[ Contents] [ Prev] [ Next] [ Report an Error]

Current Software Release

The current software release is Release 9.1R3. For information about obtaining the software packages, see M-series, MX-series, and T-series Upgrade and Downgrade Instructions or J-series Upgrade and Downgrade Instructions, depending on your router platform.

Outstanding Issues

Software Installation and Upgrade

For hard disks that were originally formatted by JUNOS Release 4.4 or earlier, after you issue the request system snapshot partition command, the router cannot boot from the hard disk. As a workaround, issue the request system snapshot command before upgrading. [PR/36742]

Platform and Infrastructure

When the Monitoring Services PIC is overloaded, the output from the show services accounting flow-detail command might freeze. [PR/32896]
On T-series platforms, a Layer 2 maximum transmission unit (MTU) check is not supported for MPLS packets exiting the routing platform. [PR/46238]
When you configure a source class usage (SCU) name with an integer (for example, 100) and use this source class as a firewall filter match condition, the class identifier might be misinterpreted as an integer, which might cause the filter to disregard the match. [PR/50247]
When a Monitoring Services PIC is overloaded with traffic, the FPC might take the PIC offline and repeatedly send the same error message. The error message does not affect normal operation of the FPC and PICs. As a workaround, restart the FPC or bring the PIC online. [PR/55981]
If you configure several DNS servers by including the name-server statement at the [edit system] hierarchy level, the JUNOS software uses only the first three configured DNS servers. [PR/59172]
On a Monitoring Services III PIC configured as a dynamic flow capture (DFC) interface (dfc-fpc/pic/port), when you configure the DFC interface as the next hop in a forwarding path, port-mirrored packets might become corrupted. [PR/60799]
If you configure 11 or more logical interfaces in a single VPLS instance, VPLS statistics might not be reported correctly. [PR/65496]
In a routing matrix configured for graceful Routing Engine switchover (GRES), when the master Routing Engine of a T640 routing node (line-card chassis, or LCC) enters debug mode, it does not release mastership. [PR/66308]
When a large number of kernel system log messages are generated, the log information might become garbled and the severity level could change. This behavior has no operational impact. [PR/71427]
On M320 and T-series routing platforms, there is a process that monitors FPCs while they transition to an online state. If an FPC is busy and cannot complete the transition within the time limit, the process might time out and prevent the FPC from coming online. [PR/72364]
If you configure the same IPv6 address on the fxp0 interface and another public interface within the same routing instance, the backup Routing Engine might restart. [PR/72573]
On M320 and T-series routing platforms, when you configure the local gateway of an IPSec tunnel in a routing instance, IPSec might not function properly over a generic routing encapsulation (GRE) tunnel. [PR/73864]
In the situation where a Link Services (LS) interface to a CE router appears in the VPN routing and forwarding table (VRF table) and a fragmentation is required, Internet Control Message Protocol (ICMP) cannot be forwarded out of the LS interface from a remote PE router that is in the VRF table. As a workaround, include the vrf-table-label statement in the configuration. [PR/75361]
For J-series Services Routers, if you send a real-time performance monitoring (RPM) probe through an IPSec tunnel and the probe includes the hardware-timestamp statement at the [edit services rpm probe owner-name test test-name] hierarchy level, RPM icmp-ping type probes might not work. [PR/75927]
When you configure the router to log activity with a firewall filter or perform Routing Engine-based sampling, and heavy traffic passes through the router, the following error message might be displayed: "PKTR DMA age error cell counter incremented." The error indicates that there might be some packet loss in firewall filter logging or Routing Engine-based sampling. However, transit traffic is not affected. [PR/78712]
On M160 and M40e routers, a hardware error on the Switch Fabric Module (SFM) might cause the board to reboot. [PR/79236]
On the T-series routing platform, when you include the no-labels configuration statement at the [edit forwarding-options hash-key family mpls] hierarchy level, the statement is added to the configuration; however, MPLS labels are still included in the hash key. [PR/80334]
For Gigabit Ethernet intelligent queuing (IQ) PICs installed in M-series and T-series routing platforms, system log messages for SFP receive power, laser bias, and temperature alarms might alternate between set and clear. These messages are mostly cosmetic and do not affect performance of the routing platform. [PR/80393]
On Fast Ethernet and Gigabit Ethernet PICs, LACP is not supported on an aggregated Ethernet interface that is configured with either extended-vlan-vpls encapsulation or ethernet-vpls encapsulation. As a workaround, use vlan-vpls encapsulation on the aggregated Ethernet interface. This limitation does not apply to aggregated Ethernet interfaces configured on Gigabit Ethernet IQ2 PICs. [PR/94480]
A firewall filter that matches the forwarding class of incoming packets (that is, includes the forwarding-class statement at the [edit firewall filter filter-name term term-name from] hierarchy level) might incorrectly discard traffic destined for the Routing Engine. Transit traffic is handled correctly. [PR/97722]
