Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

The current software release is Release 10.1R2. For information about obtaining the software packages, see Upgrade and Downgrade Instructions for JUNOS Release 10.1 for M Series, MX Series, and T Series Routers.

Current Software Release

Outstanding Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

Class of Service

On MX Series routers with Enhanced DPCs, bandwidth sharing between two schedulers, one with high and the other with strict-high priority, might not be as expected when the schedulers are oversubscribed. That is, only one queue can use all of the excess bandwidth. This issue occurs when the schedulers are configured on logical interfaces. [PR/265603]
If a logical interface is configured or added to an interface set for which an existing traffic control profile is applied, any rate-limit functionality will not be applied to the new logical interface. To resolve this problem, deactivate and activate the interface portion of the class-of-service configuration. [PR/485872]
On an Ichip-based platform for strict high priority queue (SHQ), the buffer size allocated by the Packet Forwarding Engine is capped by the tx-rate. If the tx-rate is configured to a very small value or is not configured, and is automatically allotted a zero or a very small remaining value; the queue is also allotted a proportionately small delay buffer. This can sometimes lead to Red and Tail drops on the SHQ when there is a burst of traffic (with a certain traffic pattern) on it. As a workaround, configure a nominal tx-rate value (5 percent) for the SHQ. [PR/509513]
On M Series and T Series routers, the forwarding class information is lost when the packet enters the GRE tunnel with clear-dont-fragment-bit enabled. Additionally, on an Enhanced FPC or M120 FEB, the packet is also likely to be dropped if it is classified to a packet loss priority (PLP) other than low. [PR/514162]

Forwarding and Sampling

Policers cannot be modified after a system upgrade due to a flaw in the parser routine. This error occurs when the current item is deleted and the parser cannot proceed to the next item. With the fix, the routine in the forwarding process (dwfd) has been modified so that the next item in the object tree is fetched before the current object is parsed. [PR/433418]
Under rare circumstances, if the filter is changed while a counter query is in progress and the system is under heavy load, the system may crash. [PR/447033]
The numerical values configured for the ip-options match criteria on a firewall filter matches any ip-options no matter what is specified. [PR/516778]

High Availability

A problem occurs during graceful Routing Engine switchover (GRES) when a static route pointing to a private interface such as fxp0 is created using the passive retain option. It is recommended to not use the passive option along with the static route on the private interface. [PR/412746]
The SSH keys are not in sync between the master and backup Routing Engine when SSH is enabled after a graceful Routing Engine switchover (GRES). [PR/455062]
When an ISSU upgrade is performed to or from JUNOS Releases 9.6R3 or 10.0R2, the logical interface and logical interface sets that have traffic control profiles configured on them will be affected. [PR/491834]

Interfaces and Chassis

On a 2-port OC12 ATM2 IQ interface, the total virtual path (VP) downtime might not display correctly in the show interfaces command output. [PR/27128]
If you configure IS-IS, MPLS, and graceful Routing Engine switchover (GRES) and a switchover event occurs, the routing platform might end the PPP IP Control Protocol (IPCP) sessions and renegotiate them if the remote side has changed interface MTU settings prior to the switchover event. [PR/61121]
For Automatic Protection Switching (APS) on SONET/SDH interfaces, there are no operational mode commands that display the presence of APS mode mismatches. An APS mode mismatch occurs when one side is configured to use bidirectional mode, and the other side is configured to use unidirectional mode. [PR/65800]
The output of the show interfaces diagnostics optics command includes the "Laser rx power low alarm" field even if the transceiver is a type (such as XENPAK) that does not support this alarm. [PR/103444]
On the M120 router, hot swapping the fan tray might cause the Check CB alarm to activate. [PR/268735]
On the JCS1200 platform, when you issue the clear -config -T switch[1] command using the management module, the switch module returns to its factory default setting instead of the Juniper Networks default setting. As a workaround, do not issue the command. [PR/274399]
On the Juniper Control System (JCS) platform, the control and management traffic for all Routing Engines shares the same physical link on the same switch module. In rare cases, the physical link might become oversubscribed, causing the management connection to Protected System Domains (PSDs) to be dropped. [PR/293126]
On a Protected System Domain (PSD) configured with a large number of BGP peers and routes (for example, 5000 peers and 1,000,000 routes), FPCs might restart during a graceful Routing Engine switchover (GRES). [PR/295464]
When two routers are connected via SONET/SDH interfaces that are configured as container interfaces and the Routing Engine on one router reboots, the container interfaces on the other router might go down and come up again. [PR/302757]
When forwarding-options is configured without route-accounting, commit goes through with the message, "Could not retrieve the route-accounting." However, no functionality is affected. [PR/312933]
While using an AE-20 on a TX matrix router, the AE link might not respond after the chassis control is restarted. As a workaround, deactivate and activate the AE interface. [PR/458926]
The bridge-domain MAC learn limit on the Packet Forwarding Engine can sometimes become negative if the bridge domain is deleted and added immediately as part of a configuration change. If that happens, the MAC learning on that bridge domain can be affected. As a workaround, deactivate and activate the bridge domain or VPLS routing instance configuration. [PR/467549]
Due to a larger number of components on the Neo board, it takes more time to boot up than a comparable MX Series boards. [PR/468665]
When lockout is configured and the router is rebooted, the working router is stuck in the wait-to-restore state while the protect router still shows channel state working and no requests, but no longer shows the lockout flag. [PR/474482]
On restart with a large-scale configuration (16K IFLs per MPC), the MPC-3D-16XGE-SFPP card may take up to 15 minutes to come up. [PR/478548]
If a firewall show command is followed by the clear command in a very quick succession, there is a possibility that the show command will time out. If the show command is issued after a few seconds (5 seconds ideally), this issue will not be seen. [PR/479497]
With JUNOS Releases 10.0 and 10.1, Trio DPCs do not support more than 31 remote PEs in a VPLS instance. Also, they do not support more than 31 AE bridging logical interfaces in a bridge domain. [PR/488139]
When services PICs (SP) are bundled using Redundancy Services PIC (RSP) interface hot-standby and if the RSP interface is configured to run on hot-standby mode and if multiple graceful Routing Engine switchovers (GRES) are executed, then the Routing Engine running as the backup might crash producing a core file. [PR/492127]
When link trace entries are added in the path database, there is no check to determine if the current number of entries have reached the path database size. Because of this, the entries may grow to be greater than the path database size (configured or default). [PR/494584]
Under certain circumstances a backup Routing Engine reboot followed by a Routing Engine failover can cause the LACP to flap, which causes AE bundles to flap. [PR/502937]
If a T640-FPC4-ES is installed in a T1600 router and an SIB statistics collection is performed, the message log might report "JBUS: U32 read error, client .." only if one of the SIBs is faulted or in the offline state. This system log message will also appear if the T640-FPC4-ES FPC is removed from the chassis. There is no operational impact. [PR/504363]
On MX Series routers with JUNOS Release 10.0R2 or higher, the backup Routing Engine might report the following warning message upon commit once network service is configured under the chassis stanza: "WARNING: network services flag has been changed, please reboot system." [PR/505690]
When trigger hold timer UP/DOWN values for a defect condition is configured or changed from the CLI, the up or down timer for the defect is started, based on the current defect condition in the hardware. If the timer value is large enough and the defect condition is changed in the hardware when the timer is still running, a new defect will be reflected in the alarms only after the timer has expired. [PR/509890]
When the 1x10GE XENPAK PIC is brought online, related error messages are seen in the logs but without any functional impact. [PR/512094]
The output of the show chassis hardware command may not display the SIB details when the SIB is inserted in the slot. [PR/515789]
On some XENPAK modules, the output of the show chassis hardware command shows the message "NON-JNPR UNKNOWN" when the FPC is booted. There is no impact on the traffic. To solve this issue, take the PIC offline and bring it back online. [PR/516411]
On an M120, M7i or M10i router with Enhanced CFEB running JUNOS Release 10.0 and a VRF routing instance configured with vrf-table-label, the VPN traffic might not flow when an ATM II IQ PIC is used for a core-facing link. [PR/516485]
On IQ2 and IQ2E 10GE PICs operating in WAN-PHY mode, the path trace information does not get transmitted to the remote end. [PR/518331]

Layer 2 Ethernet Services

DHCP packets may not be processed on an auto-sensed VLAN interface if the DHCP configuration for the interface is performed after the auto-sensed VLAN interface is instantiated. As a workaround, clear the auto-sensed VLAN interface(s) after the DHCP configuration is made for the interface(s). [PR/417958]
The bpdu-block-on-edge configuration may not work properly when the interface is configured as 'edge' under the [edit protocols vstp vlan vlan-id interface interface-name] hierarchy level. [PR/522198]

MPLS Applications

The rt column in the output of the show mpls lsp command and the active route counter in the output of the show mpls lsp extensive command are incorrect when the per-packet load balancing is configured. [PR/22376]
For point-to-multipoint label-switched paths configured for VPLS, the ping mpls command reports a 100 percent packet loss even though the VPLS connection is active. [PR/287990]
A targeted LDP neighbor may remain up with an old IP address that was previously in use with the loopback address on the remote neighbor. This may happen when either of the following is performed on the remote neighbor:
- A secondary loopback (lower than the current primary) address is added and no primary keyword is associated with either of these addresses.
- A second loopback address is added with the primary keyword.
This results in the targeted LDP neighbor being up with both IP addresses. The neighbor with the old address may continue to remain up even after the old loopback address is deleted on the remote neighbor. This neighborship with the old address eventually times out when the router-id is changed to reflect the new loopback address on the remote neighbor. [PR/518102]

