7/25/2019 Junos Os 104 Release Notes Rev 6
1/216
JunosOS 10.4 Release Notes
Release 10.4R2
11 February 2011Revision6
These release notes accompany Release 10.4R2 of the Junos operating system (Junos
OS).Theydescribe device documentation and known problemswith the software. Junos
OS runs on all Juniper NetworksM Series, MX Series, and T Series routing platforms, SRX
Series Services Gateways, J Series Services Routers, and EX Series Ethernet Switches.
You can also find these release notes on the Juniper Networks Junos OS Documentation
Web page, which is located at http://www.juniper.net/techpubs/software/junos.
Contents Junos OS Release Notes forJuniperNetworksM SeriesMultiservice Edge Routers,
MX Series Ethernet Service Routers, and T Series Core Routers . . . . . . . . . . . . 6
NewFeatures in Junos OS Release 10.4 for M Series, MX Series, andT Series
Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Class of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Junos OS XML API and Scripting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Layer 2 Ethernet Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
MPLS Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
MX Series . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Routing Policy and Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Services Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Subscriber Access Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
System Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Changes in Default Behavior and Syntax in Junos OS Release 10.4 for M
Series, MX Series, and T Series Routers . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Class of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Forwarding and Sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Junos OS XML API and Scripting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
MPLS Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Platform and Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
1Copyright 2011, Juniper Networks, Inc.
loaded from www.Manualslib.commanuals search engine
http://www.manualslib.com/http://www.manualslib.com/7/25/2019 Junos Os 104 Release Notes Rev 6
2/216
7/25/2019 Junos Os 104 Release Notes Rev 6
3/216
Interfaces and Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Intrusion Detection and Prevention (IDP) . . . . . . . . . . . . . . . . . . . . . . . . 133
J-Web . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Management and Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Multilink . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Power over Ethernet (PoE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Virtual LANs (VLANs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Wireless LAN (WLAN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Unsupported CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Accounting-Options Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
AX411 Access Point Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Chassis Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Class-of-Service Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Ethernet-Switching Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Firewall Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Interfaces CLI Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140Protocols Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Routing Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Services Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
SNMP Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
System Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
IPv6 and MVPN CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Known Limitations in Junos OS Release 10.4 for SRX Series Services
Gateways and J Series Services Routers . . . . . . . . . . . . . . . . . . . . . . . . . 148
AppSecure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Chassis Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Command-Line Interface (CLI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
DOCSIS Mini-PIM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150Dynamic Host Configuration Protocol (DHCP) . . . . . . . . . . . . . . . . . . . . 150
Dynamic VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Flow and Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Interfaces and Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Intrusion Detection and Prevention (IDP) . . . . . . . . . . . . . . . . . . . . . . . . 154
IPv6 support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
J-Web . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
NetScreen-Remote . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Network Address Translation (NAT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Point-to-Point Protocol over Ethernet (PPPoE) . . . . . . . . . . . . . . . . . . . 156
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Unified Threat Management (UTM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Wireless LAN (WLAN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
3Copyright 2011, Juniper Networks, Inc.
loaded from www.Manualslib.commanuals search engine
http://www.manualslib.com/http://www.manualslib.com/7/25/2019 Junos Os 104 Release Notes Rev 6
4/216
Issues in Junos OS Release 10.4 for SRX Series Services Gateways and J
Series Services Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Outstanding Issues In Junos OS Release 10.4 for SRX Series Services
Gateways and J Series Services Routers . . . . . . . . . . . . . . . . . . . . . 158
Resolved Issues in Junos OS Release 10.4 for SRX Series Services
Gateways and J Series Services Routers . . . . . . . . . . . . . . . . . . . . . . 175
Errata and Changes in Documentation for Junos OS Release 10.4 for SRX
Series Services Gateways and J Series Services Routers . . . . . . . . . . . . 178
Changes to the Junos OS Documentation Set . . . . . . . . . . . . . . . . . . . . 178
Errata for the Junos OS Documentation . . . . . . . . . . . . . . . . . . . . . . . . . 179
Errata for the Junos OS Hardware Documentation . . . . . . . . . . . . . . . . 186
Hardware Requirements for Junos OS Release 10.4 for SRX Series Services
Gateways and J Series Services Routers . . . . . . . . . . . . . . . . . . . . . . . . . 189
Transceiver Compatibility for SRX Series and J Series Devices . . . . . . . 189
Power and Heat Dissipation Requirements for J Series PIMs . . . . . . . . . 189
Supported Third-Party Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
J Series CompactFlash and Memory Requirements . . . . . . . . . . . . . . . . 190Maximizing ALG Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Integrated Convergence Services Not Supported . . . . . . . . . . . . . . . . . . . . . 192
Upgrade and Downgrade Instructions for Junos OS Release 10.4 for SRX
Series Services Gateways and J Series Services Routers . . . . . . . . . . . . 192
Upgrade Policy for Junos OS Extended End-Of-Life Releases . . . . . . . . 192
Junos OS Release Notes for EX Series Switches . . . . . . . . . . . . . . . . . . . . . . . . . . 194
New Features in Junos OS Release 10.4 for EX Series Switches . . . . . . . . . . 194
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Bridging, VLANs, and Spanning Trees . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Class of Service (CoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Fibre Channel over Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Management and RMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Packet Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Virtual Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Changes in Default Behavior and Syntax in Junos OS Release 10.4 for EX
Series Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Bridging, VLANs, and Spanning Trees . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Class of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Limitations in Junos OS Release 10.4 for EX Series Switches . . . . . . . . . . . . 197
Access Control and Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Bridging, VLANs, and Spanning Trees . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Class of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Ethernet Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
J-Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Layer 2 and Layer 3 Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Copyright 2011, Juniper Networks, Inc.4
JUNOS OS 10.4 Release Notes
loaded from www.Manualslib.commanuals search engine
http://www.manualslib.com/http://www.manualslib.com/7/25/2019 Junos Os 104 Release Notes Rev 6
5/216
Spanning Tree Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Virtual Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Outstanding Issues in Junos OS Release 10.4 for EX Series Switches . . . . . 202
Access Control and Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Bridging, VLANs, and Spanning Trees . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Ethernet Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
J-Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Layer 2 and Layer 3 Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Management and RMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Virtual Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Resolved Issues in Junos OS Release 10.4 for EX Series Switches . . . . . . . . 206
Access Control and Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Ethernet Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
J-Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Layer 2 and Layer 3 Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Management and RMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Virtual Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Errata in Documentation for Junos OS Release 10.4 for EX Series
Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
J-Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Virtual Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Upgrade and Downgrade Instructions for Junos OS Release 10.4 for EX
Series Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211Upgrading Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Upgrade Policy for Junos OS Extended End-Of-Life Releases . . . . . . . . 212
Upgrading or Downgrading from Junos OS Release 9.4R1 for EX Series
Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Upgrading from Junos OS Release 9.3R1 to Release 10.4 for EX Series
Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Junos OS Documentation and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Revision History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
5Copyright 2011, Juniper Networks, Inc.
loaded from www.Manualslib.commanuals search engine
http://www.manualslib.com/http://www.manualslib.com/7/25/2019 Junos Os 104 Release Notes Rev 6
6/216
JunosOSRelease Notes for Juniper NetworksMSeriesMultiserviceEdge Routers,MXSeries EthernetServiceRouters, andTSeries CoreRouters
New Features in Junos OS Release 10.4 for M Series, MX Series, and T Series
Routers on page 6
Changes in Default Behavior and Syntax in Junos OS Release 10.4 for M Series, MX
Series, and T Series Routers on page 42
Issuesin JunosOS Release 10.4 for M Series, MX Series, andT SeriesRouterson page55
Errata and Changes in Documentation for Junos OS Release 10.4 for M Series, MX
Series, and T Series Routers on page 77
Upgradeand Downgrade Instructions forJunos OS Release 10.4 forM Series, MX Series,
and T Series Routers on page 83
New Features in Junos OSRelease 10.4 for M Series, MXSeries, and T SeriesRouters
The following features have been added to Junos OS Release 10.4. Following the
description is the title of the manual or manuals to consult for further information.
Class ofService
Hierarchical policer functionality extendedtoModular Interface Cards (MICs) (MX
Series routers)Provides hierarchical policer feature parity with Enhanced Intelligent
Queuing (IQE)PICs. This is useful in provider edgeapplications usingaggregatepolicing
for general traffic andwhen applying a separate policer for premium traffic on a logical
or physical interface.
Hierarchical policing on MICs supports the following features:
Ingresstraffic is first classified intopremiumand non-premium trafficbeforea policeris applied.
The hierarchical policer contains two policers: premium and aggregate.
