[j-nsp] J-series & "protocols mpls ipv6-tunneling" == packet corruption

[Phil Mayers]

All,

This is a follow-up to my previous email.

We're seeing the following problem on our J4350 routers under 10.x 
versions of JunOS - certainly still present under 10.4R2.7, as well as 10.1

Basically, enabling:

protocols {
   mpls {
     ipv6-tunneling
   }
}

...causes the J-series to start corrupting IPv4 packets which it 
forwards. Seemingly this is *only* for packets matching 0.0.0.0/0 and 
*only* for packets received on interfaces outside of a routing instance.

We basically see a packet with:

ip src=x dst=y ttl=64 frag-offset=0 checksum=1234

...turned into the following on egress:

mpls label=X ttl=255
  ip src=x dst=y ttl=64 frag-offset=2040 checksum=1234

i.e. the J-series seems to be corrupting/writing data into the IP 
"flags" field, setting a fragment offset, and making the packet 
completely invalid (as well as breaking the checksum)

If we disable ipv6-tunneling and then cause a routing event (e.g. clear 
bgp neighbours, flap an interfaces) we see:

mpls label=X ttl=63
  ip src=x dst=y ttl=64 frag-offset=0 checksum=1234

i.e. valid. Note the different MPLS ttl.


Anyone else seen anything like this? Anyone at all using ipv6-tunneling 
with J-series?

I'm wondering if it's something specific to our config, but I can't 
figure out what, given it only affects packets with a 0.0.0.0/0 route 
match, even when the next-hop interface & MPLS label are the same.

Anyone got any suggestion how I can dig deeper?