Platform and Infrastructure

On T Series routers, a Layer 2 maximum transmission unit (MTU) check is not supported for MPLS packets exiting the routing platform. [PR/46238]
When you configure a source class usage (SCU) name with an integer (for example, 100) and use this source class as a firewall filter match condition, the class identifier might be misinterpreted as an integer, which might cause the filter to disregard the match. [PR/50247]
If you configure 11 or more logical interfaces in a single VPLS instance, VPLS statistics might not be reported correctly. [PR/65496]
When a large number of kernel system log messages are generated, the log information might become garbled and the severity level could change. This behavior has no operational impact. [PR/71427]
In the situation where a Link Services (LS) interface to a CE router appears in the VPN routing and forwarding table (VRF table) and a fragmentation is required, Internet Control Message Protocol (ICMP) cannot be forwarded out of the LS interface from a remote PE router that is in the VRF table. As a workaround, include the vrf-table-label statement at the [edit routing-instances routing-instance-name] hierarchy level. [PR/75361]
Traceroute does not work when ICMP tunneling is configured. [PR/94310]
If you ping a nonexistent IPv6 address that belongs to the same subnet as an existing point-to-point link, the packet loops between the two point-to-point interfaces until the time-to-live expires. [PR/94954]
On T Series and M320 routers, multicast traffic with the "do not fragment" bit is being dropped due to configuring a low MTU value. The router might stop forwarding all traffic transiting this interface if the clear pim join command is executed. [PR/95272]
A firewall filter that matches the forwarding class of incoming packets (that is, includes the forwarding-class statement at the [edit firewall filter filter-name term term-name from] hierarchy level) might incorrectly discard traffic destined for the Routing Engine. Transit traffic is handled correctly. [PR/97722]
The JUNOS Software does not support dynamic ARP resolution on Ethernet interfaces that are designated for port mirroring. This causes the Packet Forwarding Engine to drop mirrored packets. As a workaround, configure the next-hop address as a static ARP entry by including the arp ip-address statement at the [edit interfaces interface-name] hierarchy level. [PR/237107]
When you perform an in-service software upgrade (ISSU) on a routing platform with an FPC3 or an Enhanced FPC3 with 256 MB of memory and the number of routes in the routing table exceeds 750,000, route loss might occur. If route loss occurs, as a workaround, perform either of the following tasks:
- Replace the FPC3 or Enhanced FPC3 with another FPC that has more memory, or
- After the ISSU is complete, reboot only the FPC3 or Enhanced FPC3.
[PR/282146]
For Routing Engines rated at 850 MHz (which appear as RE-850 in the output of the show chassis hardware command), messages like the following might be written to the system log when you insert a PC Card: “bad Vcc request” and “Device does not support APM.” Despite the messages, operations that involve the PC card work properly. [PR/293301]
On a Protected System Domain, an FPC might generate a core file and stop operating under the following conditions:
- A firewall policer with a large number of counters (for example, 20,000) is applied to a shared uplink interface, and
- The FPC that houses the interface does not have a sufficiently powerful CPU.
As a workaround, reduce the number of counters or install a more powerful FPC. [PR/311906]
When a CFEB failover occurs on an M10i or M7i router that has had 4000 or more IFLs, the following message appears:
```
IFRT: 'IFD ioctl' (opcode 10) failed
ifd 153; does not exist
IFRT: 'IFD Ether autonegotiation config' (opcode 163) failed
```
The message has no operational impact. When the backup CFEB becomes the active CFEB, the message will not display. [PR/400774]
On M7i routers, kernel panic may occur during route changes. [PR/439420]
In some cases, the alarms displayed in FPM and the alarms shown using the show chassis alarms sfc 0 command mismatch. [PR/445895]
The SFC management interface em0 is often displayed as fxp0 in several warning messages. [PR/454074]
The VPN label does not get pushed on the label stack for Routing Engine–generated traffic with l3vpn-composite-next-hop activated. As a workaround, configure per-packet load balancing to push the VPN/tunnel labels correctly. [PR/472707]
An invalid IP protocol version is served as a valid version. The JUNOS router forwards IP packets with version field set to values other than 4 and 6, for example, 11 or any (unassigned). [PR/481071]
The tty sessions to a router can cause a null pointer de-reference. [PR/502816]
The TTL for a GRE-encapsulated IPv6 packet malfunctions as the TTL on the wire is one less than the CLI-configured tunnel TTL. [PR/506454]
The VPN PIM neighborship over the mt- interfaces may not recover after a graceful Routing Engine switchover. [PR/511366]
Setting the TCP maximum segment size (MSS) may not change the actual MSS value. [PR/514196]
On M120 and MX Series routers, when an AE interface (with LACP enabled) is used as a core-facing interface for L3VPN, non-MPLS traffic received on the AE interface can sometimes get black-holed. To recover from this state, deactivate and activate the AE interface in the configuration. [PR/514278]
When IGMP snooping is enabled, a multicast traffic drop might occur if an IGMP join or leave occurs on other interfaces. [PR/515420]
On some M, MX, and T Series routers, when a firewall filter is applied on the egress of an aggregate interface, packet loss may occur after adding, removing, or changing the service configuration on the egress side of the aggregate interface. As a workaround, deactivate and activate the output firewall filter on the aggregate interface. [PR/517992]

Routing Policy and Firewall Filters

If a routing protocol running an MSDP receives an SA that is filtered via the MSDP import policy, it will still create a forwarding entry if it subsequently receives a (*,G) join for that group. [PR/63053]
The following features are not supported in a 12-16x10G DPC:
- Known unicast and unknown unicast types in the input match condition 'Traffic-type' in a family bridge/VPLS
- The following match conditions do not work:
  - learn-vlan-1p-priority
  - learn-vlan-1p-priority-except
  - learn-vlan-id
  - learn-vlan-id-except
  - user-vlan-1p-priority
  - user-vlan-1p-priority-except
  - user-vlan-id
  - user-vlan-id-except
- VPLS flood FTF and input FTF
- Simple filters
- Filter action 'then ipsec-sa'
- Filter action 'then next-hop-group'
- Mac-filter output accounting and output policing
[PR/466990]
On some M, MX, and T Series routers, when a family CCC filter is applied on multiple interfaces that belong to different L2VPN routing instances, packet loss may occur after the routing instances are deactivated and activated. As a workaround, deactivate and activate the CCC filter on the interfaces. [PR/521357]

Routing Protocols

When you configure damping globally and use the import policy to prevent damping for specific routes, and a new route is received from a peer with the local interface address as the next hop, the route is added to the routing table with default damping parameters, even though the import policy has a non-default setting. As a result, damping settings do not change appropriately when the route attributes change. [PR/51975]
When you issue the show ldp traffic-statistics command, the following system log message might be generated for all forwarding equivalence classes (FECs) with an ingress counter set to zero: "send rnhstats GET: error: ENOENT — Item not found." [PR/67647]
If ICMP tunneling is enabled on the router and you configure a new logical system that does not have ICMP tunneling enabled, the feature is globally disabled. [PR/81884]
The keepalive timeout counter for multicast sessions may not display after you deactivate and activate the pim protocol. This is a cosmetic issue and there is no interruption to the multicast traffic flow. [PR/419509]
Setting the advertise-high-metric option while using IS-IS overload also suppresses route leaking. [PR/419624]
The backup Routing Engine may generate routing protocol process and kernel cores if the BGP damping is configured along with nonstop active routing (NSR). [PR/452217]
On JUNOS OSPF, all locally generated Type 5 LSAs are purged and regenerated while deleting an NSSA area from the area border router (ABR). [PR/457579]
When aggregate interfaces are used for VPN applications, load balancing may not occur with a Layer 2 circuit configuration. [PR/471935]
During transient periods where both a secondary and primary LSP exist in a routing table, and the number of LSP NHs is greater than 16 in a multigateway scenario, IS-IS may remove the preferred LSP NH. For example, IS-IS could remove an HIPRI LSP. [PR/485748]
The Juniper Networks rendezvous point (RP) does not process PIM Register messages from a first-hop router in an IPv6 embedded RP group when the Register message does not have the null-bit set. [PR/486902]
When l3vpn-composite-next-hop is configured, it should only be used by L3VPN routes. However, non-L3VPN routes are also able to use it. [PR/496028]
The BGP BMP message for IPv6 withdraw encoding does not follow the BMP-draft. [PR/512780]
When an interface comes up after a down event, and LDP-IGP sync is configured for that interface, OSPF does not include the interface in its LFA calculations while the interface is in LDP Sync hold-down state. [PR/515482]
The output of the show igmp snooping interface command does not display "-snooping," erroneously stating that IGMP itself is not running instead of IGMP-snooping not running. [PR/516355]
The configured robust count value is not applied on the non-querier router when it receives a robust count value of 0. It uses the default value (2) instead of the configured value. [PR/520252]
The new NSR master may not send the OSPF hello messages immediately after a switchover. [PR/522036]

