JUNOS 9.0 Software Release Notes - An Arrow Company€¦ · To configure an address-assignment...

JUNOS 9.0 Software Release Notes

Release 9.0R211 March 2008Part Number: 530–022199–01Revision R2

These release notes accompany Release 9.0R2 of the JUNOS software. They describethe documentation for the routing platforms and known problems with the software.JUNOS software runs on all Juniper Networks J-series, M-series, MX-series, and T-seriesrouting platforms.

You can also find these release notes on the Juniper Networks Technical PublicationsWeb page, which is located at http://www.juniper.net/techpubs/.

Contents Release 9.0 Features .......................................................................................4Hardware ..................................................................................................4User Interface and Configuration ..............................................................5Interfaces and Chassis ..............................................................................7Services Applications ..............................................................................10Routing Protocols ....................................................................................11MPLS Applications ..................................................................................14Multicast .................................................................................................15VPNs .......................................................................................................60Routing Policy and Firewall Filters ..........................................................17Class of Service .......................................................................................19Network Management ............................................................................19JUNOScope .............................................................................................22JUNOS XML API and Scripting .................................................................22System Log .............................................................................................25Juniper Networks Partner Solution Development Program ......................28

Changes in Default Behavior and Syntax .......................................................28Hardware ................................................................................................28Software Installation ...............................................................................29Platform and Infrastructure .....................................................................29User Interface and Configuration ............................................................29

■ 1

http://www.juniper.net/techpubs/

Interfaces and Chassis ............................................................................30Services Applications ..............................................................................32General Routing ......................................................................................33Routing Protocols ....................................................................................33MPLS Applications ..................................................................................35VPNs .......................................................................................................35Class of Service .......................................................................................36Forwarding and Sampling .......................................................................36Routing Policy and Firewall Filters ..........................................................36

Current Software Release ..............................................................................36Resolved Issues .......................................................................................37

Software Installation and Upgrade ....................................................37Platform and Infrastructure ..............................................................37User Interface and Configuration ......................................................38Interfaces and Chassis ......................................................................38Routing Protocols .............................................................................39MPLS Applications ............................................................................39VPNs ................................................................................................39Class of Service ................................................................................39Forwarding and Sampling ................................................................40

Outstanding Issues ..................................................................................40Software Installation and Upgrade ....................................................40Platform and Infrastructure ..............................................................40User Interface and Configuration ......................................................43Interfaces and Chassis ......................................................................44Services Applications ........................................................................47Routing Protocols .............................................................................49MPLS Applications ............................................................................50VPNs ................................................................................................51Class of Service ................................................................................51Forwarding and Sampling ................................................................52Routing Policy and Firewall Filters ....................................................52Network Management ......................................................................53

Previous Releases ..........................................................................................53Resolved Issues .......................................................................................53

Platform and Infrastructure ..............................................................53User Interface and Configuration ......................................................54Interfaces and Chassis ......................................................................54Services Applications ........................................................................56Routing Protocols .............................................................................56MPLS Applications ............................................................................57VPNs ................................................................................................57Class of Service ................................................................................58Forwarding and Sampling ................................................................58Network Management ......................................................................58

Errata ............................................................................................................58User Interface and Configuration ............................................................59Interfaces and Chassis ............................................................................59General Routing ......................................................................................59Routing Protocols ....................................................................................60MPLS Applications ..................................................................................60

2 ■


VPNs .......................................................................................................60Class of Service .......................................................................................61Network Management ............................................................................62

M-series, MX-series, and T-series Upgrade and Downgrade Instructions .......62Upgrade to Release 9.0 ...........................................................................62Upgrade for a Routing Matrix ..................................................................64Downgrade from Release 9.0 ..................................................................64

J-series Upgrade and Downgrade Instructions ...............................................65Upgrade and Downgrade Overview ........................................................66

Upgrade Software Packages .............................................................66Recovery Software Packages ............................................................66

Before You Begin ....................................................................................67Downloading Software Upgrades from Juniper Networks ........................67Installing Software Upgrades with the J-Web Interface ............................68

Installing Software Upgrades from a Remote Server .........................68Installing Software Upgrades by Uploading Files ..............................69

Installing Software Upgrades with the CLI ...............................................69Installing Software Upgrades by Downloading Files .........................70Installing Software Upgrades from a Remote Server .........................70

Downgrade Instructions ..........................................................................71Downgrading the Software with the J-Web Interface ........................71Downgrading the Software with the CLI ...........................................72

Special Instructions for J-series Routers with a 256-MB CompactFlash ................................................................................................72

Cleaning Up Files ....................................................................................73Verifying Available Compact Flash Space ................................................73Increasing the Compact Flash Space .......................................................74

Removing the Swap Partition ...........................................................75Configuring the Unused Swap Partition ............................................75

Changes to Documentation ...........................................................................76List of Technical Publications ........................................................................76Documentation Feedback ..............................................................................83Requesting Technical Support .......................................................................84Revision History ............................................................................................85

■ 3

Release 9.0 Features

The following features have been added to JUNOS Release 9.0. Following thedescription is the title of the manual or manuals to consult for further information.For a complete list of manuals, see Table 4 on page 77, Table 5 on page 81, andTable 7 on page 83.

NOTE: Juniper Networks will discontinue offering printed documentation for JUNOSsoftware documentation, M-series and T-series hardware installation and PIC guides,and the JUNOScope User Guide, starting with JUNOS Release 9.0. The following modelnumbers will no longer be available:

■ JUNOS-DOC-S

■ JNCSP-DOC-S

■ DOC-M10i-HW-S

■ DOC-M120-HW-S

■ DOC-M160-HW-S

■ DOC-M20-HW-S

■ DOC-M320-HW-S

■ DOC-M40e-HW-S

■ DOC-M7i-HW-S

■ DOC-MX960-HW-S

■ DOC-T320-HW-S

■ DOC-T640-HW-S

■ DOC-TX-HW-S

Juniper Networks will continue to include printed Quick Start Guides with routershipments, and specific installation documentation will continue to be shipped withfield-replaceable units (FRUs).

Hardware

■ T1600-FPC3 (Type 3) for the T640 and T1600 routing node—New Flexible PICConcentrators (FPCs):

■ Enhanced III FPCs support the 1-port Type 2 SONET/SDH OC48c/STM16 PIC(PB-1OC48-SON-SMSR) and the 1-port Type 2 SONET/SDH OC48c/STM16PIC (PB-1OC48-SON-SMLR)on the M320 router. [M320 PIC Guide]

■ Enhanced III FPCs (1600-FPC3) include one Packet Forwarding Engine andthe capacity of up to 50 Gbps throughput. Each T1600-FPC3 supports up tofour type 3 PICs.

■ Support for Ethernet OAM (802.3ah, 802.1ag)—Supported on the 4-port10-Gigabit Ethernet Type 4 PIC in the T640 and T1600 routers.

4 ■ Release 9.0 Features


■ MX240 router—The MX240 is a 4-slot MX-series router. The MX240 is the thirdplatform in the MX-series of routers. The MX240 supports the same softwarefeature set as the MX960 and MX480 routers.

User Interface and Configuration

■ Address-assignment pools (M-series, MX-series, and T-series routingplatforms)—Enables the creation of a single address pool that can be shared bydifferent client applications, such as DHCP. Address-assignment pools supportnamed address ranges, which are subsets of the overall address range, and whichcan be used by client applications to manage address assignment based onclient-specific criteria. Address-assignment pools support both dynamic andstatic address assignment. To configure an address-assignment pool, include theaddress-assignment statement at the [edit access] hierarchy level. Theaddress-assignment pools feature does not support graceful Routing Engineswitchover. [System Basics, System Basics and Service Command Reference]

■ JUNOS licensing—Enables lifetime use of certain licensable feature or scalingpacks on the JUNOS software platform. JUNOS feature or scaling license packsare key-based. Although you can configure a licensable feature for a grace period,you must eventually purchase a license key from Juniper Networks to continueusing the licensable feature or scaling level. This release supports only a newAccess Management Feature Pack License Key. In this release, the license keyonly enables DHCP to obtain address pool definitions. To display license keyinformation, issue the show system license command. [Software Installation andUpgrade, System Basics and Services Command Reference]

■ Extended DHCP local server (M-series, MX-series, and T-series routingplatforms)—Extends and enhances traditional DHCP operation. With the extendedDHCP local server, the client configuration information resides in a centralizedaddress-assignment pool, which supports advanced pool matching and addressrange selection. The extended DHCP local server can use DHCP option 82information in the client PDU to determine which address-assignment pool touse and the client configuration information, including the user-defined optionsin the address-assignment pool, that is presented to the client. The DHCP localserver can be configured on a per logical router and routing instance basis. Thisenables the feature to be configured independently on any named routinginstance, including the default, for any logical router. The DHCP local serverfeature does not support graceful Routing Engine switchover. [System Basics]

■ New L2TP RADIUS display command (M-series, MX-series, T-series, and TXMatrix routing platforms)—Allows you to display server-related and statisticalinformation for the RADIUS servers configured on the router. To obtain thisoutput, issue the show services l2tp radius command. You can include optionalkeywords to limit the output to authentication or accounting information only,or to server-related or statistical information only. [System Basics]

■ CC and FIPS are certified on 8.5R1. [Secure Configuration Guide]

■ Support for DSCP marking in default H.248 properties for the packet gateway(T640 and MultiServices 500 PICs)—Enables you to configure a defaultDifferentiated Services code point (DSCP) value that the virtual packet gateway(VPG) uses for outgoing traffic when the DSCP value is not already defined bythe PGC. The DiffServ package is defined in annex A.2 of the Gateway ControlProtocol v3, ITU-T Recommendation H.248.1, September 2005. In the current

Release 9.0 Features ■ 5


release, all eight bits are exposed, but only the six leading bits are significant tothe packet. The default value is 0x00.

To configure the DSCP value, include the new diffserv dscp (dscp-value | alias |do-not-change) statement at the [edit services pgcp gateway gateway-nameh248-properties] hierarchy level. To view the DSCP value for the gate, use theshow services pgcp gates gateway-name extensive command. [System Basics,Multiplay Solutions, Services Interfaces]

■ Unified in-service software upgrade (ISSU)—Enables you to upgrade betweentwo different JUNOS software releases with no disruption on the control planeand with minimal disruption of traffic. Unified ISSU is only supported by dualRouting Engine platforms. In addition, graceful Routing Engine switchover (GRES)and nonstop active routing (NSR) must be enabled.

ISSU provides the following benefits:

■ Eliminates network downtime during software image upgrades

■ Reduces operating costs, while delivering higher service levels

■ Allows fast implementation of new features

With JUNOS 9.0, supported routing platforms are the M320, T320, and T640routers. For information about supported PICs on these platforms, see the JUNOSHigh Availability Configuration Guide. Supported protocols are BGP, IS-IS, LDP,and OSPF/OSPFv3. Unsupported PICs do not prevent a unified ISSU. The softwareissues a warning to indicate that these PICs will restart during the upgrade.Similarly, an unsupported protocol configuration will not prevent a unified ISSU.The software issues a warning that packet loss may occur for the protocol duringthe upgrade.

NOTE: Unified ISSU does not support extension application packages developedusing the Juniper Partner Solution Development Platform (PSDP) SDK.

To perform a unified ISSU, complete the following steps:

1. Enable Graceful Routing Engine switchover and nonstop active routing. Verifythat the Routing Engines and protocols are synchronized.

2. Download the new software package from the Juniper Networks SupportWeb site and then copy the package to the router.

3. Issue the request system software in-service-upgrade command on the masterRouting Engine.

To view information about the ISSU status, issue the show chassisin-service-upgrade command. [High Availability]

■ When a unified ISSU stops progressing, use the request system software abortin-service-upgrade command to stop the upgrade. You must issue this commandin a new session on the router (separate from the existing session used to startthe unified ISSU). Then check the existing router session to verify that the upgradehas been aborted. An “ISSU: aborted!” message appears. Additional system



messages provide you with information about where the upgrade stopped andrecommendations for the next step to take. [High Availability Configuration Guide]

■ Address assignment pool—The address assignment pool feature is part of theAccess Management Feature Pack License. You can configure the addressassignment pool feature for a grace period; however, you must eventuallypurchase a license key from Juniper Networks to continue using the feature. Todisplay license key information, issue the show system license command. [SystemBasics Guide, Software Installation and Upgrade]

Interfaces and Chassis

■ Bidirectional optics for wavelength-division multiplexing (WDM) MX960routers support bidirectional optics used for wavelength-division multiplexing(WDM). Optics with a 1310 nm transmit wavelength are the up link. Optics witheither 1490 nm or 1550 nm transmit wavelength are the down link. The showinterfaces diagnostics optics command displays the wavelengths for the up linkand down link. The show chassis hardware command displays the PIC and SFPdescriptions. [Interfaces Command Reference, System Basics and Services CommandReference]

■ Optical Transport Network support—M120, M320, and T-series routers supportOptical Transport Network (OTN) optics for 10-Gigabit Ethernet interfaces. Theshow interfaces diagnostics optics command also supports OTN optics. [InterfacesCommand Reference, System Basics and Services Command Reference, PIC Guides]

■ IEEE 802.1ag OAM Linktrace Protocol—Adds support for IEEE 802.1ag linktracefunctions on Gigabit Ethernet and 10-Gigabit Ethernet interfaces for the M320,MX-series, and T-series routing platforms. The linktrace functions are used forpath discover and troubleshooting in service provider Ethernet networks. Thisfeature also adds GRES and stacked VLAN support for IEEE 802.1ag functions.IEEE 802.1ag connectivity fault management functions were implementedpreviously. To configure IEEE 802.1ag functions, include the linktrace statementat the [edit protocols oam ethernet connectivity-fault-management] hierarchy level.[Network Interfaces]

■ Preferred source address configuration on unnumbered Ethernet interfaces(M120, M320, and MX–series routers)—When a loopback interface with multiplesecondary IPv4 addresses is configured as the donor interface for an unnumberedEthernet interface, you can optionally specify any one of the loopback interface'ssecondary addresses as the preferred source address for the unnumbered Ethernetinterface.

This feature is useful for configurations in which you want to use an IP addressother than the primary IP address on some of the unnumbered Ethernet interfacesin your network.

To configure a secondary address on a loopback donor interface as the preferredsource address for an unnumbered Ethernet interface, include thepreferred-source-address option in the unnumbered-address statement at eitherof the following hierarchy levels: [edit interfaces interface-name unitlogical-unit-number family inet unnumbered-address interface-name] or [editlogical-routers logical-router-name interfaces interface-name unit logical-unit-numberfamily inet unnumbered-address interface-name] To display the preferred source



address of an unnumbered Ethernet interface, use the show interfaces operationalmode command. [Network Interfaces]

■ Graceful Routing Engine switchover (GRES) support for new PIC type—GracefulRouting Engine switchover is supported on the new 4-port 10-Gigabit EthernetLAN/WAN (Type 4) PIC with XFP support on T640, T1600, and TX Matrix routingplatforms.

■ ATM to Gigabit Ethernet interworking feature (M120, M320, and T-seriesrouting platforms)—This feature provides interworking between ATM and Ethernetframes, where the VCI/VPI of the ATM cell is mapped to a stacked inner andouter VLAN tag. This feature is helpful in situations involving Broadband RemoteAccess Server (BRAS) migration from ATM to Ethernet.

Juniper ATM2 interfaces will be used to terminate ATM DSLAM traffic, thenforward this traffic with a circuit-cross-connect (CCC) encapsulation to a local orremote IQ2 interface, where this CCC encapsulation is converted to a stackedVLAN representation for transmission through a VLAN tagged Ethernet network.[Network Interfaces]

■ Static IP demultiplexing interface (MX-series and M-series platforms)—Enablesyou to configure IP demultiplexing (demux) interfaces over an underlying logicalinterface. To configure, include the demux0 interface statement at the [editinterfaces] hierarchy level, specify an underlying interface at the [edit interfacesinterface-name unit logical-unit-number demux-options] hierarchy level, define theprotocol family type for the underlying interface at the [edit interfacesinterface-name unit logical-unit-number family family] hierarchy level, and configureone or more source or destination prefixes to match against incoming packetsat the [edit interfaces interface-name unit logical-unit-number] hierarchy level. Todisplay status information about IP demux interfaces, issue the show interfacesdemux0 command. [Network Interfaces]

■ VRRP feature—VRRP can track whether a route is reachable and dynamicallychange the priority of the VRRP group based on the reachability of the trackedroute, which might trigger a new master router election.

To configure a route to be tracked, include the route statement at the [editinterfaces interface-name unit logical-unit-number family (inet | inet6) address address(vrrp-group | vrrp-inet6-group) track] or [edit logical-router logical-router-nameinterfaces interface-name unit logical-unit-number family (inet | inet6) address address(vrrp-group | vrrp-inet6-group) track] hierarchy levels. [High Availability, NetworkInterfaces]

■ 802.1p BA classification through Ethernet VPLS over ATM LLC interfaceencapsulation (M320, M120, MX-series)—This feature adds support for 802.1pclassification through the Ethernet VPLS over ATM LLC interface encapsulation.To enable this feature, include the ether-vpls-over-atm-llc statement at the [editinterfaces at-fpc/pic/port] hierarchy level. This feature is only supported on ATM2IQ Logical Interfaces. [Network Interfaces]

■ Modified show commands to include the MX-240—The following commandshave been modified to include information on the MX-240:



■ show chassis hardware

■ show chassis hardware detail

■ show chassis hardware extensive

■ show chassis mac-addresses

■ show chassis alarms

■ show chassis clocks

■ show chassis firmware

■ show chassis craft-interface

■ show chassis ethernet-switch

■ show chassis routing-engine

■ show chassis fpc

■ show chassis fpc pic-status

■ show chassis pic fpc-slot slot pic-slot pic-slot

■ show chassis env

■ show chassis env [pem | cb | fpc | fpm | routing-engine

■ show chassis env cb local-slot fpga i2cs

The following commands restart chassisd and DPCs:

■ restart chassisd

■ restart chassisd hard

■ restart chassisd soft

All chassis components, except for PEMs and fans, can be brought online oroffline using the following commands:

■ request chassis fru slot slot offline

■ request chassis fru slot slot online

where fru can be scb, fpc, pic, feb, or routing-engine.



Services Applications

■ Support for NAT pool selection based on direction in the packet gateway(T640 with Multiservice 500 PICs)—Enables the packet gateway (PG) to choosea NAT pool based on the direction of the termination rather than the virtualinterface. To configure the PG to choose the NAT pool by direction, specify ahint value that is matched with the hint value configured in the Direction field ofthe termination ID. Note that the Direction field is not part of the standardtermination ID. To specify a hint value or a list of hint values, include the hintstatement in the [edit services nat pool] hierarchy level. [Multiplay Solutions;Services Interfaces]

■ Flow aggregation to multiple collectors (M-series, T-series, and MX-seriesplatforms)—Enables you to configure replication of sampled flow records tomultiple flow servers, up to a maximum of eight servers. You can configure eitherRouting Engine-based sampling using cflowd version 5 or version 8, or servicesPIC-based sampling using flow aggregation version 9. There are no new CLIstatements or commands. [Services Interfaces, Feature Guide]

■ DFC threshold range changed (M320, T320, and T640)—The range ofconfigurable values for the Dynamic Flow Capture (DFC) input-packet-rate-thresholdstatement is now 0 through 1 Mpps; previously it was 0 through 300 Kpps. ThePIC calibrates the value accordingly; the Monitoring Services III PIC caps thethreshold value at 300 Kpps and the MultiServices 400 PIC uses the full configuredvalue. [Services Interfaces]

■ DFC liberal sequence windowing (M320 and T-series platforms)—Implementsa negative window for the Dynamic Flow Capture (DFC) sequence numbersreceived in the Dynamic Task Control Protocol (DTCP) packets. Previously, theDFC application accepted only DTCP packets with sequence numbers greaterthan those previously received; the negative window enables the application toaccept DTCP packets with lower sequence numbers, up to a certain limit. Thislimit is the negative window size; the positive and negative window sizes are+256 or -256 respectively, relative to the current maximum sequence numberreceived. No configuration is required to activate this feature; the window sizesare hard-coded and nonconfigurable. [Services Interfaces]

■ Support for RTP and RTCP application layer gateways on the packet gatewayfeature (T640 and MultiServices 500 PICs)—Enables you to configure RTP andRTCP ALG features for monitoring twice NAT flows that are created when thePGC installs media gates on the PG. You can only enable these ALGs for twiceNAT flows created by the PG. To configure RTP and RTCP ALGs, include the newmonitor statement at the [edit services pgcp gateway gateway-name] hierarchylevel. You can monitor RTP and RTCP ALG statistics. The statistics section of theshow services pgcp gateway gateway-name extensive command output has beenenhanced to show RTP statistics, as well as RTCP sender and receiver statistics.[Services Interfaces, System Basics]

■ Graceful Routing Engine switchover (GRES) is supported in case of a RoutingEngine failure—If a failure of the Routing Engine stops the PGCP process, theJUNOS high-availability framework detects the Routing Engine failure, andswitches control of the packet gateway to the PGCP process on the backupRouting Engine. The PGCP process stores completed H.248 transactions, andthese transactions survive a restart or a switchover.



When the IPC connection between the pgcpd process and the MultiServices PICis being reestablished, a synchronization procedure is performed. Thissynchronization process restores the previous state of gates, so existing H.248sessions stay alive.

