Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Issues in JUNOS Release 10.2 for M Series, MX Series, and T Series Routers

    The current software release is Release 10.2R3. For information about obtaining the software packages, see Upgrade and Downgrade Instructions for JUNOS Release 10.2 for M Series, MX Series, and T Series Routers.

    Current Software Release

    Outstanding Issues in JUNOS Release 10.2 for M Series, MX Series, and T Series Routers

    Class of Service

    • On MX Series routers with Enhanced DPCs, bandwidth sharing between two schedulers, one with high and the other with strict-high priority, might not be as expected when the schedulers are oversubscribed. That is, only one queue can use all of the excess bandwidth. This issue occurs when the schedulers are configured on logical interfaces. [PR/265603]
    • When a VLAN ID is changed, the following message appears in the messages log: "COSD_GENCFG_WRITE_FAILED: GENCFG write failed for Classifier to IFL 74. Reason: File exists.” This log message appears when the configuration is committed with VPLS configured on the Gigabit Ethernet interface, and a class-of-service classifier or rewrite rules that contain IEEE 802.1P on the interface are used. [PR/408552]
    • When a logical interface set has a shaping-rate less than the sum of the transmit-rates of its queues and when the configuration is corrected so that the logical interface set gets the right shaping-rate, ADPC might crash. [PR/523507]

    Forwarding and Sampling

    • Port mirroring does not work under the bridge-domain forwarding-option filter. [PR/529272]

    High Availability

    • The SSH keys are not in sync between the master and backup Routing Engine when SSH is enabled after a graceful Routing Engine switchover (GRES). [PR/455062]
    • When an ISSU upgrade is performed to or from JUNOS Releases 9.6R3 or 10.0R2, the logical interface and logical interface sets that have traffic control profiles configured on them will be affected. [PR/491834]
    • When the standby Routing Engine is upgraded, ISSU aborts with the error message “replication_err soft_mask_err.” [PR/508028]
    • An intermittent failure in the non-stop Routing Engine might cause a core file to be generated. However, the system does not go down. [PR/527686]

    Interfaces and Chassis

    • For Automatic Protection Switching (APS) on SONET/SDH interfaces, there are no operational mode commands that display the presence of APS mode mismatches. An APS mode mismatch occurs when one side is configured to use bidirectional mode, and the other side is configured to use unidirectional mode. [PR/65800]
    • The output of the show interfaces diagnostics optics command includes the "Laser rx power low alarm" field even if the transceiver is a type (such as XENPAK) that does not support this alarm. [PR/103444]
    • When an ATM II interface is configured as a Layer 2 circuit with cell transport mode on a router running JUNOS Release 8.2 or lower, interoperability issues with other network equipment and another Juniper Networks routers running JUNOS Release 8.3 or higher might occur. [PR/255622]
    • On the M120 router, hot-swapping the fan tray might cause the Check CB alarm to activate. [PR/268735]
    • On the JCS1200 platform, when you issue the clear -config -T switch[1] command using the management module, the switch module returns to its factory default setting instead of the Juniper Networks default setting. As a workaround, do not issue the command. [PR/274399]
    • On the Juniper Control System (JCS) platform, the control and management traffic for all Routing Engines shares the same physical link on the same switch module. In rare cases, the physical link might become oversubscribed, causing the management connection to Protected System Domains (PSDs) to be dropped. [PR/293126]
    • On a Protected System Domain (PSD) configured with a large number of BGP peers and routes (for example, 5000 peers and 1,000,000 routes), FPCs might restart during a graceful Routing Engine switchover (GRES). [PR/295464]
    • When two routers connected via SONET/SDH interfaces are configured as container interfaces and the Routing Engine on one router reboots, the container interfaces on the other router might go down and come up again. [PR/302757]
    • The bridge-domain MAC learn limit on the Packet Forwarding Engine can sometimes become negative if the bridge domain is deleted and added immediately as part of a configuration change. If that happens, the MAC learning on that bridge domain can be affected. As a workaround, deactivate and activate the bridge domain or VPLS routing instance configuration. [PR/467549]
    • Due to the large number of components, Trio MPCs take more time to boot up than comparable MX Series boards. [PR/468665]
    • If a firewall show command is followed by the clear command in a very quick succession, there is a possibility that the show command will time out. If the show command is issued after a few seconds (five seconds ideally), this issue will not be seen. [PR/479497]
    • On the T1600 router, the output of the show chassis hardware models and show chassis hardware clei-models commands does not display the T1600 PICs. [PR/481623]
    • On a 4x CHOC3/CHSTM1 SONET CE SFP PIC, if a SONET Automatic Protection Switching (APS) is configured on COC3/CSTM1 interfaces and an IMA group is created, APS will not work for those IMA groups. There is no workaround. [PR/513343]
    • When the VRRP6 master changes, there is no log output for VRRP IPv6. [PR/514821]
    • Upon a link up event, old packets from the previous link down are still dequeued. This leads to huge latency reports. [PR/515842]
    • Discrepancies exist in MAC and filter statistics between Trio and I+EZ DPCs. [PR/517926]
    • When multiple routed IPsec tunnels are configured, and the tunnel with the inside-service-interface defined in the service-set goes down, the other tunnels with the ipsec-inside-interface configured only in the IPsec rules can stop forwarding traffic until the main tunnel comes back up. [PR/524935]
    • The queue counter of the aggregated Ethernet is counted up after the statistics is cleared and the FPC is restarted. [PR/528027]
    • The output of the show chassis environment pem command displays the voltage used in FPC slots 0 through 3, even after the FPC is taken offline. [PR/528821]
    • If a dot1p classifier is not explicitly configured for the logical interface of vid=0, to accept priority tagged packets, packets without an IP header such as STP will determine the forwarding class based on the priority tag value. [PR/529207]
    • The "multipoint-destination" configuration statement is not supported on IQE PICs. While the configuration of this statement is accepted without problems initially, subsequent reconfiguration of the interface might cause the FPC and Packet Forwarding Engine to reboot. [PR/529423]
    • When Automatic Protection Switching (APS) is configured on a 4x STM-1 SDH, SMIR PIC, the transmitted value of the K2 byte shows 0x00 for both unidirectional and bidirectional instead of 0x04 and 0x05, respectively. [PR/531030]
    • The spare SCB stays in the same status when the online SCB is removed without taking it offline. [PR/542615]
    • When one of the units of an aggregated Ethernet is deactivated, all the other units to go down. [PR/544587]

    Layer 2 Ethernet Services

    • The release message is not sent to the DHCP server, even though the send-release-on-delete flag is set under the DHCP relay configuration. As a workaround, to deactivate or deconfigure an interface, clear all the bindings on the interface before you deactivate or delete the interface. To deactivate or deconfigure the relay, clear all the bindings before you deactivate or delete the relay. [PR/498920]

    MPLS Applications

    • The rt column in the output of the show mpls lsp command and the active route counter in the output of the show mpls lsp extensive command are incorrect when the per-packet load balancing is configured. [PR/22376]
    • For point-to-multipoint label-switched paths configured for VPLS, the ping mpls command reports a 100 percent packet loss even though the VPLS connection is active. [PR/287990]
    • The routing protocol process crashes when configuration changes occur that involves adding an interface to the routing protocols. [PR/456241]
    • During an RSVP local repair process, when a link flaps or the IGP metric changes along the LSP path, the routing protocol process scheduler slips. [PR/513312]
    • The RSVP sessions through unnumbered interfaces, with advertise-unnumbered-interfaces enabled under OSPF traffic engineering, are not replicated on the backup Routing Engine. [PR/525297]

    Network Management

    • The SNMP process may restart after a core dump is generated. [PR/517230]