Services Applications

The show services accounting flow-detail extensive command sometimes displays incorrect information about input and output interfaces. [PR/40446]
When a routing platform is configured for graceful Routing Engine switchover (GRES) and Adaptive Services (AS) PIC redundancy, and a switchover to the backup Routing Engine occurs, the redundant services interface (rsp-) always activates the primary services interface (sp-), even if the secondary interface was active before the switchover. [PR/59070]
When the Border Signaling Gateway (BSG) configuration contains a policy that has a term with regular expressions, configuration changes might not take effect immediately after the commit process is complete. In most cases, the new policy takes effect immediately. However, complex policies may take longer to take effect depending on how many regular expressions they contain.
For example, if you have a term with four regular expressions, configuration changes do not take effect until 50 seconds after you receive the message that the commit process is complete. This behavior occurs whether you have a list or regular expressions (for example, regular-expression [sip:88824.* sip:88821.* sip:88822.sip:88823.*]), or you group regular expressions using the | symbol (for example, "sip:88821.*|sip:88822.*|sip:88823.*|sip:88824.*").
The time taken for the software to apply the configuration changes increases exponentially with the number of regular expressions in your configuration. [PR/448474]
Under some failure scenarios, a switchover of the active BSG from a master to a backup MS-PIC/MS-DPC may take more than two seconds. [PR/467837]
A performance-related issue may occur when the IDP plug-in is enabled. The connection per second for HTTP (64 bytes) with AACL, AI, and IDP (with Recommended Attacks group) plug-ins has been downgraded to 7.6K through 7.9K per second. [PR/476162]
When a standard application is specified under the [edit security idp idp-policy policy-name rulebase-ips rule rule-name match application] hierarchy level, the IDP does not detect the attack on the non-standard port (for example, junos:ftp on port 85). [PR/477748]
In the export version of the JUNOS Software, the signature download does not work for AppID and IDP features in the Dynamic Application Awareness (DAA) suite. In order to resolve this, install the Crypto software suite. [PR/499395]
When a backup gateway is configured in any term under an IPsec stanza, for any subsequent terms where this backup gateway is now configured as the primary, IPsec tunnel establishment will fail. [PR/510608]
The IPv6 gateway may have a NULL value when the destination address points to an aggregated next hop. [PR/516058]

Subscriber Access Management

The revert-interval value configured in the [edit access profile] hierarchy level is ignored. [PR/454040]
The RADIUS accounting stop messages do not include the Acct-Terminate-Cause attribute (type 49). [PR/458034]
For a dynamic PPPoE interface in which the subscriber is assigned to a non-default routing-instance (via the LSRI-Name or redirect-LSRI-Name RADIUS VSAs), the IP address assigned to the subscriber must be specified via the framed-ip-address RADIUS attribute. An IP address can not be allocated from a local pool defined in the assigned routing-instance, either when RADIUS returns no address attributes or when the RADIUS framed-pool attribute is returned. [PR/471677]

User Interface and Configuration

Deletion of configuration groups cannot be prevented with the allow-configuration and deny-configuration statements. [PR/59187]
On M20 routers, after a Routing Engine mastership switchover, it might not be possible to enter CLI configuration mode on the new master Routing Engine. Also, the request system reboot and request system halt commands do not clearly fail but do not return the CLI prompt either. [PR/64899]
The JUNOScript perl module for NETCONF does not support configuration-text. [PR/82004]
"Local Password:" is prompted even though the authentication order has the password configured. [PR/94671]
The logical system administrator can modify and delete master administrator-only configurations by performing local operations such as issuing the load override, load replace, and load update commands. [PR/238991]
The “replace:” tag is missing from the output of the save terminal command from inside a configuration object.
Example:
```
edit system
save terminal
system {
    host-name blue;
}
```
[PR/269736]
The user can still commit an invalid configuration successfully, even when DDL checks exist. [PR/282896]
A user class configuration with a deny command ".*" returns a .noop error when the Return key is pressed on the router’s CLI. As a workaround, replace "^$" with "^.noop-command$" in allow regex, i.e., allow-commands "(show interfaces)|(show route)|(exit)|(^.noop-command$)";. [PR/311426]
Users who have superuser privileges will sometimes have their access restricted to view permission only when they log in through TACACS. [PR/388053]
On M Series, MX Series, and T Series routers, the user cannot differentiate between active and inactive configurations for system identity, management access, user management, and date and time pages. [PR/433353]
Selecting the monitor port for any port in the Chassis Viewer page displays the common Port Monitoring page instead of the corresponding Monitoring page of the selected port. [PR/446890]
J-Web does not display the USB option under Maintain>Reboot>Reboot from the media. [PR/464774]
On MX Series routers, J-Web does not display the USB related information under Monitor>SystemView>System Information>Storage. [PR/465147]
If the time zone is set to “Europe/Berlin,” the command commit at "time-string" will fail. [PR/483273]
Using the new-line character \n within op script argument descriptions will cause the help output to be displayed incorrectly and could result in extra output being displayed when the op script runs. [PR/485253]
In the J-Web interface, the options Access Concentrator, Idle Timeout, and Service Name for PPPoE logical interfaces are not supported on MX Series routers. [PR/493451]
On J-Web, the error message: “Fatal error: Allowed memory size..." displays when the Interfaces tab is selected. This message also displays when the Interfaces tab under Class-of-Service is selected. [PR/495825]
The group inherited configuration under the interface-range hierarchy level does not take effect. [PR/522872]

VPNs

When you modify the frame-relay-tcc statement at the [edit interfaces interface-name unit logical-unit-number] hierarchy level of a Layer 2 VPN, the connection for the second logical interface might not come up. As a workaround, restart the chassis process (chassisd) or reboot the router. [PR/32763]
When you configure inter-AS VPLS with MAC processing at the autonomous system (AS) boundary router along with multihoming, and if a designated forwarding AS boundary router fails and then comes back up again, traffic flowing to the local AS from the other AS’s boundary router might be lost. The loss occurs in the time period (tenths of a second) during which the old designated forwarding AS boundary router is taking back the role of designated forwarder. [PR/312730]
On a router configured for nonstop active routing (NSR) (the nonstop-routing statement is included at the [edit routing-options] hierarchy level), if a nonstop active routing switchover occurs after the configuration for routing instances changes in certain ways, the BGP sessions between PE and CE routers might not be established after the switchover. [PR/399275]
On MX Series, M120, and new EIII FPCs on M320 routers, the ISO/Connectionless Network Service (CLNS) packets over the translational cross-connect (TCC) are dropped in the case of Frame Relay, even though the family TCC has been configured to switch family iso on the Frame Relay interface. [PR/462052]
In vlan-tagging, stacked-vlan-tagging, and flexible-vlan-tagging modes, untagged packets or mismatching Tag Protocol ID (TPID) packets may be dropped. These dropped packets are not accounted for and are not visible in the CLI. This issue is specific to the 10-port 10-Gigabit Oversubscribed Ethernet (OSE) PICs. [PR/496190]
While upgrading JUNOS Software with l2circuit configuration underthe logical systems, the validation might fail with an "interface version mismatch" error. You can ignore this error and upgrade the JUNOS Software using the no-validate option. [PR/497190]

Resolved Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

Class of Service

The following operations may result in large incorrect queue statistics on IQ2 interfaces:
- When the IQ2 PIC is restarted, or the interface is deactivated and reactivated, while traffic is on and the configuration defines a high priority queue on the interface.
- When the high priority queue number is changed under the class-of-service configuration while traffic is on.
[PR/489049: This issue has been resolved.]
The type-of-service (ToS) bits get truncated for IPv6 packets on a service PIC. [PR/510193: This issue has been resolved.]

Forwarding and Sampling

While the JUNOS Software adopts random as its sampling algorithm, the SAMPLING_ALGORITHM in the jflowv9 template shows 0x01 (deterministic) instead of 0x02 (random). [PR/438621: This issue has been resolved.]
A JUNOS Software compiler bug in the match combination optimization could cause an incorrect firewall filter evaluation. [PR/493356: This issue has been resolved.]
When the MS PIC used for an RLSQ interface resides on an E3 FPC (M320), traffic might stop flowing across the RLSQ interface after the policer on the interface is deactivated. [PR/498069: This issue has been resolved.]
When a Layer 2 policer is configured under a logical interface having multiple families configured under it, and the policer is changed to another, the newly configured policer might not take effect unless the policer configuration is deactivated and reactivated. [PR/501726]
When a filter group is configured on an interface residing on an ES FPC, the rpf-check configured on that interface will not function correctly. As a workaround, deactivate the configured filter group. [PR/503609: This issue has been resolved.]
On configuring a three-color-policer, a dfwc core file is generated. [PR/509742: This issue has been resolved.]

