Junos Release Notes 10.2

Juniper Networks JUNOS 10.2 Software Release NotesRelease 10.2R4 10 June 2011 Revision 10

These release notes accompany Release 10.2R4 of the JUNOS Software. They describe device documentation and known problems with the software. JUNOS Software runs on all Juniper Networks M Series, MX Series, and T Series routing platforms, SRX Series Services Gateways, J Series Services Routers, and EX Series Ethernet Switches. You can also find these release notes on the Juniper Networks JUNOS Software Documentation Web page, which is located at http://www.juniper.net/techpubs/software/junos.

Contents

JUNOS Software Release Notes for Juniper Networks M Series Multiservice Edge Routers, MX Series Ethernet Service Routers, and T Series Core Routers . . . . . 7 New Features in JUNOS Release 10.2 for M Series, MX Series, and T Series Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Class of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 JUNOS XML API and Scripting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Layer 2 Ethernet Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 MPLS Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Multiplay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Routing Policy and Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Services Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Subscriber Access Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Changes in Default Behavior and Syntax in JUNOS Release 10.2 for M Series, MX Series, and T Series Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Class of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Forwarding and Sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 General Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Copyright 2012, Juniper Networks, Inc.

1

JUNOS 10.2 Software Release Notes

Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 JUNOS XML API and Scripting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Layer 2 Ethernet Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 MPLS Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Platform and Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Routing Policy and Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Services Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Subscriber Access Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Issues in JUNOS Release 10.2 for M Series, MX Series, and T Series Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Current Software Release . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Previous Releases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 Errata and Changes in Documentation for JUNOS Software Release 10.2 for M Series, MX Series, and T Series Routers . . . . . . . . . . . . . . . . . . . . . 118 Changes to the JUNOS Documentation Set . . . . . . . . . . . . . . . . . . . . . . 118 Errata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 Upgrade and Downgrade Instructions for JUNOS Release 10.2 for M Series, MX Series, and T Series Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 Basic Procedure for Upgrading to Release 10.2 . . . . . . . . . . . . . . . . . . . . 128 Upgrade Policy for JUNOS Software Extended End-Of-Life Releases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130 Upgrading a Router with Redundant Routing Engines . . . . . . . . . . . . . . 130 Upgrading Juniper Routers Running Draft-Rosen Multicast VPN to JUNOS Release 10.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 Upgrading the Software for a Routing Matrix . . . . . . . . . . . . . . . . . . . . . 132 Upgrading Using ISSU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 Upgrading from JUNOS Release 9.2 or Earlier on a Router Enabled for Both PIM and NSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 Downgrade from Release 10.2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 JUNOS Software Release Notes for Juniper Networks SRX Series Services Gateways and J Series Services Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 New Features in JUNOS Release 10.2 for SRX Series Services Gateways and J Series Services Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 Software Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 Hardware FeaturesSRX210 Services Gateways . . . . . . . . . . . . . . . . . . 168 Hardware FeaturesSRX240 Services Gateways . . . . . . . . . . . . . . . . . 168 Hardware FeaturesSRX210 and SRX240 Services Gateways with Integrated Convergence Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Hardware FeaturesSRX650 Services Gateways . . . . . . . . . . . . . . . . . 172 Hardware FeaturesSRX3400 and SRX3600 Services Gateways . . . . 173 Advertising Bandwidth for Neighbors on a Broadcast Link Support . . . . . . . 173 Group VPN Interoperability with Ciscos GET VPN . . . . . . . . . . . . . . . . . . . . . 174 Changes in Default Behavior and Syntax in JUNOS Release 10.2 for SRX Series Services Gateways and J Series Services Routers . . . . . . . . . . . . 175 Application Identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 Application Layer Gateways (ALGs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 AppSecure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 Chassis Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176

2


Command-Line Interface (CLI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180 Dynamic VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181 Flow and Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181 Interfaces and Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 Intrusion Detection and Prevention (IDP) . . . . . . . . . . . . . . . . . . . . . . . . 183 J-Web . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 Management and Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 Multilink . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 WLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 Unsupported CLI Statements and Commands . . . . . . . . . . . . . . . . . . . . . . . 188 Accounting-Options Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 AX411 Access Point Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 Chassis Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 Class-of-Service Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 Ethernet-Switching Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 Firewall Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 Interfaces CLI Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 Protocols Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193 Routing Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194 Services Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194 Security Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194 SNMP Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 System Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 IPv6 and MVPN CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 Known Limitations in JUNOS Release 10.2 for SRX Series Services Gateways and J Series Services Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197 AppSecure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197 Chassis Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197 Command-Line Interface (CLI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 DOCSIS Mini-PIM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 Dynamic VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 Flow and Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201 Interfaces and Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202 Intrusion Detection and Prevention (IDP) . . . . . . . . . . . . . . . . . . . . . . . 203 IPv6 Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205 J-Web . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207 NetScreen-Remote . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207 Network Address Translation (NAT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207 Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208 Point-to-Point Protocol over Ethernet (PPPoE) . . . . . . . . . . . . . . . . . . 208 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208 SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209 Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209 System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210 Unified Threat Management (UTM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210 VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210 VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210