The synchronization process can result in the mismatching of gates. For example,the pgcpd process might detect gates that exist in the Routing Engine, but aremissing in the PIC. In this case, the pgcpd process reinstalls the gates on the PIC.Alternatively, if the pgcpd process detects gates that exist on the PIC, but not onthe Routing Engine, it removes the gates from the PIC. Another scenario is whenthe pgcpd process detects gates that exist on the PIC and on the Routing Engine,but the versions of the gates do not match. In this case, the pgpcd processdeactivates the gates that do not match. [Multiplay Services Guide, HighAvailability]

■ Support for configuring service state for virtual interfaces in the packetgateway (T640 with Multiservice 500 PICs)—Enables you to set the service stateof a virtual interface. You can set a virtual interface to in-service, or you canperform a forced or graceful shutdown of the virtual interface. This feature isuseful when you do not want to shut down the entire VPG. To set the servicestate of a virtual interface, enter the set service-state statement at the [edit servicespgcp gateway gateway-name virtual-interface] hierarchy level: service-state (in-service| out-of-service-forced | out-of-service-graceful) To view the status of a virtualinterface, use the show services pgcp active-configuration command. [SystemBasics and Services Command Reference; Services Interfaces]

Routing Protocols

■ Expanded BGP and Layer 3 VPN support for Ethernet services DPCs—MX-seriesrouters configured to be in Ethernet-services mode can now also support someof the JUNOS Internet software BGP and Layer 3 VPN features. For BGP, supporthas been added for family inet, family inet-vpn, and the route-target statement.However, for family inet, only unicast and labeled unicast are supported. Bydefault, the size of global routing table inet.0 for BGP and IGP is limited to 32Kroutes in Ethernet services mode. For Layer 3 VPNs, Ethernet services modesupports configuring a loopback interface for a VRF. You can configure up totwo VRFs in Ethernet services mode. Each VRF can handle up to 10,000 routes.The ping mpls l3vpn operational mode command is also supported. [VPNs, RoutingProtocols]

■ Nonstop routing supported for Routing Information Protocol (RIP) and RIPnext generation (RIPng)—Nonstop routing (NSR) uses the same infrastructureas graceful Routing Engine switchover (GRES) to preserve interface and kernelinformation. However, nonstop routing also saves routing protocol informationby running the routing protocol process (rpd) on the backup Routing Engine. Bysaving this additional information, nonstop routing is self-contained and doesnot rely on helper routers to assist the routing platform in restoring routingprotocol information.

To enable nonstop routing, include the following configuration statements:

■ graceful-switchover statement at the [edit chassis redundancy] hierarchy level

■ commit synchronize statement at the [edit system] hierarchy level



■ nonstop-routing statement at the [edit routing-options] hierarchy level

To trace nonstop routing synchronization events for RIP or RIPng, include thetraceoptions flag nsr-synchronization statement at the [edit protocols rip] or [editprotocols ripng] hierarchy level. [High Availability]

■ New minimum-hold-time statement for BGP (M120, M320, and T-seriesplatforms)—Enables you to configure a minimum hold-time value to use whennegotiating a connection with a BGP peer. Include the minimum-hold-time secondsstatement at the [edit protocols bgp], [edit protocols bgp group group-name], or[edit protocols bgp group group-name neighbor neighbor-address] hierarchy levels.

The range that you can configure is from 6 through 65,535. This value is notadvertised as the hold time. You continue to configure the advertised BGP holdtime by including the hold-time statement. The minimum hold-time value mustbe less than or equal to the configured hold time or 90 seconds if you do notconfigure the hold-time statement. [Routing Protocols]

■ IPv4 subnet support on loopback interfaces (M-series and MX-seriesplatforms)—Enables you to configure IPv4 subnet loopback interface addresseson inet address families for aggregating routes. If you configure a subnet routeon a loopback interface, two loopback interface routes are installed. The subnetroute (for example, 15.15.15.0/24) is installed as a direct route and a host route(15.15.15.15/32) is installed as a local route.

To configure, specify a subnetwork address when configuring the loopbackinterface (lo0) at the [edit interfaces] hierarchy level. [Routing Protocols, Interfaces]

■ VLAN Spanning Tree Protocol (MX-series routers)—The VLAN Spanning TreeProtocol (VSTP) maintains a separate spanning tree instance for each VLAN andis compatible with the Per-VLAN Spanning Tree Plus (PVST+) and Rapid-PVST+protocols supported on Cisco Systems routers and switches.

To configure VSTP, include the vstp statement at the [edit protocols] or [editrouting-instances routing-instance-name protocols] hierarchy level. To enable aVSTP instance for a specified VLAN, include the vlan statement at the [editprotocols vstp] or [edit routing-instances routing-instance-name protocols vstp]hierarchy level. [Routing Protocols]

■ Nonstop routing supported on MX-series Ethernet Services routers—Nonstoprouting (NSR) uses the same infrastructure as graceful Routing Engine switchover(GRES) to preserve interface and kernel information. However, nonstop routingalso saves routing protocol information by running the routing protocol process(rpd) on the backup Routing Engine. By saving this additional information,nonstop routing is self-contained and does not rely on helper routers to assistthe routing platform in restoring routing protocol information.

To enable nonstop routing, include the following configuration statements:

■ graceful-switchover statement at the [edit chassis redundancy] hierarchy level

■ nonstop-routing statement at the [edit routing-options] hierarchy level



■ commit synchronize statement at the [edit system] hierarchy level [HighAvailability]

■ Nonstop routing is now supported on M120 routers—Nonstop routing (NSR)uses the same infrastructure as graceful Routing Engine switchover (GRES) topreserve interface and kernel information. However, nonstop routing also savesrouting protocol information by running the routing protocol process (rpd) onthe backup Routing Engine. By saving this additional information, nonstop routingis self-contained and does not rely on helper routers to assist the routing platformin restoring routing protocol information.

To enable nonstop routing, include the following configuration statements: thegraceful-switchover statement at the [edit chassis redundancy] hierarchy level, thenonstop-routing statement at the [edit routing-options] hierarchy level, and thecommit synchronize statement at the [edit system] hierarchy level [High Availability]

■ Multitopology routing (M-series, MX-series, and T-series)—Enables you toconfigure class-based forwarding for different types of traffic, such as voice,video, and data. Each type of traffic is defined by a topology that is used to createa new routing table, or RIB, for that topology. Multitopology routing (MTR)provides the ability to generate forwarding tables based on the resolved entriesin the routing tables for the topologies you create. In this way, packets of differentclasses can be routed independently from one another. Each router supports upto 98 topologies, two of which are reserved for a default topology and a multicasttopology. MTR supports the following protocols: static routes, OSPFv2, and BGP.You can also configure filter-based forwarding based on the topologies youconfigure.

To create a topology, include the topologies family (inet | inet6) topology(ipv4-multicast | name) statement at the [edit routing-options] hierarchy level.

To configure OSPF for MTR, include the topology (ipv4-multicast | name) topologyidentifier statement at the [edit protocols ospf] hierarchy level.

To configure a topology-specific metric value for an OSPF interface, include themetric number statement at the [edit protocols ospf area area-id topology-name]hierarchy level.

To configure static routes, include the rib routing-table-name static routedestination-prefix statement at the [edit routing-options] hierarchy level.

To configure BGP, include the community identifier statement at the [edit protocolsbgp family (inet | inet6) topology] hierarchy level. The community statement is alsosupported at the hierarchy levels for BGP groups and BGP peers.

For filter-based forwarding, include the topology name statement at the [editfirewall family inet filter name term term-name then] hierarchy level.

Use the show route summary, show route forwarding-table, show route table, androute route rib-groups commands to verify your configuration. To viewtopology-specific information about your OSPF configuration, use the show ospfoperational mode commands. The show ospf route and show ospf log commandsnow include a topology (default | ipv4-multicast | name) option that enables you



display information only about a specific topology. [Routing ProtocolsConfiguration Guide, Routing Protocols and Policies Command Reference]

■ Timer to delay MED updates for routes advertised by BGP groups or peersconfigured with the metric-out igp statement—When the timer expires, themultiple exit discriminator (MED) is set to the most recent value calculated inthe IGP to reach the BGP next hop. If the IGP metric changes before the timerexpires, the BGP peer updates the MED and sends an advertisement only if themetric has a lower value, or another attribute associated with the route haschanged, or if the BGP peer is responding to a refresh route request. By default,the timer is set to 10 minutes. To modify the default value, include themed-igp-update-interval minutes statement at the [edit routing-options] hierarchylevel. The range that you can configure is from 10 through 600 minutes. Youcan specify the BGP groups or peers configured with the metric-out igp statementfor which to delay MED updates. Include the delay-updates statement at the [editprotocols bgp group group-name metric-out igp] hierarchy level to specify a BGPgroup, and at the [edit protocols bgp group group-name neighbor address] hierarchylevel to specify a BGP peer. [Routing Protocols]

MPLS Applications

■ LDP, BGP, and VPLS interworking (MX-series and M320 routers—You can nowconfigure a VPLS routing instance in which some of the PE routers use BGP forsignaling and some use LDP for signaling. Each set of BGP-signaled PE routersand LDP-signaled PE routers belongs to its own separate mesh group. Tointerconnect these mesh groups, you must configure a border PE router. Thisrouter has bidirectional pseudowires with all of the BGP-signaled PE routers andall of the LDP-signaled pseudowires participating in the VPLS routing instance.The border PE router maintains a common MAC table for the VPLS routinginstance. For the LDP-signaled PE routers, only FEC 128 is supported.

To configure LDP, BGP, and VPLS interworking, configure the mesh-groupstatement at the [edit routing-instances routing-instance-name protocols vpls]hierarchy level. Specify the VPLS identifier using the vpls-id statement at the [editrouting-instances routing-instance-name protocols vpls mesh-group mesh-group-name]hierarchy level. You also must specify each PE router that is a part of the meshgroup using the neighbor statement at the [edit routing-instancesrouting-instance-name protocols vpls mesh-group mesh-group-name] hierarchy level.

LDP, BGP, and VPLS Interworking does not support the following:

■ Point-to-multipoint LSPs

■ Integrated routing and bridging

■ IGMP snooping

■ DHCP snooping

[VPNs, Feature Guide]

■ Ingress PE router redundancy for P2MP LSPs—You can enable PE routerredundancy for point-to-multipoint LSPs configured for multicast networktopologies. Redundancy is provided for two or more PE routers by designatingone as the primary PE router and one or more as backup PE routers for each



configured stream of multicast traffic. A full mesh of point-to-point LSPs mustalso be configured between the primary PE router and backup PE routers. Youmust also enable BFD on these routers for failure detection.

To enable ingress PE router redundancy for P2MP LSPs, specify each backup PErouter's IP address using the backups statement at the [edit routing-optionsbackup-pe-group pe-group-name] hierarchy level. You also need to specify a localIPv4 address using the local-address statement at the [edit routing-optionsbackup-pe-group pe-group-name] hierarchy level. To bind a backup PE group to astatic route, specify the name of the backup PE router group using thebackup-pe-group statement at the [edit routing-options static route destination]hierarchy level. To bind a point-to-point LSP configured between a PE router anda backup PE router group, include the associate-backup-pe-groups statement atthe [edit protocols mpls label-switched-path lsp-name] hierarchy level. To displayinformation about any configured backup PE router groups, issue the showmulticast backup-pe-groups operational mode command. [MPLS Applications,Multicast]

Multicast

■ PIM join load balancing (M-series, T-series, MX-series platforms, and TXMatrix)—Enables load balancing within PIM sparse mode. Load balancing willdistribute join messages and traffic across equal-cost paths. To configure, includethe pim-join-load-balancing statement at the [edit routing-options multicast] hierarchylevel. [Multicast]

■ Integrated routing and bridging (IRB) support extended to multicast snooping(MX-series)—Interfaces configured for IRB are now supported by multicastsnooping. Multicast snooping is a way for a Layer 2 device to implement a seriesof procedures to “snoop” at the Layer 3 packet content to determine whichactions should be taken to process or forward a frame. IRB provides simultaneoussupport for Layer 2 bridging and Layer 3 routing on the same interface. IRBenables you to route packets to another routed interface or to another bridgedomain that has an IRB interface configured. [Multicast, Routing Protocols]

■ BFD support for ECMP LSPs signaled using LDP—You can now enable a BFDsession for each FEC in an equal-cost multipath (ECMP) path. When the BFDsession for an ECMP path fails, an error is logged. To enable ECMP, include theecmp statement at the [edit protocols ldp bfd-liveness-detection] hierarchy level.You can also configure the periodic-traceroute statement at the [edit protocols ldpoam] hierarchy level. And you can also disable traceroute for a specific FEC usingthe disable statement at the [edit protocols ldp oam fec address periodic-traceroute]hierarchy level. If you configure the ecmp statement, you must also configurethe periodic-traceroute statement at the same hierarchy level. If you do not, thecommit will fail. Use the show bfd session prefix operational mode command todisplay the status of the BFD sessions associated with an LDP FEC. You can alsouse the show ldp oam fec operation mode command to display all of the OAMinformation associated with a specific FEC. [MPLS, Routing Protocols and PoliciesCommand Reference, Routing Protocols]



VPNs

■ LDP, BGP, and VPLS interworking (MX-series and M320 routers)—You can nowconfigure a VPLS routing instance in which some of the PE routers use BGP forsignalling and some use LDP for signaling. Each set of BGP-signaled PE routersand LDP-signalled PE routers belongs to its own separate mesh group. Tointerconnect these mesh groups, you must configure a border PE router. Thisrouter has bidirectional pseudowires with all of the BGP-signalled PE routers andall of the LDP-signaled pseudo wires participating in the VPLS routing instance.The border PE router maintains a common MAC table for the VPLS routinginstance. For the LDP-signalled PE routers, only FEC 128 is supported. Toconfigure LDP BGP VPLS interworking, configure the mesh-group statement atthe [edit routing-instances routing-instance-name protocols vpls] hierarchy level.Specify the VPLS identifier using the vpls-id statement at the [edit routing-instancesrouting-instance-name protocols vpls mesh-group mesh-group-name] hierarchy level.You also must specify each PE router that is a part of the mesh group using theneighbor statement at the [edit routing-instances routing-instance-name protocolsvpls mesh-group mesh-group-name] hierarchy level.

LDP, BGP, and VPLS interworking does not support the following:

■ Point-to-multipoint LSPs

■ Integrated routing and bridging

■ IGMP snooping

■ DHCP snooping

[VPNs, Feature Guide]



Routing Policy and Firewall Filters

■ Support for per-prefix load balancing (J-series, M-series, and T-seriesplatforms)—Enables you to configure load balancing on a router so that it electsa next hop independently of what other routers choose. The result is betterutilization of the available links.

Include the load-balance, per-prefix, and hash-seed number statements at the [editforwarding-options] hierarchy level. The hash-seed value specifies the router-specificparameter for electing the next hop. The range that you can configure is from 1through 65,535. If you do not configure the hash-seed value, the router uses thelegacy behavior of electing a next hop based only on the destination address.[Policy Framework, MPLS]

■ Layer 2 support for firewall filter match conditions (MX-series)—The JUNOSsoftware now supports the following firewall filter match conditions for Layer 2traffic for bridge domains and VPLS routing instances:

■ destination-port number

■ dscp number

■ icmp-code number

■ ip-address address

■ ip-destination-address address

■ ip-precedence-except ip-protocol number

■ ip-source-address address

■ port number source-port number

To configure a firewall filter for a bridge domain, specify the conditions that thepacket must match at the [edit firewall family bridge filter filter-name term term-namefrom] hierarchy level. To configure a firewall filter for a VPLS routing instance,specify the conditions that the packet must match at the [edit firewall family vplsfilter filter-name term term-name from] hierarchy level. To apply a firewall filter toa VPLS routing instance, include the input filter-name statement at [editrouting-instances routing-instance-name forwarding-options family vpls filter] hierarchylevel. To apply a firewall filter to a virtual switch, include the input filter-namestatement at the [edit routing-instances routing-instance-name bridge-domainsbridge-domain-name forwarding-options filter] hierarchy level. You can apply aseparate firewall filter to each bridging domain within a virtual switch. [PolicyFramework]

■ Option 60 support for extended DHCP relay agent (M-series, T-series, MX-series,and TX Matrix platforms)—The extended DHCP relay agent now supports parsingof the DHCP vendor class identifier option (option 60) in DHCP client packetsdestined for a DHCP server. This feature is useful in network environments whereDHCP clients access services provided by multiple vendors and DHCP servers.For example, a DHCP client might gain Internet access from a particular DHCPserver provided by one vendor, and access IPTV service from a different DHCPserver provided by another vendor.



This feature helps you manage such network environments by enabling theextended DHCP relay agent to compare option 60 vendor-specific strings receivedin DHCP client packets against a list of ASCII or hexadecimal strings that youconfigure on the router. If the option 60 string received in the DHCP client packetmatches the configured ASCII or hexadecimal string, you can define one of thefollowing actions for the associated DHCP packets:

■ Relay client traffic to a specific DHCP relay server that provides the requestedclient service. (To configure the DHCP relay server, which is also referred toas a vendor-option server, include the server-group statement at the [editforwarding-options dhcp-relay] hierarchy level.)

■ Forward client traffic to the extended DHCP local server. (To configure theextended DHCP local server, include the dhcp-local-server statement at the[edit system services] hierarchy level.)

■ Drop (discard) the packets.

If the option 60 string received in the DHCP client packet does not match theconfigured ASCII or hexadecimal string, you can define one of the followingdefault actions for the associated DHCP packets:

■ Relay client traffic to a default DHCP relay server that you specify.

■ Forward client traffic to a default DHCP extended local server that youspecify.

■ Drop the packets.

To configure option 60 support for the extended DHCP relay agent, include therelay-option-60 statement at the [edit forwarding-options dhcp-relay] hierarchy levelor at the [edit forwarding-options dhcp-relay group group-name] hierarchy level. Youcan also configure option 60 support for the extended DHCP relay agent on aper logical router and per routing instance basis.

To display the number of discarded DHCP packets containing option 60vendor-specific information, use the show dhcp relay statistics operationalcommand. [Policy Framework]

■ Support for fast update firewall filters for VoIP traffic in the packet gateway(T640 router and MultiServices 500 PICs)—Enables fast update firewall filtersfor rate limiting events on gates in the packet gateway.

A fast update filter is the same as a regular filter defined in the [edit firewall]hierarchy, except that the system can incrementally add or update terms. Thefast update filter match is performed based on the most specific defined term.

When a VoIP flow configured through the packet gateway violates the sustaineddata rate (SDR) by three times the configured rate, fast update filters are installedon the gate to allow the rate-limiting drop action to occur on the PFE instead ofthe PIC. Filters are in effect until the gate is destroyed.

For each filter, a default term is installed to allow traffic to pass through(otherwise, all traffic is dropped because it is the default firewall action). Forexample, there are two terms listed when there are two filters. You can monitor



the status and configuration of the fast update firewalls in the packet gatewayby using the show services pgcp active-configuration and the show services pgcpgates extensive command. [Multiplay Solutions; System Basics and ServicesCommand Reference]

Class of Service

■ Ingress CoS on EQ DPC (MX-series routers)—You can now apply CoS orhierarchical schedulers on the ingress side of an EQ DPC interface. The inputand output CoS parameters are independent in most cases. [CoS]

NOTE: Please contact Juniper Networks customer support before implementingIngress CoS on EQ DPC. [PR/275157]

Network Management

■ Support for GMPLS MIBs (M-series, T-series, and TX Matrix)—Extends read-onlysupport to the following GMPLS MIB:

■ RFC 4801, Definitions of Textual Conventions for Generalized MultiprotocolLabel Switching (GMPLS) Management Information Base

■ RFC 4802, Generalized Multiprotocol Label Switching (GMPLS) TrafficEngineering (TE) Management Information Base (exceptgmplsTunnelReversePerfTable and gmplsTunnelCHopTable)

■ RFC 4803, Generalized Multiprotocol Label Switching (GMPLS) Label SwitchingRouter (LSR) Management Information Base (except gmplsLabelTable)

The tables in GMPLS TE and LSR MIBs are extensions of the corresponding tablesfrom the MPLS TE and LSR MIBs, and use the same index as the MPLS MIB tables.[Network Management]

■ Two new commands: file-get and file-put—Enable you to transfer files inlinein the JUNOScript stream and eliminate the need to open separate data streamswhen transferring files. [JUNOScript API Guide]

■ Chassis viewer feature (M7i, M10i, M20, M120, and M320 routingplatforms)—You can use the chassis viewer feature to view images of the chassisand access information about each component, similar to using the show chassisalarms and show chassis hardware commands.

To access the chassis viewer, click the Chassis Viewer icon in the upper rightcorner of any J-Web page for an M7i, M10i, M20, M120, or M320 routing platform.A separate page appears to display the image of the chassis and its componentparts, including power supplies, individual Physical Interface Cards (PICs), andports. Major or minor alarm indicators appear in red. [J-Web Graphical ChassisViewer (M20)]

■ J-Web quick configuration page—The J-Web interface provides a new QuickConfiguration page to configure Ethernet OAM. To configure Ethernet OAM using



Quick Configuration, select Configuration>Quick Configuration>EthernetOAM>Link Fault Management. The J-Web interface provides a new monitorpage that displays the output from the show oam ethernet link-fault-managementdetail operational mode command. To view this monitor page, selectMonitor>OAM>Ethernet>Link Fault Management.

■ Advanced Insight Manager (AIM)—A new standalone application is available.AIM connects the customer's network to Juniper Networks and integrates withJUNOScope software and third-party network management applications to allowthe customer to quickly react to device problem events and proactively preventfuture events.

AIM consists of two components to collect and display problem and intelligenceevent information as part of the Advanced Insight Solutions (AIS) product:

■ Incident Manager provides reactive features to view problem events andimmediately submit requests Juniper Support Systems (JSS) for casemanagement and resolution.

■ Intelligence Manager provides proactive features to view intelligence updatesfrom JSS.

AIM provides a single point to view incident and intelligence event informationfor multiple sites on a customer's network. You can specify sites for which youwant to view information. The Multi-Site feature requires licensing to create morethan one site. [Advanced Insight Solutions]

If Advanced Insight Solutions (AIS) users use the AIM application integration withJUNOScope software to automatically install AI-Scripts, the following requireddevice configuration is automatically configured. However, if the user elects tomanually installed AI-Scripts, the following configuration must be manually doneat the [edit groups] hierarchy level:

groups {juniper-pvs {

system {scripts {

commit {allow-transients;file jpvs-activate-scripts.slax {

optional;}

}load-scripts-from-flash;

}}event-options {

destinations {juniper-junoscope {

archive-sites {"ftp://[email protected]/junoscopepvsdemo";

}}

}}



}}

For AI-scripts, a new statement to configure event scripts has been added. Toconfigure event scripts include the event-script event-script-name statement at the[edit event-options] hierarchy level:

event-options {generate-event;policy policy-name;event-script event-script-name {

file event-script-name-1;;destination;

}

For example, this configuration determines the AIM remote archive location fora device:

event-options {destinations {

juniper-junoscope {archive-sites {

"ftp://[email protected]/junoscopepvsdemo";}

}}

}

The AIM application provides an option in general settings called 'InformationJMB Config Filter Level' that lets the customer specify the amount of intelligenceinformation to share about a device with Juniper Networks: Do not send, Sendall information except configuration, Send all information with IP Addressesoverwritten, and Send all information.