On J-series Services Routers, you cannot use a USB device that provides U3 features (such as the "U3 Titanium" device from SanDisk Corporation) as the media device during system boot. You must remove the U3 support before using the device as external media. For the U3 Titanium device, you can use the U3 Launchpad Removal Tool on a Windows-based system to remove the U3 features. The tool is available for download at http://www.sandisk.com/Retail/Default.aspx?CatID=1415. (To restore the U3 features, you can use the U3 Launchpad Installer Tool, accessible at http://www.sandisk.com/Retail/Default.aspx?CatID=1411.) [PR/102645]
When you enable point-to-multipoint (P2MP) LSPs over an outgoing aggregated Ethernet (AE) interface that is configured with circuit cross-connect (CCC) switching, the LSP fails to forward traffic and you receive the following error: nh_ucast_add. As a workaround, first disable the AE interface and P2MP LSPs. Then activate the AE interface and then the LSPs. Finally, clear the RSVP session for that LSP. [PR/105884]
The JUNOS software does not support dynamic ARP resolution on Ethernet interfaces that are designated for port mirroring. This causes the Packet Forwarding Engine to drop mirrored packets. As a workaround, configure the next-hop address as a static ARP entry by including the arp ip-address statement at the [edit interfaces interface-name] hierarchy level. [PR/237107]
If you configure a large number of MD5 authentication keys for BGP sessions, and then deactivate and reactivate the keys, the router might generate a commit error and MD5 authentication might not be applied on some of the BGP sessions. [PR/238960]
When you issue the request system power-on other-routing-engine command, an MX960 Routing Engine does not power on after it has been powered off in response to the request system power-off other-routing-engine command. [PR/253061]
When multiple interrupts occur at the same time and there is common interrupt handler for all of them, an “unknown jbus interrupt” syslog event is reported even though there are no problems with the system. You can safely ignore this error message. [PR/253098]
The IP Option Errors section in the output from the show pfe statistics ip options command does not include counters for all possible types of errors. [PR/254653]
The router’s address-assignment pool support enables you to create a named address range that is based on a specific DHCP option 82 value (either circuit-id or remote-id). However, when a client request is received, the router ignores the specified option 82 value and instead uses the first named range of addresses in the address-assignment pool. [PR/263077]
On T640, T320, and M320 routers, if you take an FPC offline during an ISSU boot, other FPCs in the router might crash. This happens when there is transit traffic flowing from the other FPCs towards the offlined FPC. [PR/268294]
On an M20 router, when you include the route-accounting statement at the [edit forwarding-options family inet6] hierarchy level, the following message might appear in the system log: "Error requesting SET BOOLEAN, illegal setting 32." The software is in fact functioning correctly. [PR/273762]
When a GGSN C-PIC sends a packet larger than the MTU of the outgoing interface in a default VRF, ICMP error messages that indicate fragmentation is needed do not reach the C-PIC. [PR/276392]
When Periodic Packet Management (PPM) delegation for Bidirectional Forwarding Detection (BFD) sessions is disabled (the delegate-processing statement is removed at the [edit routing-options ppm] hierarchy level), the BFD sessions might be terminated (because a “state is down” message is sent) and then re-established. [PR/280233]
When you perform an in-service software upgrade (ISSU) on a routing platform with an FPC3 or an Enhanced FPC3 with 256 MB of memory, and the number of routes in the routing table exceeds 750,000, route loss might occur. If route loss occurs, as a workaround, perform either of the following tasks:
- Replace the FPC3 or Enhanced FPC3 with another FPC that has more memory.
- After the ISSU is complete, reboot only the FPC3 or Enhanced FPC3.
[PR/282146]
On the Juniper Control System (JCS) platform, the control and management traffic for all Routing Engines share the same physical link on the same switch module. In rare cases, the physical link might become oversubscribed, causing the management connection to Protected System Domains (PSDs) to be dropped. [PR/293126]
When a GRE tunnel key is configured, the TTL value might be decremented. [300956]
When a PE router receives a PIM Join message from a CE router and the source for the required multicast data is another directly connected CE router, the attempt to create a flood next hop might initially fail. Messages, including the following, are written to the system log: “NH: Failed to install flood nexthop: <index>.” The next hop is eventually installed, so there is no operational impact. [PR/307579]
On M120 routers or M320 platforms with M320 Enhanced III FPCs, packets might be discarded after a graceful Routing Engine switchover event. The following message might be written to the system log: “ichip_f_check_dest_errors: Fabric request time out for plane <index> dest <index> pfe <index>.” To restore forwarding performance, restart the Enhanced III FPC on M320 routers or the Forwarding Engine Board on M120 routers. [PR/310061]
Hard disk crashes result in the compact flash being removed from the boot list instead of the hard disk. Depending on the exact hard drive failure, this could cause the Routing Engine to be stuck in a boot loop. [PR/389540]
When a member link of an aggregate interface goes down and comes back up and new forwarding information is installed during that change-in-status period, traffic might be lost. [PR/392550]
On T-series routing platforms with aggregated SONET/SDH interfaces, if multiple statistics requests for these interfaces are queued at the same time, a memory corruption might occur, causing the kernel to crash. [PR/393572]

