[Contents][Prev][Next][Report an Error]
Current Software Release
The current software release is Release 9.0R4. For information
about obtaining the software packages, see M-series, MX-series, and T-series Upgrade and Downgrade Instructions or J-series Services Routers Upgrade and Downgrade Instructions, depending on your
router platform.
Resolved Issues
Platform and Infrastructure
- When you issue the show system firmware command,
the “Current version” field does not show the correct
version of the service PICs. [PR/64918: This issue has been resolved.]
- When a packet’s outer label is set to explicit null
and the S bit is not set, the LSP ping command does not work.
The JUNOS software does not comply with RFC 4182, Removing
a Restriction on the use of MPLS Explicit NULL. [PR/74963]
- If you configure a policer for BGP traffic and a new BGP
neighbor is added, it might cause other established BGP sessions to
flap. [PR/80599: This issue has been resolved.]
- If you configure a large number of MD5 authentication
keys for BGP sessions, and then deactivate and reactivate the keys,
the router might generate a commit error and MD5 authentication might
not be applied on some of the BGP sessions. [PR/238960: This issue
has been resolved.]
- When irb is configured, the MX:ICHIP LOG Error message:
“I-chip 4 invalid - ichip_get_handle” accompanied by an
irb ifd/ifl number such as in the following example is a cosmetic
issue. [“Nov 2 22:05:33.614 LOG: Err] ICHIP: I-chip 4 invalid
- ichip_get_handle”. [“Nov 2 22:05:33.614 LOG: Err] ifd(129):
irb; ifl(91)”. No workaround for the issue. [PR/259472: This
issue has been resolved.]
- When you configure aggregated interfaces as core-facing
links, translational cross-connect (TCC) might not work properly.
[PR/267867: This issue has been resolved.]
- When you configure the mirror-flash-on-disk statement
at the [edit system] hierarchy level, the functionality does
not work properly. [PR/268474: This issue has been resolved.]
- When you partition the hard drive after upgrading the
compact flash, the partition sizes in some cases received slightly
incorrect values as a result of bsdlabel behavior. This prevented
mirror-flash-on-disk from working properly. [PR/270154: This issue
has been resolved.]
- On M120, M320, and MX960 routers, when you configure override
input packet classification, the feature might not work. [PR/271660:
This issue has been resolved.]
- On MX-series Ethernet Services routers, if the label-switched
interface (LSI) is enabled for an xe member link that is part of an
aggregated Ethernet (ae) interface, the xe interface statistics are
counted twice. [PR/274396: This issue has been resolved.]
- On a Routing Engine of type RE-3.0 (as reported by the show chassis hardware command) with a 1-GB compact flash card,
issuing the request system snapshot command might corrupt
one or more JUNOS package files in the /altroot/packages directory.
[PR/291295: This issue has been resolved.]
- In an environment with many active multicast routes and
one or more aggregated interfaces as downstream interface, when an
aggregated interfaces flaps or an FPC containing an aggregated interface
restarts, the kernel might restart unexpectedly. This issue is seen
in networks with greater than 1000 multicast routes. The chance of
kernel restarts increases as the number of multicast routes increases
or the number of downstream aggregated interfaces increases. [PR/292521:
This issue has been resolved.]
- If a small form-factor pluggable transceiver (SFP) does
not respond to a request for diagnostic data, a message is written
to the system log. The message is unnecessary because the failure
to respond has no operational impact. [PR/293212: This issue has been
resolved.]
- When you take offline a T640 routing node that has an
aggregated Ethernet member link, multicast traffic does not detour
to another link. [PR/294732: This issue has been resolved.]
- When a Multilink Point-to-Point Protocol (MLPPP) link
is incorrectly added to a Multilink Frame Relay (MLFR) bundle, the
kernel resets unexpectedly. [PR/294885: This issue has been resolved.]
- When an AS or MS PIC is configured as the tunnel interface,
IPv6 multicast does not work over IP. The Tunnel PIC does not have
this problem. [PR/296352: This issue has been resolved.]
- An MPLS frame with an explicit NULL label designated for
the Routing Engine might be dropped by the Packet Forwarding Engine.
[PR/298967: This issue has been resolved.]
- For individual T1 links in an MLPPP bundle, the counts
of input bytes and input packets are not reported correctly in the Traffic statistics section of the output from the monitor interface t1-fpc/pic/port command. [PR/299688: This issue has
been resolved.]
- On MX-series routers, VLAN mapping over Ethernet CCC interface
switching causes IS-IS to drop packets. [PR/300163: This issue has
been resolved.]
- On M320 and T-series routing platforms, when member links
of a Multilink Frame Relay bundle go down and come back up, an FPC
in which a Link Services Queuing (LSQ) PIC is installed might stop
forwarding traffic and need to be rebooted. As a workaround, install
the PICs with the member links and the LSQ PIC in the same FPC. [PR/300331:
This issue has been resolved.]
- When you configure an unnumbered interface to borrow from
a loopback or non-Ethernet interface and also configure unrestricted
proxy ARP on the unnumbered interface, the incoming proxy-ARP requests
are dropped. As a workaround, configure the unnumbered interface to
borrow from any Ethernet interface. [PR/301101: This issue has been
resolved.]
- Enabling traceoption with certain trace levels for DHCP
may cause the DHCP process to core. [PR/301102: This issue has been
resolved.]
- When you configure a static route on an unnumbered link,
it causes the router to reset; even rebooting does not help. You must
remove the static route configuration to restore stability to the
router. [PR/301732: This issue has been resolved.]
- When you configure Connectionless Network Service (CLNS)
on an lt interface, the source MAC address becomes corrupted. [PR/304323:
This issue has been resolved.]
- The maximum number of active security services flows on
a J-series Services Router for each platform and memory allotment
is as follows:
- J2320 router with 512 MB - 20,000 flows
- J2320 router with 1 GB - 45,000 flows
- J2350 router with 512 MB - 30,000 flows
- J2350 router with 1 GB - 50,000 flows
- J4300 router with 512 MB - 20,000 flows
- J4300 router with 1 GB - 45,000 flows
- J6300 router with 512 MB - 20,000 flows
- J6300 router with 1 GB - 45,000 flows
- J4350 router with 512 MB - 40,000 flows
- J4350 router with 1 GB - 60,000 flows
- J6350 router with 512 MB - 40,000 flows
- J6350 router with 1 GB - 65,000 flows
- J6350 router with 2 GB - 75,000 flows
These are the system maximum values. If you configure
max-flows for a service set, the other service sets share whatever
is left from the system maximum value. The sum of the max-flows values
for individual service sets cannot exceed the global maximum value.
If the configured total exceeds this value, the max-flows value for
the last configured service set is truncated and a warning message
is logged. [PR/305350: This issue has been resolved.]
- When EXP rewrite is configured on aggregated Ethernet
interfaces, EXP rewrite might not work for IPv6 and VPNv6. [PR/306552:
This issue has been resolved.]
- The system reports that it is booted of alternate media
when mirror-flash-on-disk is enabled. [PR/311768: This issue has been
resolved.]
- When two BGP peers are configured to use MD5 authentication
and you issue the clear bgp neighbor command on one peer,
the following message might be written to the system log on the other
peer: "tcp_auth_ok: Packet from <address>:<identifier> missing
MD5 digest." Traffic forwarding is not affected. [PR/312680: This
issue has been resolved.]
- Hard disk crashes result in the compact flash being removed
from the boot list instead of the hard disk. Depending on the exact
hard drive failure, this could cause the Routing Engine to be stuck
in a boot loop. [PR/389540: This issue has been resolved.]
- During hard drive failure recovery procedures, the JUNOS
kernel crashes and the router reboots. [PR/390306: This issue has
been resolved.]
- When graceful Routing Engine switchover (GRES) is enabled
on a fully loaded router, the router might crash. [PR/400267: This
issue has been resolved.]