Premium traffic is policed by boththe premium policer and the aggregate policer. While
the premium policer rate-limits premium traffic, the aggregate policer onlydecrements
the credits but does not drop packets. Non-premium traffic is rate-limited by the
aggregate policer only, resulting in the following behavior:
Premium traffic is assuredto havethe bandwidthconfigured forthe premium policer.
Non-premium traffic is policed to the specified rate limit.
For a list of supported MICs, refer to:
http://www.juniper.net/techpubs/en_US/release-independent/junos/topics/reference/
general/mic-mx-series-supported.html.
The logical-interface-policerandphysical-interface-policerstatementsprovideadditional
hierarchical policer parameters beyond those of the IQE PICs.
You can apply the policer at the inet, inet6, or mpls family level, as follows:
[edit interfaces ge-0/1/0 unit 0 family (inet | inet6 | mpls)]
input-hierarchical-policer Test-HP;
Copyright 2011, Juniper Networks, Inc.6
JUNOS OS 10.4 Release Notes
loaded from www.Manualslib.commanuals search engine
http://www.manualslib.com/http://www.manualslib.com/7/25/2019 Junos Os 104 Release Notes Rev 6
7/216
By makinga hierarchical policer a logical-interface-policer , you canachieve aggregation
within a logicalinterface. A hierarchical policerconfiguredas aphysical-interface-policer
supports aggregation within a physical interface. Please note that you still apply the
hierarchical policer at the interface and traffic of the families that do not have the
hierarchical policer will be policer. This is different from IQE PICs, where you apply a
hierarchical policer at the logical or physical interface.
For hierarchical policing of all traffic through a logical interface, a hierarchical policer
can bemade a logical-interface-policer andappliedto allfamilies in the logicalinterface.
Similarly, you can achieve aggregation at the physical interface level.
[Network Interfaces, Classof Service, Policy]
DSCP classification for VPLS at the ingressPE (M320with EnhancedType III FPC
andM120)Enables you to configure DSCP classification for VPLS at an ingress PE
for encapsulation typesvlan-vpls (IQ2 or IQ2E PICs) orATMII IQPIC. To configure,
define the DSCP classifier at the [edit class-of-serviceclassifiers dscpdscp-name]
hierarchy level and apply the DSCP classifier at the [edit interfaces at-fpc-pic-port
unit-logical-unit-numberclassifiers]hierarchy level. TheATM interface mustbe included
in the routing instance.
[Class of Service]
Traffic ControlProfile (TCP) support at the FRF.16physical interface levelFRF.16
bundle interfaces support multiple data-link connection identifiers (DLCIs). The
bandwidth of each of these DLCIs was previously limited to one of the following:
An aggregate value based on the number of DLCIs under the FRF.16 interface
A specific percentage through a traffic control profile (TCP) configuration applied
at the logical interface level
When there is a small proportion of traffic or no traffic on an individual DLCI, therespective member link interface bandwidth is underutilized. Support for TCP features
on the FRF.16 bundle (physical) interface level in Junos OS Release 10.4R2 addresses
this limitation. The supported features include:
Peak Information Rate (PIR)
scheduler-map
delay-buffer
To enable traffic control profiles to be applied at FRF.16 bundle (physical) interface
level, disable the per-unit scheduler, which is enabled by default, by including the
no-per-unit-scheduler statement at the[edit interfacesinterface-name] hierarchy level.
To specify trafficcontrolprofile features applicable to FRF.16bundlephysical interfaces,
include the shaping-rate, delay-buffer-rate, and scheduler-map statements at the[edit
class-of-service traffic-control-profilesprofile-name] hierarchy level. The shaping-rate
and delay-buffer-ratemust be specified as a percentage.
To apply the TCP configuration to an FRF.16 bundle (physical) interface, include the
output-traffic-control-profile statement at the [edit class-of-service interfaces
interface-name] hierarchy level.
7Copyright 2011, Juniper Networks, Inc.
New Features in Junos OSRelease 10.4for M Series, MX Series, and T Series Routers
loaded from www.Manualslib.commanuals search engine
http://www.manualslib.com/http://www.manualslib.com/7/25/2019 Junos Os 104 Release Notes Rev 6
8/216
To view the TCP configuration for an FRF.16 bundle, enter the showclass-of-service
traffic-control-profilecommand.
user@host> show class-of-service traffic-control-profile
Traffic control profile: lsq-2/1/0:0, Index: 35757
Shaping rate: 30 percent
Scheduler map: sched_0
Delay Buffer rate: 30 percent
The following is a complete configuration example:
interfaces {
lsq-0/2/0:0 {
no-per-unit-scheduler;
encapsulation multilink-frame-relay-uni-nni;
unit0 {
dlci 100;
family inet {
address 18.18.18.2/24;
}
}
}
class-of-service {
traffic-control-profiles {
rlsq_tc {
scheduler-map rlsq;
shaping-rate percent 60;
delay-buffer-rate percent 10;
}}
interfaces {
lsq-0/2/0:0 {
output-traffic-control-profile rlsq_tc;
}
}
}
scheduler-maps {
rlsq {
forwarding-class best-effort scheduler rlsq_scheduler;
forwarding-class expedited-forwarding scheduler rlsq_scheduler1;
}
}
schedulers {rlsq_scheduler {
transmit-rate percent 20;
priority low;
}
rlsq_scheduler1 {
transmit-rate percent 40;
priority high;
}
}
Copyright 2011, Juniper Networks, Inc.8
JUNOS OS 10.4 Release Notes
loaded from www.Manualslib.commanuals search engine
http://www.manualslib.com/http://www.manualslib.com/7/25/2019 Junos Os 104 Release Notes Rev 6
9/216
[Class of Service]
InterfacesandChassis
Extend support for64-bit JunosOSto include RE-1800 SeriesRouting Engines(M120,M320,MX960, MX480, andMX240 routers)Supported Routing Engines
include:
RE-1800x2-ASupports 64-bit Junos OS on M120 and M320 routers.
RE-1800x2-SSupports 64-bit Junos OS on MX240, MX480, and MX960 routers.
RE-1800x4-SSupports 64-bit Junos OS on MX240, MX480, and MX960 routers.
[SystemBasics]
Ethernet encapsulation for ATMscheduler (M7i,M10i,M120,andM320 [with
EnhancedIIIFPC]routers)Enables supportfor the configuration of an ATM scheduler
map on an Ethernet VPLS over a bridged ATM interface.
[Network Interfaces]
SynchronousEthernet (SyncE) onMX80 routersandMXSeries routerswith
MPCsSupportsthe Ethernet synchronization messaging channel(ESMC),G.8264-like
clock selection mechanism, and external clocking on MX80 routers and MX Series
routers with MPCs. Wireless backhaul and wireline transport services are the primary
applications for these features.
The following features are supported:
On MX80 routers and MX Series routers, MPCs based on G.8261 and G.8262. This
feature does not work on the fixed configuration version of the MX80 routers.
All Ethernet type ports are supported on MX80 routers and MX Series routers withMPCs
ESMC support as per G.8264
CLI command selection of clock sources
Monitoring clock sources (maximum of two clock sources can be monitored
simultaneously)
Revertive and nonrevertive modes
To configure SyncE, include the synchronization statement and its substatements at
the [edit chassis] hierarchy level.
[Network Interfaces, InterfacesCommand Reference]
Enhanced container interface allowsATMchildren for containersM Series and T
Series routers with ATM2 PICs automatically copy the parent container interface
configuration to the children interfaces. Container interfaces do not go down during
APS switchovers, thereby shielding upper layers. This feature allows the various ATM
features to work over the container ATM for APS.
9Copyright 2011, Juniper Networks, Inc.
New Features in Junos OSRelease 10.4for M Series, MX Series, and T Series Routers
loaded from www.Manualslib.commanuals search engine
http://www.manualslib.com/http://www.manualslib.com/7/25/2019 Junos Os 104 Release Notes Rev 6
10/216
To specifyATM children within a container interface,use thecontainer-listcin statement
and (primary | standby)optionat the[edit interfaceat-fpc/pic/slotcontainer]hierarchy
level.
To configure a container interface, including its children, use the cin statement and itsoptions at the [edit interface ci-n] hierarchy level.
Container ATM APS does not support inter-chassis APS. MLPPP over ATM CI is also
not supported.
[Network Interfaces]
Signaling neighboring routersof fabric downonT1600andT640 routersThe
signaling of neighboring routers is supported when a T640 or T1600 router is unable
to carry traffic due to all fabric planes being taken offline for one of the following
reasons:
CLI or offline button pressed
Automatically taken offline by the SPMB due to high temperature.
PIO errors and voltage errors detected by the SPMB CPU to the SIBs.
