IN THIS PAGE
Resolved Issues
This section lists the issues fixed in the Junos OS main 16.2R2 Release for MX Series and T Series.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
Resolved Issues: 16.2R2
Class of Service (CoS)
When the "chained-composite-next-hop" is enabled for Layer 3 VPN routes, MPLS CoS rewrite rules attached to the core-facing interface for "protocol mpls-inet-both-non-vpn" are applied not only to non-VPN traffic (which is the correct behavior) but also to Layer 3 VPN traffic. That is, both MPLS and IP headers in Layer 3 VPN traffic receive CoS rewrite. PR1062648
If the hidden command "show class-of-service queue-consumption" is executed many times (in this case, for 100 times), in a rare condition, the cosd process might crash with a core file generated. The core files could be seen by executing the CLI command "show system core-dumps". PR1066009
In phase 1 of Junos Fusion Provider Edge, extended ports do not support SNMP-based CoS statistics. Polling an EP port for CoS stats can trigger a cosd core file. PR1205512
When CoS is configured, in a very rare situation, due to the timing issue between dcd and cosd during commit, the cosd might crash. For example, if you delete an interface that belongs to an AE interface and then configure it as a single port with CoS in a single commit, this issue might occur. PR1220524
The "show interfaces queue <if-name>" command has three display options:
show interfaces queue <if-name>: Displays queued/transmitted/dropped packets/bytes for all IFD children.
show interfaces queue <if-name> aggregate: Displays queued/transmitted/dropped packets/bytes for all IFD children except for IFD RTP traffic
show interfaces queue <if-name> remaining: Displays queued/transmitted/dropped packets/bytes for IFD RTP traffic only.
Note that unlike queued/transmitted/dropped counters, queues depth values cannot be aggregated.
The following should be true for queues depth values:
show interfaces queue <if-name>: Displays queues depth values for RTP queues
show interfaces queue <if-name> aggregate: Displays queues depth values for RTP queues
show interfaces queue <if-name> remaining: Displays queues depth values for RTP queues
The above logic is the same for physical interfaces, interface sets and logical interfaces units. PR1226558
On MX Series and T Series routers with ingress and egress queueing enabled, input traffic-control-profile is configured, but no output traffic-control-profile on IFL. After you activate/deactivate the CoS configuration, the cosd process might crash. PR1236866
The error message of cos_check_temporal_buffer_status might be observed when configuring hierarchical CoS with strict-high scheduling. PR1238719
Forwarding and Sampling
On MX Series routers, if the "compress" and "backup-on-failure" options are configured under accounting-options file <file-name> hierarchy, due to an issue in the source file lookup when "compress" option is enabled, local backup might not perform after transfer to archive site fails. PR1198095
If a two-color policer is configured on MX Series routers with MPCs/MICs, more traffic than the limited traffic might be passed when packet size is less than 128 bytes. PR1207810
Bandwidth-percent policer does not work on the ps interface, which will result in a commit error. PR1225977
In firewall_service.proto file, AccessListObjBind changed. The member "bind_object" in AccessListObjBind is no longer a string object; it changed to "one of" structure which is shown as follows:
message AccessListObjBind { // ACL AccessList acl = 1; // Binding object type AccessListBindObjType obj_type = 2; // Bind object name where the ACL is to be bound string bind_object = 3; // Bind direction AclBindDirection bind_direction = 4; // Family on the bind object. Must match with the ACL family AccessListFamilies bind_family = 5; }
Starting in Junos OS Release 16.2R2 release AccessListObjBind message member “string bind_object“ changed as follows:
message AccessListBindObjPoint { oneof OneOf_AclBindPoint { // Bind object name where the ACL is to be bound string intf = 1; } } /* * Per forwarding element ACL binding */ message AccessListObjBind { // ACL AccessList acl = 1; // Binding object type AccessListBindObjType obj_type = 2; // Bind object name where the ACL is to be bound - string bind_object = 3; + AccessListBindObjPoint bind_object = 3; // Bind direction AclBindDirection bind_direction = 4; // Family on the bind object. Must match with the ACL family AccessListFamilies bind_family = 5; }PR1230587
When a firewall filter (family "any") with a shared-bandwidth-policer is applied on an MC-AE interface, it will be configured with bandwidth 0 and carve-up factor 0 as expected. But after MC-AE A/S switchover when standby becomes active, the policer would not reconfigure, still have the bandwidth of 0 and drop all packets. PR1232607
With sampling configuration, if you do not define a version for the second flow server, after committing configuration, the backup Routing Engine might reboot. It might affect how routing protocols are replicated to the backup Routing Engine. PR1233155
On MX Series routers with "ipv4-flow-table-size" or "ipv6-flow-table-size" configuration, if sampling instance is not defined under chassis hierarchy (sampling instance is not associated to FPC), after rebooting the router, the "ipv4-flow-table-size" or "ipv6-flow-table-size" does not propagate to FPC. PR1234905
When 'push-backup-to-master' knob is configured under accounting-options file section, the corresponding accounting files need to be pushed to master RE from standby RE. But due to a software defect, the following issues are observed.
1) The files push from standby Routing Engine to master Routing Engine was happening irrespective of this push-backup-to-master configuration statement.
2) The files push from standby Routing Engine to master Routing Engine was not happening when the backup option is configured as 'master-only'.
J-Flow version 9 cannot get TCP flag information from IPv6 fragment packets. However, it can get other information like src and dst ports infromation. It can get sampling information partially from the TCP header in IPv6 fragment packets. PR1239817
J-Flow version 9 is sending the flows with the source-address inverted in the show firewall log. PR1249553
On MX Series routers, after GRES or configuration change that leads to pfed core file and restart, the routers might send for every single session 5 AcctInterim update. PR1249770
In MX Series subscriber management environment; the layer 2 address learning daemon (l2ald) daemon might crash during EVPL subscriber login logout stress test. PR1258853
The final service stats are queried via the on-demand service stats handling module of the pfed process. When the responses are returned from the Packet Forwarding Engine to the Routing Engine through pfed), they are mapped to the request via the request ID as well as location offset. When there are more than one filter configured for a BBE filter service session (out of IPV4,IPV6 IN,OUT filters), more than one request will be sent to the same location (Packet Forwarding Engine) with the same request ID. PR1262876
Routing-instances information of the physical interface is not showing in the flat accounting file when the interface is attached to the aggregate Ethernet interface. This behavior is seen when using flat file accounting for L2BSA subscribers. PR1275225
General Routing
This is a timing issue. After deleting and reconfiguring a VRF instance or changing route-distinguisher in VRF instance while rpf-check is enabled, the rpd process might crash. The routing protocols are impacted and traffic disruption will be seen due to loss of routing information. PR911547
In an MX Series Virtual Chassis (MX-VC) environment, the private local next hops and routes pointing to private local next hops are sent to the Packet Forwarding Engine from the master Routing Engine and not to the secondary Routing Engine. Next, a Routing Engine switchover happens. Because the new master Routing Engine does not detect such next hops and routes, they are not cleaned up. When a next hop with the same index is added on the new master Routing Engine and sent to the Packet Forwarding Engine, the Packet Forwarding Engine might crash due to a stale next hop. PR951420
An incorrect byte count was seen in the ipfix exported statistics packets for MPLS flows. PR1067084
When ingress and egress layer2-overhead is configured on a dynamic subscriber interface, the layer2-overhead bytes are not added to the IFL stats. PR1096323
On MX Series routers with MS-MPC/MS-MIC in use, if the NAT session is freed/removed without removing the timer wheel entry, the MS-MPC/MS-MIC might crash. This is a timing issue in which just before invoking the timer wheel callback, the NAT session extension got freed/removed. PR1117662
With l2tp subscribers, all FPCs except the card that hosts subscribers will report a log message "jnh_if_get_input_feature_list(9723): Could not find ifl state" after every subscriber's login attempt. PR1140527
On MX Series routers with services PIC (MS-DPC/MS-MPC/MS-MIC), the ICMP time exceeded error packet is not generated on an IPsec router on the de-encapsulation side. PR1163472
On MS-MPC or MS-PIC, OSPF adjacency may fail to establish when there is no static route pointing to service PIC. PR1164517
In all Junos OS with EVPN scenario, the Layer 2 address learning daemon (l2ald) might not clean up the RNH_LE entry when the BGP neighbor is down and cause the end-to-end traffic of EVPN to be dropped. PR1173420
NAT64 service-set:Port block efficiency and unique pool users statistics display incorrect values when the NAT POOL is modified dynamically with CGNAT traffic for the particular term in the NAT rule. PR1177244
On dual Routing Engine systems, the false alarm message "Host 1 failed to mount /var off HDD, emergency /var created" is observed if the master Routing Engine and backup Routing Engine are running on different Junos OS versions. PR1177571
Destination-prefix-list support list added for NAT rule with twice-napt-44 translation. Customer will be able to define a prefix list and match it in the NAT rule while using twice-napt-44. PR1177732
If the MIC-3D-4XGE-XFP is used with MPC2E-3D-NG or MPC3E-3D-NG, the interfaces on the MIC-3D-4XGE-XFP connected to a DWDM device might flap continuously. PR1180890
When MS-MIC/MS-MPC is installed on an MX Series router, PIC card on MS-MIC/MS-MPC might crash in rare cases. This is a timing issue that might cause traffic loss and has no exact aspect of configurations for trigging the issue. PR1182807
Fragmented ALG control traffic is not supported on the MS-MPC or MS-MIC. PR1182910
On MX Series routers, MS-MIC crash might occur. The exact trigger of the issue is unknown; generally, this issue might happen very rarely without any external triggers. The crash might occur with any services configuration, with core files pointing to a Program terminated with signal 4, Illegal instruction. PR1183828
FRU model numbers might be missing or incorrect as follows.
740-013110 PDM-MX960
740-057995 FFANTRAY-MX960-HC-S
750-033205 MX-MPC3E-3D (incorrect)
750-038493 MX-MPC2E-3D-Q
750-044130 MX2K-MPC6E
750-045372 MX-MPC3E-3D
750-046005 MPC5EQ-100G10G
750-046532 MIC6-10G
750-049457 MIC6-100G-CFP2
750-054563 MPC5E-40G10G
750-054902 MPC3E-3D-NG
750-054903 MPC2E-3D-NG-Q
750-055976 SCBE2-MX-S
all CFP, CFP2, QSFPP, QSFP28 optics
all MX2000 FRUs
all MPC7E, MPC8E, MPC9E, SFB2 FRUs
Note that 'show chassis hardware models' displays correct information, but optics are missing from that output. PR1186245
On a Junos-based platform, CHASSISD_I2CS_READBACK_ERROR error might occur on a single occurrence of I2C read failure. A single occurrence is a transient error and may be seen randomly without any particular trigger. This type of message should be reported only when there are three consecutive I2C read failures. PR1187421
When VC-Heartbeat is configured, the MX Series virtual chassis split detection feature should cause the backup chassis to enter line card isolation mode, powering off all FPCs to force external gear to reroute traffic. A race condition in the mechanism can cause the backup chassis to also become protocol master, and leave its line cards in an operational state, which is undesirable. PR1187567
On MX Series routers with NAT service configured on AMS interfaces, after rebooting FPC/PIC, the NAT pool split between AMS members is incorrect. There are overlapping IP pools and sometimes missing pools, causing NAT to work incorrectly. PR1190461
On MX Series routers with Junos Telemetry Interface, and with the "set routing-options lsp-telemetry" configuration statement configured. When SDN-telemetry (the agentd process) is disabled or continuously restarted, certain messages are repeatedly logged into syslog, the rpd and eventd processes CPU may get near 100%, and eventually the agentd also gets near 100%. When this issue happens, the agentd process is not able to accept new subscriptions, dropping all existing subscriptions. It can be triggered by restarting consecutively SDN-telemetry (the agentd process), or after device reboot. PR1192366
In an MX BNG subscriber management environment, Radius accounting statistics provided by the MX Series BNG might slightly deviate from the actual statistics if the subscriber session terminated abruptly while traffic flow was active. PR1192775
Configuring an RLT interface and rebooting the router shows the RLT interface is down. The show l2circuit connection shows an MTU mismatch as the immediate cause. PR1192932
Prior to this PR, when T-series SCG lost an external clock source, clock state remained hold-over mode forever. This PR has changed the behavior so that the state would automatically be changed from hold-over to free-run after 24 hours. PR1197380
On MX Series routers with MPC5E installed, in a high-temperature situation, the temperature thresholds for triggering the high temperature alarm and controlling fan speed are based on the FPC level. Any sensor values in the FPC that exceed the temperature threshold of the FPC trigger the actions associated with temperature thresholds. PR1199447
With MPC8/9 MRATE MIC. With a plug-in optics module(QSFP28-100GBASE-LR4), bit errors might be seen. PR1200010
On MX Series routers, the mspmand process might crash on the MS-MPC with XLP B2 chip (for example, REV17). The exact trigger is unknown. It is usually seen with 70% to 90+% CPU load conditions. PR1200149
When performing unified ISSU on MX Series routers, the MPC might crash during the field-replaceable unit (FRU) upgrade process. PR1200690
A dynamic tunnel gets timed out every 15 mins by default, and then re-tries to create another tunnel. This happens if the route obtained from IGP is non-forwarding. PR1202926
When PPPoE subscribers log in to or out of the device, an SNMP link up/down trap will be generated by the system if "no-trap" is configured in the corresponding dynamic-profile. PR1204949
SMID daemon has stopped responding to the management requests after a jl2tpd (L2TP daemon) crash on a production MX960 BNG. PR1205546
Problem - In case of local source and with ASM MoFRR enabled, the default MDT traffic loops back to the originating router on the MoFRR backup interface, thereby causing continous IIF_mismatches. PR1206121
In an L2TP scenario, in a rare situation, the command "show subscribers summary port extensive" output might have an incorrect tunneled/terminated sessions count due to an issue with populating the outputs. There is no traffic impact. PR1206208
When PCEP is enabled and LSPs are undergoing changes, like make before break (MBB) for rerouting, the rpd has to send those updates to the PCE. However, when the PCEP session to PCE goes down, these updates are cancelled, but the rpd fails to completely reclaim the memory allocated for these updates. This causes increases in the rpd memory every time the connection to PCE goes down while LSPs are simultaneously going through MBB changes. This issue will be especially noticeable when connectivity to PCE goes UP and DOWN continuously. If the connection is in steady state either UP or DOWN, then the memory leak will not happen. PR1206324
The l2ald might thrash when the targeted-broadcast is configured on EVPN IRB. PR1206979
When using the "show chassis hardware detail" command to display chassis components, the Compact Flash card and hard disk serial numbers may be truncated to 15 characters. PR1209181
On MX Series routers, if any inline feature is configured (for example, inline BFD, CFM , and PPP), the FPC might crash and core files are generated. PR1210060
The Periodic Packet Manager (ppman) based sessions (such as CFM session) might be flapping when executing offline/online MIC-3D-20GE-SFP (model number) MIC inserted into MPC2E-NG/MPC3E-NG. This occurs because the TNPC-CM thread is hogging the CPU for ~450 ms when executing MIC-3D-20GE-SFP MIC offline/online. PR1211702
When an ARP entry is learned through the Aggregated Ethernet interface, and a route is pointing to that ARP next hop, the ARP entry might not expire even though the ARP IP is no longer reachable. This issue is due to the route next hop on the AE interface getting stuck in unicast state even if the remote end is not reachable, and the RPD never gets to determine that ARP is invalid. The route nexthop on Aggregated Ethernet interface should be shown in 'hold' state when the remote end is not reachable. PR1211757
On EVPN/VXLAN setup with the MX Series router as PE device, when both arp aging-timer and static MAC applied on the IRB interface associated with EVPN, the packet originating from Routing Engine on the PE router (such as ping) to the core side might be corrupted. This issue only impacts the traffic originated from the Routing Engine and does not impact the transit traffic. PR1213062
On MX Series routers with MPC3/MPC4/MPC5/MPC6/MPC2-NG/MPC3-NG line cards, the chassisd process crashes continuously on both Routing Engines because some failure cases caused by underlying software and hardware are not handled gracefully. Both Routing Engines might lost mastership and get stuck in backup mode. PR1213808
If a zero-length interface name comes in the SDB database, on detection of a zero-length memory allocation in the SDB database, a forced rpd crash would be seen. PR1215438
Syslog message : "fpc_pic_process_pic_power_off_config:xxxx :No FPC in slot y" is displayed on empty FPC slots with no PIC power off configured by committing configuration change under chassis hierarchy. PR1216126