The AIM licensing validates, authenticates, and manages three types of licensesto control its functionality to customers. The AIM user must provide an installID and the serial number of the installed AIM application. The AIM Installer storesthe date of installation in the database. Juniper License Management Systemgenerates a license file that is electronically sent to the user. The user loads thelicense file into AIM for activation of the licensed features purchased.

NOTE: Having a license in AIM does not automatically mean that the customer hasa license to subscribe to the AIS Base or AIS Proactive services needed for fullfunctionality of the AIS product.

■ Base Product—This license is required to use AIM beyond a 60-day trialperiod. The AIM Base Product license includes Incident Manager andIntelligence Manager. AIM provides full base product functionality, plus oneMulti-Site organization polling two devices during the trial period.

■ Capacity—This license is required to control the number of device remotearchive locations for which AIM can poll for incident and intelligence



information. If no capacity license is purchased, AIM allows polling of twodevices only.

■ Feature Licenses—This license is required for the creation of more than oneorganization (Multi-Site).

To get full Advanced Insight Manager product functionality, the customer mustpurchase the following annual subscriptions for the following device classes fromJuniper Support Services (JSS). AIM displays the annual subscriptions purchasedfor device classes when it connects to JSS.

■ AIS Base Service: Incident-Driven Online Service AIS Proactive Service:Intelligence-Driven Online Service Device Classes:

■ Class 1—T-series devices

■ Class 2—M-series devices

■ Class 3—J-series and EX-series devices

■ New request system add script commands—Enables you to install any jpvs scriptbundle into your router, facilitating the installation and upgrade of these eventscripts as they come available. [Configuration and Diagnostic Automation]

JUNOScope

■ Automated Event Script Deployment— JUNOScope users can now deployJUNOS event scripts to multiple devices using the Scripts wizard. Event scriptscan be enabled or disabled using the Scripts wizard, while deploying an eventscript to target devices running JUNOS 8.5 or later versions. This feature alsoallows Advanced Insight Manager (AIM) users to download and deploy anAdvanced Insight (AI) scripts bundle from a centralized place, to multiple devicesrunning JUNOS 9.0 or later versions, using an integrated workflow between AIMand JUNOScope.

To deploy JUNOS event scripts to multiple devices, select Configuration >Repository > Scripts. For more information about deploying JUNOS event scriptsto multiple devices, see the JUNOScope Software User Guide. For more informationabout deploying the AI scripts bundle to multiple devices, see the Advanced InsightSolutions (AIS) Guide.

JUNOS XML API and Scripting

Table 1 on page 22 lists the JUNOS Extensible Markup Language (XML) operationalrequest tag elements that are new in JUNOS Release 9.0, along with the correspondingCLI command and response tag element for each one.

Table 1: JUNOS XML Tag Elements and CLI Command Equivalents New in JUNOS 9.0

Response Tag ElementCLI CommandRequest Tag Element

Nonerequest system software abortinservice-upgrade

<abort-in-service-upgrade>



Table 1: JUNOS XML Tag Elements and CLI Command Equivalents New in JUNOS 9.0 (continued)


Noneclear interfaces statistics all<clear-interfaces-statistics-all>

Noneclear interfaces statistics<clear-interfaces-statistics>

aaa-module-statisticsshow network-access aaa statistics<get-aaa-module-statistics>

<address-assignment-pool-table>show network-access addressassignmentpool

<get-address-assignment-pool-table>

<core-information>show system core-dumps core-file-info<get-core-file-information>

Noneshow lacp interfaces<get-lacp-interface-information>

<lfmd-information>show oam ethernet link-faultmanagement<get-lfmd-information>

<multicast-backup-pe-addressinformation>show multicast backup-pe-groups address<get-multicast-backup-pe-address-information>

<multicast-backup-pe-groups-information>show multicast backup-pe-groups<get-multicast-backup-pe-groups-information>

<pdp-diagnostics-per-apn>show services ggsn diagnostics pdp<get-pdp-diagnostics-per-apn>

<rmon-history-information>show snmp rmon history<get-rmon-history-information>

<sdk-version>show version sdk<get-sdk-version-information>

<service-pgcp-conversation-information>show services pgcp conversations<get-service-pgcp-conversation-information>

<service-pgcp-flow-table-information>show services pgcp flows<get-service-pgcp-flow-table-information>

<services-l2tp-radius-accounting-serversinformation>show services l2tp radius accounting servers<get-services-l2tp-radius-accounting-serversinformation>

<services-l2tp-radius-accounting-statisticsinformation>show services l2tp radius accountingstatistics

<get-services-l2tp-radius-accounting-statisticsinformation>

<services-l2tp-radius-authenticationaccounting-servers-information>

show services l2tp radius servers<get-services-l2tp-radius-authenticationaccounting- servers-information>

<services-l2tp-radius-authenticationaccounting-statistics-information>

show services l2tp radius statistics<get-services-l2tp-radius-authenticationaccounting- statistics-information>

<services-l2tp-radius-authenticationservers-information>

show services l2tp radius authenticationservers

<get-services-l2tp-radius-authenticationservers- information>

<services-l2tp-radius-authenticationstatistics-information>

show services l2tp radius authenticationstatistics

<get-services-l2tp-radius-authenticationstatistics- information>

<event-scripts-reload>request system scripts event-scripts reload<reload-event-scripts>



Table 1: JUNOS XML Tag Elements and CLI Command Equivalents New in JUNOS 9.0 (continued)


Nonerequest system software in-serviceupgrade<request-package-in-service-upgrade>

Nonerequest system scripts add<request-scripts-package-add>

Nonerequest system scripts delete<request-scripts-package-delete>

Nonerequest system scripts rollback<request-scripts-package-rollback>

[JUNOS XML Operational Reference]



System Log

The following set of system log messages is new in this release:

■ JSRPD—Messages generated by the Juniper Services Redundancy Protocol (jsrpd)process, which controls chassis clustering.

The following system log messages are new in this release:

■ CHASSISD_ISSU_BLOB_ERROR

■ CHASSISD_ISSU_DAEMON_ERROR

■ CHASSISD_ISSU_ERROR

■ CHASSISD_ISSU_FRU_ERROR

■ CHASSISD_ISSU_FRU_IPC_ERROR

■ CHASSISD_SNMP_TRAP1

■ DCD_PARSE_ERROR_IFLSET

■ DH_SVC_AUTHENTICATE_LICENSE

■ FLOW_IP_ACTION

■ JADE_AUTH_SUCCESS

■ JSRPD_DAEMONIZE_FAILED

■ JSRPD_DUPLICATE

■ JSRPD_NOT_ROOT

■ JSRPD_PID_FILE_LOCK

■ JSRPD_PID_FILE_UPDATE

■ JSRPD_SOCKET_CREATION_FAILURE

■ JSRPD_SOCKET_LISTEN_FAILURE

■ JSRPD_SOCKET_RECV_HB_FAILURE

■ JSRPD_USAGE

■ KMD_PM_DUPLICATE_LIFE_DURATION

■ KMD_PM_IKE_SERVER_LOOKUP_FAILED

■ KMD_PM_IKE_SERVER_NOT_FOUND

■ KMD_PM_ILLEGAL_REMOTE_GW_ID

■ KMD_PM_INCONSISTENT_P2_IDS

■ KMD_PM_INVALID_LIFE_TYPE

■ KMD_PM_NO_LIFETIME

■ KMD_PM_NO_LIFE_TYPE

■ KMD_PM_NO_PROPOSAL_FOR_PHASE1

■ KMD_PM_NO_SPD_PHASE1_FUNC_PTR

■ KMD_PM_P1_POLICY_LOOKUP_FAILURE



■ KMD_PM_P2_POLICY_LOOKUP_FAILURE

■ KMD_PM_SA_PEER_ABSENT

■ KMD_PM_SPI_DELETE_REJECT

■ KMD_PM_UNEQUAL_PAYLOAD_LENGTH

■ KMD_PM_UNINITIALISE_ERROR

■ KMD_PM_UNKNOWN_P1_IDENTITIES

■ KMD_PM_UNKNOWN_P1_IDENTITIES

■ KMD_PM_UNKNOWN_PHASE2_ENTITIES

■ KMD_PM_UNKNOWN_QM_NOTIFICATION

■ KMD_PM_UNSUPPORTED_KEY

■ KMD_PM_UNSUPPORTED_MODE

■ KMD_VPN_BIND_TUNNEL_IF

■ KMD_VPN_DFBIT_STATUS_MSG

■ KMD_VPN_UP_ALARM_USER

■ LICENSE_CONNECT_FAILURE

■ LICENSE_CONN_TO_LI_CHECK_FAILURE

■ LICENSE_CONN_TO_LI_CHECK_SUCCESS

■ LICENSE_GRACE_PERIOD_APPROACHING

■ LICENSE_GRACE_PERIOD_EXCEEDED

■ LICENSE_GRACE_PERIOD_EXPIRED

■ LICENSE_READ_ERROR

■ LICENSE_REG_ERROR

■ LICENSE_UNKNOWN_RESPONSE_TYPE

■ PFE_MGCP_ADD_CA_PORT_FAIL

■ PFE_MGCP_ADD_UA_PORT_FAIL

■ PFE_MGCP_DEL_CA_PORT_FAIL

■ PFE_MGCP_DEL_UA_PORT_FAIL

■ PFE_MGCP_MEM_INIT_FAILED

■ PFE_MGCP_REG_HDL_FAIL

■ PFE_SCCP_ADD_PORT_FAIL

■ PFE_SCCP_DEL_PORT_FAIL

■ PFE_SCCP_REG_NAT_VEC_FAIL

■ PFE_SCCP_REG_RM_FAIL

■ PFE_SCCP_REG_VSIP_FAIL

■ PFE_SCCP_RM_CLIENTID_FAIL



■ PFE_SCREEN_CFG_ERROR

■ PFE_SCREEN_CFG_EVENT

■ PFE_SIP_ADD_PORT_FAIL

■ PFE_SIP_DEL_PORT_FAIL

■ PFE_SIP_MEM_INIT_FAILED

■ PFE_SIP_REG_HDL_FAIL

■ PFE_USP_TRACE_BUFFER_CREATE

■ PFE_USP_TRACE

■ PFE_USP_TRACE_BUFFER_LIMIT

■ PFE_USP_TRACE_BUFFER_MEM_FAIL

■ PFE_USP_TRACE_BUFFER_MODIFY

■ RPD_IGMP_ACCOUNTING_OFF

■ RPD_IGMP_ACCOUNTING_ON

■ RPD_IGMP_JOIN

■ RPD_IGMP_LEAVE

■ RPD_IGMP_MEMBERSHIP_TIMEOUT

■ RPD_MC_DESIGNATED_PE_CHANGE

■ RPD_MC_LOCAL_DESIGNATED_PE

■ UI_INITIALSETUP_OPERATION

■ WEB_WEBAUTH_AUTH_FAIL

■ WEB_WEBAUTH_AUTH_OK

■ WEB_WEBAUTH_CONNECT_FAIL

The following system log message is no longer documented, either because it indicatesinternal software errors that are not caused by configuration problems or because itis no longer generated. If this message appears in your log contact your technicalsupport representative for assistance.

■ RDD_MISMATCH_REDUNDANCY_OPTIONS

The JADE_AUTH_ERROR tag is renamed as JADE_AUTH_FAILURE. [System Log]



Juniper Networks Partner Solution Development Program

The following configuration statements pertain to applications running on the routerbut developed by Juniper partners under the Partner Solution Development Program(PSDP), using the JUNOS SDK. For information about these commands, or the PSDP,please contact JTAC.

■ The extension-provider statement at the [edit chassis fpc slot-number pic pic-numberadaptive-services service-package] hierarchy level.

■ The extensions statement at the [edit system] hierarchy level.

■ The extension-service service-name statement at the [edit services service-setservice-set-name] hierarchy level.

■ The object-cache-size value statement at the [edit chassis fpc slot-number picpic-number adaptive-services service-package extension-provider] hierarchy level.

■ The process-monitor statement at the [edit system processes] hierarchy level.

Changes in Default Behavior and Syntax

Hardware

■ Combinations of PICs—On Juniper Networks routing platforms, you can typicallyinstall any combination of Physical Interface Cards (PICs) in a single EnhancedFlexible PIC Concentrator (FPC). Newer JUNOS services for some PICs can requiresignificant Internet Processor ASIC memory, and some configuration rules mightlimit certain combinations of PICs on some platforms. To conserve memory,group PICs in the same family together on the same FPC. Ethernet andSONET/SDH PICs typically do not use large amounts of memory. AdaptiveServices, Asynchronous Transfer Mode (ATM) 2, Gigabit Ethernet, and IQ serialPICs use more.

Configuration rules might apply to PICs installed on standard Enhanced FPCs onthe following routing platforms: M5, M10, M20, M40, M40e, M160, M320, J20,T320, and T640.

Configuration rules do not apply to PICs installed in the following routers or FPCs:

■ J-series, M7i, M10i, or M120 routers

■ Enhanced Plus FPCs on M-series and J20 routers

■ Enhanced Scaling FPCs

When you upgrade the JUNOS software, a warning appears if any configurationrules affect your PIC combinations. If you continue the installation, the PICsappear to be online (the LEDs are on), but the JUNOS software cannot enablethem and they cannot pass traffic. As a workaround, you need to plan whichPICs to install on the Enhanced FPCs or PIC slots on your routing platform. Forinformation about PIC combinations in previous JUNOS releases, consult JTACTechnical Bulletin PSN-2007-01-023, which is accessible athttps://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2007-01-023 (you needto provide your Juniper Networks username and password). For information

28 ■ Changes in Default Behavior and Syntax


https://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2007-01-023

about PIC combinations in the current beta period, please consult the TechnicalBulletins section of the JUNOS beta page accessible athttp://www.juniper.net/beta/junos.

Software Installation

■ RAM requirement increased (M-series, MX-series, and T-series routingplatforms)—The compact flash disk memory requirement for JUNOS softwareRelease 9.0 is 1 GB. For M7i and M10i routing platforms with only 256 MBmemory, see the Customer Support Center JTAC Technical BulletinPSN-2007-10-001https://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2007-10-001&actionBtn=Search.[Installation and Upgrade]

Platform and Infrastructure

■ Due to changes in the JUNOS TCP/IP networking stack, the output of the showsystem connections extensive command may be different from JUNOS 8.4 andearlier. [System Basics]

■ Starting the key management process (kmd)—The key management process(kmd) starts only when IPSec is configured on the router. Previously, this processstarted by default. [System Basics]

■ New logical-router option for the clear arp command—Starting with JUNOS 8.5the new command argument, logical-router, was added to the clear arp command.This argument is only available in the main router context. [System Basics]

■ ISO option added to the show pfe route command—Starting with JUNOS 9.0,for J-series only, the ISO option was added to the show pfe route command. Usethe ISO option to display PFE ISO routes. [System Basics]


■ Showing core files on all JUNOS routing platforms—The show systemcore-dumps command is no longer hidden. You can use this command to showsystem core files created when the router fails. [System Basics]

■ New show security screens command—Enables users to view screen objectconfigurations in CLI mode. This command displays each screen’s inherited,configured, or default parameters. It optionally takes screen-name and displayvalues for individual screens. [System Basics and Services Command Reference]

■ New request system scripts event-scripts reload command—Simplifies the processof activating manual changes to event policies within active event-scripts. Afterchanging the event policies within the event scripts, run the request systemscripts event-scripts reload command to activate the event policies change.Configuration and Diagnostic Automation]

■ Enhanced show spanning-tree bridge command output—The output of the showspanning-tree bridge command now displays the number of topology changes

Changes in Default Behavior and Syntax ■ 29


http://www.juniper.net/beta/junos

and time since last topology change for each Multiple Spanning Tree Instance(MSTI). [Routing Protocols and Policies Command Reference]

■ Encrypted passwords—Starting with JUNOS 9.0, users can set anencrypted-password to a null string. The following commands can be used toset an encrypted password: [edit system login user name authenticationencrypted-password], [edit system root-authentication encrypted-password], [editsystem diag-port-authentication encrypted-password], and [edit systempic-console-authentication encrypted-password]. [System Basics]

■ Starting in JUNOS 9.0, the output of the show system license command nowshows complete license names. [System Basics]


■ Starting with Release 8.4 in MX-960 routers, the under-voltage parameters forPEM status have been modified to improve recognition and generation of alarmconditions. The CLI command show chassis environment can be used to displaythe PEM environment alarm status. [System Basics and Services Configuration]

■ The output of the show oam protocol ethernet connection-fault-managementinterfaces command has been enhanced to show separate link and protocolstatus. [Interfaces Command Reference]

■ Show VRRP commands available in logical router context—Output for thefollowing commands are available in a logical router context: show vrrp, showvrrp brief, show vrrp summary, show vrrp detail, show vrrp extensive, show vrrpprofile statistics, show vrrp interface if-name, show vrrp track, show vrrp track detail,and show vrrp track summary. [High Availability]

■ IPv4 source routing support disabled by default (M-series, MX-series, andT-series platforms)—IPv4 source routing is now disabled by default. To enablesource routing on IPv4, include the ip statement at the [edit routing-optionssource-routing] hierarchy level. We recommend that you do not enable IPv4source routing. [Routing Protocols]

■ Valid link mode for J-series 4-port Fast Ethernet ePIM—For this PIM, the onlyvalid value for the link-mode statement at the [edit interfaces fe-fpc/pic/port]hierarchy level is full-duplex. If you specify half-duplex (or full-duplex mode is notautonegotiated), the interface process writes the following message to the systemlog: "Half-duplex mode not supported on this PIC, forcing Full-duplex mode."[Network Interfaces]

■ On Ethernet PICs, you can no longer simultaneously configure source filters onphysical interfaces and on untagged logical interfaces. [Policy Framework]

■ The CLI help description for the source-address-filter statement has changed from"Name of source address filter" to "Remote MAC address." [Network Interfaces]

■ New packet reassembly functionality on GRE tunnels (AS PICs only)—Enablesreassembly of fragmented tunnel packets on generic routing encapsulation (GRE)tunnel interfaces. To activate this capability, include the reassemble-packetsstatement at the [edit interfaces gre-fpc/pic/port unit logical-unit-number] hierarchylevel. [Services Interfaces]

■ Support for advertisement interval for VRRP IPv6 address —Include theinet6-advertise-interval milliseconds statement at the [edit interfaces interface-name



unit number family inet6 address destination-prefix vrrp-inet6-group group-number]hierarchy level. The range that you can configure the advertisement interval isfrom 100 through 40,950 milliseconds. You can continue to use theadvertise-interval seconds statement to configure the advertisement interval forVRRP IPv4 addresses. [High Availability]

■ The output for the show aps operational mode command has been enhanced toinclude the new admin down value in the Interface State field. This value indicatesthat the interface has been administratively disabled using the disable statementat the [edit interfaces interface-name] hierarchy level. [Interfaces CommandReference]

■ Statistics—Starting in JUNOS 8.4 on MX-series routers, statistics for an ageddestination MAC entry are not retained. In addition, source and destinationstatistics are reset during a MAC move (in previous releases only source statisticswere reset during a MAC move). [Routing Protocols]

■ LSQ redundancy extended to M120 routers—Link Services Intelligent Queuing(LSQ) redundancy features, including warm standby and hot standby, are nowsupported on M120 routers as on other routing platforms. You can configurethese features at the [edit interfaces rlsq number redundancy-options] hierarchylevel. [Services Interfaces]

■ Ignore Layer 3 incomplete errors—By default, Fast Ethernet, Gigabit Ethernet,and 10-Gigabit Ethernet interfaces count Layer 3 incomplete errors. The routercan be configured to ignore the counting of L3 incomplete errors on Fast Ethernet,Gigabit Ethernet and 10-Gigabit Ethernet interfaces. To ignore Layer 3 incompleteerrors, include the ignore-l3-incompletes statement at the following hierarchylevels: [edit interfaces interface-name fastether-options] and [edit interfacesinterface-name gigether-options]. [Network Interfaces Configuration Guide]

■ Reset statistics on MX-series routers—Beginning with JUNOS Release 8.4 onMX-series routers, statistics for an aged destination MAC entry are not retained.In addition, source and destination statistics are reset during a MAC move (inprevious releases only source statistics were reset during a MAC move). [PolicyFramework]

■ The ATM PIC driver might not always use the minimum port shaping rate (of allthe ports on a multiport ATM DS3 or E3 PIC) selected for cell transmissionshaping, in situations where the DS3 or E3 port parameters are not identical onall ports of a multi-port ATM DS3 or E3 PIC. The PIC's shaping rate is alwaysupdated to conform to the last port setting updated by the PIC software driver,rather than use the minimum port (shaping) rate. There is no syslog message toinform the user of the shaping rate decision applied by the software driver.[Network Interfaces Configuration Guide]

■ At the [edit routing-instances] hierarchy level, you can no longer configure arouting instance with the name "default.” [Routing Protocols]

■ Link mode and speed on Ethernet Interfaces—Fast Ethernet interfaces canoperate in either full-duplex or half-duplex mode. All other interfaces operateonly in full-duplex mode. When you manually configure Fast Ethernet interfaces,link mode and speed must both be configured. If both these values are notconfigured, the router uses autonegotiation for the link and ignores theuser-configured settings. For Gigabit Ethernet interfaces on the M-series and



T-series routers running JUNOS software prior to Release 8.0, if link mode isconfigured and speed is not, no error message is displayed. [Network Interfaces]

■ On Ethernet PICs, you can no longer simultaneously configure source filters onphysical interfaces and on untagged logical interfaces. [Network Interfaces]

■ For MX480 and MX240 routers, starting in JUNOS 8.5, the PEM entry of the CLIcommand show chassis hardware displays "PS 1.2-1.7kW; 100-240V AC in."[System Basics and Services Command Reference]


■ Starting in JUNOS Release 9.0 running on M-series routers; to improve thresholddetection accuracy when using the request snmp spoof-trap command, thejnxDfcSoftMemThresholdExceeded trap value upper threshold is now 10 percentof the value set. [System Basics and Services Command Reference]

■ New commands to display RADIUS information (M7i and M10i routers)—Theshow services radius servers command and the show services radius statisticscommand enable you to display server information and statistics for RADIUSservers configured on the router. [System Basics and Services Command Reference]

■ The syntax of the show services stateful-firewall flows pgcp and show servicesstateful-firewall conversations pgcp commands has changed. The new syntax is:show services pgcp stateful-firewall flows and show services pgcp stateful-firewallconversations. [System Basics and Services Command Reference]

■ On J-series Services Routers, the JUNOS software now also supports the Ciscocertificate authority (CA) for IPSec profiles to request digital certificates. TheJUNOS software continues to support the Microsoft and Entrust CAs for J-seriesrouters. You use the [edit security pki] hierarchy to configure IPSec. [System Basics]

■ The output provided by the show services stateful-firewall flows operational modecommand has been updated. It no longer displays ICMP port information, becausethe port information provided in previous releases was inaccurate. [System Basicsand Services Command Reference]

■ The M120 router now supports redundancy services PIC (rsp) interfaces. [ServicesInterfaces]

■ Starting in JUNOS Release 9.0, the command show service l2tptunnel/session/summary accuracy level is improved, now showing counters valuescorrectly up to an accuracy of xxxxxx.x kilo/mega.