The following scenarios are not supported by this feature:
All PFEs get destination errors on all planes to all destinations, even with the SIBs
staying online.
Complete fabric loss caused by destination timeouts, with the SIBs still online.
When chassisd detects that all fabric planes are down, the router reboots all FPCs in
the system. When the FPCs come back up, the interfaces will not be created again,
since all fabric planes are down.
Once you diagnose and fix the cause of all fabric planes going down, you must then
bring the SIBs back online. Bringing the SIBs back online brings up the interfaces.
Fabric down signaling to neighboring routers offers the following benefits:
FPCs reboot when the control plane connection to the Routing Engine times out.
Extends a simple approach to reboot FPCs when the dataplane blacks out.
When theroutertransitions from a statewhereSIBs are onlineor spareto a state where
thereare no SIBs are online, then all theFPCsin thesystem are rebooted. An ERRMSG
indicates if all fabric planes are down, and the FPCs will reboot if any fabric planes do
not come up in 2 minutes.
An ERRMSG indicates the reason for FPC reboot on fabric connectivity loss.
The chassisd daemon traces when an FPC comes online, but a PIC attach is not done
because no fabric plane is present.
A CLI warning that the FPCs will reboot is issued when the last fabric plane is taken
offline.
Copyright 2011, Juniper Networks, Inc.10
JUNOS OS 10.4 Release Notes
loaded from www.Manualslib.commanuals search engine
http://www.manualslib.com/http://www.manualslib.com/7/25/2019 Junos Os 104 Release Notes Rev 6
11/216
You will need to bring the SIBs online after determining why the SIBs were not online.
When thefirst SIBgoesonline, andlinktrainingwith theFPCs completes,the interfaces
will be created.
Fabric down signaling to neighboring routers functionality is available by default, andno user configuration is required to enable it.
No new CLI commands or alarms are introduced for this feature. Alarms are already
implemented for when the SIBs are not online.
[Network Interfaces,System Basics]
Newenterprise-specificMIBtosupportdigital opticalmonitoring(MX960,MX480,
MX240,and 10-Gigabit Ethernet LAN/WANPICwith XFPonT640 andT1600
routers)Junos OS Release 10.4 introduces JUNIPER-DOM-MIB, a new
enterprise-specific MIB to extend MIB support for digital optical monitoring.
JUNIPER-DOM-MIB supports theSNMPGet request for statistics andSNMPTrap
notifications for alarms.
JUNIPER-DOM-MIB is part of the JUNIPER-SMIMIB hierarchy level.
The following MIB objects are supported by JUNIPER-DOM-MIB for digital optical
monitoring:
jnxDomCurrentTable
jnxDomAlarmSet
jnxDomAlarmCleared
[SNMPMIBs and Traps Reference]
Logging improvementsYou can now control logging speed at the interface level. To
rate-limit the syslogs generated from a service PIC, include themessage-rate-limitstatement at the [edit interfacesinterface-nameservices-options syslog]hierarchy
level. This option configures the maximum number of syslog messages per second
that can formatted and sent from the PIC to either the Routing Engine (local) or to an
external server (remote). Thedefault ratesare 10,00 forthe RoutingEngine and 200,00
for an external server.
[Network Interfaces]
Support for SONET/SDHOC48/STM16Enhanced IQ (IQE)PICwith SFP(M320,
MX240,MX480,MX960, T640 andT1600 routers)Supports a 4-port SONET/SDH
OC48 Enhanced IQ (IQE) PIC (Type 3) with per data-link connection identifier (DLCI)
queuing. Supported FPCs include T640-FPC3-ES, M320-FPC3-E3, and MX-FPC3.
Class of service (CoS) enables enhanced egress queuing, buffering,and trafficshaping.
CoS supports eight queues per logical interface, a per-unit scheduler, and twoshaping
rates: a Committed Information Rate (CIR) and Peak Information Rate (PIR) per
data-link connection identifier(DLCI). OtherCoS features include,but arenotrestricted
to, sharing of excess bandwidth among logical interfaces, five levels of priorities
(including Strict High), ingress behavior aggregate (BA) classification, queue rate-limit
policer, ingress rewrite, egress rewrite, and a forwarding class to queue remapping per
DLCI.
11Copyright 2011, Juniper Networks, Inc.
New Features in Junos OSRelease 10.4for M Series, MX Series, and T Series Routers
loaded from www.Manualslib.commanuals search engine
http://www.manualslib.com/http://www.manualslib.com/7/25/2019 Junos Os 104 Release Notes Rev 6
12/216
The SONET/SDH OC48/STM 16 PIC supports CoS features similar to those in IQ2E
PICs, in terms of behaviorand configurationstatements. This PICsupportsthe following
Layer 2 protocols: PPP, Frame Relay, and Cisco HDLC encapsulations.
For more information, see the PC-4OC48-STM16-IQE-SFP documentation for yourrouter:
SONET/SDH OC48/STM16 Enhanced IQ (IQE) PIC with SFP (T1600 Router)
SONET/SDH OC48/STM16 Enhanced IQ (IQE) PIC with SFP (T640 Router)
SONET/SDH OC48/STM16 Enhanced IQ (IQE) PIC with SFP (MX Series Routers)
SONET/SDH OC48/STM16 Enhanced IQ (IQE) PIC with SFP (M320 Router)
[PICGuide, Network Interfaces, Class of Service]
IPv6 statisticsfrom IQ2andIQ2E PICs onM320 routerswith Enhanced IIIFPCs and
TSeriesroutersSupport statistical accounting for IPv6 traffic traversing the IQ2 and
IQ2E PICs on M320 routers with Enhanced III FPCs and T Series routers.
ForIQ2 andIQ2E PICinterfaces, the IPv6traffic that is reported willbe thetotal statistics
(sum of local and transit IPv6 traffic) in the ingress and egress direction. The IPv6
traffic in the ingress direction will be accounted separately only if the IPv6 family is
configured for the logical interface.
Statistics are maintained for routed IPv6 packets in the egress direction.
Byte and packet counters are maintained in the ingress and egress direction.
Differences in IPv6 statistics for IQ2 interfaces and all other interfaces are as follows:
IQ2 and IQ2E PIC interfaces report the total statistics for the IPv6 traffic. For other
interfaces, the transit statistics are reported.
IQ2 and IQ2E PIC interfaces report all IPv6 traffic received on the logical interface.
For all other interfaces, only the routed traffic is accounted.
IQ2 and IQ2E PIC interfaces report IPv6 statistics for the Layer 2 frame size. For all
other interfaces, the Layer 3 packet size is accounted.
The IPv6 statistics can be viewed by logging in to the individual IQ2 PIC or IQ2E PIC, or
by using the CLI.
Local statistics are not accounted separately.
To display total IPv6 statistics for IQ2 and IQ2E PICs, use theshowinterfaces extensive
command.
NOTE: The reported IPv6 statistics do not account for the traffic manager
drops in egress direction or the Packet Forwarding Engine/traffic manager
dropsin the ingress direction. Transitstatisticsare not accountedseparately
because the IQ2 and IQ2E PICs cannot differentiate between transit and
local statistics.
Copyright 2011, Juniper Networks, Inc.12
JUNOS OS 10.4 Release Notes
loaded from www.Manualslib.commanuals search engine
http://www.manualslib.com/http://www.manualslib.com/7/25/2019 Junos Os 104 Release Notes Rev 6
13/216
[Network Interfaces]
100-Gigabit Ethernet PIC interoperabilitywithVLANsteeringSupports
interoperability with similar PICs from other vendors using a VLAN steering forwarding
option. Previously, the PICs required interconnection to the same model PIC.Interoperabilitywith interfacesfromother vendors wasnot supported.JunosOS Release
10.4 introduces a new VLAN steering algorithm to configure 100-Gigabit Ethernet PIC
interoperation with similar interfaces from other vendors.
Twopacket forwardingmodesexistunder theforwarding-mode statement.SAmulticast
mode, for proprietary connection of two Juniper Networks 100-Gigabit Ethernet PICs,
uses the Ethernet header SA MAC address multicast bit to steer the packets to the
appropriate PFE. VLAN steering mode allows the PIC to connect to non-Juniper
Networks equipment. On ingress, the PIC compares the outer VLAN ID against a
user-defined VLAN ID andVLAN mask combination andsteers the packet accordingly.
Modifying the forwarding mode config reboots the PIC.
VLAN steering overview:
In VLAN steering mode, the SA multicast bit is not used for packet steering.
In SA multicast bit steering mode, VLANID and VLAN mask configuration is not used
for packet steering.
Configuration of packet forwarding mode and VLAN steering mode uses CLI
commands that result in a PIC reboot.