3


WLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210 Issues in JUNOS Release 10.2 for SRX Series Services Gateways and J Series Services Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211 Outstanding Issues In JUNOS Release 10.2 for SRX Series Services Gateways and J Series Services Routers . . . . . . . . . . . . . . . . . . . . . . 211 Resolved Issues in JUNOS Release 10.2 for SRX Series Services Gateways and J Series Services Routers . . . . . . . . . . . . . . . . . . . . . 232 Errata and Changes in Documentation for JUNOS Release 10.2 for SRX Series Services Gateways and J Series Services Routers . . . . . . . . . . . . 239 Application Layer Gateways (ALGs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239 Chassis Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239 Command-Line Interface (CLI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240 Class of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241 Flow and Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241 Hardware Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242 Installing Software Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247 Integrated Convergence Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247 Interfaces and Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248 Intrusion Detection and Prevention (IDP) . . . . . . . . . . . . . . . . . . . . . . . 248 JUNOS Software Interfaces and Routing Guide . . . . . . . . . . . . . . . . . . . 249 J-Web . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250 Management Information Base (MIB) . . . . . . . . . . . . . . . . . . . . . . . . . . 250 Network Address Translation (NAT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250 Point-to-Point Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251 Screens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251 Hardware Requirements for JUNOS Release 10.2 for SRX Series Services Gateways and J Series Services Routers . . . . . . . . . . . . . . . . . . . . . . . . . 251 Transceiver Compatibility for SRX Series and J Series Devices . . . . . . . 252 Power and Heat Dissipation Requirements for J Series PIMs . . . . . . . . . 252 Supported Third-Party Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252 J Series CompactFlash and Memory Requirements . . . . . . . . . . . . . . . . 253 Stream Control Transmission Protocol Overview . . . . . . . . . . . . . . . . . . . . . 254 Configuration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254 Maximizing ALG Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255 Upgrade and Downgrade Instructions for JUNOS Release 10.2 for SRX Series Services Gateways and J Series Services Routers . . . . . . . . . . . . . . . . . 256 Upgrade Policy for JUNOS Software Extended End Of Life Releases . . 256 JUNOS Software Release Notes for EX Series Switches . . . . . . . . . . . . . . . . . . . 257 New Features in JUNOS Release 10.2 for EX Series Switches . . . . . . . . . . . . 257 Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257 Access Control and Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258 Bridging, VLANs, and Spanning Trees . . . . . . . . . . . . . . . . . . . . . . . . . . . 259 Class of Service (CoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259 Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259 Layer 2 and Layer 3 Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260 Management and RMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

4


Packet Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260 Changes in Default Behavior and Syntax in JUNOS Release 10.2 for EX Series Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 Access Control and Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 Layer 2 and Layer 3 Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 User Interfaces and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 Limitations in JUNOS Release 10.2 for EX Series Switches . . . . . . . . . . . . . . 262 Access Control and Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262 Bridging, VLANs, and Spanning Trees . . . . . . . . . . . . . . . . . . . . . . . . . . . 262 Class of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264 Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265 J-Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266 Layer 2 and Layer 3 Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266 Management and RMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266 Virtual Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267 Outstanding Issues in JUNOS Release 10.2 for EX Series Switches . . . . . . . 267 Access Control and Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267 Bridging, VLANs, and Spanning Trees . . . . . . . . . . . . . . . . . . . . . . . . . . 268 Class of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268 Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268 Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268 Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268 Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269 J-Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270 Layer 2 and Layer 3 Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271 Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271 Virtual Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271 Resolved Issues in JUNOS Release 10.2 for EX Series Switches . . . . . . . . . . . 271 Access Control and Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272 Bridging, VLANs, and Spanning Trees . . . . . . . . . . . . . . . . . . . . . . . . . . . 272 Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272 Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273 Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273 Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275 J-Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275 Layer 2 and Layer 3 Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276 Management and RMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277 Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277 Virtual Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277 Errata in Documentation for JUNOS Release 10.2 for EX Series Switches . . 277 Access Control and Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278 Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278 Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278


5


Upgrade and Downgrade Issues for JUNOS Release 10.2 for EX Series Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278 Upgrade Policy for JUNOS Software Extended End-Of-Life Releases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278 Upgrading or Downgrading from JUNOS Release 9.4R1 for EX Series Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279 Upgrading from JUNOS Release 9.3R1 to Release 10.2 for EX Series Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279 Upgrading from JUNOS Release 9.2 to Release 10.2 for EX Series Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279 Downgrading from JUNOS Release 10.2 to Release 9.2 for EX4200 Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281 JUNOS Documentation and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282 Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282 Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282 Revision History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284

6


JUNOS Software Release Notes for Juniper Networks M Series Multiservice Edge Routers, MX Series Ethernet Service Routers, and T Series Core Routers

JUNOS Software Release Notes for Juniper Networks M Series Multiservice Edge Routers, MX Series Ethernet Service Routers, and T Series Core Routers

New Features in JUNOS Release 10.2 for M Series, MX Series, and T Series Routers on page 7 Changes in Default Behavior and Syntax in JUNOS Release 10.2 for M Series, MX Series, and T Series Routers on page 45 Issues in JUNOS Release 10.2 for M Series, MX Series, and T Series Routers on page 63 Errata and Changes in Documentation for JUNOS Software Release 10.2 for M Series, MX Series, and T Series Routers on page 118 Upgrade and Downgrade Instructions for JUNOS Release 10.2 for M Series, MX Series, and T Series Routers on page 127

New Features in JUNOS Release 10.2 for M Series, MX Series, and T Series RoutersThe following features have been added to JUNOS Release 10.2. Following the description is the title of the manual or manuals to consult for further information.