In large-scale configurations or environments with high rates of churn, MX Series routers with FPC’s ASIC memory will become "fragmented" over time. In an extreme case, it is possible that memory of a particular size will become exhausted. Also, due to the fragmentation, the available memory will not fulfill the pending allocation. PR1216300
When VPLS instances are configured for the first time or when a system with VPLS instances is rebooted, rpd will be consuming high CPU usage (100%) for a period (10-20 mins), the installation of other routes may defer and traffic will be lost. Many other RPD services may also slow down or be unavailable. PR1216332
Suspicious log messages like "vbf_ifl_bind_change_var_walker:363: ifl .pp.54615 (1073796438): FILTER (28) Bind change notify ran for 276701162891 us" can be observed. The logs are harmless and can be ignored. PR1217975
On MX Series routers, replacing an MQ FPC (MPC Type1, 2, MPC 3D 16x10GE) with an XM one (MPC Type 3,4,5 6. 2E-NG, 3E-NG) might cause all other MQ-based cards to report "FI Cell underflow at the state stage". It will cause packets to be dropped. PR1219444
If RS/RA messages were received through an ICL-enabled (MC-AE) IFL, packet loss would be seen and last for a while. PR1219569
When MCNH (multicast composite nexthop) is used, packet loss might occur when multicast traffic enters the Packet Forwarding Engine and exits the Packet Forwarding Engine in a different FPC. PR1219962
On MX Series routers with enhanced subscriber management, performing a config commit that changes any dynamic profile data after the system has booted might result in login and logout CPS(connections per second) performance degradation for subscribers using the dynamic profile. PR1220642
When fpc-pfe-liveness-check is configured, Packet Forwarding Engine liveness detection might incorrectly report a Packet Forwarding Engine failure event under a severe interface congestion situation. PR1220740
On MX Series Virtual Chassis partial or complete traffic loss for streams via AE interfaces might be observed in certain scenarios. For example, if VCP ports were de-configured and re-configured again, then two consecutive global GRES switchovers were performed and the MPC hosting aggregated Ethernet child links was reloaded, traffic loss would be observed after the MPC boots up due to incorrect programming of aggregated Ethernet interface on its Packet Forwarding Engine. PR1220934
When MX Series router has MACsec under security and the include-sci option is configured, although the interface where MACsec is configured receives traffic with IMIX packet sizes, framing errors might be reported in the interface statistics. PR1221099
PPPoE/DHCP subscribers fail to bind due to ProcessPADIFailedUiflNotActive/SML_CLIENT_DELETE_SDB_ADD_FAILED errors after continuous login and logout, and subsequent login will fail. PR1221690
Starting in Junos OS release15.1R1, the behavior of storage devices enumeration in kernel level has been changed. Device enumeration in legacy Junos OS releases (before 15.1R1) will show CF and Disk as ad0 and ad1 respectively Device enumeration in Junos OS Release 15.1R1 and later will show CF and Disk as ad1 and ad0 instead in the result of "show chassis hardware". This might be inconsistent for other result of output, such as "show system boot-messages" and "show log messages". PR1222330
On setup with IRB configuration and non-enhanced-ip mode, when certain actions which result in the underlying aggregated Ethernet interface of IRB going down, the backup Routing Engine may experience 'panic' and hence reboot. The panic occurs because the backup Routing Engine cannot allocate the next-hop index requested by the master Routing Engine. Because the panic and reboot happen on backup Routing Engine, routing, forwarding, and any other functionality will not be affected. Some examples of triggers are continuous child link flaps of the aggregated Ethernet interface or back-to-back commits of different IRB configurations, and activating/deactivating the bridge family on an underlying interface. PR1222582
In an enhanced subscriber management environment ("set system services subscriber-management enable") in which case the 'remove-when-no-subscribers' statement is configured in auto-configure stanza, when the last subscriber logs out (which triggers) dynamic VLAN IFL removal) and immediately then in close proximity a new subscriber logs in before the IFL is set to inactive, the dynamic profile deletion might be failed. Also, subsequent subscriber logins fail. This is a timing issue. PR1222829
The "unnumbered-address" under dynamic profile is showing the wrong value. PR1222975
The problem of tunnel stream getting misconfigured for LT interfaces is due to internal programming and the same has been corrected to evaluate multiple lt interfaces for FPC and PIC slot combination. PR1223087
In MX Series Virtual Chassis with subscriber management environment, the bbe-smgd process may leak memory in the backup Routing Engine when running continuous subscriber login logout loop tests. It seems that memory utilization increases with each login/logout loop until it reaches 809 MB, and it does not increase beyond that. PR1223625
In PPPoE subscriber scenario, after demux underlying interface AEx is changed tO AEy, the source MAC used for PPPoE handshake is still the old AEx interface's MAC. This causes PPPoE clients to fail as the PADR packets from the client are dropped due to the MAC address mismatch. PR1224190
When you receive alignment errors on a 10 Gigabit Ethernet port, you may see a MAC control frames counter with a huge value. PR1224632
SMID was coring when the query was thrown, because session database init was happened. A protection check introduced to check session database status.PR1225449
The following error messages might be seen when there is traffic from subscribers with captive-portal-content-delivery service:cpcdd[29943]: %DAEMON-3: early: bad stored heap: heap-ptr=0x0 data-ptr=0x839f742 cpcdd[29943]: %DAEMON-3: opDel: bad stored heap: heap-ptr=0x1000000 data-ptr=0x839f0aa These error messages do not have any affect on functionality. PR1226782
On MX Series routers, executing the command "show chassis ucode-rebalance" without a special FPC slot number, might cause chassisd to crash. PR1227445
In a subscriber management environment, the log message "vbf_ifl_bind_change_var_walker:377: ifl .demux.22698 (1073764522): IFL TCP (38) Bind change notify ran for 1480 us" can often be seen. This log message is generated when the time needed to complete execution of the routine exceeds. This message is harmless and can be ignored. However, sometimes time calculation yields incorrect results, and this issue has been corrected via this PR. PR1229967
When adding or deleting a dynamic-tunnel destination network for IPv6 over IPv4 dynamic UDP tunnels, an rpd core file might be seen. PR1230152
For IPv6 static routes derived from weighted LSPs, unequal load balance does not work. PR1230186
The random load-balancing feature does not function; all traffic goes to one of the load-shared egress links instead of being shared across all the links. PR1230272
Due to a bug in Junos OS, the interface statistic remains unchanged after ISSU on MX Series Virtual Chassis platform. This issue in turn leads to the RADIUS volume accounting value remaining unchanged after ISSU. PR1230524
The dynamic-profile service filter matches the traffic that is not defined in prefix-list applied to the filter. This causes the filter to not work not as expected or even match all the traffic. PR1230997
ICMP identifier is not translated back to the expected value during traceroute for TTL exceeded packets on NAT using multiservice MPC. This occurs for ICMP ID >255 and causes all hops (except first and last) to appear as "*". PR1231868
IPsec tunnels anchored on service-set are not cleared when ms interface inside IFL is disabled through CLI command. PR1232276
Optional service session is terminating during session setup when optional service has configuration errors. PR1232287
Some PFE statistics counters do not work in MPC7/8/9.
1. Fabric input/output pps counters do not work in "show pfe statistics traffic"
2. Output and fabric input/output counters do not work in "show pfe statistics traffic detail"PR1232540
Packet Forwarding Engine statistics input packets pps counter may be inaccurate on MPC7E, MPC8E, and MPC9E. PR1232547
Input framing errors increment on interfaces connected to MPC2E-NG with 4x10G MIC when interface is configured in "wan-phy" mode. PR1232618
On XQ-based linecard, in a rare condition, when the FPC goes offline or online or when flapping occurs, some error messages might be seen. PR1232686
Correct the value of module voltage, which was previously off 10 times, displayed in the interface diagnostics optics table for 2X100GE CFP2 OTN MIC. PR1233307
High MPC5 CPU on a scaled setup with 64,000 - 128,000 subscribers due to XQ background service that collect internal statistics. PR1233452
LSP-ping might fail and IP packets with options will not get mirrored in port-mirror environment. PR1234006
For some SNMP traps the description does not match the event, for example: jnxTimingFaultLOESMCClear .1.3.6.1.4.1.2636.3.75.1.6 jnxTimingFaults 6 JUNIPER-TIMING-NOTFNS-MIB "A trap which signifies Loss of ESMC." PR1234083
Due to a software bug, when an SFB goes offline/online, the HSLink crc error values are not cleared properly; this triggers an unexpected link error/ SFB check alarm for another SFB. PR1234224
After the backup Routing Engine is replaced, the new backup Routing Engine cannot synchronize with the master Routing Engine if 'dynamic-profile-options versioning' is configured. This is because the code checks if any dynamic profile is configured before enabling dynamic-profile-options versioning. If so, it throws an commit error. But there is no need to check when the Routing Engine is in backup state. PR1234453
KRT queue is getting stuck happening because socket buffer is sending an incorrect value to the kernel and the kernel is returning error 'EINVAL -- Bad parameter in request'. PR1234579
Phase jump is detected when using hybrid mode PTPoE with SyncE. PR1234685
On MX Series routers with MPC7E/MPC8E/MPC9E, noise received on the console port might be interpreted as valid signals. This might cause login failure on the console port and login crash or even reloads. PR1234712
When a session is started with a dynamic-profile service using the service volume, it is observed that volumes are checked every 10 minutes instead of every 5 minutes. PR1234887
VLNS(VBNG) - Commit generated a "warning: requires 'l2tp-inline-lns' license" but a valid license is installed. PR1235697
On MX Series routers, when per-packet load sharing is enabled under the aggregated Ethernet interface, egress traffic over the aggregated Ethernet interface might be dropped unexpectedly. PR1235866
Junos Telemetry Interface authentication demon does not close the client connection properly keeping stale connections. Following command “show system connections | match JVISION_PORT” will show multiple stale connections. PR1235874
The "show route forwarding-table all" command is needed for tlb (traffic load balancer) and srd (Service Redundancy Daemon) while these daemons are running. And these outputs are being collected from tlb script as well as srd script. The "show system commit" command is getting executed from default-junos-show script. When the CLI command is issued "request support information", "show route forwarding-table all" and "show system commit" are taken twice by RSI (Request Support Information). PR1236180
On all platforms that support EVPN-VXLAN, the outer source MAC in the ARP reply packet header does not correspond to the inner virtual MAC if virtual MAC is configured. PR1236225
When PIC-based MPLS J-Flow is configured and MPLS packets are being sampled at egress (to be sent to service pic), the sampled packets do not reach the service PIC, which results in no MPLS J-Flow flows getting created. PR1236892
Due to a software bug, if there is an MPC6E slot#10 installed in an SFB2-based MX2020 router, and SFB#4~7 is offlined/online once, the next slot SFB will get 'SFB check alarm' unexpectedly. For instance, an SFB#4 offline/online triggers an SFB#5 check alarm. PR1237134
In MX Series Virtual Chassis subscriber management environment, LI enabled DHCP subscribers may experience packet drops because of MAC validation errors in the FPC. This issue was seen only when connecting the subscribers for the first time after rebooting the system. PR1237519
DNS server IP addresses are not present in the output of 'show subscribers extensive' for DHCP subscribers if the DNS configuration is provided from the access-profile or pool. If such data is provided from RADIUS, the output is correct. PR1237525
Due to lack of proper boundary checks in code, the MS-MPC might crash when receiving internally corrupted frames from other FPCs that have hardware failure or incorrect rewrite programming. PR1237667
Increased support of number of routing instances from 4000 to 64,000. PR1237854
When the interface configured under "router-advertisement" physically comes up for the first time, the rpd might repeatedly send the router-advertisement, which might result in as high as 100% Routing Engine CPU usage. PR1237894
After the number of licenses for the scale-subscriber feature was exceeded, customer encountered endless logs on the backup Routing Engine every 10 seconds. PR1238615
MPC9E may generate an FPC core file with Junos OS Release 16.1R2.11 when configured with "mixed-rate AE bundles" and "adaptive load balancing". The load-balancing techniques are orthogonal to each other. PR1238964
MX Series router is sending accounting interim without the update-interval configuration statement. PR1239273
In a BGP-PIC scenario, a change in the IGP topology (for example, a link failure in the IGP path) causes traffic outage for certain prefixes. This issue occurs because the unilist next hops for these prefixes are in a broken state. PR1239357
Traceroute will not resolve VRF loopback address where SI and pseudointerface exist. PR1240221
Subscriber Management: MIB ifJnxTable is not supported for subscriber interfaces. PR1240632
Session database (SDB) synchronization might fail if the master Routing Engine or the master chassis in an MX Series Virtual Chassis configuration (VC-M) is power-cycled. PR1241162
During scaled subscriber setup, the lowest dynamic-profile CoS service rate might be applied to other sessions. PR1241201
The PTP clock class changes are delayed. When PTP fails and the system goes into holdover, it will send clock class 6 for the next 10-15 minutes. When the system goes from holdover in state "locked". It will send clock class 248 for the next 10-15 minutes. PR1241211
In some specific case, untagged bridged traffic might not be mirrored on the second port of the mirrored group. If untagged bridged traffic is to be mirrored/sent on two different interfaces of the mirrored group, traffic might be mirrored/sent only on one of the mirrored interfaces/ports. PR1241403
Auto route insertion (ARI) IPv6 routes installed for IPsec dynamic endpoints might disappear from the routing-table after performing a graceful Routing Engine switchover (GRES) with nonstop active routing (NSR) enabled. The issue is triggered for IPv6 ARI routes with masks of /98 or longer. PR1242503
Currently MS-MIC supports a maximum of 2000000 routes scale. This includes all IPv4, IPv6, and MPLS routes in the system. When scale limit is exceeded, the FDB (forwarding database) memory will become exhausted and the MS-MIC will start to drop the routes and print logs. PR1243581
On MX Series Virtual Chassis, some VBF flows are missing after FPC restart. PR1244832
PSM goes to present state whenever there is a feed failure. The logic is changed to update the PSM state based on the number of feeds connected. PR1245459
With gRPC subscription for telemetry data with 2 seconds frequency, the jsd process might crash. PR1247254
When IGP/link flapping or running the clear mpls lsp command, because of the RSVP stale label entry, traffic for BGP prefixes that are pointing to LSP in inet.0/inet6.0 might get silently dropped or discarded. PR1247900
SPMB reboot causes a fabric black hole that lasts for more than 1 minute in TXP-3D. PR1248063
PADI dropped due to duplicate client. PR1248282
The bbe-smgd process might crash in case of duplicate UID variable names. For example, all CoS configuration elements should be converted implicitly to internal variables so they can be automatically used for different purposes in the dynamic-profile configuration. The bbe-smgd process crash cannot impact the traffic flows for existing subscribers, but does impact the creation of new subscribers. PR1248725
Only one IA-NA dhcpv6 (without PD request) could be bound in case two or more subscribers are provided with the same PD from RADIUS. For example, in case of several CPE devices from a household, all sessions will be provided with the same ACI/ARI. If the username is formed based on ACI/ARI (so the username is the same for all sessions), RADIUS can provide the same PD for all sessions and this will allow only one session to be established even though CPE's did not request PD. PR1249837
"JAM:PL: Registered attributes for %x \n" will be logged as INFO level. PR1250091
MPC5E/MPC2E-NG/MPC3E-NG/MPC7/MPC8/MPC9 might crash in some cases due to a software defect. If queues associated with the L4 node get freed but the L4 node is not freed at that time, later when trying to free the L4 node, because the queues have already been deleted, then a NULL queue node will be received and the MPC crashes. PR1250335
FPC ukern process might crash on Linux-based linecards (for example, MPC7/8/9 on MX Series) due to a bug related to ukern scheduler. PR1250691
The smihelperd process can crash during subscriber logout process. PR1250760
When an IPv6 node receives an ICMPv6 PTB (Packet Too Big) message with MTU < 1280, the node will emit atomic fragments. This behavior might result in a denial-of-service attack. PR1250832
Accounting statistics are not correctly preserved across ISSU upgrades. PR1250919
On Junos OS platforms with rpd (routing protocol process), if some interfaces go down, which results in some peers going down or BGP-RR (route-reflector) re-advertising routes, rpd (routing-protocol daemon) process might crash. PR1250978
During Routing Engine switchover or request MPC/MS-MIC online requests, character corruption is observed in the log. PR1251400