There are three tag types for ingress packets:
Untagged ingress packetThe packet is sent to PFE1.
Ingress packet with one VLANThe packet forwards based on the VLAN ID.
Ingress packet with two VLANsThe packet forwards based on the outer VLAN
ID.
VLAN rules describe how the router forwards packets. For VLAN steering, you must
use one of the two rules available in the CLI:
Odd-even ruleOdd number VLAN IDs go to PFE1; even number VLAN IDs go to
PFE0.
High-low rule1 through 2047 VLAN IDs go to PFE0; 2048 through 4096 VLAN
IDs go toPFE1.
When configured in VLAN steering mode, the PIC can be configured in two physical
interface mode or in aggregated Ethernet (AE) mode:
Two physical interface modeWhen the PIC is in two physical interface mode, it
creates physical interfaces et-x/0/0:0 and et-x/0/0:1. Each physical interface can
configure its ownlogicalinterfaceand VLAN.CLI enforces the following restrictions
on commit:
The VLAN ID configuration must comply with the selected VLAN rule.
13Copyright 2011, Juniper Networks, Inc.
New Features in Junos OSRelease 10.4for M Series, MX Series, and T Series Routers
loaded from www.Manualslib.commanuals search engine
http://www.manualslib.com/http://www.manualslib.com/7/25/2019 Junos Os 104 Release Notes Rev 6
14/216
The previous restriction implies that the same VLAN ID cannot be configured
on both physical interfaces.
AE modeIn AE mode, the two physical interfaces on thesame PICare aggregated
into one AE physical interface. PIC egress traffic is based on the AE internal hashalgorithm. PIC ingress traffic steering is basedon the customized VLANID rule. CLI
enforces the following restrictions on commit:
The PIC AE working in VLAN steering mode includes both links of this PIC, and
only the links of this PIC.
The PIC AE working in SA multicast steering mode can include more than one
PIC to achieve more than 100-gigabit capacity.
To configure the PIC forwarding mode, include the forwarding-mode statement and
its options at the [edit chassis fpcnumberpicnumber] hierarchy level.
[Network Interfaces]
Newcontrol queuedisable feature(TSeries routerswith 10-Gigabit Ethernet PIC
withoversubscription)Provides a newCLI statementfor disablingthe control queue
feature for the 10-Gigabit Ethernet PIC with oversubscription. To disable the control
queue, use the no-pre-classifier statement at the [chassis] hierarchy level.
When theno-pre-classifier statement is set, the control queue feature will be disabled
for all ports on that 10-Gigabit Ethernet PIC with oversubscription. Deleting this
configuration results in the control queue feature being re-enabled on all the ports of
that PIC.
[edit chassis]
f p c 2 {
p i c 0 {
no-pre-classifier;
}
}
NOTE:
1. This feature is applicable in both oversubscribed and line-rate modes.
2. The control queue feature is enabled by default in both oversubscribed
and line-rate modes, whichcan be overridden by the user configuration.
3. CLI show commands remain unchanged. When the control queue is
disabled, various show queue commands continue to show the control
queue in the output. However, all control queue counters are reported
as zeros.
4. Enabling or disabling the control queue feature results in the PIC being
bounced (offline/online).
Copyright 2011, Juniper Networks, Inc.14
JUNOS OS 10.4 Release Notes
loaded from www.Manualslib.commanuals search engine
http://www.manualslib.com/http://www.manualslib.com/7/25/2019 Junos Os 104 Release Notes Rev 6
15/216
Once thecontrol queue featureis disabled, thenthe Layer2 andLayer 3 control packets
are subject to queue selection based on the BA classification. However, the following
control protocol packets are not classified using BA classification, as they might not
have a VLAN, MPLS, or IP header:
Untagged ARP packets
Untagged Layer 2 control packets such as LACP or Ethernet OAM
Untagged IS-IS packets
When the control queue feature is disabled, untagged ARP/IS-IS and other untagged
Layer2 control packets will go to the restricted queue corresponding to the forwarding
class associated with queue 0.
[Network Interfaces]
Microcoderemap (M320andM120 routers)M320 routers with E3 type-1 FPCs and
M120 routers with a single type-1 FPC mapped to an FEB, support a new microcodemap to resolve microcode overflow resulting in bad PIC combinations.
On M320 routers, the new microcode map is enabled by default and is the only option
available.
On M120 routers, you can enable the new microcode map by using the
ucode-imem-remap statement at the [editchassis febslotnumber]hierarchy level. On
M120routers,the defaultmicrocode map remains configured if theucode-imem-remap
statement is not configured.
[edit chassis]
feb
slotnumber
ucode-imem-remap
{
}
NOTE: On M120 routers, the FEB is automatically restarted once the
ucode-imem-remap statement is configured and committed.
[SystemBasics]
JunosOSXMLAPI and Scripting
NewJunosOSXMLAPIoperational request tag elementsTable 1 on page 16 shows
the Junos OS Extensible Markup Language (XML) operational request tag elements that
are new in Junos OS Release 10.4 along with the corresponding CLI command and
response tag element for each one.
15Copyright 2011, Juniper Networks, Inc.
New Features in Junos OSRelease 10.4for M Series, MX Series, and T Series Routers
loaded from www.Manualslib.commanuals search engine
http://www.manualslib.com/http://www.manualslib.com/7/25/2019 Junos Os 104 Release Notes Rev 6
16/216
Table 1: Junos OSXMLTagElementsand CLI Command Equivalents New in Junos OSRelease10.4
Response Tag ElementCLI CommandRequest Tag Element
NONErequest dhcpv6server reconfigurerequest_dhcpv6_
server_reconfigure_information
NONErequest system license update
request_license_update
NONErequest system softwarenonstop-upgrade
request_package_nonstop_upgrade
showamt statistics get_amt_statistics
showamt summary get_amt_summary
show amttunnel
get_amt_tunnel_information
showchassis redundant-power-supply
get_rps_chassis_information
NONEshowchassis routing-enginebios
get_bios_version_information
showclass-of-servicecongestion-notification
get_cos_congestion_notification_information
showfirewall filter version
get_firewall_log_information
show ingress-replication
get_interface_information
showisis context-identifierget_isis_context_
identifier_origin_information
showisis context-identifier identifier
get_isis_database_information
showmpls context-identifier
get_mpls_cspf_information
shownetwork-accessdomain-mapstatistics
get_authentication_pending_table
Copyright 2011, Juniper Networks, Inc.16
JUNOS OS 10.4 Release Notes
loaded from www.Manualslib.commanuals search engine
http://www.manualslib.com/http://www.manualslib.com/7/25/2019 Junos Os 104 Release Notes Rev 6
17/216
Table 1: Junos OSXMLTagElementsand CLI Command Equivalents New in Junos OSRelease10.4 (continued)
Response Tag ElementCLI CommandRequest Tag Element
showospf context-identifier
get_ospf_database_information
showredundant-power-supply led
get_rps_power_supply_information
showredundant-power-supplypower-supply
get_rps_status_information
show redundant-power-supplystatus
get_rps_version_information
show redundant-power-supplyversion
get_rip_general_statistics_information
showsecurity idppolicy-commit-status
get_idp_policy_template_information
showservices border-signaling-gateway
charging statistics
get_service_border_signaling_
gateway_charging_status
showservices border-signaling-gateway
chargingstatus
get_service_bsg_denied_messages
showservices l2tpdestination
get_services_l2tp_radius_acco
unting_statistics_information
showservicessessions
get_service_softwire_statistics
_information
showservicessoftwire
get_service_sfw_conversation
_information
showservicessoftwire flows
get_service_sfw_flow_analysi
s_information
showservicessoftwire statistics
get_service_sfw_flow_table_i nformation
17Copyright 2011, Juniper Networks, Inc.
New Features in Junos OSRelease 10.4for M Series, MX Series, and T Series Routers
loaded from www.Manualslib.commanuals search engine
http://www.manualslib.com/http://www.manualslib.com/7/25/2019 Junos Os 104 Release Notes Rev 6
18/216
Table 1: Junos OSXMLTagElementsand CLI Command Equivalents New in Junos OSRelease10.4 (continued)
Response Tag ElementCLI CommandRequest Tag Element
showservicesstateful-firewallflow-analysis
get_service_sfw_sip_register_i nformation
showsynchronous-ethernetesmcstatistics
get_synchronous_ethernet_esmc-statistics
showsynchronous-ethernetesmctransmit
get_synchronous_ethernet_esmc_transmit
NONEshowsynchronous-ethernet
global-information
get_-synchronous_ethernet_global_information
showsystem relay group
get_system_resource_cleanup_
processes_information
showsystem relaymember
get_rollback_information
showsystem relay summary
get_dhcp_binding_information
clear synchronous-
ethernet esmc
statistics
clear_synchronous_ethernet_esmc_
statistics
Layer 2 EthernetServices
Feature support for Trio3DMPCs andMICs (MXSeries routers)Enables you to
configurethe following featuresthroughJunos OS Release 9.1: load balancing,Ethernet
OAM IEEE 802.1agPhase 4 MIPsupport, LLDP, BPDU guardand loopguard,IRB support
for interworking of LDP-VPLS and BGP-VPLS, BGP multihoming for Inter-AS VPLS,
VPLS Ethernet as a core-facing interface, and limitations on next-hop flooding.