Interfaces and Chassis

The following messages are displayed on both the primary and secondary RLSQ MS 500 PICs: “SCHED: %PFE-0: Thread 7 ran for x ms without yielding," "Scheduler Oinker." [PR/286357: This issue has been resolved.]
CFMD might crash when the following are configured and commited at once on a VPLS setup:
- Encapsulation VLAN-VPLS on a physical and logical interface
- Family VPLS on a logical unit
- Interface is added in the VPLS routing instance
As a workaround, add the above configurations one at a time and commit. [PR/440108: This issue has been resolved.]
If virtual tunnel PICs and ingress traffic manager is enabled on the same Packet Forwarding Engine/PIC on an EQ DPC, then the SNMP walk of the interface may time out. [PR/458565: This issue has been resolved.]
In some cases during the periodic error status monitoring, error messages such as “Wi seg ucode discards in fabric stream” may be displayed on adjacent streams. These messages are cosmetic and can be ignored. [PR/481344: This issue has been resolved.]
When loopback is configured on t3 under ct3, t1 under ct1, or e1 under ce1, no error syslog message is logged. Additionally, the show interface extensive command on the t3/t1/e1 displays "loopback" even though it is not actually applied. [PR/486424: This issue has been resolved.]
The DPC remains in the ready state and the demux0 interface remains in a down state after a chassisd restart without graceful Routing Engine switchover (GRES) enabled. [PR/492961: This issue has been resolved.]
The AE logical interface flaps when the PIC that has the active link-protection member link is taken offline. [PR/493492: This issue has been resolved.]
The No Redundant Config alarm that occurs in JUNOS Release 10.0 and above after a PEM is shut down is invalid and is a non-impacting alarm message. [PR/498089: This issue has been resolved.]
The one port OC12-3 PIC cannot support eight queues when the no-concatenate option is configured. [PR/499452: This issue has been resolved.]
On a 4–port ChOC3/STM1 and 12–port T1/E1 circuit emulation PICs, the ATM logical interface packets counter does not increment if the PIC is configured in the ATM IMA mode. [PR/500153: This issue has been resolved.]
When t1-options are configured at the [edit interfaces ct1-x/y/z] hierarchy level, some ct1 interfaces of a 10xCHT1 IQ PIC might flap when the configuration changes are committed. As a workaround, remove the t1-options. [PR/500820: This issue has been resolved.]
Polling ifInOctets on Gigabit Ethernet IQ PIC VLANs might momentarily return a higher value. [PR/500852: This issue has been resolved.]
On 40x1 Gigabit Ethernet PICs, very short fragments of fragmented TCP, UDP, and ICMP packets may be incorrectly dropped with the diagnostic L4 length too short. [501526: This issue has been resolved.]
The configured TTL set for GRE traffic is set properly for locally generated Routing Engine packets, but is not set properly for transit packets. There is no workaround. [PR/502087: This issue has been resolved.]
During a link UP/DOWN transition, jsscd may crash as a result of a NULL message dereferencing by jsscd. [PR/502745: This issue has been resolved.]
In JUNOS Release 10.1, if the Neo MPCs power up while the A-DPCs are offline, and if ISSU is performed, the MPCs will crash. [PR/502837: This issue has been resolved.]
When an ATM AIS cell is received from the virtual channel under vlan-vci-ccc encapsulation, the logical interface will be incorrectly marked down. There is no workaround. [PR/503653: This issue has been resolved.]
When the show lacp interface aex command is used for a nonexistent AE interface, no error is returned. [PR/503806: This issue has been resolved.]
The yellow marking for the three-color-policers is incorrect. Even after the excess burst buffer is full, the yellow counters continue to increment at the same rate as the green buffers. [PR/504192: This issue has been resolved.]
As a result of an incorrect configuration for the DDR memory controller, errors might be reported when a Trio-based MPC or MX80 boots. There is no workaround. [PR/505490: This issue has been resolved.]
Under certain circumstances, the E3 IQ PIC might report bogus CCV, CES, and CSES alarms. [PR/505921: This issue has been resolved.]
The JUNOS Software may accept duplicate data-link connection identifiers (DLCIs) configured on the same physical interface. [PR/506908: This issue has been resolved.]
When native-vlan-id is configured for aggregated interface with the child links on an IQ2 PIC, the LACP are dropped and the links go down. [PR/507040: This issue has been resolved.]
The show interfaces diagnostics optics interface command does not display the unit of measurement when the received power is in a very low range (power < 5e-10). It shows the value of 0.00 without any unit of measurement. [PR/507653: This issue has been resolved.]
On MX Series routers, the chassisd crashes when the SCB is taken offline and removed. [PR/510950: This issue has been resolved.]
On M7i and M10i routers, the syncer process writes to the file /var/rundb/chassisd.dynamic.db every 30 seconds. [PR/511901: This issue has been resolved.]
Under certain circumstances, the chassisd process might crash on a backup Routing Engine while a configuration is commited. [PR/512044: This issue has been resolved.]
Due to a flaw in implementation, the execution of the show interfaces mac-database command causes the IQ2 PIC to reboot with the core. [PR/513407: This issue has been resolved.]
The local protocol MTU on an interface with PPP encapsulation might become higher than the configured media MTU after the PPP negotiation when the remote end has a higher media MTU configured. [PR/514079: This issue has been resolved.]
The monitor traffic interface (tcpdump) does not produce an outbound output with matching option when used with the encapsulation flexibile-ethernet-services. [PR/514247: This issue has been resolved.]

Layer 2 Ethernet Services

The DHCPv6 clients do not bind when routing-options access-internal is configured. [PR/495358: This issue has been resolved.]
On MX960 routers, i2c messages related to the fan such as the following are displayed:
Jan 26 13:32:22 rocky-re0 /kernel: PCF8584(WR): target ack failure on byte 0 Jan 26 13:32:22 rocky-re0 /kernel: PCF8584(WR): (i2c_s1=0x08, group=0xe, device=0x54)
This is a cosmetic issue and has no impact on the router. [PR/500824: This issue has been resolved.]
The SIP domain names encoded in the DHCPv6 attributes do not conform to RFC 3319. [PR/512073: This issue has been resolved.]
The JUNOS Software drops SOLICIT messages, including the rapid commit option, instead of ignoring that option and processing the remainder of the message. [PR/512092: This issue has been resolved.]

MPLS Applications

When an RSVP LSP is configured with the no-install-to-address option and is not associated with CCC connection flaps, the routing protocol process will crash when the LSP comes up again. To avoid the problem, make sure that the LSP is either a transmit LSP for a CCC connection or that the install option is also configured on the LSP. [PR/471339: This issue has been resolved.]
A rare condition between the MVPN and RSVP P2MP signaling leads to the creation of stale flood next hops. [PR/491586: This issue has been resolved.]
An incorrectly changed LDP session authentication key causes the LDP session to fail, which results in the LDP/IGP syncronization feature not working. The IGP continues to advertise the link at normal metric values. [PR/499226: This issue has been resolved.]
In cases where the secondary Routing Engines contain no label-switched paths in the up state due to the lack of NSR support, such label-switched paths might not come up even after a switchover. [PR/501969: This issue has been resolved.]
LDP might not handle certain error conditions gracefully when NSR is enabled. This might cause the LDP replication state to be stuck in the "In Progress" state forever. [PR/505043: This issue has been resolved.]
The name of the bypass label-switched path supports only 32 characters instead of 64. [PR/515244: This issue has been resolved.]

Network Management

Under certain SNMP conditions, the following log message is displayed:
M10i-RE0 pfed: PFED_NOTIF_GLOBAL_STAT_UNKNOWN: Unknown global notification stat: transit options/ttl-exceeded (re-injected)M10i-RE0 pfed: PFED_NOTIF_STAT_UNKNOWN: Unknown notification type stat: Unknown
This log message might also be displayed during the installation of AI Scripts (version 2.1R2 or above) on the router. AI Scripts versions prior to 2.1R2 do not cause these messages. This is a cosmetic message, and does not have any impact. [PR/427590: This issue has been resolved.]
Under certain conditions, the SNMPD crashes due to a BAD_PAGE_FAULT. [PR/496351: This issue has been resolved.]

Platform and Infrastructure

When certain FPCs (T1600-FPC4-ES, T640-FPC4-1P-ES, T640-FPC1-ES, T640-FPC2-ES, and T640-FPC3-ES) receive corrupted cells via high-speed links, they might unnecessarily reboot and report the following system log error message: "Unrecoverable Error: Flist gtop bit toggled !." No reset is needed to recover from this condition. [PR/441844: This issue has been resolved.]
The configured static NDP entry is cleared automatically after a certain interval. [PR/453710: This issue has been resolved.]
When the flow monitoring version 9 feature is enabled on an MS PIC (or service PIC that supports flow monitoring version 9), the MS PIC might crash upon receiving certain corrupted IPv6 packets. [PR/458361: This issue has been resolved.]
When an aggregated SONET with a Cisco High-Level Data Link Control (HDLC) encapsulation is configured, a member link might not be marked as link-down in the Packet Forwarding Engine if the remote end of the link is disabled. [PR/472677: This issue has been resolved.]
The output of the show arp command does not display the entire demux interface identifier, making it impossible to determine which specific demux sub-interface a given ARP entry is associated with. [PR/482008: This issue has been resolved.]
A problem occurs on an M120 router with an FEB redundancy configuration when the backup FEB is protecting a non-primary FEB. In this case, the Routing Engine will prompt the incorrect Packet Forwarding Engine for status, causing delays in the SNMP responses. [PR/490172: This issue has been resolved.]
If you configure an IP address with a larger subnet, for example, /19, on a different interface first, the router begins to negotiate for the ARP of a specific host on that interface and gets stuck in a hold state. If you later configure a more specific subnet of /29 on another interface from where the host can be reached, the forwarding table will still prefer the route with the hold entry via /19 instead of the route with the ucst entry via /29. [PR/491468: This issue has been resolved.]
The syslog usually logs data only when the per-fabric-stream counter increases. However, the syslog starts logging even though the counter value was not increasing. [PR/493384: This issue has been resolved.]
The Source Class Usage (SCU) statistics counter value may drop occasionally when it is used with the accounting profile. [PR/493662: This issue has been resolved.]
The AE VLAN session classifier instantiation in a dynamic profile fails as the L2 classifier fails to install in the Packet Forwarding Engine. [PR/494488: This issue has been resolved.]
In certain cases, a configuration change can cause the backup Routing Engine to reboot. [PR/497290: This issue has been resolved.]
When a next-hop chain has multiple types of next-hop dependencies, including indirect next-hop, aggregate next-hop, and multiple unicast next-hops, during an aggregate link flap (down/up), a certain sequence of events from the kernel is expected by the Packet Forwarding Engine for the next-hop change and delete updates. However, during a quick link flap (down/up), in an extreme corner case, the Packet Forwarding Engine does not receive the expected sequence, and the FPC will crash. [PR/499315: This issue has been resolved.]
On IQ2 PICs, when copy-plp is enabled under class of service, the DCU provides the wrong statistics. [PR/499378: This issue has been resolved.]
The MAC address of a configured static NDP entry is overwritten upon receiving NA from a connected device. [PR/499418: This issue has been resolved.]
The static NDP entry remains permanent if the refcount is more than 1, even after deleting the static configuration. [PR/499441: This issue has been resolved.]
The L2RW does not report an error when the required L2_pgm length is longer than what the hardware can support. [PR/501318: This issue has been resolved.]
On an ichip platform, when the downstream multicast member link flaps, the Packet Forwarding Engine rarely has a chance to fail multicast next-hop handling. This can cause multicast traffic drops. [PR/501852: This issue has been resolved.]
On an MX Series router configured for PPP subscriber access, subscribers will experience slow login times as the number of subscriber sessions increases. [PR/502756: This issue has been resolved.]
RED drops occur in the SMQCHIP when the 10x10GE OSE and 4x10GE PICs are swapped multiple times. [PR/506174: This issue has been resolved.]
On a TX Matrix Plus router, if one of the two external RJ45 links between a TXP-CIP and an LCC Control Board is broken, the router does not generate an alarm. [PR/508219: This issue has been resolved.]
On tcpdump or when the monitor traffic interface command is used for an lo0 interface with the IP address having its last octet is greater than or equal to 224 (x.x.x.224 or higher), following message is received: "inet class for 0xe1e11955 unknown." [PR/511911: This issue has been resolved.]