There is an rpd problem sending route update messages to the kernel. The KRT queue used to send the messages can get into a state where no more messages can be sent to the kernel. This causes the RIB and FIB to get out of sync. This is a timing problem between multiple rpd threads. It infrequently occurs at very large scale. PR1251556
When a MIC is re-inserted into the same slot, it is possible that the software may fail to read the software identification of the MIC. This results are misidentification of the MIC and not being able to initialize properly, and MIC0 info might disappear. It has no traffic impact. PR1252998
If "indirect-next-hop-change-acknowledgements" is enabled, the rpd will request an acknowledgment from the kernel when creating the new forwarding next hop for the indirect next hop. In a rare scenario with multipath configured, the rpd might restart while waiting for an acknowledgment from the kernel and the deletion of the old forwarding next hop is queued. PR1254735
On MX Series routers with MPC2E-NG/MPC3E-NG, the interfaces of these line cards might not come up when connecting to third-party transport switch. PR1254795
In the output of 'show subscribers extensive' the first IP address from the Framed Prefix (returned in Framed-IPv6-Prefix) looks to be assigned to the subscriber interface although it is not. The fix removes incorrect data. PR1255029
IRBs that are part of an L3 multicast group allocate ASIC memory when added to the group. A small amount of this memory is not freed when changes are made to the L3 multicast group. This could cause a crash due to an out-of-memory condition if there are continuous changes to multicast groups with IRBs over a long period of time. PR1255290
In VMX platform, if a lot of subscribers login/logout activity occurs when there are a large number of flows (500,000), multiple riot core files might be seen. PR1255866
Syslog messages may report "krt_decode_comp read a non specific nh from kernel nhid" This is a harmless debug message. PR1256197
Adding an application set with inactive applications that are not defined under the [applications] hierarchy will lead to constant core files each time the service PIC boots back up. PR1258060
Unable to run show subscribers extensive and some other CLI commands after GRES because subscriber-management database is unavailable. The other symptoms of the bug can be messages like sdb.db: close: Bad file descriptor after commit full. PR1258238
In a subscriber service environment, the device control process (DCD) might restart unexpectedly during commit process after changes to ATM interface configuration is applied. PR1258744
PPPoE subscribers are not coming up while verifying that IPCP renegotiation is happening properly for terminated PPPoE subscribers. PR1260836
When using an AMS interface and running the show interfaces extensive command, the logical interfaces will show only 0 for the packet counters. PR1258946
When TRI-RATE SFP-T is installed on MIC-3D-20GE-SFP-E, FPC will generate HEAP: Free at interrupt level /Free interrupt violation! syslog message when the interface is going down. PR1259757
Due to a software bug, the QSFPP-40GBASE-LR4 (CLI name is QSFP+-40G-LR4) might remain down after fiber link flap. This issue is specific to this optics module. PR1259930
Class of service (CoS ) does not correctly classify egress L3 multicast traffic from an ingress VLAN bridge interface after a configuration change. PR1260413
Only the first multicast IP packet was saved when waiting for a route to be resolved. This fix will save up to 20 additional IPv4 Multicast packets and send all saved packets after the route is resolved. PR1260729
In MX Series BNG subscriber management environment, there could be a slight deviation in the service accounting statistics when the subscriber session terminated abruptly. PR1260898
During multicast activation of dynamic subscribers via a service profile, the bbe-smgd daemon in the backup Routing Engine could sometimes crash. PR1261285
In a subscriber management scenario, it is observed that an authenticated dynamic VLAN interface with an idle-timeout is removed if there are no subscribers on top and if "remove-when-no-subscribers" is configured at the auto-configure stanza. The dynamic VLAN interface should only be removed after its idle timeout expires if it stayed idle during this period. PR1262157
There is a problem that MX Series routers use the wrong routing table to send out the ICMP network unreachable message back to the source; this might cause some problem on the end-user CPE. PR1263094
Dynamic VLAN interface is logged out upon reaching idle-timeout even though there is a client session (PPPoE or DHCP) above it. The proper behavior is to keep the dynamic VLAN interface in case of a client session (PPPoE or DHCP) is present above the dynamic VLAN interface. PR1263131
Currently when the CoS adjustment-control-profile (ACP) is configured with radius-coa using the adjust-less algorithm, cosd strictly follows the configured algorithm when (1) only service-profiles and/or CoA is used to apply rates to the subscriber flow and (2) no line rate adjustment protocols such as ANCP or protocol tags (for example, PPPoE-tags) are being used to apply updates. This results in undesirable complexity in applying service profiles in the order activated based on an ACP approach that is intended to control the comparison of a configured-rate and a line rate, where the former represents a policy and the latter the capabilities of the access loop. When only service profiles are in use, such that more than one service profile may be applied to the subscriber via RADIUS CoA and each service profile affects the shaping rate of the subscriber, the correct behavior is for CoS to ignore the algorithm when no line rate protocol is in use. Instead it should use a replacement semantic (logically the algorithm "adjust-always") to apply a service profile initiated via CoA in the order received. Thus a profile chain can be easily managed that includes the client profile and one or more service profiles, thereby allowing predictable and intuitive revert semantics during service-deactivation or re-activation scenarios. Once a line rate protocol such as ANCP is enabled and updates are received, only then should cosd follow the algorithm because it will then be performing comparisons with the configured rate and a line rate (where the intended goal is minimum (policy rate, line rate)). As a follow-on, the ACP configuration syntax will be revisited because it is unnecessarily complex for the intended use case. PR1263337
After router reboot or JSD process crash, sometimes the listening socket for JSD is not operational. PR1263748
After running show arp with subscribers connected bbe-smgd can become unresponsive/slow to other CLI commands. PR1264038
On MX Series routers with MPC7E/MPC8E/MPC9E installed, due to a race condition in reading optic state, after restarting MPC/MIC, extra link transitions might be seen during the period that the port is coming up. This is a timing issue and the affected port is random. The link might transform/flap multiple times before the link stabilizes. PR1264039
On MX Series routers with MS-MPC, with the Ethernet frames with more than 2000 bytes of payload, the mspmand process that manages the multiservices PIC might crash. The traffic forwarding might be affected. PR1264712
In some situations, MX Series LAC does not encapsulate packets received from CPE in l2tp tunnel if this subscriber has a static pp0 unit configured on the LAC side. This issue is causing a permanent traffic black hole for this subscriber and leads to PPP session flaps or in ability to establish a PPP session between CPE and LNS in case of using lcp re-negociation on the LNS side. PR1265414
If the dynamic VLAN profile does not have IFF configuration (for example, family PPPoE or family inet), but has firewall filter configuration, firewall filter indixes will not be released after the dynamic VLAN is removed. This eventually leads to depletion of available firewall filter indixes. PR1265973
Per IETF RFCs, IGMPv3 & MLDv2 reports not sent to IANA reserved multicast addresses 224.0.0.22(IGMP V3 ROUTERS) and ff02::16(MLD V2 ROUTERS) should be discarded. But BNG processes these reports. With this fix, the reports will be discarded and Rx error counter updated. PR1266309
When VSTP is enabled on a double-tagged aggregated Ethernet logical interface and there is another single-tagged aggregated Ethernet logical interface configured with the same outer VLAN tag, then the incoming traffic on that VLAN is incorrectly hitting the AE_RESERVED_IFL_UNIT (AEx.32767) and the traffic is getting dropped. PR1267238
It is possible to see a bbe-smgd core under certain boundary conditions on the standby Routing Engine with certain specific configurations. Because the core is on the standby no disruption in service is expected and the system recovers from this condition. PR1267646
The CLI configuration command set chassis effective-shaping-rate is enabled for the MX104. PR1267829
Command show arp interface xe-x/x/x no-resolve | display xml returns XNM errors in the ouput. PR1269170
On MIC-3D-20GE-SFP-E and MIC-3D-20GE-SFP-EH, an interrupt threshold was introduced. If MIC error interrupts are more than the threshold (> 2500 per 5 min), the MIC will be restarted. Due to that change, MIC error interrupts will hog the CPU when restart is initiated. PR1270420
In MX Series routers equipped with a next generation Routing Engine (RE-S-X6-64G and REMX2K-X8-64G), the following log messages might be displayed as error messages after a commit command is executed: sdk-vmmd: %USER-3: is_platform_rainier: Platform found as rainier. PR1271134
The Routing Engine might stop all services after GRES or ISSU. This issue is caused by corrupted Berkeley DB file after GRES or ISSU.PR1271306
Changing the mode of the interfaces causes the interface to go DOWN/UP. For the interface to be down, all the queues (in/out) associated need to emptied. Due to a certain condition, this is timing out, the queue is not getting emptied, and the interface pointer is not getting freed properly resulting in FPC crash. PR1273462
On MX Series with MPC7E/MPC8E/MPC9E installed, if the ports on MPC that mix 10-Gigabit Ethernet (GE) and 40GE/100GE, after 40GE/100GE port is configured under an aggregated Ethernet bundle, some received packets might be incorrectly dropped. This is due to a misconfiguration on the Aggregated Ethernet MAC address under the Packet Forwarding Engine. This issue might happen after configuring 40GE/100GE as LAG member. PR1274073
GRE MTU initialization: When GRE tunnels come up, the individual tunnel family MTU (which is V4/V6/L2 and so on) is updated based on its underlying interface family address MTU if the MTU is not configured exclusively under this GRE tunnel. However, Junos OS simply copies the MTU size, but it does not deduct the outer IP/GRE header length (20 + 4 bytes). The secondary issue is that while the underlying interface family address MTU size updates, the GRE tunnel MTU size will not be refreshed.
PMTU discovery mechanism clarification:
By default, the GRE tunnel source does not send any packets to discover PMTU. When traffic flows from the GRE tunnel source to the destination (or traffic entering GRE tunnel from outside) and if any intermediate router has a lower MTU and DF bit is set in the packet outer IP header, then that router sends an ICMP error message with error code 4 (indicates "packet too big" and cannot fragment because of DF bit) back to the GRE source router. If this ICMP message successfully reaches the source router, then the GRE interface MTU is updated with the MTU value suggested in this ICMP packet. After that, a timer is started in the GRE source router to keep this MTU value for this GRE tunnel within 5 minutes. After 5 minutes, the GRE MTU gets back its previous value, which is based on the underlying interface family address MTU or the configured MTU. However, during this 5-minute timeout, if another ICMP message is received with a lower MTU than the previously updated MTU (from 1st ICMP error packet), then GRE MTU is updated to reflect this new number and the timer is restarted. PR1274203
Previous default behavior: when the bfd-admin-down under "routing-options static" stanza is not 'not'-configured, it was passive; that is, the static routes would not be deleted on bfd-admin-down. Now the default behavior is active, that is. static routes will be deleted on bfd-admin-down. PR1275973
High Availability (HA) and Resiliency
On all platforms, if running ISSU, connection might be broken between the master Routing Engine and the backup Routing Engine. PR1234196
With the local pp0 interface configured for IPv6 and router advertisement, if the other side of the interface is not configured for IPv6, rpd high CPU utilization might be seen. PR1243338
Vmcores were generated on both VCMm and VCBm at the same time. PR1274438
Infrastructure
The GNU debugger, gdb, can be exploited in a way that may allow execution of arbitrary unsigned binary applications. PR968335
In an RSVP scenario, provision RSVP LSP with ldp-tunneling enabled and the LSPs configured with link protection, continuous kernel logs and LDP statistics timeout errors might be seen when executing show ldp traffic-statistics. PR1215452
During the upgrade harmless "invalid SMART checksum logs" might be seen. This PR will suppress unnecessary "invalid SMART checksum logs". PR1222105
Polling SNMP QoS queue statistics along with physical interface statistics might result in flat values for QoS queue statistics. The flat values could give a false impression that spikes are happening in the queues. PR1226781
If SSD contains a valid permanent (non-resettable) offline-uncorrectable-sectors positive value, smartd logs on the nonzero value by default every 30 minutes, which is too frequent logging considering that there has not been a change in the value. PR1233992
On all Junos OS platforms and on the router with PIM enabled that has a local receiver, stale next hops are present because they did not get deleted by daemons due to a timing issue. PR1250880
Legacy Junos Kernel might generate a core file on userland_sysctl / sysctl_root / sysctl_kern_proc_env / panic_on_watchdog_timeout. PR1254742
On Junos OS devices with legacy Free BSD (Free BSD version 6.X) based on Junos OS, the devices might crash and reboot if there is a defect in the Junos SDK based multi-threaded application that has been used. PR1259616
Interfaces and Chassis
In MX Series Virtual Chassis setup, CFM sessions on aggregated Ethernet interface are not distributed to FPC when member-1 chassis are chosen as primary. PR1198447
The show interfaces terse routing-instance all command has the wrong display format when there are multiple addresses. PR1207272
If the configuration can be scaled to have the inner list to have more than 4000 VLANS, the commit VLAN configuration operations might fail. PR1207939
The dcd cannot start after router reboot because of a non-existing IFL referenced in 'demux-options underlying-interface'. PR1216811
MPC might crash during ISSU from Junos OS Release 15.1R1 to a later release when QSFP/CXP/CFP2 optics are present. PR1216924
Previously the same IP address could be configured on different IFLs from different IFDs, but only in the same routing instance. Only one IFL was assigned with the identical address after commit. Such behavior could cause confusion: there was no warning during the commit, only syslog messages indicating incorrect configuration. With the fix it is not allowed to configure the same IP address (the length of the mask does not matter). PR1221993
PPPoE tunneled subscriber (L2TP) might get stuck in terminating state if radius sends Framed-IP-Address and Framed-IP-Netmask via access-accept in LAC. PR1228802
When using the Ethernet OAM Connectivity Fault Management feature, if the remote end deactivates the "protocols oam ethernet connectivity-fault-management maintenance-domain" configuration, the interface will go down as expected. However, once the remote end activates the configuration, the local interface stays down. (The defect is introduced in Junos OS Release 15.1F5 branch and occurs in 15.1F5-S3 or later.) PR1231315
When OAM CFM (connectivity-fault-management) MEP is configured on the LSI or tunnel interface that is on DPC card, every time a DMM (two-way frame delay measurement) or 1DM (one-way frame delay measurement) packet is received, certain harmless error messages might be seen. This is due to software time stamping not being used. The fix addresses the time stamp and suppresses the logs as well. PR1232352
The configuration change in which a static VLAN demux interface the underlying physical interface is changed to one with a lower bandwidth (for example, from xe to ge) can fail with the following error: "error: Bandwidth on IFL demux0.7000 cannot be greater than that of its IFD". For example: user@router# show | compare [edit interfaces demux0 unit 7000 demux-options] - underlying-interface xe-0/1/0; + underlying-interface ge-0/3/9; user@router# commit re0: error: Bandwidth on IFL demux0.7000 cannot be greater than that of its IFD error: DCD Configuration check FAILED. error: configuration check-out failed. PR1232598
There is no SNMP trap for dot1agCfmMepHighestPrDefect with value 0 reported when the OAM CFM session recovers from any other failed state. PR1232947
On MX series platform acting as broadband network gateway (BNG), in Point-to-Point Protocol (PPP) scenario, when using the Internet Protocol Control Protocol (IPCP) or Internet Protocol version 6 Control Protocol (IPv6CP) for negotiation, if the router receives Configure-Request packet from the client, MX Series BNG sends the Configure-Request packet, but does not send the Configure-Ack packet (in case it does not receive the Configure-Ack that responds to the Configure-Request packet it sent). The behavior does not follow RFC 1661, which demands that both actions Send-Configure-Request (that is, ConfReq from MX Series to client) and Send-Configure-Ack (i.e. ConfAck from MX to client) must be conducted on the router without any significant delay. PR1234004
On MX Series routers acting as broadband network gateway (BNG), in Point-to-Point Protocol (PPP) scenario the router can send LCP Terminate-Ack packet after PPP over Ethernet (PPPoE) PPPoE Active Discovery Terminate (PADT) packet. This behavior does not follow RFC 2516, which explicitly demands that when a PADT is sent, no further PPP traffic is allowed to be sent using that session, including normal PPP termination packets. PR1234027