[Layer 2 Configuration]
EthernetCFMsupport onTrio3DMPCs andMICs (MXSeries routers)Enablessupport for Ethernet connectivity fault management (CFM) defined by IEEE 802.1ag
for familybridge interfaces. However, MEP configuration is not supported on aggregated
Ethernet interfaces.
[Layer 2 Configuration]
Copyright 2011, Juniper Networks, Inc.18
JUNOS OS 10.4 Release Notes
loaded from www.Manualslib.commanuals search engine
http://www.manualslib.com/http://www.manualslib.com/7/25/2019 Junos Os 104 Release Notes Rev 6
19/216
MPLSApplications
MPLS support on servicesPICsAdds MPLS label pop support for services PICs on
Junos OS routers. Previously all MPLS traffic would be dropped at the services PIC. No
changes are required to CLI configurations for this enhancement. In-service software
upgrade (unified ISSU) is supported for tag next hops for MPLS on services PIC traffic,
but no support is provided for tags over IPv6 packets or labels on multiple gateways.
[MPLS]
Addingdescriptions forbypassLSPYou can now add a text describing a bypass
LSP using the description option at the [edit protocols rsvp interfaceinterface-name
link-protectionbypassbypass-lsp-name] hierarchy level. Enclose any descriptive text
that includes spaces in quotation marks (" "). Any descriptive text you include is
displayed in the output of the show rsvp session bypasscommand and has no effect
on the operation of the bypass LSP.
[MPLS]
Multicast
Nonstop active routingPIMsupport for IPv6Starting with Release 10.4, Junos OS
extends the nonstop active routing support for Protocol Independent Multicast (PIM),
which is already supportedon IPv4, to include the IPv6 address families.The extension
of nonstop active routing PIM support to IPv6 enables IPv6 routers to maintain
self-generationIDs, multicast sessionstates, dynamic interface states, listof neighbors,
and RPSets across Routing Engine switchovers.
The nonstop active routing support for PIM on IPv6 is similar to the nonstop active
routing PIM support on IPv4 except for the following:
Nonstop active routing support for PIM on IPv6 supports an embedded rendezvouspoint (RP) on non-RP routers.
Nonstopactiveroutingsupport forPIM on IPv6does notsupportauto-RP, asauto-RP
is not supported on IPv6.
For more information about nonstop active routing PIM support on IPv4 and IPv6, see
theJunos OS High Availability ConfigurationGuide.
[HighAvailability,Multicast]
MXSeries
Support for MXSeriesWhile these features have been available on the MX Series
routers in the past, we have now qualified the following features on the Trio chipset.
For MPLS, RSVP, and LDP:
BFD session failure action for LDP LSPs (including ECMP)
RSVP Graceful Restart interop with Cisco using Nodal Hello support
Failure action on BFD session down of RSVP LSPs in JUNOS
RSVP transit
19Copyright 2011, Juniper Networks, Inc.
New Features in Junos OSRelease 10.4for M Series, MX Series, and T Series Routers
loaded from www.Manualslib.commanuals search engine
http://www.manualslib.com/http://www.manualslib.com/7/25/2019 Junos Os 104 Release Notes Rev 6
20/216
L3VPN testing using RSVP
NSR: RSVP ingress
BFD via LDP
For Multicast:
OSPF
OSPF Database Protection
RFC 4136 OSPF Refresh and Flooding Reduction in Stable Topologies
PIM SSM in provider space (Draft-Rosen 7)
NG MVPN - PIM-SSM I-PMSI and deployment scenario testing
MVPN C-PIM in plain ASM mode
NGEN MVPN hub and spoke support with GRE S-PMSI transport
PIM Join suppression support
Translating PIM states to IGMP/MLD messages
Disable PIM for IPv6 via CLI
IPv6 multicast support over L3VPNs
PIM neighbor should be maintained wherever possible
Data MDT SAFI (draft-rosen-l3vpn-mvpn-profiles)
Inter-provider Option A support with Rosen 7
Rosen 7 interoperability with Cisco IOS
For VPNs:
VPLS: Configurable label block size (min 2)
Interoperate LDP-VPLS and BGP-VPLS with FEC 128
LDP-VPLS
Interprovider VPLS Option "E": EBGP redistribution of labeled routes
Miscellaneous:
Support to commit configuration from op/event scripts
Per PFE per packet load balancing
Next Hop Handling Enhancements (Phase 3)
Support local-as alias hidden command
Copyright 2011, Juniper Networks, Inc.20
JUNOS OS 10.4 Release Notes
loaded from www.Manualslib.commanuals search engine
http://www.manualslib.com/http://www.manualslib.com/7/25/2019 Junos Os 104 Release Notes Rev 6
21/216
MIB Enhancements for Manual Bypass Tunnel Management
ISIS LFA
Improve IGMPv3 performance using bulk updates
Improve IGMPv3 performance using bulk updates - with snooping
Allow ASM group override of SSM ranges
RoutingPolicy andFirewall Filters
Point-to-multipoint (P2MP) LSP load balancingacross aggregatedEthernet links
(MSeriesexceptM320)Enables you to load-balance VPLS multicast and P2MP
multicast traffic over link aggregation. This feature also re-load-balances traffic after
a change in the next-hop topology. Next-hop topology changes might include but are
not limited to:
Layer 2 membership change in the link aggregation
Indirect next-hop change
Composite next-hop change
No new configuration is required to configure this feature. The load balancing over
aggregatedlinks is automatically enabled withthis release. For a sample topology and
configuration example, seeJunos OS Policy Framework Configuration Guide.
[Policy]
Newrouting policysystem logmessageJunos OS Release 10.3 supports a new
routing policy system log message. The RPD_PLCY_CFG_NH_NETMASK system log
message provides information about ignored netmasks. If you have a policy statementwith a term that contains a next-hop address with a netmask, the netmask is ignored.
Thefollowingsample showsthe newsystem log message (depending on your network
configuration, the type of message you see might be different):
Jun 18 11:22:43 pro5-d rpd[1403]: RPD_PLCY_CFG_NH_NETMASK: Netmask ignored for
next hop: 10.0.0.1/24.
[SystemLogMessages Reference]
Support fordisplaying the firewall filter version informationYou can display the
version number of the firewall filter installed in the Routing Engine. The initial version
number is 1 and increments by one when you modify the firewall filter settings or an
associated prefix action. To show the version number of the installed firewall filter,
use the showfirewall filter version operational mode command.
[Routing Protocols andPolicies Command Reference]
RoutingProtocols
Support for disabling traps for passiveOSPFv2 interfacesYou can now disable
interface state change traps for passive OSPF interfaces. Passive OSPF interfaces
advertise address information as an internal OSPF route, but do not run the actual
protocol. If you are only interested in receiving notifications for active OSPF interfaces,
21Copyright 2011, Juniper Networks, Inc.
New Features in Junos OSRelease 10.4for M Series, MX Series, and T Series Routers
loaded from www.Manualslib.commanuals search engine
http://www.manualslib.com/http://www.manualslib.com/7/25/2019 Junos Os 104 Release Notes Rev 6
22/216
disabling traps forpassive OSPFinterfaces reducesthe number of notifications received
and processed by the SNMP server. This allows you to more quickly and easily scan
the logs for potential issues on active OSPF interfaces.
To disable and stop receiving notifications forstatechangesin a passive OSPFinterface,include theno-interface-state-trapsstatement at the following hierarchy levels:
[edit logical-systems logical-system-nameprotocolsospf areaarea-idinterface
interface-name]
[edit logical-systems logical-system-namerouting-instancesrouting-instance-name
protocolsospf areaarea-idinterfaceinterface-name]
[edit protocolsospf areaarea-idinterfaceinterface-name]
[edit routing-instancesrouting-instance-nameprotocolsospfareaarea-idinterface
interface-name]
[Routing Protocols]
Behavior change forBGP-independentASdomainsIndependent domains use the
transitive path attribute 128 (attribute set) messages to tunnel the independent
domains BGP attributes through the internal BGP (IBGP) core. In Junos OS Release
10.3and later, if youhave notconfigured an independent domainin anyroutinginstance,
BGP treats the received attribute 128 message as an unknown attribute. The AS path
fieldin theshowroutecommand hasbeen updatedto display an unrecognized attribute
and associated hexadecimal value if you have not configured an independent domain.
