement, none of the following configuration statements could be configured or derived as zero, -merging-bandwidth -minimum-signaling-bandwidth -splitting-bandwidth -maximum-signaling-bandwidth PR1074472

Network Management and Monitoring

  • SNMP queries for LAG MIB tables while LAG child interface is flapping may cause mib2d to grow in size and eventually crash with a core file. Mib2d will restart and recover by itself. PR1062177
  • The text string of the SNMP object "system.sysDescr.0" does not include the Junos OS version of the device and displays the version of the FreeBSD kernel running on the Routing Engine instead. PR1073232

Platform and Infrastructure

  • Recurring local memory (LMEM) data errors may cause lookup chip on MX Series with FPC wedge and eventually FPC crash. PR1033660
  • If several aggregates are configured with shared-bandwidth-policer and those aggregates share the same Packet Forwarding Engine for child member links and one member links flaps, all traffic might get policed and dropped. The traffic dropped might not be on the bundle whose child member link flapped. PR1035845
  • Due to a defect in the Junos OS software, when a telnet user experiences some undefined network disconnect, .perm and .env files under /var/run are left behind. This scenario happens only under certain unknown ungraceful network disconnects. When considerable number of .perm/.env files get accumulated under /var/run, issue is seen with telnet users, that they are not able to perform permitted operations on the router, post-login. PR1047609
  • For a Routing Matrix, if different Routing Engine models are used on switch-card chassis (SCC)/switch-fabric chassis (SFC) and line-card chassis (LCC) (for example, RE-1600 on SCC/SFC and RE-DUO-C1800 on LCC), where the out-of-band (OoB) management interfaces are named differently (for example, fxp0 on SCC/SFC Routing Engine and em0 on LCC Routing Engine), then the OoB management interface configuration for LCC Routing Engine will not be propagated from SCC/SFC Routing Engine during commit. PR1050743
  • With VLAN manipulation configured for Ethernet Services, incorrect frame length might be used for egress policing on MX Series routers with MPCs/MICs. Currently, the frame length calculation is inconsistent for different traffic topology: 1. In case traffic crossed the fabric, the frame length prior to output VLAN manipulation is used; 2. In case of local traffic, the frame length prior to input VLAN manipulation is used. Actually the length after output VLAN manipulation should always be used. PR1064496
  • When performing unified in-service software upgrade (ISSU) on MX Series routers with unsupported MICs (for example, "MIC-3D-8OC3OC12-4OC48") equipped, the MPC might crash during the field-replaceable unit (FRU) upgrade process. For example, unified ISSU is supported only by the MICs listed here on Junos OS Release 14.2: MIC-3D-20GE-SFP MIC-3D-2XGE-XFP MIC-3D-4XGE-XFP MIC-3D-40GE-TX MIC-3D-8OC3-2OC12-ATM MIC3-3D-2X40GE-QSFPP MIC3-3D-10XGE-SFPP MIC3-3D-1X100GE-CXP MIC3-3D-1X100GE-CFP. PR1065731
  • Firewall filters which have a prefix-action can't be configured under [edit logical-system <name> firewall family inet] because the Packet Forwarding Engine won't be programmed for the filter. PR1067482
  • If with about 1M routes on MX Series router, there might be more than 1 second (about 1.3s) packets dark window during unified ISSU. PR1070217
  • VPLS filter applied under forwarding-options might drop VPLS frame unexpectedly when it is coming from an lt- interface. PR1071340
  • If port-mirroring and VRRP over ae-irb is configured in a bridge-domain, enabling the Distributed Periodic Packet Management Process (ppmd) for VRRP in this BD might cause the VRRP to flap. PR1071341
  • When inline-sampling is enabled, in race conditions, if packet gets corrupted and the corrupted packet length shows 0, this may cause "PPE_x Errors thread timeout error" and eventually cause MPC card to crash. PR1072136
  • VRRP advertisements might be dropped after enable delegate-processing on the logical tunnel (lt) interface. It would result in VRRP master state observed on both routers. PR1073090
  • When an MX Series chassis network-services is "enhanced-ip" and an AE with "family bridge" configuration is first committed, there is a possibility that an incorrect forwarding path may be installed causing traffic loss. PR1081999
  • Issue is specific to 64-bit RPD and config-groups wildcard configuration specifically as in the following case: set groups TEST routing-instances <*> routing-options multicast forwarding-cache family inet threshold suppress 200 set routing-instances vrf1 apply-groups TEST set routing-instances vrf1 routing-options multicast forwarding-cache family inet threshold suppress 600 With this daemon(rpd) reads suppressed value “200” (that is, coming from groups) instead of reading value “600” from foreground, and customer sees unexpected behavior with respect to threshold-suppress. Workaround: They can replace wildcard with actual routing-instance name as in the following example: set groups TEST routing-instances vrf1 routing-options multicast forwarding-cache family inet threshold suppress 200 set routing-instances vrf1 apply-groups TEST set routing-instances vrf1 routing-options multicast forwarding-cache family inet threshold suppress 600 PR1089994