User Interface and Configuration
- TACACS+ accounting start and stop requests are incompatible
with Cisco ACS. The fix is to include the no-cmd-attribute-value statement or the exclude-cmd-attribute statement at the
[edit system tacplus-options] hierarchy level. When the no-cmd-attribute statement is enabled, the JUNOS software sets
the value of the cmd attribute in TACACS+ accounting start
and stop requests to a null string. When the exclude-cmd-attribute statement is enabled, the JUNOS software excludes the cmd attribute from the TACACS+ accounting start and stop requests. The
statements support the logging of accounting requests correctly in
the Accounting log file; otherwise, the requests are logged in the
Administration log file. [PR/252472: This issue has been resolved.]
- In JUNOS Release 8.5 and later, an attempt to log in to
a router using SSH might fail with a "Could not chdir to home directory
: No such file or directory" error message. This problem might occur
when specific user account configuration is in place and the router
is configured to use the TACACS+ server for authentication. The issue
arises only if the TACACS+ server has been configured with a "local-user-name"
directive that specifies a nonexistent user. [PR/288116: This issue
has been resolved.]
- If the set of transient changes specified in a commit
script (enclosed by the transient-change tag) includes the
deactivation of a configuration statement, none of the transient changes
take effect. [PR/307352: This issue has been resolved.]
Interfaces and Chassis
- When you delete or deactivate an interface on a channelized
IQ PIC, the PIC might stop operating and generate a core file. [PR/102420:
This issue has been resolved.]
- If you include the compression-device statement
at the [edit interfaces at-fpc/pic/port unitlogical-unit-number] hierarchy level (that is, on an ATM interface), the JUNOS
kernel might generate a core file and restart. [PR/265542: This issue
has been resolved.]
- On a router configured for graceful Routing Engine switchover
(GRES), if the backup Routing Engine is running JUNOS Release 8.1
or later and the master Routing Engine is running JUNOS Release 8.0
or earlier, updates might not be made to the forwarding table. [PR/273492:
This issue has been resolved.]
- On the M320, a signal integrity issue in old clocking
hardware might generate inaccurate alarms and errors when the actual
clock is working perfectly. This behavior has no operational impact
and has been fixed in later releases. [PR/275308: This issue has been
resolved.]
- When member links are configured to be part of a RLSQ
MLPPP bundle, while the RLSQ interface is yet to be configured, “error
;BAD_PAGE_FAULT”; is reported by the kernel if the monitoring
interface command is executed on this RSLQ logical interface.
[PR/277689: This issue has been resolved.]
- In JUNOS Release 9.0 and later, the monitor interface interface name command output is missing some information.
[PR/296131: This issue has been resolved.]
- Transit IPSec AH or ESP packets may drop when traversing
an sp-interface as bypass traffic. [PR/300471: This issue has been
resolved.]
- When a Routing Engine switchover takes place, the kernel
might generate a core file. [PR/301327: This issue has been resolved.]
- On a router without redundant Routing Engines (such as
the M7i router), if the Routing Engine restarts, the router might
stop forwarding packets. As a workaround on the M7i router, issue
the request chassis cfeb restart command. [PR/301788: This
issue has been resolved.]
- On a Gigabit Ethernet IQ2 PIC with SFPs, if a logical
interface is configured for VRRP, the values in the Traffic statistics section of the output from the show interfaces ge-fpc/pic/port extensive command might not be accurate. [PR/303151: This
issue has been resolved.]
- When there was a change in VRRP priority or tracking information,
it caused the state machine to reset. As a result, VRRP went through
an idle-backup-master transition. With the fix, the reset is avoided
and VRRP continues to be the master/backup. [PR/303701: This issue
has been resolved.]
- When the links of an RLSQ bundle are not configured at
the remote site and a Routing Engine switchover is performed followed
by taking a primary or secondary LSQ PIC offline, the backup Routing
Engine might reset. [PR/306667: This issue has been resolved.]
- An error message, "DCD_RCP_RE_FAILURE” is incorrectly
sent when a check is made for redundant Routing Engines and there
is only one Routing Engine in the router. [PR/309043: This issue
has been resolved.]
- The 1-port ATM2 OC48/STM12 IQ PIC might generate an RDI-P
error when it receives a packet in which the bits corresponding to
the enhanced path-RDI encoding of the G1 path overhead byte are set,
even if the formal path-RDI bit within the G1 path overhead byte is
not set. [PR/309929: This issue has been resolved.]
- Input packet counters do not increment for IPSec packets
on an AS or MultiServices PIC (sp interface) over a multilink bundle.
[PR/314456: This issue has been resolved.]
- On MX-series routers, access ports configured for VSTP
(the interface interface-name statement
corresponding to the port is included at the [edit protocols vstp] hierarchy level) might not interoperate properly with other vendors'
switches. [PR/390026: This issue has been resolved.]
Services Applications
- When you explicitly configure forward and backward rules
for a NAT service set, an ICMP fragmentation-needed message is not
sent and the traffic is dropped without notification. If the backward
rule is not configured and is left implicit, this problem is not seen.
An explicit backward rule causes the ICMP error packet to be handled
as a new flow. As a workaround, do not explicitly configure backward
rules unless they are absolutely necessary. [PR/238215: This issue
has been resolved.]
- After a routing instance with an RLSQ bundle is deactivated
and activated and then the primary MS PIC is offlined and brought
back online, a Routing Engine switchover might result in a kernel
database connection error. [PR/292950: This issue has been resolved.]
- If Network Address Port Translation (NAPT) is configured
and multiple short-lived flows are established, ports on MS PICs might
not be assigned correctly. In some cases, this situation causes the
MS PIC to stop functioning.
If Network Address Port Translation (NAPT) is configured and
multiple short-lived flows are established, ports on MS PICs might
not be assigned correctly. In some cases, this situation causes the
MS PIC to stop functioning. [PR/300553 and PR/304088: These issues
have been resolved.]
- When a PPP session on a dedicated interface is terminated,
associated static routes might remain in the routing table. [PR/309771:
This issue has been resolved.]
Routing Protocols
- When you enable PIM on an unnumbered Ethernet interface,
the routing protocol process (rpd) might restart as a result of an
address error. [PR/295377: This issue has been resolved.]
- When an IPv6 duplicate address is detected, the interface
stops forwarding but ISIS and OSPF3 continue to announce the interface
as a valid route. However, the address is unreachable and all traffic
destined to or through the interface is dropped. [PR/296740: This
issue has been resolved.]
- MVPN type 5 routes may be deleted on MSDP speakers while
sources are still active, potentially leading to MVPN traffic disruption.
[PR/298338: This issue has been resolved.]
- When you configure a policy that causes BGP to advertise
static routes that lead to unnumbered interfaces, the routing protocol
process (rpd) might generate a core file. [PR/308465: This issue has
been resolved.]
- If a BGP notification message has an invalid value for
the length of the next-hop network address field in the MP_REACH_NLRI
attribute, the JUNOS software sends error code 3, subcode 1 ("Malformed
Attribute List"), instead of the code specified by RFC 2858, which
is code 3, subcode 9 ("Optional Attribute Error"). [PR/308628: This
issue has been resolved.]
- When a PE router receives an external LSA of type 7 (NSSA)
that has a matching VPN tag or has the DN (down) bit set, it still
includes the advertised route in its OSPF route calculation. According
to RFC 4576, it must ignore such routes. [PR/391733: This issue has
been resolved.]
MPLS Applications
- If an ingress LSP detects a routing loop (reported as
“Routing loop detected number times”
in the output from the show mpls lsp name lsp-name extensive command), it might stop handling traffic. [PR/293686:
This issue has been resolved.]
- When an interface is cycling up and down a large number
of times and LSPs with secondary paths are configured, the label-switched
path might become stuck on the current active secondary path for a
maximum of 30 seconds, resulting in packet loss. [PR/295920: This
issue has been resolved.]
- The autobandwidth adjustment intervals for label-switched
paths (LSPs) do not conform to the configured values. [PR/297771:
This issue has been resolved.]
- When a CCC comes back up after an interruption of network
connectivity, the MPLS routing table does not record the label change
for CCC appropriately, and traffic is not sent through the CCC connection.
[PR/306043: This issue has been resolved.]