Therefore:

■ If a counter value is greater than 5,000,000, then xxxxxx.xM format is shown.

■ If the counter value is greater than 5000, then xxxxxx.xK format is shown.

■ Otherwise the "Absolute" value is shown. [System Basics and ServicesCommand Reference



General Routing

■ New clear spanning-tree protocol-migration command—To revert from the originalIEEE 802.1D Spanning Tree Protocol back to the Rapid Spanning Tree Protocolafter the force-version statement has been removed from the configuration, enterthe clear spanning-tree protocol-migration command. [Routing Protocols and PoliciesCommand Reference]

■ New condition for making policy decisions based on route existence—Allowsyou to define a policy condition based on the existence of routes in specific tablesand use it in BGP export policies. To implement this feature, include the conditioncondition-name statement at the [edit policy-options] hierarchy level with thefollowing option: if-route-exists address in-table table-name. You could then includethe defined condition in the from statement of a policy term. This condition isavailable on all Juniper Networks platforms. A related operational modecommand, show policy conditions, displays all configured conditions as well asthe routing tables with which the configuration manager interacts. [PolicyFramework, Protocols Command Reference]

Routing Protocols

■ Change in use of special characters for routing instance names—You can nolonger use special characters within the names of routing instances. A commitcheck and upgrade to JUNOS Release 9.0 fails if you include a special characterwithin a routing instance name. The routing instance name can include letters,numbers, and hyphens. In addition, a routing instance name can now be up to128 characters long. You configure a routing instance name at the [editrouting-instances routing-instance-name] hierarchy level. The commit check isenforced wherever a routing instance name is referenced in the JUNOS CLI.

A commit check is also now enforced for firewall filter and policy statementnames. The commit check fails if these names include special characters. Youconfigure firewall filters at the [edit firewall filter filter-name] hierarchy level. Youconfigure a policy statement at the [edit policy-options policy-statement policy-name]hierarchy level. [Routing Protocols Configuration Guide, Policy FrameworkConfiguration Guide]

■ The output of the operational mode command show isis overview now includesa field that displays the time that remains before the overload timer is set toexpire. [Routing Protocols and Policies Command Reference]

■ The output of the show bgp group command has been enhanced to display thetime remaining for the timer to delay update of the multiple-exit-discriminator(MED) attribute for BGP peers or groups. [Routing Protocols and Policies CommandReference]

■ New BFD traceoptions flag—A new pipe-detail flag is supported at the [editprotocols bfd traceoptions] hierarchy level. [Routing Protocols]

■ RIPng support extended to routing instances—You can now configure routinginstances for the Routing Information Protocol next generation. Include the



statements in the [edit protocols ripng] hierarchy at the [edit routing-instancesrouting-instance-name] hierarchy. [Routing Protocols]

■ Support to disable BFD adaptation—You can now disable adaptation for theBidirectional Forwarding Detection (BFD) Protocol for all protocols that supportBFD, including static routes, IS-IS, OSPF, RIP, BGP, and PIM. To configure BFDsessions not to adapt to changing network conditions, include the no-adaptationstatement with the bfd-liveness-detection statement. Note: We recommend thatyou not disable BFD adaptation unless it is preferable for BFD adaptation not tobe enabled in your network. Disabling BFD adaptation might cause instabilitywhen network conditions change. [Routing Protocols]

■ Beginning with JUNOS Release 8.5, OSPF no longer advertises a router identifierinterface that is not configured to run OSPF as stub network in its link-stateadvertisements. [Routing Protocols]

■ Additional output for show ospf overview command—The output of theoperational mode command show ospf overview now includes a field that displaysthe time that remains before the overload timer is set to expire. [RoutingProtocols]

■ RIPv2 support for third-party next hops—When exporting routes, RIPv2 nowsupports third-party next hops specified in policies, such as Virtual RouterRedundancy Protocol (VRRP) groups. [Policy Framework]

■ MX-series routers support the VLAN Spanning Tree Protocol (VSTP)—VSTPmaintains a separate spanning tree instance for each VLAN and is compatiblewith the Per-VLAN Spanning Tree Plus (PVST+) and Rapid-PVST+ protocolssupported on Cisco Systems routers and switches. To configure VSTP, includethe vstp statement at the [edit protocols] or [edit routing-instancesrouting-instance-name protocols] hierarchy level. To enable a VSTP instance for aspecified VLAN, include the vlan statement at the [edit protocols vstp] or [editrouting-instances routing-instance-name protocols vstp] hierarchy level. [RoutingProtocols Configuration Guide]

■ The clear isis database operational mode command now supports the purgecommand. Use the purge command to discard link-state database entries forIS-IS. [Routing Protocols and Policies Command Reference]

■ Some maximum values increased for OSPF—For OSPF, the maximum valuesthat you can configure for the shortest-path-first delay and hold-down intervalshave been increased. The maximum value that you can now configure for thedelay milliseconds statement at the [edit protocols (ospf | ospf3) spf-options]hierarchy level is 8000. The default value remains 200. The maximum value thatyou can now configure for the holddown milliseconds statement at the [editprotocols (ospf | ospf3) spf-options] hierarchy level is 20,000. The default valueremains 5000. [Routing Protocols]

■ The output of the show route resolution summary command has been enhancedto include information about the reference count, contributing routing tables,and configured policies. [Routing Protocols and Policies Command Reference]



MPLS Applications

■ Only the ingress and egress routers generate traps when an LSP flaps—Whenan LSP flaps, only the ingress and egress routers of that LSP generate SNMP traps(mplsTunnelUp and mplsTunnelDown). Previously, all the routers associatedwith an LSP—that is, the ingress, egress, and the transit routers—used to generateSNMP traps when the LSP flapped. [Network Management]

■ Changes to ECMP support—Enhancements made to ECMP introduced in JUNOSRelease 8.3 are not longer supported. [MPLS Applications book]

■ Support for longer LSP names—The JUNOS software now allows you to configureLSP names that are up to 64 characters long. The mplsLspInfoList table replacesthe mplsLspList table in the Juniper Networks Enterprise-Specific MPLS MIB(mib-jnx-mpls.txt), and extends the maximum length of LSP names from 32characters to 64 characters. [Network Management]

■ New option for show ldp neighbor—The show ldp neighbor command has a newoption, neighbor-address. This option allows you to display LDP neighborinformation about a specific LDP neighbor using the LDP neighbor IP address.[Routing Protocols Command Reference]

■ mplsTunnelReoptimized trap—The mplsTunnelReoptimized trap is generatedevery time the optimization-timer expires; that is, when the optimization-timerexceeds the value set for the optimize-timer statement at the [edit protocols mplslabel-switched-path path-name] hierarchy level. [Network Management]

■ BFD on an MPLS LSP—When BFD is configured on an MPLS LSP and the LSP iscurrently using the secondary path, the revertive timer will switch back to theprimary path only after the BFD session on the primary path is up. [MPLSApplications]

■ New message in the LSP history log—A new log messages was added to theoutput for the show mpls lsp extensive command as follows: Requested bandwidthunavailable: re-optimized path. The message is generated when an LSP path thatis re-optimized fails due to bandwidth allocation. [MPLS Log Reference]

VPNs

■ Customer multicast route advertisement—When advertising BGP multicastVPN Intra-AS customer multicast (c-multicast) routes, route reflectors now setthe originator identifier to self. Also, the route preference has been changed toprefer the active IBGP multicast VPN c-multicast route over the inactive route.

■ Additional BGP command—The JUNOS software now includes a clear bgp tabletable-name command. Use this operational mode command to request that BGPrefresh routes for all routing tables or for a specific table. You can also performthis operation on all logical routers or a specific logical router. [Routing Protocolsand Policies Command Reference]

■ Extended community types in BGP—For BGP communities, when you configurethe extended community type using the community-ids statement at the [editpolicy-options community name members] hierarchy level, you must use an AS



number for the src-as type and an IP address for the rt-import type. [PolicyFramework]

■ Enhanced show route table command—The output for the show route tablerouting-table-name operational mode command has been enhanced to displaythe sender and group address for the PMSI: PIM-SM field, which displaysinformation about the PIM sparse mode provider tunnel. [Routing Protocols andPolicies Command Reference]

Class of Service

■ On M-series and T-series, when you use wildcards to configure logical interfaces,the configuration includes a default scheduler map even thoughper-logical-interface queuing is not configured and the interface does not resideon a PIC that supports logical interface queuing. [Class of Service]

Forwarding and Sampling

■ Restriction to filter group number—The filter group number option configuredunder the [edit interfaces interface-name unit logical-unit-number family family filter]hierarchy is now restricted to values from 0 to 255. Verify that existingconfigurations meet this restriction before performing an upgrade to JUNOSRelease 8.5. [Network Interfaces Configuration Guide]




Current Software Release

The current software release is Release 9.0R2. For information about obtaining thesoftware packages, see “M-series, MX-series, and T-series Upgrade and DowngradeInstructions” on page 62 or “J-series Upgrade and DowngradeInstructions” on page 65, depending on your router platform.

36 ■ Current Software Release


Resolved Issues

Software Installation and Upgrade

■ When upgrading from JUNOS Software Release 9.0R1 to JUNOS 9.1B1, the newmaster Routing Engine is upgraded; however, the old master (new backup)Routing Engine is not upgraded. As a workaround:

■ Deactivate the redundancy graceful-switchover statement at the [edit chassis]hierarchy level.

■ Deactivate the nonstop-routing statement at the [edit routing-options] hierarchylevel.

■ Use the request system add command to upgrade the old master RoutingEngine to JUNOS Release 9.1B1. [PR/272781: This issue has been resolved.]


■ Packet Forwarding Engine (PFE) notification statistics for the "options or ttlexpired (not RE-destined)" counter are increased incorrectly. [PR/64951: Thisissue has been resolved.]

■ During a Routing Engine switchover, the Flexible PIC Concentrator (FPC) mightreset multiple times. [PR/70857: This issue has been resolved.]

■ Due to changes in the JUNOS TCP/IP networking stack, the output of the showconnections command may be different from JUNOS Release 8.4 and earlier.[PR/103330: This issue has been resolved.]

■ The PCAP support for Multilink Point-to-Point Protocol (MLPP), Multilink FrameRelay (MLFR), and Multilink Fram Relay (MFR) is not available. [PR/239642: Thisissue has been resolved.]

■ On some Routing Engines, the smartd process may display the following error:“atastandbyarmset.” [PR/253775: This issue has been resolved.]

■ Using the ox option with the smartd process is not recommended on mounteddevices because it may result in unexpected behavior. [PR/255473: This issuehas been resolved.]

■ If there are a lot of aggregate next hops and BGP routes pointing at some ofthem, a quick link flap combined with the BGP route churn might cause thePacket Forwarding Engine to restart unexpectedly. [PR/268204: This issue hasbeen resolved.]

■ With certain traffic patterns, MX-series and M320 routers with 3.0 forwardingASICs might experience packet loss. To recover, you must reboot the affectedDense Port Concentrator (DPC). [PR/268274: This issue has been resolved.]

■ On a J-series router configured with an IPSec tunnel, Ethernet frames smallerthan 64 bytes might not pass through. [PR/268965: This issue has been resolved.]

■ In JUNOS software Release 8.5R1 only, when the router receives an MPLS LSPping packet, a kernel memory leak is triggered in the network packet buffer and,

Current Software Release ■ 37


upon exhaustion, packet transfer is not possible between the Routing Engineand the Packet Forwarding Engine. [PR/273024: This issue has been resolved.]

■ On a T1600 router, the Link Aggregation Control Protocol (LACP) does not workon the following Ethernet interfaces: 10x1 Gigabit Ethernet, IQ2, or Fast Ethernet.[PR/274586: This issue has been resolved.]


■ If you use the NETCONF API to modify the configuration database when it hasbeen locked by another NETCONF session, or if you try to delete a configurationstatement that does not exist, the NETCONF server returns both the <rpc-error>and <ok/> tag elements as children of the <rpc-reply> tag element. [PR/62664:This issue has been resolved.]

■ JUNOS devices cannot be managed by Session and Resource Control (SRC)software. [PR/273117: This issue has been resolved.]

■ When you use the configure private command and then change two static routesat the same time at the [routing-options static] hierarchy level, the commit mayfail. As a workaround, configure one static route at a time. [PR/273251: Thisissue has been resolved.]

■ When the MX240 DC chassis is in a slightly elevated temperature environmentwith the fans in high speed, the show chassis environment command might hang.As a workaround, terminate the CLI session by typing CTRL+C to open a newCLI session. [PR/274015: This issue has been resolved.]


■ On M20 routers, when you start the router with Routing Engine 0 and Systemand Switch Board (SSB) 0 as master components, issue the request chassisrouting-engine master switch command, and then log in to Routing Engine 1 andissue the request chassis ssb master switch and request system reboot commands,the ONLINE LED might remain lit on both SSBs. [PR/74283: This issue has beenresolved.]

■ When you configure the default-address-selection statement at the [edit system]hierarchy level, Routing Engine graceful restart may cause gateway GPRS supportnode (GGSN) services to be unreachable. [PR/232197: This issue has beenresolved.]

■ Input statistics for aggregated Ethernet interfaces incorrectly report zero,regardless of input traffic volume. [PR/266271: This issue has been resolved.]

■ The chassis LED status returned by the MIB jnxLEDState does not reflect theactual chassis alarm LED. [PR/266326: This issue has been resolved.]

■ SFPCs caused the warning message “WARNING: Unknown FPC 0x1f4” whenchecking PIC compatibility. [PR/266854: This issue has been resolved.]

■ When there is an Address Resolution Protocol (ARP) entry for Virtual IP (VIP),Virtual Router Redundancy Protocol (VRRP) might not respond to ARP requests



for VIP while transitioning to master state. [PR/268627: This issue has beenresolved.]

■ An error in the chassis process (chassisd) causes a small memory leak when theshow chassis hardware extensive command is executed. [PR/268925: This issuehas been resolved.]

■ On an MX Platform, when a lot of traffic is going to the Routing Engine and theroute changes, the Dense Port Concentrator (DPC) might trigger an assertionwithout producing a core dump. [PR/269699: This issue has been resolved.]

■ When you configure multiple interfaces with the vlan-id-range statement andcover a large number of VLAN IDs, the Dense Port Concentrator (DPC) mightrestart unexpectedly. [PR/271456: This issue has been resolved.]

■ In 9.0R1, you can configure only 4096 Layer 2 Tunneling Protocol (L2TP) sessionswith shapers and policers. [PR/273804: This issue has been resolved.]

Routing Protocols

■ Kernel replication might fail when a pending change on a virtual loopback tunnel(VT) interface is replicated. [PR/69862: This issue has been resolved.]

■ The redistribution of OSPF point-to-point (P2P) LAN interfaces from a routinginstance into the main routing instance can fail, displaying the following logmessage: “Jan 23 15:24:50 router rpd[6063]: cannot perform nh operationADDANDGET nhop 0.0.0.0 type unicast index 0 errno 45.” As a workaround,redistribute the interfaces routes within the routing instance into the main routinginstance. [PR/271130: This issue has been resolved.]

■ The routing process can restart unexpectedly if it receives a BGP flow NRLIspecification with an undefined subcomponent type. [PR/274421: This issue hasbeen resolved.]

MPLS Applications

■ The system can leak next-hop resources when RSVP link protection is enabled.[PR/265295: This issue has been resolved.]

VPNs

■ An interoperability issue exists between NetScreen-specific features (NHTB) andJUNOS Enhanced Services. [PR/274937: This issue has been resolved.]

Class of Service

■ On MX-series Ethernet Services routers, if you apply class of service (CoS) to anintegrated routing and bridging (IRB) interface within a VPLS domain using virtualloopback tunnel (VT) interfaces, traffic from remote customer edge (CE) routersmight not be forwarded during a graceful Routing Engine switchover. As aworkaround, modify your VPLS domain to use LSI interfaces by including theno-tunnel-services statement at the [edit routing-instances instance-name protocolsvpls] hierarchy level. [PR/252468: This issue has been resolved.]



■ On MX960 routers, the class-of-service process does not provide informationabout SNMP objects whose names begin with "jnxCosQstat." As a result, SNMPqueries on those objects fail with an error message. [PR/269419: This issue hasbeen resolved.]


■ On M120 and MX-series routers, if you configure both a firewall filter and interfacesampling for ingress traffic on the same interface (by including both the filterand sampling statements at the [edit interfaces interface-name unitlogical-unit-number family inet] hierarchy level), the interface discards all incomingpackets. As a workaround, implement input sampling as an action in the thensection of a firewall filter. [PR/103206: This issue has been resolved.]

■ If a term in a firewall filter specifies a range of values for a source or destinationaddress or port, the filter might not match packets as expected. As a workaround,define the addresses and ports explicitly. [PR/265023: This issue has beenresolved.]

Outstanding Issues

Software Installation and Upgrade

■ For hard disks that were originally formatted by JUNOS Release 4.4 or earlier,after you issue the request system snapshot partition command, the router cannotboot from the hard disk. As a workaround, issue the request system snapshotcommand before upgrading. [PR/36742]


■ When the Monitoring Services PIC is overloaded, the output from the showservices accounting flow-detail command might freeze. [PR/32896]

■ On T-series platforms, a Layer 2 maximum transmission unit (MTU) check is notsupported for MPLS packets exiting the routing platform. [PR/46238]

■ When you configure a source class usage (SCU) name with an integer (forexample, 100) and use this source class as a firewall filter match condition, theclass identifier might be misinterpreted as an integer, which might cause thefilter to disregard the match. [PR/50247]

■ When a Monitoring Services PIC is overloaded with traffic, the FPC might takethe PIC offline and repeatedly send the same error message. The error messagedoes not affect normal operation of the FPC and other PICs. As a workaround,restart the FPC and bring the PIC online. [PR/55981]

■ If you configure several DNS servers by including the name-server statement atthe [edit system] hierarchy level, the JUNOS software uses only the first threeconfigured DNS servers. [PR/59172]

■ On a Monitoring Services III PIC configured as a dynamic flow capture (DFC)interface (dfc-fpc/pic/port), when you configure the DFC interface as the next



hop in a forwarding path, port-mirrored packets might become corrupted.[PR/60799]

■ If you configure 11 or more logical interfaces in a single VPLS instance, VPLSstatistics might not be reported correctly. [PR/65496]

■ In a routing matrix configured for graceful Routing Engine switchover (GRES),when the master Routing Engine of a T640 routing node (line-card chassis, orLCC) enters debug mode, it does not release mastership. [PR/66308]

■ When a large number of kernel system log messages are generated, the loginformation might become garbled and the severity level could change. Thisbehavior has no operational impact. [PR/71427]

■ On M320 and T-series routing platforms, there is a process that monitors FPCswhile they transition to an online state. If an FPC is busy and cannot completethe transition within the time limit, the process might time out and prevent theFPC from coming online. [PR/72364]

■ If you configure the same IPv6 address on the fxp0 interface and another publicinterface within the same routing instance, the backup Routing Engine mightrestart. [PR/72573]

■ On M320 and T-series routing platforms, when you configure the local gatewayof an IPSec tunnel in a routing instance, IPSec might not function properly overa generic routing encapsulation (GRE) tunnel. [PR/73864]

■ When a packet’s outer label is set to explicit null and the S bit is not set, the LSPping command does not work. The JUNOS software does not comply withRFC 4182, Removing a Restriction on the use of MPLS Explicit NULL. [PR/74963]

■ In the situation where a Link Services (LS) interface to a CE router appears inthe VPN routing and forwarding table (VRF table) and if fragmentation is required,Internet Control Message Protocol (ICMP) cannot be forwarded out of the LSinterface from a remote PE router that is in the VRF table. As a workaround,include the vrf-table-label statement in the configuration. [PR/75361]

■ For J-series Services Routers, if you send a real-time performance monitoring(RPM) probe through an IPSec tunnel and the probe includes thehardware-timestamp statement at the [edit services rpm probe owner-name testtest-name] hierarchy level, RPM icmp-ping type probes might not work. [PR/75927]

■ When you configure the router to log activity with a firewall filter or performRouting Engine-based sampling, and heavy traffic passes through the router, thefollowing error message might be displayed: “PKTR DMA age error cell counterincremented.” The error indicates that there might be some packet loss in firewallfilter logging or Routing Engine-based sampling. However, transit traffic is notaffected. [PR/78712]

■ On M160 routers, if the router generates the system log message “router fpcXDXO: Plane 2, links inactive (0x00),” traffic loss and loss of routing protocoladjacencies might occur. [PR/78795]

■ On M160 and M40e routers, a hardware error on the Switch Fabric Module (SFM)might cause the board to reboot. [PR/79236]

■ On the T-series routing platform, when you include the no-labels statement atthe [edit forwarding-options hash-key family mpls] hierarchy level, the statement



is added to the configuration; however, MPLS labels are still included in the hashkey. [PR/80334]

■ For Gigabit Ethernet intelligent queuing (IQ) PICs installed in M-series and T-seriesrouting platforms, system log messages for SFP receive power, laser bias, andtemperature alarms might alternate between set and clear. These messages aremostly cosmetic and do not affect performance of the routing platform.[PR/80393]

■ On Fast Ethernet and Gigabit Ethernet PICs, LACP is not supported on anaggregated Ethernet interface that is configured with either extended-vlan-vplsencapsulation or ethernet-vpls encapsulation. As a workaround, use vlan-vplsencapsulation on the aggregated Ethernet interface. This limitation does notapply to aggregated Ethernet interfaces configured on Gigabit Ethernet IQ2 PICs.[PR/94480]

■ When aggregated Ethernet interfaces are handling a large volume of multicasttraffic, the kernel might generate system log messages that include the followingtext: “request type type did not expect ipc reply type type subtype subtypeuniquifier uniquifier.” [PR/95931]