Routing Protocols

  • Deletion of a routing-instance may lead to a routing daemon crash. This may happen if the routing-instance Routing Information Base (RIB) is referenced in an active policy-option configuration. As a workaround, when deactivating the routing-instance, all associated configurations using the route-table names in the routing-instance should also be deactivated. PR1057431
  • In PIM environment, Bootstrap Router (BSR) can be used only between PIMv2 enabled devices. When deactivating all the interfaces which are running PIM bootstrap, the system changes to operate in PIMv1. At this time, all the information learned about/from the current BSR should be cleaned, but actually, BSR state is not cleaned. If the interface which was the previous "elected BSR" is activated, BSR state is PIM_BSR_ELECTED(should be cleaned previously) and the system assumes the BSR timer is still here. When the system tries to access the null BSR timer, the rpd process might crash. PR1062133
  • If with a large number of multicast sources for a same multicast group in PIM dense mode, the rpd process might crash after Routing Engine switchover. PR1069805
  • For the pim nbr which is not directly connected ( that is, nbr on unnumbered interface, or p2p interface with different subnet), pim join is not able to find the correct upstream nbr which results in join not propagating to the upstream nbr . show command for pim join shows upstream nbr "unknown" . Issue is present in the 15.1R1 release. PR1069896
  • In Protocol Independent Multicast (PIM) sparse mode environment, if the router is being used as the rendezvous point (RP) and also the last hop router, when the (*,G) entry is present on the RP and a discard multicast route (for example, due to receiving multicast traffic from a non-RPF interface) is already existed, if the (S,G) entry is learned after receiving source-active (SA) of the Multicast Source Discovery Protocol (MSDP), the SPT cutover may fail to be triggered. There is no traffic impact as receivers still can get the traffic due to (*,G) route. PR1073773
  • In multi-topologies IS-IS scenario, there is huge difference between estimated free bytes and actual free bytes when generating LSP with IPv6 prefix. It might cause LSP fragment exhaustion. PR1074891
  • With Multicast Source Discovery Protocol (MSDP) and nonstop active routing (NSR) configured on the Protocol Independent Multicast (PIM) sparse-mode rendezvous point (RP), the rpd process might permanently get stuck when multicast traffic received shortly after Routing Engines switchover. PR1083385
  • 1. Configure the ospf and ospf3 in all routers 2. Configure node protection 3. Check for 22.1.1.0 any backup is present 4. Enable pplfa all 5. Check for 22.1.1.0 any pplfa backup is present through r2. We are not seeing any pplfa backup for 22.1.1.0. PR1085029

Services Applications

  • The session-limit-per-prefix feature for the MX Series DS-Lite server does not take Softwire flow into account when calculating the flow limit. PR1023439
  • On MX Series routers and T Series routers with Multiservices 100, Multiservices 400, or Multiservices 500 PICs with "dump-on-flow-control" configured, if prolonged flow control failure, the coredump file might generate failure. PR1039340
  • On MX Series routers that are acting as LNS to provide tunnel endpoints, it is observed that the service-interfaces are not usable if a MIC corresponding to them is not physically installed on the FPC. If only those service interfaces that belong to the removed PIC are added to service-device-pool, this results in no LNS subscribers being able to log in. Note that once the MIC is inserted into the FPC, the features could be used. PR1063024
  • When configuring RADIUS authentication for Layer 2 Tunneling Protocol (L2TP), the RADIUS server cannot be recognized because the source address is not being read correctly. As a result, the L2TP session cannot be established. PR1064817
  • The trigger for the crash is when the MS-DPCs Service PIC is in a low memory zone and it receives two SYN messages from the the same client IP within a very short time gap in between the two SYNs. So this race condition is tied to running out of memory, failing to allocating a timer for a conversation, and having rapid SYNs on a TCP connection where the second TCP SYN is matched on flow which is being deleted due to a failed timer allocation for that. This scenario is very difficult to hit and should not be seen in production often. PR1069006
  • Service PIC daemon (spd) might crash with core-dumps due to CGNAT pool's snmp-trap-thresholds configuration. PR1070370
  • Earlier output from "show service l2tp tunnel" will not display tunnels with no sessions. This behavior have been changed, now empty tunnels are also displayed in this command. PR1071923

Software Installation and Upgrade

  • Add "on <host>" argument to "request system software validate" to allow validation on a remote host/Routing Engine running Junos OS. PR1066150

User Interface and Configuration

  • Due to a change in an existing PR, group names in the configuration must be a string of alphanumericals, dashes, or underscores. There is no workaround other than following the group name instructions. PR1087051

VPNs

  • In the l2circuit environment, when l2ckt configuration has backup-neighbor, the flow-label operation is blocked at the configuration level. PR1056777
  • On dual Routing Engines, if mvpn protocol itself is not configured, and nonstop active routing is enabled, the show command "show task replication" on the master Routing Engine will list the MVPN protocol even though it is not configured. Other than the misleading show output which may be slightly confusing to the user/customer, there is no functional impact due to this issue as such. There is no workaround available. PR1078305

Related Documentation

  • New and Changed Features
  • Changes in Behavior and Syntax
  • Known Behavior
  • Known Issues
  • Documentation Updates
  • Migration, Upgrade, and Downgrade Instructions
  • Product Compatibility

Modified: 2016-09-29