Routing Protocols

If a static route points to a discard configuration, a failure might occur when the router attempts to collect the multicast statistic data. [PR/434298: This issue has been resolved.]
Deleting a logical system causes the routing protocol process to be stuck in an infinite loop. [PR/439000: This issue has been resolved.]
The routing protocol process dumps core due to a soft assertion failed: "rt_notbest_sanity: Path selection failure" in rt_table.c. As a workaround, use the bgp path-selection external-router-id statement or the bgp path-selection always-compare-med statement. [PR/451021: This issue has been resolved.]
When a PIC with a PIM-enabled interface is brought online, the router may send the first PIM hello slightly before the interface comes up. This causes the router to drop the first PIM hello message towards its neighbor. [PR/482903: This issue has been resolved.]
After a graceful Routing Engine switchover (GRES) event with NSR enabled and a scaled L3VPN eBGP test, some BGP sessions fail due to an expired hold down timer if the hold-down timer is lower than the default 30 seconds. To avoid this issue, set the hold-down timer to the default value of 30 seconds. [PR/501796: This issue has been resolved.]
In an NSR configuration, the backup Routing Engine can lose the connection to the active Routing Engine during a configuration commit. The problem occurs more often when the configuration includes a large number of routing instances. This is caused by the routing protocol process on the backup Routing Engine leaking file descriptors during commit synchronization. To recover, restart the routing protocol process on the backup Routing Engine. [PR/506883: This issue has been resolved.]
When the routing-instances routing-instances-name routing-options multipath vpn-unequal-cost equal-external-internal statement is configured, some VPN routes learned from different route reflectors can be shown as multipath. [PR/507236: This issue has been resolved.]
The routing protocol process might crash if the router receives a flow route with a rate-limit bandwidth less than 1000 bps. [PR/508715: This issue has been resolved.]
When more than 200 IGMP/MLD source-specific multicast groups (232.0.0.0/8) are configured statically on an interface, and when an unrelated configuration is committed, some groups are removed and added immediately after. This causes packet drops on those groups. [PR/509013: This issue has been resolved.]
Nonstop routing (NSR) does not work correctly if an automatic route distinguisher is used with a L2VPN routing-instance. [PR/513949: This issue has been resolved.]
In route reflector and ASBR VPN scenarios, the routing protocol process might crash as changes occur to a prefix in the primary table at the same time as BGP tries to send out updates via the secondary table. [PR/515626: This issue has been resolved.]

Services Applications

If the Juniper-Firewall-Attribute attribute in a RADIUS server configuration file names a policer that sets a bandwidth limit for Layer 2 Tunneling Protocol (L2TP) sessions but not an exclude-bandwidth limit, the bandwidth limit might not be set correctly. [PR/254503: This issue has been resolved.]
On M Series routers (M120 and M320) with many service sets configured with IDP policies, kernel messages are seen in the messages file once traffic passes through these service sets. These messages stop when the traffic is stopped. [PR/462580: This issue has been resolved.]
A static route pointing to a destination is incorrectly added for a source NAT when a next-hop type service set is used. [PR/476165: This issue has been resolved.]
Flow monitoring records are not generated as fragmented IPv6 packets are not getting sampled. [PR/478571: This issue has been resolved.]
MSDPC might crash while running a combination of SIP and other ALGs due to a possible double freeing of memory. [PR/491218: This issue has been resolved.]
The SIP ALG on the services PIC might cause NAT port leaks in some call scenarios. [PR/491220: This issue has been resolved.]
The l2tp on an M7i LNS crashes following an upgrade from JUNOS Release 9.3R1 to 9.6R2. [PR/498423: This issue has been resolved.]
When using a NAT DCE RPC ALG on a services PIC, the PIC might crash while processing the binding request. [PR/510997: This issue has been resolved.]
Route changes might not be updated in the PIC meta-db in cases where the route messages that the PIC receives signify a change in the next-hop index. [PR/512229]

User Interface and Configuration

The wildcard apply groups do not work properly in JUNOS Release 9.1 and above. [PR/425355: This issue has been resolved.]
If a user in the Backup Routing Engine on a config-private mode activates graceful Routing Engine switchover (GRES) and performs a commit synchronize, a synchronization error might occur during the switchover. [PR/486637: This issue has been resolved.]
Commit fails when the commit scripts are used and the configuration contains a policy which uses an apply-group with a then action of 'then community + export.' [PR/501876: This issue has been resolved.]
The load replace command does not consider the allow-configuration configuration. [PR/501992: This issue has been resolved.]
In configure private mode, activating and deactivating two consecutive nested objects can cause a syntax error during commit. [PR/506677: This issue has been resolved.]
On M10i, M120, M320, and MX Series routers with dual Routing Engines running JUNOS Release 9.4 or later, the dfwd process running on the backup Routing Engine might access the /var/pdb/rdm.taf file every 30 seconds, causing excessive writes to the hard disk drive. This problem does not occur when GRES is enabled. [PR/506691: This issue has been resolved.]

VPNs

When different prefixes are advertised to the same source by different PE routers, an egress PE router is prevented from picking the lower prefix route for RPF when the PR advertising the higher prefix loses its route to the source. [PR/493835: This issue has been resolved.]
When multipath is enabled in a routing instance with NG MVPN, the traffic might get dropped on the receiver PE. [PR/508090: This issue has been resolved.]

Previous Releases

Release 10.1R1

The following issues have been resolved since JUNOS Release 10.0R3. The identifier following the description is the tracking number in our bug database.

Class of Service

On the Qchip, the shaping accuracy is affected by the configured logical interface shaping rate. [PR/79319: This issue has been resolved.]
The DHCP traffic may stop being processed for some subscribers under heavy login and logout conditions when the 802.1 classifiers are in use. [PR/470513: This issue has been resolved.]
On a shared scheduler configuration with CoS configured, the rate-limit feature may stop functioning on changing the scheduler transmit rate. [PR/483536: This issue has been resolved.]
The following operations may result in large incorrect queue statistics on IQ2 interfaces:
- When the IQ2 PIC is restarted, or the interface is deactivated and reactivated, while traffic is on and the configuration defines a high priority queue on the interface.
- When the high priority queue number is changed under the class-of-service configuration while traffic is on.
[PR/489049: This issue has been resolved.]
On M Series (except M120 and M320) routers, packet classification will not work on aggregated Ethernet bundles that have LACP enabled. [PR/492057: This issue has been resolved.]
The class-of-service process crashes on commit if a scheduler-map definition does not have any forwarding-class statement. [PR/499755: This issue has been resolved.]

Forwarding and Sampling

The output firewall filter counter does not work when the firewall is configured for discard next hop. [PR/404645: This issue has been resolved.]
Policers cannot be modified after a system upgrade due to a flaw in the parser routine. This error occurs when the current item is deleted and the parser cannot proceed to the next item. With the fix, the routine in the forwarding process (dwfd) has been modified so that the next item in the object tree is fetched before the current object is parsed. [PR/433418: This issue has been resolved.]
Under certain conditions for prefix optimization, the firewall compiler may discard a prefix configured for accept. This issue depends on the set of prefixes configured to match across the various terms. [PR/486633: This issue has been resolved.]
When the MS PIC used for an RLSQ interface resides on an E3 FPC (M320), traffic might stop flowing across the RLSQ interface after the policer on the interface is deactivated. [PR/498069: This issue has been resolved.]
When a filter group is configured on an interface residing on an ES FPC, the rpf-check configured on that interface will not function correctly. As a workaround, deactivate the configured filter group. [PR/503609: This issue has been resolved.]
After configuring a three-color-policer, a dfwc core file is generated. [PR/509742: This issue has been resolved.]