    Platform and Infrastructure

    • On T Series routers, a Layer 2 maximum transmission unit (MTU) check is not supported for MPLS packets exiting the routing platform. [PR/46238]
    • When you configure a source class usage (SCU) name with an integer (for example, 100) and use this source class as a firewall filter match condition, the class identifier might be misinterpreted as an integer, which might cause the filter to disregard the match. [PR/50247]
    • If you configure 11 or more logical interfaces in a single VPLS instance, VPLS statistics might not be reported correctly. [PR/65496]
    • When a large number of kernel system log messages are generated, the log information might become garbled and the severity level could change. This behavior has no operational impact. [PR/71427]
    • In the situation where a Link Services (LS) interface to a CE router appears in the VPN routing and forwarding table (VRF table) and a fragmentation is required, Internet Control Message Protocol (ICMP) cannot be forwarded out of the LS interface from a remote PE router that is in the VRF table. As a workaround, include the vrf-table-label statement at the [edit routing-instances routing-instance-name] hierarchy level. [PR/75361]
    • Traceroute does not work when ICMP tunneling is configured. [PR/94310]
    • If you ping a nonexistent IPv6 address that belongs to the same subnet as an existing point-to-point link, the packet loops between the two point-to-point interfaces until the time-to-live expires. [PR/94954]
    • On T Series and M320 routers, multicast traffic with the "do not fragment" bit is being dropped due to configuring a low MTU value. The router might stop forwarding all traffic transiting this interface if the clear pim join command is executed. [PR/95272]
    • A firewall filter that matches the forwarding class of incoming packets (that is, includes the forwarding-class statement at the [edit firewall filter filter-name term term-name from] hierarchy level) might incorrectly discard traffic destined for the Routing Engine. Transit traffic is handled correctly. [PR/97722]
    • The JUNOS Software does not support dynamic ARP resolution on Ethernet interfaces that are designated for port mirroring. This causes the Packet Forwarding Engine to drop mirrored packets. As a workaround, configure the next-hop address as a static ARP entry by including the arp ip-address statement at the [edit interfaces interface-name] hierarchy level. [PR/237107]
    • When you perform an in-service software upgrade (ISSU) on a routing platform with an FPC3 or an Enhanced FPC3 with 256 MB of memory and the number of routes in the routing table exceeds 750,000, route loss might occur. If route loss occurs, as a workaround, perform either of the following tasks:
      • Replace the FPC3 or Enhanced FPC3 with another FPC that has more memory, or
      • After the ISSU is complete, reboot only the FPC3 or Enhanced FPC3.

      [PR/282146]

    • For Routing Engines rated at 850 MHz (which appear as RE-850 in the output of the show chassis hardware command), messages such as the following might be written to the system log when you insert a PC Card: “bad Vcc request” and “Device does not support APM.” Despite the messages, operations that involve the PC card work properly. [PR/293301]
    • On a Protected System Domain, an FPC might generate a core file and stop operating under the following conditions:

      • A firewall policer with a large number of counters (for example, 20,000) is applied to a shared uplink interface, and
      • The FPC that houses the interface does not have a sufficiently powerful CPU.
      As a workaround, reduce the number of counters or install a more powerful FPC. [PR/311906]
    • When a CFEB failover occurs on an M10i or M7i router that has had 4000 or more IFLs, the following message appears:
      IFRT: 'IFD ioctl' (opcode 10) failed
      ifd 153; does not exist
      IFRT: 'IFD Ether autonegotiation config' (opcode 163) failed

      The message has no operational impact. When the backup CFEB becomes the active CFEB, the message does not display. [PR/400774]

    • In some cases, the alarms displayed in the FPM and the alarms shown using the show chassis alarms sfc 0 command do not match. [PR/445895]
    • The SFC management interface em0 is often displayed as fxp0 in several warning messages. [PR/454074]
    • The VPN label does not get pushed on the label stack for Routing Engine–generated traffic with l3vpn-composite-next-hop activated. As a workaround, configure per-packet load balancing to push the VPN/tunnel labels correctly. [PR/472707]
    • On restart with a large-scale configuration (16K IFLs per MPC), the MPC-3D-16XGE-SFPP card might take up to 15 minutes to come up. [PR/478548]
    • Swapping out eight FPC cards and replacing them with a different FPC type causes the kernel to crash when the last FPC is powered on. [PR/502075]
    • The TTL on the wire is one less than the tunnel TTL configured through the CLI. [PR/506454]
    • The data channel applications for protocols such as FTP, TFTP, RTSP, and SIP are not in the same application group as their control channel applications. For example, the control channel application junos:ftp is in the group junos:file-server but its corresponding data application junos:system:ftp-data is not in any group. [PR/507865]
    • The GRE key tunnel performance reduces by 10 percent when 4000 tunnels or more are configured on the MS PIC. [PR/520855]
    • On M120 routers, multicast packet drops occur when both the Fast Ethernet and the SFP GE PICs are located on the same Packet Forwarding Engine. [PR/546835]

    Routing Policy and Firewall Filters

    • If a routing protocol running an MSDP receives an SA that is filtered through the MSDP import policy, it will still create a forwarding entry if it subsequently receives a (*,G) join for that group. [PR/63053]
    • The following features are not supported in a 12-16x10G DPC:
      • Known unicast and unknown unicast types in the input match condition 'Traffic-type' in a family bridge/VPLS
      • The following match conditions do not work:
        • learn-vlan-1p-priority
        • learn-vlan-1p-priority-except
        • learn-vlan-id
        • learn-vlan-id-except
        • user-vlan-1p-priority
        • user-vlan-1p-priority-except
        • user-vlan-id
        • user-vlan-id-except
      • VPLS flood FTF and input FTF
      • Simple filters
      • Filter action 'then ipsec-sa'
      • Filter action 'then next-hop-group'
      • Mac-filter output accounting and output policing

      [PR/466990]

    • When two packets are consecutively sent at line rate, the "Flow insert policer drops" counter increase for the second packet. [PR/537306]

    Routing Protocols

    • When you configure damping globally and use the import policy to prevent damping for specific routes, and a new route is received from a peer with the local interface address as the next hop, the route is added to the routing table with default damping parameters, even though the import policy has a non-default setting. As a result, damping settings do not change appropriately when the route attributes change. [PR/51975]
    • When you issue the show ldp traffic-statistics command, the following system log message might be generated for all forwarding equivalence classes (FECs) with an ingress counter set to zero: "send rnhstats GET: error: ENOENT — Item not found." [PR/67647]
    • If ICMP tunneling is enabled on the router and you configure a new logical system that does not have ICMP tunneling enabled, the feature is globally disabled. [PR/81884]
    • Setting the advertise-high-metric option while using IS-IS overload also suppresses route leaking. [PR/419624]
    • When aggregate interfaces are used for VPN applications, load balancing might not happen with a Layer 2 circuit configuration. [PR/471935]
    • When PPMD delegation of BFD sessions is configured over AE interfaces, graceful Routing Engine switchover and NSR do not work. [PR/505058]
    • The BGP BMP message for IPv6 withdraw encoding does not follow the BMP-draft. [PR/512780]
    • When the received next hop for a route has the same address as the EBGP peer to which the route is readvertised, the next hop is erroneously set to the peer's address instead of to the next hop itself. [PR/533647]
    • When a certain combination of route damp parameters is configured for BGP, the resulting internal calculations result in an attempt to allocate 0 bytes of memory causing the routing protocol process to crash and restart. As a workaround, avoid the exact combination of poison values in the configuration. [PR/534780]
    • When an interface is added to a routing instance with rpf-check enabled, the routing protocol process might crash if a route-distinguisher is also changed at the same time. [PR/539321]

    Services Applications

    • The show services accounting flow-detail extensive command sometimes displays incorrect information about input and output interfaces. [PR/40446]
    • When a routing platform is configured for graceful Routing Engine switchover (GRES) and Adaptive Services (AS) PIC redundancy, and a switchover to the backup Routing Engine occurs, the redundant services interface (rsp-) always activates the primary services interface (sp-), even if the secondary interface was active before the switchover. [PR/59070]
    • Detection of failure of remote PPP clients on the LNS through LCP echo requests will take longer due to the increase in the number of echo request retries. [PR/250640]
    • In JUNOS Release 10.0R2, a performance related issue is seen when the IDP plug-in is enabled. The connection per second value for HTTP (64 bytes) with AACL, AI, and IDP (with Recommended Attacks group) plug-ins have been downgraded to 7,600 through 7,900 per second. [PR/476162]
    • When a standard application is specified at the [edit security idp idp-policy policy-name rulebase-ips rule rule-name match application] hierarchy level, the IDP does not detect the attack on the non-standard port (for example, junos:ftp on port 85). [PR/477748]
    • After an user establishes an SSH connection, the sshd process is spawned on the server and services the user. After the connection is established, the sshd process listens on a socket and keeps polling in the select() and sleeps until there is something to be processed on the socket. When the client closes the connection, a message is sent on the socket to the server, which reads and processes the tear-down of the connection. However, when a blocking tcp is sent to the client to detect the client's presence, the time out never expires. [PR/538342: This issue has been resolved.]