Under a particular condition in configuring interfaces which have vlan-id/vlan-tags configured, the commit operation might fail with an error message. PR1234050
T3 interface configured with "compatibility-mode digital-link" may fail to come up due to incorrect subrate. PR1238395
If the MTU on BNG and CPE sides has different values, in a rare situation the MX Series router might calculate the MTU value for the corresponding pp0 IFL incorrectly. PR1240257
When static PPP over Ethernet (PPPoE) subscriber is trying to negotiate a PPP session exactly at the time when Graceful Routing Engine Switchover (GRES) happens, the negotiation might fail and the following logs can be observed in the output of show log message command. Jan 12 10:17:24.360130 allocateSession: IFL not available: pp0.1 1600!=1600 PR1245465
In scaled subscriber management login/logout tests, jpppd might crash if the shmlog entries using the command clear shmlog entries logname all are cleared. PR1245848
In some rare situations Ethernet Connectivity Fault Management Daemon (cfmd) might crash when committing a configuration where CFM filter refers to a firewall policy. When hitting this issue, all CFM enabled interfaces are down. PR1246822
If more than one IFL (logical interface) is configured under the same IFD (physical interface), and VRRP is configured on one IFL without VLAN and the lower unit number IFL has a VLAN configuration, then vrrpd incorrectly carries the VLAN information from the lower unit number IFL to this IFL's configuration. As a result, VRRP might get stuck (state: unknown, VR State: bringup). This might happen if VRRP is configured on the physical interface with flexible-vlan-tagging or the lt interface without flexible-vlan-tagging. PR1247050
When using static demux VLAN interfaces, the link local address will not be synchronized between the kernel and subscriber management demon. When using router advertisement on a static VLAN demux interface and not in a IP dynamic profile, a router solicit from customer equipment might not be answered by the MX Series router. This is dependant on which address the CPE is using. In this PR the option to configure the MX Series router to use EUI-64 address for the demux VLAN, will ensure that the addresses are synchronized between the demons. PR1250313
On Junos OS platforms, cfmd process runs by default. When bridge-domain is configured, if performing a commit to configuration that related to physical interface/logical interface (IFD/IFL), cfmd memory leak might occur due to a software defect. As a result, the memory leak could cause cfmd crash. PR1255584
The snmp-set command fails when the FPC/PIC/port has a value greater than 9 When the snmp-set command is issued, it encounters the following error due to incomplete port number in the command pushed. Jan 18 10:49:53.626342 snmpd_process_nvset: talking to mgd (60001) Jan 18 10:49:53.626350 >>> xml to mgd >>> Jan 18 10:49:53.626418 RPC-REPLY ERROR: missing or invalid port number in 'et-10/0/' <<<<<<<<<< commit failed PR1259155
On MIC-3D-20GE-SFP-E or MIC-3D-20GE-SFP, when SFP diagnostic information is being read out periodically, due to misbehaving SFP or noise on the I2C BUS, SFP thread might be hogging the CPU and a watchdog check will restart the MPC to recover. Enhancements will prevent the SFP thread hogging and MPC restart. PR1260517
In a dual-stack PPPoE subscribers environment, when the PPP session has been in "OPEN" state, if the router receives a Conf-Request message from the client, it then sends a Term-Request message as a reply unexpectedly. PR1260829
In a subscriber scenario, when traceoptions is enabled with flag GRES under PPPoE, if the subscriber username contains a format. (that is, the character "%" ) that cannot be successfully handled by the traceoption process, pppd might crash. PR1264000
These types of messages might be observed with configuration changes in an MX Series Virtual Chassis environment: Mar 2 00:14:30 CHASSISD_IPC_WRITE_ERR_NULL_ARGS: FRU has no connection arguments fru_send_msg Global FPC 14 Mar 2 00:14:30 SCC fru_set_boolean: send: set_boolean_cmd Global FPC 14 setting hold-pic-online-for-fabric-ready on. These messages are benign. PR1264647
In a PPPoE scenario, subscribers might get disconnected due to a keepalive failure when CPE is adding an additional data field in PPP Echo Request. PR1273083
The message dot1agCfmMepHighestPrDefect might be reported in the SNMP trap with the value of -1 instead of 0 on recovery after RDI. PR1273278
Layer 2 Features
When VPLS unicast traffic needs to be passed to a remote PE node via the LSI interface then go through the LAG interface to the L2TP network, packets could be dropped due to improper token handling. PR1240960
In VPLS topologies the kernel may report the error "pointchange for TLV type 00000052 not supported on IFL <name> " in /var/log/messages where <name> is a VT or LSI interface used by VPLS. The trigger to cause the issue depends on timing and is most often seen with high VPLS pseudowrite scaling when multihoming is configured, but other triggers might apply as well. The problem might cause high RPD CPU utilization, which can slow routing convergence. PR1279192
Layer 2 Ethernet Services
This issue occurs when running LACP between Juniper and Cisco devices with different timers (Juniper fast and Cisco slow) on both sides. On the Cisco side it take almost 90 sec to bring the interface down from the bundle. When one interface is removed from the LAG on the Juniper side, the lead on the Cisco side needs to time out to bring the interface down from the bundle. This results in unexpected outage behavior on the network. PR1169358
If the DHCP relay in a forward-only routing instance receives an option-82 embedded DHCP discover, then session establishment might fail. This issue will happen only if forward-only is configured. PR1187766
On MX Series routers, if chassis level configuration is used to offline the FPC after detecting major errors, the FPC will be offlined. But if the committing configuration is performed after offlining the FPC, the FPC will be brought online back again. PR1218304
MX Series router is not including Delegated-IPv6-Prefix in accounting interim. PR1231665
DHCPv6 renegotiation-lockout configuration command range has expanded to 4-600 seconds. This enables the customer to reduce the MX Series BNG wait time for responding to DHCPv6 solicit retransmissions messages according to their requirement. PR1234009
When LACP is configured in fast periodic along with the 'fast-hello-issu' configuration statement, LACP might time out if there is any interface commit operation on the peer router during ISSU, which causes OSPF adjacency flapping. PR1240679
In a large-scale unified ISSU testing, a MPC/FPC might go offline during the FRU upgrade phase of unified ISSU. PR1256940
The duplicate-clients-in-subnet option82 feature has changed in the following way:
When duplicate-clients-in-subnet option82 is configured, the client is identified using the circuit-id and/or remote-id of option82. Any other suboptions, for example, suboption 9 vendor specific, will not be used as a client identifier. Also, if duplicate-clients-in-subnet option82 is configured, existing clients will be identified using the circuit-id and/or remote-id of option 82 if available rather than being torn down. PR1257701
During the DHCPv6 renegotiation lockout time, BNG does not accept any DHCP solicits with rapid commit options for further processing. This may slow down the subscriber initialization in relatively high packet drop access network segments. Fix for this PR eliminates the impact of DHCPv6 renegotiation lockout timer for DHCP solicits with rapid commit options PR1263156
MPLS
When there are statically configured ingress and transit LSPs, due to a timing issue, there could be a scenario wherein the selfID used by the transit LSP might be allocated to the ingress LSP. Ingress static LSP does not reuse the same selfID during rpd restart, whereas the transit static LSP tries to reuse the same selfID. This leads to rpd crash due to the collision when the transit LSP tries to reuse the same selfID. PR1084736
User is allowed to configure both "load-balance-label-capability" and "no-load-balance-label-capability" together. This is incorrect and confusing. PR1126439
In some Inter-op scenario, sometime a new label is advertised without withdrawing the old label by peer. Under such scenario, Junos OS rejects the new label advertised (as per RFC3036 behavior). Below mentioned logs will be generated in such event:
Line 408105: Mar 14 14:00:21.716559 LDP: LabelMap FEC L2CKT NoCtrlWord ETHERNET VC 40347 label 53 - received unsolicited additional label for FEC, releasing new label. PR1168184
If PCE-controlled LSP is enabled, when the command no-install-to-address is configured under PCE-controlled LSP, the command no-install-to-address might not be honoured due to a code issue. Routes might be installed for the destination of PCE-controlled LSP, which might not be desired when this issue happens. PR1169889
When using RSVP-TE protocol to establish LSPs, make before break (MBB) might not be quit and will start again when there is a failure on PSB2 (RSVP Path State Block for new LSP) in some cases where PathErr is not seen. (For example, for a PSB2 that is already up and there is PathErr processing for it in place already, in this case, no PathErr is seen owing to local-reversion and a quick flap.) As a result, no rerouting happens even if the TE metric cost is raised. This issue has more chances of occurring only when there is non-default optimize switchover delay. PR1205996
When MPLS OAM with mpls-tp-mode is enabled and the OAM failure-action is configured with make-before-break, the RSVP Explicit Route Objects (EROs) of new path might be removed after Make-Before-Break (MBB). The issue could be observed when BFD packets are dropped or the LSP path link goes down.PR1207039
When dynamic-tunnel is configured but RSVP signaling is disabled, any configuration that affects dynamic-tunnels could cause the rpd process to crash. PR1213431
Due to an imperfect fix for compatible issue between 64-bit RPD and 32-bit client applications (such as "mpls ping", "monitor label-switched-path", "monitor static-lsp", etc) on Junos OS Release 15.1F5-S3/15.1F6/14.2R7/15.1R4/16.1R1, the function of monitoring signaled or static LSP is broken on either 64-bit or 32-bit RPD. But the other 32-bit client applications (such as "mpls ping" etc) is not impacted. PR1213722
In a scaled environment, when there are many unicast NHs related to the same transport LSP (for example, the same RSVP or LDP label), MPLS traffic statistics collection may take too much CPU time in kernel mode. This can in turn lead to various system impacting events, like scheduler slips of various processes and losing connection towards the backup Routing Engine and FPCs. PR1214961
If the link/node failure that triggered a bypass persists for a long time, and there are LSPs that do not get globally repaired, multiple stale LSP entries are showing and getting listed multiple times in the MPLS LSP. PR1222179
Junos OS supports protocols mpls (MPLS) in the VRF routing-instance, but Junos OS does not support protocols connections (CCC) inside the VRF routing-instance. However, when ANY INTERFACE under protocols mpls (MPLS) inside VRF routing-instance is configured/added, then it affects protocols connections (CCC) inside Master/Main/Default Instance. For instances, if ANY CE FACING INTERFACE under protocols mpls (MPLS) in any VRF routing-instance is configured/added, it is deleting the data structure containing CCC information as Junos OS does not have CCC information inside the VRF routing-instance. PR1222570
On MX Series routers with MPCs or MICs, if BGP-LU is configured with the entropy label. The entropy label value being generated might not provide a good load sharing result. PR1235258
The rsvp-lsp-enh-lp-upstream-status is taking more time to synchronize on the backup Routing Engine on Egress side. PR1242324
On MX Series routers, the LDP might fail to install LDP route in inet.3 table if IS-IS is configured with source-packet-routing and ldp-tunneling is enabled, which might cause the LDP to fail to install routes when IS-IS routes are present. PR1248336
With nonstop active routing (NSR) and LDP protocol running, a routing protocol process (RPD) on the backup Routing Engine might consume excessive CPU time if it cannot connect to the RPD on the master Routing Engine. PR1250941
When multiple RSVP LSPs are in ECMP and configured with metric values, if one of the LSPs removed the metric, other LSPs in ECMP might not honor the configured metric. PR1261961
During MBB (make-before-break), next-hop will change in Packet Forwarding Engine, RSVP route does not request a next-hop ACK before changing the route pointing to a new next-hop. When the scale is high, traffic loss can be seen for up to 1 second. PR1264089
Label 0 is assigned as IPv6 explicit null label when "explicit-null" is configured for LDP. However, label 2 should be used instead of label 0. PR1264753
With LDP session-protection configured, the LDP session for the remote LDP peer for rLFA (remote loop free alternate) might still remain up, even after rLFA is disabled or after the remote targeted LDP session is no longer needed by rLFA. PR1266802
When a container LSP has >10 member LSPs, only the first 10 LSP will be shown in the show mpls container-lsp name <lsp-name> statistics output.PR1267774
When MPLS builds the next hop for an mpls.0 route for the scenario with IDP over RSVP LSP over bypass tunnel and the IDP label is implicit-NULL, the label stack constructed for the next hop might be incorrect, with an invalid bottom label value of 1048575. PR1270877
During LDP shutdown, route added and deleted by LDP in the inet.0 table may be in the process of being deleted but still in the inet.0 table. The show route extensive CLI command might cause RPD to crash when trying to display the task name for such LDP route. PR1272993
Multicast
RPD creates an indirect next hop when a multicast route (S,G) needs to be installed when listeners show their interest to S,G traffic. Kernel then creates a composite NH. In this case this appears to be P2MP MCNH, which gets created. When any member interface is not a Packet Forwarding Engine specific interface (e.g, Vt, LSI, IRB or any other pseudo interfaces), kernel throws this message indicating that FMBB cannot be supported. These messages are harmless and do not have any impact. PR1230465
Network Management and Monitoring
MX Series BNG might send empty SNMPv3 responses for bulk-get requests to poll dot3adAggPortListPorts related OID's when using nondefault maxMsgSize settings. PR1207683
In MX Series subscriber management environment, sometimes BNG responds to the SNMP get requests with "Error: status=5 / vb_index=0" for some of the interface related MIBs. PR1218206
The statistics of OID ifOutError incorrectly includes ifOutDiscards, the buffer overruns are counted under ifOutErrors along with ifOutDiscards when SNMP Query is performed on ifOutErrors. PR1243071
On all platforms, if changing the syslog configuration, the eventd process might stop sending syslog message to a configured syslog server. PR1246712
SNMPv2 traps used to have the routing-instance information(context) in the community in the form context@community In SNMPv3, the same routing-instance information will be added to the contextName field of the SNMPv3 trap. For traps originating from a default routing instance, this field will be empty as it was earlier. PR1265288
Platform and Infrastructure
NPC cored with reference to [ 0x41490f64 in trinity_policer_free (result_ptr=0x5d671f64, nh_ptr=0x5d671f78) at ../../../src/pfe/common/pfe-arch/trinity/applications/dfw/dfw_action.c:1049 ]. This type of NPC core can be observed with a dynamic configuration change to the policer. The processing time in attempting to update all associated policers was exceeded. PR1071040
SNMP queries to retrieve jnxRpmResSumPercentLost will return the RPM/TWAMP probe loss percentage as an integer value, whereas the precise value (including decimal points) can be retrieved through the CLI by using the following commands: show services rpm probe-results and show services rpm twamp client probe-results. PR1104897
In a CoS environment with shaping-rate configuration under interface, if flapping that CoS interface, the shaping-rate function does not take effect. PR1163147
With the fix, XM-DDR3 boot diagnostics will return the test result of all XM-DDR3 components to the XM driver. If any XM-DDR3 component fails in the boot diagnostics test, the XM driver will abort the XM chip init process and report HW failure. The line card will not be brought up to online with any XM-DDR3 fail, causing a potential risk when sending corrupted packets to the remote Packet Forwarding Engines via the fabric streams. PR1166106
When graceful Routing Engine switchover (GRES) is configured, the ksyncd crashes on the backup Routing Engine if a VPN static route has a network address as a next-hop. This occurs because the backup Routing Engine is not ready for a graceful switchover. PR1179192
When multicast, vpls-flood or bridge-flood traffic, on an affected FPC type, with packet sizes ranging from 112 - 113 bytes or 108 - 109 bytes cross zone boundaries within the router (zones are defined below), traffic forwarding towards the fabric might stall. The following syslog entry will be reported "FO: Cell packing interface error". The MPC that reports this syslog error message needs to be restarted to recover from this condition. PR1180397
IPv6 now defaults to a probe type of ICMP. Prior to this a probe type had to be explicitly specified. This change brings functional parity between IPv4 and IPv6 probe types with regard to a default probe. PR1183196
Issue occurs if there is at least one python event-scripts configured with policy defended in configuration database. There are also some policies without the script action that hit the same warning. #commit full Jun 10 13:24:44 re0: [edit event-options] 'policy DOM-SIGNAL-CHECK' warning: Policy 'DOM-SIGNAL-CHECK' is defined in both Junos OS configuration database and event script, ignoring the one defined in the event script. PR1190964
In a very rare scenario, during a TAC accounting configuration change, the auditd daemon crashes due to a race condition between auditd and its sigalarm handler. PR1191527
Insertion of an offlined MPC6E into the MX2000 chassis can cause the FPC temperature sensor to detect transient "WARM TEMP" condition, and the chassis FAN in the same zone goes to high speed. PR1193273
