Juniper Networks JUNOS 10.2 Software Release NotesRelease 10.2R4
10 June 2011 Revision 10
These release notes accompany Release 10.2R4 of the JUNOS
Software. They describe device documentation and known problems
with the software. JUNOS Software runs on all Juniper Networks M
Series, MX Series, and T Series routing platforms, SRX Series
Services Gateways, J Series Services Routers, and EX Series
Ethernet Switches. You can also find these release notes on the
Juniper Networks JUNOS Software Documentation Web page, which is
located at http://www.juniper.net/techpubs/software/junos.
Contents
JUNOS Software Release Notes for Juniper Networks M Series
Multiservice Edge Routers, MX Series Ethernet Service Routers, and
T Series Core Routers . . . . . 7 New Features in JUNOS Release
10.2 for M Series, MX Series, and T Series Routers . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 7 Class of Service . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
High Availability . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 8 Interfaces and Chassis
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . 8 JUNOS XML API and Scripting . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 16 Layer 2 Ethernet
Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 21 MPLS Applications . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 22 Multiplay . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 26 Routing Policy and Firewall Filters . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Routing
Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 29 Services Applications . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
30 Subscriber Access Management . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 31 VPNs . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . 44 Changes in Default Behavior and Syntax in JUNOS Release
10.2 for M Series, MX Series, and T Series Routers . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 45 Class of Service
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 45 Forwarding and Sampling . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 General
Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . 46
Copyright 2012, Juniper Networks, Inc.
1
JUNOS 10.2 Software Release Notes
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . 46 JUNOS XML API and Scripting
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
53 Layer 2 Ethernet Services . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . 54 MPLS Applications . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . 54 Platform and Infrastructure . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 55 Routing Policy and
Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . 55 Services Applications . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 55 Subscriber
Access Management . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . 59 VPNs . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Issues in JUNOS Release 10.2 for M Series, MX Series, and T Series
Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 63 Current Software
Release . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . 63 Previous Releases . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . 96 Errata and
Changes in Documentation for JUNOS Software Release 10.2 for M
Series, MX Series, and T Series Routers . . . . . . . . . . . . . .
. . . . . . . 118 Changes to the JUNOS Documentation Set . . . . .
. . . . . . . . . . . . . . . . . 118 Errata . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 119 Upgrade and Downgrade Instructions for JUNOS
Release 10.2 for M Series, MX Series, and T Series Routers . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 Basic
Procedure for Upgrading to Release 10.2 . . . . . . . . . . . . . .
. . . . . . 128 Upgrade Policy for JUNOS Software Extended
End-Of-Life Releases . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . 130 Upgrading a
Router with Redundant Routing Engines . . . . . . . . . . . . . .
130 Upgrading Juniper Routers Running Draft-Rosen Multicast VPN to
JUNOS Release 10.1 . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 131 Upgrading the Software for a
Routing Matrix . . . . . . . . . . . . . . . . . . . . . 132
Upgrading Using ISSU . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . 133 Upgrading from JUNOS Release
9.2 or Earlier on a Router Enabled for Both PIM and NSR . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
134 Downgrade from Release 10.2 . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . 135 JUNOS Software Release Notes for
Juniper Networks SRX Series Services Gateways and J Series Services
Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
136 New Features in JUNOS Release 10.2 for SRX Series Services
Gateways and J Series Services Routers . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . 136 Software Features
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 137 Hardware FeaturesSRX210 Services Gateways . . .
. . . . . . . . . . . . . . . 168 Hardware FeaturesSRX240 Services
Gateways . . . . . . . . . . . . . . . . . 168 Hardware
FeaturesSRX210 and SRX240 Services Gateways with Integrated
Convergence Services . . . . . . . . . . . . . . . . . . . . . . .
. . . . . 171 Hardware FeaturesSRX650 Services Gateways . . . . . .
. . . . . . . . . . . 172 Hardware FeaturesSRX3400 and SRX3600
Services Gateways . . . . 173 Advertising Bandwidth for Neighbors
on a Broadcast Link Support . . . . . . . 173 Group VPN
Interoperability with Ciscos GET VPN . . . . . . . . . . . . . . .
. . . . . . 174 Changes in Default Behavior and Syntax in JUNOS
Release 10.2 for SRX Series Services Gateways and J Series Services
Routers . . . . . . . . . . . . 175 Application Identification . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. 175 Application Layer Gateways (ALGs) . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 175 AppSecure . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. 176 Chassis Cluster . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 176
2
Copyright 2012, Juniper Networks, Inc.
Command-Line Interface (CLI) . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 178 Configuration . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. 180 Dynamic VPN . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 181 Flow and Processing .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . 181 Interfaces and Routing . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . 182 Intrusion
Detection and Prevention (IDP) . . . . . . . . . . . . . . . . . .
. . . . . . 183 J-Web . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Management and Administration . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 187 Multilink . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. 187 WLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 188 Unsupported CLI
Statements and Commands . . . . . . . . . . . . . . . . . . . . . .
. 188 Accounting-Options Hierarchy . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . 188 AX411 Access Point Hierarchy .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Chassis Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . 188 Class-of-Service Hierarchy
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. 189 Ethernet-Switching Hierarchy . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . 189 Firewall Hierarchy . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . 189 Interfaces CLI Hierarchy . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . 189 Protocols
Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 193 Routing Hierarchy . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Services Hierarchy . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . 194 Security Hierarchy . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . 194 SNMP Hierarchy . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 195 System
Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 195 IPv6 and MVPN CLI . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Known Limitations in JUNOS Release 10.2 for SRX Series Services
Gateways and J Series Services Routers . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . 197 AppSecure . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . 197 Chassis Cluster . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Command-Line Interface (CLI) . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . 199 DOCSIS Mini-PIM . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Dynamic VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . 200 Flow and Processing . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. 200 Hardware . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . 201 Interfaces and
Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 202 Intrusion Detection and Prevention (IDP) . . .
. . . . . . . . . . . . . . . . . . . . 203 IPv6 Support . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . 205 J-Web . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
NetScreen-Remote . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . 207 Network Address Translation
(NAT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . 208 Point-to-Point Protocol
over Ethernet (PPPoE) . . . . . . . . . . . . . . . . . . 208
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 208 SNMP . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . 209 Switching . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 210 Unified Threat
Management (UTM) . . . . . . . . . . . . . . . . . . . . . . . . .
. . . 210 VLAN . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . 210 VPNs . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . 210
Copyright 2012, Juniper Networks, Inc.
3
JUNOS 10.2 Software Release Notes
WLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 210 Issues in JUNOS
Release 10.2 for SRX Series Services Gateways and J Series Services
Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 211 Outstanding Issues In JUNOS Release
10.2 for SRX Series Services Gateways and J Series Services Routers
. . . . . . . . . . . . . . . . . . . . . . 211 Resolved Issues in
JUNOS Release 10.2 for SRX Series Services Gateways and J Series
Services Routers . . . . . . . . . . . . . . . . . . . . . 232
Errata and Changes in Documentation for JUNOS Release 10.2 for SRX
Series Services Gateways and J Series Services Routers . . . . . .
. . . . . . 239 Application Layer Gateways (ALGs) . . . . . . . . .
. . . . . . . . . . . . . . . . . . . 239 Chassis Cluster . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . 239 Command-Line Interface (CLI) . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . 240 Class of Service . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . 241 Flow and Processing . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . 241 Hardware
Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 242 Installing Software Packages . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . 247 Integrated
Convergence Services . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . 247 Interfaces and Routing . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . 248 Intrusion
Detection and Prevention (IDP) . . . . . . . . . . . . . . . . . .
. . . . . 248 JUNOS Software Interfaces and Routing Guide . . . . .
. . . . . . . . . . . . . . 249 J-Web . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . 250 Management Information Base (MIB) . . . . . . . . . . . .
. . . . . . . . . . . . . . 250 Network Address Translation (NAT) .
. . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Point-to-Point Protocol . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . 251 Screens . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . 251 Hardware Requirements for JUNOS Release 10.2 for SRX
Series Services Gateways and J Series Services Routers . . . . . .
. . . . . . . . . . . . . . . . . . . 251 Transceiver Compatibility
for SRX Series and J Series Devices . . . . . . . 252 Power and
Heat Dissipation Requirements for J Series PIMs . . . . . . . . .
252 Supported Third-Party Hardware . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 252 J Series CompactFlash and Memory
Requirements . . . . . . . . . . . . . . . . 253 Stream Control
Transmission Protocol Overview . . . . . . . . . . . . . . . . . .
. . . 254 Configuration Overview . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 254 Maximizing ALG
Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 255 Upgrade and Downgrade Instructions for
JUNOS Release 10.2 for SRX Series Services Gateways and J Series
Services Routers . . . . . . . . . . . . . . . . . 256 Upgrade
Policy for JUNOS Software Extended End Of Life Releases . . 256
JUNOS Software Release Notes for EX Series Switches . . . . . . . .