Class of Service

Support for Layer 2 policers at the VLAN level on Trio MPC/MIC interfaces (MX Series platforms with Trio MPC/MIC interfaces)Layer 2 policers at the VLAN level are supported on an MX Series router with Trio MPCs/MICs. [Class of Service]

Different classifiers for different virtual circuits (ATM interfaces)Enables you to combine Layer 2 and Layer 3 classifications on ATM interfaces where some VCs are part of a VPLS instance and other belong to an L3VPN. To configure, include the classifiers statement at the [edit class-of-service interfaces at-x/y/zunit logical-interface-number] hierarchy level. [Class of Service]

DSCP classification for VPLS at ingress PE (M320 with Enhanced Type III FPC and M120)Enables you to configure DSCP classification for VPLS at ingress PE for encapsulation types vlan-vpls (IQ2 or IQ2E PICs) or ATM II IQ PIC. To configure, define the DSCP classifier at the [edit class-of-service classifiers dscp dscp-name] hierarchy level and apply the DSCP classifier at the [edit interfaces at-fpc-pic-port unit-logical-unit-number classifiers] hierarchy level. The ATM interface must be included in the routing instance. [Class of Service]


7


High Availability

Nonstop active routing support for Layer 2 VPN and Layer 3 VPN over RSPV-TE LSPsStarting with Release 10.2, the JUNOS Software extends the nonstop active routing support to Layer 2 VPN and Layer 3 VPN over RSVP-TE LSPs. JUNOS Release 10.2 also extends the nonstop active routing support for Layer 3 VPNs to cover the following OSPF features and configurations:

domain-id domain-id statement at the [edit routing-instances routing-instance-name protocols (ospf | ospf3)] hierarchy level

domain-vpn-tag number statement at the [edit routing-instances routing-instance-name protocols (ospf | ospf3)] hierarchy level

metric number statement at the [edit routing-instances routing-instance-name protocols ospf area area-id sham-link-remote] hierarchy level

sham-link local address statement at the [edit routing-instances routing-instance-name protocols ospf] hierarchy level

sham-link-remote address statement at the [edit routing-instances routing-instance-name protocols ospf area area-id] hierarchy level

Interfaces and Chassis

List of supported software features for MX Series MPCsThe following link contains a high-level list of software features for MX Series MPCs. For information about MPC support for subordinate statements of these software features, see the JUNOS Layer 2 Configuration Guide.http://www.juniper.net/techpubs/en_US/release-independent/junos/topics/reference/ general/mpc-mx-series-features.html

New 2-port MIC with XFP (model number MIC-3D-2XGE-XFP)This MIC can be installed into the new Type 1 MPCs (supported on MX240, MX480, MX960 routers) or can be installed directly into two slots in a modular MX80 chassis. For a list of supported MICs and MPCs, see the MX Series Line Card Guide. New 30-Gigabit Ethernet queuing MPC (model number MX-MPC1-3D-Q)Supported on MX240, MX480, and MX960 routers. For a list of supported MPCs, see the MX Series Line Card Guide. New 30-Gigabit Ethernet MPC (model number MX-MPC1-3D)Supported on MX240, MX480, and MX960 routers. For a list of supported MPCs, see the MX Series Line Card Guide. New 40-port dual-wide Tri-rate MIC (model number MIC-3D-40GE-TX)Supported on the MX Series routers. The Tri-rate MIC contains 40 autonegotiating 10Base-T, 100Base-TX, or 1000Base-T Megabit Ethernet ports. The Tri-rate MIC installs into both slots of an MPC in a MX240, MX480, and MX960 routers or directly into two slots in a modular MX80 chassis. For a list of supported MICs and MPCs, see the MX Series Line Card Guide.

8


New Features in JUNOS Release 10.2 for M Series, MX Series, and T Series Routers

Modular Port Concentrators (MPCs) on MX240, MX480, and MX960 routersProvide tunnel support parity, replacing traditional tunnel and services PICs with tunnels that were supported on a "virtual" port on MX240, MX480, and MX960 PFEs. MX240, MX480, MX960 routers support a virtual PIC and a virtual port, visible for tunnel configuration, and eliminating the need for a tunnel PIC. Traditional tunnel PIC features are supported, including:

GRE keys GRE Clear-dont-fragment

Certain services PIC features are not supported. On MPCs there are no tunnel PICs. Instead some bandwidth is taken off the WAN ports from the MX240, MX480, and MX960 routers and reserved for tunneling. In the presence of tunnel traffic, all WAN ports are affected in case of oversubscription. On MX240, MX480, and MX960 routers, the following types of tunnel ports are supported:

A 1Gbps tunnel port on 10x1GE PFE complex A 10Gbps tunnel port on 1x10GE PFE complex

On MX240, MX480, and MX960 routers, tunnel services can be enabled by configuring tunnel-services bandwidth on a particular virtual PIC. For example:user@host# show chassis fpc 0 { pic 0 { tunnel-services { bandwidth 1g; } } pic 1 { tunnel-services { bandwidth 1g; } } }

This enables tunnel services with a bandwidth of 1 Gbps on FPC 0 and PIC 0. Correspondingly, chassisd can create devices such as the following:

vt-0/0/10, ip-0/0/10, etc. for pic0 vt-0/1/10 ip-0/1/10 etc. for pic1

Currently supported bandwidth values are 1 Gbps and 10 Gbps. Devices are created with port 10 for 1-Gbps tunnels and port 0 for 10-Gbps tunnels. These tunnels with their associated configurations work when an MX-DPC is replaced by an MPC. This means the router creates tunnel devices based on the tunnel services configuration. This means that although the same PFE supports vt-0/0/10 and vt-0/1/10, two devices must be created to be compatible with the above configuration.