High Availability

On an ISSU upgrade from JUNOS Release 9.3 to any of the current higher releases, the ATM logical interfaces will flap. [PR/491511: This issue has been resolved.]

Interfaces and Chassis

When the ATM scheduler map is programmed, the code does not check if the early packet discard (EPD) configured on the forwarding class exceeds the max_epd that the hardware supports. [PR/70336: This issue has been resolved.]
The following messages are displayed on both the primary and secondary RLSQ MS 500 PICs: “SCHED: %PFE-0: Thread 7 ran for x ms without yielding", "Scheduler Oinker." [PR/286357: This issue has been resolved.]
On M Series and MX Series routers, the ifHCInOctets retrieved by SNMP may report an incorrect value. [PR/420985: This issue has been resolved.]
The show interfaces diagnostics optics command displays wrong diagnostic information for the SumitomoElectric SFP with vendor part number SCP6F44-J3-ANE. [PR/463837: This issue has been resolved.]
For AnnexB, the force command may not work as expected when loss of signal is present. This is because the previous command did not complete for both the protect and the working circuit, and priority comparison does not consider the signal fail condition. [PR/465906: This issue has been resolved.]
Both the working and protect circuit are stuck in the “disabled” state when the TX cable is unplugged and the RX cable is plugged for protect circuit after an Automatic Protection Switching (APS) switchover. [PR/466649: This issue has been resolved.]
On an M320 router, the 4x STM-1 1x STM-4 SFP PIC (PB-4OC3-1OC12-SON-SFP) currently supports only two ports (0 and 2) when configured for eight queues per port on an E3 FPC. [PR/475008: This issue has been resolved.]
SFPs are absent in the output of the show chassis hardware command following TOXIC SFP messages. [PR/480828: This issue has been resolved.]
When a DPC restarts, a large amount of route (about 700,000 simple IPv4 routes) remains in the forwarding table learned through another DPC. The sync process between the Routing Engine and the Packet Forwarding Engine will take too long, and the Routing Engine will restart the FPC. This repeats endlessly.
To restore the service and get the DPC out of the boot loop, restart the chassis process or the routing process. [PR/481164: This issue has been resolved.]
In some cases during the periodic error status monitoring, error messages such as “Wi seg ucode discards in fabric stream” might be displayed on adjacent streams. These messages are cosmetic and can be ignored. [PR/481344: This issue has been resolved.]
Under certain conditions, when aggregate interfaces are used and the member links are located on more that one FPC, multicast traffic will not use one or more of the aggregate child links. This can happen after an FPC reboot.
If the aggregate member links are located on the same FPC, this problem is not triggered. To recover from this condition, deactivate and activate the aggregate interface. [PR/484007: This issue has been resolved.]
The logical unit of a Gigabit Ethernet interface may show less than 1000 Mbps of bandwidth even if there is no speed configuration under the physical interface. As a workaround, manually set the bandwidth on the logical interface. [PR/485840: This issue has been resolved.]
When loopback is configured on t3 under ct3, t1 under ct1, or e1 under ce1, no error syslog message is logged. Additionally, the show interface extensive command on the t3/t1/e1 displays "loopback" even though it is not actually applied. [PR/486424: This issue has been resolved.]
On an M20 router with an LS PIC, the backup Routing Engine kernel may core at rnh_index_alloc. [PR/486646: This issue has been resolved.]
Traffic may be sent out on a child link of an aggregated Ethernet (AE) bundle even when it is not in the Collecting-Distributing Link Aggregation Control Protocol (LACP) state if and only if the following conditions are met:
- The remote end configured one link to be primary and another to be backup.
- On the System Under Test (SUT), a unit of the AE bundle is disabled, then enabled.
As a workaround, deactivate and activate the child link that is not in the Collecting-Distributing LACP state. [PR/487786: This issue has been resolved.]
With GRES configured, a container interface (CI) configuration can trigger a kernel core on the backup Routing Engine. [PR/488679: This issue has been resolved.]
Container interfaces with ATM children with OAM may not initiate sending of OAM cells after Automatic Protection Switching (APS) switchovers. [PR/489250: This issue has been resolved.]
Commit fails with IEEE 802.1p config when applied to container interfaces. [PR/489400: This issue has been resolved.]
Kernel panic may occur if the child ATM interfaces are removed or disabled under container. [PR/490196: This issue has been resolved.]
The system may not learn all MACs in the hardware within a second across the fabric when trying to learn all new MACs at a 10–Gigabit line rate. A small fraction will be learned via the software path, in the order of hundreds of seconds. However, all MACs are learned eventually. [PR/489705: This issue has been resolved.]
When filter-based forwarding is applied to the output interface and the egress Packet Forwarding Engine (PFE) is different from the ingress PFE, the traffic gets regular discards. [PR/490214: This issue has been resolved.]
During graceful Routing Engine switchover (GRES), if the peer's discovery state is passive, the LFM state machine should be kickstarted even if the kernel state is SEND_ANY, otherwise the peer will be stuck in PASSIVE_WAIT state. As a workaround, configure both sides in the link-discovery mode as “active.” [PR/490886: This issue has been resolved.]
On the IEEE 802.1ag CFM, when the loss threshold is configured to 256, it displays a '0.' [PR/491422: This issue has been resolved.]
Whenever the system gets busy, the master Routing Engine might relinquish mastership and take the line cards offline soon after. [PR/491583: This issue has been resolved.]
The CI logical interface state may go out of sync when OAM is configured and the logical interface flaps due to OAM. [PR/491866: This issue has been resolved.]
The chassis cell relay mode might not be set properly for CI interfaces. [PR/492197: This issue has been resolved.]
The DPC remains in the ready state and the demux0 interface remains in a down state after a chassisd restart without graceful Routing Engine switchover enabled. [PR/492961: This issue has been resolved.]
When an SCB with an active plane is powered down, an HSL link error occurs on unrelated SCBs. [PR/493151: This issue has been resolved.]
The CLI does not respond when Control+c is entered at the "more” separator. [PR/493881: This issue has been resolved.]
The system may generate a core file when the DPC is removed before it is taken offline. [PR/494625: This issue has been resolved.]
An outer virtual LAN tag is not added in a provider edge-customer edge link when VPLS traffic arrives with an MPLS value of 2, 3, 4, or 5. However, VPLS traffic with a value of 0, 1, 6, or 7 does not have this issue. [PR/495555: This issue has been resolved.]
When ilmid uses a large amount of memory, the following error message displays: “/kernel: Process (1702,ilmid) has exceeded 85% of RLIMIT_DATA: used 129084 KB Max 131072 KB.” [PR/495645: This issue has been resolved.]
The one-port OC12-3 PIC cannot support eight queues when the no-concatenate option is configured. [PR/499452: This issue has been resolved.]
When an F4 OAM is enabled for a VPI and the encaps for a unit are changed using that VPI and VCI to ATM-CCC cell rrelay, followed by the deletion of the logical interface, the VPI list might be corrupted . Any subsequent change can cause the system to crash. [PR/499479: This issue has been resolved.]
On a 4–port ChOC3/STM1 and 12–port T1/E1 circuit emulation PICs, the ATM logical interface packets counter does not increment if the PIC is configured in the ATM IMA mode. [PR/500153: This issue has been resolved.]
When t1-options are configured at the [edit interfaces ct1-x/y/z] hierarchy level, some ct1 interfaces of a 10xCHT1 IQ PIC might flap when the configuration changes are committed. As a workaround, remove the t1-options. [PR/500820: This issue has been resolved.]
Polling ifInOctets on Gigabit Ethernet IQ PIC VLANs might momentarily return a higher value. [PR/500852: This issue has been resolved.]
On 40x1 Gigabit Ethernet PICs, very short fragments of fragmented TCP, UDP, and ICMP packets may be incorrectly dropped with the diagnostic L4 length too short. [501526: This issue has been resolved.]
The configured TTL set for GRE traffic is set properly for locally generated Routing Engine packets, but is not set properly for transit packets. [PR/502087: This issue has been resolved.]
In JUNOS Release 10.0, if the MX-MPCs power up while the A-DPCs are offline, and if ISSU is performed, the MPCs will crash. [PR/502837: This issue has been resolved.]
When an ATM AIS cell is received from the virtual channel under vlan-vci-ccc encapsulation, the logical interface will be incorrectly marked down. There is no workaround. [PR/503653: This issue has been resolved.]
The yellow marking for the three-color-policers is incorrect. Even after the excess burst buffer is full, the yellow counters continue to increment at the same rate as the green buffers. [PR/504192: This issue has been resolved.]
Under certain circumstances, the E3 IQ PIC might report bogus CCV, CES, and CSES alarms. [PR/505921: This issue has been resolved.]
The show interfaces diagnostics optics interface command does not display the unit of measurement when the received power is in a very low range (power < 5e-10). It shows the value of 0.00 without any unit of measurement. [PR/507653: This issue has been resolved.]
On MX Series routers, the chassisd crashes when the SCB is taken offline and removed. [PR/510950: This issue has been resolved.]
On M7i and M10i routers, the syncer process writes to the file /var/rundb/chassisd.dynamic.db every 30 seconds. [PR/511901: This issue has been resolved.]
Under certain circumstances, the chassisd process might crash on a backup Routing Engine while a configuration is commited. [PR/512044: This issue has been resolved.]