- When you issue the traceroute mpls ldp command,
the MPLS OAM process (mplsoamd) might generate a core file. [PR/307732:
This issue has been resolved.]
- If an IP address is configured as both a direct LDP neighbor
and a targeted LDP neighbor, and an LDP session with the neighbor
repeatedly goes down and comes up again, the routing protocol process
(rpd) might generate a core file and stop operating. [PR/308178: This
issue has been resolved.]
- If there is a single hop to an LDP neighbor and the source
address of the received LDP Link Hello address is the same as the
LDP Targeted Hello source address, when the LDP link neighbor and
target LDP neighbor go down and come back up in a certain sequence,
the Layer 2 circuit connection might remain inactive (reported as
"VC-Dn" in the "St" field of the entry for the neighbor in the output
from the show l2circuit connections command). To return the
connection to the active state, issue the clear ldp neighbor address command. [PR/312672: This issue has been
resolved.]
VPNs
- The routing protocol process (rpd) might crash when the
pim rpf update runs while the system is trying to access the deleted
rpf or neighbor info. [PR/290849: This issue has been resolved.]
- When a mismatch notification is received in the interval
between queuing a mt-interface delete request and the interface being
deleted, RPD crashes while trying access mt-ifl pointers. [PR/294693:
This issue has been resolved.]
- When thetunnel-services statement is configured
at the [edit routing-instance instance protocols
vpls] hierarchy level and a VPLS interface is configured with
an MTU, a virtual tunnel interface might flap due to unrelated configuration
changes. As a workaround, remove the tunnel-service statement
in the routing instance configuration. [PR/297141: This issue has
been resolved.]
- When implementing VPLS in conjunction with Point-to-Multipoint
label-switched paths and provider-tunnel configuration, the VPLS connection(s)
will remain in a status of 'VC-Dn' in the following releases of JUNOS:
9.0, 9.1R1, and 9.1R2. In order to support this configuration, the
only current workaround is to downgrade to JUNOS 8.5R3 or earlier
release. [PR/297650: This issue has been resolved.]
Class of Service
- On J-series Services Routers, MLPPP bundles with congested
member links on which fragmentation is active might interfere with
other bundles within the same system and trigger high latency or packet
drops. As a possible workaround, configure the shaping rate on the
bundle with fragmentation enabled to avoid flow control from the member
link. [PR/281985: This issue has been resolved.]
- When the class-of-service routing-instances statement
is configured, you may see a cosd memory leak of approximately 1 Kilobyte
on each commit. As a workaround, deactivate the class-of-service
routing-instances statement in the configuration. [PR/285249:
This issue has been resolved.]
- When you delete CoS interface scheduler-map configurations,
the allocated IDs are not removed from the Packet Forwarding Engine.
As a result, when the new CoS interface configuration is applied,
a system log message shows no profile space available. [PR/292223:
This issue has been resolved.]
- M120 routing platforms configured with class-of-service
logged “ichip_get_handle” and “ichip_mq_unbind_red_profile_for_queue()”
errors when committing a configuration. These errors were cosmetic.
[PR/303006: This issue has been resolved.]
- Class-of-service daemon core dumps when a classifier with
medium-low or medium-high loss priority is assigned to a routing-instance.
[PR/311433: This issue has been resolved.]
Forwarding and Sampling
- Policer value does not change dynamically on changing
the shaping rate and the policer is still stuck at the initial value.
As a workaround, deactivate and activate the filter. [PR/286663: This
issue has been resolved.]
- When you include the route-accounting statement
at the [edit forwarding-options family inet6] hierarchy level,
the sampling process (sampled) might generate a core file. [PR/291455:
This issue has been resolved.]
- The backup Routing Engine was trying to download the firewall
filter configuration and was bailing out. [PR/293948: This issue
has been resolved.]
- Under some circumstances, when you add a prefix at the
[edit policy-options prefix-list list-name] hierarchy level, the commit operation might fail with one
of the following error messages: "Check-out failed for Firewall daemon
(/usr/sbin/dfwd) without details" or "configuration check-out failed."
[PR/305510: This issue has been resolved.]
- If you apply a prefix list with IPv4 addresses to an inet6
firewall filter, you will not be able to commit. However, there is
no such problem when you apply a prefix list with IPv6 addresses to
an inet filter. [PR/310299: This issue has been resolved.]
Network Management
- As a result of a Routing Engine Switchover, many processes
will get restarted. During this transient stage, SNMP agent process
(snmpd) may generate a syslog message ;”Header version mismatch;
SNMP_SMS_HDR_ERR: problem with hdr size (6) or msg size (0) message
in syslog”;. This issue is automatically corrected when the
switchover process completes, and there are no operational impact
afterwards. [PR/77668: This issue has been resolved.]
- When some PIC types are taken offline and brought back
online, an SNMP linkUp trap is not generated for some of the logical
interfaces. [PR/294667: This issue has been resolved.]
- The JUNOS software does not generate an SNMP linkDown
trap when an interface's state (represented by the ifOperStatus object)
changes from "up" to "lowerLayerDown." The trap is required by RFC
2863. [PR/297829: This issue has been resolved.]
- When you enable firewall counters for IPv4 and IPv6 traffic
on an interface (by including the count statement at the
[edit firewall family (inet | inet6) filter filter-name term term-name then] hierarchy level and
the filter filter-name statement at
the [edit interfaces interface-name unit logical-unit-number family (inet | inet6)] hierarchy
level), the show snmp mib walk jnxFWCounterByteCount command
might not display all of the counters. [PR/313194: This issue has
been resolved.]
Outstanding Issues
Software Installation and Upgrade
- For hard disks that were originally formatted by JUNOS
Release 4.4 or earlier, after you issue the request system snapshot
partition command, the router cannot boot from the hard disk.
As a workaround, issue the request system snapshot command
before upgrading. [PR/36742]
- When a hard disk is partitioned, the /var/empty directory
might not be created. As a result, the router does not accept SSH
connections. As a workaround, use the mkdir command to create
the /var/empty directory. [PR/290064]
- If the Routing Engine has 512 KB of RAM or less, issuing
the request system software add validate command with a jinstall
package for JUNOS Release 8.5 and later might cause the management
process (mgd) to generate a core file and the router to reboot. [
PR/312086]
Platform and Infrastructure
- When the Monitoring Services PIC is overloaded, the output
from the show services accounting flow-detail command might
freeze. [PR/32896]
- On T-series platforms, a Layer 2 maximum transmission
unit (MTU) check is not supported for MPLS packets exiting the routing
platform. [PR/46238]
- When you configure a source class usage (SCU) name with
an integer (for example, 100) and use this source class as a firewall
filter match condition, the class identifier might be misinterpreted
as an integer, which might cause the filter to disregard the match.
[PR/50247]
- If you configure several DNS servers by including the name-server statement at the [edit system] hierarchy
level, the JUNOS software uses only the first three configured DNS
servers. [PR/59172]
- On a Monitoring Services III PIC configured as a dynamic
flow capture (DFC) interface (dfc-fpc/pic/port), when you configure
the DFC interface as the next hop in a forwarding path, port-mirrored
packets might become corrupted. [PR/60799]
- If you configure 11 or more logical interfaces in a single
VPLS instance, VPLS statistics might not be reported correctly. [PR/65496]
- If you see warnings like the following: "Warning: Block size
restricts cylinders per group to xx," you can safely ignore them.