9


The MPC allows you to configure four tunnel MICs per MPC (to support vt-0/0/10, vt-0/1/10, vt-0/2/10, and vt-0/3/10), although in reality there are only two physical MICs. This is achieved by creating logical MICs on MPCs. In addition, you can add physical interfaces to the MPC because no MICs are associated with these tunnel physical interfaces. [Services Interfaces]

Restrictions on NAT configuration on DPCs (MX960, MX480, and MX240 routers with Multiservices DPC services interfaces)If you configure a basic 1:1 destination NAT rule with address prefixes in the pool, NAT will not work as expected. Also, if you configure port allocation for all NAT translations with a redundancy services (RSP) interface, NAT will not work as expected. [Services Interfaces]

Voice over IP (VoIP) servicesIn JUNOS Release 10.2, MX Series MPCs support Border Gateway Function (BGF) and Integrated Multi-Service Gateway (IMSG). For a list of supported protocols and applications, see the MX Series Line Card Guide. Support for Layer 2 Ethernet OAM (MX Series routers with Trio MPC/MIC Ethernet interfaces)MX Series routers with Trio MPC/MIC Ethernet interfaces supports parity of all Layer 2 OAM for 802.1ag for inet family features supported by MX Series routers as of JUNOS Release 9.1. [Network Interfaces]

Support for MPC tunnel features with other DPC types (MX Series platforms with Trio MPC/MIC interfaces)If you configure tunnels on an MX Series router with both Trio MPCs/MICs and DPCs, all tunnel functions support parity with JUNOS Release 9.2. [Network Interfaces]

Enhanced IQ (IQE) PICs for M7i and M10i routersM7i and M10i routers now support the following Enhanced IQ (IQE) PICs:

4-port Channelized DS3 and E3 Enhanced IQ (IQE) PIC (PE-4CHDS3-E3-IQE-BNC) 10-port Channelized E1/T1 Enhanced IQ (IQE) PIC (PE-10CHE-T1-IQE-RJ48) 2-port Channelized OC3/STM1 Enhanced IQ (IQE) PIC with SFP (PE-2CHOC3-STM1-IQE-SFP) 1-port Channelized OC12/STM4 Enhanced IQ (IQE) PIC with SFP (PE-1CHOC12STM4-IQE-SFP) 4-port DS3/E3 Enhanced IQ (IQE) PIC (PE-4DS3-E3-IQE-BNC) 4-port SONET/SDH OC3/STM1 Enhanced IQ (IQE) PIC with SFP (PE-4OC3-STM1-IQE-SFP) 1-port SONET/SDH OC12/STM4 Enhanced IQ (IQE) PIC with SFP (PE-1OC12-STM4-IQE-SFP)

10



The IQE PICs support the same features as the existing IQ PICs, as well as enhanced CoS and diagnostic features. The valid configuration statements are also the same, but the limits and range of values for some options are different to support augmented capabilities. [M7i PIC Guide, M10i PIC Guide, Class of Service, Network Interfaces]

New MX80 Ethernet services routerThere are two MX80 routers: one with a modular chassis and one with a fixed chassis. Each router is a compact Ethernet-optimized edge router that provides provide switching and carrier class Ethernet routing. Both provide up to 40 gigabits per second (Gbps) full duplex, high-density Ethernet interfaces and high capacity switching throughput. Both use the Trio chipset for increased scalability of L2/L3 packet forwarding, buffering, and queuing. Each router supports parity in software features supported by other MX Series routers as of JUNOS Release 9.2. To view JUNOS Release 9.2 documentation, see: http://www.juniper.net/techpubs/software/junos/junos92/index.html. The show chassis family of commands has been updated to provide information about MX80 routers.

NOTE: The MX80 router with fixed configuration does not support hierarchical queuing, congestion dropping, or statistics.

The MX80 router with modular configuration includes four built-in 10-Gigabit Ethernet ports and two slots that support the following Modular Interface Cards (MICs):

20-port Gigabit Ethernet MIC with SFP 2-port 10-Gigabit Ethernet MIC with XFP 40-port Gigabit Ethernet MIC (dual-wide)

The MX80 router with fixed configuration includes 4 built-in 10-Gigabit Ethernet ports and 48 built-in 10/100/1000Base-TX-RJ45 ports. The MX80 router is a single-board router with a built-in Routing Engine and one Packet Forwarding Engine (PFE), which can have up to two MICs. (A Services PIC slot is currently not supported.) The PFE has two pseudo Flexible PIC Concentrators (FPC 0 and FPC1). Because there is no switching fabric, the single PFE takes care of both ingress and egress packet forwarding. On both routers, the four built-in 10-Gigabit Ethernet ports are mapped to FPC 0. On the MX80 router with modular configuration, the MIC slots are mapped to FPC 1. On the MX80 router with fixed configuration, the 48 built-in 10/100/1000Base-TX-RJ45 ports are mapped to FPC 1. [MX80 Hardware]

Tunable XFP support (MX960, MX480, MX240, T640, and T1600)Provides support for wavelength tunable non-optical transport network (OTN) 10Gigabit Ethernet XFPs. All forwarding, OAM, and control plane features supported on the current DPCs, MICs, and PICs are supported on the above routers. This feature is not supported on MX80 and T320 routers.


