Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] Traffic stops working on devices with PIM modules running on 6.3r6



Article ID: KB23488 KB Last Updated: 10 Apr 2012Version: 1.0
This article describes the issue of traffic not working on devices with PIM modules. These devices are running on 6.3r6.
Certain ScreenOS devices, which support PIM modules (SSG500 series, SSG300 series and SSG140), have an issue where network traffic intermittently stops on the PIM interface. The issue is not observed on 6.3r5 release or below. Traffic automatically recovers after sometime.

The following observations were made, when the issue occurred:

  • When the traffic stops, LED light on the port ceases to blink.

  • Debug flow basic and debug flow drop do not report any drops.

  • The interface counters are not increasing.

  • CPU is normal.

However when the PC is connected to one of the on-board interfaces, traffic flows without any issues.
  • During heavy traffic load, the packet flow is affected by the flow control mechanism on the PIM interface.

  • Flow control mechanism is implemented at the data link layer to avoid congestion.

  • When a network element (in this case, the PIM interface) is overwhelmed with traffic, the flow control starts to drop packets. It is during this period that the unresponsiveness is observed.

  • Ping packets also timeout.
This is a known issue on ScreenOS devices running with a 4port fast ethernet expansion module. The solution is to upgrade to the interim patches - 6.3r6 - cdx1.0 or 6.3r8 - cgn1. The patches simply disable the flow control mechanism on the 4 port FE card and prevent it from dropping packets.

When the interface receives excess traffic, instead of being dropped, it is rendered to the CPU for further processing. These patches are available internally and customers are expected to contact JTAC support and request for the patch.

The fix also has recently been included in the mainline release of 6.3r10 and customers can locate this in the release notes as well. For more information, refer to PR607132.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search