■ A firewall filter that matches the forwarding class of incoming packets (that is,includes the forwarding-class class-name statement at the [edit firewall filterfilter-name term term-name from] hierarchy level) might incorrectly discard trafficdestined for the Routing Engine. Transit traffic is handled correctly. [PR/97722]

■ On T-series platforms, if you include the indirect-next-hop statement at the [editrouting-options forwarding-table] hierarchy level for VPN routes, routing ASIC SRAMutilization increases by approximately 30 percent. [PR/98738]

■ When graceful Routing Engine switchover (GRES) and multicast are bothconfigured on a router, the master Routing Engine kernel might dump corebecause of inconsistencies between the multicast forwarding database on themaster Routing Engine and the multicast forwarding database on the backupRouting Engine. [PR/100795]

■ When using aggregate bundles with FRR, it takes about 10 to 16 seconds packetloss when one of the member links fail. [PR/101295]

■ On J-series Services Routers, you cannot use a USB device that provides U3features (such as the U3 Titanium device from SanDisk Corporation) as the mediadevice during system boot. You must remove the U3 support before using thedevice as a boot medium. For the U3 Titanium device, you can use the U3Launchpad Removal Tool on a Windows-based system to remove the U3 features.The tool is available for download athttp://www.sandisk.com/Retail/Default.aspx?CatID=1415. (To restore the U3 features,you can use the U3 Launchpad Installer Tool accessible athttp://www.sandisk.com/Retail/Default.aspx?CatID=1411.) [PR/102645]

■ When you enable point-to-multipoint (P2MP) LSPs over an outgoing aggregatedEthernet (AE) interface that is configured with circuit cross-connect (CCC)switching, the LSP fails to forward traffic and you receive the following error:“nh_ucast_add.” As a workaround, first disable the AE interface and P2MP LSPs,then, activate the AE interface and the LSPs (in that order). Finally, clear theRSVP session for that LSP. [PR/105884]

■ Juniper Networks does not currently support dynamic ARP resolution on Ethernetinterfaces that are designated for port mirroring. This causes the Packet



http://www.sandisk.com/Retail/Default.aspx?CatID=1415

http://www.sandisk.com/Retail/Default.aspx?CatID=1411

Forwarding Engine to drop mirrored packets. As a workaround, you can configurethe next-hop address as a static ARP entry by including arp ip-address statementat the [edit interfaces interface-name] hierarchy level. [PR/237107]

■ In certain rare circumstances, an M-series router might generate a core file andrestart when it tries to determine the best match for a specified route prefix.[PR/239837]

■ If Layer 2 encapsulation is larger than 34 bytes, the Packet Forwarding Enginemight restart unexpectedly. [PR/240080]

■ When the management interface (fxp0) initialization does not complete, theinterface loses network connectivity and does not respond to any commandswithin the timeout period of 10 milliseconds. [PR/253479]

■ On an MX platform, if the first interface has family MPLS configured, a DPC witha 10x1GE interface might report the same interface statistics on all ports of thesame PIC slot . As a workaround don't have a family interface configured on thefirst port of the PIC slot. [PR/262607]

■ When you change the interface configuration from point-to-point encapsulationto Frame Relay encapsulation, the routing platform kernel might generate a corefile and stop operating. [PR/265025]

■ On T640, T320, and M320 routers, if you take an FPC offline during an ISSUboot, other FPCs in the router might crash. This happens when transit traffic isflowing from the other FPCs towards the offline FPC. [PR/268294]

■ On a J-Series platform running Release 8.5R2, the value displayed for idle CPUutilization is not correct. This is only a display issue, and does not affect routeroperation. [PR/275541]

■ On a J-series router, when you issue the set chassis fpc 0 pic 0 mlfr-uni-nni-bundlescommand, FPC 0 might go offline. [PR/279348]


■ A user cannot log in to the J-Web client through RADIUS or TACACS authenticationif the user profile already has authorization parameters specified on the serverside. As a workaround, ensure that the user profile parameters are not specifiedor are set with empty values on the server. [PR/94445]

■ The logical router administrator can modify and delete master administratoronly configurations by performing local operations such as issuing the loadoverride, load replace, and load update commands. [PR/238991

■ When an M-series or T-series router is upgraded from JUNOS to JUNOS-FIPS, therequest system snapshot command does not work. As a workaround issue arequest system snapshot force-fmt command from the shell. This issue is notpresent for upgrades from an older version of JUNOS-FIPS to a newer version ofJUNOS-FIPS. [PR/252640]




■ On aggregated SONET/SDH interfaces, the counter for drops and errors in theshow interfaces command output does not display the correct value, because thecounter does not collect data from the constituent interfaces within the aggregate.[PR/23577]

■ On ATM interfaces, when the IP address of a remote device is changed, theoutput of the show ilmi interface command on the local routing platform mightcontinue to display the old IP address for the remote device. [PR/24126]

■ On channelized E1 interfaces, you might be able to configure clocking onds-fpc/pic/port:n interfaces, where n is not unit 0. This is an invalid configurationand might cause a clocking selection problem on the other channels. [PR/24722]

■ If virtual channel identifiers (VCIs) for a large number (approximately 400) ofvirtual connections (VCs) on an ATM DS3 interface are changed frequently, theinterface might mishandle the ATM cells. As a result, OSPF and IS-IS neighboradjacencies might not remain stable. [PR/25639]

■ On a 2-port OC12 ATM2 IQ interface, the total virtual path (VP) downtime mightnot appear correctly in the show interfaces command output. [PR/27128]

■ On a 2-port OC12 ATM2 IQ interface, if you configure and then change the virtualpath (VP) setting, the SNMP jnxAtmVpTotalDownTime counter might be reset.[PR/27131]

■ On an OC3 ATM2 intelligent queuing (IQ) interface, when you configure a shapingrate greater than the speed of the OC3 link and commit the configuration, theactual shaping rate might be less than the interface speed. [PR/27459]

■ On the ATM2 IQ PIC, when you configure the atm-l2circuit-mode statement atthe [edit chassis fpc slot-number pic pic-number] hierarchy level, the control wordsequence number is not reset to 1 after the transmit sequence number reaches65,535. [PR/31669]

■ On M20 and M40 routers, when a physical layer problem affects a SONET/SDHinterface, carrier transition statistics might not increment correctly in the outputof the show extensive interfaces command. [PR/33325]

■ When you configure both the bundle link and constituent links at the [editlogical-routers logical-router-name interfaces] hierarchy level, the constituent linksdo not come up. As a workaround, configure the constituent links at the [editinterfaces] hierarchy level. [PR/35578]

■ On ATM2 DS3 and E3 interfaces, when you configure ATM point-to-multipointpermanent virtual circuits (PVCs), the following error messages might appear inthe system log: “/kernel: RT_COS: COS IPC op 4 (CLASS TO IFL) failed, err 1(Unknown),” “ssb BCHIP 0: invalid entry type 127 at stream 8 channel 0 for ifl83,” and “ssb COSMAN: mapping table bind to ifl 83 failed.” There is nooperational impact. [PR/36524]

■ When an ATM interface configured for circuit cross-connect (CCC) encapsulationreceives MPLS packets that exceed 484 bytes, the packets can overflow the buffer



and cause the ATM PIC to hang. As a workaround, take the PIC offline and bringit back online. [PR/39918]

■ When you apply an IPSec firewall filter to match traffic sent across a genericrouting encapsulation (GRE) tunnel and originating from the local routing platform,the local traffic is dropped. Transient traffic is not affected. [PR/44871]

■ On channelized T3 interfaces, the T1 loopback state does not reflect loopbacksset by facilities data link requests using the remote-loopback-respond statementat the [edit interfaces interface-name t1-options] hierarchy level. [PR/45837]

■ On a Link Services PIC with Multilink Frame Relay (MLFR) configured, the pingcommand might fail when the data-link connection identifier (DLCI) is greaterthan 335. [PR/49567]

■ On a Link Services PIC, the CLI might incorrectly allow you to configure a logicaltunnel interface (interface identifier lt); the resulting interface might not workcorrectly. [PR/49818]

■ If an MLPPP LSQ bundle carries a large volume of link fragmentation andinterleaving (LFI) traffic and a small proportion of multilink traffic, packets mightbe dropped on the egress constituent links. [PR/56664]

■ For ISDN dialer interfaces in a J-series Services Router, when you configure theno-keepalives statement at the [edit interfaces dl0 unit logical-unit-number] hierarchylevel and you issue the show interfaces dl0 command, the Link flags field mightstill show Keepalives. [PR/58520]

■ On an ISDN interface in a J-series Services Router, if you include the vrf-table-labelstatement at the [edit routing-instances instance-name] hierarchy level, packetsmight be dropped from the connection. [PR/59718]

■ On an ISDN dialer interface in a J-series Services Router, if you include theminimum-links statement at the [edit interfaces dl0 unit logical-unit-number]hierarchy level and then deactivate the BRI interface associated with the dialerinterface, the output packets counter displayed in the output of the show interfacesdl0 command might continue to increment. [PR/59986]

■ On an ISDN dialer interface in a J-series Services Router, when you include theload-threshold 100 statement at the [edit interfaces dl0 unit logical-unit-numberdialer-options] hierarchy level and the 56-Kbps bandwidth threshold is exceeded,the interface does not support additional network traffic and might not activateanother BRI interface. [PR/60045]

■ If you configure IS-IS, MPLS, and graceful Routing Engine switchover (GRES) anda switchover event occurs, the routing platform might end the PPP IP ControlProtocol (IPCP) sessions and renegotiate them if the remote side changed interfaceMTU settings before the switchover event. [PR/61121]

■ If you configure graceful Routing Engine switchover and issue the request chassisrouting-engine master acquire command, in rare cases the master Routing Enginemight fail to relinquish mastership, or the switchover to the backup RoutingEngine might take up to 360 seconds. [PR/61821]

■ For Automatic Protection Switching (APS) on SONET/SDH interfaces, there areno operational mode commands that display the presence of APS modemismatches. An APS mode mismatch occurs when one side is configured to use



bidirectional mode, and the other side is configured to use unidirectional mode.[PR/65800]

■ For aggregated Ethernet interfaces on T640 and TX Matrix platforms, the showinterfaces extensive command sometimes reports extremely large incorrect valuesin the Dropped packets column of the Queue counters output. As a workaround,issue the clear interfaces statistics command. [PR/65857]

■ J4350 and J6350 Services Routers might not have enough data buffers to meetexpected delay-bandwidth requirements. Lack of data buffers might degradeCoS performance with smaller-sized packets (500 bytes or less). [PR/73054]

■ On the M120 router, for a Forwarding Engine Board (FEB) redundancy groupthat does not have a primary FEB configured, when a switchover from anonprimary FEB occurs, the backup FEB does not reboot, and the Flexible PICConcentrators (FPCs) connected to the previously active FEB remain online. Thebackup FEB could take minutes to obtain the entire forwarding state from theRouting Engine following a switchover. If you do not want the interfaces toremain online during the switchover for a nonprimary FEB, configure a primaryFEB for the redundancy group at the [edit chassis redundancy feb] hierarchy level.[PR/80946]

■ On J4350 and J6350 Services Routers, if the MTU is set to more than 6 KB for abuilt-in Gigabit Ethernet port or a 1-port Gigabit Ethernet ePIM, packets mightbe discarded with an FCS error. [PR/82245]

■ If you ping a nonexistent IPv6 address that belongs to the same subnet as anexisting point-to-point link, the packet loops between the two point-to-pointinterfaces until the time to live expires. [PR/94954]

■ If the delay between VRRP advertisement packets is set to a small value (suchas 100 ms) for a number of VRRP groups, and the router configuration is changedand committed several times in quick succession, the VRRP mastership statemight be unstable. In other words, if the value of the fast-interval statement atthe [edit interfaces interface-name unit logical-unit-number family inet address addressvrrp-group group-number] hierarchy level is 100 for several VRRP groups, andconfiguration changes are committed several times in quick succession (evenchanges at other levels of the hierarchy), a VRRP backup router might assumemastership and immediately release it again. As a workaround, set the value ofthe fast-interval statement to 300 or higher. [PR/102111]

■ The output of the show interfaces diagnostics optics command includes the Laserrx power low alarm field even if the transceiver is a type (such as XENPAK) thatdoes not support this alarm. [PR/103444]

■ When you issue a show chassis ether-switch statistics command while redundancyis enabled, there is a loss of communication between the two redundant RoutingEngines for about 2 seconds. [PR/233779]

■ When graceful Routing Engine switchover is enabled and you use the requestsystem reboot command to reboot the master Routing Engine, if an FPC does



not establish its connection to the new master Routing Engine before the previousmaster shuts down, the FPC restarts. [PR/234207]

■ On a serial interface transmitting either 64–byte or 128–byte packets, theeffective bandwidth falls when the interface is highly oversubscribed. [PR/235753]

■ When graceful Routing Engine switchover is enabled and the backup RoutingEngine is taken offline, a CHASSISD_SNMP_TRAP message might not begenerated. [PR/238797]

■ On MX, M320, and T-series platforms, statistics may disappear when the PacketForwarding Engine and the Flexible PIC Concentrators (FPCs) are taken offline.As a workaround, save the Packet Forwarding Engine statistics in the kernel.[PR/240026]

■ On a T640 and a T1600 router with a 10-Gigabit Ethernet LAN/WAN PIC withan XFP configured in WAN-PHY mode, the output from the show chassis hardwarecommand and show chassis pic fpc-slot slot-number pic-slot slot-number commandmight display a supported XFP transceiver as UNKNOWN. Contact the JuniperNetworks Technical Assistance Center (JTAC). [PR/256521]

■ Configuring an interface IPv6 address as preferred or primary will generate alog similar to “DCD_CONFIG_WRITE_FAILED: Interface interface-name,configuration write failed for an IFA CHANGE: Operation not supported."[PR/258531]


■ The output of the show services nat pool command displays duplicate entries fora single Network Address Translation (NAT) pool. [PR/34678]

■ The show services accounting flow-detail extensive command sometimes displaysincorrect information about input and output interfaces. [PR/40446]

■ When you configure intrusion detection service (IDS) on J-series platforms,including the threshold statement at the [edit services ids rule rule-name termterm-name then logging] hierarchy level has no effect. [PR/46577]

■ On Adaptive Services PICs configured for IPSec tunnel redundancy, if there area large number of tunnels, sometimes a few of the tunnels might switch over tothe backup tunnel. [PR/46733]

■ On routing platforms configured for Internet Key Exchange (IKE)-based IPSec,if a remote peer using other vendors’ equipment does not renegotiate the IKEsecurity association (SA) when it is about to expire and continues to send deadpeer detection (DPD) requests on the same SA, the routing platform might notbe able to reply to these messages. [PR/47004]

■ If the socket buffer becomes full on a remote router, you cannot clear all theIPSec security associations (SAs) from the router. [PR/55189]

■ When a routing platform is configured for graceful Routing Engine switchoverand Adaptive Services (AS) PIC redundancy, and a switchover to the backupRouting Engine occurs, the redundant services interface (rsp-) always activates



the primary services interface (sp-), even if the secondary interface was activebefore the switchover. [PR/59070]

■ On Monitoring Services I and Monitoring Services II PICs, if the export channelto the external cflowd collector is closed, cflowd records might be lost. As aworkaround, restart the PIC. [PR/59432]

■ On Monitoring Services II PICs configured for flow collection services, duringmemory overload conditions, the flow collector interface might create files lackingcflowd records, and these files might not be sent to the external FTP server.[PR/62599]

■ When you modify a flow collection configuration and commit the changes, thesystem log might contain error messages regarding the commit operation. Thesemessages do not affect the operation of the router and can be ignored. [PR/64201]

■ On J-series Services Routers, an SNMP query returns a zero value for the datalink switching (DLSw) MIB object dlswTConnTcpConfigKeepAliveInt even if youimplement keepalives. [PR/70002]

■ For Adaptive Services II PICs, even if you do not configure flow collector services,a temporary file might be created every 15 minutes in the /var/log/flowc/directory. The file is deleted if there are no clients, and re-created only when aclient connects and attempts to write to the file. [PR/75515]

■ The destination IP address assigned to a VP interface can be a duplicate of theaddress assigned to another interface on the router. This can cause issues withforwarding traffic appropriately to the VP interface. [PR/75535]

■ On J4350 and J6350 Services Routers, when you insert a Telephony GatewayModule (TGM) 550 PIM and the PIM is in a reset state, the router might notrespond to any show chassis commands for up to 5 seconds. [PR/78695]

■ In BIOS configuration mode, pressing the F10 key to complete a save and exitdoes not work as expected. The alternative to using the F10 key is to use theSave and Exit option from the Exit menu. Regardless of which J-series image isloaded on the router, this issue can be seen on the J4350 and J6350 routers withBIOS Version 080011 and on the J2320 and J2350 routers with BIOS Version080012. [PR/237721]

■ The Clear NVRAM option in BIOS configuration mode does not work as expected.Regardless of which J-series image is loaded on the router, this issue can be seenon the J4350 and J6350 routers with BIOS Version 080011 and on the J2320 andJ2350 routers with BIOS Version 080012. To help address this issue, you needto note any changes you make to the BIOS configuration. This allows you torevert to the default BIOS configuration when needed. [PR/237722]

■ If PPP keepalives are not configured on an ERX router used as an L2TP accessconcentrator (LAC) or on the client, Layer 2 Tunneling Protocol (L2TP) MultilinkPoint-to-Point Protocol (MLPPP) sessions may not come up correctly after youclear the PIC or take the PIC offline and online. As a workaround, configurePoint-to-Point Protocol (PPP) keepalives in the range of 30 seconds. Larger valuesfor PPP keepalives may also result in lost sessions. [PR/274066]

■ A Multiservices PIC running cRTP may crash and dump core when a large numberof contexts are established. [PR/27700]



Routing Protocols

■ When you include the as-path atomic-aggregate statement at the [editrouting-options aggregate defaults as-path] hierarchy level to manually add theATOMIC_AGGREGATE attribute on a BGP AS path, the attribute is not added.[PR/2527]

■ When you issue the show pim statistics command to view traced PIM protocoltraffic, messages sent to the rendezvous point (RP) might not increment theRegister counter. [PR/13887]

■ When you issue the mtrace command from a UNIX client, the router does notrespond to a query that requires multicast response, but responds correctly toany query that requires unicast response. As a result, the first two probes timeout. The third probe is the unicast response probe, which usually succeeds.[PR/17237]

■ The CLI allows you to commit a configuration that specifies a value higher than32 for the metric statement at the [edit protocols dvmrp interface all] hierarchylevel, but values higher than 32 are invalid. [PR/33429]

■ If a router receives a Pragmatic General Multicast (PGM) Source Path Message(SPM), it does not create a forwarding cache, nor does it forward the messageto other routers as a heartbeat, as specified in RFC 3208. Also, the router’smulticast cache might time out if it does not receive actual PGM data (ODATA)for more than 6 minutes. As a workaround, configure the PGM source applicationto send PGM ODATA at least once every 6 minutes. The ODATA acts as theheartbeat message in lieu of the SPM messages and ensures that the multicastand forwarding caches are created and updated. [PR/37504]

■ If you configure the sham-link statement at the [edit routing-instances instance-nameprotocols ospf area] or [edit routing-instances instance-name protocols ospf]hierarchy level on a provider edge (PE) router, extraneous OSPF link-stateadvertisements (LSAs) might be added. In some cases, this can result in a routingloop between the customer edge (CE) and PE routers. [PR/40000]

■ When you configure damping globally and use the import policy to preventdamping for specific routes, and a new route is received from a peer with thelocal interface address as the next hop, the route is added to the routing tablewith default damping parameters, even though the import policy has a nondefaultsetting. As a result, damping settings do not change appropriately when the routeattributes change. [PR/51975]

■ When the Internet Group Management Protocol (IGMP) multicast listenerdiscovery (MLD) source-specific multicast (SSM)-map feature is enabled on a LANinterface with multiple receiving hosts, the router might continue to forwardtraffic for the group until the IGMP group membership timeout interval expires,even though all receivers might have already left the group. [PR/61538]

■ When you issue the show ldp traffic-statistics command, the following systemlog message might be generated for all forwarding equivalence classes (FECs)



with an ingress counter set to zero: “send rnhstats GET: error: ENOENT -- Itemnot found.” [PR/67647]

■ If ICMP tunneling is enabled on the router and you configure a new logical routerthat does not have ICMP tunneling enabled, the feature is globally disabled.[PR/81884]

■ When routes are exported into OSPF and then OSPF is deactivated, the routingprotocol process (rpd) might generate a core file and stop operating. [PR/232362]

■ When PIM receives an (*,G) leave and an (S,G) join for an (S,G) entry that hasbeen pruned and when the neighbor entry is deleted, the JP state for the (S,G)join is not deleted, resulting in PIM going into an infinite loop. [PR/235978]

■ When you commit a new configuration for nonstop routing (NSR) on a primaryRouting Engine that differs from the configuration for NSR that is already runningon the backup Routing Engine, the routing protocol process stops functioningon the backup Routing Engine only. Traffic forwarding is not affected.[PR/254379]

MPLS Applications

■ If you configure a label-switched path (LSP) with the no-cspf statement at the[edit protocols mpls] hierarchy level, the LSP might cycle up and down severaltimes before stabilizing. [PR/10415]

■ If a circuit cross-connect (CCC) traverses a forwarding adjacency (FA)label-switched path (LSP), traffic forwarding might be affected. [PR/60088]

■ RSVP graceful restart does not function for LSPs that have a forwarding adjacency(FA) label-switched path (LSP) as a next hop. [PR/60256]

■ When you modify the primary path for an MPLS LSP by using the delete protocolsmpls label-switched-path lsp-path-name primary path-name command inconfiguration mode, followed by the set protocols mpls label-switched-pathlsp-path-name primary path-name command, and then issue the commit command,the entire LSP (both primary and secondary) is torn down and then rebuilt fromscratch. As a workaround, issue the delete protocols mpls label-switched-pathlsp-path-name primary path-name command in configuration mode followed bythe commit command. Then issue the set protocols mpls label-switched-pathlsp-path-name primary path-name command followed by the commit command.[PR/62365]

■ When you enable per-packet load balancing on parallel label-switched paths(LSPs), the output of the show mpls lsp ingress command might display all theroutes on only one of the LSPs even when traffic is evenly balanced across theLSPs. [PR/70487]

■ When multiple (greater than 5) link-protected or node-link-protected LSPs to thesame destination are used with per-packet load balancing, it is possible for somebypass next hops to not be part of the active route. This can occur after a primarylink flap. [PR/259219]