11


You can use the existing wavelength statement to configure the wavelength of the optics at the [edit interfaces interface-name optic-options] hierarchy level. The following existing configuration mode commands are supported for tunable XFPs:

show chassis hardware show chassis pic show interfaces

[Network Interfaces]

Support for external clock synchronization on T Series routers (T320, T640, T1600)The T320, T640, and T1600 routers support external clock interfaces on the Sonic Clock Generators (SCG). When external clock synchronization is configured, this clock is distributed through the FPCs to each PIC interface. To configure external clock synchronization, include the following statements at the [edit chassis] hierarchy level:synchronization { primary (external-a | external-b); secondary (external-s | external-b); switching-mode (revertive | non-revertive); validation-interval seconds; }

[System Basics]

Support for 802.1ag Ethernet OAM for VPLS extended to M320 (with Enhanced III FPC), M120, and to M10i and M7i (with CFEB) routers with Gigabit Ethernet IQ2, IQ2E, and IQ2E PICsExtends the 802.1ag VPLS functionality to the specified routers. 802.1ag was previously supported only on Layer 2 circuits, Layer 2 VPNs, and routable interfaces on the specified router, FPC, and interface combinations. Configuration for this feature is performed in the same way as the existing OAM VPLS CLI feature configuration on MX Series routers. To configure CFM, include the connectivity-fault-management statement and substatements at the [edit protocols oam ethernet] hierarchy level. [Network Interfaces]

Quality-of-service (QoS) support for ATM on circuit emulation PICsOn M7i, M10i, M40e, M120, and M320 routers, the Channelized OC3/STM1 Circuit Emulation PICs (PB-4CHOC3-CE-SFP and PE-4CHOC3-CE-SFP) and E1/T1 Circuit Emulation PICs (PB-12T1E1-CE-TELCO and PE-12T1E1-CE-TELCO) provide QoS features that match or exceed those of the ATM-II PIC. Circuit Emulation PICs provide ingress and egress direction traffic shaping. Policing is performed by monitoring the configured parameters on the incoming traffic and is also referred to as ingress shaping. Egress shaping uses queuing and scheduling to shape the outgoing traffic. This is an enhancement over the ATM-II PIC, which only provides egress shaping. Classification is provided per virtual circuit (VC).

12



The following features are supported:

Port-level egress shaping Support for CBR, rtVBR, nrtVBR, and UBR Policing on a per VC basis Independent PCR and SCR policing Counting, tagging, or discard policing actions

CLI configuration is similar to that of QoS features for the ATM-II PIC. To configure shaping for logical interfaces in port promiscuous mode, use the shaping statement and its substatements at the [interfaces at-fpc/pic/port unit] hierarchy level. [Network Interfaces]

Enhanced graceful Routing Engine switchover (GRES) support for PD-5-10XGE-SFPP PICs (T640 routers connected to a TX Matrix router)JUNOS Release 10.2 extends GRES support for 10-port 10-Gigabit Ethernet Oversubscribed Ethernet PIC (PD-5-10XGE-SFPP) in T640 routers connected to a TX Matrix router. Targeted broadcast support for virtual routing and forwarding (VRF) (M Series, MX Series, and T Series routers)Enables IP packets destined for a Layer 3 broadcast address to transit to an egress interface on a router. The packets are broadcast only if the egress interface is a LAN interface. This feature is useful when the Routing Engine is flooded with packets to process. Targeted broadcast enables a broadcast packet destined for a remote network to transit across networks until the destination network is reached. In the destination network, the broadcast packet is broadcast as a normal broadcast packet. To configure targeted broadcast on a broadcast interface, include the targeted-broadcast statement at the [edit interfaces interface-name unit logical-unit-number family inet] hierarchy level. You can configure targeted broadcast in two ways:

To forward broadcast packets to both the egress interface and the Routing Engine, include the forward-and-send-to-re statement at the [edit interfaces interface-name unit logical-unit-number family inet targeted-broadcast] hierarchy level. To forward broadcast packets to the egress interface only, include the forward-only statement at the [edit interfaces interface-name unit logical-unit-number family inet targeted-broadcast] hierarchy level.