. . . . . . . . . . . 257 New Features in JUNOS Release 10.2 for EX
Series Switches . . . . . . . . . . . . 257 Hardware . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 257 Access Control and Port Security . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . 258 Bridging, VLANs,
and Spanning Trees . . . . . . . . . . . . . . . . . . . . . . . .
. . . 259 Class of Service (CoS) . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 259 Infrastructure . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . 259 Layer 2 and Layer 3 Protocols . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 260 Management
and RMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . 260
4
Copyright 2012, Juniper Networks, Inc.
Packet Filters . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 260 Changes in Default
Behavior and Syntax in JUNOS Release 10.2 for EX Series Switches .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . 261 Access Control and Port Security
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . 261 Layer 2 and Layer 3
Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . 261 User Interfaces and Configuration . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . 261 Limitations in JUNOS
Release 10.2 for EX Series Switches . . . . . . . . . . . . . . 262
Access Control and Port Security . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . 262 Bridging, VLANs, and Spanning Trees .
. . . . . . . . . . . . . . . . . . . . . . . . . . 262 Class of
Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 263 Firewall Filters . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . 263 Hardware . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 263 Infrastructure
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 264 Interfaces . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. 265 J-Web Interface . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 266 Layer 2 and Layer 3
Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . 266 Management and RMON . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . 266 Virtual Chassis . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . 267 Outstanding Issues in JUNOS Release 10.2 for EX
Series Switches . . . . . . . 267 Access Control and Port Security
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
Bridging, VLANs, and Spanning Trees . . . . . . . . . . . . . . . .
. . . . . . . . . . 268 Class of Service . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . 268 Hardware . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 268 Infrastructure . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 269 J-Web Interface . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . 270 Layer 2 and Layer 3 Protocols . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 271 Multicast . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . 271 Virtual Chassis . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. 271 Resolved Issues in JUNOS Release 10.2 for EX Series Switches
. . . . . . . . . . . 271 Access Control and Port Security . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 272 Bridging,
VLANs, and Spanning Trees . . . . . . . . . . . . . . . . . . . . .
. . . . . . 272 Firewall Filters . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . 273 Infrastructure . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 273 Interfaces . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
J-Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . 275 Layer 2 and Layer 3
Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . 276 Management and RMON . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . 277 Multicast . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 277 Virtual Chassis . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Errata in Documentation for JUNOS Release 10.2 for EX Series
Switches . . 277 Access Control and Port Security . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 278 Firewall Filters . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 278 Interfaces . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
278
Copyright 2012, Juniper Networks, Inc.
5
JUNOS 10.2 Software Release Notes
Upgrade and Downgrade Issues for JUNOS Release 10.2 for EX
Series Switches . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 278 Upgrade Policy
for JUNOS Software Extended End-Of-Life Releases . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . 278 Upgrading or Downgrading from JUNOS Release 9.4R1 for EX
Series Switches . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . 279 Upgrading from JUNOS
Release 9.3R1 to Release 10.2 for EX Series Switches . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . 279 Upgrading from JUNOS Release 9.2 to Release 10.2 for
EX Series Switches . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 279 Downgrading from
JUNOS Release 10.2 to Release 9.2 for EX4200 Switches . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . 281 JUNOS Documentation and Release Notes . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 282 Documentation
Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 282 Requesting Technical Support . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . 282 Revision History . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
6
Copyright 2012, Juniper Networks, Inc.
JUNOS Software Release Notes for Juniper Networks M Series
Multiservice Edge Routers, MX Series Ethernet Service Routers, and
T Series Core Routers
JUNOS Software Release Notes for Juniper Networks M Series
Multiservice Edge Routers, MX Series Ethernet Service Routers, and
T Series Core Routers
New Features in JUNOS Release 10.2 for M Series, MX Series, and
T Series Routers on page 7 Changes in Default Behavior and Syntax
in JUNOS Release 10.2 for M Series, MX Series, and T Series Routers
on page 45 Issues in JUNOS Release 10.2 for M Series, MX Series,
and T Series Routers on page 63 Errata and Changes in Documentation
for JUNOS Software Release 10.2 for M Series, MX Series, and T
Series Routers on page 118 Upgrade and Downgrade Instructions for
JUNOS Release 10.2 for M Series, MX Series, and T Series Routers on
page 127
New Features in JUNOS Release 10.2 for M Series, MX Series, and
T Series RoutersThe following features have been added to JUNOS
Release 10.2. Following the description is the title of the manual
or manuals to consult for further information.
Class of Service
Support for Layer 2 policers at the VLAN level on Trio MPC/MIC
interfaces (MX Series platforms with Trio MPC/MIC interfaces)Layer
2 policers at the VLAN level are supported on an MX Series router
with Trio MPCs/MICs. [Class of Service]
Different classifiers for different virtual circuits (ATM
interfaces)Enables you to combine Layer 2 and Layer 3
classifications on ATM interfaces where some VCs are part of a VPLS
instance and other belong to an L3VPN. To configure, include the
classifiers statement at the [edit class-of-service interfaces
at-x/y/zunit logical-interface-number] hierarchy level. [Class of
Service]
DSCP classification for VPLS at ingress PE (M320 with Enhanced
Type III FPC and M120)Enables you to configure DSCP classification
for VPLS at ingress PE for encapsulation types vlan-vpls (IQ2 or
IQ2E PICs) or ATM II IQ PIC. To configure, define the DSCP
classifier at the [edit class-of-service classifiers dscp
dscp-name] hierarchy level and apply the DSCP classifier at the
[edit interfaces at-fpc-pic-port unit-logical-unit-number
classifiers] hierarchy level. The ATM interface must be included in
the routing instance. [Class of Service]
Copyright 2012, Juniper Networks, Inc.
7
JUNOS 10.2 Software Release Notes
High Availability
Nonstop active routing support for Layer 2 VPN and Layer 3 VPN
over RSPV-TE LSPsStarting with Release 10.2, the JUNOS Software
extends the nonstop active routing support to Layer 2 VPN and Layer
3 VPN over RSVP-TE LSPs. JUNOS Release 10.2 also extends the
nonstop active routing support for Layer 3 VPNs to cover the
following OSPF features and configurations:
domain-id domain-id statement at the [edit routing-instances
routing-instance-name protocols (ospf | ospf3)] hierarchy level
domain-vpn-tag number statement at the [edit routing-instances
routing-instance-name protocols (ospf | ospf3)] hierarchy level
metric number statement at the [edit routing-instances
routing-instance-name protocols ospf area area-id sham-link-remote]
hierarchy level
sham-link local address statement at the [edit routing-instances
routing-instance-name protocols ospf] hierarchy level
sham-link-remote address statement at the [edit
routing-instances routing-instance-name protocols ospf area
area-id] hierarchy level
Interfaces and Chassis
List of supported software features for MX Series MPCsThe
following link contains a high-level list of software features for
MX Series MPCs. For information about MPC support for subordinate
statements of these software features, see the JUNOS Layer 2
Configuration
Guide.http://www.juniper.net/techpubs/en_US/release-independent/junos/topics/reference/
general/mpc-mx-series-features.html
New 2-port MIC with XFP (model number MIC-3D-2XGE-XFP)This MIC
can be installed into the new Type 1 MPCs (supported on MX240,
MX480, MX960 routers) or can be installed directly into two slots
in a modular MX80 chassis. For a list of supported MICs and MPCs,
see the MX Series Line Card Guide. New 30-Gigabit Ethernet queuing
MPC (model number MX-MPC1-3D-Q)Supported on MX240, MX480, and MX960
routers. For a list of supported MPCs, see the MX Series Line Card
Guide. New 30-Gigabit Ethernet MPC (model number
MX-MPC1-3D)Supported on MX240, MX480, and MX960 routers. For a list
of supported MPCs, see the MX Series Line Card Guide. New 40-port
dual-wide Tri-rate MIC (model number MIC-3D-40GE-TX)Supported on
the MX Series routers. The Tri-rate MIC contains 40 autonegotiating
10Base-T, 100Base-TX, or 1000Base-T Megabit Ethernet ports. The
Tri-rate MIC installs into both slots of an MPC in a MX240, MX480,
and MX960 routers or directly into two slots in a modular MX80
chassis. For a list of supported MICs and MPCs, see the MX Series
Line Card Guide.
8
Copyright 2012, Juniper Networks, Inc.
New Features in JUNOS Release 10.2 for M Series, MX Series, and
T Series Routers
Modular Port Concentrators (MPCs) on MX240, MX480, and MX960
routersProvide tunnel support parity, replacing traditional tunnel
and services PICs with tunnels that were supported on a "virtual"
port on MX240, MX480, and MX960 PFEs. MX240, MX480, MX960 routers
support a virtual PIC and a virtual port, visible for tunnel
configuration, and eliminating the need for a tunnel PIC.