Customer can now set the maximum datasize statement for JET scripts to up to 3 GB. PR1193948
Interface link flaps could occur or MPC might generate a core file with any GRES on an MX Series Virtual Chassis. On an MX Series Virtual Chassis, MPC board selects a clock from the next reference after GRES,which is a line interface. If there is no signal on that line, then the clock is bad and link flaps could occur or the MPC might generate a core file. PR1194651
On an MX Series router with an MQCHIP line card (MX Series routers with MPCs) with traffic-control-profile, if the overhead-accounting is configured with negative values, it might not work. The shape function will be affected. PR1195866
junos:key attribute, which is emitted in the XML format of the configuration, will not be emitted in the JSON format of the configuration. PR1195928
Blank firewall logs for IPv6 packets with next-header hop-by-hop is fixed. PR1201864
On MX Series routers with MPC2 NG/MPC3 NG/MPC3/MPC4/MPC5/MPC6 installed, when configuring multiple lt interfaces with HQOS on a MPC, due to a software defect, when creating internal lt tunnel stream in Packet Forwarding Engine, the tunnel bandwidth will be overridden to max bandwidth(60G for MPC2 NG/3 NG, 100G for MPC/3/4/5/6). This causes all of the 256 internal FIFO resources to be allocated only two tunnels. The allocation for other tunnels fails due to lack of resources. As a result, only two lt interfaces can stay up, other lt interfaces will go down. PR1209065
On MX2000, show chassis hardware detail might show MICs are installed even after MICs are removed. PR1216413
MX Series routers with MPCs might crash after firewall filter configuration change is committed. PR1220185
Routing protocol process (RPD) might restart unexpectedly if one of its TCP sockets is closed. PR1221183
When any MPC line card is offlined, it goes offline via all offline flows and connection is cleaned, but in the end of the offline flow, somehow it delays powering off the line card. The chasd process powers off the MPC via L2cs write the respective power registers, but in hardware it is not really powering off. As a consequence, since MPC is still powered on but the connection is down, it will try to reconnect, then start to come up automatically within 10 secs. It occurs sometimes. PR1222071
NTP peers failed to synchronize in symmetric active mode when there is significant downtime of one peer (for example, due to power maintenance, such as HW or SW upgrades). PR1222544
IPv6 traffic learned on an L2/bridge/multilink interface and when it has been traversed through MPLS, core random packets might get classified incorrectly by the fabric, which leads to packet loss. PR1223566
Interface firewall filters might get mixed up after Routing Engine mastership switchover with GRES disabled. PR1224995
This is a race condition between database creation and database access. Rarely reproducible. There is no functional impact of the core. PR1225086
Next hop used for Routing Engine generated TCP traffic might differ from the one used for Routing Engine-generated non-TCP traffic if the prefix not subjected to 'then load-balanced per-packet' action and is pointing to an indirect next-hop resolved via unilist next-hop (ECMP). Before the fix for PR1193697, this leads to non-TCP traffic generated from Routing Engine taking one unicast next-hop while TCP traffic generated from Routing Engine is load-balanced across different next-hops. After the fix for PR1193697 this behaviour might lead to non-TCP host outbound traffic taking one unicast next-hop, while TCP host outbound traffic takes another. PR1229409
Firewall filter index mapping gets incorrect after Routing Engine switchover, due to the contents of "/var/etc/filters/filter-define.conf" getting wrongly changed after Routing Engine switchover. PR1230954
The apply-path change bit does not seem to get applied when prefix-list is modified and the DFWD daemon, which waits for the policy-options, does not get notified and the apply-path function is broken. PR1232299
In an AI-Scripts (Advanced Insight Scripts) environment, when there is some special combination of jcs:printf(...) and some special characters (such as \n \t \\) at the boundary of the buffer, the scripts process might crash and high RPD memory usage is observed. PR1232418
Incoming interface index could not be used as a load balancing input factor under family multiservice if the traffic payload is a non-Ethernet frame. PR1232943
FPC memory leak seen on T4000 FPC Type 5. PR1233003
The scale-subscriber license count might increase to an invalid license state with L2TP/LTS clients. This is due to the l2tpd daemon not going through a proper state transition on L2TP/LTS clients logout hence the license count was not getting updated. The fix will ensure the license count is updated on logout regardless of the daemon going through proper state transition or not. PR1233298
NTP.org and FreeBSD have published security advisories for vulnerabilities resolved in ntpd (NTP daemon). Server-side vulnerabilities are only exploitable on systems where NTP server is enabled within the [edit system ntp] hierarchy level. A summary of the vulnerabilities that may impact Junos OS is in JSA10776. Refer to JSA10776 for more information. PR1234119
Login for flow-tap DTCP-over-SSH service fails when SSH key-based authentication is configured for the flow-tap user. PR1234464
In an MX2010/2020 environment with an MS-PIC with a J-Flow configuration, MX2010/2020 cannot sample multicast traffic when this multicast is copied to multiple interfaces. PR1237164
FPC and Routing Engine might get stuck in high CPU when DDoS SCFD is turned on. PR1237486
The auditd daemon is on LCC except SFC. So the auditd on LCC generates log message. PR1238002
Due to a regression issue, the presence of errors or traps during ISSU might result in an LU/XL based FPC crash. PR1239304
On MX Series routers with MPC5/MPC7/MPC8/MPC9, when a low value of temporal buffersize (for example,10k) is configured, the threshold in the drop rule in the Packet Forwarding Engine (PFE) differs from what is expected. PR1240756
During an unified ISSU process, an MPC1E/2E/3E/4E or MPC-3D-16XGE-SFPP may restart unexpectedly. This issue shows up as an error in ppe_cfg_morph_ucode_instr( ) routine which can be seen in syslog messages. PR1241729
For hardware platforms based on EA or XQ chips (such as MPC2E-3D-NG-Q), the minimum buffer value programmable in the Packet Forwarding Engine is modified from 4096 bytes to 1568 bytes. PR1246197
An MPC/FPC may report LUCHIP EDMEM error during ISSU. This may cause inconsistency or incorrect forwarding information (FIB) inside the Packet Forwarding Engine. While the MPC is in the problem state, the Packet Forwarding Engine may experience packets lost. The issue should be self corrected after the ISSU process is complete and the Packet Forwarding Engine learns new FIB entries. However, if the problem persists, the MPC might need to be restarted. PR1249395
The configuration database is locked when a user that was in "configure exclusive" is logged out unexpectedly. PR1250305
When RADIUS accounting is configured, the Junos OS device will try for the maximum number of times when sending RADIUS accounting requests to a non-reachable RADIUS accounting server. When the last try is sending but the socket is closed due to the 'network is down' between Junos OS device and RADIUS accounting server, the auditd might crash. Auditd will get restarted automatically after it crashes. So accounting continues to work after auditd crashes. However, at the time of crash if there are some messages in the auditd queue that need to be sent out from Junos OS device to accounting server, those messages might get lost. After auditd gets restarted, the next event that has to be sent to RADIUS server, will be sent normally. PR1250525
In a logical-systems environment, if there are some failures that cause Routing Engine switchover (not perform Routing Engine switchover manually), the Kernel routing table (KRT) queue might get stuck on the new master Routing Engine with the error "ENOENT -- Item not found". PR1254980
On MX Series routers with MPC5E or MPC6E cards, if VPLS or bridging features are configured, it is possible that unicast L2 packets with known MAC addresses are flooded instead of being forwarded to the known ports. It might cause some unicast traffic over VPLS or BRIDGE to be dropped. PR1255073
Packets are not encapsulated with GRE header after disable and reenable gr- interface and GRE tunnel traffic might get dropped. PR1255706
During an unified ISSU, memory from the previous image related to hash tables is not properly recycled, which leads to blocks of physical memory being left unused. The crash is triggered by an attempt to create a memory pool using one of these blocks. PR1258795
mgd might crash after executing the command show ephemeral-configuration | display inheritance. This option is unsupported. PR1258823
If IX chipset-based mic(MIC-3D-20GE, for example) is used on an MPC that has two more mic slots, the show pfe statistics traffic detail command could display in/out pps statistics unexpectedly. PR1259427
After an interface switch, when the MAC moves from one interface to another, the next hop is incorrectly following the MAC route, which has been corrected via code changes. PR1259551
When a DHCP/BOOP reply packet is received from an unnumbered interface, the FUD process might fail. PR1260623
After an ISSU upgrade, the WRED drop profile may not be programmed correctly, resulting in an incorrect WRED drop. PR1260951
On an MQ chip-based MPC, some DDRIF checksum errors are observed, which might send traffic to a black hole. This PR also includes a chassis management alarm when there is a DDRIF checksum error on the MPC. PR1260983
On an MX Series Virtual Chassis setup acting as an MVPN bud node and having a downstream local receiver and a PE node, traffic with few multicast groups are reported not being forwarded to the local receiver. PR1261172
MX Series routers with FPCs might crash generating a core file when interface-specific firewall filters are configured with policers. PR1267908
On all platforms, fast flapping of interfaces/fast changing of configurations might cause an RPD crash and BGP sessions will flap very quickly. PR1269116
Port Security
The transmit delay interval is the maximum time the key server will wait before installing a new TX SAK (default value is 6 seconds). When MKA transmit interval is set to 6 seconds, during key roll over both transmit interval and delay interval timers expire at the same time and a new TX SAK gets installed on the key server before the RX SAK is installed on the peer node causing traffic drop. PR1257041
Routing Policy and Firewall Filters
With rib-groups configured for importing routing information to multiple routing tables, unexpected route refresh might happen when committing a configuration change due to a defect in code related to secondary table list handling. PR1201644
Routing Protocols
When a BGP speaker (router) has multiple peers configured in a BGP group, there is sometimes an inaccurate count of prefixes. This occurs when the BGP speaker receives a route from a peer and re-advertises the route to another peer within the same group. In such instances, the MIB object "jnxBgpM2PrefixOutPrefixes" for peers in the same group reports the total number of advertised prefixes in the group. MIB value "jnxBgpM2PrefixOutPrefixes" is defined as being used on a per-peer basis. However, it is instead being used to report prefixes on a per-group basis. To display an accurate number of advertised prefixes, use the show bgp neighbor command. PR1116382
For devices populated with master and backup Routing Engines and configured for nonstop active routing (NSR) and Protocol Independent Multicast (PIM) configuration, the routing protocol process (RPD) might crash on the backup Routing Engine due to a memory leak. This leak occurs when the backup Routing Engine handling mirror updates about PIM received from the master Routing Engine deletes information about a PIM session from its database. But due to a software defect, a leak of 2 memory blocks (8 or 16 bytes) may occur for every PIM leave. If the memory is exhausted, the rpd may crash on the backup Routing Engine. There is no impact seen on the master Routing Engine when the rpd crashes on the backup Routing Engine. Use the show system processes extensive command to check the memory. PR1155778
In a BGP scenario with inet-mdt family configured under protocols BGP, route table <TABLE>.mdt.0 might get deleted if it has no routes. As a result, RPD might crash on the backup Routing Engine, and BGP sessions might flap on the master Routing Engine.PR1207988
In large-scale BGP route environments with multipath configured, if BGP sessions go down simultaneously, the rpd might crash because it cannot finish multipath cleanup within a 10-minute limit. PR1209695
If BGP and NSR are configured, then doing GRES might cause BGP to get stuck in NSR replication state. PR1210781
When multiple labels become stale in stale-label-holddown-duration (default 60 secs), it restarts the timer and accumulates all the stale-labels without getting deleted. This might cause memory for allocating labels to be exhausted and then MPLS traffic might be affected due to abnormal/failing label allocation. PR1211010
BGP routes are rejected as cluster ID loop prevention check fails due to a misconfiguration. But when the misconfiguration is removed BGP routes are not refreshed. The fix for this issue sends a soft route refresh dynamically when a cluster ID is deleted. PR1211065
When IS-IS is configured with overload timeout of 60 seconds and fragmented LSPs exist (for example, 25 IS-IS neighbors + 10K ipv4 routes + 1K ipv6 routes), if link flap/neighbor down/restart routing event is triggered, the IS-IS routes might miss in the routing table, which might cause some protocol sessions to go down and traffic loss. PR1213166
When changing the RD for an existing VRF with established chatty MSDP sessions or deletion/deactivation of MSDP session in the configuration, the rpd process might crash, which leads to traffic disruption. PR1216078
The routing protocol process (RPD) on a backup Routing Engine might restart unexpectedly in a large BGP NLRI environment. PR1220651
In the rare scenario with a maximum number of routes in the BGP RIB_OUT table (for example: there are more than 700K BGP routes in route table), if flapping BGP protocol, it might cause the rpd process to crash. PR1222554
According to the SR draft, the SR Capabilities sub-TLV must be propagated throughout the level and should not be advertised across level boundaries (the S bit in Router Capability Flag is set to 0). When IS-IS segment routing is configured, the S bit in Router Capability Flag is set to 1, which means the IS-IS Router CAPABILITY TLV must be flooded across the entire routing domain. Thus it leads to the IS-IS adjacency failure with other vendor devices. PR1223448
When doing multiple back-to-back GRES switchovers the BGP peerings might drop after three or more switchovers. PR1224330
On the Junos OS devices during graceful restart, the restarting node might send "End of RIB" maker too soon to its helper nodes, before the actual route updates are completed, causing traffic loss. PR1225868
On all platforms, if MPLS goes down due to link flap or FPC reboot or restart, rpd core could be seen. PR1228388
When first multicast packet gets fragments because of bigger in size, the receiver in the MVPN scenario does not receive all fragments. The fix for this PR will make sure to wait untill the last fragment of the PIM register packet is received at RP before processing the PIM resolve request. After last fragment of register packet is received, the PIM register state is created and the PIM resolve request is triggered to install a multicast route. So, all fragments of the register packet will get forwarded to the receiver. PR1229398
Junos OS 15.1 and later releases might be impacted by the receipt of a crafted BGP UPDATE which can lead to an rpd (routing process daemon) crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition. Refer to JSA10778 for more information. PR1229868
Remote LFA protection may not work for the OSPF route in case if - also a LFA protection is available - there is not ECMP to candidate PQ node - PQ node's router-id belongs to different area. PR1230322
When a BGP peer goes down on the peer device, there might be a case of freeing the BGP session resources twice on the Junos OS devices and it can result in an rpd crash. This issue occurs when graceful restart is enabled on the peering device. PR1230556
In a rare condition after a BGP session flaps, BGP updates might not be sent completely, resulting in BGP routes being shown in the advertising-protocol table on the local end but not shown in the receive-protocol table on the remote end. PR1231707
The routing protocol process (rpd) sometimes is interrupted and halted when it tries to free a session reference block. This can occur when the memory red zone check fails and at the same time attempting to free reference memory block. The failure is caused when the red zone check receives an address that is not the beginning of a memory block. PR1232742
Juniper Networks implemented BGP4-MIB (including bgpPeerTable and bgpPeerState) per RFC 4273. When there is IPv6 BGP neighbor, Junos OS is unable to return a correct value for the BGP peer. This is caused because bgpPeerTable/bgpPeerEntry is indexed by bgpPeerRemoteAddr, which is syntaxed as IpAddress, a 32-bit integer. But the IPv6 address is 128 bits. This will cause Junos OS to return 0.0.0.0, which is considered an invalid peer. PR1233790
With BGP ORR (optimal-route-reflection) configured, if IS-IS LSP has more than one fragment and the LSP is purged (for example, a topology change after a link flap), then an rpd crash might be seen. PR1235504
When a rib-group is configured with a nonexistant routing-instance, after deleting rib-group and deactivating static flow route, a stale route might be present in inetflow.0 rib. It might affect traffic forwarding. PR1236636
When there are different LSPs towards the same egress endpoint and they are up and advertised in IS-IS or ISIS TE shortcuts are configured, the active route is expected to use the LSPs as ECMP next hops in inet.0. If in addition, RSVP load-balance bandwidth is configured it would be expected that traffic is load balanced taking into consideration the LSP's bandwidth. The later was not happening and the traffic was load balanced equally across all ECMP LSPs, which should not have been the case. PR1237531