When you do not include the targeted-broadcast statement, a copy of each broadcast packet is sent to the Routing Engine. When you include the targeted-broadcast statement without either the forward-and-send-to-re or forward-only statement, broadcast packets are discarded. [Network Interfaces]

High availability hot-standby for FRF.15 (MLFR) and FRF.16 (MFR) configurations on Multiservices PICs and DPCs (M Series, MX Series, and T Series routers)Extends


13


support for the hot-standby option to FRF.15 and FRF.16 on redundant paired LSQ interfaces. This feature is supported on Multiservices PICs and DPCs. Provides a switchover time of 5 seconds or less for FRF.15, and provides a maximum of 10 seconds switchover time for FRF.16. To configure redundant LSQ hot-standby functionality for FRF.15, configure the hot-standby statement at the [edit interfaces rlsqnumber redundancy-options] hierarchy level and the multilink-frame-relay-end-to-end statement at the [edit interfaces rlsqnumber unit logical-unit-number encapsulation] hierarchy level. To configure redundant LSQ hot-standby functionality for FRF.16, include the hot-standby statement at the [edit interfaces rlsqnumber:number encapsulation multilink-frame-relay-uni-nni redundancy-options] hierarchy level. [Services Interfaces]

M7i, M10i, M120, and M320 routers (with Enhanced III FPC) support ATM scheduler for RFC1483 bridged interfaceExtends ATM scheduler support for RFC1483 bridged interface functionality to the specified routers. [Network Interfaces]

Support for xSTP on Trio MPC/MIC interfaces (MX Series platforms with Trio MPC/MIC interfaces)All types of xSTPs are supported on an MX Series router with Trio MPCs/MICs. [Layer 2 Configuration Guide]

Support for targeted broadcast for virtual routing and forwarding (VRF) instances on MX Series routersThe MX960, MX480, and M240 routers now support targeted broadcast which IP packets destined for a Layer 3 broadcast address to transit to an egress interface on a router. The packets are broadcast only if the egress interface is a LAN interface. This feature is supported on aggregated Ethernet interfaces and is useful when the Routing Engine is flooded with packets to process. Targeted broadcast enables a broadcast packet destined for a remote network to transit across networks till the destination network is reached. In the destination network, the broadcast packet is broadcast as a normal broadcast packet. To configure targeted broadcast on a broadcast interface, include the targeted-broadcast statement at the [edit interfaces interface-name unit logical-unit-number family inet] hierarchy level. You can configure targeted broadcast in two ways:

To forward broadcast packets to both the egress interface and the Routing Engine, include the forward-and-send-to-re statement at the [edit interfaces interface-name unit logical-unit-number family inet targeted-broadcast] hierarchy level. To forward broadcast packets to the egress interface only, include the forward-only statement at the [edit interfaces interface-name unit logical-unit-number family inet targeted-broadcast] hierarchy level.

When you do not include the targeted-broadcast statement, a copy of each broadcast packet is sent to the Routing Engine. When you include the targeted-broadcast

14



statement without either the forward-and-send-to-re or forward-only statement, broadcast packets are discarded. [Network Interfaces]

New statement to sync the FPC that is brought online with other active FPCs (M320, T320, T640, T1600, TX Matrix, and TX Matrix Plus routers)M320, T320, T640, T1600, TX Matrix, and TX Matrix Plus routers now support the fpc-resync configuration statement at the [edit chassis] hierarchy level. When you bring a Flexible PIC Concentrator (FPC) online, the sequence number on the FPC may not be synchronized with the other active FPCs in the router, which may result in the loss of a small amount of initial traffic. To avoid any traffic loss, include the fpc-resync statement at the [edit chassis] hierarchy level. This ensures that the sequence number of the FPC that is brought online is resynchronized with the other active FPCs in the router. [System Basics]


15


JUNOS XML API and Scripting

16



New JUNOS XML API operational request tag elementsTable 1 on page 17 lists the JUNOS Extensible Markup Language (XML) operational request tag elements that are new in JUNOS Release 10.2, along with the corresponding CLI command and response tag element for each one.

Table 1: JUNOS XML Tag Elements and CLI Command Equivalents New in JUNOS 10.2Request Tag Element clear_service_bsg_registrations clear_service_bsg_registrations_statistics clear_services_bsg_registrations_subscription get_syslog_facility_information request_ping_rsvp_dynamic_bypass_lsp request_ping_rsvp_manual_bypass_lsp request_logout_user get_environment_ power_supply_unit_information get_fm_topology get_fm_plane_location_information get_fru_power_on_sequence get_power_budget_information get_tfeb_information get_vcpu_information get_cos_service_session_information

CLI Commandclear services border-signaling-gateway registrations clear services border-signaling-gateway registrations statistics clear services border-signaling-gateway registrations subscription help syslog facility

Response Tag Element

ping mpls rsvp dynamic-bypass

NONE

ping mpls rsvp manual-bypass

NONE

request system logout

show chassis environment power-supply-unit

show chassis fabric map show chassis fabric plane-location

show chassis power sequence

show chassis power-budget-statistics

show chassis tfeb

show chassis vcpu

show class-of-service service-session


17


Table 1: JUNOS XML Tag Elements and CLI Command Equivalents New in JUNOS 10.2 (continued)Request Tag Element get_gre_ka_information get_pppoe_session_information get_r2cp_interface_information get_r2cp_radio_information get_r2cp_session_information get_r2cp_statistics get_service_ accounting_error_ inline_jflow_ information get_service_ accounting_status_ inline_jflow_ flow_information get_service_ accounting_status_ inline_jflow_ information get_service_ border_signaling_ gateway_address_ of_record