User Interface and Configuration

On M20 routers, after a Routing Engine mastership switchover, you might not be able to enter CLI configuration mode on the new master Routing Engine. Also, the request system reboot and request system halt commands do not clearly fail but do not return the CLI prompt either. [PR/64899]
The logical router administrator can modify and delete master administrator only configurations by performing local operations such as issuing the load override, load replace, and load update commands. [PR/238991]
When an M-series or T-series router is upgraded from JUNOS to JUNOS-FIPS, the request system snapshot command does not work. As a workaround, issue a request system snapshot force-fmt command from the shell. This issue is not present for upgrades from an older version of JUNOS-FIPS to a newer version of JUNOS-FIPS. [PR/252640]
Executing a commit script during a commit operation causes the commit operation to stop responding. [PR/255430]
When you are working in private configuration mode and try to commit a configuration that includes a comment about an inactive configuration statement, the commit operation fails with the message “syntax error”. [PR/270160]
Sometimes, depending on the configuration, the system might fail to recognize an MD5 key configured for a BGP peer as part of a group configuration. [PR/283238]
In the output from the configuration mode show | compare command, the banner might be the parent level of the current hierarchy level instead of the current level itself. For example, when the current hierarchy level is [edit interfaces fe-1/1/1], the banner in the output reads [edit interfaces], but the additions and deletions are reported with respect to the [edit interfaces fe-1/1/1] level. [PR/291574]
The replace command removes quotation marks placed around policy algebra expressions. [PR/294344]
Use of system log regular expressions to refine the logged messages does not work properly. [PR/295523]
When you invoke a commit or commit check operation for a configuration that includes forwarding-table filters, the firewall process (dfwd) might generate a core file and restart. [PR/301806]
The file /var/db/feature.db is being read from and written to every 60 seconds. As a workaround, create the directory /config/license with the root user. [PR/308466]