VPNs

■ When you modify the frame-relay-tcc statement at the [edit interfacesinterface-name unit logical-unit-number] hierarchy level of a Layer 2 VPN, theconnection for the second logical interface might not come up. As a workaround,restart the chassis process (chassisd) or reboot the router. [PR/32763]

■ Traffic might not flow when an ATM interface is used as the access circuit on anM120 router. [PR/255160]

Class of Service

■ When you configure an ES PIC, a message similar to the following might bewritten to the system log: “fpc0 LCHIP(3): Unable to fathom what channel usedby IFD id.” There is no operational impact. [PR/36184]

■ If you deactivate or activate an aggregated Ethernet interface, the PacketForwarding Engine might report errors. [PR/50090]

■ When a logical tunnel (lt) interface is the outbound interface, JUNOS softwaredoes not support the IEEE 802.1p rewrite rule. [PR/55903]

■ If you try to configure a scheduler map containing two forwarding classes thatare mapped to the same queue, the class-of-service scheduler is not applied tothe Packet Forwarding Engine. As a workaround, configure a single forwardingclass for each available queue. [PR/57907]

■ On M-series routers connected by VLAN circuit cross-connects (CCCs) andconfigured with class of service (CoS), when explicit forwarding (EF) traffic isgenerated from the ingress customer edge router (CE1) to the egress customeredge router (CE2), the ingress provider edge router (PE1) properly marks thepackets with default EXP bits and sends the packets out queue 1, but theintermediary core router forwards all traffic through queue 0 instead of sendingit through the EF queue. As a workaround, include the no-control-word statementat any of the following hierarchy levels: [edit logical-routers logical-router-nameprotocols l2circuit neighbor address interface interface-name], [edit protocols l2circuitneighbor address interface interface-name], [edit logical-routers logical-router-namerouting-instances routing-instance-name protocols l2vpn], or [edit routing-instancesrouting-instance-name protocols l2vpn]. [PR/65280]

■ When you configure a specific classifier for a logical unit, it does not overridethe fixed classifier configured using wildcards. [PR/68888]

■ If you configure CoS traffic control profiles on every logical interface by usingthe * wildcard to represent the interfaces, the configuration cannot be committed.In other words, the commit fails if you include the input-traffic-control-profile and



output-traffic-control-profile statements at the [edit class-of-services interfacestype-fpc/pic/port *] hierarchy level. [PR/100690]

■ When you configure the EXP classifiers to a routing instance, the class-of-service(CoS) process (cosd) might dump core. [PR/101490]

■ On MX/M120 platforms, when the transmit rate percentage is larger than thedata buffer size percentage under a scheduler configuration, the buffer sizedefined cannot limit the data buffer queue size. [PR/233213]

■ On MX-series routers, when you configure VPLS over an LSI interface,classification does not work on the egress PE router for traffic flowing from thecore of the network to the egress CE router. [PR/240777]

■ Individual rewrite rules cannot override the group override configuration inJUNOS 8.4 and higher releases. [PR/261229]

■ On the MX960, bandwidth sharing across high priority and strict-high priorityschedulers might not be as expected. This issue occurs when the schedulers areconfigured on logical interfaces. [PR/265603]


■ On M320 and T-series routing platforms, when you configure interface outputsampling, packets sometimes might travel through the output firewall. As aworkaround, configure a firewall filter on the output interface with the thensample statement and the then next term statements. The workaround providesthe same functionality as the other configuration, but avoids the problembehavior. [PR/70473]

■ On MX-series routers running JUNOS Release 8.4 and later, entries in the MACaddress table expire three times faster than on MX-series routers running JUNOSRelease 8.3 and earlier, and on M-series and T-series routing platforms runningany release of the JUNOS software (including JUNOS Release 8.4 and later). Toconfigure the correct effective value on MX-series routers running JUNOS Release8.4 and later, specify a value for the mac-table-aging-time statement at the [editprotocols l2-learning] hierarchy level that is three times the desired value. Forexample, if you want the expiration time to be 15 seconds, specify 45 seconds.[PR/241485]

■ If the last statement of a firewall filter is next term and a next term is notconfigured or applied to an interface, the configuration cannot be committedbecause the commit check fails. [PR/256375]

■ The implicit DHCP firewall filter will be removed from all interfaces once thereare configuration changes at the firewall or interface hierarchy level. [PR/261009]


■ The extended Dynamic Host Configuration Protocol (DHCP) relay agent featuredoes not function properly on a nondefault logical router. This means thatalthough the JUNOS CLI permits you to include the dhcp-relay statement at thefollowing hierarchy levels, the feature does not work properly when you do so:

■ [edit logical-routers logical-router-name forwarding-options]

■ [edit logical-routers logical-router-name routing-instances]



■ [edit logical-routers logical-router-name routing-instances routing-instance-nameforwarding-options]

[PR/82275]

Network Management

■ The following groups of MIB objects do not segregate the data they returnaccording to the routing instance specified in an SNMP request: vrrpMIB,jnxCosIfqStatsTable, and jnxCosQstatTable. [PR/63045]

Previous Releases

Resolved Issues

The following issues have been resolved since JUNOS Release 8.5R2. The identifierfollowing the description is the tracking number in our bug database.


■ The MultiServices PIC might not work correctly when the PIC is loaded andfrequent commands related to the PIC are issued. [PR/81826: This issue hasbeen resolved.]

■ When IPSec is configured on a logical interface and the protocol family is IPv6,graceful Routing Engine switchover (GRES) might fail if an MTU change isattempted on that interface. [PR/230128: This issue has been resolved.]

■ J-series multilink interfaces behave well when fragments are in round-robinfashion and arrive in order. However, if fragments are out of order, then theywill suffer some latency and packet loss during reassembly. [PR/240019: Thisissue has been resolved.]

■ When using file copy FTP, the IP address specified as the source address is notused for establishing a connection with the peer FTP server. [PR/240580: Thisissue has been resolved.]

■ When graceful switchover and RLSQ interfaces are configured, the kernelgenerates a core file on the backup Routing Engine (RE) with the error message

Previous Releases ■ 53

Previous Releases

"panicstr: rnh_index_alloc: nhindex 116435 could not be allocated." [PR/241502:This issue has been resolved.]

■ When an unnumbered Ethernet interface has a loopback address as a donor andif the address configured on the loopback is a subnet address, a ping to thesubnet address does not work. [PR/253804: This issue has been resolved.]

■ In some situations, the interface counter account doubles the number of packets.[PR/253946: This issue has been resolved.]

■ The clear arp command does not function for logical routers. [PR/253957: Thisissue has been resolved.]

■ The show arp command does not function for logical routers. [PR/253958: Thisissue has been resolved.]

■ A router running multicast over aggregate SONET or aggregate Ethernet interfacescould experience a Packet Forwarding Engine crash when a constituent linkflaps. [PR/257691: This issue has been resolved.]


■ If you use telnet to connect to the JUNOScript Perl module, the connection failsif the password or login name includes special characters. [PR/241236: This issuehas been resolved.]

■ Certain JUNOScope wizards (devices, groups, users, schedules, and RADIUSconfiguration ) do not work with Netscape 7.0. The workaround is to use Netscape6.2. [PR/260326: This issue has been resolved.]


■ If a low-speed bundle is congested, the jitter for link fragmentation andinterleaving (LFI) traffic is high even though fragmentation is configured forMultilink Point-to-Point Protocol traffic. [PR/77862: This issue has been resolved.]

■ If you clear IPv6 statistics, deactivate IPv6 route accounting at the [editforwarding-options family inet6 route-accounting] hierarchy level, and resume IPv6traffic across an interface, the "Input bytes" and "Input packets" fields in theoutput of the show interfaces extensive command might display incorrect values.[PR/99461: This issue has been resolved.]

■ On the M120 and MX-series platforms and the M320 Enhanced III FPCs only,forwarding IPv6 transit packets might stop transmitting traffic but still be ableto receive traffic. All packets going out this interface will be dropped. To recover,reboot the FPC on M320 platforms, the DPC on the MX-series, or the FEB on theM120 platform. There is no workaround. [PR/105266: This issue has beenresolved.]

■ For Gigabit Ethernet interfaces on J-series Services Routers, the link-mode andspeed statements at the [edit interfaces ge-fpc/pic/port] hierarchy level aremutually dependent; that is, if you include one, you must include the other. Ifyou do not, the interface process generates a warning and uses autonegotiatedvalues. For Gigabit Ethernet interfaces on other routing platform types, the speedstatement is not available, so including the link-mode statement alone is valid.Nevertheless, the interface process writes the following message to its log and

54 ■ Previous Releases


the system log: "Speed and linkmode duplex settings are mutually required."(Note further that the ink-mode statement is actually nonoperational onnon-J-series routing platforms, because the only valid value for it is the default,full-duplex.) [PR/228857: This issue has been resolved.]

■ The "accept data" warning message for VRRP might not correctly display thelogical unit identifier. [PR/236135: This issue has been resolved.]

■ When a PIC detachment process takes a long time for an IQ2 PIC (for example,when a large number of route updates are triggered after an IQ2 PIC is broughtoffline), the PIC chassis process (pic-chassisd) connection might not be closedproperly. [PR/239944: This issue has been resolved.]

■ On the J4350 and J6350 Services Routers, the show chassis interfaces extensivecommand does not display "Carrier Transitions" and certain other statisticsproperly. [PR/241086: This issue has been resolved.]

■ Padded MPLS-encapsulated IPv4 packets that exit an LSP can cause the egressinterface to stop forwarding packets. This can happen when the router isconfigured as a VPN PE, or when the router is the penultimate node of an LSP.The problem only occurs when the packet has been padded to meet the minimumLayer 2 frame size (for example, Ethernet media require frames to be a minimumof 64 bytes long). This issue is applies to the M120 and MX-series platforms andto the M320 Enhanced III FPCs. To recover, reboot the FPC on the M320, theDPC on the MX-series, or the FEB on M120 routing platforms. [PR/251042: Thisissue has been resolved.]

■ The ATM PIC driver might not always use the minimum port shaping rate (of allthe ports on a multiport ATM DS3 or E3 PIC) selected for cell transmissionshaping, in situations where the DS3 or E3 port parameters are not identical onall ports of a multiport ATM DS3 or E3 PIC. The PIC shaping rate is always updatedto conform to the last port setting updated by the PIC software driver, ratherthan using the minimum port (shaping) rate. There is no syslog message toinform the user of the shaping rate decision applied by the software driver.[PR/252837: This issue has been resolved.]

■ On the J-series Services Routers, on 4-port Fast Ethernet Enhanced PhysicalInterface Modules (ePIMs), interfaces might stop working correctly and lock upa port when operating in half-duplex mode. As a workaround, hard code thelink-speed and link-mode to 100m full duplex. [PR/253329: This issue has beenresolved.]

■ When you configure a logical interface with encapsulation ether-vpls-over-atm-llc,the packets destined for to the Routing Engine are dropped by the PacketForwarding Engine. [PR/255713: This issue has been resolved.]

■ When a Routing Engine assumes mastership, it attempts to reconnect to thePacket Forwarding Engine. The Packet Forwarding Engine sends all theinformation to the master Routing Engine. The new master Routing Engine then


Previous Releases

attempts to retrieve SFP information from the PIC, but the PIC fails to send it.[PR/256032: This issue has been resolved.]

■ On a M40e router with 4 MS-100 PICs and 4 ChOC12s, the SONET interfacemight display remote defect indication (RDI) or alarm indication signal (AIS)alarms when the router is rebooted. [PR/257419: This issue has been resolved.]

■ When both PIM and OSPF are configured on an IQ2 PIC, OSPF may loseadjacency if protocol PIM is removed. [PR/257848: This issue has been resolved.]

■ After a graceful Routing Engine switchover on the M10i router, alarms might notresynchronize to the new primary Routing Engine. [PR/258034: This problemhas been resolved.]

■ On an MX-series router with a 4-port Gigabit Ethernet DPC, when you configureasynchronous notification, it does not function properly. [PR/259304: This issuehas been resolved.]

■ On the J2320 and J2350 series Services Routers, Gigabit Ethernet interfacessometimes stop transmitting the packets if Transmit Descriptors are not updatedwith Transmit Done status properly. To work around this issue, restart pic 0.[PR/261010: This problem is resolved.]


■ When you configure twice NAT with static source and static destinationtranslation, the destination port for ICMP flows might change (the ports aresupposed to remain unchanged). [PR/96701: This issue has been resolved.]

■ If Network Address Port Translation (NAPT) is configured and multiple short-livedflows are established, ports on AS PICs might not be assigned correctly. In somecases, this situation causes the AS PIC to stop functioning. [PR/229287: Thisissue has been resolved.]

■ On the MultiServices 400 PIC, a memory warning flag might be set even withlow traffic rates. [PR/251908: This issue has been resolved.]

■ The show services pgcp active-configuration command does not display byte unitsfor the "MG maximum PDU size" and "MGC maximum PDU size" output fields.[PR/256801: This issue has been resolved.]

Routing Protocols

■ Trace pointers for some BGP tasks were not updated on reconfiguration.[PR/69321: This issue has been resolved.]

■ The show pim source does not display the correct information for both direct andnon-direct sources. [PR/253629: This issue has been resolved.]

■ PIM anycasts do not work when the source is connected to the Rendezvous Pointrouter. [PR/256637: This issue has been resolved.]

■ Route target filtering breaks when the last community received is withdrawn,because the route-filtering logic is being bypassed. Absence of any route target

56 ■ Previous Releases


received from the peer is being treated as if 0/0 default was received from thepeer. [PR/257011: This issue has been resolved.]

■ The show multicast snooping route bridge-domain name source-prefix prefix/lengthcommand causes the multicast snooping process (mcsnoopd) to stop functioning.The workaround is not to use the source-prefix option. [PR/257788: This issuehas been resolved.]

■ The routing processes can generate nonfatal core dumps. [PR/258134: This issuehas been resolved.]

■ Deconfiguration of a routing instance on a router configured with uRPF maycause the routing process to restart. [PR/259727: This issue has been resolved.]

MPLS Applications

■ A router configured with a point-to-multipoint transmit-switch connection mightstop functioning if the transmit label-switched path of the connection flaps.[PR/229175: This issue has been resolved.]

■ You might encounter an interoperability issue when Cisco IOS-XR or IOS includesthe node-id sub-object as part of the RRO in Reservation messages. The JUNOSsoftware is unable to find the next-next-hop router's interface address to signala node-protecting bypass LSP. [PR/237491: This issue has been resolved.]

■ MVPN P2MP deactivation of a vt interface in a particular VPN, say VPN-A onreceiver PE, affects multicast traffic forwarding in other VPNs for a few seconds.This issue is also experienced during the activate sequence of the vt interface inVPN-A. [PR/252697: This issue has been resolved.]

■ If an MPLS LSP configured with fast reroute is not advertised into the IGP, thatLSP might reuse an old unicast list and cause traffic drops. [PR/253352: Thisissue has been resolved.]

■ If the authentication method for a LDP session is changed from usingauthentication-key to using authentication-key-chain or vice-versa, other unrelatedLDP sessions may flap in addition to the affected LDP session flapping.[PR/258395: This issue has been resolved.]

■ If there are many LSP flaps, used for the p2mp-receive-switch, and gracefulrestart is enabled, the interface might stop forwarding traffic. To recover,deactivate and then activate the protocol connection p2mp-receive-switchconfiguration. As a workaround, disable graceful restart. [PR/264930: This issuehas been resolved.]

VPNs

■ When configuring multicast VPN for point to multipoint, the tunnel-limit statementfor dynamic selective provider tunnels is not functioning. [PR/250701: This issuehas been resolved.]

■ A receiver directly attached over an Ethernet connection to a sender PE configuredwith multicast VPN over point-to-multipoint fails to receive multicast traffic. Nosuch issue is observed when the receiver is connected over a SONET or ATMlink. [PR/252314: This issue has been resolved.]


Previous Releases

■ When you configure the vlan-tags statement under routing instances for a VPLSor a virtual switch instance, the JUNOS software might produce commit checkerror messages. The workaround is to use the vlan-tags statement in theconfiguration for interfaces only. [PR/256958: This issue has been resolved.]

Class of Service

■ On the M320 and T-series routing platforms, when you map multiple forwardingclasses to the same queue and then include the multiple of those definitions inthe scheduler map, the configuration might fail. [PR/103370: This issue has beenresolved.]

■ The behavior aggregate (BA) classifier is not applied to a logical interfaceconfigured with the encapsulation ether-over-atm-llc statement. [PR/255742: Thisissue has been resolved.]

■ For IQ PICs on the M-series and T-series routers and Enhancing Queueing DPCson the MX-series routers, when you configure a scheduler map with a queueconfigured with priority strict-high, in certain situations such as when a PIC isbounced, the incorrect queue buffer might be calculated. [PR/256263: This issuehas been resolved.]

■ When a PIC goes offline and then online, the following message might displayon the Packet Forwarding Engine console: “cosman_compute_mad_state: Noifd for ifd_index <ifd index value>.” The message does not indicate any effecton the operation of the router unless a temporal or delay buffer configuration ispresent on the router.[PR/257814: This issue has been resolved.]

■ If you configure a traffic shaper of over 75 MB on a Gigabit Ethernet interface,its overall throughput might decrease. For Gigabit Ethernet interfaces, configureshapers with a size of less than 75 MB. [PR/257951: This issue has been resolved.]


■ If you configure a policer with a burst size limit larger than 67 MB, interfaces towhich the policer is applied might not forward traffic. On some platforms thelimit is higher, and the limit also depends on the available bandwidth. [PR/99758:This issue has been resolved.]

■ Firewall filter source-address match sometimes does not function properlybecause of corner cases during firewall optimization. The workaround is torearrange the term order of the filter. [PR/262491: This issue has been resolved.]

Network Management

■ When you configure an SNMP client list with a logical router, clients are notrestricted. [PR/254574: This issue has been resolved.]

Errata

This section lists outstanding issues with the documentation.

58 ■ Errata



■ J-Web Quick Configuration pages do not support IPv6 addressing and routing.[J-series Basic Configuration]

■ The new bridge option to the show system statistics command displays systemstatistics on MX-series routers. The option is not documented in the System Basicsand Services Command Reference.

■ The new static-mac statement at the [edit routing-instances instance-name protocolsl2vpn site site-name interface interface-name] and [edit routing-instancesinstance-name protocols vpls site site-name interface interface-name] is notdocumented in the JUNOS VPNs Configuration Guide.

■ The documentation incorrectly states the following: "The JUNOS software savesthe current core file (0) and the four previous core files, which are numbered 1through 4 (from newest to oldest)." In reality, when you observe the output ofthe show system core-dumps command after five or more core dumps, the .0 fileis the oldest while the .4 file is the newest and is overwritten each time a newcore dump file is generated. [System Basics]


■ To display the FRU model number, part number, and serial number, issue theshow chassis hardware models command. To display the FRU model number,part number, and CLEI code, issue the show chassis hardware clei-modelscommand. [System Basics and Services Command Reference]

■ FRF.12 is supported on link services (ls-) interfaces on the J-series routingplatform. [Services Interfaces]

■ The drop-and-insert multiplexer is now integrated into channelized T1/E1 PIMson J-series Services Routers. The data-input (system | interface interface-name)statement at the [edit interfaces ds-pim/0/port:channel] hierarchy level is notdocumented in the JUNOS Network Interfaces Configuration Guide.

■ IP address definition for the master Routing Engine—Enables you to configurea management IP address so that it is always used by the master Routing Engine,even in the case of a failover event. To configure this feature, include themaster-only statement at the [edit interfaces fxp0 unit logical-unit-number familyinet address ip-address] hierarchy level on the master Routing Engine. [NetworkInterfaces Configuration Guide]

General Routing

■ The manuals currently state that only the following routing platforms supportGRES for VPLS: M10i, M20, M40e, M320, T320, and T640. The TX Matrix routingplatform also supports GRES for VPLS. [System Basics, Feature Guide, VPNs]

■ Nonstop routing for BGP is supported for unicast IPv4 and IPv6 only. If any otheraddress family type is configured, the BGP session will not be maintained duringa Routing Engine switchover. [High Availability]

Errata ■ 59

Errata

Routing Protocols



■ To configure the Link Aggregation Control Protocol (LACP), include the lacpstatement at the [edit protocols] hierarchy level. [Network Interfaces ConfigurationGuide]

■ To configure Layer 2 control protocol features, include the layer2-control statementat the [edit protocols] hierarchy level. [Routing Protocols Configuration Guide]

■ When you specify the same AS number in more than one routing instance onthe local router, you must configure the same number of loops for the AS numberin each instance. For example, if you configure a value of 3 for the loopsstatement in a VRF routing instance that uses the same AS number as that ofthe master instance, you must also configure a value of 3 loops for the AS numberin the master instance. Include the loops statement at the [edit routing-optionsautonomous-system number number]hierarchy level. In addition, you must includethe independent-domain statement if the loops statement must be enabled onlyon a subset of routing instances. [Routing Protocols Configuration Guide]

MPLS Applications

■ Inter-AS traffic engineering (Phase 2) enables traffic-engineered MPLS LSPs todynamically discover OSPF autonomous system boundary routers (ASBRs) andenables routers to establish a traffic-engineered LSP across multiple autonomoussystems (ASs). Each AS is assumed to be under the control of a single serviceprovider and to use OSPF. To configure traffic engineering across multiple ASsusing OSPF, include the traffic-engineering statement at the [edit protocols(ospf | ospf3) area area-id interface interface-name passive] hierarchy level. [MPLSApplications]

VPNs

■ The LDP BGP VPLS Interworking feature is currently supported only on MX-seriesand M320 routers. The JUNOS VPNs Configuration Guide and JUNOS FeatureGuide do not list this limitation. [VPNs, Feature Guide]

60 ■ Errata


■ The statement hierarchy for the vpls statement shown in the “Configuring the VPLSRouting Instance” section includes an extraneous bracket character (}). The correctedstatement hierarchy is as follows:

vpls {active-inteface {

any;primary interface-name;

}interface-mac-limit limit;mac-table-size size;neighbor neighbor-id;no-tunnel-services;site site-name {

active-interface {any;primary interface-name;

}interface interface-name {

interface-mac-limit limit;}multi-homing;site-identifier identifier;site-preference preference-value;

}site-range number;traceoptions {

file filename <replace> <size size> <files number> <no-stamp>;flag flag <flag-modifier> <disable>;

}tunnel-services {

devices device-names;primary primary-device-name;

}vpls-id vpls-id;

}

[VPNs]

Class of Service

■ As stated in the documentation, you can selectively set the DSCP field of IPv4and IPv6 packets to 0 without affecting output queue assignment, and continueto set the MPLS EXP field according to the configured rewrite table, based onforwarding classes. This feature is not supported with GRE and IP-IP tunnels.The documentation incorrectly implies that you can use the dscp 0 action modifierto set the DSCP field of IPv4 and IPv6 packets to 0. For IPv4 traffic, the dscp0Service action modifier at the [edit firewall family inet filter filter-name termterm-name then] hierarchy level is valid. However, for IPv6 traffic, you configurethis feature by including the traffic-class 0 action modifier at the [edit firewallfamily inet6 filter filter-name term term-name then] hierarchy level. [CoS]

■ For IQ2 PICs running JUNOS software 8.3, 8.4, and 8.5, the rate-limit option forthe transmit-rate statement has nothing to do with congestion. The rate-limit isa simple single-rate two-color policer placed on the egress queue. [Class of Service]

Errata ■ 61

Errata

Network Management

■ In the description for the request snmp spoof-trap command, the description forthe trap option incorrectly states that the asterisk (*) can be used to spoof alltraps. [System Basics and Services Command Reference]

M-series, MX-series, and T-series Upgrade and Downgrade Instructions

This section discusses the following topics:

■ Upgrade to Release 9.0 on page 62

■ Upgrade for a Routing Matrix on page 64

■ Downgrade from Release 9.0 on page 64

Upgrade to Release 9.0

When upgrading or downgrading the JUNOS software, always use the jinstall package.Use other packages (such as the jbundle package) only when so instructed by a JuniperNetworks support representative. For information about the contents of the jinstallpackage and details of the installation process, see the JUNOS Software Installationand Upgrade Guide.