CLI Commandshow oam gre-keepalive


show pppoe sessions

show r2cp interfaces

show r2cp radio

show r2cp sessions

show r2cp statistics

show services accounting errors inline-jflow

show services accounting flow inline-jflow

show services accounting status inline-jflow

show services border-signaling-gateway address-of-record

18



Table 1: JUNOS XML Tag Elements and CLI Command Equivalents New in JUNOS 10.2 (continued)Request Tag Element get_service_ border_signaling_ gateway_address_ of_record_ bindings get_service_border_ signaling_gateway_ statistics_calls_ by_server get_service_ border_signaling_ gateway_statistics_ calls_by_sp get_service_border_ signaling_gateway_ statistics_calls_ duration_by_server get_service_border_signaling _gateway_statistics_calls_ duration_by_sp get_service_ border_signaling_gateway_ statistics_failed_calls_by_ server

CLI Commandshow services border-signaling-gateway address-of-record bindings


show services border-signaling-gateway calls by-server

NONE

show services border-signaling-gateway calls by-service-point

NONE

show services border-signaling-gateway calls-duration by-server

NONE

show services border-signaling-gateway calls-duration by-service-point

NONE

show services border-signaling-gateway calls-failed by-server

NONE


19


Table 1: JUNOS XML Tag Elements and CLI Command Equivalents New in JUNOS 10.2 (continued)Request Tag Element get_service_ border_signaling_gateway _statistics_failed_calls_ by_sp get_service_ bsg_registrations get_service_bsg_ registrations_ realm_statistics get_service_ bsg_registrations_ statistics get_service_ border_signaling_ gateway_routing_ blacklist get_service_ softwire_table_ information get_service_ fwnat_flow_table_ information get_subscribers_ summary get_system_ storage_partitions

CLI Commandshow services border-signaling-gateway calls-failed by-service-point

Response Tag ElementNONE

show services border-signaling-gateway registrations

show services border-signaling-gateway registrations realm

show services border-signaling-gateway registrations statistics

show services border-signaling-gateway routing-blacklist

show services softwire

show services softwire flows

show subscribers summary

show system storage partitions

20



Table 1: JUNOS XML Tag Elements and CLI Command Equivalents New in JUNOS 10.2 (continued)Request Tag Element get_system_ virtual_memory_information

CLI Commandshow system virtual-memory


[JUNOS XML API Operational Reference]

Layer 2 Ethernet Services

Ethernet Ring Protocol (ERP) support for multiple ring instances on the same physical ring (MX240, MX480, and MX960 routers)This Layer 2 feature extends Ethernet Ring Protocol (ERP) support to include multiple ring instances on the same physical ring on MX960, MX480, and MX240 routers. Each ring instance will control a set of virtual LAN (VLAN) IDs. For a physical ring, traffic between two nodes usually follows the same path. By creating multiple ring instances, some traffic passes through one path, while other traffic can pass through a different path. The result is improved load-balancing of traffic in the physical ring. To configure multiple ring instances, include the data-channel configuration statement with VLAN ID options at the [edit protocols protection-group ethernet-ring group-name] hierarchy level. New operational mode commands support this feature. To display data channel information for all Ethernet ring protection groups, use the show protection-group ethernet-ring data-channel command. To display data channel information for a specific Ethernet ring protection group, use the show protection-group ethernet-ring data-channel groupname command. To display data channel VLAN information for all Ethernet ring protection groups, use the show protection-group ethernet-ring vlan command. To display data channel VLAN information for a specific Ethernet ring protection group, use the show protection-group ethernet-ring vlan groupname command. [Layer 2 Configuration, Interfaces Command Reference]

MPLS Applications

Switching LSPs away from a network nodeYou can configure the router to switch active LSPs away from a network node by using a bypass LSP enabled for an interface. This feature can be used in maintenance of active networks when a network device needs to be replaced without interrupting traffic passing through the network. The LSPs can be either static or dynamic. You need to first configure either link or node protection for the traffic that needs to pass around the network device you intend to disable. To function properly, the bypass LSP must use a different logical interface, rather than the protected LSP. To configure the router to switch traffic around a network node, configure the always-mark-connection-protection-tlv statement at the [edit protocols mpls interface interface-name] hierarchy level. This statement marks all OAM traffic transiting this interface in preparation for switching the traffic to an alternate path based on the OAM


21


functionality. Next, configure the switch-away-lsps statement at the [edit protocols mpls interface interface-name] hierarchy level. This statement switches the traffic from the protected LSP to the bypass LSP, effectively bypassing the default downstream network device. The actual link is not brought down by this procedure itself. This feature is supported on MX Series routers only. [MPLS]

MPLS support on services PICsAdds MPLS label pop support for services PICs on JUNOS routers. Previously, all MPLS traffic would be dropped at the services PIC. No changes are required to CLI configurations for this enhancement. In-service software upgrade (unified ISSU) is supported for tag next hops for MPLS on services PIC traffic, but no support is provided for tags over IPv6 packets or labels on multiple gateways. [MPLS]

Hello acknowledgements for non-session RSVP neighborsYou can now acknowledge hello messages sent from non-session RSVP neighbors with a hello acknowledgement message by including the hello-acknowledgements statement at the [edit protocols rsvp hello-acknowledgements] hierarchy level. When hellos are received from non-session neighbors, an RSVP neighbor relationship is created and periodic hello messages can now be received from the non-session neighbor. Interface-based neighbors are not automatically aged out. [MPLS]