Traditional tunnel PIC features are supported, including:
GRE keys GRE Clear-dont-fragment
Certain services PIC features are not supported. On MPCs there
are no tunnel PICs. Instead some bandwidth is taken off the WAN
ports from the MX240, MX480, and MX960 routers and reserved for
tunneling. In the presence of tunnel traffic, all WAN ports are
affected in case of oversubscription. On MX240, MX480, and MX960
routers, the following types of tunnel ports are supported:
A 1Gbps tunnel port on 10x1GE PFE complex A 10Gbps tunnel port
on 1x10GE PFE complex
On MX240, MX480, and MX960 routers, tunnel services can be
enabled by configuring tunnel-services bandwidth on a particular
virtual PIC. For example:user@host# show chassis fpc 0 { pic 0 {
tunnel-services { bandwidth 1g; } } pic 1 { tunnel-services {
bandwidth 1g; } } }
This enables tunnel services with a bandwidth of 1 Gbps on FPC 0
and PIC 0. Correspondingly, chassisd can create devices such as the
following:
vt-0/0/10, ip-0/0/10, etc. for pic0 vt-0/1/10 ip-0/1/10 etc. for
pic1
Currently supported bandwidth values are 1 Gbps and 10 Gbps.
Devices are created with port 10 for 1-Gbps tunnels and port 0 for
10-Gbps tunnels. These tunnels with their associated configurations
work when an MX-DPC is replaced by an MPC. This means the router
creates tunnel devices based on the tunnel services configuration.
This means that although the same PFE supports vt-0/0/10 and
vt-0/1/10, two devices must be created to be compatible with the
above configuration.
Copyright 2012, Juniper Networks, Inc.
9
JUNOS 10.2 Software Release Notes
The MPC allows you to configure four tunnel MICs per MPC (to
support vt-0/0/10, vt-0/1/10, vt-0/2/10, and vt-0/3/10), although
in reality there are only two physical MICs. This is achieved by
creating logical MICs on MPCs. In addition, you can add physical
interfaces to the MPC because no MICs are associated with these
tunnel physical interfaces. [Services Interfaces]
Restrictions on NAT configuration on DPCs (MX960, MX480, and
MX240 routers with Multiservices DPC services interfaces)If you
configure a basic 1:1 destination NAT rule with address prefixes in
the pool, NAT will not work as expected. Also, if you configure
port allocation for all NAT translations with a redundancy services
(RSP) interface, NAT will not work as expected. [Services
Interfaces]
Voice over IP (VoIP) servicesIn JUNOS Release 10.2, MX Series
MPCs support Border Gateway Function (BGF) and Integrated
Multi-Service Gateway (IMSG). For a list of supported protocols and
applications, see the MX Series Line Card Guide. Support for Layer
2 Ethernet OAM (MX Series routers with Trio MPC/MIC Ethernet
interfaces)MX Series routers with Trio MPC/MIC Ethernet interfaces
supports parity of all Layer 2 OAM for 802.1ag for inet family
features supported by MX Series routers as of JUNOS Release 9.1.
[Network Interfaces]
Support for MPC tunnel features with other DPC types (MX Series
platforms with Trio MPC/MIC interfaces)If you configure tunnels on
an MX Series router with both Trio MPCs/MICs and DPCs, all tunnel
functions support parity with JUNOS Release 9.2. [Network
Interfaces]
Enhanced IQ (IQE) PICs for M7i and M10i routersM7i and M10i
routers now support the following Enhanced IQ (IQE) PICs:
4-port Channelized DS3 and E3 Enhanced IQ (IQE) PIC
(PE-4CHDS3-E3-IQE-BNC) 10-port Channelized E1/T1 Enhanced IQ (IQE)
PIC (PE-10CHE-T1-IQE-RJ48) 2-port Channelized OC3/STM1 Enhanced IQ
(IQE) PIC with SFP (PE-2CHOC3-STM1-IQE-SFP) 1-port Channelized
OC12/STM4 Enhanced IQ (IQE) PIC with SFP (PE-1CHOC12STM4-IQE-SFP)
4-port DS3/E3 Enhanced IQ (IQE) PIC (PE-4DS3-E3-IQE-BNC) 4-port
SONET/SDH OC3/STM1 Enhanced IQ (IQE) PIC with SFP
(PE-4OC3-STM1-IQE-SFP) 1-port SONET/SDH OC12/STM4 Enhanced IQ (IQE)
PIC with SFP (PE-1OC12-STM4-IQE-SFP)
10
Copyright 2012, Juniper Networks, Inc.
New Features in JUNOS Release 10.2 for M Series, MX Series, and
T Series Routers
The IQE PICs support the same features as the existing IQ PICs,
as well as enhanced CoS and diagnostic features. The valid
configuration statements are also the same, but the limits and
range of values for some options are different to support augmented
capabilities. [M7i PIC Guide, M10i PIC Guide, Class of Service,
Network Interfaces]
New MX80 Ethernet services routerThere are two MX80 routers: one
with a modular chassis and one with a fixed chassis. Each router is
a compact Ethernet-optimized edge router that provides provide
switching and carrier class Ethernet routing. Both provide up to 40
gigabits per second (Gbps) full duplex, high-density Ethernet
interfaces and high capacity switching throughput. Both use the
Trio chipset for increased scalability of L2/L3 packet forwarding,
buffering, and queuing. Each router supports parity in software
features supported by other MX Series routers as of JUNOS Release
9.2. To view JUNOS Release 9.2 documentation, see:
http://www.juniper.net/techpubs/software/junos/junos92/index.html.
The show chassis family of commands has been updated to provide
information about MX80 routers.
NOTE: The MX80 router with fixed configuration does not support
hierarchical queuing, congestion dropping, or statistics.
The MX80 router with modular configuration includes four
built-in 10-Gigabit Ethernet ports and two slots that support the
following Modular Interface Cards (MICs):
20-port Gigabit Ethernet MIC with SFP 2-port 10-Gigabit Ethernet
MIC with XFP 40-port Gigabit Ethernet MIC (dual-wide)
The MX80 router with fixed configuration includes 4 built-in
10-Gigabit Ethernet ports and 48 built-in 10/100/1000Base-TX-RJ45
ports. The MX80 router is a single-board router with a built-in
Routing Engine and one Packet Forwarding Engine (PFE), which can
have up to two MICs. (A Services PIC slot is currently not
supported.) The PFE has two pseudo Flexible PIC Concentrators (FPC
0 and FPC1). Because there is no switching fabric, the single PFE
takes care of both ingress and egress packet forwarding. On both
routers, the four built-in 10-Gigabit Ethernet ports are mapped to
FPC 0. On the MX80 router with modular configuration, the MIC slots
are mapped to FPC 1. On the MX80 router with fixed configuration,
the 48 built-in 10/100/1000Base-TX-RJ45 ports are mapped to FPC 1.
[MX80 Hardware]
Tunable XFP support (MX960, MX480, MX240, T640, and
T1600)Provides support for wavelength tunable non-optical transport
network (OTN) 10Gigabit Ethernet XFPs. All forwarding, OAM, and
control plane features supported on the current DPCs, MICs, and
PICs are supported on the above routers. This feature is not
supported on MX80 and T320 routers.
Copyright 2012, Juniper Networks, Inc.
11
JUNOS 10.2 Software Release Notes
You can use the existing wavelength statement to configure the
wavelength of the optics at the [edit interfaces interface-name
optic-options] hierarchy level. The following existing
configuration mode commands are supported for tunable XFPs:
show chassis hardware show chassis pic show interfaces
[Network Interfaces]
Support for external clock synchronization on T Series routers
(T320, T640, T1600)The T320, T640, and T1600 routers support
external clock interfaces on the Sonic Clock Generators (SCG). When
external clock synchronization is configured, this clock is
distributed through the FPCs to each PIC interface. To configure
external clock synchronization, include the following statements at
the [edit chassis] hierarchy level:synchronization { primary
(external-a | external-b); secondary (external-s | external-b);
switching-mode (revertive | non-revertive); validation-interval
seconds; }
[System Basics]
Support for 802.1ag Ethernet OAM for VPLS extended to M320 (with
Enhanced III FPC), M120, and to M10i and M7i (with CFEB) routers
with Gigabit Ethernet IQ2, IQ2E, and IQ2E PICsExtends the 802.1ag
VPLS functionality to the specified routers. 802.1ag was previously
supported only on Layer 2 circuits, Layer 2 VPNs, and routable
interfaces on the specified router, FPC, and interface
combinations. Configuration for this feature is performed in the
same way as the existing OAM VPLS CLI feature configuration on MX
Series routers. To configure CFM, include the
connectivity-fault-management statement and substatements at the
[edit protocols oam ethernet] hierarchy level. [Network
Interfaces]
Quality-of-service (QoS) support for ATM on circuit emulation
PICsOn M7i, M10i, M40e, M120, and M320 routers, the Channelized
OC3/STM1 Circuit Emulation PICs (PB-4CHOC3-CE-SFP and
PE-4CHOC3-CE-SFP) and E1/T1 Circuit Emulation PICs
(PB-12T1E1-CE-TELCO and PE-12T1E1-CE-TELCO) provide QoS features
that match or exceed those of the ATM-II PIC. Circuit Emulation
PICs provide ingress and egress direction traffic shaping. Policing
is performed by monitoring the configured parameters on the
incoming traffic and is also referred to as ingress shaping. Egress
shaping uses queuing and scheduling to shape the outgoing traffic.