    Subscriber Access Management

    • The destination and destination-profile options for address and unnumbered-address within the family inet and inet6 are allowed to be specified within a dynamic profile, but are not supported. [PR/493279]

    User Interface and Configuration

    • The “Local Password:" prompt appears even though the authentication order has a password configured. [PR/94671]
    • The logical system administrator can modify and delete master administrator-only configurations by performing local operations such as issuing the load override, load replace, and load update commands. [PR/238991]
    • After AI scripts are added, the existing management sessions (including the one used to add the AI scripts) must exit the edit mode and reenter for any subsequent configuration changes to take effect. Changes made in these existing edit sessions are not written to the candidate configuration. [PR/297475]
    • On the J-Web interface, the “Generate Report” option under the Monitor Event and Alarms page opens the report in the same web page. [PR/433883]
    • Selecting the monitor port for any port in the Chassis Viewer page displays the common Port Monitoring page instead of the corresponding Monitoring page of the selected port. [PR/446890]
    • In the J-Web interface, the associated DSCP and DSCPv6 for a logical interface might not be mapped properly while the classifiers of a logical interface is edited. This might also affect the delete functionality. [PR/455670]
    • On MX Series routers, J-Web does not display the USB-related information under Monitor>SystemView>System Information>Storage. [PR/465147]
    • When a new-line character (\n) is used within the op script argument descriptions, the help output might display incorrectly, and could result in extra output being displayed when the op script executes. [PR/485253]
    • In the J-Web interface, the options Access Concentrator, Idle Timeout, and Service Name for PPPoE logical interfaces are not supported on MX Series routers. [PR/493451]
    • Invalid XML characters such as &#x11 (0x11) or &#20 (0x14) are allowed to be loaded into the router. As a result, the XML parsers break as the characters are not XML compliant. [PR/502994]
    • An issue with the libpng application causes the viewer to freeze for 20 to 30 minutes on J-Web. [PR/507178]
    • The auto-complete feature is not disabled on the password fields of the J-Web interface. This could lead to a loss of confidentiality of the users if any of them use a shared host or their machine is compromised at some point. [PR/508425]
    • In the J-Web interface, when RIP, BGP, OSPF, and DHCP are not configured in box, the validation message "not configured" displays in the respective screen in the monitor tab. The options for the commit, help, and log out window are displayed after the validation message. Because of this issue, the user is unable to click on the above options. This issue occurs only in the Firefox web browser. As a workaround, refresh the J-Web interface if you have already opened the log out window, or use these options in other menus. [PR/528346]
    • The annotate command does not show up when it is used under the edit private command for class-of-service. [PR/535574]

    VPNs

    • When you modify the frame-relay-tcc statement at the [edit interfaces interface-name unit logical-unit-number] hierarchy level of a Layer 2 VPN, the connection for the second logical interface might not come up. As a workaround, restart the chassis process (chassisd) or reboot the router. [PR/32763]
    • On a router configured for nonstop active routing (NSR) (the nonstop-routing statement is included at the [edit routing-options] hierarchy level), if a nonstop active routing switchover occurs after the configuration for routing instances changes in certain ways, the BGP sessions between PE and CE routers might not be established after the switchover. [PR/399275]
    • While upgrading JUNOS Software with l2circuit configuration under the logical systems, the validation might fail with an "interface version mismatch" error. You can ignore this error and upgrade the JUNOS Software using the no-validate option. [PR/497190]

    Resolved Issues in JUNOS Release 10.2 for M Series, MX Series, and T Series Routers

    Class of Service

    • When a class of service is configured for a routing instance using a wild-card, the classifier type might not populate correctly when a new routing instance is added. [PR/537378: This issue has been resolved.]
    • When per-unit-scheduler is applied under the interfaces hierarchy and shaping rate is applied under the class-of-service interface hierarchy in the same commit operation, port shaping rate does not work, and the total logical interface transmitted byte rate exceeds the physical interface shaping rate. As a workaround, configure shaping-rate within a traffic-control-profile and apply that to an interface, or deactivate and then activate class-of-service interface interface-name shaping-rate. [PR/539590: This issue has been resolved.]
    • Under certain conditions, the class of service configuration might not take effect on an IQ2 PIC. [PR/541814: This issue has been resolved.]

    Forwarding and Sampling

    • When a scheduler associated with a forwarding class that is mapped to a different queue, the associated scheduler also needs to be applied to the new queue. This expected behavior does not occur. [PR/540568: This issue has been resolved.]
    • In JUNOS Release 10.2, the Routing Engine based sampling might not work if the routing table inet.0 has a route for 128.0.0.1. The issue occurs when this route points to an external interface. [PR/540891: This issue has been resolved.]

    Interfaces and Chassis

    • The MX DPC might reboot with the error message: "EZ: ezchip_get_srh_msg_from_srhq." [PR/310223: This issue has been resolved.]
    • After an 8216 Routing Engine upgrade to Release 9.6 with "chassis" deactivated, the backup Routing Engine starts to reboot with the panic message "panic: filter_idx_alloc: invalid filter index" and crashes when the 'chassis' configuration is enabled and committed. After the Routing Engine finally comes online, the CLI response is slow and the Routing Engine reboots again after three minutes approximately. To stop these reboots, deactivate the chassis on the backup Routing Engine. [PR/489029: This issue has been resolved.]
    • If a T640-FPC4-ES is installed in a T1600 router and an SIB statistics collection is performed, the message log might report "JBUS: U32 read error, client .." only if one of the SIBs is faulted or in the offline state. This system log message will also appear if the T640-FPC4-ES FPC is removed from the chassis. There is no operational impact. [PR/504363: This issue has been resolved.]
    • When traffic flows into the MPC on which a bridge-domain configuration is being changed or the card is booting up, the forwarding software tries to access uninitialized memory for a short duration. This is a cosmetic issue and does not have any functional impact. [PR/506344: This issue has been resolved.]
    • On M7i routers with JUNOS Release 8.5 or later, the output of the show interfaces fxp0 command shows the fxp0 interface to be in the link up state even when the interface is disabled with no cables connected. [PR/508261: This issue has been resolved.]
    • When the PIC is configured with encapsulation atm-ccc-cell-relay psuedowires, and the PIC throughput exceeds 152 Mbps, data loss occurs and the following error message is displayed: “[Warning] ce_wp_poll_hspi_stats:2006: PF/Winpath SPI interface error, rx_err_sm 243.” This error message is not seen when encapsulation atm-ccc-vc-mux is used.

      As a workaround, use the atm-ccc-vc-mux encapsulation (AAL5 ATM PW), or use atm-ccc-cell-relay and configure a larger cell bundle size. When the cell bundle size is 5, the PIC passes 190 Mbps without error. [PR/515632: This issue has been resolved.]

    • On MX960 routers, the link status stays in the "Link ok" state when the SCB is removed without taking it offline through the CLI or switch. [PR/536860: This issue has been resolved.]
    • The SCB displays an incorrect state when it is removed without taking it offline through the CLI or buttons. This is not a cosmetic error and might have an impact to the traffic. [PR/536866: This issue has been resolved.]
    • The "frame-relay-ether-type" encapsulation is not programmed to the hardware properly. Due to this, the incoming packet parsing fails and the packets are discarded. [PR/539484: This issue has been resolved.]
    • On 1-Gigabit Ethernet MIC interfaces, the MAC transmit statistics only reports the octets for the payload and do not count the Ethernet header. [PR/540043: This issue has been resolved.]
    • On MX Series routers with 10.x Power Budget, after a “Power Budget: Chassis experiencing power shortage” alarm occurs, the alarm does not clear even after the power budget problem is cleared. [PR/540522: This issue has been resolved.]
    • The MX-MPC1-3D-Q accepts vlan tagged packets even when the interface is not configured with vlan-tagging. [PR/540620: This issue has been resolved.]
    • The link-up time on an 16x 10–Gigabit Ethernet MPC is not as small as other platforms (ADPC and other MPCs) due to the emission dispersion compensation (EDC ) functionality of the PHY device on the MPC. This causes a delay of 50 mS - 150mS delay and cannot be changed. [PR/540694: This issue has been resolved.]
    • When neither the per-unit scheduler nor the hierarchical-scheduler is configured on physical interface and the physical interface has the overhead-accounting bytes configured, it does not take effect. [PR/544608: This issue has been resolved.]
    • Chassisd crashes when the show chassis clocks command is executed. [PR/545510: This issue has been resolved.]