This type of message indicates the maximum number of cylinders per
cylinder group as determined by various other parameters. This warning
message no longer appears in JUNOS Release 8.5 and later. [PR/65917]
- In a routing matrix configured for graceful Routing Engine
switchover (GRES), when the master Routing Engine of a T640 routing
node (line-card chassis, or LCC) enters debug mode, it does not release
mastership. [PR/66308]
- A physical interface is not added into an aggregate bundle,
after a misconfiguration on the aggregate, even if the misconfiguration
is corrected. [PR/69348]
- The interface and interface-set match criteria in a firewall
do not apply correctly for packets with local destinations. [PR/69648]
- When a large number of kernel system log messages are
generated, the log information might become garbled and the severity
level could change. This behavior has no operational impact. [PR/71427]
- On M320 and T-series routing platforms, a process monitors
FPCs while they transition to an online state. If an FPC is busy and
cannot complete the transition within the time limit, the process
might time out and prevent the FPC from coming online. [PR/72364]
- If you configure the same IPv6 address on the fxp0 interface and another public interface within the same routing instance,
the backup Routing Engine might restart. [PR/72573]
- On M320 and T-series routing platforms, when you configure
the local gateway of an IPSec tunnel in a routing instance, IPSec
might not function properly over a generic routing encapsulation (GRE)
tunnel. [PR/73864]
- In the situation where a Link Services (LS) interface
to a CE router appears in the VPN routing and forwarding table (VRF
table) and if fragmentation is required, Internet Control Message
Protocol (ICMP) cannot be forwarded out of the LS interface from a
remote PE router that is in the VRF table. As a workaround, include
the vrf-table-label statement in the configuration. [PR/75361]
- For J-series Services Routers, if you send a real-time
performance monitoring (RPM) probe through an IPSec tunnel and the
probe includes the hardware-timestamp statement at the [edit services rpm probe owner-name test test-name] hierarchy level, RPM icmp-ping type probes might not work. [PR/75927]
- When you configure the router to log activity with a firewall
filter or perform Routing Engine-based sampling, and heavy traffic
passes through the router, the following error message might be displayed:
“PKTR DMA age error cell counter incremented.” The error
indicates that there might be some packet loss in firewall filter
logging or Routing Engine-based sampling. However, transit traffic
is not affected. [PR/78712]
- On M160 and M40e routers, a hardware error on the Switch Fabric
Module (SFM) might cause the board to reboot. [PR/79236]
- On the T-series routing platform, when you include the no-labels statement at the [edit forwarding-options hash-key
family mpls] hierarchy level, the statement is added to the configuration;
however, MPLS labels are still included in the hash key. [PR/80334]
- On Fast Ethernet and Gigabit Ethernet PICs, LACP is not
supported on an aggregated Ethernet interface that is configured with
either extended-vlan-vpls encapsulation or ethernet-vpls encapsulation. As a workaround, use vlan-vpls encapsulation
on the aggregated Ethernet interface. This limitation does not apply
to aggregated Ethernet interfaces configured on Gigabit Ethernet
IQ2 PICs. [PR/94480]
- A firewall filter that matches the forwarding class of
incoming packets (that is, includes the forwarding-class class-name statement at the [edit firewall filter filter-name term term-name from] hierarchy level) might incorrectly discard traffic destined for
the Routing Engine. Transit traffic is handled correctly. [PR/97722]
- On J-series Services Routers, you cannot use a USB device
that provides U3 features (such as the U3 Titanium device from SanDisk
Corporation) as the media device during system boot. You must remove
the U3 support before using the device as a boot medium. For the U3
Titanium device, you can use the U3 Launchpad Removal Tool on a Windows-based
system to remove the U3 features. The tool is available for download
at http://www.sandisk.com/Retail/Default.aspx?CatID=1415. (To restore the U3 features, you can use the U3 Launchpad Installer
Tool accessible at http://www.sandisk.com/Retail/Default.aspx?CatID=1411.) [PR/102645]
- Juniper Networks does not currently support dynamic ARP
resolution on Ethernet interfaces that are designated for port mirroring.
This causes the Packet Forwarding Engine to drop mirrored packets.
As a workaround, you can configure the next-hop address as a static
ARP entry by including arp ip-address statement at the [edit interfaces interface-name] hierarchy level. [PR/237107]
- When you issue the request system power-on other-routing-engine command, an MX960 Routing Engine does not power on after it has
been powered off in response to the request system power-off other-routing-engine command. [PR/253061]
- When multiple interrupts occur at the same time and there
is common interrupt handler for all of them, an "unknown jbus interrupt"
syslog event is reported even though there are no problems with the
system. You can safely ignore this error message. [PR/253098]
- The IP Option Errors section in the output from the show
pfe statistics ip options command does not include counters for
all possible types of errors. [PR/254653]
- The router's address-assignment pool support enables you
to create a named address range that is based on a specific DHCP option
82 value (either circuit-id or remote-id). However, when a client
request is received, the router ignores the specified option 82 value
and instead uses the first named range of addresses in the address-assignment
pool. [PR/263077]
- On T640, T320, and M320 routers, if you take an FPC offline
during an ISSU boot, other FPCs in the router might crash. This happens
when transit traffic is flowing from the other FPCs towards the offline
FPC. [PR/268294]
- On an M20 router, when you include the route-accounting statement at the [edit forwarding-options family inet6]
hierarchy level, the following message might appear in the system
log: "Error requesting SET BOOLEAN, illegal setting 32." The software
is in fact functioning correctly. [PR/273762]
- On a J-series router configured to capture packets, certain
conditions might trigger messages similar to the following: “Apr
7 15:00:07 lhotse fwdd[2911]: ipc_msg_write: IPC message type: 13,
subtype: 4 exceeds MTU, mtu 1550, length 1552,” Apr 7 15:00:07
lhotse fwdd[2911]: ipc_msg_write: IPC message type: 13, subtype:
4 exceeds MTU, mtu 1550, length 1556,” Apr 7 15:00:09 lhotse
fwdd[2911]: ipc_msg_write: IPC message type: 13, subtype: 4 exceeds
MTU, mtu 1550, length 1552”. These messages indicate that some
packets might not have been captured as expected. There is no impact
on traffic passing though the router. [PR/285242]
- The show bchip 0 reg CFEB command delays Routing Engine
traffic which could result in BFD or other low latency protocols to
time out. [PR/292828]
- When you have the validate option configured,
a software upgrade might fail. [PR/307212]
- During general Routing Engine switchover (GRES), because
indirect next hops cannot be deleted by the backup Routing Engine
during resynchronization, the resynchronization might fail and the show system switchover command might display the “Connection
error, Initialize error” message in the Kernel database field.
[PR/307501]
- When a PE router receives a PIM Join message from a CE
router and the source for the required multicast data is another directly
connected CE router, the attempt to create a flood next hop might
initially fail. Messages including the following are written to the
system log: "NH: Failed to install flood nexthop: <index>." The
next hop is eventually installed, so there is no operational impact.
[PR/307579]
- When a member link of an aggregate interface goes down
and comes back up and new forwarding information is installed during
that change-in-status period, traffic might be lost. [PR/392550]
User Interface and Configuration
- On M20 routers, after a Routing Engine mastership switchover,
it might not be possible to enter CLI configuration mode on the new
master Routing Engine. Also, the request system reboot and request system halt commands do not clearly fail but do not
return the CLI prompt either. [PR/64899]
- In the J-Web configuration editor, when you select System >
Syslog > File > "filename" > Explicit priority, the J-Web Event Viewer
does not show the event ID. When you select System > Syslog > Time
format > milliseconds, the J-Web Event Viewer does not filter messages.