This is an enhancement over the ATM-II PIC, which only provides
egress shaping. Classification is provided per virtual circuit
(VC).
12
Copyright 2012, Juniper Networks, Inc.
New Features in JUNOS Release 10.2 for M Series, MX Series, and
T Series Routers
The following features are supported:
Port-level egress shaping Support for CBR, rtVBR, nrtVBR, and
UBR Policing on a per VC basis Independent PCR and SCR policing
Counting, tagging, or discard policing actions
CLI configuration is similar to that of QoS features for the
ATM-II PIC. To configure shaping for logical interfaces in port
promiscuous mode, use the shaping statement and its substatements
at the [interfaces at-fpc/pic/port unit] hierarchy level. [Network
Interfaces]
Enhanced graceful Routing Engine switchover (GRES) support for
PD-5-10XGE-SFPP PICs (T640 routers connected to a TX Matrix
router)JUNOS Release 10.2 extends GRES support for 10-port
10-Gigabit Ethernet Oversubscribed Ethernet PIC (PD-5-10XGE-SFPP)
in T640 routers connected to a TX Matrix router. Targeted broadcast
support for virtual routing and forwarding (VRF) (M Series, MX
Series, and T Series routers)Enables IP packets destined for a
Layer 3 broadcast address to transit to an egress interface on a
router. The packets are broadcast only if the egress interface is a
LAN interface. This feature is useful when the Routing Engine is
flooded with packets to process. Targeted broadcast enables a
broadcast packet destined for a remote network to transit across
networks until the destination network is reached. In the
destination network, the broadcast packet is broadcast as a normal
broadcast packet. To configure targeted broadcast on a broadcast
interface, include the targeted-broadcast statement at the [edit
interfaces interface-name unit logical-unit-number family inet]
hierarchy level. You can configure targeted broadcast in two
ways:
To forward broadcast packets to both the egress interface and
the Routing Engine, include the forward-and-send-to-re statement at
the [edit interfaces interface-name unit logical-unit-number family
inet targeted-broadcast] hierarchy level. To forward broadcast
packets to the egress interface only, include the forward-only
statement at the [edit interfaces interface-name unit
logical-unit-number family inet targeted-broadcast] hierarchy
level.
When you do not include the targeted-broadcast statement, a copy
of each broadcast packet is sent to the Routing Engine. When you
include the targeted-broadcast statement without either the
forward-and-send-to-re or forward-only statement, broadcast packets
are discarded. [Network Interfaces]
High availability hot-standby for FRF.15 (MLFR) and FRF.16 (MFR)
configurations on Multiservices PICs and DPCs (M Series, MX Series,
and T Series routers)Extends
Copyright 2012, Juniper Networks, Inc.
13
JUNOS 10.2 Software Release Notes
support for the hot-standby option to FRF.15 and FRF.16 on
redundant paired LSQ interfaces. This feature is supported on
Multiservices PICs and DPCs. Provides a switchover time of 5
seconds or less for FRF.15, and provides a maximum of 10 seconds
switchover time for FRF.16. To configure redundant LSQ hot-standby
functionality for FRF.15, configure the hot-standby statement at
the [edit interfaces rlsqnumber redundancy-options] hierarchy level
and the multilink-frame-relay-end-to-end statement at the [edit
interfaces rlsqnumber unit logical-unit-number encapsulation]
hierarchy level. To configure redundant LSQ hot-standby
functionality for FRF.16, include the hot-standby statement at the
[edit interfaces rlsqnumber:number encapsulation
multilink-frame-relay-uni-nni redundancy-options] hierarchy level.
[Services Interfaces]
M7i, M10i, M120, and M320 routers (with Enhanced III FPC)
support ATM scheduler for RFC1483 bridged interfaceExtends ATM
scheduler support for RFC1483 bridged interface functionality to
the specified routers. [Network Interfaces]
Support for xSTP on Trio MPC/MIC interfaces (MX Series platforms
with Trio MPC/MIC interfaces)All types of xSTPs are supported on an
MX Series router with Trio MPCs/MICs. [Layer 2 Configuration
Guide]
Support for targeted broadcast for virtual routing and
forwarding (VRF) instances on MX Series routersThe MX960, MX480,
and M240 routers now support targeted broadcast which IP packets
destined for a Layer 3 broadcast address to transit to an egress
interface on a router. The packets are broadcast only if the egress
interface is a LAN interface. This feature is supported on
aggregated Ethernet interfaces and is useful when the Routing
Engine is flooded with packets to process. Targeted broadcast
enables a broadcast packet destined for a remote network to transit
across networks till the destination network is reached. In the
destination network, the broadcast packet is broadcast as a normal
broadcast packet. To configure targeted broadcast on a broadcast
interface, include the targeted-broadcast statement at the [edit
interfaces interface-name unit logical-unit-number family inet]
hierarchy level. You can configure targeted broadcast in two
ways:
To forward broadcast packets to both the egress interface and
the Routing Engine, include the forward-and-send-to-re statement at
the [edit interfaces interface-name unit logical-unit-number family
inet targeted-broadcast] hierarchy level. To forward broadcast
packets to the egress interface only, include the forward-only
statement at the [edit interfaces interface-name unit
logical-unit-number family inet targeted-broadcast] hierarchy
level.
When you do not include the targeted-broadcast statement, a copy
of each broadcast packet is sent to the Routing Engine. When you
include the targeted-broadcast
14
Copyright 2012, Juniper Networks, Inc.
New Features in JUNOS Release 10.2 for M Series, MX Series, and
T Series Routers
statement without either the forward-and-send-to-re or
forward-only statement, broadcast packets are discarded. [Network
Interfaces]
New statement to sync the FPC that is brought online with other
active FPCs (M320, T320, T640, T1600, TX Matrix, and TX Matrix Plus
routers)M320, T320, T640, T1600, TX Matrix, and TX Matrix Plus
routers now support the fpc-resync configuration statement at the
[edit chassis] hierarchy level. When you bring a Flexible PIC
Concentrator (FPC) online, the sequence number on the FPC may not
be synchronized with the other active FPCs in the router, which may
result in the loss of a small amount of initial traffic. To avoid
any traffic loss, include the fpc-resync statement at the [edit
chassis] hierarchy level. This ensures that the sequence number of
the FPC that is brought online is resynchronized with the other
active FPCs in the router. [System Basics]
Copyright 2012, Juniper Networks, Inc.
15
JUNOS 10.2 Software Release Notes
JUNOS XML API and Scripting
16
Copyright 2012, Juniper Networks, Inc.
New Features in JUNOS Release 10.2 for M Series, MX Series, and
T Series Routers
New JUNOS XML API operational request tag elementsTable 1 on
page 17 lists the JUNOS Extensible Markup Language (XML)
operational request tag elements that are new in JUNOS Release
10.2, along with the corresponding CLI command and response tag
element for each one.
Table 1: JUNOS XML Tag Elements and CLI Command Equivalents New
in JUNOS 10.2Request Tag Element clear_service_bsg_registrations
clear_service_bsg_registrations_statistics
clear_services_bsg_registrations_subscription
get_syslog_facility_information
request_ping_rsvp_dynamic_bypass_lsp
request_ping_rsvp_manual_bypass_lsp request_logout_user
get_environment_ power_supply_unit_information get_fm_topology
get_fm_plane_location_information get_fru_power_on_sequence
get_power_budget_information get_tfeb_information
get_vcpu_information get_cos_service_session_information
CLI Commandclear services border-signaling-gateway registrations
clear services border-signaling-gateway registrations statistics
clear services border-signaling-gateway registrations subscription
help syslog facility
Response Tag Element
ping mpls rsvp dynamic-bypass
NONE
ping mpls rsvp manual-bypass
NONE
request system logout
show chassis environment power-supply-unit
show chassis fabric map show chassis fabric plane-location
show chassis power sequence
show chassis power-budget-statistics
show chassis tfeb
show chassis vcpu
show class-of-service service-session
Copyright 2012, Juniper Networks, Inc.
17
JUNOS 10.2 Software Release Notes
Table 1: JUNOS XML Tag Elements and CLI Command Equivalents New
in JUNOS 10.2 (continued)Request Tag Element get_gre_ka_information
get_pppoe_session_information get_r2cp_interface_information
get_r2cp_radio_information get_r2cp_session_information
get_r2cp_statistics get_service_ accounting_error_ inline_jflow_
information get_service_ accounting_status_ inline_jflow_
flow_information get_service_ accounting_status_ inline_jflow_
information get_service_ border_signaling_ gateway_address_
of_record
CLI Commandshow oam gre-keepalive
Response Tag Element
show pppoe sessions
show r2cp interfaces
show r2cp radio
show r2cp sessions
show r2cp statistics
show services accounting errors inline-jflow
show services accounting flow inline-jflow
show services accounting status inline-jflow
show services border-signaling-gateway address-of-record
18
Copyright 2012, Juniper Networks, Inc.