Interfaces and Chassis

On aggregated SONET/SDH interfaces, the counter for drops and errors in the show interfaces command output does not display the correct value, because the counter does not collect data from the constituent interfaces within the aggregate. [PR/23577]
On ATM interfaces, when the IP address of a remote device is changed, the output of the show ilmi interface command on the local routing platform might continue to display the old IP address for the remote device. [PR/24126]
On channelized E1 interfaces, you might be able to configure clocking on ds-fpc/pic /port:n interfaces, where n is not unit 0. This is an invalid configuration and might cause a clocking selection problem on the other channels. [PR/24722]
On a 2-port OC12 ATM2 IQ interface, the total virtual path (VP) downtime might not display correctly in the show interfaces command output. [PR/27128]
On a 2-port OC12 ATM2 IQ interface, if you configure and then change the virtual path (VP) setting, the SNMP jnxAtmVpTotalDownTime counter might be reset. [PR/27131]
On an OC3 ATM2 intelligent queuing (IQ) interface, when you configure a shaping rate greater than the speed of the OC3 link and commit the configuration, the actual shaping rate might be less than the interface speed. [PR/27459]
On ATM2 IQ interfaces, when you include the atm-l2circuit-mode statement at the [edit chassis fpc slot-number pic pic-number] hierarchy level, the control-word sequence number is not reset to 1 after the transmit sequence number reaches 65,535. [PR/31669]
On M20 and M40 routers, when a physical layer problem affects a SONET/SDH interface, carrier transition statistics might not increment correctly in the output of the show interfaces extensive command. [PR/33325]
When you configure both the bundle link and constituent links at the [edit logical-routers logical-router-name interfaces] hierarchy level, the constituent links do not come up. As a workaround, configure the constituent links at the [edit interfaces] hierarchy level. [PR/35578]
On ATM2 DS3 and E3 interfaces, when you configure ATM point-to-multipoint permanent virtual circuits (PVCs), the following error messages might appear in the system log: “/kernel: RT_COS: COS IPC op 4 (CLASS TO IFL) failed”, “err 1 (Unknown)”, “ssb BCHIP 0: invalid entry type 127 at stream 8 channel 0 for ifl 83”, and “ssb COSMAN: mapping table bind to ifl 83 failed”. There is no operational impact. [PR/36524]
When you apply an IPSec firewall filter to match traffic sent across a generic routing encapsulation (GRE) tunnel and originating from the local routing platform, the local traffic is dropped. Transient traffic is not affected. [PR/44871]
On a Link Services PIC, the CLI might incorrectly allow you to configure a logical tunnel interface (interface identifier lt); the resulting interface might not work correctly. [PR/49818]
If an MLPPP LSQ bundle carries a large volume of link fragmentation and interleaving (LFI) traffic and a small proportion of multilink traffic, packets might be dropped on the egress constituent links. [PR/56664]
For ISDN dialer interfaces in a J-series Services Router, when you configure the no-keepalives statement at the [edit interfaces dl0 unit logical-unit-number] hierarchy level and you issue the show interfaces dl0 command, the Link flags field in the output might still show 'Keepalives'. [PR/58520]
If you disable an adaptive services interface by including the disable statement at the [edit interfaces sp-fpc/pic/port] hierarchy level and then delete the disable statement from the configuration, IPSec service is not reset correctly. As a workaround, either issue the deactivate services command followed by the activate services command, or issue the request chassis pic offline fpc-slot slot-number pic-slot pic-number command followed by the request chassis pic online fpc-slot slot-number pic-slot pic-number command. [PR/58522]
On ISDN interfaces in a J-series Services Router, if you include the vrf-table-label statement at the [edit routing-instances instance-name] hierarchy level, packets might be dropped from the connection. [PR/59718]
On ISDN dialer interfaces in a J-series Services Router, if you include the minimum-links statement at the [edit interfaces dl0 unit logical-unit-number] hierarchy level and then deactivate the BRI interface associated with the dialer interface, the output packets counter displayed in the output of the show interfaces dl0 command might continue to increment. [PR/59986]
On ISDN dialer interfaces in a J-series Services Router, when you include the load-threshold 100 statement at the [edit interfaces dl0 unit logical-unit-number dialer-options] hierarchy level and the 56-Kbps bandwidth threshold is exceeded, the interface does not support additional network traffic and might not activate another BRI interface. [PR/60045]
If you configure IS-IS, MPLS, and graceful Routing Engine switchover (GRES) and a switchover event occurs, the routing platform might end the PPP IP Control Protocol (IPCP) sessions and renegotiate them if the remote side has changed interface MTU settings prior to the switchover event. [PR/61121]
If you configure graceful Routing Engine switchover and issue the request chassis routing-engine master acquire command, in rare cases the master Routing Engine might fail to relinquish mastership, or the switchover to the backup Routing Engine might take up to 360 seconds. [PR/61821]
For Automatic Protection Switching (APS) on SONET/SDH interfaces, there are no operational mode commands that display the presence of APS mode mismatches. An APS mode mismatch occurs when one side is configured to use bidirectional mode, and the other side is configured to use unidirectional mode. [PR/65800]
J4350 and J6350 Services Routers might not have enough data buffers to meet expected delay-bandwidth requirements. Lack of data buffers might degrade CoS performance with smaller-sized packets (500 bytes or less). [PR/73054]