    MPLS Applications

    • With BFD enabled over IGP and an RSVP session built across it, when the RSVP peer does not support RSVP Hello (or is disabled), the BFD session down event triggers only the IGP neighbor to go down. The RSVP session remains up until a session timeout occurs. [PR/302921: This issue has been resolved.]
    • The maximum average bandwidth utilization computed by MPLS for auto-bandwidth may sometimes be higher than the actual traffic rate (twice the traffic rate). This occurs when the MPLS statistics response from the Packet Forwarding Engine comes in late, and two statistic entries for the same LSP fall in the same MPLS auto-bandwidth averaging timer interval. [PR/536759: This issue has been resolved.]
    • Under NGEN-MVPN with vrf-table-label configured on the provider edge, the provider router connecting to that provider edge might keep an old P2MP MPLS label entry upon label-switched path optimization or reroute. There is no workaround. [PR/538144: This issue has been resolved.]
    • An LSP with auto-bw might stay down for approximately 30 minutes after a Routing Engine switchover or a Routing Engine restart when graceful restart fails. As a workaround, disable and reenable the MPLS or OSPF stanza. [PR/539524: This issue has been resolved.]
    • When the RSVP path-mtu allow-fragmentation is configured, traffic blackholing might occur. [PR/544365: This issue has been resolved.]

    Network Management

    • SNMP may stop working after a router reboot, DPC/FPC/MPC restart, or a graceful Routing Engine switchover. [PR/525002: This issue has been resolved.]
    • In JUNOS Release 10.2 and above, the size of the MIB2D process might increase as a result of memory leaks which causes the MIB2D process to crash as it reaches its maximum size permitted. [PR/546872: This issue has been resolved.]
    • In JUNOS Release 9.2 and above, a memory leak occurs in the subagent in a scenario where the snmpd process is not running, or there are issues in communication with a subagent and traps are being generated by the subagent. [PR/547003: This issue has been resolved.]

    Platform and Infrastructure

    • Redirect drops that are not real errors is taken into account for "Iwo HDRF" error statistics that is reported in the output of the show pfe statistics errors command on I-chip based routers. Since redirect drops are expected in a VPLS (and Ethernet in general) environment, this behavior could be misleading. [PR/430344: This issue has been resolved.]
    • The Packet Forwarding Engine incorrectly imposes a rate limit function for the host-bound virtual LAN tagged packets with IEEE 802.1p value of 1. There is no workaround. [PR/529862: This issue has been resolved.]
    • A router might send raw IPv6 host-generated packets over the Ethernet towards its BGP IPv6 peers. [PR/536336: This issue has been resolved.]
    • On M10i routers, the JUNOS Release 10.2 upgrade fails and aborts when the PIC combinations are verified. As a workaround, use the force option to override the warnings and force the upgrade, but first verify the PIC combinations manually against PSN-2010-06-777. [PR/540468: This issue has been resolved.]
    • In JUNOS Release 10.2 and above, during SNMP queries, the size of the MIB2D process might increase as a result of memory leaks in a statistics associated library routine (libstats). This causes the MIB2D process to crash as it reaches its maximum size permitted. [PR/541251: This issue has been resolved.]

    Routing Policy and Firewall Filters

    • When a firewall loopback filter exists and the default term is discard, the multicast forwarding cache entries will be created since the resolve request is dropped at the Packet Forwarding Engine level. As a workaround, add an additional term to accept the multicast destination address 224/4. [PR/531787: This issue has been resolved.]

    Routing Protocols

    • When the chassisd signals the new master Routing Engine to start the routing protocol process after a graceful Routing Engine switchover, the Packet Forwarding Engine may still be linked to the old master Routing Engine for a short duration. Therefore the mastership is out of sync between the Routing Engine and the Packet Forwarding Engine for a short duration. During this period, new master Routing Engine sends traffic through the Packet Forwarding Engine, while the Packet Forwarding Engine delivers the incoming traffic to the old master Routing Engine. [PR/439366: This issue has been resolved.]
    • When a family inet6 addressing is added to a router configured with multicast VPN, the routing protocol process might crash and restart. [PR/503296: This issue has been resolved.]
    • The mirror receive task variable may not be cleared when the routing protocol process is heavily scaled. Hence, the NSR replication for RIP status stays in the "InProgress" state forever. [PR/516003: This issue has been resolved.]
    • Under rare circumstances, multiple commits might crash both the Routing Engines. The routing protocol process dumps core and restarts only on the master Routing Engine. This issue occurs when commits are executed within a minute. [PR/516479: This issue has been resolved.]
    • Upon an NSR mastership switch or ISSU upgrade, the multicast resolve route for IPv4 224/4 or inet6 ff00::/8 might be missing within the forwarding table. To recover from this condition, deactivate and reactivate the protocol pim stanza, or restart the routing protocol process. [PR/522605: This issue has been resolved.]
    • An ISSU upgrade to JUNOS Release 10.2 with PIM NSR configured fails whenever an incompatble FRU (PIC) is required to be taken offline during a Routing Engine switchover. As a workaround, disable NSR for PIM using the set protocols pim nonstop-routing disable command for the ISSU uppgrade to be successful. [PR/527668: This issue has been resolved.]
    • For JUNOS Release 9.5 and above, the BGP parse community begins with “0” as the octal value. This behavior is different in earlier releases. [PR/530086: This issue has been resolved.]
    • The master routing protocol process crashes three minutes after a graceful Routing Engine switchover. [PR/533363: This issue has been resolved.]
    • The Overload bit in the IS-IS LSP MT-TLV may trigger the IS-IS to install a default route to the overload bit advertiser and the show isis database extensive command may report an unknown TLV. [PR/533680: This issue has been resolved.]
    • The routing protocol process might crash due to an invalid prefix-length value in one of the flow-spec routes. [PR/534757: This issue has been resolved.]
    • If there is enough join state associated with a neighbor and that neighbor goes down and comes back up quickly, then that join state may be stranded in an unresolved state until the clear pim join command is issued. [PR/539962: This issue has been resolved.]
    • The routing protocol process might crash when a BGP connection attempt is met with an RST from the peer. This is due to an unlikely race condition. [PR/540895: This issue has been resolved.]

    Services Applications

    • For Adaptive Services II PICs, a temporary file might be created every 15 minutes in the /var/log/flowc/ directory even if flow collector services is not configured. The file is deleted if there are no clients, and re-created only when a client connects and attempts to write to the file. [PR/75515: This issue has been resolved.]
    • When traffic is forwarded in an L2TP session and a teardown request is received, the ASPIC crashes with a memory access violation in mlppp_output. [PR/537225: This issue has been resolved.]
    • On M Series routers configured for L2TP tunneling with several thousands of PPP connections, when all the PPP sessions expire at the same time, the MS-PIC might hang and become unusable. To recover the service, restart the PIC. [PR/541793: This issue has been resolved.]

    User Interface and Configuration

    • When the CLI screen length is set to zero and the show log command is used, the “more” prompt ignores the CLI screen length of zero and only a fraction of the number of lines is displayed. [PR/103595: This issue has been resolved.]
    • Under the Configuration>OSPF>Traceoptions page, J-Web does not display the available flags. [PR/475313: This issue has been resolved.]
    • On a router configured with a large number of interfaces, when a few interfaces are constantly added and deleted, a minor memory leak maybe occur in the "pfed" process. [PR/522346: This issue has been resolved.]
    • The xnm service currently does not support logging of remote-host addresses in system accounting. [PR/535534: This issue has been resolved.]
    • The system continues to use the TACACS server configuration even after it is removed. As a workaround, deactivate and reactivate the accounting configuration. [PR/544770: This issue has been resolved.]