NOTE: Before upgrading, back up the file system and the currently active JUNOSconfiguration so that you can recover to a known, stable environment in case theupgrade is unsuccessful. Issue the following command:

user@host> request system snapshot

The installation process rebuilds the file system and completely reinstalls the JUNOSsoftware. Configuration information from the previous software installation is retained,but the contents of log files might be erased. Stored files on the routing platform,such as configuration templates and shell scripts (the only exceptions are thejuniper.conf and ssh files) may be removed. To preserve the stored files, copy themto another system before upgrading or downgrading the routing platform. For moreinformation, see the JUNOS System Basics Configuration Guide.

62 ■ M-series, MX-series, and T-series Upgrade and Downgrade Instructions


The download and installation process for JUNOS Release 9.0R2 is the same as forprevious JUNOS releases.

If you are not familiar with the download and installation process, follow these steps:

1. Using a Web browser, follow the links to the download URL on the JuniperNetworks Web page. Choose either Canada and U.S. Version or WorldwideVersion:

■ https://www.juniper.net/support/csc/swdist-domestic/ (customers in the UnitedStates and Canada)

■ https://www.juniper.net/support/csc/swdist-ww/ (all other customers)

2. Log in to the Juniper Networks authentication system using the username(generally your e-mail address) and password supplied by Juniper Networksrepresentatives.

3. Download the software to a local host.

4. Copy the software to the routing platform or to your internal software distributionsite.

5. Install the new jinstall package on the routing platform.

NOTE: We recommend that you upgrade all software packages out-of-band usingthe console because in-band connections are lost during the upgrade process.

Customers in the United States and Canada use the following command:

user@host> request system software add validate rebootsource/jinstall-9.0R2.10-domestic-signed.tgz

All other customers use the following command:

user@host> request system software add validate rebootsource/jinstall-9.0R2.10-export-signed.tgz

Replace source with one of the following values:

■ /pathname—For a software package that is installed from a local directoryon the router.

■ For software packages that are downloaded and installed from a remotelocation:

■ ftp://hostname/pathname

■ http://hostname/pathname

■ scp://hostname/pathname (available only for Canada and U.S. version)

The validate option validates the software package against the currentconfiguration as a prerequisite to adding the software package to ensure thatthe router reboots successfully. This is the default behavior when the softwarepackage being added is a different release.

M-series, MX-series, and T-series Upgrade and Downgrade Instructions ■ 63

M-series, MX-series, and T-series Upgrade and Downgrade Instructions

https://www.juniper.net/support/csc/swdist-domestic/

https://www.juniper.net/support/csc/swdist-ww/

Adding the reboot command reboots the router after the upgrade is validatedand installed. When the reboot is complete, the router displays the login prompt.The loading process can take 5 to 10 minutes.

Rebooting occurs only if the upgrade is successful.

NOTE: After you install a JUNOS 9.0 jinstall package, you cannot issue the requestsystem software rollback command to return to the previously installed software.Instead you must issue the request system software add validate command and specifythe jinstall package that corresponds to the previously installed software.

Upgrade for a Routing Matrix

By default, when you upgrade software on the TX Matrix platform, the new imageis loaded onto the TX Matrix platform and distributed to all T640 routing nodes inthe routing matrix. To upgrade software for the entire routing matrix, issue therequest system software add command:

user@router> request system software addjbundle-7.0-20040705.0-domestic-signed.tgz

When you complete the software installation and reboot the TX Matrix platform, allT640 routing nodes also reboot and all devices in the routing matrix execute the newsoftware.

To upgrade the backup Routing Engines, log in to the backup Routing Engine on theTX Matrix platform before you issue the request system software add command.You can also update the software on the TX Matrix platform only or on a specificT640 routing node as needed by including the lcc or scc option.

NOTE: The master Routing Engines in all components of a routing matrix must runthe same version of software in order to operate. As a result, we recommend thatyou upgrade all components simultaneously and upgrade individual componentsonly in rare cases.

Downgrade from Release 9.0

To downgrade from Release 9.0 to another supported release, follow the procedurefor upgrading, but replace the 9.0 jinstall package with one that corresponds to theappropriate release.

NOTE: You cannot downgrade more than three releases. For example, if your routingplatform is running JUNOS Release 7.5, you can downgrade the software toRelease 7.2 directly, but not to Release 7.1; as a workaround, you can first downgradeto Release 7.2 and then downgrade to Release 7.1.

64 ■ M-series, MX-series, and T-series Upgrade and Downgrade Instructions


For more information, see the JUNOS System Basics Configuration Guide.

■ For M-series, MX-series, and T-series routing platforms, you must perform theupgrade using the jinstall package.

■ For all routing platforms, when upgrading from JUNOS Release 8.2 or below,you must use the no-validate option when you issue the request system softwareadd command to perform the upgrade.

J-series Upgrade and Downgrade Instructions

In JUNOS Release 8.5, the JUNOS software was extended to use FreeBSD version6.1. As a result, the following requirements apply when you upgrade your router toJUNOS Release 8.5 and later:

■ To upgrade with the JUNOS CLI, the minimum requirement for installation media(such as a compact flash disk, internal flash disk, or PC card) is 256 MB. To usethe J-Web interface for an upgrade, you must have 512 MB or more.

■ For J-series Services Routers with a 256-MB compact flash:

■ You must perform the upgrade with the CLI. Do not use the J-Web interfacefor the upgrade.

■ Before upgrading to this release, see the important information in “SpecialInstructions for J-series Routers with a 256-MB Compact Flash” on page 72.

■ When upgrading from JUNOS Release 8.2 or earlier, upgrade to an interim JUNOSRelease 8.3 or later first. (Alternatively, you can use the no-validate option withthe request system software add command, but we do not recommend thisupgrade method.)

If the router is running a software version earlier than JUNOS Release 7.2R3 or 7.3R2,you might need to upgrade to one of these interim software releases before you canupgrade to JUNOS Release 8.3 or later.

This section contains the following topics:

■ Upgrade and Downgrade Overview on page 66

■ Before You Begin on page 67

■ Downloading Software Upgrades from Juniper Networks on page 67

■ Installing Software Upgrades with the J-Web Interface on page 68

■ Installing Software Upgrades with the CLI on page 69

■ Downgrade Instructions on page 71

■ Special Instructions for J-series Routers with a 256-MB Compact Flash on page 72

■ Cleaning Up Files on page 73

■ Verifying Available Compact Flash Space on page 73

■ Increasing the Compact Flash Space on page 74

J-series Upgrade and Downgrade Instructions ■ 65


Upgrade and Downgrade Overview

Typically, you upgrade the JUNOS software on a Services Router by downloading aset of images onto your router or onto another system on your local network, suchas a PC. You then uncompress the package and install the uncompressed softwareusing the CLI. Finally, you boot your system with this upgraded device.

A JUNOS software package is a collection of files that make up a software component.You can download software packages either for upgrading JUNOS software or forrecovering a primary compact flash.

All JUNOS software is delivered in signed packages that contain digital signatures,Secure Hash Algorithm (SHA-1) checksums, and Message Digest 5 (MD5) checksums.For more information about JUNOS software packages, see the JUNOS SoftwareInstallation and Upgrade Guide.

Upgrade Software Packages

Download an upgrade software package, also known as an install package, to installnew features and software fixes as they become available.

An upgrade software package name is in the following format:package-name-m.nZx-distribution.tgz.

■ package-name is the name of the package—for example, junos-jseries.

■ m.n is the software release, with m representing the major release number—forexample, 8.0.

■ Z indicates the type of software release. For example, R indicates releasedsoftware, and B indicates beta-level software.

■ x represents the version of the major software release—for example, 2.

■ distribution indicates the area for which the software package isprovided—domestic for the United States and Canada and export for worldwidedistribution.

A sample J-series upgrade software package name is junos-jseries-8.0R2-domestic.tgz.

Recovery Software Packages

Download a recovery software package, also known as an install media package, torecover a primary compact flash device.

66 ■ J-series Upgrade and Downgrade Instructions


A recovery software package name is in the following format:package-name-m.nZx-export-cfnnn.gz.

■ package-name is the name of the package—for example, junos-jseries.

■ m.n is the software release, with m representing the major release number—forexample, 8.0.

■ Z indicates the type of software release. For example, R indicates releasedsoftware, and B indicates beta-level software.

■ x represents the version of the major software release—for example, 2.

■ export indicates that the recovery software package is the exported worldwidesoftware package version.

■ cfnnn indicates the size of the target compact flash device in megabytes—forexample, cf256.

A sample J-series recovery software package name isjunos-jseries-8.0R2-export-cf256.gz.

Before You Begin

Before upgrading, be sure to back up the currently running and active file systemand configuration so that you can recover to a known, stable environment in casethe upgrade is unsuccessful. To back up the file system, you must have a removablecompact flash disk installed on a J4300 or J6300 Services Router, or a USB driveinstalled on any J-series Services Router. The backup device must have a storagecapacity of at least 256 MB.

To back up the file system to the removable compact flash disk, issue the followingcommand:

user@host> request system snapshot media removable-compact-flash

To back up the file system to the removable USB drive, issue the following command:

user@host> request system snapshot media usb

Downloading Software Upgrades from Juniper Networks

Follow these steps to download software upgrades from Juniper Networks:

1. Using a Web browser, follow the links to the download URL on the JuniperNetworks Web page. Depending on your location, select either Canada and U.S.Version or Worldwide Version:

■ https://www.juniper.net/support/csc/swdist-domestic/ (customers in the UnitedStates and Canada)

■ https://www.juniper.net/support/csc/swdist-ww/ (all other customers)

2. Log in to the Juniper Networks Web site using the username (generally youre-mail address) and password supplied by Juniper Networks representatives.



https://www.juniper.net/support/csc/swdist-domestic/

https://www.juniper.net/support/csc/swdist-ww/

3. Using the J-Web interface or the CLI, select the appropriate junos-j-series softwarepackage for your application. For information about JUNOS software packages,see “Upgrade and Downgrade Overview” on page 66.

4. Download the software to a local host or to an internal software distribution site.

NOTE: For downloads to J-series Services Routers with a 256-MB compact flash, see“Special Instructions for J-series Routers with a 256-MB Compact Flash” on page 72.

Installing Software Upgrades with the J-Web Interface

If your router has at least a 512-MB compact flash, you can use the J-Web interfaceto install software upgrades from a remote server using FTP or HTTP, or by uploadingthe software image to the router. This section contains the following topics:

■ Installing Software Upgrades from a Remote Server on page 68

■ Installing Software Upgrades by Uploading Files on page 69

Installing Software Upgrades from a Remote Server

If your router has at least a 512-MB compact flash, you can use the J-Web interfaceto install software packages on the router that are retrieved with FTP or HTTP fromthe location specified.

To install software upgrades from a remote server:

1. Download the software package as described in “Downloading Software Upgradesfrom Juniper Networks” on page 67.

2. In the J-Web interface, select Manage>Software>Install Package.

3. On the Install Package page, enter information into the fields described inTable 2 on page 68.

4. Click Fetch and Install Package. The software is activated after the router hasrebooted.

Table 2: Install Package Summary

Your ActionFunctionField

Type the full address of the software packagelocation on the FTP or HTTP server—one of thefollowing:

ftp://hostname/pathname/package-namehttp://hostname/pathname/package-name

Specifies the FTP or HTTP server, file path, andsoftware package name.

Package Location(required)

Type the username.Specifies the username, if the server requiresone.

User



Table 2: Install Package Summary (continued)


Type the password.Specifies the password, if the server requiresone.

Password

Check the box if you want the router to rebootautomatically when the upgrade is complete.

If this box is checked, the router isautomatically rebooted when the upgrade iscomplete.

Reboot If Required

Installing Software Upgrades by Uploading Files

If your router has at least a 512-MB compact flash, you can use the J-Web interfaceto install software packages uploaded from your computer to the router.

To install software upgrades by uploading files:

1. Download the software package as described in “Downloading Software Upgradesfrom Juniper Networks” on page 67.

2. In the J-Web interface, select Manage>Software>Upload Package.

3. On the Upload Package page, enter information into the fields described inTable 3 on page 69.

4. Click Upload Package. The software is activated after the router has rebooted.

Table 3: Upload Package Summary


Type the location of the software package, or clickBrowse to navigate to the location.

Specifies the location of the softwarepackage.

File to Upload (required)

Select the check box if you want the router to rebootautomatically when the upgrade is complete.

If this box is checked the router isautomatically rebooted when the upgrade iscomplete.

Reboot If Required

Installing Software Upgrades with the CLI

You can use the CLI to install software upgrades from a remote server using FTP orby downloading the software image to the router. If your router has a 256-MB compactflash, see “Special Instructions for J-series Routers with a 256-MB CompactFlash” on page 72.


■ Installing Software Upgrades by Downloading Files on page 70

■ Installing Software Upgrades from a Remote Server on page 70



Installing Software Upgrades by Downloading Files

To install software upgrades by downloading files to the router:

1. Download the JUNOS software package to the router using the followingcommand:

user@host> file copy source destination

Replace source with one of the following paths:

■ ftp://hostname/pathname/package-name

or

■ http://hostname/pathname/package-name

Replace destination with the path to the destination directory on the router. Werecommend the /var/tmp directory.

If you had configured the unused swap partition using the upgrade-helper script(as described in “Configuring the Unused Swap Partition” on page 75), makesure to copy the software package to the /var/tmp/upgrade directory.

2. Install the new package on the Services Router, entering the following commandin operational mode in the CLI:

user@host> request system software add validate unlink no-copy source

Replace source with /pathname/package-name (for example,/var/tmp/junos-jsr-8.5R2.1.tar.gz).

By default, the request system software add command uses the validate optionto validate the software package against the current configuration as a prerequisiteto adding the software package. This validation ensures that the router can rebootsuccessfully after the software package is installed. This is the default behaviorwhen you are adding a software package.

The unlink option removes the package at the earliest opportunity so that therouter has enough room to complete the installation.

(Optional) The no-copy option specifies that a software package is installed, buta copy of the package is not saved. Include this option if you do not have enoughspace on the compact flash to perform an upgrade that keeps a copy of thepackage on the router.

3. After the software package is installed, reboot the router:

user@host> request system reboot

When the reboot is complete, the router displays the login prompt.

Installing Software Upgrades from a Remote Server

To install the software upgrades from a remote server:



1. Install the JUNOS software package on the Services Router, entering the followingcommand in operational mode in the CLI:

user@host> request system software add validate unlink no-copy source

Replace source with one of the following paths:

■ ftp://hostname/pathname/package-name

or

■ http://hostname/pathname/package-name

By default, the request system software add command uses the validate optionto validate the software package against the current configuration as a prerequisiteto adding the software package. This validation ensures that the router can rebootsuccessfully after the software package is installed. This is the default behaviorwhen you are adding a software package.

The unlink option removes the package at the earliest opportunity so that therouter has enough room to complete the installation.

(Optional) The no-copy option specifies that a software package is installed, buta copy of the package is not saved. Include this option if you do not have enoughspace on the compact flash to perform an upgrade that keeps a copy of thepackage on the router.

2. After the software package is installed, reboot the router:


When the reboot is complete, the router displays the login prompt.

Downgrade Instructions


■ Downgrading the Software with the J-Web Interface on page 71

■ Downgrading the Software with the CLI on page 72

NOTE: Juniper Networks supports direct software downgrades for a maximum ofthree releases. For example, if your routing platform is running JUNOS Release 7.6,you can typically downgrade without problems to Release 7.3. If you attempt todowngrade more than three releases and validation of your configuration fails, werecommend downgrading to an intermediate release first before downgrading to thedesired release.

Downgrading the Software with the J-Web Interface

You can downgrade the software from the J-Web interface. For the changes to takeeffect, you must reboot the router.



To downgrade software:

1. In the J-Web interface, select Manage>Software>Downgrade. The image ofthe previous software version (if any) is displayed on this page.

NOTE: After you perform this operation, you cannot undo it.

2. Select Downgrade to downgrade to the previous version of the software or Cancelto cancel the downgrade process.

3. When the downgrade process is complete, for the new software to take effect,select Manage>Reboot from the J-Web interface to reboot the router.

After you downgrade the software, the previous release is loaded, and you cannotreload the running version of software again. To downgrade to an earlier version ofsoftware, follow the procedure for upgrading, using the JUNOS software image labeledwith the appropriate release.

Downgrading the Software with the CLI

You can revert to the previous version of software using the request system softwarerollback command in the CLI. For the changes to take effect, you must reboot therouter. To downgrade to an earlier version of software, follow the procedure forupgrading, using the JUNOS software image labeled with the appropriate release.

To downgrade software with the CLI:

1. Enter the request system software rollback command to return to the previousJUNOS software version:

user@host> request system software rollback

The previous software version is now ready to become active when you nextreboot the router.

2. Reboot the router:


The router is now running the previous version of the software. To downgrade to anearlier version of software, follow the procedure for upgrading, using the JUNOSsoftware image labeled with the appropriate release.

Special Instructions for J-series Routers with a 256-MB Compact Flash

J-series Services Routers with a 256-MB compact flash might need more flash memoryspace for an upgrade.

To provide enough space for an upgrade:

■ Clean up files on the router (see “Cleaning Up Files” on page 73).



■ Verify the available compact flash space (see “Verifying Available Compact FlashSpace” on page 73).

■ If required, increase the compact flash space, (see “Increasing the Compact FlashSpace” on page 74).

Cleaning Up Files

To clean up files, you use CLI commands to delete the backup software image, rotatelog files, and remove other unnecessary files.

When you upgrade software on the router, it creates a backup image of the softwarethat was previously installed. To create enough space on a 256-MB compact flashfor an upgrade, use the request system software delete backup command to deletethis image. In addition, use the request system storage cleanup command to rotatelog files and delete unnecessary files.

NOTE: To review the list of files that can be deleted without actually deleting files,you can use the request system storage cleanup dry-run command.

To delete the backup software image, rotate log files, and delete unneeded files:

1. From operational mode in the CLI, enter the following command:

user@host> request system software delete backup

2. Enter yes when prompted:

Delete backup system software package [yes,no] (no) yes

3. Enter the following command:

user@host> request system storage cleanup

The router rotates log files and displays the files that you can delete.

4. Enter yes at the prompt to delete the files.

5. Delete any files that you created by entering the following command:

user@host> file delete filename

Replace filename with the name of the file or directory to delete.

6. Verify that you have enough space on the compact flash to successfully upgrade(see “Verifying Available Compact Flash Space” on page 73).

Verifying Available Compact Flash Space

Before you start the upgrade, verify that you have enough space on the compactflash to successfully upgrade.



To see how much space is available on the compact flash, use the CLI operationalmode command show system storage:

user@host show system storageFilesystem Size Used Avail Capacity Mounted on/dev/ad0s1a 213M 119M 92M 57% /devfs 1.0K 1.0K 0B 100% /devdevfs 1.0K 1.0K 0B 100% /dev//dev/md0 155M 155M 0B 100% /junos/cf 213M 119M 92M 57% /junos/cfdevfs 1.0K 1.0K 0B 100% /junos/dev/procfs 4.0K 4.0K 0B 100% /proc/dev/bo0s1e 24M 16K 24M 0% /config/dev/md1 168M 7.2M 147M 5% /mfs/dev/md2 58M 42K 53M 0% /jail/tmp/dev/md3 7.7M 100K 7.0M 1% /jail/var/etcdevfs 1.0K 1.0K 0B 100% /jail/dev/dev/md4 1.9M 6.0K 1.7M 0% /jail/html/oem

The show system storage command output displays information about the root filesystem on the compact flash on the line that contains only a forward slash (/) in theMounted on column. In this example, the compact flash has 92 MB of available space.

If the show system storage command output displays:

■ Available compact flash space—135 MB or more. See “Installing SoftwareUpgrades with the CLI” on page 69 to proceed with the upgrade.

■ Available compact flash space—less than 135 MB. See “Increasing the CompactFlash Space” on page 74 to increase the compact flash space.

Increasing the Compact Flash Space

NOTE: On J-series Services Routers running JUNOS Release 8.2 or later, you can nolonger specify the internal compact flash as the medium used to store system softwarefailure memory snapshots when using the set system dump-device CLI command.For J4350 or J6350 Services Routers, you need to specify a USB storage device (usboption) as the medium. For J2320 and J2350 Services Routers, you can specify a USBstorage device (usb option) or the external compact flash (removable-compact-flashoption) as the medium.

To increase the compact flash space:

■ If you have physical access to the router, remove the swap partition (see“Removing the Swap Partition” on page 75).

■ If you do not have physical access to the router, download the upgrade-helperscript to configure the unused swap partition (see “Configuring the Unused SwapPartition” on page 75).



Removing the Swap Partition

To remove the swap partition:

1. Insert a Juniper Networks-supported 256-MB USB storage device into an availableUSB port of the Services Router to be upgraded.