The following is a sample output of the AS path field (depending on your network
configuration, the output might be different):
AS path: [12345] I Unrecognized Attributes: 40 bytes
AS path: Attrflags e0code80: 00 09eb 1a40 01 0100 4002 0802 03fde9 fd e9 01
2d 40 05 04 00 00 00 64 c 0
[Routing Protocols]
Support for disabling theattribute setmessageson independentASdomains for
BGPloopdetectionBGPloopdetectionfor a specific routeusesthe local autonomous
system (AS) domain for the routing instance. By default, all routing instances belong
to a single primary routing instance domain. Therefore, BGP loop detection uses the
local ASs configured on all of the routing instances. Depending on your network
configuration, this default behavior can cause routes to be looped and hidden.
To limit the local ASs in the primary routing instance, configure an independent AS
domain for a routing instance. Independent domains use the transitive path attribute
128 (attribute set) messages to tunnel the independent domains BGP attributes
through the internal BGP (IBGP) core. If you want to configure independent domains
to maintain the independence of local ASs in the routing instance and perform BGP
loop detection only for the specified local ASsin the routing instance, disable attribute
set messages on the independent domain. To disable attribute set messages, include
the independent-domain no-attrset statement at the following hierarchy levels:
[edit logical-systems logical-system-namerouting-instancesrouting-instance-name
routing-options autonomous-systemautonomous-system]
Copyright 2011, Juniper Networks, Inc.22
JUNOS OS 10.4 Release Notes
loaded from www.Manualslib.commanuals search engine
http://www.manualslib.com/http://www.manualslib.com/7/25/2019 Junos Os 104 Release Notes Rev 6
23/216
[edit routing-instancesrouting-instance-name routing-options autonomous-system
autonomous-system]
[Routing Protocols]
Services Applications
NAT-PTwith DNSALG support (MSeriesandT Series routers)You can configure
Domain Name Service (DNS) application-level gateways (ALGs) using NAT with
protocol translation (NAT-PT) for IPv6 to IPv4. The implementation is described in
RFC2766 and RFC2694.
When youconfigure NAT-PT with DNSALG support, youmust configuretwo NAT rules.
The first NAT rule ensures that the DNS query and response packets are translated
correctly. Forthis rule towork,you must configure a DNSALG application andreference
it in the rule. The second rule is required to ensure that NAT sessions are destined to
the address mapped by the DNS ALG.
To configure the correct translation of the DNS query and response packets, include
the dns-alg-pool dns-alg-pool or dns-alg-prefixdns-alg-prefixstatement at the [edit
services nat rulerule-name term term-name then translated] hierarchy level.
To configure the DNS ALG application, include theapplicationapplication-name
statement at the [edit applications] hierarchy level, then reference it at the [edit
services nat rulerule-name term term-name from] hierarchy level.
To configure destination translation with the DNS ALG address map, use the
use-dns-map-for-destination-translation statement at the [edit services natrule
rule-nameterm term-namethentranslated]hierarchy level. Thisstatement correlates
the DNS query or response processing done by the first rule with the actual data
sessions processed by the second rule.
You can also control the translation of IPv6 and IPv4 DNS queries in the following
ways.
For translation control of IPv6 DNS queries, use the
do-not-translate-AAAA-query-to-A-querystatement at the [edit applications
applicationapplication-name] hierarchy level.
For translation control of IPv4 queries, use the
do-not-translate-A-query-to-AAAA-querystatement at the [edit applications
applicationapplication-name] hierarchy level.
NOTE: The above two statements cannot be configured together. You
can only configure one at a time, but not both.
To check that the flows are established properly, use the showservices
stateful-firewallflowscommand or theshowservicesstateful-firewall conversations
command.
23Copyright 2011, Juniper Networks, Inc.
New Features in Junos OSRelease 10.4for M Series, MX Series, and T Series Routers
loaded from www.Manualslib.commanuals search engine
http://www.manualslib.com/http://www.manualslib.com/7/25/2019 Junos Os 104 Release Notes Rev 6
24/216
[Services Interfaces]
Enhancements to active flowmonitoringAdd support for extraction of bandwidth
usage information for billing purposes in PIC-based sampling configurations. This
capability is supported on M Series, MX Series, and T Series routers and applies onlyto IPv4 and IPv6 traffic. It is enabled only at the global instance hierarchy level and is
not available for per Packet Forwarding Engine instances. To configure the sampling
of traffic for billing purposes, include the template as-peer-billing-template-name
statement at the [edit forwarding-optionssampling family (inet | inet6)output
flow-serverserver-name version version-number] hierarchy level. To define the peer-AS
billing functionality, include thepeer-as-billing-templatestatement at the [editservices
flow-monitoring version9 template template-name] hierarchy level. For a list of the
templatefields, see theJunosOSServices InterfacesConfigurationGuide. You canapply
the existing destination class usage (DCU) policy option configuration for use with this
feature.
In addition, the MPLS top label IP address is added as a new field in the existing
MPLS-IPv4 flow template.You canuse thisfield to gatherMPLS forwardingequivalenceclass (FEC) -based traffic information for MPLS network capacity planning. These
ALGs that useJunos Services Framework (JSF)(M Series) is a PIC-only feature applied
on sampled traffic and collected by the services PIC or DPC. You candefine it for either
global or per Packet Forwarding Engine instances for MPLS traffic.
The showservices accounting aggregation templateoperational command has been
updated to include new output fields that reflect the additional functionality.
[Services Interfaces,SystemBasics and Services Command Reference]
Support for the RPM timestamp on the ServicesSDK (MSeries, MXSeries, and T
Series)Real-time performancemonitoring (RPM), which has been supported on the
Adaptive Services (AS) interface, is now supported by the Services SDK. RPM is
supported on all platforms and service PICs that support the Services SDK.
RPM timestamping is needed to account for any latency in packet communications.
You can apply timestamps on the client, the server, or both the client and server. RPM
timestamping is supported only with the icmp-ping, icmp-ping-timestamp, udp-ping,
and udp-ping-timestamp probe types.
To specify the Services SDK interface, include thedestination-interfacestatement at
the [edit services rpmprobeprobe-ownertest test-name] hierarchy level:
destination-interfacems-fpc/pic/port.logical-unit-number;
To specify the RPM client router and the RPM server router, include the rpm statement
at the [edit interfacesinterface-nameunit logical-unit-number] hierarchy level:
rpm(client | server);
To enable RPMon the Services SDK on theAS interface, configuretheobject-cache-size,
policy-db-size, andpackage statements at the [editchassisfpcslot-numberpic
pic-numberadaptive-services service-packageextension-provider] hierarchy level. For
the Services SDK,package-name in the packagepackage-name statement is
jservices-rpm.
user@host# showchassis
Copyright 2011, Juniper Networks, Inc.24
JUNOS OS 10.4 Release Notes
loaded from www.Manualslib.commanuals search engine
http://www.manualslib.com/http://www.manualslib.com/7/25/2019 Junos Os 104 Release Notes Rev 6
25/216
f p c 1 {
p i c 2 {
adaptive-services {
service-package {
extension-provider {control-cores 1;
data-cores 1;
object-cache-size 512;
policy-db-size 64;
package jservices-rpm;
syslog daemon any;
}
}
}
}
}
[Services Interfaces]
ALGsusing JunosOSServices Framework (JSF) (MSerieswithMultiservices PICsandMXSerieswithMSDPCs)Application-level gateways (ALGs) intercept and
analyze specified traffic, allocate resources, and define dynamic policies to permit
traffic to pass securely through a device. Beginning with Junos OS Release 10.4 on the
specified routers, you can use JSF ALGs with the following services:
Stateful firewall
Network Address Translation (NAT)
To use JSF to run ALGs, you must configure the jservices-alg package at the [edit
chassis fpcslotpicslot adaptive-servicesservice-packageextension-provider package]
hierarchy level. In addition, you must configure the ALG application at the [edit
applicationsapplicationapplication-name]hierarchy level, and referencethe application
in the stateful firewall rule or the NAT rule in those respective configurations.