New Features in JUNOS Release 10.2 for M Series, MX Series, and
T Series Routers
Table 1: JUNOS XML Tag Elements and CLI Command Equivalents New
in JUNOS 10.2 (continued)Request Tag Element get_service_
border_signaling_ gateway_address_ of_record_ bindings
get_service_border_ signaling_gateway_ statistics_calls_ by_server
get_service_ border_signaling_ gateway_statistics_ calls_by_sp
get_service_border_ signaling_gateway_ statistics_calls_
duration_by_server get_service_border_signaling
_gateway_statistics_calls_ duration_by_sp get_service_
border_signaling_gateway_ statistics_failed_calls_by_ server
CLI Commandshow services border-signaling-gateway
address-of-record bindings
Response Tag Element
show services border-signaling-gateway calls by-server
NONE
show services border-signaling-gateway calls
by-service-point
NONE
show services border-signaling-gateway calls-duration
by-server
NONE
show services border-signaling-gateway calls-duration
by-service-point
NONE
show services border-signaling-gateway calls-failed
by-server
NONE
Copyright 2012, Juniper Networks, Inc.
19
JUNOS 10.2 Software Release Notes
Table 1: JUNOS XML Tag Elements and CLI Command Equivalents New
in JUNOS 10.2 (continued)Request Tag Element get_service_
border_signaling_gateway _statistics_failed_calls_ by_sp
get_service_ bsg_registrations get_service_bsg_ registrations_
realm_statistics get_service_ bsg_registrations_ statistics
get_service_ border_signaling_ gateway_routing_ blacklist
get_service_ softwire_table_ information get_service_
fwnat_flow_table_ information get_subscribers_ summary get_system_
storage_partitions
CLI Commandshow services border-signaling-gateway calls-failed
by-service-point
Response Tag ElementNONE
show services border-signaling-gateway registrations
show services border-signaling-gateway registrations realm
show services border-signaling-gateway registrations
statistics
show services border-signaling-gateway routing-blacklist
show services softwire
show services softwire flows
show subscribers summary
show system storage partitions
20
Copyright 2012, Juniper Networks, Inc.
New Features in JUNOS Release 10.2 for M Series, MX Series, and
T Series Routers
Table 1: JUNOS XML Tag Elements and CLI Command Equivalents New
in JUNOS 10.2 (continued)Request Tag Element get_system_
virtual_memory_information
CLI Commandshow system virtual-memory
Response Tag Element
[JUNOS XML API Operational Reference]
Layer 2 Ethernet Services
Ethernet Ring Protocol (ERP) support for multiple ring instances
on the same physical ring (MX240, MX480, and MX960 routers)This
Layer 2 feature extends Ethernet Ring Protocol (ERP) support to
include multiple ring instances on the same physical ring on MX960,
MX480, and MX240 routers. Each ring instance will control a set of
virtual LAN (VLAN) IDs. For a physical ring, traffic between two
nodes usually follows the same path. By creating multiple ring
instances, some traffic passes through one path, while other
traffic can pass through a different path. The result is improved
load-balancing of traffic in the physical ring. To configure
multiple ring instances, include the data-channel configuration
statement with VLAN ID options at the [edit protocols
protection-group ethernet-ring group-name] hierarchy level. New
operational mode commands support this feature. To display data
channel information for all Ethernet ring protection groups, use
the show protection-group ethernet-ring data-channel command. To
display data channel information for a specific Ethernet ring
protection group, use the show protection-group ethernet-ring
data-channel groupname command. To display data channel VLAN
information for all Ethernet ring protection groups, use the show
protection-group ethernet-ring vlan command. To display data
channel VLAN information for a specific Ethernet ring protection
group, use the show protection-group ethernet-ring vlan groupname
command. [Layer 2 Configuration, Interfaces Command Reference]
MPLS Applications
Switching LSPs away from a network nodeYou can configure the
router to switch active LSPs away from a network node by using a
bypass LSP enabled for an interface. This feature can be used in
maintenance of active networks when a network device needs to be
replaced without interrupting traffic passing through the network.
The LSPs can be either static or dynamic. You need to first
configure either link or node protection for the traffic that needs
to pass around the network device you intend to disable. To
function properly, the bypass LSP must use a different logical
interface, rather than the protected LSP. To configure the router
to switch traffic around a network node, configure the
always-mark-connection-protection-tlv statement at the [edit
protocols mpls interface interface-name] hierarchy level. This
statement marks all OAM traffic transiting this interface in
preparation for switching the traffic to an alternate path based on
the OAM
Copyright 2012, Juniper Networks, Inc.
21
JUNOS 10.2 Software Release Notes
functionality. Next, configure the switch-away-lsps statement at
the [edit protocols mpls interface interface-name] hierarchy level.
This statement switches the traffic from the protected LSP to the
bypass LSP, effectively bypassing the default downstream network
device. The actual link is not brought down by this procedure
itself. This feature is supported on MX Series routers only.
[MPLS]
MPLS support on services PICsAdds MPLS label pop support for
services PICs on JUNOS routers. Previously, all MPLS traffic would
be dropped at the services PIC. No changes are required to CLI
configurations for this enhancement. In-service software upgrade
(unified ISSU) is supported for tag next hops for MPLS on services
PIC traffic, but no support is provided for tags over IPv6 packets
or labels on multiple gateways. [MPLS]
Hello acknowledgements for non-session RSVP neighborsYou can now
acknowledge hello messages sent from non-session RSVP neighbors
with a hello acknowledgement message by including the
hello-acknowledgements statement at the [edit protocols rsvp
hello-acknowledgements] hierarchy level. When hellos are received
from non-session neighbors, an RSVP neighbor relationship is
created and periodic hello messages can now be received from the
non-session neighbor. Interface-based neighbors are not
automatically aged out. [MPLS]
Multicast
Load-balancing multicast tunnel interfaces among available
PICsFor draft-rosen Layer 3 VPNs, enables you to manually
load-balance multicast tunnel interfaces across a configured list
of tunnel-capable PICs. To configure the list, include the
tunnel-devices statement at the [edit routing-instances
instance-name protocols pim] hierarchy level. In some cases, you
might need to manually force a rebalanced state. To do this, run
the request pim multicast-tunnel rebalance command with or without
the instance option. [Multicast]
Automatic Multicast Tunneling (AMT) supportAutomatic Multicast
Tunneling (AMT) facilitates dynamic multicast connectivity between
multicast enabled networks across islands of unicast-only networks.
This enables service providers, content providers, and their
customers that do not have multicast connectivity end-to-end, to
participate in delivering multicast traffic. AMT dynamically
establishes unicast-encapsulated tunnels between well-known
multicast-enabled relay points (AMT relays) and network points
reachable only through unicast (AMT gateways). The AMT protocol
provides for discovery and handshaking between relays and gateways
to establish tunnels dynamically without requiring explicit
per-tunnel configuration. AMT relays are typically routers with
native IP multicast connectivity that aggregate a potentially large
number of AMT tunnels.
22
Copyright 2012, Juniper Networks, Inc.
New Features in JUNOS Release 10.2 for M Series, MX Series, and
T Series Routers
AMT gateways are devices that require connection to the IP
multicast network but lack multicast routing capability or direct
connection to multicast-capable routers. Gateways may be either
individual hosts or routers that are partitioned from the larger
multicast infrastructure. AMT is described in detail in Automatic
IP Multicast Without Explicit Tunnels (AMT),
draft-ietf-mboned-auto-multicast-09.txt.
NOTE: Multicast sources located behind AMT gateways are not
supported.
To configure the AMT protocol, include the amt configuration
statement at the [edit protocols] hierarchy level.amt {
traceoptions { file ... flag all; flag errors; flag normal; flag
packets; flag tunnels; } relay { family { inet { local-address
ip-address; anycast-prefix ip-prefix/ip-prefix-len; } }
secret-key-timeout minutes; tunnel-limit number; } } }
To configure the IGMP attributes of AMT relay tunnels, include
the amt configuration statement at the [edit protocols igmp]
hierarchy level.igmp { amt { relay { defaults { (accounting |
no-accounting); group-policy [ policy-names ]; ssm-map
ssm-map-name; version version-number; query-interval
interval-seconds; query-response-interval interval-seconds;
robust-count count; } } } } }
Copyright 2012, Juniper Networks, Inc.