A combination of next-hop-self, add-path, and per-prefix-label on a BGP-LU (label-unicast) RR can cause the wrong MPLS.0 routing/forwarding swap state to be installed. PR1238119
When a Juniper Networks device is running protocol BGP, and policy configuration is modified, an assertion condition might be hit where the routing protocol process generates a core file. PR1239990
When sham-link is configured, doing a series of configuration changes about sham-link might cause sham-link not to bring up. PR1240391
In a PIM scenario with BSR configured, after deleting a static RP configuration from another router, then checking an RP table on a BSR router, there might be a stale bootstrap RP entry (which is the static RP deleted from another router) in the RP table. PR1241835
Session uptime in show bfd session detail output omits seconds if uptime is longer than 24 hours, which is different from similar output for Label Distribution Protocol (LDP), Open Shortest Path First (OSPF), or Border Gateway Protocol (BGP). Seconds are always included into corresponding outputs for these protocols. PR1245105
In BGP configuration, the static rt-constrain feature is configured but family route-target is not present on any BGP configuration, RPD might generate a core file. This is due to cleanup code attempting to free state that was not created since family route-target was not configured. PR1247625
On all platforms, OSPF next hop might keep flapping between rLFA (remote LFA) and LFA when multi-area (PQ node sits in different area) rLFA along with policy is configured PR1248746
Junos OS supports the mechanism to preserve BGP routing details for a longer period from a failed BGP peer than the duration for which such routing information is maintained using the BGP graceful restart functionality. But due to a software defect, the LLGR (Long-Lived Graceful Restart) feature not working between a Juniper Networks PE to other vendor's RR. PR1248823
The configuration statement "learn-pim-router" is not working properly and as a result PIM hello packet will not be forwarded over pseudowire and multicast traffic will be dropped when the statement is configured under igmp-snooping protocol. PR1251439
Routing protocol process (rpd) might restart unexpectedly with a reference to ioth_session_delete_internal ( ) routine. PR1261970
On MX Series routers, if enabling IS-IS segment routing but certain interface is not enabled RSVP, then it might cause corrupted TLV 22 of IS-IS (the size of the value part of the TLV exceeds 255), and it might cause rpd to crash for parsing the LSP (labeled switchover path). PR1262612
If vrf-table-label is configured in carrier of carriers VRF routing-instance and a direct interface route is advertised from the VRF towards a CE device as BGP-LU (BGP Labeled Unicast) route, the MPLS label entry for the direct route is permanently stuck in the kernel routing table (KRT) queue. PR1263291
On MX Series router, when configuring import policy of IPv6 prefix with a IPv4 next hop for a BGP neighbor, the Rpd might crash continuously. The rpd crashing stops only after deletion of the policy. PR1265224
After configuring "family inet unicast extended-nexthop", in the BGP open message sent to the peer, "Nexthop AFI=2" should be in the message instead of "Nexthop AFI=3". PR1272807
Services Applications
When using NAT on the MX Series router, the FTP ALG fails to translate the PORT command when the FTP client uses Active Mode and requests AUTH(SSL-TLS) but the FTP server does not use AUTH. PR1194510
Backup SDG reported memory-usage zone in RED, live PIC cores have been collected and PICs have been restarted. PR1202872
IDP policy is trashing with the following log messages:
Aug 23 20:56:25 esst480a jlaunchd: idp-policy (PID 8562) started
Aug 23 20:56:25 esst480a jlaunchd: idp-policy (PID 8562) exited with status=0 Normal Exit
Aug 23 20:56:25 esst480a jlaunchd: idp-policy (PID 8564) started
Aug 23 20:56:30 esst480a jlaunchd: idp-policy (PID 8564) exited with status=0 Normal Exit
Aug 23 20:56:30 esst480a jlaunchd: idp-policy (PID 8570) started
Aug 23 20:56:35 esst480a jlaunchd: idp-policy (PID 8570) exited with status=0 Normal Exit
Aug 23 20:56:35 esst480a jlaunchd: idp-policy (PID 8574) started
Aug 23 20:56:40 esst480a jlaunchd: idp-policy (PID 8574) exited with status=0 Normal Exit PR1209351
The kmd process might hog CPU when continuously polling for IKE-related data through SNMP. This issue is specific to IKE related SNMP polling and not seen when continuously polling IPsec related data through SNMP. PR1209406
Once you disable the stateful-high availability feature for an interface and then reenable it for the same interface and it comes up as backup, we might see some delay before it actually starts the session synchronizing. PR1214015
L2TP subscribers on LNS might get stuck in Terminated state. PR1215941
When BNG receives an ANCP Port Up message for tunneled subscriber and this message contains Actual Interleaving Delay Upstream and Maximum Interleaving Delay Downstream TLVs, then corresponding AVPs in the incoming-call request message will be corrupted. PR1234440
On Layer 2 Tunneling Protocol (L2TP) access concentrator (LAC) router where Access Node Control Protocol (ANCP) is used for bandwidth adjustment, L2TP Connect Speed Update Notification (CSUN) message to L2TP network server (LNS) might be sent after a short delay after ANCP Port Up with updated access line parameters was received. This delay is caused by current interaction scheme between ANCP and the L2TP daemons and can last up to 5 seconds. In a production network scenario this delay shouldn't be visible as the L2TP daemon checks for state updates each time when there is an L2TP packet that has to be sent or received. PR1234674
PPPoE - L2TP subscribers might get stuck in Terminating state in longevity login/logout test. PR1235996
When the stateful firewall flows time out repeatedly, there can be performance degradation on the MS-DPC PIC. This will eventually lead to MS-DPC unable to scale to the peak flows that we allow. PR1242556
On Layer 2 Tunneling Protocol (L2TP) network server (LNS) router L2TP tunnels might be stuck in "Terminating" state after execution of particular sequence of CLI commands. Deactivation of tunnel-group on LNS leads to clean up of all logged in L2TP subscribers and L2TP tunnels. If the clear services l2tp tunnel command is issued when the clean up has not been completed, it is possible that the tunnel will not be cleaned up properly and get stuck in "Terminating" state. PR1249768
With MS-MIC/MS-MPC used for NAT service, when changing the source-address under a NAT rule term for a BASIC-NAT translation type, all future traffic hitting the NAT term will be dropped. PR1257801
L2TP Congestion Window set to 128 instead of 1 when tunnel is created. PR1265001
Apply-group configuration may cause KMD process crash during "commit check" process, which causes IPsec tunnel establishment failures. After this fix, apply-group can be used. PR1265404
On MX Series routers, in rare cases, If chassis tunnel configuration and the flowtaplite configuration are changed in the same commit, kernel might crash. This is a timing issue and the probability of hitting this issue is low. If NSR/GRES is enabled in the device, the impact might be low that the kernel crashes. On the contrary, if NSR/GRES is not enabled in the device, traffic loss/routing protocol restart might be seen. PR1273357
Subscriber Access Management
The auth request does not cause the router to send RADIUS REQUEST message, "Failed to queue the request, will be queued in authd internal queue" PR1178813
In a subscriber management environment with two or more RADIUS servers connected to an MX Series router, syslog is not generated when the RADIUS server is marked dead.PR1207904
If RADIUS returns Framed-route="0.0.0.0/0" to a subscriber terminated on a Junos OS platform, this subscriber cannot log in due to an authentication error. PR1208637
A 3GPPP-SGSN-MCC-MNC svp with value "999999" will send in all CCR-GY requests.PR1233847
On MX Series routers with subscriber management, the DHCPv6 solicit packets with IA_PD option from the subscriber are ignored if DHCPv6 server doesn't have prefix to allocate for this subscriber, which is incorrect behavior. According to the RFC standard, DHCPv6 server should reply to such packets using special Status Code: NoPrefixAvail (6), which should be included in Advertise/Reply in case if no delegated prefix is available. PR1234042
On MX Series router with dual Routing Engines, after router the GRES, if user adds traceoptions filter during GRES not ready period, the authd process might crash. PR1234395
Call rate performance may be impacted under heavy load if there are large numbers of small linked address pools due to a bug in the allocation traversal algorithm. PR1264052
show network-access aaa statistics radius detail can display an incorrect number of messages to the RADIUS server in case configured RADIUS server's are continuously flapping. PR1267307
In an MX Series BNG environment, it was noticed that the Show network-access requests pending count continues to increase even though there are no pending authentication requests. PR1267702
During L2BSA subscriber stress test, some of subscribers may report invalid Event-Timestamp to RADIUS. PR1270162
User Interface and Configuration
An rpd memory is increasing and cannot go back after an IS-IS interface flap. If this memory leak reaches a high level that impacts the route calculating, it might cause unexpected network issue. PR1243702
Some configuration objects are not properly handled by "delta-export" (dexp). This leads to an omission of the section of the configuration. PR1245187
VPNs
In MVPN SPT-only mode scenario, the first multicast packet is lost when the multicast source is directly connected to the PE. PR1204425
In NG-MVPN scenario, when "forwarding-cache timeout never non-discard-entry-only" is configured for an MVPN instance, even though the cache lifetime is shown as forever in the output of CLI command show multicast route instance X extensive, the route disappears after 7-8 minutes. PR1212061
On Junos OS platforms, only VPLS supports automatic-site-id. Configuring automatic-site-id under the L2VPN instance could cause an rpd core. The fix has now been provided to add a commit check to disallow configuring automatic-site-id under a L2VPN instance. With this fix, commit error will be thrown if the user tries to configure automatic-site-id under an L2VPN instance. PR1214328
The routing protocol process (rpd) might eventually become exhausted and crash when Layer 2 Circuit, Layer 2 VPN, or virtual private LAN service (VPLS) configurations are committed. These commit activities might create a small memory leak of 84 bytes in the rpd. If the rpd memory is exhausted, recovery can be accomplished by restarting rpd. If nonstop routing (NSR) is configured, the master Routing Engine can be switched over to the standby Routing Engine, causing the master rpd to exit and restart and free the leaked memory. PR1220363
In NGMVPN scenario with asm-override-ssm configuration statement for source specific multicast (SSM) group, if you issue the clear pim join command on the source PE, downstream interfaces get pruned causing the multicast flow to stop. If you issue clear pim join one more time then the issue is resolved. PR1232623
With NSR enabled and a Layer 2 circuit configured, an rpd crash might be observed on the backup Routing Engine when you change the Layer 2 circuit neighbor and then commit the changes. The issue does not exist if NSR is not enabled. PR1241801
An rpd crash might be observed with a segmentation fault after applying an L2VPN configuration followed by the ping mpls l2vpn command. PR1272612
Resolved Issues: 16.2R1
Forwarding and Sampling
Sampling Route-Record Daemon (SRRD) process does not delete routes when the DELETE is received from RPD in few configuration cases. This results in build-up of memory in SRRD daemon and once SRRD reaches the limit, it crashes and restarts itself. This happens only when one certain family is not configured on all of the FPC clients (e.g., FPC with inline J-Flow enabled or PIC with PIC-based sampling enabled is one client). For example, only IPv4 family is configured in all the clients, and IPv6 and MPLS families are not configured for sampling in any of the clients. PR1180158
The changes to srrd (sampling route reflector daemon - new architecture for sampling) process between Junos OS Release 14.2R5.8 and Junos OS Release 14.2R6.5 severely reduce MX80 series available memory and therefore RIB/FIB scaling. PR1187721
Starting with Junos OS Release 14.2R1, FPC offline could trigger Sampling Route Record (SRRD) daemon restart. PR1191010
On MX Series platform with "Enhanced Subscriber Management" mode, if default forwarding-classes are referenced by subscriber filters, commit configuration changes after GRES will be failed. PR1214040
General Routing
In MX Series Virtual Chassis (MX-VC) environment, the private local next hops and routes pointing to private local next hops are sent to Packet Forwarding Engine from master Routing Engine and not sent to slave Routing Engine, then an Routing Engine switchover happens. Now as the new master Routing Engine does not know about such next hops and routes, they are not cleaned up. When a next hop with same index is added on new master Routing Engine and sent to Packet Forwarding Engine, the Packet Forwarding Engine might crash due to a stale next hop. PR951420
When ps interface is configured using as anchor interface a logical tunnel (lt) interface without explicit tunnel-bandwidth configuration (under 'chassis fpc<fpc-number> pic <pic-number> tunnel-services' configuration hierarchy), the ps interface is created only in kernel, but not on Packet Forwarding Engine. In order to have ps interface in Packet Forwarding Engine, an explicit tunnel-bandwidth configuration is required. PR 1042737 removes this restriction, and a ps interface may be anchored to an IT interface without explicit tunnel-bandwidth configured. PR1042737
Wrong byte count was seen in the ipfix exported statistics packets for mpls flows . This issue is taken care now . PR1067084
The configuration support for enabling ingress and egress layer2-overhead is available in dynamic-profile but the functionality is not supported in Junos OS Release 15.1R3 and Junos OS Release 15.1R4. For example, set interfaces ge-4/2/9 unit 0 account-layer2-overhead ingress 30 set interfaces ge-4/2/9 unit 0 account-layer2-overhead egress 30 With the above configuration, the number of layer2-overhead bytes (30) are not added to the input bytes in traffic statistics. PR1096323
If any linecard crashes early during unified ISSU warmboot, the CLI might report unified ISSU success, resulting in a "silent ISSU failure". PR1154638
In sampling feature, certain scenarios force handling of the sampled packet at the interrupt context , which may have chance to corrupt the BMEB packet context , and lead to BMEB FDB corruption. PR1156464
During SIB yanking (pulling a SIB out without offline) on PTX platform with FPC3, it is possible that traffic may be dropped resulting in an overall reduction in traffic throughput. PR1162977
On rare occasions the transport daemon may generate a core dump after a configuration change. PR1164377
With Junos OS Release 15.1 and later, on MS-MPC or MS-PIC, OSPF adjacency may fail to establish when there is no static route pointing to service PIC. PR1164517
Sampled continues logging events in traceoption file after traceoption for sampled deactivated. This can be hit if there is no configuration under 'forwarding-options sampling' but other configuration for sampled is present (for example, port-mirroring). PR1168666
When MS-MPC is used, if any bridging domain related configuration exists (for example "family bridge", "“vlan-bridge"”, "“family evpn", etc), in some cases, continuous MS-MPC crashes. Hence traffic loss may occur. PR1169508
On MX Series with MS-MPC/MS-MIC, for some reason, out of order execution of instructions on MS-MPC/MS-MIC might happen and then causing the mspmand daemon (which controls the service pic and process the data) core and crash. PR1169946
When a CFM down-mep is configured on a STP-blocked interface which is housed on a DPCE card, flooding of traffic in the local L2 broadcast network might happen, leading to side-effects such as flapping of OSPF sessions, BFD sessions, or similar. PR1174175
On virtual tunnel (VT) tunnel environment with forwarding-class, customer is using AE interface to terminate subscribers on the box and the AE interface has members on two different FPCs, due to a software defect, the mirrored traffic is not going to the correct forwarding class as expected. The issue is also seen when terminate subscribers and virtual tunnel hosted interface are on two different FPCs (Non-AE case). PR1174257
MTU discovery may not be working due to lack of VRF info on egress card for BBE Subscriber traffic. PR1177381
CGNAT-NAT64: Few port leak are observed for the EIM/EIF IPv4 traffic(2M sessions) from public side. PR1177679
Changes are needed to support dedicated users for control and multicast traffic. This will avoid unicast traffic to be hashed to users doing ucode processing. On JUNOS OS side, this PR introduces new CLI command set chassis fpc X performance-mode num-of-ucode-workers Y. PR1178811
If "router-advertisement" protocol is configured in client ppp profile, unsolicited RA might be sent before the IPv6CP Configuration ACK is received. PR1179066
A micro BFD session sourced from an interface's L3 address works even when the interface is not assigned the related UBFD address. PR1180109
In case of point to point interfaces and unnumbered interfaces rpd crash might be seen in corner cases on configuration changes. There is potential fix given through this PR to avoid the crash. PR1181332
With NAT translation-type as napt-44, a few sessions are getting stuck upon deactivating/activating service-set or corresponding applications at a few times with traffic running. The same symptom is seen upon deactivating/activating service-set with traffic running and with 'deterministic-napt44' translation type as well. PR1183193
DA mac filter is missing on Child link of AE after FPC restart. PR1184310
When IPv4 firewall filter have 2625/32 destination in prefix-list, filter attached to subscriber interface is found broken. PR1184543
Continuous reporting of the following messages might be noticed sometimes while bringing up all IFD/IFL/IFF states at once.