[Services Interfaces]
Enhancements toport mirroringwith next-hopgroups(MXSeriesonly)Adds
support for binding up to two port-mirroring instances to the same MX Series Packet
Fowarding Engine.This enablesyou to choose multiple mirror destinations byspecifying
different port-mirroring instances in the filters. Filters must include the
port-mirror-instanceinstance-name statement at the [edit firewallfilterfilter-nameterm
term-name then] hierarchy level. You must also include theport-mirror-instance
instance-namestatement at the [editchassis fpcnumber] hierarchy level to specify the
FPC to be used.
Inline port mirroring allows you to configure instances that are not bound to the FPCspecified in the firewall filter then port-mirror-instanceinstance-nameaction. Instead,
you can define the thennext-hop-groupaction. Inline port-mirroring aims to decouple
the port-mirror destination from the input parameters, such as rate. While the input
parameters are programmed in the Switch Interface Board (SIB), the next-hop
destination for the mirrored packet is available in the packet itself.
A port-mirroring instance can now inherit input parameters fromanother instance that
specifies it. To configure this option, include the input-parameters-instance
25Copyright 2011, Juniper Networks, Inc.
New Features in Junos OSRelease 10.4for M Series, MX Series, and T Series Routers
loaded from www.Manualslib.commanuals search engine
http://www.manualslib.com/http://www.manualslib.com/7/25/2019 Junos Os 104 Release Notes Rev 6
26/216
instance-name statement at the [edit forwarding-options port-mirror instance
instance-name] hierarchy level.
You can also now configure port mirroring to next-hop groups using a tunnel interface.
[Services Interfaces]
Multiple IDPdetector support (MXSeries routers, M120 routers,andEnhanced III
FPCs inM320routers)TheIDP detectorprovidesinformationabout services,contexts,
and anomalies that are supported by the associated protocol decoder.
The specified routers now support loading multiple IDP detectors simultaneously.
When a policy is loaded, it is also associated with a detector. If the new policy being
loaded has an associated detector that matches the detector already being used by
the existing policy, the new detector is not loaded and both policies use a single
associated detector. However, if the new detectordoes not match the current detector,
the new detector is loaded along with the new policy. In this case, each loaded policy
will then use its own associated detector for attack detection. Note that with the
specified routers, a maximum of four detectors can be loaded at any given time.
Multiple IDP detector support for the specified routers functions in a similar way to the
existing IDP detector support on J Series and SRX Series devices, except for the
maximum number of decoder binary instancesthat are loaded into the process space.
To viewthe current policy and the corresponding detector version, use theshowsecurity
idpstatusdetailcommand.
For more information, see theJunos OS Security Configuration Guide.
[Services Interfaces]
NAT using JunosOSServices Framework(JSF) (MSeriesandT Serieswith
Multiservices PICs andMXSerieswithMultiservices DPCs)The Junos OS Services
Framework (JSF) is a unified framework for Junos OS services integration. JSFServices
integration will allow the option of running Junos OS services on services PICs or DPCs
in any M Series, MX Series, or T Series routers. Beginning with Junos OS Release 10.4,
you can use JSF to run NAT on the specified routers.
To useJSF to runNAT, you must configure the jservices-natpackage at the[edit chassis
fpcslotpicslotadaptive-servicesservice-packageextension-providerpackage]hierarchy
level. In addition, you must configure NAT rules and a service set with a Multiservice
interface.To checkthe configuration, use theshowconfigurationservicesnatcommand.
To show the run time (dynamic state) information on the interface, use the show
services sessions and show services natpool commands.
[Services Interfaces]
Stateful firewall using JunosOSServices Framework (JSF) (MSerieswith
Multiservices PICs,MXSerieswithMultiservices DPCs, andT Series routers)The
Junos OS Services Framework (JSF) is a unified framework for Junos OS services
integration. JSF Services integration will allow the option of running Junos OS services
on services PICs or DPCs in any M Series, MX Series, or T Series routers. Beginning with
Junos OS Release 10.4, you can use JSF to run stateful firewall on the specified routers.
Copyright 2011, Juniper Networks, Inc.26
JUNOS OS 10.4 Release Notes
loaded from www.Manualslib.commanuals search engine
http://www.manualslib.com/http://www.manualslib.com/7/25/2019 Junos Os 104 Release Notes Rev 6
27/216
To use JSF to run stateful firewall, you must configure the jservices-sfwpackage at the
[edit chassis fpcslotpicslotadaptive-services service-packageextension-provider
package] hierarchy level. In addition, you must configure stateful firewall rules and a
service set with a Multiservice interface. To check the configuration, use the show
configurationservicesstateful-firewallcommand. To show the run time(dynamicstate)
information on the interface, use the showservices sessions command.
[Services Interfaces]
Transitionof IPv4 traffic to IPv6 addresses using Dual StackLite (DS-Lite)Adds
support for DS-Lite, a means for transitioning IPv4 traffic to IPv6 addresses. This
transition will become necessary as the supply of unique IPv4 addresses nears
exhaustion. New subscriber homes are allocated IPv6 addresses and IPv6-capable
equipment; DS-Lite provides a method for the private IPv4 addresses behind the IPv6
equipmentto reachthe IPv4 network.An IPv4 host communicateswitha NAT endpoint
over an IPv6 network usingsoftwires. DS-Lite createsthe IPv6 softwiresthat terminate
on the services PIC. Packets coming out of the softwire can then have other services
such as NAT applied on them.
[Services Interfaces,SystemBasics and Services Command Reference]
Round-robinallocationforNATPaddressesYou cannowspecifyround-robinaddress
allocation from NAT pools when you use NATP. In the default method of
address-allocation, NAT addresses are allocated sequentially. All of the addresses in
a given range must be allocatedbefore addresses from a different range are allocated.
The following example illustrates the sequential (legacy) implementation, which is
still available to provide backward compatibility.
pool napt {
address-range low 9.9.99.1 high 9.9.99.3;
address-range low 9.9.99.4 high 9.9.99.6;
address-range low 9.9.99.8 high 9.9.99.10;address-range low 9.9.99.12 high 9.9.99.13;
port {
range low 3333 high 3334;
}
}
In this example, for each unique source address, a new address range is used for
allocationonlywhen there areno ports available in the previousaddress range. Address
9.9.99.4:3333is picked only whenall ports foraddresses in the first range areexhausted.
The first connection is allocated NAT address 9.9.99.1:3333.
The second connection is allocated 9.9.99.1:3334.
The third connection is allocated 9.9.99.2:3333.
The fourth connection is allocated 9.9.99.2:3334, and so on.
To configure round-robin allocation for NAT pools, include theaddress-allocation
round-robinconfiguration statement at the [edit servicesnatpoolpool-name]hierarchy
level. When you use round-robin allocation, one port is allocated from each address
in a range before repeating the process for each address in the next range. After ports
27Copyright 2011, Juniper Networks, Inc.
New Features in Junos OSRelease 10.4for M Series, MX Series, and T Series Routers
loaded from www.Manualslib.commanuals search engine
http://www.manualslib.com/http://www.manualslib.com/7/25/2019 Junos Os 104 Release Notes Rev 6
28/216
have been allocated for all addresses in the last range, the allocation process wraps
around and allocates the next unused port for addresses in the first range.
The first connection is allocated NAT address 9.9.99.1:3333.
The second connection is allocated 9.9.99.2:3333.
The third connection is allocated 9.9.99.3:3333.
The fourth connection is allocated 9.9.99.4:3333.
The fifth connection is allocated address 9.9.99.5:3333.
The sixth connection is allocated address 9.9.99.6:3333.
The seventh connection is allocated address 9.9.99.7:3333.
The eighth connection is allocated address 9.9.99.8:3333.
The ninth connection is allocated address 9.9.99.9:3333.
The tenth connection is allocated address 9.9.99.10:3333.
The eleventh connection is allocated address 9.9.99.11:3333.
The twelfth connection is allocated address 9.9.99.12:3333.
Wraparound occurs and the thirteenthconnection is allocated address 9.9.99.1:3334.
[Services Interfaces]
SubscriberAccessManagement
Enhancementtotheshowservicesl2tp destination commandThe showservicesl2tpdestinationcommand hasbeen extendedto displaythe lockoutstateof the destination
from the LAC. A destination that is reachable is not locked. An unreachable destination
is locked out. L2TP makes no further attempts to connect to this destination until the
timeout period (300 seconds) expires, unless the unreachable destination is the only
destination in the tunnel configuration list. In that case, L2TP ignores the lockout and
continues trying to connect to the destination.