[PR/70523]
- A user cannot log in to the J-Web client through RADIUS or TACACS
authentication if the user profile already has authorization parameters
specified on the server side. As a workaround, ensure that the user
profile parameters are not specified or are set with empty values
on the server. [PR/94445]
- The logical router administrator can modify and delete
master administrator only configurations by performing local operations
such as issuing the load override, load replace,
and load update commands. [PR/238991
- On a TX Matrix platform, when you issue the reboot, halt, power-off commands with the other-routing-engine option included from the switch-card chassis (SCC) for a line-card
chassis (LCC), the required action is incorrectly performed on the
SCC instead of the LCC. As a workaround, issue these commands from
the LCC. [PR/241274]
- When an M-series or T-series router is upgraded from JUNOS
to JUNOS-FIPS, the request system snapshot command does not
work. As a workaround, issue a request system snapshot force-fmt command from the shell. This issue is not present for upgrades from
an older version of JUNOS-FIPS to a newer version of JUNOS-FIPS. [PR/252640]
- Executing a commit script during a commit operation causes the
commit operation to stop responding. [PR/255430]
- When you are working in private configuration mode and
try to commit a configuration that includes a comment about an inactive
configuration statement, the commit operation fails with the message
"syntax error". [PR/270160]
- Under certain conditions, use of the show | compare command might cause the management process (mgd) to dump core. [PR/281705]
- Sometimes, depending on the configuration, key administration
might fail to see an MD5 key configured for a BGP peer as part of
a group configuration. [PR/283238]
- In the output from the configuration mode show | compare command, the banner might be the parent level of the current hierarchy
level instead of the current level itself. For example, when the current
hierarchy level is [edit interfaces fe-1/1/1], the banner
in the output reads "[edit interfaces]," but the additions
and deletions are reported with respect to the [edit interfaces
fe-1/1/1] level. [PR/291574]
- The replace command removed quotation marks placed
around policy algebra expressions. [PR/294344]
- In the J-Web chassis view, the 10-port Channelized E1
IQ PIC is shown with an incorrect interface position, although the
interface index is correct. [PR/294957]
- Use of system log regular expressions to refine the logged messages
does not work properly. [PR/295523]
- Under the following conditions, the commit operation might
fail with the syntax error "inactive: group <group-name> { ...
}": (a) you use the configure private command to enter configuration
mode, (b) a BGP group is deactivated, and (c) you change another BGP
group's name. As a workaround, use the configure command
to enter configuration mode. [PR/300917]
- When TACACS+ authentication is configured and a user tries
to log in to the router over an SSH or FTP connection, the JUNOS software
does not include the remote user address in the authentication request
packet sent to the TACACS+ server. [PR/301927]
- The file /var/db/feature.db is being
read from and written to every 60 seconds. As a workaround create
the directory /config/license with the root user.
[PR/308466]
Interfaces and Chassis
- On aggregated SONET/SDH interfaces, the counter for drops
and errors in the show interfaces command output does not
display the correct value, because the counter does not collect data
from the constituent interfaces within the aggregate. [PR/23577]
- On ATM interfaces, when the IP address of a remote device
is changed, the output of the show ilmi interface command
on the local routing platform might continue to display the old IP
address for the remote device. [PR/24126]
- On channelized E1 interfaces, you might be able to configure
clocking on ds-fpc/pic/port:n interfaces,
where n is not unit 0. This is an invalid
configuration and might cause a clocking selection problem on the
other channels. [PR/24722]
- On a 2-port OC12 ATM2 IQ interface, the total virtual
path (VP) downtime might not appear correctly in the show interfaces command output. [PR/27128]
- If you repeatedly issue the show interfaces diagnostics
optics ge-fpc/pic/port command, the output might differ each time even
though there is no actual change in the interface status. [PR/259079]
- On a 10-Gigabit Ethernet IQ2 PIC (xe) interface, when the RX
fiber is slowly disconnected and reconnected, and you issue the show interfaces extensive command multiple times, the output
shows the physical link is up but the traffic statistics do not increment.
This is because the interface does not accept traffic. As a workaround,
take the PIC offline and back online. [PR/269206]
- On a 2-port OC12 ATM2 IQ interface, if you configure and
then change the virtual path (VP) setting, the SNMP jnxAtmVpTotalDownTime counter might be reset. [PR/27131]
- On an OC3 ATM2 intelligent queuing (IQ) interface, when
you configure a shaping rate greater than the speed of the OC3 link
and commit the configuration, the actual shaping rate might be less
than the interface speed. [PR/27459]
- On the ATM2 IQ PIC, when you configure the atm-l2circuit-mode statement at the [edit chassis fpc slot-number pic pic-number] hierarchy level, the control
word sequence number is not reset to 1 after the transmit sequence
number reaches 65,535. [PR/31669]
- On M20 and M40 routers, when a physical layer problem
affects a SONET/SDH interface, carrier transition statistics might
not increment correctly in the output of the show extensive interfaces command. [PR/33325]
- When you configure both the bundle link and constituent
links at the [edit logical-routers logical-router-name interfaces] hierarchy level, the constituent links do not come
up. As a workaround, configure the constituent links at the [edit
interfaces] hierarchy level. [PR/35578]
- On ATM2 DS3 and E3 interfaces, when you configure ATM
point-to-multipoint permanent virtual circuits (PVCs), the following
error messages might appear in the system log: “/kernel: RT_COS:
COS IPC op 4 (CLASS TO IFL) failed, err 1 (Unknown),” “ssb
BCHIP 0: invalid entry type 127 at stream 8 channel 0 for ifl 83,”
and “ssb COSMAN: mapping table bind to ifl 83 failed.”
There is no operational impact. [PR/36524]
- When you apply an IPSec firewall filter to match traffic
sent across a generic routing encapsulation (GRE) tunnel and originating
from the local routing platform, the local traffic is dropped. Transient
traffic is not affected. [PR/44871]
- On channelized T3 interfaces, the T1 loopback state does not
reflect loopbacks set by facilities data link requests using the remote-loopback-respond statement at the [edit interfaces interface-name t1-options] hierarchy level. [PR/45837]
- On a Link Services PIC, the CLI might incorrectly allow
you to configure a logical tunnel interface (interface identifier lt); the resulting interface might not work correctly. [PR/49818]
- If an MLPPP LSQ bundle carries a large volume of link
fragmentation and interleaving (LFI) traffic and a small proportion
of multilink traffic, packets might be dropped on the egress constituent
links. [PR/56664]
- For ISDN dialer interfaces in a J-series Services Router,
when you configure the no-keepalives statement at the [edit interfaces dl0 unit logical-unit-number] hierarchy level and you issue the show interfaces dl0 command, the Link flags field might still show Keepalives. [PR/58520]
- If you disable an adaptive services interface by including
the disable statement at the [edit interfaces sp-fpc/pic/port] hierarchy level and then delete the disable statement
from the configuration, IPSec service is not reset correctly. As a
workaround, either issue the deactivate services command
followed by the activate services command, or issue the request chassis pic offline fpc-slot slot-number pic-slot pic-number command followed by
the request chassis pic online fpc-slot slot-number pic-slot pic-number command. [PR/58522]
- On an ISDN interface in a J-series Services Router, if you include
the vrf-table-label statement at the [edit routing-instances instance-name] hierarchy level, packets might be
dropped from the connection. [PR/59718]
- On an ISDN dialer interface in a J-series Services Router,
if you include the minimum-links statement at the [edit
interfaces dl0 unit logical-unit-number] hierarchy level and then deactivate the BRI interface associated
with the dialer interface, the output packets counter displayed in
the output of the show interfaces dl0 command might continue
to increment. [PR/59986]
- On an ISDN dialer interface in a J-series Services Router,
when you include the load-threshold 100 statement at the [edit interfaces dl0 unit logical-unit-number dialer-options] hierarchy level and the 56-Kbps bandwidth threshold
is exceeded, the interface does not support additional network traffic
and might not activate another BRI interface. [PR/60045]
- If you configure IS-IS, MPLS, and graceful Routing Engine
switchover (GRES) and a switchover event occurs, the routing platform
might end the PPP IP Control Protocol (IPCP) sessions and renegotiate
them if the remote side changed interface MTU settings before the
switchover event. [PR/61121]
- If you configure graceful Routing Engine switchover and
issue the request chassis routing-engine master acquire command,
in rare cases the master Routing Engine might fail to relinquish mastership,
or the switchover to the backup Routing Engine might take up to 360
seconds. [PR/61821]
- For Automatic Protection Switching (APS) on SONET/SDH
interfaces, there are no operational mode commands that display the
presence of APS mode mismatches. An APS mode mismatch occurs when
one side is configured to use bidirectional mode, and the other side
is configured to use unidirectional mode. [PR/65800]
- J4350 and J6350 Services Routers might not have enough
data buffers to meet expected delay-bandwidth requirements. Lack of
data buffers might degrade CoS performance with smaller-sized packets
(500 bytes or less). [PR/73054]
- The JUNOS software does not always correctly handle MTU settings
for individual protocol families, as configured by including the mtu statement at the [edit interfaces interface-name unit logical-unit-number family family-name] hierarchy level. Specifically: (1) If you explicitly set
the MTU to the default value and then remove the mtu statement,
the User-MTU flag in the output from the show interfaces command is not removed for the logical interface. (2) When you
remove the mtu statement for a nonnegotiable interface, the
MTU value is not reset to the default. (3) When you explicitly set
the mtu statement to the default value, the User-MTU flag might not be set correctly. [PR/77975]
- If you include the disable statement at the [edit interfaces interface-name] hierarchy
level to disable the ingress interface for a SONET link between two
routers that are not configured for APS or other link protection,
the egress interface might not be notified. This can cause traffic
loss. [PR/78831]
- On J4350 and J6350 Services Routers, if the MTU is set to more
than 6 KB for a built-in Gigabit Ethernet port or a 1-port Gigabit
Ethernet ePIM, packets might be discarded with an FCS error. [PR/82245]
- If you ping a nonexistent IPv6 address that belongs to
the same subnet as an existing point-to-point link, the packet loops
between the two point-to-point interfaces until the time to live expires.