On M20 routers, when you start the router with Routing Engine 0 and System and Switch Board (SSB) 0 as master components, issue the request chassis routing-engine master switch command, and then log in to Routing Engine 1 and issue the request chassis ssb master switch and request system reboot commands, the ONLINE LED might remain lit on both SSBs. [PR/74283]
If you include the disable statement at the [edit interfaces interface-name] hierarchy level to disable the ingress interface for a SONET link between two routers that are not configured for APS or other link protection, the egress interface might not be notified. This situation might cause traffic loss. [PR/78831]
On J4350 and J6350 Services Routers, if the MTU is set to more than 6 KB for a built-in Gigabit Ethernet port or a 1-port Gigabit Ethernet ePIM, packets might be discarded with an FCS error. [PR/82245]
If you ping a nonexistent IPv6 address that belongs to the same subnet as an existing point-to-point link, the packet loops between the two point-to-point interfaces until the time to live expires. [PR/94954]
If the delay between VRRP advertisement packets is set to a small value (such as 100 ms) for a number of VRRP groups, and the router configuration is changed and committed several times in quick succession, the VRRP mastership state might be unstable. In other words, if the value of the fast-interval statement at the [edit interfaces interface-name unit logical-unit-number family inet address address vrrp-group group-number] hierarchy level is 100 for several VRRP groups, and configuration changes are committed several times in quick succession (even changes at other levels of the hierarchy), a VRRP backup router might assume mastership and immediately release it again. As a workaround, set the value of the fast-interval statement to 300 or higher. [PR/102111]
The output of the show interfaces diagnostics optics command includes the "Laser rx power low alarm" field even if the transceiver is a type (such as XENPAK) that does not support this alarm. [PR/103444]
On channelized DS3 interfaces, when a logical unit is configured with Multilink Frame Relay (MLFR) end-to-end encapsulation and Frame Relay PPP encapsulation is configured on the next numerically higher logical unit, the commit will fail. As a workaround, configure Frame Relay PPP encapsulation on a numerically smaller logical unit before a logical unit with MLFR encapsulation. [PR/229071]
When you issue the show chassis ethernet-switch statistics command on a routing platform with graceful Routing Engine switchover enabled, the two Routing Engines might be unable to exchange information for about 2 seconds. [PR/233779]
On serial interfaces transmitting either 64-byte or 128-byte packets, the effective bandwidth might be reduced when the interface is highly oversubscribed. [PR/235753]
On 1-port 10-Gigabit Ethernet XFP Uplink PICs and 1-port 10-Gigabit Ethernet XENPAK PICs, when the 10-Gigabit Ethernet port is disabled through the CLI, the transmit laser is shut off correctly. After this, if the XFP or XENPAK module is changed or reseated, the transmit laser is turned on, even though the port is disabled. [PR/267308]
If you configure more than 50 track routes (any combination of IPv4 and IPv6 routes) by including the track statement at the [edit interfaces interface-name unit logical-unit-number family (inet | inet6) address address (vrrp-group | vrrp-inet6-group) group-id] hierarchy level, the VRRP software might not correctly update route information when the status of routes changes. [PR/267769]
On ATM1 PICs, the effective shaping rate is lower than that specified by the values you configure when including the shaping statement at the [edit interfaces interface-name unit logical-unit-number] hierarchy level. As a workaround, set values appropriate for a shaping rate 4.5 percent higher than desired. [PR/268763]
On a router configured for graceful Routing Engine switchover, if the backup Routing Engine is running JUNOS Release 8.1 or later and the master Routing Engine is running JUNOS Release 8.0 or earlier, updates might not be made to the forwarding table. [PR/273492]
When you issue the clear -config -T switch[1] command using the management module on the JCS 1200, the switch module is returned to its factory default setting instead of the Juniper Networks default setting. Do not issue the clear -config -T switch[1] command. [PR/274399]
If you enable nonstop active routing (NSR) and perform a commit synchronize when the backup Routing Engine is not available, the system provides a warning message. To expedite protocol synchronization, issue the restart routing command on the backup Routing Engine when it comes up. [PR/277993]
Adding per-unit-scheduler configuration to a one- or two-port IQ PIC might cause errors and affect the forwarding state of the ports. [PR/282934]
On a router with Frame Relay multilink configured on an MS 400 PIC or on a channelized DS3 PIC, when the minimum links value for the Frame Relay interface is set to 8 and a link is deactivated from the configuration, the link remains up. [PR/285244]
The commit operation does not fail when the configuration includes the following invalid combination of statements: the address specified by the source or destination statement at the [edit interfaces gr-fpc/pic/port unit logical-unit-number tunnel] hierarchy level is the same as the interface’s own subnet address (as specified by the address statement at the [edit interfaces gr-fpc/pic/port unit logical-unit-number family family-name] hierarchy level). [PR/299443]
The 1-port ATM2 OC48/STM12 IQ PIC might generate an RDI-P error when it receives a packet in which the bits corresponding to the enhanced path-RDI encoding of the G1 path overhead byte are set, even if the formal path-RDI bit within the G1 path overhead byte is not set. [PR/309929]
On M5, M10, M20, and M40 routers, when you issue an SNMP query for alarm LED status (such as show snmp mib walk jnxLEDState), the message “FPM device not open” might be logged. This is an erroneous message and can be ignored.