    VPNs

    • If a VRF routing instance contains a static route that is resolved via a route that was auto-exported from another routing instance, the static route might not be removed when the physical interface goes down. [PR/531540: This issue has been resolved.]
    • When a CE-facing interface in a VPLS instance is deactivated, the routing protocol process may get into a loop leading to a high CPU utilization. [PR/531987: This issue has been resolved.]
    • If the C-source and C-RP are learned through different PEs and both of the PEs have data-mdt enabled for the same group, multicast flow may periodically start and stop. The start and stop time depends on when the two PEs refresh their DATA MDT JOIN TLV. [PR/542984: This issue has been resolved.]
    • Under certain circumstances, the container interfaces might not send the proper martini modes to the routing protocol process. This results in incorrect control word related information sent to the Packet Forwarding Engine. [PR/541998: This issue has been resolved.]

    Previous Releases

    Release 10.2R2

    The following issues have been resolved since JUNOS Release 10.2R2. The identifier following the description is the tracking number in our bug database.

    Class of Service

    • If a logical interface is configured or added to an interface set for which an existing traffic control profile is applied, any rate-limit functionality will not be applied to the new logical interface. To resolve this problem, deactivate and activate the interface portion of the class-of-service configuration. [PR/485872: This issue has been resolved.]
    • On M Series and T Series routers, the forwarding class information is lost when the packet enters the GRE tunnel with clear-dont-fragment-bit enabled. Additionally, on an Enhanced FPC or M120 FEB, the packet is also likely to be dropped if it is classified to a packet loss priority (PLP) value other than low. [PR/514162: This issue has been resolved.]
    • In a scaled configuration, the class-of-service classifier does not work properly. [PR/522840: This issue has been resolved.]
    • When the IEEE classifiers are configured on the MPC-3D card and the aggregated Etherenet interfaces are deactivated and activated with schedule map changes, the class-of-service process crashes. [PR/528108: This issue has been resolved.]
    • On virtual LAN demux interfaces over an Aggregate Ethernet with Trio MPCs, the changes made to the configuration are not applied when the commit command is issued. As a workaround, restart the MPC for the committed changes to take effect. [PR/528188: This issue has been resolved.]

    Forwarding and Sampling

    • While the JUNOS Software adopts random as its sampling algorithm, the SAMPLING_ALGORITHM in the flow monitoring version 9 template shows 0x01 (deterministic) instead of 0x02 (random). [PR/438621: This issue has been resolved.]
    • The unified in-service software upgrade will not work when API clients install policers. [PR/518301: This issue has been resolved.]
    • When a filter with ip-options "any" firewall match is applied on an interface on the MX-MPC, the filter is not applied. If the hardware is present at the time of the configuration commit, a commit warning is issued. However, the commit does not fail and the rest of the configuration is applied. [PR/524519: This issue has been resolved.]
    • On T640 and T1600 routers with ST chipset FPCs, in some cases when the IPv6 firewall filter with match conditions configured on address prefixes is longer than 64 bits, the filter may not be evaluated correctly. This might lead to loss of packets. [PR/524809: This issue has been resolved.]
    • A Routing Engine-based sampling might not work in JUNOS Release 10.2 if the routing table inet.0 has a route for 128.0.0.1. This issue occurs if this route points to an external interface. [PR/540891: This issue has been resolved.]

    Interfaces and Chassis

    • When forwarding-options is configured without route-accounting, the commit goes through with the message, "Could not retrieve the route-accounting." However, no functionality is affected. [PR/312933: This issue has been resolved.]
    • When lockout is configured and the router is rebooted, the working router is stuck in the wait-to-restore state while the protect router still shows channel state working and no requests, but no longer shows the lockout flag. [PR/474482: This issue has been resolved.]
    • When an IQ2 PIC is brought online with a class-of-service configuration that includes a scheduler using the rate-limit options, the system incorrectly reports that rate limiting is not supported on the PIC. [PR/482199: This issue has been resolved.]
    • On MX Series routers, the traffic is forwarded over the backup link even after the primary link is disabled and enabled again. [PR/493861: This issue has been resolved.]
    • On an M20 router with AC PEMS, the alarm message “Power Supply x not providing power” is generated when the power cord is removed. The alarm is not cleared when the power cord is reconnected. [PR/506413: This issue has been resolved.]
    • Under certain conditions, some Packet Forwarding Engines may fail to install VPN multicast routes when downstream interfaces are RLSQ bundles. [PR/515878: This issue has been resolved.]
    • When a frame relay interface goes down, the interface statistics might still indicate that the data-link connection identifier (DLCI) is active. [PR/516497: This issue has been resolved.]
    • On IQ2 and IQ2E 10GE PICs operating in WAN-PHY mode, the path trace information does not get transmitted to the remote end. [PR/518331: This issue has been resolved.]
    • When one of the two Ethernet connections to another Routing Engine is not present, the mastership is not switched. [PR/521833: This issue has been resolved.]
    • If a donor logical interface does not have a valid ifa (i.e. atleast one address which is unique to the logical interface in the routing instance), the DCD might crash. [PR/524989: This issue has been resolved.]
    • On MX80 routers, T-FEB crashes when the physical interface or logical interface on which incoming traffic is received is deactivated. [PR/525824: This issue has been resolved.]
    • When the clear interfaces statistics command is used, if a member link is deactivated from an aggregate (AE or AS on any platform) and if the show interfaces extensive command is used immediately, incorrect values (very high values) might be seen for the counters such as 'Transmitted and Queued' packets under the Queue counters. If the clear interface statistics command is not issued prior to deactivating the member link, this issue will not be seen. [PR/530297: This issue has been resolved.]
    • On T640 routers, the SCG 0 EXT SYNC UNSUPP alarm displays. This is because external clock sync is not supported on older SCGs. [PR/526063: This issue has been resolved.]
    • On MX Series routers with MS MPCs, the VRRP virtual MAC is unavailable after a mastership change which leads to loss of packets. [PR/529956: This issue has been resolved.]
    • When M120 Type 1 FPCs are configured for 2:1 FPC:FEB mapping, and one of the FPCs restarts, the restarting FPC might not initialize properly and might result in a small percentage of packet loss for all interfaces on that FPC. As a workaround, restart the FPC until the problem stops. [PR/529994: This issue has been resolved.]
    • When any subscriber interface (PPPoE or DHCP) is used, the VPLS connections go down. [PR/530435: This issue has been resolved.]
    • Continuos chassisd trace message is recorded in the chassisd log file. [PR/530486: This issue has been resolved.]

    Layer 2 Ethernet Services

    • On a TX Matrix router, an aggregate bundle composed of member links from different LCCs has the same slot/PIC/port, and results in the duplication of Link Aggregation Control Protocol (LACP) port numbers. For example, a bundle with the actor and partner shown below will result in a duplicate LACP port number since ge-0/3/0 and ge-8/3/0 (and similarly ge-1/3/0 and ge-9/3/0) are the same slot/PIC/port but from different LCCs.
      Actor                             Partner
      ge-0/3/0                ge-1/3/0        
      ge-8/3/0               ge-9/3/0
      

      On MX960 routers, duplicate LACP port numbers will result in aggregate bundles composed of member links for the same PIC and port on slots (0, 8), (1,9), (2,10), and (3,11). Also, the following sets of ports on any slot will have duplicate LACP port numbers:

      • PIC 0 port 8 and PIC 1 port (0,8)
      • PIC 0 port 9 and PIC 1 port (1,9)
      • PIC 2 port 8 and PIC 3 port (0,8)
      • PIC 2 port 9 and PIC 3 port (1,9)

      Note: The duplicate LACP port number described above does not affect the aggregation, but affects the SNMP extracting port information and shows an identical pair of SNMP dot3adAggPortPartnerOperPort and dot3adAggPortActorPort for the above mentioned links of the aggregate bundle.

      [PR/526749: This issue has been resolved.]

    • A Spanning Tree Protocol triggered MAC flush might fail if there are frequent topology changes with a significant number of MAC addresses learned. For multiple Spanning Tree Protocols, restart l2cpd-services to come out of the state, and for the Rapid Spanning Tree Protocol, reboot the corresponding DPC. [PR/529130: This issue has been resolved.]