Apr 1 11:16:05 mx2020-1 dot1xd[16641]: %-: task_receive_packet_internal: knl Ifstate packet from zero-len socket 8 truncated Apr 1 11:16:05 mx2020-1 dot1xd[16641]: %-: Free allocated bufp:(a433004) buflen:(16384)task_receive_packet_internal: knl Ifstate packet from zero-len socket 8 truncated Apr 1 11:16:05 mx2020-1 dot1xd[16641]: %-: task_receive_packet_internal: knl Ifstate packet from zero-len socket 8 truncated Apr 1 11:16:05 mx2020-1 dot1xd[16641]: %-: task_receive_packet_internal: knl Ifstate packet from zero-len socket 8 truncated Apr 1 11:16:05 mx2020-1 dot1xd[16641]: %-: Free allocated bufp:(a433004) buflen:(16384)task_receive_packet_internal: knl Ifstate packet from zero-len socket 8 truncated Apr 1 11:16:05 mx2020-1 dot1xd[16641]: %-: task_receive_packet_internal: knl Ifstate packet from zero-len socket 8 truncated During syncing of ifstate dot1xd try to read all the ifd/ifl/iff state at once. In scale scenario the size of these information will be very high. It may exceed demon rlimit / memory availability. PR1184948
When ams-interface is configured in warm-standby mode without adding any members, configuration commit will lead to rdd core. PR1185702
Next hop attribute in a framed route is not applicable anymore. Since subscriber IP address is used as the next hop in all cases, there is no need to have an additional attribute for next hop for framed routes. PR1186046
Traffic destined to VRRP VIP address or transit traffic with destination mac as VRRP VMAC which has paylod beyond 166 bytes (excluding headers) are dropped as "my-mac check failed" on MPC7E/8E/9E. PR1186537
After loading COS related configuration on MPC5E/MPC6E/MPC2E-NG/MPC3E-NG linecard, these error messages might be seen: "trinity_insert_ifl_channel:6449 ifl 495 chan_index 495 NOENT" "jnh_ifl_topo_handler_pfe(11591): ifl=495 err=1 updating channel table nexthop" PR1186645
On MX Series routers, a vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet to be accepted by the router rather than discarded. The crafted packet, destined to the router, will then be processed by the Routing Engine (RE). A malicious network-based packet flood, sourced from beyond the local broadcast domain, can cause the Routing Engine CPU to spike, or cause the DDoS protection ARP protocol group policer to engage. When this happens, the DDoS policer may start dropping legitimate IPv6 neighbors as legitimate ND times out. Refer to JSA10749 for more information. PR1188939
On MX Series platform, while using routing-instance for EVPN, and traceoptions is configured under global "protocols evpn", configuration of "vtep-source-interface" under global "switch-options" would be rejected. PR1189235
On MX240/MX480/MX960/MX2010/MX2020 platform, in rare cases, MPC4 line card might never come back online after rebooting the chassis by "request system reboot both-routing-engine" command. PR1190418
If a message received from LLDP neighbor contains "Port Id" TLV which has "Interface alias" subtype and is longer than 34 bytes, subsequent running of "show lldp neighbors" might lead to l2cpd crash. PR1192871
On MX Series with MPC3/MPC4/MPC5/MPC6, the VSC8248 firmware on the MPC crashes occasionally. This PR enhances the existing VSC8248 PHY firmware crash detection and recovery, helping recover from a few corner cases where the existing Junos OS workaround does not work. PR1192914
Configuring an RLT interface and rebooting the router shows the RLT interface down. The show l2circuit connection shows an mtu mismatch as the immediate cause. For example, the problem may be seen with the following configuration:
show configuration interfaces rlt0 redundancy-group { member-interface lt-4/0/0; member-interface lt-4/2/0; } unit 0 { encapsulation vlan-ccc; vlan-id 600; peer-unit 1; family ccc; } unit 1 { encapsulation vlan; vlan-id 600; peer-unit 0; family inet { address 70.70.70.1/24; } } PR1192932
With GRES (graceful-switchover) and nonstop-bridging configured in Juniper devices with dual Routing Engines, the backup Routing Engine might run into high CPU usage due to abnormally high CPU utilization by firewall daemon. The abnormally high CPU usage might impact the functions that backup Routing Engine works for. PR1193891
On Junos OS Release 15.1R3 and later with Tomcat model BBE release, if a subscriber login/logout which using multicast service, then another subscriber login and also use multicast service, this may cause bbe-smgd core on backup Routing Engine. PR1195504
In inline BFD or distributed BFD (in Packet Forwarding Engine) scenario, Packet Forwarding Engine fast reroute is not invoked anymore if the remote peer signals BFD ADMINDOWN message to local node and convergence time is performed based on protocol signaling. PR1196243
Distributed BFD session using inline-redirection on MX-VC might not work if the ANCHOR Packet Forwarding Engine is not within the same chassis member as the interface where the BFD packet is received from peer device. PR1197634
Problem: ======== The following continuous error messages are generated during 2X100GE CFP2 OTN MIC online on MX2K. This error message means PCI control signal communication failure between Packet Forwarding Engine on MPC6E and PMC Sierra OTN framer (pm544x) on MIC 2X100GE CFP2 OTN. *** messages *** Jul 25 17:39:04.807 2016 MX2K : %PFE-3: fpc0 cmic_pm544x_hires_periodic: error getting counters Jul 25 17:39:04.893 2016 MX2K : %PFE-3: fpc0 Failed in function pm544x_manage_link:2616 Jul 25 17:39:05.267 2016 MX2K : %PFE-3: fpc0 Failed in function pm544x_link_status:2449 Jul 25 17:39:05.267 2016 MX2K : %PFE-3: fpc0 cmic_pm544x_hires_periodic: error getting counters Jul 25 17:39:05.267 2016 MX2K : %PFE-3: fpc0 Failed in function pm544x_manage_link:2616 Jul 25 17:39:05.267 2016 MX2K : %PFE-3: fpc0 Failed in function pm544x_link_status:2449 Jul 25 17:39:05.321 2016 MX2K : %PFE-3: fpc0 cmic_pm544x_hires_periodic: error getting counters Jul 25 17:39:05.408 2016 MX2K : %PFE-3: fpc0 Failed in function pm544x_manage_link:2616 Jul 25 17:39:05.486 2016 MX2K : %PFE-3: fpc0 Failed in function pm544x_link_status:2449 Root cause: =========== Bug was in converting the 32bit PCI shared address to 64 bit address. When the MSB of the 32bit address was set, the conversion was buggy as it type caused it to signed long int, which resulted in extending the sign bit to first 32 bits of the converted 64bit address. The first 32bit of the converted address is expected to be zero as our memory is only 32 bit addressable. Problem appearance on customer deployments: =========================================== 1. Issue will be seen only when there are large number of nexthops in the Packet Forwarding Engine due to pfe anchor feature before the MIC is made online. 2. If the MIC came online without hitting this issue, then there is no chance of hitting this issue later. Because the bug was in the PCI shared memory allocation, which happens only during the MIC online. 3. This issue started showing after the Packet Forwarding Engine anchoring feature, which delayed the MIC online until the next-hops are sync to Packet Forwarding Engine. As a result the MIC is coming online very late and the shared memory allocation is coming from the higher RAM address, which the PMC vendor code porting layer is failing to handle. After the fix from this PR, we should not hit this issue. PR1198295
With MPC-NG or MPC5E hardware, the range of the queue weights on an interface is from 0 to 124. As every queue has to have an integer value of queue weight, it might be impossible to assign the weights in exact proportions to the configured transmit-rate percentage. Therefore, when a physical interface operates in a PIR-only mode, this might cause imprecise scheduling results. PR1200013
GUMEM errors for the same address may continually be logged if a parity error occurs in a locked location in GUMEM. These messages should not be impacting. The Parity error in the locked location can be cleared by rebooting the FPC. PR1200503
Dynamic firewall filter programs incorrect match prefix on the Packet Forwarding Engine. PR1204291
Packet Forwarding Engine may install next-hop incorrectly and cause traffic loss, if there is a next-hop policy pointing to a IPv6 address which need to be resolved. PR1204653
If send upstream and downstream IPv4+IPv6 traffic for PPPoE subscribers, mirrored traffic loss would be seen. PR1204804
On MX240/MX480/MX960 platform with RE-S-2000 Routing Engine, the Hard-Drive information on Routing Engine RE-S-2000 is missing in show chassis hardware detail output after upgrading to Junos OS Release 15.1 and later. This is just a display issue and this has no impact on any functionality. PR1205004
J-UKERN.mpc0 core after filter configuration change on vMX. PR1205325
This issue is identified as software defect and the fix is added in Junos Os Release 16.1R2 and above. PR1205914
When PCEP is enabled and LSPs are undergoing changes, like make before break (MBB) for rerouting, the rpd has to send those updates to PCE. However, when the PCEP session to PCE goes down, these updates are cancelled, but the rpd fails to completely reclaim the memory allocated for these updates. This causes increasing in the rpd memory every time the connection to PCE goes down while LSPs are simultaneously going through MBB changes. This issue will be especially noticeable when connectivity to PCE goes UP and DOWN continuously. If the connection is in steady state either UP or DOWN, then the memory leak will not happen. PR1206324
Multicast traffic is incorrectly forwarded in the multicast vlan for a few seconds for multicast groups disallowed by Universal Call Admission Control policy PR1206598
RLT interface configuration is not supported. PR1207982
VC link "last flapped" timestamp is reset to "Never" on the new backup Routing Engine after MX VC global GRES switchover. PR1208294
The cpcdd daemon might core and restart on the subscriber scenario with CPCD (captive-portal-content-delivery) service configured. PR1208577
On MX Series platform running Tomcat release, if route-suppression is configured for access/access-internal routes as well as destination L2 address suppression is configured for the subscriber, wrong destination MAC would be generated for the subscriber. PR1209430
BGP PIC installs multiple MPLS LSP next hops as Active instead of Standby in Packet Forwarding Engine, this can cause a routing loop. PR1209907
During GRES or unified ISSU, the BFD protocol state of a child ifd may not get replicated on the backup Routing Engine until bfd starts running on the new Active Routing Engine. PR1211015
On MX Series routers, when configuring the dynamic access routes for subscribers based on the Framed-Route RADIUS attribute, the route will be created on the device, however, it will be installed as an access-internal route instead of access route if it has /32 mask length. PR1211281
Inline J-Flow - Sequence number in flow data template is always set to zero on MPC5E and above line card type. PR1211520
On T-series platforms, if interfaces from FPC Type 4 and FPC TYPE 5 are configured together in one VPLS routing instance, incorrect TTL might be seen when packets go through the VPLS domain, for example, packets received via one FPC TYPE 4 might be forwarded to other FPC type 4 with incorrect TTL. The incorrect TTL could cause serious VRRP issue. When VRRP is enabled, after one CE sends the VRRP advertise packets with TTL value 255, other CE might receive the VRRP packet with TTL value 0 and therefor discard these VRRP packets. As a result, the VRRP status in both CE becomes Master/Master. PR1212796
The MS-MPC/MS-MIC service cards might encounter a core when using certain ALGs or the EIM (Endpoint-independent mapping )/EIF (Endpoint independent filtering) feature due to a bad mapping in memory. PR1213161
AE IFL targeted distribution feature now provides 4 level of prioritization. Please refer document attached in PR for more details. PR1214725
Inline J-Flow service will not work after unified ISSU on MPC5E and above type line cards. PR1214842
MX-VC: All VCP interface experiences tail-dropped as result of configuration conflict. It is a good idea to reference documentation and customize the COS associated with VCP interfaces. In this scenario customer has configured a corresponding xe-n/n/n interface with just a description to denote that port is dedicated to VCP. Problem is that the resource calculation is impacted and reports smaller queue-depth maximum values when both network interface xe-n/n/n and vcp-n/n/n are defined. Issue is more likely to occur with dynamic modification add/delete of vcp interfaces with a corresponding network interface xe-n/n/n configured. > show interfaces queue vcp-5/3/0 | match max Maximum : 32768 Maximum : 32768 Maximum : 32768 Maximum : 32768 PR1215108
On Junos OS Release 15.1R3 and later, MX Series platform release, if DHCPv4 or DHCPv6 subscriber is configured and the subscriber joins more than 29 multicast groups, the line card might crash. PR1215729
Incorrect source MAC used for PPPoE after underlying AE is changed. PR1215870
Prior to this fix for Tomcat releases, parameterized family i-net filter with term matching on address with non-contiguous mask will result in CLI syntax error which would fail subscriber login or CoA requests. PR1215909
The JUNOS OSnow supports extending the SSM groups defined in below CLI for dynamic subscribers using the BBE configuration: https://www.juniper.net/documentation/en_US/junos14.2/topics/reference/confi guration-statement/ssm-groups-edit-routing-options.html PR1216515
This issue happens only with RLT configuration and only on Junos OS Release 16.1 and beyond. PR1216991
If RS/RA messages were received through an ICL-enabled(MC-AE) IFL, packet loss would be seen and last for a while. PR1219569
The bbe-smgd core occurred in bbe_autoconf_if_l2_input when DHCP client generates ARP. PR1220193
Continuous error messages are seen. PR1221340
During CoA request there are no changes on schedulers. Requests are received successfully, but no changes from CoS side. PR1222553
Due to a defect related to auto-negotiation in a Packet Forwarding Engine driver, making any configuration change to interface in MIC "3D 20x 1GE(LAN)-E,SFP" might lead to interface flapping. PR1222658
On rare occasions, offlining a MIC-3D-16CHE1-T1-CE MIC can cause a FPC core. This is very unlikely in general and chances of it happening are very low. There is no workaround for this except to upgrade to an image with this fix present. PR1223277
On MX2020 router, when all the SFBs are yanked out, there is no available fabric in system, but FPCs remain online state. There is no problem in offlining these SFB/SFb2s. PR1227342
High Availability (HA) and Resiliency
In PPP environment with access-internal and multiple routing instances, after restart RPD process, the access-internal route might disappear. PR1174171
Infrastructure
The issue is the gstatd process for 64 bit Junos image does not get to the correct path in the code and due to that gstatd process fails to start. PR1074084
From Junos OS Release 15.1 and later, smartd error message of Unigen SSD may be seen. Smartd reads SSD attributes and checks on 197-current-uncorrectable, 198-offline-uncorrectable by default. To Unigen, 198 is not = Offline-Uncorrectable, it is 'Total Count of Read Sectors'. As it is Total-Read, such attribute(198) always carries value and smartd reports it as 'Offline Uncorrectable Error'. PR1187389
Interfaces and Chassis
In a VPLS scenario, the flood NH for the default mesh group might not be programmed properly. A complete black-holing for the VPLS instance would be seen as a consequence. PR1166960
The jpppd might crash with a core dump due to memory heap violation associated with processing MLPPP requests PR1187558
MAC addresses are incorrectly assigned to interfaces by the MX-VC SCC (global) chassisd daemon, leading to duplicate addresses for adjacent FPCs. PR1202022
A CFMD core will be generated upon commit if the following conditions are met: * CFM is configured * On mis-configuration of icc format for MA. (for example, ICC name-format does not start with a character) PR1202464
For the duration of GRES, if an async message for RTTABLE is received at DCD during initialization, it might result in unexpected state changes, the traffic forwarding might be affected. This is a timing issue, it is hard to reproduce. PR1203887
In very rare possibility, mpc can be crashed with coredump will be seen when cli command 'request chassis mic offline fpc-slot <fpc-slot> mic-slot <mic-slot>' is executed due to software bug that sfp diagnostics polling function tries to access already destroyed sfp data structure by mic-offline. With fix, software will check if sfp data is valid before tries. PR1204485
If version-3 configuration statement is not configured, the command of "show vrrp detail|extensive|interface" display VRRP-Version as 2 for inet6 address family. The VRRP IPv6 never supported any VRRP version 2. It was always version 3. This issue is cosmetic but not actual impact on VRRP IPv6 functionality. The VRRP packets generated for i-net6 address family are of VRRP version 3. PR1206212
When configuring "vlan-tags" for any interface, if the interface configuration is changed continually, the dcd process might memory leak. If the memory is exhausted, the dcd process might crash. PR1207233
If the configuration can be scaled to have inner list to have more than 4K vlans, the commit vlan configuration operations might fail. PR1207939
When VRRP is configured on IRB interface with scaling configuration (300k lines), in corner case, handles might not be released appropriately after their use is over. As a result of that, memory leak on vrrpd might be seen after configuration commit. PR1208038
Access-internal route not installed for Dual Stack subscriber terminated in VRF at LNS with on-demand-ip-address PR1214337
During L2TP session establishment on MX LAC, if CPE attempts to negotiate MRU higher than 1492 bytes, spurious MRU of 1492 bytes is included into the Last Received ConfReq AVP in ICCN packet. PR1215062
In ppp subscriber scenario, if the jpppd process receives a reply message attribute from the radius or tacplus server with a character of %, it might cause the jpppd process to crash and cause the ppp user to be offline PR1216169
On Junos OS Release 14.2 and later releases, if asymmetric-hold-time, delegate-processing and preempt hold-time is configured, when neighbor's interface comes up again, "asymmetric-hold-time" feature cannot be used as expected. PR1219757
Layer 2 Features
A new static MAC is configured under AE interface, but the MAC of the LACP PDUs sent out is not changed. PR1204895
In dhcp relay environment, when delay-authentication and proxy mode are configured at same time. Jdhcpd may core due to NULL session ID. PR1219958
During unified ISSU process, if the first unified ISSU is aborted for some reason, an internal timer will not be cleaned up, and the new lacpd will be forked up, this cause the second ISSU in backup Routing Engine to be aborted in daemon prepare phase. It will not proceed further. PR1225523
MPLS
Multiple RLFA backup gateways (one using spring inner label and other using TLDP label) can get programmed if the given node is PQnode to another node in the network that does not use SPRING RLFA backup for its LDP route, resulting in ECMP among backup next hops. Semantically both gateways provide the same protection path and TLDP based gateway is coming in the way of checking sanity of SPRING backup path. PR1176489
With a high degree of aggregation and a large number of next hops for the same route, ldp may spend too much CPU updating routes due to topology changes. This may result in scheduler slip and ldp session timing out. PR1192950
In L3vpn with chained-composite-next-hop scenario, when receiving a TTL expired packet, the device will transmit a ICMP error message in a MPLS header, but the route next-hop for this ICMP error packet is discard, so the one error message will be logged. PR1194446
When ldp is deactivated, there may still be route entries left in the ldp shadow routing table. RPD will core due to stranded route entries in the ldp routing table. PR1196405