Services Applications

The output of the show services nat pool command displays duplicate entries for a single Network Address Translation (NAT) pool. [PR/34678]
The show services accounting flow-detail extensive command sometimes displays incorrect information about input and output interfaces. [PR/40446]
When you configure intrusion detection service (IDS) on J-series platforms, including the threshold statement at the [edit services ids rule rule-name term term-name then logging] hierarchy level has no effect. [PR/46577]
On Adaptive Services PICs configured for IPSec tunnel redundancy, if there are a large number of tunnels, sometimes a few of the tunnels might switch over to the backup tunnel. [PR/46733]
On routing platforms configured for Internet Key Exchange (IKE)-based IPSec, if a remote peer using other vendors equipment does not renegotiate the IKE security association (SA) when it is about to expire and continues to send dead peer detection (DPD) requests on the same SA, the routing platform might not be able to reply to these messages. [PR/47004]
If the socket buffer becomes full on a remote router, you cannot clear all the IPSec security associations (SAs) from the router. [PR/55189]
When a routing platform is configured for graceful Routing Engine switchover and Adaptive Services (AS) PIC redundancy, and a switchover to the backup Routing Engine occurs, the redundant services interface (rsp-) always activates the primary services interface (sp-), even if the secondary interface was active before the switchover. [PR/59070]
On Monitoring Services I and Monitoring Services II PICs, if the export channel to the external cflowd collector is closed, cflowd records might be lost. As a workaround, restart the PIC. [PR/59432]
On Monitoring Services II PICs configured for flow collection services, during memory overload conditions, the flow collector interface might create files lacking cflowd records and these files might not be sent to the external FTP server. [PR/62599]
When you modify a flow collection services configuration and commit the changes, the system log might contain error messages regarding the commit. There is no operational impact and these messages can be ignored. [PR/64201]
On J-series Services Routers, an SNMP query returns a zero value for the data link switching (DLSw) MIB object dlswTConnTcpConfigKeepAliveInt even if you implement keepalives. [PR/70002]
For Adaptive Services II PICs, even if you do not configure flow collector services, a temporary file might be created every 15 minutes in the /var/log/flowc/ directory. The file is deleted if there are no clients, and re-created only when a client connects and attempts to write to the file. [PR/75515]
The JUNOS software does not issue a warning when you configure an address as both the destination IP address of a voice-over-IP (vp-) interface and the primary address of another interface on the router. This configuration is not valid, and can disrupt forwarding of traffic to the voice-over-IP interface. [PR/75535]
On J4350 and J6350 Services Routers, when you insert a Telephony Gateway Module (TGM) 550 PIM and the PIM is in a reset state, the router might not respond to any show chassis commands for up to five seconds. [PR/78695]
On some J-series Services Routers, when you press the F10 key to save and exit from BIOS configuration mode, the operation might not work as expected. As a workaround, use the "Save and Exit" option from the "Exit" menu. This issue affects J4350 and J6350 routers with BIOS Version 080011 and J2320, and J2350 routers with BIOS Version 080012. [PR/237721]
On some J-series Services Routers, the Clear NVRAM option in BIOS configuration mode does not work as expected. This issue affects J4350 and J6350 routers with BIOS Version 080011, and J2320 and J2350 routers with BIOS Version 080012. To help mitigate this issue, keep records of any changes you make to the BIOS configuration, so that you can revert to the default BIOS configuration as needed. [PR/237722]
If a large number of BGP authentication sessions (for example, 400) are configured in a VRF instance, the following message is written to the system log when the configuration is committed: “keyadmin[pid]: dump_assn: posting additional read.” There is no operational impact. [PR/295407]

Routing Protocols

When you include the as-path atomic-aggregate statement at the [edit routing-options aggregate defaults as-path] hierarchy level to manually add the ATOMIC_AGGREGATE attribute on a BGP AS path, the attribute is not added. [PR/2527]
When you issue the mtrace command from a UNIX client, the router does not respond to a query that requires multicast response, but responds correctly to any query that requires unicast response. As a result, the first two probes time out. The third probe is the unicast response probe, which usually succeeds. [PR/17237]
The CLI allows you to commit a configuration that specifies a value higher than 32 for the metric statement at the [edit protocols dvmrp interface all] hierarchy level, but values higher than 32 are invalid. [PR/33429]
If a router receives a Pragmatic General Multicast (PGM) Source Path Message (SPM), it does not create a forwarding cache, nor does it forward the message to other routers as a heartbeat, as specified in RFC 3208. Also, the router’s multicast cache might time out if it does not receive actual PGM data (ODATA) for more than 6 minutes. As a workaround, configure the PGM source application to send PGM ODATA at least once every 6 minutes. The ODATA acts as the heartbeat message in lieu of the SPM messages and ensures that the multicast and forwarding caches are created and updated. [PR/37504]
The configurable range for the lsp-interval knob does not match the values in the online documentation available via the help reference command. [PR/41613]
The bgpM2PrefixInPrefixesAccepted MIB object counts only the active routes; it should also count inactive routes that are eligible to become active. [PR/41975]
When you configure damping globally and use the import policy to prevent damping for specific routes, and a new route is received from a peer with the local interface address as the next hop, the route is added to the routing table with default damping parameters, even though the import policy has a nondefault setting. As a result, damping settings do not change appropriately when the route attributes change. [PR/51975]
When you issue the show ldp traffic-statistics command, the following system log message might be generated for all forwarding equivalence classes (FECs) with an ingress counter set to zero: "send rnhstats GET: error: ENOENT -- Item not found." [PR/67647]
If ICMP tunneling is enabled on the router and you configure a new logical router that does not have ICMP tunneling enabled, the feature is globally disabled. [PR/81884]
When routes are exported into OSPF and then OSPF is deactivated, the routing protocol process (rpd) might generate a core file and stop operating. [PR/232362]
When the flow of multicast traffic changes because an OSPFv3 link goes down, the output from the show multicast statistics inet6 command reports incorrect values in the In kbytes and In packets fields for the new ingress interface. [PR/234969]
When you commit a new configuration for nonstop routing (NSR) on a primary Routing Engine that differs from the configuration for NSR that is already running on the backup Routing Engine, the routing protocol process stops functioning on the backup Routing Engine only. Traffic forwarding is not affected. [PR/254379]
The address for the flow route is terminated at 348 characters. It is a cosmetic issue and affects the flow route output from the show route command. [PR/273385]
When an IPv6 duplicate address is detected, the interface stops forwarding but ISIS and OSPF3 continue to announce the interface as a valid route. However, the address is unreachable and all traffic destined to or through the interface is dropped. [PR/296740]
When a PE router receives an external LSA of type 7 (NSSA) that has a matching VPN tag or has the DN (down) bit set, it nevertheless includes the advertised route in its OSPF route calculation. According to RFC 4576, it must ignore such routes. [PR/391733]