    MPLS Applications

    • The routing protocol process might crash with an assert in rsvp_PSB_set_selfID while a graceful Routing Engine restart is performed when P2MP LSPs are present. [PR/512890: This issue has been resolved.]
    • At adjust intervals, the maximum average bandwidth utilization for the LSP should be reset to zero. MPLS sometimes fails to reset the maximum average bandwidth utilization for the LSP to zero while performing a periodic auto-bandwidth adjustment at the adjust interval. This prevents the periodic auto-bandwidth adjustment from adjusting to a lower bandwidth when the traffic rate drops. [PR/528619: This issue has been resolved.]

    Network Management

    • After an LCC switchover, the SNMP process fails to send traps with resource temporarily unavailable errors. [PR/493385: This issue has been resolved.]
    • The SNMP MIB OID tree under dot3adAggPort fails. This issue may occur when virtual LAN tagging is not configured on the AE interface, and if the mib2d process is restarted using the restart mibprocess command. [PR/528555: This issue has been resolved.]

    Platform and Infrastructure

    • On M7i routers, kernel panic may occur during route changes. [PR/439420: This issue has been resolved.]
    • An invalid IP protocol version is served as a valid version. The JUNOS router forwards IP packets with the version field set to values other than 4 and 6; for example, 11 or any (unassigned). [PR/481071: This issue has been resolved.]
    • In a setup with two VPN routing and forwarding tables (VRFs) of a provider edge connected to different customer edges and auto-export configured, when a ping is executed from a customer edge to a provider edge interface in the other VRF , the Internet Control Message Protocol reply returns the source interface IP of the provider edge that is connected directly instead of the interface IP of the other VRF provider edge. [PR/510834: This issue has been resolved.]
    • A load-balancing issue occurs for egress traffic transiting a SONET aggregated interface bundle when an interface with a different speed or capacity is removed from the bundle. For example, if you have two or more OC12 interfaces and one OC192 interface in a SONET aggregated interface bundle and if the OC192 interface is then removed from the bundle, traffic is not load-balanced properly across the remaining interfaces. As a workaround, deactivate and then activate the SONET aggregated interface to ensure proper load balancing across the member interfaces. [PR/513677: This issue has been resolved.]
    • Setting the TCP maximum segment size (MSS) may not change the actual MSS value. [PR/514196: This issue has been resolved.]
    • When IGMP snooping is enabled, a multicast traffic drop might be seen if an IGMP join or leave occurs on other interfaces. [PR/515420: This issue has been resolved.]
    • When the primary link flaps with the route-memory-enhanced statement enabled, jtree might get corrupted and traffic forwarding is affected. As a workaround deactivate the route-memory-enhanced statement under the chassis stanza. Changes to the route-memory-enhanced statement takes effect only when Packet Forwarding Engine is rebooted. [PR/517919: This issue has been resolved.]
    • Under certain conditions, traffic flow through an RLSQ bundle can be dropped after it is removed and added back to a VPN routing and forwarding table (VRF). [PR/518170: This issue has been resolved.]
    • On MX Series routers, the DPC may crash when the P2MP LSP switches between different AE links. [PR/520773: This issue has been resolved.]
    • When the destination class usage (DCU) is configured with unicast reverse path filter (uRPF) and egress forwarding-table filter within the VRF, a VPN route flap might trigger a jtree memory leak. [PR/521609: This issue has been resolved.]
    • On MX Series routers, repeated graceful Routing Engine switchover (GRES) under certain configurations might result in kernel panics. Three kernel cores are observed: with a soft update files system trace, with a TCP packet processing stack trace, and with a trace of IFF configuration write. [PR/525583: This issue has been resolved.]
    • A neighbor solicitation request does not return any neighbor advertised packets when static neighbors are configured. [PR/527779: This issue has been resolved.]
    • On some routers, enabling IP-payload-based load balancing for MPLS packets can cause some pseudowire packets to be reordered. [PR/528657: This issue has been resolved.]
    • On M120 routers, the output firewall filter does not properly classify traffic over PPPoE subscribers. [PR/528905: This issue has been resolved.]
    • Asp_ifl_update messages may be seen on routers running JUNOS Release 10.0 and later. Ignore these messages as they do not impact functionality. [PR/532648: This issue has been resolved.]

    Routing Policy and Firewall Filters

    • On some M, MX, and T Series routers, when a family CCC filter is applied on multiple interfaces that belong to different L2VPN routing instances, packet loss may occur after the routing instances are deactivated and activated. As a workaround, deactivate and activate the CCC filter on the interfaces. [PR/521357: This issue has been resolved.]
    • When a firewall loopback filter exists and the default term is discard, the multicast forwarding cache entries will be created since the resolve request is dropped at the Packet Forwarding Engine level. As a workaround, add an additional term to accept the multicast destination address 224/4. [PR/531787: This issue has been resolved.]

    Routing Protocols

    • The configured robust count value is not applied on the non-querier router when it receives a robust count value of 0. It uses the default value (2) instead of the configured value. [PR/520252: This issue has been resolved.]
    • After a graceful restart, the forwarding state of both provider edge routers might get stuck at the pruned state. However, traffic flow is not affected. [PR/522179: This issue has been resolved.]
    • On M, MX, and T Series routers, the OSPF neighbor status will sometimes be stuck in the init state when the load override configfile command is used in the following scenario:
      • A logical system with an AE interface exists
      • A router with an AE interface exists
      • Both AE interfaces are connected to each other, and
      • OSPF is enabled on both AE interfaces

      This can be recovered by rebooting the system with this configuration instead of using the load override command. [PR/522365: This issue has been resolved.]

    • When a l2circuit id greater than 2,147,483,647 is configured, and l2circuit tracing is enabled using the set protocols l2circuit traceoptions command, some of the trace messages provide the wrong value (a negative number) for the virtual circuit ID. [PR/523492: This issue has been resolved.]
    • The tag_encoder is unable to handle attempts to stack EXPLICIT_V6_ NULL (label 2) over an existing stack with label 2 on top. Additionally, the BGP module does not send label 2 when readvertising a prefix from an inet6 unicast session to a inet6 labeled-unicast session. [PR/523824: This issue has been resolved.]
    • On TX Matrix routers, the router can drop the PIM hello messages before a join is triggered by the neighbor. This can cause multicast traffic to be dropped before the next periodic join. [PR/529408: This issue has been resolved.]
    • On M120, output filters applied on a PPPoE interface will not take effect. [PR/528905: This issue has been resolved.]
    • On MX80 routers, non IS-IS fragmented GRE packets are filtered before they are forwarded to the Routing Engine. [PR/529727: This issue has been resolved.]
    • With high numbers of L3VPN routes using composite next hops, routing protocol process scheduler slips occur when a graceful Routing Engine switchover is performed with NSR enabled. [PR/530127: This issue has been resolved.]
    • On MX80 routers, path MTU discovery might not work. [PR/531491: This issue has been resolved.]
    • When the labeled-unicast inet6 route is reflected by route reflectors, the label might be set to explicit-null. [PR/534150: This issue has been resolved.]

    Services Applications

    • On an MS-PIC or MS-DPC running NAT functionality, the show services nat pool detail command might erroneously display positive and negative number of ports in use. [PR/506880: This issue has been resolved.]
    • L2tpd asserts when short frames are sent. This causes the l2tpd to crash. As per RFC 1661 and 1662, such packets should be treated as invalid and discarded. [PR/533057: This issue has been resolved.]

    Subscriber Access Management

    • During restart, the interface control process will crash if the PPPoE logical interface is configured without PPPoE options. For example:
      pp0 {unit 0 {}}

      [PR/528824: This issue has been resolved.]

    User Interface and Configuration

    • J-Web does not display the USB option under Maintain>Reboot>Reboot from the media. [PR/464774: This issue has been resolved.]
    • On M7i and M10i routers with Enhanced CFEB installed, the chassis viewer plugin does not display the Routing Engine in the front view and the E-CFEB in the rear view. However, the chassis contents from the system (left side tab) displays all the list of components correctly. [PR/483375: This issue has been resolved.]
    • The licenses are not synced between the master and backup Routing Engine unless the system license traceoptions file file-name statement is configured. Configuring the statement will cause the licenses installed on the master Routing Engine to be synced with the backup Routing Engine. [PR/501443: This issue has been resolved.]
    • The group inherited configuration at the [interface-range] hierarchy level does not take effect. [PR/522872: This issue has been resolved.]
    • Navigation from the Monitor RIP Information page to the Route Information page fails with errors. [PR/536255: This issue has been resolved.]