[PR/94954]
- When interchassis Automatic Protection Switching (APS)
is configured with channelized OC12 PICs and the working circuit fails,
it takes longer than expected to fail over to the protect circuit.
[PR/98488]
- The output of the show interfaces diagnostics optics command includes the Laser rx power low alarm field even
if the transceiver is a type (such as XENPAK) that does not support
this alarm. [PR/103444]
- On channelized DS3 interfaces, when a logical unit is configured
with Multilink Frame Relay encapsulation (mlfr-end-to-end) and frame-relay-ppp
encapsulation is configured on the next numerically higher logical
unit, the commit will fail. As a workaround, configure frame-relay-ppp
encapsulation on a numerically smaller logical unit, before a logical
unit with MLFR encapsulation. [PR/229071]
- When you issue a show chassis ether-switch statistics command while redundancy is enabled, there is a loss of communication
between the two redundant Routing Engines for about 2 seconds. [PR/233779]
- On a serial interface transmitting either 64–byte
or 128–byte packets, the effective bandwidth falls when the
interface is highly oversubscribed. [PR/235753]
- On MX, M320, and T-series platforms, statistics may disappear
when the Packet Forwarding Engine and the Flexible PIC Concentrators
(FPCs) are taken offline. As a workaround, save the Packet Forwarding
Engine statistics in the kernel. [PR/240026]
- When a redundant power supply is removed from an M7i or M10i
router, the show chassis environment command correctly shows
the supply's status as Absent, but continues to display a
temperature for it. [PR/241055]
- If there are any configuration changes on an interface
when newly committed DLCIs are in the process of coming up, the DLCIs
are not active until the interface is reset or until the logical interfaces
are deactivated and activated. [PR/261501]
- On 1-port 10-Gigabit Ethernet XFP Uplink PICs and 1-port
10-Gigabit Ethernet XENPAK PICs, when the 10-Gigabit Ethernet port
is disabled through the CLI, the transmit laser is shut off correctly.
After this, if the XFP or XENPAK module is changed or reseated, the
transmit laser is turned on, even though the port is disabled. [PR/267308]
- If you configure more than 50 track routes (any combination
of IPv4 and IPv6 routes) by including the track statement
at the [edit interfaces interface-name unit logical-unit-number family (inet | inet6) address address (vrrp-group | vrrp-inet6-group) group-id] hierarchy level, the VRRP software might not correctly update
route information when the status of routes changes. [PR/267769]
- On ATM1 PICs, the effective shaping rate is 4.5 percent
slower than expected, because of a software rate conversion error.
[PR/268763]
- On a router with Frame Relay multilink configured on an
MS 400 PIC or on a channelized DS3 PIC, when the minimum links value
for the Frame Relay interface is set to 8 and a link is deactivated
from the configuration, the link remains up. [PR/285244]
- When you issue the show interfaces diagnostics optics command and do not specify an interface name, the output is the
same as for the show interfaces command, instead of including
optic diagnostics. [PR/285978]
- The interface hold-timer might not work for channelized
subinterfaces. [PR/294654]
- The commit operation does not fail when the configuration
includes the following invalid combination of statements: the address
specified by the source or destination statement
at the [edit interfaces gr-fpc/pic/port unit logical-unit-number
tunnel] hierarchy level is the same as the interface's
own subnet address (as specified by the address statement
at the [edit interfaces gr-fpc/pic/port unit logical-unit-numberfamily family-name] hierarchy level). [PR/299443]
- For SONET/SDH interfaces, when the hold-time statement
is included at the [edit interfaces so-fpc/pic/port] hierarchy
level and you change the framing type from the default (SONET) to
SDH by including the framing sdh statement at the same hierarchy
level, the interface does not come up after the commit operation.
As a workaround, deactivate the hold-time statement before
changing the framing. [PR/306687]
- When a Fast Ethernet link is disabled, the remote end
may not detect the link as being down. [PR/307538]
- On M5, M10, M20, and M40 routers, when you issue an SNMP
query for alarm LED status (such as show snmp mib walk jnxLEDState), the message “FPM device not open” might be logged.
This is an erroneous message and can be ignored. [PR/313073]
- On an OC768-over-OC192 mode on the 4-port OC192c PIC,
when you change the clocking internal statement to clocking
external at the [edit interfaces interface-name] hierarch level, the clock may not come up. [PR/395847]
Services Applications
- The output of the show services nat pool command
displays duplicate entries for a single Network Address Translation
(NAT) pool. [PR/34678]
- The show services accounting flow-detail extensive command sometimes displays incorrect information about input and
output interfaces. [PR/40446]
- When you configure intrusion detection service (IDS) on
J-series platforms, including the threshold statement at
the [edit services ids rule rule-name term term-name then logging] hierarchy level has no effect.
[PR/46577]
- On Adaptive Services PICs configured for IPSec tunnel
redundancy, if there are a large number of tunnels, sometimes a few
of the tunnels might switch over to the backup tunnel. [PR/46733]
- On routing platforms configured for Internet Key Exchange
(IKE)-based IPSec, if a remote peer using other vendors’ equipment
does not renegotiate the IKE security association (SA) when it is
about to expire and continues to send dead peer detection (DPD) requests
on the same SA, the routing platform might not be able to reply to
these messages. [PR/47004]
- If the socket buffer becomes full on a remote router,
you cannot clear all the IPSec security associations (SAs) from the
router. [PR/55189]
- When a routing platform is configured for graceful Routing
Engine switchover and Adaptive Services (AS) PIC redundancy, and a
switchover to the backup Routing Engine occurs, the redundant services
interface (rsp-) always activates the primary services interface
(sp-), even if the secondary interface was active before
the switchover. [PR/59070]
- On Monitoring Services I and Monitoring Services II PICs,
if the export channel to the external cflowd collector is closed,
cflowd records might be lost. As a workaround, restart the PIC. [PR/59432]
- On Monitoring Services II PICs configured for flow collection
services, during memory overload conditions, the flow collector interface
might create files lacking cflowd records, and these files might not
be sent to the external FTP server. [PR/62599]
- When you modify a flow collection configuration and commit
the changes, the system log might contain error messages regarding
the commit operation. These messages do not affect the operation of
the router and can be ignored. [PR/64201]
- On J-series Services Routers, an SNMP query returns a
zero value for the data link switching (DLSw) MIB object dlswTConnTcpConfigKeepAliveInt even if you implement keepalives. [PR/70002]
- For Adaptive Services II PICs, even if you do not configure
flow collector services, a temporary file might be created every 15
minutes in the /var/log/flowc/ directory. The file is deleted
if there are no clients, and re-created only when a client connects
and attempts to write to the file. [PR/75515]
- The destination IP address assigned to a VP interface
can be a duplicate of the address assigned to another interface on
the router. This can cause issues with forwarding traffic appropriately
to the VP interface. [PR/75535]
- On J4350 and J6350 Services Routers, when you insert a
Telephony Gateway Module (TGM) 550 PIM and the PIM is in a reset state,
the router might not respond to any show chassis commands
for up to 5 seconds. [PR/78695]
- In BIOS configuration mode, pressing the F10 key to complete
a save and exit does not work as expected. The alternative to using
the F10 key is to use the Save and Exit option
from the Exit menu. Regardless of which J-series
image is loaded on the router, this issue can be seen on the J4350
and J6350 routers with BIOS Version 080011 and on the J2320 and J2350
routers with BIOS Version 080012. [PR/237721]
- The Clear NVRAM option in BIOS configuration mode does
not work as expected. Regardless of which J-series image is loaded
on the router, this issue can be seen on the J4350 and J6350 routers
with BIOS Version 080011 and on the J2320 and J2350 routers with BIOS
Version 080012. To help address this issue, you need to note any changes
you make to the BIOS configuration. This allows you to revert to the
default BIOS configuration when needed. [PR/237722]
- If the Juniper-Firewall-Attribute attribute in a RADIUS
server configuration file names a policer that sets a bandwidth limit
for Layer 2 Tunneling Protocol (L2TP) sessions but not an exclude-bandwidth
limit, the bandwidth limit might not be set correctly. [PR/254503]
- If a large number of BGP authentication sessions (for
example, 400) are configured in a VRF instance, the following message
is written to the system log when the configuration is committed:
"keyadmin[<pid>]: dump_assn: posting additional read." There is
no operational impact. [PR/295407]
General Routing
- LDP sessions might go down and remain in an inoperative
state for a long time (one indication is that the value OpenSent or Closing persists over time in the State: field
of the output from the show ldp session extensive command).