MPLS Applications

If you configure a label-switched path (LSP) with the no-cspf statement at the [edit protocols mpls] hierarchy level, the LSP might cycle up and down several times before stabilizing. [PR/10415]
If a cross-connected circuit (CCC) traverses a forwarding-adjacency label-switched path (LSP), traffic forwarding might be affected. [PR/60088]
RSVP graceful restart does not function for LSPs that have a forwarding adjacency (FA) label-switched path (LSP) as a next hop. [PR/60256]
When you enable per-packet load balancing on parallel label-switched paths (LSPs), the output of the show mpls lsp ingress command might display all the routes on only one of the LSPs even when traffic is evenly balanced across the LSPs. [PR/70487]
An error in the Constrained Shortest Path First (CSPF) software might cause the routing protocol process (rpd) to generate a core file and stop operating. [PR/103777]
When there are more than five link-protected or node-link-protected LSPs to the same destination and per-packet load balancing is enabled, some bypass next-hops might not be part of the active route. This can occur after a primary link goes down and comes back up. [PR/259219]
After some types of network events (for example, when an interface goes down and comes back up), LDP routes might be removed incorrectly from the inet.3 routing table. As a workaround, restart all LDP sessions. [PR/297144]
When a Layer 2 circuit comes back up after an interruption of network connectivity, the JUNOS software does not record the state change appropriately, and traffic is not sent through the Layer 2 circuit connection. [PR/306043]

VPNs

When you modify the frame-relay-tcc statement at the [edit interfaces interface-name unit logical-unit-number] hierarchy level of a Layer 2 VPN, the connection for the second logical interface might not come up. As a workaround, restart the chassis process (chassisd) or reboot the router. [PR/32763]
Traffic might not flow when an ATM interface is used as the access circuit on an M120 router. [PR/255160]
Nonstop active routing (NSR) for VPLS does not support interprovider topologies using the BGP-labeled unicast address family. The related VPLS label state is not replicated on the backup Routing Engine, leading to loss during a nonstop active routing event. [PR/283691]
When an LSP switches from a primary path to a bypass path, Layer 2 circuits might flap, causing packet loss. [PR/309085]