[Subscriber Access]
RedirectingHTTPredirect requests(MXSeries routers)Enables support for HTTP
traffic requests from subscribers to be aggregated from access networks onto a BRAS
router, where HTTP traffic can be intercepted and redirected to a captive portal. A
captive portal provides authentication and authorization services for redirected
subscribers before granting access to protected servers outside of a walled garden. A
walled garden defines a group of servers where access is provided to subscribers
without reauthorization through a captive portal. You can use a captive portal page as
the initial page a subscriber sees after logging in to a subscriber session and as a page
used to receive and manage HTTP requests to unauthorized Web resources. An HTTP
redirect remoteserverthatresidesin a walledgarden behind Junos OS routers processes
HTTP requests redirected to it and responds with a redirect URL to a captive portal.
Copyright 2011, Juniper Networks, Inc.28
JUNOS OS 10.4 Release Notes
loaded from www.Manualslib.commanuals search engine
http://www.manualslib.com/http://www.manualslib.com/7/25/2019 Junos Os 104 Release Notes Rev 6
29/216
To configure HTTP redirect, include the captive-portal-content-deliverystatement at
the [edit services] hierarchy level.
[Subscriber Access]
Filtersupport for service packet countingYou can count service packets, applying
them to a specific named counter (__junos-dyn-service-counter), for use by RADIUS.
To enable service packet accounting, specify the service-accountingaction at the [edit
firewall family family-name filter filter-name term term-name then] hierarchy level.
[Policy Framework,Subscriber Access]
Support for domainmaps that applyconfigurationoptions basedon subscriber
domainnames (MXSeriesandM Seriesrouters)You use domain maps to apply
access options and session-specific parameters to subscribers whose domain name
correspondsto the domain mapname. You canalso create a default domainmap that
the router uses for subscribers whose username does not include a domain name or
has a non-matching domain name.
Domain maps apply subscriber-related characteristics such as profiles (access,
dynamic, and tunnel), target and AAA logical system mapping, address pool usage,
and PADN routing information.
You configure domain maps at the [edit access domain] hierarchy level.
[Subscriber Access]
L2TP LAC support for subscribermanagement (MXSeries routers)You can now
configure an L2TP access concentrator (LAC) on MPC-equipped MX Series routers.
As part of thenew L2TP LAC support, you canconfigure how therouter selects a tunnel
fora PPP subscriber from among a setof availabletunnels.The defaulttunnel selection
method is to fail over between tunnel preference levels. When a PPP user tries to login toa domain, therouter attemptsto connect toa destinationin that domainby means
of the associated tunnel with the highest preference level. If the destination is
unreachable, the router then moves to the next lower preference level and repeats the
process. No configuration is required for this tunnel selection method.
You can include the fail-over-within-preferencestatement at the [edit services l2tp]
hierarchy level to configure tunnel selection failover within a preference level. With this
method, when therouter tries toconnect to a destination andis unsuccessful,it selects
a new destination at the same preference level. If all destinations at a preference level
are marked as unreachable, the router does not attempt to connect to a destination
at that level. It drops to the next lower preference level to select a destination. If all
destinations at all preference levels are marked as unreachable, the router chooses
the destination that failed first and tries to make a connection. If the connection fails,the router rejects the PPP user session without attempting to contact the remote
router.
By default, the router uses a round-robinselection process among tunnelsat the same
preference level. Include theweighted-load-balancingstatement at the statement at
the [edit services l2tp]hierarchy levelto specify that the tunnel with the highest weight
within a preference is selected until its maximum sessions limit is reached. Then the
29Copyright 2011, Juniper Networks, Inc.
New Features in Junos OSRelease 10.4for M Series, MX Series, and T Series Routers
loaded from www.Manualslib.commanuals search engine
http://www.manualslib.com/http://www.manualslib.com/7/25/2019 Junos Os 104 Release Notes Rev 6
30/216
tunnel with the next highest weight is selected until its limit is reached, and so on. The
tunnel with the highest configured maximum sessions value has the greatest weight.
Another feature of L2TP LACs on MX Series routers is the ability to control whether
the LAC sends the Calling Number AVP 22 to the LNS. The AVP value is derived fromthe Calling-Station-Id and identifies the interface that is connected to the customer
in the access network. By default, the LAC includes this AVP in ICRQ packets it sends
to theLNS.In somenetworksyou maywish to conceal yournetwork access information.
To prevent the LAC from sending the Calling Number AVP to the LNS, include the
disable-calling-number-avp statement at the [edit services l2tp]hierarchy level.
[Subscriber Access]
Support for dynamic interface sets (M120,M320,andMXSeries routers)Enables
you to configure sets of subscriber interfaces in dynamic profiles. Interface sets are
used for providing hierarchical scheduling. Previously, interface sets were supported
for interfaces configured in the static hierarchies only.
Supported subscriber interfacesinclude static and dynamic demux, static and dynamicPPPoE, and static and dynamic VLAN interfaces.
To configure an interface set in a dynamic profile, include the interface-set
interface-set-name statement at the [edit dynamic-profiles interfaces] hierarchy level.
To add a subscriber interface to the set, include the interfaceinterface-nameunit
logical-unit-numberstatement at the [edit dynamic-profiles interfaces interface-set
interface-set-name]hierarchy level. You apply traffic shapingand scheduling parameters
to the interface-set by including the interface-set interface-set-name and
output-traffic-control-profileprofile-namestatements atthe static[editclass-of-service
interfaces]hierarchy level.
A new Juniper Networks VSA (attribute 26-130) is now supported for the interface set
name, and includes a predefined variable, $junos-interface-set-name. TheVSA issupported for RADIUS Access-Accept messages only; change of authorization (CoA)
requests are not supported.
[Subscriber Access]
Support forservice sessionaccounting statistics (MXSeries routers)You can now
capture accounting statisticsfor subscriber service sessions. Subscriber management
supports service session accounting based on service activation and deactivation, as
wellas interim accounting. Time-based accounting is supported forall servicesessions.
Time and volume-based accounting is supported for classic firewall filter and fast
update firewall filter service sessions only.
To provide volume service accounting, the well-known accounting counter
(junos-dyn-service-counter) must also be configured for the classic firewall filter andfast update firewall filter service. You define the counter at the [edit firewall family
familyfilter filterterm term then] hierarchy level.
Copyright 2011, Juniper Networks, Inc.30
JUNOS OS 10.4 Release Notes
loaded from www.Manualslib.commanuals search engine
http://www.manualslib.com/http://www.manualslib.com/7/25/2019 Junos Os 104 Release Notes Rev 6
31/216
The following VSAs (vendor ID 4874) are used for service accounting:
ValueDescriptionAttribute Name
Attribute
Number
0 = disable
1 = enable time statistics
2 = enable timeand
volume statistics
Enable or disable
statistics for the
service.
Service-Statistics26-69
string: service-nameName of the
service.
Acct-Service-Session26-83
range = 60086400
seconds
0 = disabled
Amount of time
between interim
accounting
updates for this
service.
Service-Interim-Acct-Interval26-140
[Subscriber Access]
Subscriber securepolicy trafficmirroring supported for L2TP sessions on theLAC
(MXSeries routers)The L2TP access concentrator (LAC) implementation supports
RADIUS-initiated per-subscriber traffic mirroring. Both subscriber ingress traffic (from
the subscriber into the tunnel) and subscriber egress traffic (from the tunnel to the
subscriber) is mirrored at the (subscriber-facing) ingress interface on the LAC. The
ingress traffic is mirrored after PPPoE decapsulation and before L2TP encapsulation.
The egress traffic is mirrored after L2TP decapsulation. The mirrored packet includes
the complete HDLC frame sent to the LNS.
[Subscriber Access]
Supportfor staticanddynamicCoSonL2TPLACsubscriber interfaces(M120,M320,
andMXSeries routers)Enables you to configure static and dynamic CoS for L2TP
access concentrator (LAC) tunnels thattransportPPP subscribers at Layer 2 and Layer
3 of the network.
IP and L2TP headers are added to packets arriving at the LAC from a subscriber before
being tunneled to the L2TP network server (LNS). Classifiers and rewrite-rules enable
you to properly transfer the type-of-service (ToS) value or the 802.1p value from the
innerIP header to the outerIP header of the L2TP packet.
For ingress tunnels, you configure fixed or behavior aggregate (BA) classifiers for the
PPP interface or an underlying VLAN interface at Layer 2. You can configure Layer 3
classifiers for a family of PPP interfaces. Layer 2 and Layer 3 classifiers can co-exist
for a PPP subscriber.
For example, to classify incoming packets for a PPP subscriber, include the classifier
type classifier-name statement at the [edit class-of-service interfaces pp0unit
logical-unit-number] hierarchy level or at the [edit dynamic-profilesclass-of-service
interfaces pp0unit logical-unit-number] hierarchy level.
On egress tunnels, you configure rewrite rules to set the ToS or 802.1p value of the
outer