Layer 2 Ethernet Services

On an MX Series router, the DHCP ACK messages are dropped when a client Rebind request is processed by a different DHCP server. This issue may occur in an environment where the provider has multiple DHCP servers for redundancy purposes. [PR/487138: This issue has been resolved.]
The family ISO MTU configured explicitly under the IRB interface logical unit will decrement by three if you change the interface MTU on the interface that belongs to the same bridge domain. [PR/493209: This issue has been resolved.]
In JUNOS Release 10.0, the MX 960 router displays the following i2c messages related to the fan:
rocky-re0 /kernel: PCF8584(WR): target ack failure on byte 0rocky-re0 /kernel: PCF8584(WR): (i2c_s1=0x08, group=0xe, device=0x54)
This is a cosmetic issue and has no impact on the router. [PR/500824: This issue has been resolved.]

Network Management

Under certain SNMP conditions, the following log message is displayed:
M10i-RE0 pfed: PFED_NOTIF_GLOBAL_STAT_UNKNOWN: Unknown global notification stat: transit options/ttl-exceeded (re-injected)M10i-RE0 pfed: PFED_NOTIF_STAT_UNKNOWN: Unknown notification type stat: Unknown
This log message might also be displayed during the installation of AI Scripts (version 2.1R2 or above) on the router. AI Scripts versions prior to 2.1R2 do not cause these messages. This is a cosmetic message, and does not have any impact. [PR/427590: This issue has been resolved.]
When monitor traffic matching x is used on RLSQ bundles, no outbound packets are displayed. [PR/468959: This issue has been resolved.]
The SNMP MIB walk on jnxFWCounterDisplayName may miss certain policer counters of firewall filters applied with respect to logical interfaces (subinterfaces). [PR/485477: This issue has been resolved.]
Under certain conditions, the SNMPD crashes due to a BAD_PAGE_FAULT. [PR/496351: This issue has been resolved.]

MPLS Applications

No point-to-multipoint LSPs are reported when the show mpls lsp p2mp command is issued. As a workaround, execute the show mpls lsp command before you execute the show mpls lsp p2mp command. [PR/266343: This issue has been resolved.]
Constrained Shortest Path First (CSPF) fails to calculate a P2MP LSP reroute path merging upon a user configuration change. [PR/454692: This issue has been resolved.]
When an RSVP LSP is configured with the no-install-to-address option and is not associated with CCC connection flaps, the routing protocol process will crash when the LSP comes up again. To avoid the problem, make sure that the LSP is either a transmit LSP for a CCC connection or that the install option is also configured on the LSP. [PR/471339: This issue has been resolved.]
A traffic engineered label-switched path that is down might not get re-signaled. [PR/478375: This issue has been resolved.]
While performing an MPLS LDP traceroute in a tunneled MPLS LDP environment, all hops except the second hop show 127.0.0.1 as the router hop. [PR/486999: This issue has been resolved.]
The NGEN-MVPN multicast traffic might be dropped at the ingress router if a point-to-multipoint LSP reoptimization is performed. [PR/491533: This issue has been resolved.]
A rare condition between the MVPN and RSVP P2MP signaling leads to the creation of stale flood next hops. [PR/491586: This issue has been resolved.]
Under some circumstances where LDP is enabled, a memory leak might occur where the routing protocol process does not free up memory. [PR/493885: This issue has been resolved.]
An incorrectly changed LDP session authentication key causes the LDP session to fail, and the LDP/IGP syncronization feature stops working. The IGP continues to advertise the link at normal metric values. [PR/499226: This issue has been resolved.]
LDP might not handle certain error conditions gracefully when NSR is enabled. This might cause the LDP replication state to be stuck in the "In Progress" state forever. [PR/505043: This issue has been resolved.]
The show route table mpls.0 label-switched-path lspname command may cause the routing protocol process to core if no route is found. [PR/507239: This issue has been resolved.]

Platform and Infrastructure

The output of the show route forwarding-table family vpls multicast command may display an unexpected output such as “rtinfo” with the multicast knob because this knob is supported only with inet and inet6 families and is not supported for the ISO, NTP, MPLS, UNIX, and VPLS families. The output of this command will be fixed in JUNOS 10.1R1 to display the message: “Multicasting is not supported by UNIX, ISO, NTP, MPLS, and VPLS protocols.” [PR/235712: This issue has been resolved.]
When certain FPCs (T1600-FPC4-ES, T640-FPC4-1P-ES, T640-FPC1-ES, T640-FPC2-ES, and T640-FPC3-ES) receive corrupted cells via high-speed links, they might unnecessarily reboot and report the following system log error message: "Unrecoverable Error: Flist gtop bit toggled !." No reset is needed to recover from this condition. [PR/441844: This issue has been resolved.]
When the strict-high priority queue is overloaded, the high priority queue may starve, resulting in the loss of high priority traffic. [PR/455152: This issue has been resolved.]
When the flow monitoring version 9 feature is enabled on an MS PIC (or service PIC which supports flow monitoring version 9), the MS PIC may crash upon receiving certain corrupted IPv6 packets. [PR/458361: This issue has been resolved.]
Reading the list of boot devices from the BIOS may fail once in hundreds or thousands of times due to an improper locking mechanism. [PR/461320: This issue has been resolved.]
After upgrading from JUNOS Release 9.3 to Release 9.5, the timestamps in the log files show the UTC time instead of the local time corresponding to the specified time zone. [PR/469175: This issue has been resolved.]
On T640 and TX Series routers which have outgoing interface on a GFPC , the interface might report LSIF errors or cell mismatched errors after it receives an IPv6 packet with an invalid payload. The interface still accepts traffic, but discards all outgoing packets. To recover, reboot the FPC on T640 and TX Series routers. But if the IPv6 packets of the invalid payload are still transmitted, the problem will occur again. [PR/470219: This issue has been resolved.]
When an aggregated SONET with a Cisco High-Level Data Link Control (HDLC) encapsulation is configured, a member link may not be marked as linkdown in the Packet Forwarding Engine if the remote end of the link is disabled. [PR/472677: This issue has been resolved.]
The output of the show arp command does not show the entire demux interface identifier, making it difficult to determine with which specific demux subinterface a given ARP entry is associated. [PR/482008: This issue has been resolved.]
If a duplicate IPv6 address is configured, every ICMP6 packet received (icmp request, icmp neighbor solicitation, or icmp neighbor advertisement) will trigger an mbuf leak. Such a duplicate address configuration might not get noticed at the VRRP backup router which is not used for data forwarding. Correcting the configuration and deactivating or activating the interface will stop the mbuf leak. [PR/482202: This issue has been resolved.]
The fxp0 packet counter statistics are inconsistent between the physical interface and the logical interface as the statistics are updated twice. [PR/486200: This issue has been resolved.]
Jtree corruption may be observed when the DCU is configured on ES-FPCs. [PR/486782: This issue has been resolved.]
A problem occurs on an M120 router with an FEB redundancy configuration when the backup FEB is protecting a non-primary FEB. In this case, the Routing Engine will prompt the incorrect Packet Forwarding Engine for status, causing delays in the SNMP responses. [PR/490172: This issue has been resolved.]
An issue occurs when one or more multicast routes (i.e., one or more <S,G> s) have received joins over an AE interface represented by two (or more) AE legs on separate Packet Forwarding Engines. In a Packet Forwarding Engine ASIC forwarding, the next hop shared by these multicast routes contains a list representing the two (or more) Packet Forwarding Engines. When this next hop list is no longer referenced by any active multicast route, it is not correctly freed and remains stranded in the Packet Forwarding Engine ASIC memory. This issue does not occur when the AE legs are all on the same Packet Forwarding Engine. [PR/494246: This issue has been resolved.]
Due to excessive logging at the FPC, the E3 FPC Type 3 core dumps multiple times. [PR/494534: This issue has been resolved.]
In certain cases, a configuration change can cause the backup Routing Engine to reboot. [PR/497290: This issue has been resolved.]
On T Series routers with ES-FPCs, removing or adding flow-tap filters may trigger an FPC reboot. However, the other FPC types in the same system are not affected. [PR/499233: This issue has been resolved.]
When a next-hop chain has multiple types of next-hop dependencies, including indirect next-hop, aggregate next-hop, and multiple unicast next-hops, during an aggregate link flap (down/up), a certain sequence of events from the kernel is expected by the Packet Forwarding Engine for the next-hop change and delete updates. However, during a quick link flap (down/up), in an extreme corner case, the Packet Forwarding Engine does not receive the expected sequence, and the FPC will crash. [PR/499315: This issue has been resolved.]
On IQ2 PICs, when copy-plp is enabled under class of service, the DCU provides the wrong statistics. [PR/499378: This issue has been resolved.]
The L2RW does not report an error when the required L2_pgm length is longer than what the hardware can support. [PR/501318: This issue has been resolved.]
On an ichip platform, when the downstream multicast member link flaps, the Packet Forwarding Engine rarely has a chance to fail multicast next-hop handling. This can cause multicast traffic drops. [PR/501852: This issue has been resolved.]
On a TX Matrix Plus router, if one of the two external RJ–45 links between a TXP-CIP and an LCC Control Board is broken, the router does not generate an alarm. [PR/508219: This issue has been resolved.]
On M120 and MX Series routers when AE interface (with LACP enabled) is used as a core facing interface for L3VPN, the non-mpls traffic received on the AE interface can sometimes get black holed. To recover from this state, deactivate and activate the AE interface in configuration. [PR/514278: This issue has been resolved.]