23
JUNOS 10.2 Software Release Notes
AMT logical interfaces are created dynamically and have an
interface identifier in the format ud-FPC/PIC/port.unit. To display
tunnel state information for active AMT tunnels, use the show amt
tunnel operational mode command. To display AMT protocol message
counts and error statistics, use the show amt statistics
operational mode command. To display the multicast source and group
addresses for an interface, use the show igmp group terse
operational mode command. To display gateway IP addresses and UDP
port numbers for AMT logical interfaces, use the show interfaces
detail operational mode command. To display default parameters for
active AMT interfaces, use the show igmp interface operational mode
command. To clear AMT tunnel states, use the clear amt tunnel
operational mode command. [Multicast, Network Interfaces]
Internet Group Management Protocol (IGMP) snooping support for
multichassis link aggregation group (MC-LAG) interfacesMultichassis
link aggregation group (MC-LAG) enables a device to form a logical
LAG interface with two or more network devices. You can use
multicast snooping over MC-LAG interfaces to replicate join and
leave messages between MC-LAG peer devices to facilitate faster
recovery of membership information after a service interruption.
Add the multichassis-lag-replicate-state statement at the [edit
multicast-snooping-options] hierarchy level to enable snooping for
MC-LAG interfaces. This feature supports dual-link MC-LAG
interfaces in an active-standby mode, in which only one link is in
active mode and the other is in standby mode at any given time. In
MC-LAG, if a standby link takes over as the active link, it can
recover the membership information of the interface from the
network by generating an IGMP query. However, this recovery can
take between 1 and 10 seconds, which is too long for some
applications. To keep service restoration time to a minimum, the
active link can use IGMP snooping to replicate membership
information to the standby link. In the active-standby mode, join
and leave messages are sent only through the active member link.
Once the messages are received by the active link, they are flooded
to all router interfaces, and forwarding entries are built for the
received messages. Additionally, the messages are replicated from
the active link to the standby link, using an Interchassis
Communication Protocol (ICCP) connection. The standby link applies
routine processing to the replicated packet, except that it does
not add itself as the next hop for any route, and it does not send
the replicated packet to the network. After a failover, the
multicast membership status of the link can be recovered within a
few seconds or less by retrieving the replicated messages. This
recovery is much faster than the 10second outage that can occur if
the recovery procedure relies only on IGMP queries. When this
feature is enabled, multicast snooping automatically identifies the
active link during initialization and failover, and runs without
any administrator intervention.
24
Copyright 2012, Juniper Networks, Inc.
New Features in JUNOS Release 10.2 for M Series, MX Series, and
T Series Routers
If the user deletes the configuration of IGMP snooping or
deletes the multichassis-lag-replicate-state statement, this
feature is disabled on that MC-LAG link or on the whole IGMP
snooping domain. The active device stops replicating IGMP messages
to the peer, and the IGMP data already installed on the standby
device times out. Use the show igmp snooping interface and show
igmp snooping membership commands to display group information on
both the active side and the standby side of an MC-LAG interface.
If the ICCP connection is lost, both links of the MC-LAG transition
to the active state, and the client device starts load-balancing
traffic between the two links. In this situation, the IGMP messages
are not replicated. [Multicast, Network Interfaces]
Internet multicast using ingress replication provider tunnelsA
new routing instance type uses existing JUNOS Software technology
and ingress replication provider tunnels to carry IP multicast data
between routers through an MPLS cloud. This enables a faster path
for multicast traffic between sender and receiver routers in
large-scale implementations. This configuration is available under
PIM and multicast virtual private network (MVPN) infrastructure.
The topology consists of routers on the edge of the IP multicast
domain that have a set of IP interfaces and a set of MPLS
core-facing interfaces. Internet multicast traffic is carried
between the IP routers using ingress replication provider tunnels
(data plane) and a full-mesh IGBP session (control plane) through
the MPLS cloud. The new mpls-internet-multicast routing instance
type is configured for the default master instance on each router
to support internet multicast over MPLS. When using PIM as the
multicast protocol, the mpls-internet-multicast configuration
statement is also included at the [edit protocols pim] hierarchy
level in the master instance to associate PIM with the
mpls-internet-multicast routing instance. The
mpls-internet-multicast routing instance is a non-forwarding
instance used only for control plane procedures; it does not
support any interface configurations. All multicast and unicast
routes used for internet multicast are associated only with the
master instance (inet.0), not with the routing instance. Each
router participating in internet multicast must be configured for
BGP MPLS-based internet multicast for control plane procedures.
Support for an ingress replication provider tunnel is also
configured on all routers to form a full mesh of MPLS
point-to-point label-switched paths (LSPs) for the data provider
tunnel. The technology standard used is BGP/MPLS IP MVPN, sometimes
referred to as next generation. The multicast IP traffic is
encapsulated by the routers and carried to other routers over the
LSPs formed by the ingress replication provider tunnel. These LSPs
can be existing LSPs or triggered dynamically when the routers use
autodiscovery. The ingress replication tunnel can be inclusive or
selective, depending on the provider tunnel configuration in the
routing instance. Additionally, the ingress replication provider
tunnel can be configured to create a new tunnel or to use an
existing tunnel when an application requests to add a destination.
[Multicast]
Copyright 2012, Juniper Networks, Inc.
25
JUNOS 10.2 Software Release Notes
Multiplay
Integrated Multi-Service Gateway (IMSG) access mode support
(VoIP subscriber management)The border signaling gateway (BSG) now
provides access mode support, which includes:
Recording of subscriber registrations Tracking of subscriber
address of record (AOR)
Access mode support enables the deployment of the BSG in a
service providers border with large business enterprises, small
offices, and home networks. The BSG enables endpoints and IPBXs to
register for SIP service with the carrier/service providers
registrar. Access mode support also enables new transaction
policies to filter incoming messages based on their registration
state. You can now configure additional filtering of incoming
messages by entering the uri-hiding and registration-state
statements for contacts and request URIs at the [editservices
border-signaling-gateway gateway gateway-name sip
new-transaction-policy policy-name term term-name from] hierarchy
level.
Signaling realms are assigned to the messages handled by service
points. The default signaling realm for a subscribers messages is
the ingress service point of their register message, so it is not
usually necessary to explicitly define signaling realms. However,
you may want to assign signaling realms to accumulate information
about messages flowing through different service points used by the
same customer. When a customer receives services through multiple
service points, information on the overall service provided can be
accumulated by assigning the same signaling realm to new
transaction policies at each service point. You configure signaling
realms that can be used in new transaction policies by entering the
signaling-realms statement at the [edit services
border-signaling-gateway gateway-name sip] hierarchy level. You
configure how messages are associated with a signaling realm by
entering the signaling-realms statement at the [edit
servicesborder-signaling-gateway gateway-name sip
new-transaction-policy term term-name]
hierarchy level. You can display information about subscriber
registrations, address of record, and signaling realm assignments
by using one of the following commands:
show services border-signaling-gateway address-of-record
bindings show services border-signaling-gateway registrations
You can clear registration statistics by using the following
commands:
clear services border-signaling-gateway registrations statistics
show services border-signaling-gateway registrations
subscription
[Multiplay Solutions, Services Interfaces, System Basics and
Services Command Reference]
Integrated Multi-Service Gateway (IMSG) redirection of messages
to contact addressWhen the border signaling gateway (BSG) receives
a 3XX response, it now
26
Copyright 2012, Juniper Networks, Inc.
New Features in JUNOS Release 10.2 for M Series, MX Series, and
T Series Routers
sends a redirected request using a request URI based on the
contact information in the 3XX response. You can specify the
maximum number of recursive redirection attempts allowed before
sending a 408 timeout response by entering the recursion-limit
statement at the [edit services border-signaling-gateway gateway
gateway-name sip new-transaction-policy policy-name term term-name
then on-3xx-response] hierarchy level. Requests are not redirected
for 380 responses. [Multiplay Solutions, Services Interfaces]
Integrated Multi-Service Gateway (IMSG) support for up to four
border signaling gateways (BSGs) on a routerYou can now configure
up to four border signaling gateways on a router. Each BSG must be
defined on a separate Multiservices PIC. [Session Border Control
Solutions]
Integrated Multi-Service Gateway (IMSG) border signaling gateway
(BSG) server clustersServer clusters allow routing incoming
transactions to one of several possible next-hops, thus providing
load balancing and server redundancy. Server clusters are defined
in the CLI and can be used as route policy actions. You define
server clusters by entering the server-cluster statement at the
[edit services border-signaling-gateway gateway gateway-name sip
routing-destinations] hierarchy level. Each cluster consists of
configured servers. In order to configure server clusters, you must
first configure individual servers and server availability checking
by entering statements at the [edit services
border-signaling-gateway gateway gateway-name sip
routing-destinations] hierarchy level. After configuring
routing-destinations, you can configure routing of transactions to
a particular server cluster by entering the server-cluster
statement at the [edit services border-signaling-gateway
gatewaygateway-name sip new-transaction-policy policy-name term
term-name then route]
hierarchy level. You can display call activity by server by
entering the show services border-signaling-gateway calls command
with the by-server option. If you do not use the by server option,
you must use the by-service-point option. You can no longer use the
show services border-signaling-gateway calls command without
specifying one of these two options. You can display unavailable
servers by entering the show services border-signaling-gateway
routing-blacklist command. [Session Border Control Solutions,
Services Interfaces, Systems Basics and Services Command
Reference]
Integrated Multi-Service Gateway (IMSG) support on M7i and M10i
routersM7i and M10i routers now support the IMSG running on an
MS-100 PIC. [Session Border Control Solutions]
Border Gateway Function (BGF) virtual BGF scabilityYou can now
configure up to 32 virtual BGFs on a router. Previously, you could
configure a maximum of eight virtual BGFs on a router. Those eight
virtual BGFs had to reside on a single Multiservices PIC. As of
JUNOS Release 10.2, eight virtual BGFs can be configured on each of
four Multiservices PICs. [Session Border Control Solutions]
Copyright 2012, Juniper Networks, Inc.