    VPNs

    • The routing protocol process crashes repeatedly on the new master, a few minutes after a graceful Routing Engine switchover. [PR/527465: This issue has been resolved.]

    Release 10.2R1

    The following issues have been resolved since JUNOS Release 10.1R3. The identifier following the description is the tracking number in our bug database.

    Class of Service

    • When you set the port speed of a multirate SONET Type 2 PIC to OC3, the class-of-service (CoS) speed value is not changed correctly within the Packet Forwarding Engine. The speed value remains OC12, which results in unexpected CoS behavior. There is no workaround. [PR/279617: This issue has been resolved.]
    • If a logical interface is configured or added to an interface set for which an existing traffic control profile is applied, any rate-limit functionality will not be applied to the new logical interface. To resolve this problem, deactivate and activate the interface portion of the class-of-service configuration. [PR/485872: This issue has been resolved.]
    • On an Ichip-based platform for strict high priority queue (SHQ), the buffer size allocated by the Packet Forwarding Engine is capped by the tx-rate. If the tx-rate is configured to a very small value or is not configured, and is automatically allotted a zero or a very small remaining value; the queue is also allotted a proportionately small delay buffer. This can sometimes lead to Red and Tail drops on the SHQ when there is a burst of traffic (with a certain traffic pattern) on it. As a workaround, configure a nominal tx-rate value (5 percent) for the SHQ. [PR/509513: This issue has been resolved.]
    • On M Series and T Series routers, the forwarding class information is lost when the packet enters the GRE tunnel with clear-dont-fragment-bit enabled. Additionally, on an Enhanced FPC or M120 FEB, the packet is also likely to be dropped if it is classified to a packet loss priority (PLP) other than low. [PR/514162: This issue has been resolved.]
    • In a scaled configuration, the class-of-service classifier does not work properly. [PR/522840: This issue has been resolved.]

    Forwarding and Sampling

    • Policers cannot be modified after a system upgrade due to a flaw in the parser routine. This error occurs when the current item is deleted and the parser cannot proceed to the next item. With the fix, the routine in the forwarding process (dwfd) has been modified so that the next item in the object tree is fetched before the current object is parsed. [PR/433418: This issue has been resolved.]
    • When an unified ISSU is performed for JUNOS Release 10.0 through 10.2, the T640-FPC4-ES crashes continuously. [PR/518301: This issue has been resolved.]
    • When a filter with an ip-options "any" firewall match is applied on an interface on the MX-MPC, the filter is not applied. If the hardware is present at the time of the configuration commit, a commit warning is issued. However, the commit does not fail and the rest of the configuration is applied. [PR/524519: This issue has been resolved.]
    • On T640 and T1600 routers with ST chipset FPCs, in some cases when the IPv6 firewall filters with match conditions configured on address prefixes is longer than 64 bits, the filter may not be evaluated correctly. This might lead to loss of packets. [PR/524809: This issue has been resolved.]

    Interfaces and Chassis

    • When forwarding-options is configured without route-accounting, commit goes through with the message, "Could not retrieve the route-accounting." However, no functionality is affected. [PR/312933: This issue has been resolved.]
    • The backup Routing Engine can fail to obtain mastership in the following cases:
      • re0 gets stuck and doesn't reboot.
      • Due to a hardware problem, re0 looses its connectivity with both the Control Board and the Packet Forwarding Engine.

      [PR/405412: This issue has been resolved.]

    • On MX Series routers, traffic is forwarded over the backup link even after the primary link is disabled and enabled again. [PR/493861: This issue has been resolved.]
    • When link trace entries are added in the path database, there is no check to determine if the current number of entries have reached the path database size. Because of this, the entries may grow to be greater than the path database size (configured or default). [PR/494584: This issue has been resolved.]
    • Under certain circumstances a backup Routing Engine reboot followed by a Routing Engine failover can cause the LACP to flap, which causes AE bundles to flap. [PR/502937: This issue has been resolved.]
    • On MX Series routers with JUNOS Release 10.0R2 or higher, the backup Routing Engine might report the following warning message upon commit once network service is configured under the chassis stanza: "WARNING: network services flag has been changed, please reboot system." [PR/505690: This issue has been resolved.]
    • The Routing Engine on slot 1 takes mastership regardless of the user-configured Routing Engine mastership priority. [PR/507724: This issue has been resolved.]

    • When the show chassis hardware models command or the show chassis hardware | display xml command is used, the FRU part-number 710-013035 displays the model number T1600-FPC3-ES instead of T640-FPC3-ES. [PR/514072: This issue has been resolved.]
    • When the show chassis hardware models or show chassis hardware | display xml command is issued for M320-FPC*-E3 with part-numbers 710-025464, 710-025853, and 710-025855, the model number does not display correctly. [PR/514074: This issue has been resolved.]
    • When traffic flows across IQE SDH/SONET interfaces, instantaneous inaccurate traffic rate values with smaller packet sizes occur when the show interface command is issued. [PR/514330: This issue has been resolved.]
    • The output of the show chassis hardware command may not display the SIB details when the SIB is inserted in the slot. [PR/515789: This issue has been resolved.]
    • On some XENPAK modules, the output of the show chassis hardware command shows the message "NON-JNPR UNKNOWN" when the FPC is booted. There is no impact on the traffic. To solve this issue, take the PIC offline and bring it back online. [PR/516411: This issue has been resolved.]
    • On an M120, M7i, or M10i router with Enhanced CFEB running JUNOS Release 10.0 and a VRF routing instance configured with vrf-table-label, the VPN traffic might not flow when an ATM II IQ PIC is used for a core-facing link. [PR/516485: This issue has been resolved.]
    • When a Frame Relay interface goes down, the interface statistics might still indicate that the data-link connection identifier (DLCI) is active. [PR/516497: This issue has been resolved.]
    • When the configuration of shaping and scheduling is added or removed from the CLI, the traffic from the other PE routers is lost. [PR/517320: This issue has been resolved.]
    • On IQ2 and IQ2E 10GE PICs operating in WAN-PHY mode, the path trace information does not get transmitted to the remote end. [PR/518331: This issue has been resolved.]
    • When the centralized configuration management (CCM) interval is set to 1m or above, the CCM flaps for an incorrect hold_time adjacency entry. [PR/520064: This issue has been resolved.]
    • The CE_SUPPORT-DCD crashes when a commit is performed. [PR/521380: This issue has been resolved.]
    • When one of two Ethernet connections to another Routing Engine is not present, the mastership is not switched. [PR/521833: This issue has been resolved.]
    • When multiple routed IPsec tunnels are configured, and the tunnel with the inside-service-interface defined in the service-set goes down, the other tunnels with the ipsec-inside-interface configured only in the IPsec rules can stop forwarding traffic until the main tunnel comes back up. [PR/524935: This issue has been resolved.]
    • When M120 Type 1 FPCs are configured for 2:1 FPC:FEB mapping, and one of the FPCs restarts, the restarting FPC might not initialize properly and result in a small percentage of packet loss for all interfaces on that FPC. As a workaround, restart the FPC until the problem stops. [PR/529994: This issue has been resolved.]

    Layer 2 Ethernet Services

    • The bpdu-block-on-edge configuration may not work properly when the interface is configured as 'edge' under the [edit protocols vstp vlan vlan-id interface interface-name] hierarchy level. [PR/522198: This issue has been resolved.]

    Network Management

    • After an LCC switchover, the SNMP process fails to send traps with resource temporarily unavailable errors. [PR/493385: This issue has been resolved.]
    • Memory leaks might occur on the mib2d. [PR/517565: This issue has been resolved.]
    • The SNMP MIB OID tree under dot3adAggPort fails. This issue may occur when virtual LAN tagging is not configured on the AE interface, and if the mib2d process is restarted using the restart mibprocess command. [PR/528555: This issue has been resolved.]

    MPLS Applications

    • A targeted LDP neighbor may remain up with an old IP address that was previously in use with the loopback address on the remote neighbor. This may happen when either of the following is performed on the remote neighbor:
      • A secondary loopback (lower than the current primary) address is added and no primary keyword is associated with either of these addresses.
      • A second loopback address is added with the primary keyword.