Routing Protocols

If a static route is pointing to a discard configuration, a failure might occur when the router attempts to collect the multicast statistic data. [PR/434298: This issue has been resolved.]
Deleting a logical system causes the routing protocol process to be stuck in an infinite loop. [PR/439000: This issue has been resolved.]
The routing protocol process periodically dumps core due to a failed soft assertion: "rt_notbest_sanity: Path selection failure" in rt_table.c. [PR/451021: This issue has been resolved.]
If the routing protocol process (rpd) experiences a restart, it may not receive the first PIM hello packet from a PIM neighbor after the restart. This may delay the establishment of PIM neighbors, and therefore multicast traffic convergence, for up to twice the PIM hello interval. [PR/452751: This issue has been resolved.]
When the last CE interface in a VPLS instance goes down, pseudowires in the VPLS instance are also removed. However, multicast snooping process does not remove the logical interface indices corresponding to these pseudowires from the OIF list of the default bd, mg, vlan routes. This leaves the multicast snooping routes in an inconsistent state.
When a CE interface comes up again, new pseudowire comes up and OIF list for the default bd, mg, vlan route is updated by the multicast snooping process. The kernel finds a stale iflindex for the old pseudowire in the OIF list and rejects the next-hop add. This problem persists until the multicast snooping process is restarted. [PR/467347: This issue has been resolved.]
If a router modifies the next-hop protocol to self (for example, using an export policy with next-hop-self) on a peer group containing "internal" peers, and nonstop routing is configured on the router, the routing protocol process may send duplicate updates to the peers in this peer group during a Routing Engine switchover. [PR/468505: This issue has been resolved.]
When running PIM and a link flap occurs, the routing protocol process might crash. [PR/480422: This issue has been resolved.]
When a PIC with a PIM-enabled interface is brought online, the router might send the first PIM hello slightly before the interface comes up. This causes the router to drop the first PIM hello message to its neighbor. [PR/482903: This issue has been resolved.]
Whenever a graceful Routing Engine switchover (GRES) is performed, the BMP header for the consequent updates may become corrupted until the BMP session is deactivated and activated. [PR/486068: This issue has been resolved.]
The output of the show igmp interfaces command might display the configured IGMP query-interval value incorrectly in the output. [PR/488146: This issue has been resolved.]
In some conditions where the next-hop information must be merged for a new configuration, some next-hop information does not merge correctly, causing the routing protocol process to crash. [PR/489220: This issue has been resolved.]
The routing protocol process may core frequently because of malformed BGP updates generated by the JUNOS Software. This might be because of the total length and the path attribute length. [PR/489891: This issue has been resolved.]
When multicast RPF routes are configured, the show route rib-groups command causes the routing protocol process (RPD) to go into an infinite loop. [PR/490390: This issue has been resolved.]
The MPLS LSPs are not advertised as links into the non-backbone OSPF areas, even though they are configured to be advertised. [PR/491692: This issue has been resolved.]
The PIM running in the main instance might stop working if the PIM is configured in a no-forwarding routing instance. [PR/492017: This issue has been resolved.]
If there are enough routing instances with PIM configured, and there is enough IGMP/MLD join state present and a configuration change is made, a routing protocol process scheduler slip might occur. [PR/493062: This issue has been resolved.]
On an unnumbered Ethernet interface in P2P mode, OSPF does not skip validation of the network mask received in the hello packets. This could result in a failure to bring up an adjacency on such interfaces while interoperating with other vendors. As a workaround, convert the interface to a regular numbered interface on both sides. [PR/493206: This issue has been resolved.]
In a NSR configuration, the backup Routing Engine can lose the connection to the active Routing Engine during configuration commit. The problem occurs more often when the configuration includes a large number of routing instances. This is caused by the routing protocol process on the backup Routing Engine leaking file descriptors during commit synchronization. To recover, restart the routing protocol process on the backup Routing Engine. [PR/506883: This issue has been resolved.]
When the routing-instances routing-instances-name routing-options multipath vpn-unequal-cost equal-external-internal statement is configured, some VPN routes learned from different route reflectors can be shown as multipath. [PR/507236: This issue has been resolved.]
The routing protocol process might crash if the router receives a flow route with a rate-limit bandwidth is less than 1000 bps. [PR/508715: This issue has been resolved.]
In route reflector and ASBR VPN scenarios, the routing protocol process might crash when changes occur to a prefix in the primary table at the same time as BGP tries to send out updates via the secondary table. [PR/515626: This issue has been resolved.]

Services Applications

If the Juniper-Firewall-Attribute attribute in a RADIUS server configuration file names a policer that sets a bandwidth limit for Layer 2 Tunneling Protocol (L2TP) sessions but not an exclude-bandwidth limit, the bandwidth limit might not be set correctly. [PR/254503: This issue has been resolved.]
A static route pointing to a destination is incorrectly added for a source NAT when a next-hop type service set is used. [PR/476165: This issue has been resolved.]
When an SIP ALG is enabled on ASPIC, MSPIC, or MSDPC, the PIC could crash while freeing the Via header NAT port. [PR/490329: This issue has been resolved.]
MSDPC might crash while running a combination of SIP and other ALGs due to a possible double freeing of memory. [PR/491218: This issue has been resolved.]
In some call scenarios, the SIP ALG on a services PIC can cause NAT port leaks. [PR/491220: This issue has been resolved.]
The show services nat pool name CLI filter does not have any effect. [PR/493820: This issue has been resolved.]
Under certain conditions, the replication socket between two Routing Engines for the local policy decision function process (LPDFD) does not close properly. This results in high CPU consumption by the LPDFD. As a workaround, restart the local policy decision function process (LPDFD) on the master Routing Engine’s restart local-policy-decision-function. [PR/495363: This issue has been resolved.]
Configuring different autonomous system types (origin and peer) toward two v5 servers does not work and origin is taken as the autonomous system type for both flow servers. [PR/496954: This issue has been resolved.]
Following a JUNOS Software upgrade, the L2TP on an M7i router dumps core. [PR/498423: This issue has been resolved.]
When the router reboots after an upgrade, the following commit error occurs: “Cannot configure local-dump without configuring file name in neither traceoptions nor output.” [PR/500365: This issue has been resolved.]
When a backup gateway is configured in any term under IPsec stanza, for any subsequent terms where this backup gateway is now configured as the primary, IPsec tunnel establishment will fail. [PR/510608: This issue has been resolved.]
When using a NAT DCE RPC ALG on a services PIC, the PIC might crash while processing the binding request. [PR/510997: This issue has been resolved.]

User Interface and Configuration

The wildcard apply groups do not work properly in JUNOS Release 9.1 and above. [PR/425355: This issue has been resolved.]
When jcs:syslog() is used in an event script, messages do not appear until another system application sends a syslog message. [PR/449778: This issue has been resolved.]
The core files cannot be removed using the file delete command unless the Routing Engine name is included in the path. [PR/469168: This issue has been resolved.]
The deactivate configuration statement cannot be blocked through the deny-configuration statement. [PR/488352: This issue has been resolved.]
When commit scripts are used and the configuration contains a policy which uses an apply-group with a then action of “then community + EXPORT,” the commit fails. [PR/501876: This issue has been resolved.]
The load replace command does not consider the allow-configuration configuration. [PR/501992: This issue has been resolved.]
On M10i, M120, M320, and MX Series routers with dual Routing Engines running JUNOS Release 9.4 or later, the dfwd process running on the backup Routing Engine might access the /var/pdb/rdm.taf file every 30 seconds, causing excessive writes to the hard disk drive. This problem does not occur when GRES is enabled. [PR/506691: This issue has been resolved.]

VPNs

Configuring a forwarding-cache threshold under a routing instance for NG-MVPN might not produce the expected behavior and might not limit the number of forwarding cache entries. [PR/438164: This issue has been resolved.]
In an MLAN scenario where two PEs are connected to the multicast receiver, when the PE acting as the designated router (DR) has a link failure on the MLAN, the backup PE that becomes the DR is unable to forward traffic. [PR/490153: This issue has been resolved.]
When different prefixes are advertised to the same source by different PE routers, an egress PE router is prevented from picking the lower prefix route for RPF when the PR advertising the higher prefix loses its route to the source. [PR/493835: This issue has been resolved.]
When multipath is enabled in a routing instance with NG MVPN, the traffic might get dropped on the receiver PE. [PR/508090: This issue has been resolved.]

Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

Current Software Release

Outstanding Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

Class of Service

Forwarding and Sampling

High Availability

Interfaces and Chassis

Layer 2 Ethernet Services

MPLS Applications

Platform and Infrastructure

Routing Policy and Firewall Filters

Routing Protocols

Services Applications

Subscriber Access Management

User Interface and Configuration

VPNs

Resolved Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

Class of Service

Forwarding and Sampling

Interfaces and Chassis

Layer 2 Ethernet Services

MPLS Applications

Network Management

Platform and Infrastructure

Routing Protocols

Services Applications

User Interface and Configuration

VPNs

Previous Releases

Release 10.1R1

Class of Service

Forwarding and Sampling

High Availability

Interfaces and Chassis

Layer 2 Ethernet Services

Network Management

MPLS Applications

Platform and Infrastructure

Routing Protocols

Services Applications

User Interface and Configuration

VPNs

Related Topics