27
JUNOS 10.2 Software Release Notes
Routing Policy and Firewall Filters
Support for MPC firewall filter features (MX Series platforms
with Trio MPC/MIC interfaces)If you configure and apply firewalls
to an MX Series router with Trio MPCs/MICs, some match conditions
are not supported. Generally, all firewall functions are supported
through JUNOS Release 9.2. [Layer 2 Configuration]
Removal of input-list and output-list statements for firewall
filters for the ccc and mpls protocol families applied to loopback,
internal Ethernet, and USB modem interfacesThe input-list
filter-names and output list filter-names statements for firewall
filters for the ccc and mpls protocol families have been removed
for these interfaces: management and internal Ethernet interfaces
(fxp), loopback interfaces (lo), and USB modem interfaces (umd).
Configuration of input lists and output lists for firewall filters
for the ccc and mlps protocol families applied to other interfaces
are not affected. [Policy Framework]
Support for the discard action for the tricolor marking policer
applied to a firewall filterThe discard action was not previously
supported for the tricolor marking policer applied to a firewall
filter. With this support for the discard action, the tricolor
marking policer no longer needs to include the
logical-interface-policer statement at the [edit firewall
three-color-policer name] hierarchy level. This change applies only
to the following routers: M120, M320 with Enhanced-III FPCSs, MX
Series, and M7i and M10i with Enhanced CFEB (CFEB-E). [Policy
Framework]
Support for the match condition prefix-list for firewall filters
for the protocol family VPLSThis match condition is already
supported for IPv4 and IPv6 protocol families. To enable the
prefix-list firewall filters match condition for VPLS, include the
prefix-list prefix-list-name match condition at the [edit firewall
family vpls filter filter-name term term-name from] hierarchy
level. [Policy Framework]
Option to enable enhanced jtree memory allocation for Layer 3
VPNs (T640 and T1600 routers with Enhanced Scaling FPC3 and
Enhanced Scaling FPC4)To utilize memory across segments, JUNOS
Release 10.2 extends support for allocating jtree memory for Layer
3 VPNs in different segments. To enable jtree memory allocation,
use the route-memory-enhanced statement at the [edit chassis]
hierarchy level, and reboot all affected FPCs to activate the
configuration. To verify the configuration, use the show pfe fpc
slot detail command.
NOTE: For T Series routers only. With JUNOS Release 10.2,
enhanced jtree memory allocation is turned OFF by default. To
enable jtree memory allocation, use the route-memory-enhanced
statement at the [edit chassis] hierarchy level, and reboot all
affected FPCs to activate the configuration. For JUNOS Release 9.3
to 10.1, the default routing tables (inet.0 and inet6.0) use both
memory segments by default.
28
Copyright 2012, Juniper Networks, Inc.
New Features in JUNOS Release 10.2 for M Series, MX Series, and
T Series Routers
[System Basics]
Layer 2 Gigabit Ethernet logical interface policing support
extended to MX Series routersEnables you to configure the following
policer types on the input and output interfaces:
Single-rate two color Two-rate color-blind three color Two-rate
color-aware three color Single-rate color-blind three color
Single-rate color-aware three color
To configure, create the policer at the [edit firewall]
hierarchy level. In addition to the policer condition and action,
you must include the logical-interface-policer statement. To apply
the policer to the input or output interface, include the
layer2-policer statement at the [edit interface ge-fpc/pic/port
unit logical-unit-number] hierarchy level. [Network Interfaces,
Class of Service, Policy]
Routing Protocols
Only the system log notes failure to add routes to the Trio
MPC/MIC (MX Series platforms)For Layer 3 and MPLS features, the
Trio MPC/MIC is compatible with JUNOS Release 9.2. However, the
syslog process is the only mechanism that records failure to add
routes to the MPC. [Routing Protocols]
Keepalive support for GRE interfaces (ichip-based M Series and
MX Series routers)Enables GRE tunnel interfaces to detect when a
tunnel interface is down. This feature is needed in static routing
environments in which the keepalive mechanism in a dynamic routing
protocol cannot be relied upon to detect a link down condition. To
configure keepalives on GRE tunnel interface, include both the
keepalive-time statement and the hold-time statement at the [edit
protocols oam gre-tunnel interface interface-name] hierarchy
level.
NOTE: For proper operation of keepalives on a GRE interface, you
must also include the family inet statement at the [edit interfaces
interface-name unit unit] hierarchy level. If you do not include
this statement, the interface is marked as down.
[Services Interfaces, Interfaces Command Reference]
Support for OSPF database protection for OSPF and OSPFv3Enables
you to limit the number of link-state advertisements (LSAs) not
generated by the router in a given OSPF instance. This feature is
particularly useful for networks configured with VPN routing and
forwarding on provider edge and customer edge routers using the
OSPF routing protocol. By limiting LSAs not generated by the
router, the link-state database in your network is protected from
being overrun by excessive LSAs from sources other
Copyright 2012, Juniper Networks, Inc.
29
JUNOS 10.2 Software Release Notes
than your router. To enable database protection, include the
database-protection statement at the [edit protocols (ospf |
ospf3)] hierarchy level. This feature also supports routing
instances, logical systems, and OSPFv3 realsms. Besides configuring
the maximum number of LSAs not from the router, you can specify
parameters to determine how your network will respond when certain
conditions are met. These parameters include a warning threshold
for issuing warning messages, an ignore count to limit the number
of times the database can enter the ignore state before it goes
into the isolate state, and a reset time for resuming normal
operations if the database has avoided being in the ignore or
isolate state for the specified period of time. However, once the
link-state database enters the isolate state, a command to reset
the database must be issued before normal operations can be
resumed. In support of this feature, the clear ospf
database-protection command has been added, and the output for the
show ospf overview command has been enhanced to show the current
database protection status. [Routing Protocols]
Revert time for redundant Layer 2 pseudowiresYou can now modify
the behavior for redundant Layer 2 circuit and VPLS pseudowires by
configuring a revert time. When a primary pseudowire fails and
traffic is switched to an alternate pseudowire, the revert time
specifies how long the router should wait before attempting to
switch the traffic back to the primary pseudowire. The router does
not attempt to switch traffic back to the primary pseudowire if the
primary pseudowires has not been restored. To configure a revert
time for redundant Layer 2 pseudowires, specify a time, in seconds,
using the revert-time statement at the [edit protocols l2circuit
neighbor address interface interface-name] hierarchy level for
Layer 2 circuit configurations, and at the [edit routing-instances
routing-instance-name protocols vpls neighbor address] hierarchy
level for VPLS configurations. [VPNs]
Support for having the algorithm that determines that the single
best path skip the step that evaluates an AS pathBy default, the
third step of the algorithm that determines the active route
evaluates the length of an AS path. To enable the JUNOS Software to
skip this step, include the as-path-ignore statement at the [edit
protocols bgp path-selection] hierarchy level. You cannot configure
this statement for a specific routing instance. [Routing
Protocols]
Services Applications
Inline flow monitoring support (MX240, MX480, and MX960
only)Adds the capability to support flow monitoring and sampling
services inline in the data path, without the need for a services
PIC, on MX Series Modular Port Concentrators (MPCs). To configure
inline flow monitoring, include the inline-jflow statement at the
[edit forwarding-options sampling instance instance-name family
inet output] hierarchy level. Inline sampling exclusively supports
a new format called version-ipfix that uses UDP as the transport
protocol. When you configure inline sampling, you must include the
version-ipfix statement at the [edit forwarding-options sampling
instance instance-name family inet output flow-server address]
hierarchy level and also at the [edit services
30
Copyright 2012, Juniper Networks, Inc.
New Features in JUNOS Release 10.2 for M Series, MX Series, and
T Series Routers
flow-monitoring] hierarchy level. The following operational
commands include new inline fpc keywords to display inline
configuration information: show services accounting errors, show
services accounting flow, and show services accounting status.