Class of Service

When you configure an ES PIC, a message similar to the following might be written to the system log: "fpc0 LCHIP(3): Unable to fathom what channel used by IFD <id>." There is no operational impact. [PR/36184]
If you deactivate or activate an aggregated Ethernet interface, the Packet Forwarding Engine might report errors. [PR/50090]
When a logical tunnel (lt) interface is the outbound interface, JUNOS software does not support the IEEE 802.1p rewrite rule. [PR/55903]
If you try to configure a scheduler map containing two forwarding classes that are mapped to the same queue, the class-of-service scheduler is not applied to the Packet Forwarding Engine. As a workaround, configure a single forwarding class for each available queue. [PR/57907]
On M-series routers connected by VLAN circuit cross-connects (CCCs) and configured with class of service (CoS), when explicit forwarding (EF) traffic is generated from the ingress customer edge router (CE1) to the egress customer edge router (CE2), the ingress provider edge router (PE1) properly marks the packets with default EXP bits and sends the packets out queue 1, but the intermediary core router forwards all traffic through queue 0 instead of sending it through the EF queue. As a workaround, include the no-control-word statement at any of the following hierarchy levels: [edit logical-routers logical-router-name protocols l2circuit neighbor address interface interface-name], [edit protocols l2circuit neighbor address interface interface-name], [edit logical-routers logical-router-name routing-instances routing-instance-name protocols l2vpn], or [edit routing-instances routing-instance-name protocols l2vpn]. [PR/65280]
When you configure a specific classifier for a logical unit, it does not override the fixed classifier configured using wildcards. [PR/68888]
If you configure CoS traffic control profiles on every logical interface by using the '*' wildcard to represent the interfaces, the configuration cannot be committed. In other words, the commit fails if you include the input-traffic-control-profile and output-traffic-control-profile statements at the [edit class-of-service interfaces type-fpc/pic/port *] hierarchy level. [PR/100690]
On M320 and T-series routing platforms, if you map multiple forwarding classes to the same queue (specifying the same value for the queue-num statement at the [edit class-of-service forwarding-classes class class-name] level for multiple classes) and then include the multiple classes in one scheduler map (by including the forwarding-class statement for each one at the [edit class-of-service scheduler-maps map-name] hierarchy level), the commit operation fails with the message “Total bandwidth allocation exceeds 100 percent for scheduler-map.” [PR/103370]
On M120, M320, and MX-series routers, if the value set by the transmit-rate statement at the [edit class-of-service schedulers scheduler-name] hierarchy level is larger than the value set by the buffer-size statement at that level, forwarding latency is greater than expected. [PR/233213]
On MX-series routers, when you configure VPLS over an LSI interface, classification does not work on the egress PE router for traffic flowing from the core of the network to the egress CE router. [PR/240777]
If you configure the tri-color statement at the [edit class-of-service] hierarchy level, the drop counters for the show interfaces queue command appear to not work for the medium-high (yellow) priority traffic and the low (green) priority traffic. The drop counter for the high-priority traffic (red) functions normally. [PR/258499]
In JUNOS Release 8.4 and later, the commit or commit-check operation fails if a rewrite rule is defined both at the [edit class-of-service interfaces interface-name unit logical-unit-number rewrite-rules] hierarchy level and in a configuration group (defined at the [edit groups] hierarchy level) that is applied to that interface. The correct behavior is for the directly applied rule to override the rule inherited from the configuration group. [PR/261229]
On MX960 platforms, bandwidth sharing across high priority and strict-high priority schedulers might not be as expected. This issue occurs when the schedulers are configured on logical interfaces. [PR/265603]
CoS rewrite rules changes are not applied to active multicast streams. Only new multicast streams use the modified configuration. As a workaround, clear all active multicast streams after the changes have been applied. [PR/266341]
The output from the show class-of-service interface command includes the Input scheduler map field even when you configure egress-only mode for the PIC that houses the interface (by including the mode egress-only statement at the [edit chassis fpc slot-number pic slot-number traffic-manager] hierarchy level). [PR/275038]
On J-series Services Routers, MLPPP bundles with congested member links on which fragmentation is active might interfere with other bundles within the same system and trigger high latency or packet drops. As a workaround, configure the shaping rate on the bundle with fragmentation enabled to avoid flow control from the member link. [PR/281985]
When class-of-service routing-instances is configured, you may see a cosd memory leak of approximately 1 Kilobyte on each commit. As a workaround, deactivate the class-of-service routing-instances stanza in the configuration. [PR/285249]

Forwarding and Sampling

On M320 and T-series routing platforms, when you configure interface output sampling, packets sometimes might travel through the output firewall. As a workaround, configure a firewall filter on the output interface with then sample and then next-term statements. The workaround provides the same functionality as the other configuration, but avoids the problem behavior. [PR/70473]
On MX-series routers running JUNOS Release 8.4 and later, entries in the MAC address table expire three times faster than on MX-series routers running JUNOS Release 8.3 and earlier, and on M-series and T-series routing platforms running any release of the JUNOS software (including JUNOS Release 8.4 and later). To configure the correct effective value on MX-series routers running JUNOS Release 8.4 and later, specify a value for the mac-table-aging-time statement at the [edit protocols l2-learning] hierarchy level that is three times the desired value. For example, if you want the expiration time to be 15 seconds, specify 45 seconds. [PR/241485]
On an M320 router with mixed FPCs installed, the Packet Gateway Control Protocol process (pgcpd) fails to retrieve filter counters. [PR/284637]
If you apply a prefix list with IPv4 addresses to an IPv6 firewall filter, you cannot commit the configuration. However, you can apply a prefix list with IPv6 addresses to an IPv4 filter and commit the configuration. [PR/310299]

Network Management

The following groups of MIB objects do not segregate the data they return according to the routing instance specified in an SNMP request: vrrpMIB, jnxCosIfqStatsTable, jnxCosQstatTable. [PR/63045]

Resolved Issues

The following issues have been resolved since JUNOS Release 9.1R2.10. The identifier following the description is the tracking number in our bug database.

Software Installation

When a PIC that is not supported by the JUNOS software is installed in an ISSU-capable router, the PIC is flagged as incompatible for an ISSU and the ISSU process attempts to take the PIC offline. The offline attempt fails and the ISSU process is aborted. [PR/280023: This issue has been resolved.]
On an M320 router, when you perform an in-service software upgrade (ISSU), firewall filter statistics might not be restored properly. [PR/286413: This issue has been resolved.]
When a hard disk is partitioned, the /var/empty directory might not be created. As a result, the router does not accept SSH connections. As a workaround, use the mkdir command to create the /var/empty directory. [PR/290064: This issue has been resolved.]