2. From operational mode in the CLI, enter the following command:

user@host> request system snapshot as-primary partition swap-size 0 mediausb


user@host> request system reboot media usb

This command reboots the router and boots from the USB storage device withthe original configuration file intact. After rebooting, the router is online anduses the configuration file as the running configuration.


user@host> request system snapshot as-primary partition swap-size 0 mediacompact-flash

This command repartitions the internal compact flash so that it has no swappartition.


user@host> request system reboot media compact-flash

This command reboots the router from the internal compact flash. Afterrebooting, the router is online with your running configuration, but the swappartition on the compact flash is removed.

6. Remove the USB storage device.

7. See “Installing Software Upgrades with the CLI” on page 69 to proceed with theupgrade.

Configuring the Unused Swap Partition

To configure the unused swap partition:

1. From operational mode in the CLI, download the upgrade-helper script to a suitablelocation on your router:

user@host> file copy source destination

Replace source with the path to the script xxx.

Replace destination with the destination directory—for example, /root.

2. Exit the CLI environment and create a UNIX-level shell:

user@host> start shell



3. At the shell prompt, log in as a root user, enter the root password, and use thecompression utility gunzip to decompress the downloaded script. Refer to yourcompression utility’s documentation for information about using the utility.

4. Execute the script:

root@host% sh ./upgrade-helperUpgrade helper script startedATTENTION: PLEASE RUN THIS SCRIPT AGAIN IMMEDIATELY AFTER REBOOTING.Rebooting system.

The system reboots (in no more than 10 seconds) without a swap partition.

5. Execute the upgrade-helper script again immediately after rebooting.

6. See “Installing Software Upgrades by Downloading Files” on page 70 to proceedwith the upgrade.

Changes to Documentation

The following changes to the documentation are available in JUNOS Release 9.0:

■ JUNOS Internet Software Comprehensive Index and Glossary—For JUNOSRelease 8.3 and later the JUNOS Internet Software Comprehensive Index andGlossary has been discontinued and is only available up to JUNOS Release 8.2.After 9.1, the Glossary as a single document will be updated and posted with theJUNOS documentation set.

■ JUNOS High Availability Configuration Guide—With JUNOS Release 9.0, the“Graceful Routing Engine Switchover PIC” support section has been modified.Previously, all PICs that were supported during a graceful Routing Engineswitchover were listed in this section. In addition, the FPC type support for eachPIC was listed. With JUNOS Release 9.0, almost all PICs are supported by gracefulRouting Engine Switchover, so that the documentation now only lists the PICsthat are not supported. FPC type information is no longer included. Forinformation about FPC types, FPC/PIC compatibility, and the initial JUNOSsoftware release in which an FPC supported a particular PIC, see the PIC guidefor your routing platform.

List of Technical Publications

Table 4 on page 77 lists the software and hardware guides and release notes forJuniper Networks J-series, M-series, MX-series, and T-series routing platforms anddescribes the contents of each document. Table 5 on page 81 lists the books includedin the Network Operations Guide series. Table 6 on page 81 lists the manuals andrelease notes supporting JUNOS software with enhanced services. All documents areavailable at http://www.juniper.net/techpubs/.

Table 7 on page 83 lists additional books on Juniper Networks solutions that you canorder through your bookstore. A complete list of such books is available athttp://www.juniper.net/books.

76 ■ Changes to Documentation



http://www.juniper.net/books

Table 4: Technical Documentation for Supported Routing Platforms

DescriptionBook

JUNOS Software for Supported Routing Platforms

Explains how to configure access privileges in user classes by usingpermission flags and regular expressions. Lists the permission flagsalong with their associated command-line interface (CLI) operationalmode commands and configuration statements.

Access Privilege

Provides an overview of the class-of-service (CoS) functions of theJUNOS software and describes how to configure CoS features,including configuring multiple forwarding classes for transmittingpackets, defining which packets are placed into each output queue,scheduling the transmission service level for each queue, andmanaging congestion through the random early detection (RED)algorithm.

Class of Service

Describes how to use the JUNOS command-line interface (CLI) toconfigure, monitor, and manage Juniper Networks routingplatforms. This material was formerly covered in the JUNOS SystemBasics Configuration Guide.

CLI User Guide

Provides a detailed explanation and configuration examples forseveral of the most complex features in the JUNOS software.

Feature Guide

Provides an overview of hardware and software resources thatensure a high level of continuous routing platform operation anddescribes how to configure high availability (HA) features such asnonstop active routing (NSR) and graceful Routing Engineswitchover (GRES).

High Availability

Provides an overview of traffic engineering concepts and describeshow to configure traffic engineering protocols.

MPLS Applications

Provides an overview of multicast concepts and describes how toconfigure multicast routing protocols.

Multicast Protocols

Describes how you can deploy IPTV and voice over IP (VoIP)services in your network.

Multiplay Solutions

Describes common configuration scenarios for the Layer 2 featuressupported on the MX-series routers, including basic bridged VLANswith normalized VLAN tags, aggregated Ethernet links, bridgedomains, Multiple Spanning Tree Protocol (MSTP), and integratedrouting and bridging (IRB).

MX-series Solutions Guide

Provides an overview of the network interface functions of theJUNOS software and describes how to configure the networkinterfaces on the routing platform.

Network Interfaces

Provides an overview of network management concepts anddescribes how to configure various network management features,such as SNMP and accounting options.

Network Management

Provides an overview of policy concepts and describes how toconfigure routing policy, firewall filters, and forwarding options.

Policy Framework

List of Technical Publications ■ 77


Table 4: Technical Documentation for Supported Routing Platforms (continued)

DescriptionBook

Provides an overview of the JCS 1200 platform and the concept ofProtected System Domains (PSDs). The JCS 1200 platform, whichcontains up to six redundant pairs of Routing Engines runningJUNOS software, is connected to a T320 router or to a T640 orT1600 routing node. To configure a PSD, you assign any numberof Flexible PIC concentrators (FPCs) in the T-series routing platformto a pair of Routing Engines on the JCS 1200 platform. Each PSDhas the same capabilities and functionality as a physical router,with its own control plane, forwarding plane, and administration.

Protected System Domain

Provides an overview of routing concepts and describes how toconfigure routing, routing instances, and unicast routing protocols.

Routing Protocols

Provides an overview of secure Common Criteria and JUNOS-FIPSprotocols for the JUNOS software and describes how to install andconfigure secure Common Criteria and JUNOS-FIPS on a routingplatform.

Secure Configuration Guide for Common Criteriaand JUNOS-FIPS

Provides an overview of the services interfaces functions of theJUNOS software and describes how to configure the servicesinterfaces on the router.

Services Interfaces

Describes the JUNOS software components and packaging andexplains how to initially configure, reinstall, and upgrade the JUNOSsystem software. This material was formerly covered in the JUNOSSystem Basics Configuration Guide.

Software Installation and Upgrade Guide

Describes Juniper Networks routing platforms and explains howto configure basic system parameters, supported protocols andsoftware processes, authentication, and a variety of utilities formanaging your router on the network.

System Basics

Provides an overview and describes how to configure Layer 2 andLayer 3 virtual private networks (VPNs), virtual private LAN service(VPLS), and Layer 2 circuits. Provides configuration examples.

VPNs

JUNOS References

Describes the JUNOS configuration mode commands. Provides ahierarchy reference that displays each level of a configurationhierarchy, and includes all possible configuration statements thatcan be used at that level. This material was formerly covered inthe JUNOS System Basics Configuration Guide.

Hierarchy and RFC Reference

Describes the JUNOS software operational mode commands youuse to monitor and troubleshoot interfaces.

Interfaces Command Reference

Describes the JUNOS software operational mode commands youuse to monitor and troubleshoot routing policies and protocols,including firewall filters.

Routing Protocols and Policies CommandReference

78 ■ List of Technical Publications



DescriptionBook

Describes the JUNOS software operational mode commands youuse to monitor and troubleshoot system basics, includingcommands for real-time monitoring and route (or path) tracing,system software management, and chassis management. Alsodescribes commands for monitoring and troubleshooting servicessuch as class of service (CoS), IP Security (IPSec), stateful firewalls,flow collection, and flow monitoring.

System Basics and Services Command Reference

Describes how to access and interpret system log messagesgenerated by JUNOS software modules and provides a referencepage for each message.

System Log Messages Reference

J-Web User Guide

Describes how to use the J-Web graphical user interface (GUI) toconfigure, monitor, and manage Juniper Networks routingplatforms.

J-Web Interface User Guide

JUNOS API and Scripting Documentation

Describes how to use the JUNOScript application programminginterface (API) to monitor and configure Juniper Networks routingplatforms.

JUNOScript API Guide

Provides reference pages for the configuration tag elements in theJUNOS XML API.

JUNOS XML API Configuration Reference

Provides reference pages for the operational tag elements in theJUNOS XML API.

JUNOS XML API Operational Reference

Describes how to use the NETCONF API to monitor and configureJuniper Networks routing platforms.

NETCONF API Guide

Describes how to use the commit script and self-diagnosis featuresof the JUNOS software. This guide explains how to enforce customconfiguration rules defined in scripts, how to use commit scriptmacros to provide simplified aliases for frequently usedconfiguration statements, and how to configure diagnostic eventpolicies.

JUNOS Configuration and Diagnostic AutomationGuide

Hardware Documentation

Describes how to install, maintain, and troubleshoot routingplatforms and components. Each platform has its own hardwareguide.

Hardware Guide

Describes the routing platform's Physical Interface Cards (PICs).Each platform has its own PIC guide.

PIC Guide

Describes the Dense Port Concentrators (DPCs) for all MX-seriesrouters.

DPC Guide

JUNOScope Documentation

Describes the JUNOScope software graphical user interface (GUI),how to install and administer the software, and how to use thesoftware to manage routing platform configuration files and monitorrouting platform operations.

JUNOScope Software User Guide




DescriptionBook

Advanced Insight Solutions (AIS) Documentation

Describes the Advanced Insight Manager (AIM) application, whichprovides a gateway between JUNOS devices and Juniper SupportSystems (JSS) for case management and intelligence updates.Explains how to run AI scripts on Juniper Networks devices.

Advanced Insight Solutions Guide

J-series Routing Platform Documentation

Provides an overview, basic instructions, and specifications forJ-series routing platforms. The guide explains how to prepare yoursite for installation, unpack and install the router and itscomponents, install licenses, and establish basic connectivity. Usethe Getting Started Guide for your router model.

Getting Started Guide

Explains how to configure the interfaces on J-series Services Routersfor basic IP routing with standard routing protocols, ISDN backup,and digital subscriber line (DSL) connections.

Basic LAN and WAN Access Configuration Guide

Explains how to configure J-series Services Routers in virtual privatenetworks (VPNs) and multicast networks, configure data linkswitching (DLSw) services, and apply routing techniques such aspolicies, stateless and stateful firewall filters, IP Security (IPSec)tunnels, and class-of-service (CoS) classification for safer, moreefficient routing.

Advanced WAN Access Configuration Guide

Shows how to manage users and operations, monitor networkperformance, upgrade software, and diagnose common problemson J-series Services Routers.

Administration Guide

Release Notes

Summarize new features and known problems for a particularsoftware release, provide corrections and updates to publishedJUNOS, JUNOScript, and NETCONF manuals, provide informationthat might have been omitted from the manuals, and describeupgrade and downgrade procedures.

JUNOS Release Notes

Describe the available documentation for the routing platform andsummarize known problems with the hardware and accompanyingsoftware. Each platform has its own release notes.

Hardware Release Notes

Contain corrections and updates to the published JUNOScopemanual, provide information that might have been omitted fromthe manual, and describe upgrade and downgrade procedures.

JUNOScope Release Notes

Summarize AIS new features and guidelines, identify known andresolved problems, provide information that might have beenomitted from the manuals, and provide initial setup, upgrade, anddowngrade procedures.

AIS Release Notes

Summarize AI Scripts new features, identify known and resolvedproblems, provide information that might have been omitted fromthe manuals, and provide instructions for automatic and manualinstallation, including deleting and rolling back.

AIS AI Script Release Notes




DescriptionBook

Briefly describe Services Router features, identify known hardwareproblems, and provide upgrade and downgrade instructions.

J-series Services Router Release Notes

Table 5: JUNOS Software Network Operations Guides

DescriptionBook

Describes the most basic tasks for running a network using JuniperNetworks products. Tasks include upgrading and reinstalling JUNOSsoftware, gathering basic system management information,verifying your network topology, and searching log messages.

Baseline

Describes tasks for monitoring interfaces. Tasks include usingloopback testing and locating alarms.

Interfaces

Describes tasks for configuring, monitoring, and troubleshootingan example MPLS network. Tasks include verifying the correctconfiguration of the MPLS and RSVP protocols, displaying the statusand statistics of MPLS running on all routing platforms in thenetwork, and using the layered MPLS troubleshooting model toinvestigate problems with an MPLS network.

MPLS

Describes MPLS status and error messages that appear in the outputof the show mpls lsp extensive command. The guide also describeshow and when to configure Constrained Shortest Path First (CSPF)and RSVP trace options, and how to examine a CSPF or RSVPfailure in a sample network.

MPLS Log Reference

Describes operational information helpful in monitoring andtroubleshooting an MPLS network configured with fast reroute(FRR) and load balancing.

MPLS Fast Reroute

Describes tasks for monitoring M-series and T-series routingplatforms.

Hardware

To configure and operate a J-series Services Router running JUNOS software withenhanced services, you must also use the configuration statements and operationalmode commands documented in JUNOS configuration guides and commandreferences. To configure and operate a WX Integrated Services Module, you mustalso use WX documentation.

Table 6: JUNOS Software with Enhanced Services Documentation

DescriptionBook

Provides guidelines and examples for designing andimplementing IP Security (IPSec) virtual private networks(VPNs), firewalls, and routing on J-series routers runningJUNOS software with enhanced services.

JUNOS Software with Enhanced Services Designand Implementation Guide



Table 6: JUNOS Software with Enhanced Services Documentation (continued)

DescriptionBook

Explains how to quickly set up a J-series router. Thisdocument contains router declarations of conformity.

JUNOS Software with Enhanced Services J-seriesServices Router Quick Start

Provides an overview, basic instructions, and specificationsfor J-series Services Routers. This guide explains how toprepare a site, unpack and install the router, replace routerhardware, and establish basic router connectivity. This guidecontains hardware descriptions and specifications.

JUNOS Software with Enhanced Services J-seriesServices Router Getting Started Guide

Provides instructions for migrating an SSG device runningScreenOS software or a J-series router running the JUNOSsoftware to JUNOS software with enhanced services.

JUNOS Software with Enhanced ServicesMigration Guide

Explains how to configure J-series router interfaces for basicIP routing with standard routing protocols, ISDN service,firewall filters (access control lists), and class-of-service (CoS)traffic classification.

JUNOS Software with Enhanced ServicesInterfaces and Routing Configuration Guide

Explains how to configure and manage security servicessuch as stateful firewall policies, IPSec VPNs, firewall screens,Network Address translation (NAT) and Router interfacemodes, Public Key Cryptography, and Application LayerGateways (ALGs).

JUNOS Software with Enhanced Services SecurityConfiguration Guide

Shows how to monitor the router and routing operations,firewall and security services, system alarms and events,and network performance. This guide also shows how toadminister user authentication and access, upgrade software,and diagnose common problems.

JUNOS Software with Enhanced ServicesAdministration Guide

Provides the complete JUNOS software with enhancedservices configuration hierarchy and describes theconfiguration statements and operational mode commandsnot documented in the standard JUNOS manuals.

JUNOS Software with Enhanced Services CLIReference

Explains how to install and initially configure a WXCIntegrated Services Module in a J-series router for applicationacceleration.

WXC Integrated Services Module Installation andConfiguration Guide

Summarize new features and known problems for aparticular release of JUNOS software with enhanced serviceson J-series routers, including J-Web interface features andproblems. The release notes also contain corrections andupdates to the manuals and software upgrade anddowngrade instructions for JUNOS software with enhancedservices.

JUNOS Software with Enhanced Services ReleaseNotes



Table 7: Additional Books Available Through http://www.juniper.net/books

DescriptionBook

Provides background and in-depth analysis of multicast routing using Protocol IndependentMulticast sparse mode (PIM SM) and Multicast Source Discovery Protocol (MSDP); detailsany-source and source-specific multicast delivery models; explores multiprotocol BGP (MBGP)and multicast IS-IS; explains Internet Gateway Management Protocol (IGMP) versions 1, 2, and3; lists packet formats for IGMP, PIM, and MSDP; and provides a complete glossary of multicastterms.

Interdomain MulticastRouting

Provides detailed examples of common JUNOS software configuration tasks, such as basic routerconfiguration and file management, security and access control, logging, routing policy, firewalls,routing protocols, MPLS, and VPNs.

JUNOS Cookbook

Provides an overview of Multiprotocol Label Switching (MPLS) applications (such as Layer 3virtual private networks [VPNs], Layer 2 VPNs, virtual private LAN service [VPLS], andpseudowires), explains how to apply MPLS, examines the scaling requirements of equipmentat different points in the network, and covers the following topics: point-to-multipoint labelswitched paths (LSPs), DiffServ-aware traffic engineering, class of service, interdomain trafficengineering, path computation, route target filtering, multicast support for Layer 3 VPNs, andmanagement and troubleshooting of MPLS networks.

MPLS-Enabled Applications

Explores the full range of characteristics and capabilities for the two major link-state routingprotocols: Open Shortest Path First (OSPF) and IS-IS. Explains architecture, packet types, andaddressing; demonstrates how to improve scalability; shows how to design large-scale networksfor maximum security and reliability; details protocol extensions for MPLS-based trafficengineering, IPv6, and multitopology routing; and covers troubleshooting for OSPF and IS-ISnetworks.

OSPF and IS-IS: Choosing anIGP for Large-Scale Networks

Provides a brief history of the Internet, explains IP addressing and routing (Routing InformationProtocol [RIP], OSPF, IS-IS, and Border Gateway Protocol [BGP]), explores ISP peering androuting policies, and displays configurations for both Juniper Networks and other vendors'routers.

Routing Policy and Protocolsfor Multivendor IP Networks

Provides the insight and practical solutions necessary to understand the IS-IS protocol and howit works by using a multivendor, real-world approach.

The Complete IS-IS Protocol

Documentation Feedback

We encourage you to provide feedback, comments, and suggestions so that we canimprove the documentation. You can send your comments [email protected], or fill out the documentation feedback form athttps://www.juniper.net/beta/junos/docbug/. If you are using e-mail, be sure to includethe following information with your comments:

■ Document name

■ Document part number

■ Page number

■ Software release version

Documentation Feedback ■ 83

Documentation Feedback

mailto:[email protected]

https://www.juniper.net/beta/junos/docbug/

Requesting Technical Support

Technical product support is available through the Juniper Networks TechnicalAssistance Center (JTAC). If you are a customer with an active J-Care or JNASC supportcontract, or are covered under warranty, and need postsales technical support, youcan access our tools and resources online or open a case with JTAC.

■ JTAC policies—For a complete understanding of our JTAC procedures and policies,review the JTAC User Guide located athttp://www.juniper.net/customers/support/downloads/710059.pdf.

■ Product warranties—For product warranty information, visithttp://www.juniper.net/support/warranty/.

■ JTAC Hours of Operation —The JTAC centers have resources available 24 hoursa day, 7 days a week, 365 days a year.

Self-Help Online Tools and Resources

For quick and easy problem resolution, Juniper Networks has designed an onlineself-service portal called the Customer Support Center (CSC) that provides you withthe following features:

■ Find CSC offerings: http://www.juniper.net/customers/support/

■ Search for known bugs: http://www2.juniper.net/kb/

■ Find product documentation: http://www.juniper.net/techpubs/

■ Find solutions and answer questions using our Knowledge Base:http://kb.juniper.net/

■ Download the latest versions of software and review release notes:http://www.juniper.net/customers/csc/software/

■ Search technical bulletins for relevant hardware and software notifications:https://www.juniper.net/alerts/

■ Join and participate in the Juniper Networks Community Forum:http://www.juniper.net/company/communities/

■ Open a case online in the CSC Case Manager: http://www.juniper.net/cm/

To verify service entitlement by product serial number, use our Serial NumberEntitlement (SNE) Tool located at https://tools.juniper.net/SerialNumberEntitlementSearch/.

Opening a Case with JTAC

You can open a case with JTAC on the Web or by telephone.

■ Use the Case Manager tool in the CSC at http://www.juniper.net/cm/ .

■ Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).

For international or direct-dial options in countries without toll-free numbers, visitus at http://www.juniper.net/support/requesting-support.html.

84 ■ Requesting Technical Support


http://www.juniper.net/customers/support/downloads/710059.pdf

http://www.juniper.net/support/warranty/

http://www.juniper.net/customers/support/

http://www2.juniper.net/kb/


http://kb.juniper.net/

http://www.juniper.net/customers/csc/software/

https://www.juniper.net/alerts/

http://www.juniper.net/company/communities/

http://www.juniper.net/cm/

https://tools.juniper.net/SerialNumberEntitlementSearch/

http://www.juniper.net/cm/

http://www.juniper.net/support/requesting-support.html

If you are reporting a hardware or software problem, issue the following commandfrom the CLI before contacting support:

user@host> request support information | save filename

To provide a core file to Juniper Networks for analysis, compress the file with thegzip utility, rename the file to include your company name, and copy it toftp.juniper.net:pub/incoming. Then send the filename, along with software versioninformation (the output of the show version command) and the configuration, [email protected]. For documentation issues, fill out the bug report form located athttp://www.juniper.net/techpubs/docbug/docbugreport.html.

Revision History

11 March 2008 Revision R2—JUNOS Release 9.0 R2

14 February 2008 Revision R1—JUNOS Release 9.0 R1

Copyright © 2008, Juniper Networks, Inc. All rights reserved.

Juniper Networks, the Juniper Networks logo, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and othercountries. JUNOS and JUNOSe are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered servicemarks are the property of their respective owners.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, orotherwise revise this publication without notice.

Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensedto Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347,6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.

Requesting Technical Support ■ 85

Requesting Technical Support

mailto:[email protected]

http://www.juniper.net/techpubs/docbug/docbugreport.html

Date post:	22-May-2018
Category:	Documents
Upload:	vanque
View:	223 times
Download:	1 times

JUNOS 9.0 Software Release Notes - An Arrow Company€¦ · To configure an address-assignment...

Documents