[Services Interfaces, System Basics and Services Command
Reference]
AACL statistics for dynamic packet-triggered subscribersProvide
support for packet-triggered subscribers and policy control (PTSP)
statistics collection in a flat file using the local policy
decision function (L-PDF). If you specify in the rule that
statistics collection and reporting are based on application or
application group for each subscriber, then this flat file method
is used. To specify that PTSP statistics are reported, include the
flag pstp-statistics statement at the [edit system services
local-policy-decision-function traceoptions] hierarchy level. To
configure the AACL statistics profile to support PTSP statistics
collection, include the record-mode interim-active-only statement
at the [edit system services local-policy-decision-function
aacl-statistics-profile profile-name] hierarchy level and include
all-fields at the [edit system services
local-policy-decision-function aacl-statistics-profile profile-name
aacl-fields] hierarchy level. The following operational commands
display information about the packet-triggered subscribers: show
services subscriber bandwidth, show services subscriber
dynamic-policies, show services subscriber flows, show services
subscriber sessions, and show services subscriber statistics.
[Services Interfaces, System Basics and Services Command Reference,
Subscriber Access]
Subscriber Access Management
Support for subscriber management features on Trio MPC/MIC
interfaces (MX Series routers)Enables support for all subscriber
management features introduced in JUNOS Release 10.1 and
lower-numbered releases on Trio MPC/MIC interfaces available on MX
Series routers. For a list of the subscriber management features
and other protocols and applications supported on the MX Series
MPCs, see Protocols and Applications Supported by MX Series MPCs in
the MX Series 3D Universal Edge Routers Line Card Guide.
[Subscriber Access, MX Series Line Card ]
Subscriber secure policy traffic mirroring on Trio MPC/MIC
interfaces on MX Series routersEnables you to configure subscriber
secure policy traffic mirroring to provide RADIUS-initiated
mirroring for subscribers on interfaces that are running over Trio
MPC/MIC interfaces on MX Series routers. [Subscriber Access]
Support for frame and cell-shaping mode and byte adjustments on
static and dynamic subscriber interfaces (MX Series routers)Enables
you to configure frame-based and cell-based shaping mode and byte
adjustments on static or dynamic subscriber interfaces in a
broadband access network. This feature is supported on Trio MPC/MIC
interfaces on MX Series routers. In a broadband access network, ATM
traffic can be passed downstream from other customer premise
equipment (CPE) to the MX Series router. Managing the bandwidth
Copyright 2012, Juniper Networks, Inc.
31
JUNOS 10.2 Software Release Notes
of downstream ATM traffic to Ethernet interfaces can be
difficult because of the different Layer 2 encapsulations. You can
configure the shaping mode to shape downstream ATM traffic based on
either frames or cells. In frame shaping mode, shaping is based on
the number of bytes in the frame, without regard to cell
encapsulation or padding overhead. Frame is the default shaping
mode on the router. In cell shaping mode, shaping is based on the
number of bytes in cells and accounts for the ATM cell
encapsulation and padding overhead. When you specify cell shaping,
the resulting traffic stream conforms exactly to the policing rates
configured in downstream ATM switches, reducing the number of
packet drops in the Ethernet network. In addition, you can account
for the different byte sizes per encapsulation by configuring a
byte adjustment value for the shaping mode. For example, you can
configure frame shaping mode and a byte adjustment value to account
for differences in Layer 2 protocols for downstream Ethernet
traffic. To configure the shaping mode, include the new
overhead-accounting (frame-mode | cell-mode) statement at the [edit
class-of-service traffic-control-profiles profile-name] hierarchy
level or the [edit dynamic-profiles class-of-service
traffic-control-profiles profile-name] hierarchy level. To
configure byte adjustments, include the bytes byte-value option
with the overhead-accounting (frame-mode | cell-mode) statement. We
recommend that you configure the byte-value that represents the
difference between the CPE protocol overhead and the BRAS protocol
overhead. The configurable range is -120 to 124 bytes. [Subscriber
Access, Class of Service]
Support for dynamic distribution of excess bandwidth among
different subscriber services on subscriber interfaces (MX Series
routers with Trio MPC/MIC interfaces)Enables you to control the
distribution of excess bandwidth sharing on dynamic subscriber
interfaces on Trio MPC/MIC interfaces available on MX Series
routers. In earlier releases, excess bandwidth sharing was
supported on EQ DPCs only. Service providers often used tiered
services that must utilize excess bandwidth as traffic patterns
vary. By default, excess bandwidth between a configured guaranteed
rate and shaping rate is shared equally among all queues with the
same excess priority value, which might not be optimal for all
subscribers to a service. To configure the excess rate for a
traffic control profile in a dynamic profile, include the
excess-rate statement at the [edit dynamic-profiles profile-name
class-of-service traffic-control-profiles profile-name] hierarchy
level and apply the traffic control profile at the [edit
dynamic-profiles profile-name class-of-service interfaces
interface-name] hierarchy level. To configure the excess rate for a
queue, include the excess-rate and excess-priority statements at
the [edit dynamic-profiles profile-name class-of-service scheduler
scheduler-name] hierarchy level. [Subscriber Access]
Support for MAC address validation on Trio MPC/MIC interfaces on
MX Series routersEnables MAC (source address) validation to use
filters over Trio MPC/MIC
32
Copyright 2012, Juniper Networks, Inc.
New Features in JUNOS Release 10.2 for M Series, MX Series, and
T Series Routers
interfaces on MX Series routers. MAC validation is the process
of verifying that the origin of the MAC address received matches
the origin present in the router ARP entry table. You can enable
MAC validation in either strict or loose mode on static or dynamic
demux interfaces using dynamic profiles. [Subscriber Access]
Support for IP demux subscriber secure policy and MAC validate
configuration on Trio MPC/MIC interfacesEnables the configuration
of subscriber secure policy and MAC validation using dynamic IP
demux interfaces over Trio MPC/MIC physical interfaces on MX Series
routers. [Subscriber Access]
Support for dynamic 802.1Q VLAN interface configuration for
PPPoE over Trio MPC/MIC interfaces on MX Series routersEnables you
to configure dynamic 802.1Q VLANs for PPPoE on Trio MPC/MIC
interfaces on MX Series routers. This support includes an
enhancement to the accept statement to include a new pppoe VLAN
Ethernet packet type. You can specify this packet type at the [edit
interfaces interface-name auto-configure vlan-ranges
dynamic-profile profile-name] and the [editinterfaces
interface-name auto-configure stacked-vlan-ranges dynamic-profile
profile-name] hierarchy levels. The pppoe VLAN Ethernet packet type
option is supported
only for Trio MPC/MIC interfaces on MX Series routers.
[Subscriber Access]
Support for IPv6 demux configuration on Trio MPC/MIC interfaces
on MX Series routersEnables dynamic IPv6 demux configuration on
Trio MPC/MIC interfaces on MX Series routers. [Subscriber
Access]
Support for dynamic CoS for IP demux interfaces on Trio MPC/MIC
interfaces (MX Series routers)Enables you to configure dynamic CoS
for a static or dynamic IP demultiplexing (demux) subscriber
interface on the Trio MPC/MIC interfaces available on MX Series
routers. In earlier releases, dynamic CoS for IP demux interfaces
was supported on EQ DPCs only. Hierarchical CoS for aggregated
Ethernet interfaces is now supported on the Trio MPC/MIC family
when a static or dynamic demux subscriber interface is the
underlying interface. In earlier releases, hierarchical CoS for
aggregated Ethernet was only supported on the Trio MPC/MIC family
when a static or dynamic VLAN was the underlying interface.
[Subscriber Access]
Support for non-hierarchical dynamic CoS configurations on
subscriber interfaces (MX Series routers)Enables you to dynamically
configure per-unit scheduling for subscriber interfaces configured
on EQ DPCs and Trio MPC/MIC interfaces on MX Series routers and
Ethernet Enhanced IQ2 (IQ2E) PICs on M120 and M320 routers. In
earlier releases, you had to enable hierarchical scheduling prior
to configuring a dynamic access or service profile with CoS
parameters. In per-unit scheduling configurations, each Layer 3
scheduler node is allocated a dedicated set of queues. If you do
not explicitly configure CoS parameters, a default traffic profile
with queues is
Copyright 2012, Juniper Networks, Inc.
33
JUNOS 10.2 Software Release Notes
attached to the logical interface. Interfaces are not
dynamically created with a new set of queues when the existing
queue limit is reached. To enable per-unit scheduling for the
subscriber interface, include the per-unit-scheduler statement at
the [edit interfaces interface-name] hierarchy level. You can then
configure dynamic CoS parameters at the [edit dynamic-profiles
profile-name class-of-service] hierarchy level and the remaining
static parameters at the [edit class-of-service] hierarchy level.
[Subscriber Access]
PPPoE service name table enhancements (M120, M320, and MX Series
routers)Support the following new and enhanced features for PPPoE
service name tables:
Configuration of any service. The any service acts as a default
service for non-empty service entries that do not match the empty
or named service entries configured in the PPPoE service name table
on the router. The any service is useful when you want to match the
agent circuit ID and agent remote ID information for a PPPoE
client, but do not care about the service name tag that is
transmitted in the control packet. To configure the any service,
include the service any statement at the [edit protocols pppoe
service-name-table table-name] hierarchy level.
Association of agent circuit identifier/agent remote identifier
(ACI/ARI) pairs with empty or any service. Associating an ACI/ARI
pair wi