If RSVP link-protection optimize-timer is enabled, rpd memory might leak in "TED cross-connect" when a bypass LSP is being optimized. PR1198775
This behavior is 16.1 release specific. When an ingress side link failure and LSP uses bypass path, LSR(DUT) cannot send proper "RSVP RRO" even if egress side topology changes. Please refer the following example. --- example --- 1. This is initial state. LSP of RRO has Link A and B IP address. bypass bypass Link C Link D +--------------------+ +------------------+ | | | | [Ingress LER] [ LSR ] [ Egress LER] | | | | +--------------------+ +------------------+ Link A Link B strict path strict path 2. Link A is down. LSP of RRO has Link B and C IP address because LSR sends out RSVP RESV including proper RRO to Ingress LER. bypass RSVP RESV bypass Link C <-----+ Link D +--------------------+ | +------------------+ | | | | | [Ingress LER] [ LSR ] [ Egress LER] | | | | +--------- X --------+ +------------------+ Link A Link B strict path strict path 3. Link B is down. LSP of RRO has Link B and C IP address because LSR does not send out RSVP RESV including proper RRO to Ingress LER. (wrong) bypass RSVP RESV bypass Link C <-----+ Link D +--------------------+ | +------------------+ | | | | | [Ingress LER] [ LSR ] [ Egress LER] | | | | +--------- X --------+ +-------- X -------+ Link A Link B strict path strict path PR1207862
With two Routing Engines and ldp export policy or l2-smart-policy configured. rpd on the backup Routing Engine may crash when ldp is trying to delete a filtered label binding. PR1211194
In VPLS environment, if delete the routing-instance, in rare condition, the rpd process might crash, the routing protocols are impacted and traffic disruption will be seen due to loss of routing information. This is a timing issue and hard to reproduce. PR1223514
Network Management and Monitoring
In some cases the output of a show version detail command may pause and take over one minute to finish. Note that trying to abort with control-c does not shorten the delay to regain the cli prompt. PR1196129
A trailing newline was erroneously added to the $$.message variable, this had undesirable effects for some use cases when using the 'event-options policy <> then execute-commands commands <>' stanza. The fix escapes any newline chars which mitigates the issue. PR1200820
RLI-24802 introduced in 16.1R1 caused some issues with snmp get-bulk. These changes are reverted from 16.1R2 PR1209561
The reason for this new PR (1227121) is because the fix for PR-1126532 was accidentally reverted while committing code under another PR-1209561. Hence, the external content for this PR is same as: https://gnats.juniper.net/web/default/1126432#external_tab PR1227121
Platform and Infrastructure
show interfaces mac-database mac-address <mac-addr> <intf-name>does not display any mac-specific traffic statistics data on Stout Line cards and also VMX for mac-learning enabled interfces mapped to i-net family. PR1012046
In software versions which contain PR 1136360's code changes on MX-VC systems, when J-Flow is not configured and equal-cost multipath (ECMP) load-balanced routes occur, the linecards may stop forwarding packets after logging any of the below errors prior to possible linecard restart or offline: - PPE Thread Timeout Traps - PPE Sync XTXN Err Trap - Uninitialized EDMEM Read Error. - LUCHIP FATAL ERROR - pio_read_u64() failed (A possible workaround is to configure J-Flow and restart all linecards.) In software versions which do not contain PR 1136360 solution, on MX Series Virtual Chassis (MX-VC) with "virtual-chassis locality-bias" configured, when equal-cost multipath (ECMP) load-balancing is occurring in the VC system, multicast streams and flooded Layer 2 streams may be duplicated or lost. Disabling "virtual-chassis locality-bias" from the configuration will eliminate the problem. PR1104096
Kernel might crash when deactivate or deleting a static route that is configured to point to an unnumbered interface-name as qualified-next-hop. PR1118681
XPATH expressions evaluations for YANG keywords yang leaf-ref/must/when are disabled by default. It means, even though YANG configuration has leaf-ref/must/when expressions, these expressions will not get validated/evaluated. PR1119972
This PR fixes an FD (file descriptor) leak problem in MGD process when netconf traceoptions are set. If <commit> rpc is executed via netconf session, there is an FD leak in the corresponding MGD pid. PR1174696
The issue happens after GRES. If commit on the new master during the config sync from the old master, commit might fail. PR1179324
If igmp snooping is configured in a VPLS routing instance and the VPLS instance has no active physical interfaces, multicast traffic arriving from the core might be send to the Routing Engine. As a result, host queues might get congested and it might cause protocol instability. As a workaround, configure a dummy activate interface in the VPLS routing instance can avoid this issue. PR1183382
A customer has reported that if you mistakenly configure a static flow route at the wrong hierarchy in the configuration of an MX80 or MX104 that a core dump occurs upon commit. This does not happen on other MX Series platforms. PR1187469
When access accept response from radius server contains class attribute, .class file is created. Normally .class file gets deleted in success scenario after the user logs in and reads the attributes. However, in error scenarios where the login fails or login succeeds but fails to read the user attributes, .class file is not deleted. Due to this, .class files will remain in /tmp folder. As multiple .class files are stored in /tmp folder, /tmp folder is running out of inodes. PR1187477
In a very rare scenario, during TAC accounting configuration change, auditd daemon crashes due to a race condition between auditd and its sigalarm handler. PR1191527
On Trio platform with network-services enhanced-ip mode, FPC CPU goes high for several minutes (30mins) when bulk (10K) mac/arp are learnt via lsi interfaces, which caused traffic interrupt. The issue can be seen with various triggers (e.g. mac flush, FPC reboot or link flap etc) . PR1192338
Syslog storage in a file could abruptly stop due a race condition in handling log file rotation. The fix is available from Junos OS Release 16.1R2 and later.PR1195239
When using delta-export , on commit full the configuration on backup Routing Engine will be corrupted. PR1199895
After system boot up or after PSM reset we may see "PSM INP1 circuit Failure" error message. PR1203005
When a Netconf get-route-information RPC is executed for all routes via ssh transport session and the session is terminated before all the route information is retrieved, the MGD process and RPD daemon will cause high CPU utilization for an extended period of time. Example of issues caused by this high CPU utilization for an extended period is as follows: BGP neighbors holddown timer expires and become ACTIVE OSPF adjacencies reset during database exchange OSPF LSA retransmissions events on neighboring nodes due to missing ACKs LDP sessions time out non distributed BFD sessions being reset due to missing keepalives PR1203612
From Junos OS Release 15.1F2/14.2R4, validating configuration fails if commit scripts are used during software upgrade. PR1204881
If inline J-Flow is configured in scaled scenarios, inline J-Flow sampler route database is taking huge time to converge. PR1206061
When "commit confirmed" is used after performing some changes, and an empty commit is performed to confirm the changes, the previous changes related processes will be notified again which is unnecessary. It might cause session/protocol flap. PR1208230
A fusion setup can experience a leak of NH memory when MAC moves result in updated next hops. You must restart the MPC to regain the memory. PR1208514
Workaround : Deactivate and Activate Inline J-Flow sampling instance How to Avoid 1. Don't make any Inline J-Flow specific configuration changes when service is not in steady state 2. configuration changes should be done in two steps. a ) First configure the J-Flow related configuration except the Flow Table size. b) Flow table size should be changed in a separate commit from the rest of the J-Flow configuration. PR1210899
Several files are copied between Routing Engines during 'ffp synchronize' phase of the commit (for example, /var/etc/mobile_aaa_ne.id, /var/etc/mobile_aaa_radius.id, etc). These files are copied even if there was no corresponding change in the configuration thus unnecessarily increasing commit time. PR1210986
If a Unicast or Multicast source sends a fragmented packet (a packet which exceeds the MTU of its outgoing interface) to the router and it needs to resolve the destination route, then only the first fragment of the packet is sent when the route it resolved. PR1212191
On MX Series platforms installed both DPC/E and MX Series based MPC, when DPC/E detects a remote destination error toward a MX Series based MPC Packet Forwarding Engine, unexpected fabric drops happened. PR1214461
On MX2000, MIC output is seen when there is no MIC in MPC under "show chassis hardware detail". Steps to reproduce the issue: 1. offline MPC 2. physically remove MPC 3. physically remove MIC from the MPC 4. reinsert MPC 5. online MPC usr@MX2K> show chassis hardware detail |find fpc FPC 0 REV 68 750-044130 ABDxxx79 MPC6E 3D CPU REV 12 711-045719 ABDxxx35 RMPC PMB MIC 0 REV 14 750-049457 ABCxxx22 2X100GE CFP2 OTN >>>>>>>> No MIC inside MIC 1 REV 26 750-046532 ABCxxx53 24X10GE SFPP >>>>>>>>>>No MIC inside XLM 0 REV 13 711-046638 ABDxxx59 MPC6E XL XLM 1 REV 13 711-046638 ABDxxx87 MPC6E XL PR1216413
This rmopd core was caused by the NULL pointer in SW function. PR1217140
For Junos devices supporting FreeBSD10 and with Junos OS Release 16.1R2, 16.1x60-D30 or 16.1x60-D35, when ephemeral database is in use and "persist-groups-inheritance" configuration statement is configured, daemons (for example, bbe-smgd, l2ald, ccmd, dcd but not limited) might crash after deletion of configuration from either ephemeral database or normal static configuration database. PR1217362
MX Series with MPC/MICs might crash after firewall configuration change is committed. PR1220185
Under certain conditions sync-other-re editing configuration warning might be displayed after reboot: lab@mx> configure exclusive warning: uncommitted changes will be discarded on exit Entering configuration mode Users currently editing the configuration: sync-other-re (pid 9220) on since 2016-10-03 00:16:36 PDT, idle 2d 05:47 sync-other-re (pid 9282) on since 2016-10-03 00:16:40 PDT, idle 2d 05:47 sync-other-re (pid 9333) on since 2016-10-03 00:16:49 PDT, idle 2d 05:47 sync-other-re (pid 9383) on since 2016-10-03 00:16:59 PDT, idle 2d 05:46 sync-other-re (pid 9433) on since 2016-10-03 00:17:07 PDT, idle 2d 05:46 PR1221723
Usage of malformed certificates (such as those missing newline characters) may result in rejection. The symptom would be messages such as: mgd: error: Unable to derive certificate from input. PR1223764
Routing Policy and Firewall Filters
With rib-groups configured for importing routing information to multiple routing tables, unexpected route refresh might happen when committing configuration change, due to a defect in code related to secondary table list handling. PR1201644
From Junos OS Release 15.1, memory leak on policy_object might be observed if the configuration of policies is added and deleted in high frequency. Not all polices make memory leak, and only the container policy referred in policy statement hits this issue: the "from" in policy invokes the terms which is defined in policy-options, for example, community, as-path, prefix-list. This is the configuration example. set policy-options prefix-list pl set policy-options policy-statement from prefix-list pl. PR1202297
BGP Flowspec provides for a BGP Extended Community that served to redirect traffic to a Virtual Routing and Forwarding (VRF) instance that matched the flow specification's Network Layer Reachability Information (NLRI). After the fix of the PR, all Junos platforms can support the following Redirect Extended Communities: +--------+--------------------+-------------------------------------+ | type | extended community | encoding | +--------+--------------------+-------------------------------------+ | 0x8008 | redirect AS-2byte | 2-octet AS, 4-octet Value | | 0x8108 | redirect IPv4 | 4-octet IPv4 Address, 2-octet Value | | 0x8208 | redirect AS-4byte | 4-octet AS, 2-octet Value | +--------+--------------------+-------------------------------------+ Please refer to RFC7674 for more information. PR1219724
Routing Protocols
When BGP speaker has multiple peers configured in a BGP group and when it receives the route from a peer and re-advertises route to another peer within the same group, MIB object "jnxBgpM2PrefixOutPrefixes" to the peers in the same group reports the total number of advertised prefixes in the group. MIB value "jnxBgpM2PrefixOutPrefixes" is defined as per peer basis but it looks as if it is per group basis. As a workaround, we can get the number of advertised prefixes from CLI command show bgp neighbor instead. PR1116382
When a bgp peer has a hold time of zero configured the peer will not reach establishment. PR1138690
If we have post-policy BMP configured & import policy rejects the route making it hidden, we will still periodically send this Unreachable Prefix to the BMP station. May 17 15:45:05.047931 bmp_send_rm_msg called, found post-policy prefix 101.66.66.66/32, peer 10.0.1.1 (External AS 65101), station BMP_STATION_2 May 17 15:45:05.047943 import policy rejected post-policy prefix 101.66.66.66/32, peer 10.0.1.1 (External AS 65101), station BMP_STATION_2 May 17 15:45:05.047986 generating post-policy delete for prefix 101.66.66.66/32, peer 10.0.1.1 (External AS 65101), station BMP_STATION_2 May 17 15:45:05.048001 BMP: type 0 (RM), len 76, ver 3, post-policy, for Peer 10.0.1.1, station BMP_STATION_2 May 17 15:45:05.048018 Peer AS: 65101 Peer BGP Id: 10.0.1.1 Time: 1463492684:0 (May 17 13:44:44) May 17 15:45:05.048027 Update: message type 2 (Update) length 28 May 17 15:45:05.048034 Update: Unreachable prefix data length 5 May 17 15:45:05.048047 Update: 101.66.66.66/32 PR1184344
A route which has an IPv6 nexthop which is resolved recursively over other routes may fail to resolve successfully. This problem could happen because the route resolver may incorrectly use the IPv4 family resolution tree to resolve the nexthop rather than the correct IPv6 resolution tree. As a result, no route covering the IPv6 nexthop address can be located so the route with the IPv6 nexthop remains unresolved and unusable. PR1192591
The VRF related routes which are leaked to the global inet.0 table and advertised by the access routers are not being advertised to global inet.0 table on the core. PR1200883
With nonstop-routing (NSR) enabled, all running protocols include PIM and NG-MVPN will be replicated, if NSR is disabled only under PIM "set protocol pim nonstop-routing disabled", this will remove both PIM and NG-MPVN from replicated list, then adding PIM NSR again by "delete protocol pim nonstop-routing disabled" will not work as expected and PIM will not be added. PR1203943
In a situation which a BGP route is resolved using a secondary OSPF route which is exported from one routing-instance to another routing-instance. If the BGP route is being withdrawn while the OSPF route is deleted, rpd might restart unexpectedly. PR1206640
BGP routes are rejected as cluster ID loop prevention check fails due to a mis-configuration. But when the mis-configuration is removed BGP routes are not refreshed. The fix of this issue will send a soft route refresh dynamically when a cluster ID is deleted. PR1211065
On Juniper devices with BGP flowspec and Graceful-Restart for BGP configured, after the Routing Engine switchover, the firewall filter __flowspec_default_inet__ might be missed, causing BGP flowspec not working correctly. PR1213227
When using 64-bit routing protocol process, if OSPF (either OSPFv2 or OSPFv3) is configured, the device may not handle the LS-Update correctly when receiving the max sequence number (0x7fffffff, which should not happen in normal course) and discarding it without acknowledging it as a newer copy in the database. The issue surfaced because a particular implementation was also setting the LSA-sequence number to max sequence number before flushing out the LSA which was not per RFC. PR1217373
When a route in inet.3 has a conditional context associated with it (usually when conditional policy (policy with condition statement) applied on BGP), the rpd process might crash when IS-IS flooding LSP. PR1220533
Services Applications
Issue happens in specific corner cases and Acceptable workaround is available. If we bring down the complete subscriber and bring it back up again. Family bring up will work. PR1190939
When configuring Network Address Translation (NAT) service, the service route is still available in route table even after disabling service interface. Any types of service interfaces (except ams- interface) that supports NAT might be affected. PR1203147
On MX Series with L2TP configured, for some reason the L2TP packet in ICRQ retransmission message is set to incorrect value, and this causes frequent L2TP session flaps. PR1206542
On MX Series routers with subscriber management feature enabled used as a LAC (L2TP Access Concentrator), a small amount of memory leak is leaked by jl2tpd process on the backup Routing Engine when subscriber sessions are logged out. PR1208111
Subscriber Access Management
In DHCP relay scenario, DHCP relay binding might get stuck in "RELEASE(RELAY_STATE_WAIT_AUTH_REQ_RELEASE" state due to the LOGOUT Request is not processed correctly by authentication manager process (authd) if there were multiple attempts to activate Lawful Intercept (LI) for this DHCP subscriber using RADIUS change of authorization (CoA) packets in quick succession. PR1179199
If aborting "test aaa ppp" command with Ctrl-C, due to a software defect, when subscriber logout, the system does not wait for logout response, subscriber is immediately removed. Because of this, dfwd daemon is not able to clear filters in time and results in stale entries. The stale info might affect subscriber login and logout. PR1180352
If radius Primary-WINS(Juniper-ERX-VSA) is set as 0.0.0.0, subscribers is rejected by Authd and does not negotiate further. PR1209789
Commit error: "Radius-Flow-Tap LSRI" " is in use by subscriber, cannot be removed from the configuration" might be seen after two consecutive GRES switchovers if a subscriber with lawful intercept mirroring enabled was logged in before the switchovers. PR1210943
User Interface and Configuration
If executing rpc get command without newline character at end of <rpc>, then it will cause script execution break for timeout of rpc-reply. PR1146379
Configuration database is locked by "root" user when trying to commit vpls circuit configurations in "configure exclusive" mode. PR1208390
If user enters configuration mode with configure exclusive command, after configuration is automatic rollback due to commit unconfirmed, user still can make configuration changes with replace pattern command, the subsequent commit fails with error: access has been revoked. After exit configuration mode, user fails to enter configuration mode using "configure exclusive" with error: configuration database modified. PR1210942
When persist-groups-inheritance is configured and you issue a rollback, it will be seen that the configuration is not propagated properly after a commit. PR1214743
VPNs
With MVPN and NSR enabled, high CPU on backup Routing Engine might be seen. MVPN on backup Routing Engine is re-queuing c-mcast events for flows as it is unable to find phantom routes from master routing-engine. However as routes is not reaching from master Routing Engine, so backup Routing Engine keeps trying causing high CPU triggered by rpd processing. PR1200867