      This results in the targeted LDP neighbor being up with both IP addresses. The neighbor with the old address may continue to remain up even after the old loopback address is deleted on the remote neighbor. This neighborship with the old address eventually times out when the router-id is changed to reflect the new loopback address on the remote neighbor. [PR/518102: This issue has been resolved.]

    • At adjust intervals, the maximum average bandwidth utilization for the LSP should be reset to zero. MPLS sometimes fails to reset the maximum average bandwidth utilization for the LSP to zero while performing a periodic auto-bandwidth adjustment at the adjust interval. This prevents periodic auto-bandwidth adjustment from adjusting to a lower bandwidth when the traffic rate drops. [PR/528619: This issue has been resolved.]

    Platform and Infrastructure

    • On M7i routers, kernel panic may occur during route changes. [PR/439420: This issue has been resolved.]
    • The configured static NDP entry is cleared automatically after a certain interval. [PR/453710: This issue has been resolved.]
    • An invalid IP protocol version is served as a valid version. The JUNOS router forwards IP packets with version field set to values other than 4 and 6, for example, 11 or any (unassigned). [PR/481071: This issue has been resolved.]
    • Memory leaks might occur on the mib2d rtslib. [PR/510902: This issue has been resolved.]
    • The VPN PIM neighborship over the mt- interfaces may not recover after a graceful Routing Engine switchover. [PR/511366: This issue has been resolved.]
    • When an AE interface on an ECMP path is taken down, packet drops may occur on the traffic that is on another link in the ECMP path. [PR/513102: This issue has been resolved.]
    • Under rare conditions, the compressed system-generated routing protocol process core files might be corrupted. As a workaround, disable the compression using sysctl kern.compress_user_cores. [PR/513193: This issue has been resolved.]
    • Setting the TCP maximum segment size (MSS) may not change the actual MSS value. [PR/514196: This issue has been resolved.]
    • On M120 and MX Series routers, when an AE interface (with LACP enabled) is used as a core-facing interface for L3VPN, non-MPLS traffic received on the AE interface can sometimes get black-holed. To recover from this state, deactivate and activate the AE interface in the configuration. [PR/514278: This issue has been resolved.]
    • When IGMP snooping is enabled, a multicast traffic drop might occur if an IGMP join or leave occurs on other interfaces. [PR/515420: This issue has been resolved.]
    • When the primary link flaps with the route-memory-enhanced statement enabled, jtree might get corrupted and traffic forwarding is affected. As a workaround, deactivate the route-memory-enhanced statement under the chassis stanza. Changes to the route-memory-enhanced statement take effect only when Packet Forwarding Engine is rebooted. [PR/517919: This issue has been resolved.]
    • On some M, MX, and T Series routers, when a firewall filter is applied on the egress of an aggregate interface, packet loss may occur after adding, removing, or changing the service configuration on the egress side of the aggregate interface. As a workaround, deactivate and activate the output firewall filter on the aggregate interface. [PR/517992: This issue has been resolved.]
    • When container AE interfaces are enabled on JUNOS Release 10.0 or 10.1, the following message displays when one of the member links flap: “CHPJAR1-re0 fpc3 SCHED: %PFE-0: Thread 40 (PFE Manager) ran for 2015 ms without yielding.” [PR/518714: This issue has been resolved.]
    • When the destination class usage (DCU) is configured with unicast reverse path filter (uRPF) and egress forwarding-table filter within the VRF, a VPN route flap might trigger a jtree memory leak. [PR/521609: This issue has been resolved.]
    • No NA packets are returned for NS requests with a static NDP, due to an issue with the neighbor advertisement implementation for statically configured neighbors. [PR/527779: This issue has been resolved.]
    • On some routers, enabling IP-payload-based load balancing for MPLS packets can cause some pseudowire packets to be reordered. [PR/528657: This issue has been resolved.]

    Routing Policy and Firewall Filters

    • On some M, MX, and T Series routers, when a family CCC filter is applied on multiple interfaces that belong to different L2VPN routing instances, packet loss may occur after the routing instances are deactivated and activated. As a workaround, deactivate and activate the CCC filter on the interfaces. [PR/521357: This issue has been resolved.]

    Routing Protocols

    • The backup Routing Engine may generate routing protocol process and kernel cores if the BGP damping is configured along with nonstop active routing (NSR). [PR/452217: This issue has been resolved.]
    • When l3vpn-composite-next-hop is configured, it should only be used by L3VPN routes. However, non-L3VPN routes are also able to use it. [PR/496028: This issue has been resolved.]
    • Upon a graceful Routing Engine switchover with NSR, the routing protocol process will crash due to a wrong process for the PIM instance. [PR/503921: This issue has been resolved.]
    • Nonstop routing (NSR) does not work correctly if an automatic route distinguisher is used with an L2VPN routing-instance. [PR/513949: This issue has been resolved.]
    • The output of the show igmp snooping interface command does not display "-snooping," erroneously stating that IGMP itself is not running instead of IGMP-snooping not running. [PR/516355: This issue has been resolved.]
    • The configured robust count value is not applied on the non-querier router when it receives a robust count value of 0. It uses the default value (2) instead of the configured value. [PR/520252: This issue has been resolved.]
    • The new NSR master may not send the OSPF hello messages immediately after a switchover. [PR/522036: This issue has been resolved.]
    • After a graceful restart, the forwarding state of both provider edge routers might get stuck at the pruned state. However, traffic flow is not affected. [PR/522179: This issue has been resolved.]
    • When an l2circuit ID greater than 2,147,483,647 is configured, and l2circuit tracing is enabled using the set protocols l2circuit traceoptions command, some of the trace messages provide the wrong value (a negative number) for the virtual circuit ID. [PR/523492: This issue has been resolved.]
    • The tag_encoder is unable to handle attempts to stack EXPLICIT_V6_ NULL (label 2) over an existing stack with label 2 on top. Additionally, the BGP module does not send label 2 when readvertising a prefix from an inet6 unicast session to a inet6 labeled-unicast session. [PR/523824: This issue has been resolved.]
    • On TX Matrix routers, the router can drop the PIM hello messages before a join is triggered by the neighbor. This can cause multicast traffic to be dropped before the next periodic join. [PR/529408: This issue has been resolved.]
    • When the labeled-unicast inet6 route is reflected by route reflectors, the label might be set to explicit-null. [PR/534150: This issue has been resolved.]

    Services Applications

    • A performance-related issue may occur when the IDP plug-in is enabled. The connection per second for HTTP (64 bytes) with AACL, AI, and IDP (with Recommended Attacks group) plug-ins has been downgraded to 7.6K through 7.9K per second. [PR/476162: This issue has been resolved.]
    • The IPv6 gateway may have a NULL value when the destination address points to an aggregated next hop. [PR/516058: This issue has been resolved.]
    • NAT over FTP fails when it receives a SERVER 227 code string "Entering passive mode" in lowercase. [PR/522029: This issue has been resolved.]

    Subscriber Access Management

    • BFD sessions and other protocol adjacencies configured with low hello or dead timers over an aggregate or IRB interfaces might flap upon configuration commit when the dhcp-local-server or dhcp-relay is used. [PR/507428: This issue has been resolved.]

    User Interface and Configuration

    • Users who have superuser privileges will sometimes have their access restricted to view permission only when they log in through TACACS. [PR/388053: This issue has been resolved.]
    • If the time zone is set to “Europe/Berlin,” the command commit at "time-string" will fail. [PR/483273: This issue has been resolved.]
    • The group inherited configuration under the interface-range hierarchy level does not take effect. [PR/522872: This issue has been resolved.]
    • Navigation from Monitor RIP Information page to the Route Information page fails with errors. [PR/536255: This issue has been resolved.]

    VPNs

    • While upgrading JUNOS Software with l2circuit configuration underthe logical systems, the validation might fail with an "interface version mismatch" error. You can ignore this error and upgrade the JUNOS Software using the no-validate option. [PR/497190: This issue has been resolved.]
    • The routing protocol process crashes repeatedly on the new master, a few minutes after a graceful Routing Engine switchover (GRES). [PR/527465: This issue has been resolved.]

    Published: 2010-09-28