This problem occurs when BGP must evaluate a large number of AS paths
as required by the following configuration: (1) the value of each
of several as-path policy-name statements
at the [edit policy-options] hierarchy level is a regular
expression containing a large number of AS path index numbers, (2)
such policies are each specified as the value of a from as-path statement at the [edit policy-options policy-statement statement-name] hierarchy level (3), several such
policy statements are specified as values for the import statement
at the [edit protocols bgp] hierarchy level. [PR/229273]
- If the from clause in a policy refers to the
routing table used by a VPN routing and forwarding (VRF) instance,
and you change the route distinguisher for that VRF instance, the
routes in the routing table become unusable. In terms of configuration
statements, the routing table is the value of the rib statement
at the [edit policy-options policy-statement policy-name term term-name from] hierarchy level,
and the route distinguisher is defined by the route-distinguisher statement at the [edit routing-instances routing-instance-name] hierarchy level for the VRF instance. As a workaround, deactivate
the policy-statement statement temporarily while changing
the route distinguisher. [PR/254398]
Routing Protocols
- When you include the as-path atomic-aggregate statement at the [edit routing-options aggregate defaults as-path] hierarchy level to manually add the ATOMIC_AGGREGATE attribute on
a BGP AS path, the attribute is not added. [PR/2527]
- The CLI allows you to commit a configuration that specifies
a value higher than 32 for the metric statement at the [edit protocols dvmrp interface all] hierarchy level, but values
higher than 32 are invalid. [PR/33429]
- If a router receives a Pragmatic General Multicast (PGM)
Source Path Message (SPM), it does not create a forwarding cache,
nor does it forward the message to other routers as a heartbeat, as
specified in RFC 3208. Also, the router’s multicast cache might
time out if it does not receive actual PGM data (ODATA) for more than
6 minutes. As a workaround, configure the PGM source application to
send PGM ODATA at least once every 6 minutes. The ODATA acts as the
heartbeat message in lieu of the SPM messages and ensures that the
multicast and forwarding caches are created and updated. [PR/37504]
- The configurable range for the lsp-interval knob does
not match the values in the online documentation available via the help reference command. [PR/41613]
- The bgpM2PrefixInPrefixesAccepted MIB object counts only
the active routes; it should also count inactive routes that are eligible
to become active. [PR/41975]
- When you configure damping globally and use the import
policy to prevent damping for specific routes, and a new route is
received from a peer with the local interface address as the next
hop, the route is added to the routing table with default damping
parameters, even though the import policy has a nondefault setting.
As a result, damping settings do not change appropriately when the
route attributes change. [PR/51975]
- When a BGP group is configured without any peers, warning
messages no longer appear. [PR/63279]
- When you issue the show ldp traffic-statistics command, the following system log message might be generated for
all forwarding equivalence classes (FECs) with an ingress counter
set to zero: “send rnhstats GET: error: ENOENT -- Item not found.”
[PR/67647]
- If ICMP tunneling is enabled on the router and you configure
a new logical router that does not have ICMP tunneling enabled, the
feature is globally disabled. [PR/81884]
- When you specify a link-local interface for the interface statement at the [edit routing-options rib inet6.0 static route address/mask-length qualified-next-hop address] hierarchy level, the commit operation fails
with the message RT: next-hop <interface-name> is not point-to-point. [PR/99293]
- When the flow of multicast traffic changes because an OSPFv3
link goes down, the output from the show multicast statistics
inet6 command reports incorrect values in the In kbytes and In packets fields for the new ingress interface. [PR/234969]
- When you commit a new configuration for nonstop routing
(NSR) on a primary Routing Engine that differs from the configuration
for NSR that is already running on the backup Routing Engine, the
routing protocol process stops functioning on the backup Routing Engine
only. Traffic forwarding is not affected. [PR/254379]
- The address for the flow route is terminated at 348 characters.
It is a cosmetic issue and affects the flow route display in the show route command. [PR/273385]
- Disabling the PIM protocol with set protocols pim
disable can cause the router to stop operating until that statement
is removed. As a workaround, use deactivate protocols pim instead. [PR/274478]
- On a J-series router, when traffic is actively shaped,
Bidirectional Forwarding Detection (BFD) protocol sessions might flap.
[PR/293285]
- When you run the snmpwalk query for Multicast interfaces
in a routing instance, the logical interface might not appear in the
query. [PR/297470]
- Protocol Independent Multicast (PIM) might not work correctly
when NSR (nonstop routing) is enabled. Sometimes you might receive
the following error message: “cannot perform nh operation ADDANDGET
nhop (null) type indirect index 0 errno 22.” [PR/314279]
- When a BGP peer goes down directly after a session is
established, the hold timer expires after the configured interval
incorrectly, rather than after the negotiated interval. [PR/396823]
- The configuration of the ssm-groups statement
at the [edit routing-options multicast] hierarchy level does
not work for IPv6. There are no issues with IPv4. [PR/399352]
MPLS Applications
- If you configure a label-switched path (LSP) with the no-cspf statement at the [edit protocols mpls] hierarchy
level, the LSP might cycle up and down several times before stabilizing.
[PR/10415]
- If a circuit cross-connect (CCC) traverses a forwarding
adjacency (FA) label-switched path (LSP), traffic forwarding might
be affected. [PR/60088]
- RSVP graceful restart does not function for LSPs that
have a forwarding adjacency (FA) label-switched path (LSP) as a next
hop. [PR/60256]
- When you enable per-packet load balancing on parallel
label-switched paths (LSPs), the output of the show mpls lsp ingress command might display all the routes on only one of the LSPs even
when traffic is evenly balanced across the LSPs. [PR/70487]
- The show mpls lsp detail command does not display an
LSP's setup and hold priorities (the Priorities field is
omitted) if they are set to their default values, even if the defaults
are set explicitly at the [edit protocols mpls label-switched-path path-name priority] hierarchy level. As a workaround,
issue the show mpls lsp defaults command to display the priority
values. [PR/103128]
- An error in the Constrained Shortest Path First (CSPF)
software might cause the routing protocol process (rpd) to generate
a core file and stop operating. [PR/103777]
- In the output from the show mpls lsp command, the column
labeled ActivePath is about 16 characters wide. When the
name of an LSP path is longer than that, subsequent values on the
line do not align correctly with their headers. [PR/237229]
- When load-balance bandwidth is configured, the MPLS next-hop
with S=0 may have the balance coefficient set to 0. [PR/257570]
- When multiple (greater than 5) link-protected or node-link-protected
LSPs to the same destination are used with per-packet load balancing,
it is possible for some bypass next hops to not be part of the active
route. This can occur after a primary link flap. [PR/259219]
- When using CSPF and link protection, in some rare instances
the routing protocol process might restart. [PR/266126]
- After some types of network events (for example, when
an interface goes down and comes back up), LDP routes might be removed
incorrectly from the inet.3 routing table. As a workaround, restart
all LDP sessions. [PR/297144]
- Sometimes a traffic engineered label-switched path (LSP) remains
up when it should go down. [PR/300919]
VPNs
- When you modify the frame-relay-tcc statement
at the [edit interfaces interface-name unit logical-unit-number] hierarchy level of a Layer 2
VPN, the connection for the second logical interface might not come
up. As a workaround, restart the chassis process (chassisd) or reboot
the router. [PR/32763]
- When VPLS nonstop active routing is enabled and you modify the
VPLS instance (for example, change the instance type or its route
distinguisher), the routing process (rpd) might stop and the system
might produce a core dump. [PR/231234]
- Traffic might not flow when an ATM interface is used as
the access circuit on an M120 router. [PR/255160]
- Due to an incorrectly assumed hardware limitation, the
time-to-live (TTL) threshold value was incorrectly propagated. [PR/257497]
- When an LSP switches from a primary path to a bypass path,
Layer 2 circuits might flap, causing packet loss. [PR/309085]
Class of Service
- When you configure an ES PIC, a message similar to the
following might be written to the system log: “fpc0 LCHIP(3):
Unable to fathom what channel used by IFD id.”
There is no operational impact. [PR/36184]
- If you deactivate or activate an aggregated Ethernet interface,
the Packet Forwarding Engine might report errors. [PR/50090]
- When a logical tunnel (lt) interface is the outbound
interface, JUNOS software does not support the IEEE 802.1p rewrite
rule. [PR/55903]
- If you try to configure a scheduler map containing two
forwarding classes that are mapped to the same queue, the class-of-service
scheduler is not applied to the Packet Forwarding Engine. As a workaround,
configure a single forwarding class for each available queue. [PR/57907]
- On M-series routers connected by VLAN circuit cross-connects
(CCCs) and configured with class of service (CoS), when explicit forwarding
(EF) traffic is generated from the ingress customer edge router (CE1)
to the egress customer edge router (CE2), the ingress provider edge
router (PE1) properly marks the packets with default EXP bits and
sends the packets out queue 1, but the intermediary core router forwards
all traffic through queue 0 instead of sending it through the EF queue.
As a workaround, include the no-control-word statement at
any of the following hierarchy levels: [edit logical-routers logical-router-name protocols l2circuit neighbor address interface interface-name], [edit protocols l2circuit neighbor address interface interface-name], [edit logical-routers logical-router-name routing-instances routing-instance-name protocols l2vpn], or [edit routing-instances routing-instance-name protocols l2vpn]. [PR/65280]
- When you configure a specific classifier for a logical
unit, it does not override the fixed classifier configured using wildcards.
[PR/68888]
- If you configure CoS traffic control profiles on every
logical interface by using the * wildcard to represent the
interfaces, the configuration cannot be committed. In other words,
the commit fails if you include the input-traffic-control-profile and output-traffic-control-profile statements at the [edit class-of-services interfaces type-fpc/pic/port *] hierarchy level. [PR/100690]
- On M320 and T-series routing platforms, if you map multiple
forwarding classes to the same queue (specify the same value for the queue-num statement at the [edit class-of-service forwarding-classes
class class-name] level for multiple classes)
and then include the multiple classes in one scheduler map (by including
the forwarding-class statement for each one at the [edit
class-of-service scheduler-maps map-name] hierarchy level), the commit operation fails with the
message "Total bandwidth allocation exceeds 100 percent for scheduler-map."
[PR/103370]
- On M120, M320, and MX-series routers, if the value set
by the transmit-rate statement at the [edit class-of-service
schedulers scheduler-name] hierarchy level
is larger than the value set by the buffer-size statement
at that level, forwarding latency is greater than expected. [PR/233213]
- On MX-series routers, when you configure VPLS over an
LSI interface, classification does not work on the egress PE router
for traffic flowing from the core of the network to the egress CE
router. [PR/240777]
- If you configure the tri-color statement at the [edit class-of-service] hierarchy level, the drop counters in
the output of the show interfaces queue command might not
be correct for medium-high (yellow) priority traffic and low (green)
priority traffic. The drop counter for high priority traffic (red)
functions normally. [PR/258499]
- In JUNOS Release 8.4 and later, the commit or commit-check operation fails if a rewrite rule is defined both
at the [edit class-of-service interfaces interface-name unit logical-unit-number rewrite-rules] hierarchy
level and in a configuration group (defined at the [edit groups] hierarchy level) that is applied to that interface. The correct
behavior is for the directly applied rule to override the rule inherited
from the configuration group. [PR/261229]
- On MX960 platforms, bandwidth sharing across high priority
and strict-high priority schedulers might not be as expected. This
issue occurs when the schedulers are configured on logical interfaces.
[PR/265603]
- CoS rewrite rules changes are not applied to active multicast
streams. Only new multicast streams use the modified configuration.
As a workaround, clear all active multicast streams after the changes
have been applied. [PR/266341]
- The output from the show class-of-service interface interface-name command includes the Input scheduler
map field even when you configure egress-only mode for the PIC
that houses the interface (by including the mode egress-only statement at the [edit chassis fpc slot-number pic slot-number traffic-manager] hierarchy
level). [PR/275038]
- When a core-facing interface on a PE router that is acting
as an IGP peer is deactivated (for example, by deactivating the interface interface-name statement at the
[edit protocols ospf area area-id] hierarchy
level), the following message might be written to the system log:
"COSMAN: cosman_unbind_update_if_refcount: Failed to find the ifd
<interface-name> (<index>) in the ifdtable for ifl <index>."
There is no operational impact. [PR/291630]
Forwarding and Sampling
- On M320 and T-series routing platforms, when you configure
interface output sampling, packets sometimes might travel through
the output firewall. As a workaround, configure a firewall filter
on the output interface with the then sample statement and
the then next term statements. The workaround provides the
same functionality as the other configuration, but avoids the problem
behavior. [PR/70473]
- On MX-series routers running JUNOS Release 8.4 and later,
entries in the MAC address table expire three times faster than on
MX-series routers running JUNOS Release 8.3 and earlier, and on M-series
and T-series routing platforms running any release of the JUNOS software
(including JUNOS Release 8.4 and later). To configure the correct
effective value on MX-series routers running JUNOS Release 8.4 and
later, specify a value for the mac-table-aging-time statement
at the [edit protocols l2-learning] hierarchy level that
is three times the desired value. For example, if you want the expiration
time to be 15 seconds, specify 45 seconds. [PR/241485]
Routing Policy and Firewall Filters
-
The extended Dynamic Host Configuration Protocol (DHCP) relay
agent feature does not function properly on a nondefault logical router.
This means that although the JUNOS CLI permits you to include the dhcp-relay statement at the following hierarchy levels, the
feature does not work properly when you do so:
-
[edit logical-routers logical-router-name forwarding-options]
-
[edit logical-routers logical-router-name routing-instances]
-
[edit logical-routers logical-router-name routing-instances routing-instance-name forwarding-options]
[PR/82275]
- From JUNOS Release 9.0 and later, the interface-group statement is no longer supported for VPLS and bridge firewall filters
configured at the [edit interfaces interface-name unit unit family bridge filter] and the
[edit firewall family bridge term term from] hierarchy levels. [PR/256800]
Network Management
- The following groups of MIB objects do not segregate the
data they return according to the routing instance specified in an
SNMP request: vrrpMIB, jnxCosIfqStatsTable, and jnxCosQstatTable. [PR/63045]
- When you commit a configuration that includes the max-queues-per-interface statement at the [edit chassis
fpc slot pic slot]
hierarchy level, the MIB II process (mib2d) might generate a core
file and stop operating. [PR/99197]
[Contents][Prev][Next][Report an Error]