Multicast

Load-balancing multicast tunnel interfaces among available PICsFor draft-rosen Layer 3 VPNs, enables you to manually load-balance multicast tunnel interfaces across a configured list of tunnel-capable PICs. To configure the list, include the tunnel-devices statement at the [edit routing-instances instance-name protocols pim] hierarchy level. In some cases, you might need to manually force a rebalanced state. To do this, run the request pim multicast-tunnel rebalance command with or without the instance option. [Multicast]

Automatic Multicast Tunneling (AMT) supportAutomatic Multicast Tunneling (AMT) facilitates dynamic multicast connectivity between multicast enabled networks across islands of unicast-only networks. This enables service providers, content providers, and their customers that do not have multicast connectivity end-to-end, to participate in delivering multicast traffic. AMT dynamically establishes unicast-encapsulated tunnels between well-known multicast-enabled relay points (AMT relays) and network points reachable only through unicast (AMT gateways). The AMT protocol provides for discovery and handshaking between relays and gateways to establish tunnels dynamically without requiring explicit per-tunnel configuration. AMT relays are typically routers with native IP multicast connectivity that aggregate a potentially large number of AMT tunnels.

22



AMT gateways are devices that require connection to the IP multicast network but lack multicast routing capability or direct connection to multicast-capable routers. Gateways may be either individual hosts or routers that are partitioned from the larger multicast infrastructure. AMT is described in detail in Automatic IP Multicast Without Explicit Tunnels (AMT), draft-ietf-mboned-auto-multicast-09.txt.

NOTE: Multicast sources located behind AMT gateways are not supported.

To configure the AMT protocol, include the amt configuration statement at the [edit protocols] hierarchy level.amt { traceoptions { file ... flag all; flag errors; flag normal; flag packets; flag tunnels; } relay { family { inet { local-address ip-address; anycast-prefix ip-prefix/ip-prefix-len; } } secret-key-timeout minutes; tunnel-limit number; } } }

To configure the IGMP attributes of AMT relay tunnels, include the amt configuration statement at the [edit protocols igmp] hierarchy level.igmp { amt { relay { defaults { (accounting | no-accounting); group-policy [ policy-names ]; ssm-map ssm-map-name; version version-number; query-interval interval-seconds; query-response-interval interval-seconds; robust-count count; } } } } }


23


AMT logical interfaces are created dynamically and have an interface identifier in the format ud-FPC/PIC/port.unit. To display tunnel state information for active AMT tunnels, use the show amt tunnel operational mode command. To display AMT protocol message counts and error statistics, use the show amt statistics operational mode command. To display the multicast source and group addresses for an interface, use the show igmp group terse operational mode command. To display gateway IP addresses and UDP port numbers for AMT logical interfaces, use the show interfaces detail operational mode command. To display default parameters for active AMT interfaces, use the show igmp interface operational mode command. To clear AMT tunnel states, use the clear amt tunnel operational mode command. [Multicast, Network Interfaces]

Internet Group Management Protocol (IGMP) snooping support for multichassis link aggregation group (MC-LAG) interfacesMultichassis link aggregation group (MC-LAG) enables a device to form a logical LAG interface with two or more network devices. You can use multicast snooping over MC-LAG interfaces to replicate join and leave messages between MC-LAG peer devices to facilitate faster recovery of membership information after a service interruption. Add the multichassis-lag-replicate-state statement at the [edit multicast-snooping-options] hierarchy level to enable snooping for MC-LAG interfaces. This feature supports dual-link MC-LAG interfaces in an active-standby mode, in which only one link is in active mode and the other is in standby mode at any given time. In MC-LAG, if a standby link takes over as the active link, it can recover the membership information of the interface from the network by generating an IGMP query. However, this recovery can take between 1 and 10 seconds, which is too long for some applications. To keep service restoration time to a minimum, the active link can use IGMP snooping to replicate membership information to the standby link. In the active-standby mode, join and leave messages are sent only through the active member link. Once the messages are received by the active link, they are flooded to all router interfaces, and forwarding entries are built for the received messages. Additionally, the messages are replicated from the active link to the standby link, using an Interchassis Communication Protocol (ICCP) connection. The standby link applies routine processing to the replicated packet, except that it does not add itself as the next hop for any route, and it does not send the replicated packet to the network. After a failover, the multicast membership status of the link can be recovered within a few seconds or less by retrieving the replicated messages. This recovery is much faster than the 10second outage that can occur if the recovery procedure relies only on IGMP queries. When this feature is enabled, multicast snooping automatically identifies the active link during initialization and failover, and runs without any administrator intervention.

24



If the user deletes the configuration of IGMP snooping or deletes the multichassis-lag-replicate-state statement, this feature is disabled on that MC-LAG link or on the whole IGMP snooping domain. The active device stops replicating IGMP messages to the peer, and the IGMP data already installed on the standby device times out. Use the show igmp snooping interface and show igmp snooping membership commands to display group information on both the active side and the standby side of an MC-LAG interface. If the ICCP connection is lost, both links of the MC-LAG transition to the active state, and the client device starts load-balancing traffic between the two links. In this situation, the IGMP messages are not replicated. [Multicast, Network Interfaces]

Internet multicast using ingress replication provider tunnelsA new routing instance type uses existing JUNOS Software technology and ingress replication provider tunnels to carry IP multicast data between routers through an MPLS cloud. This enables a faster path for multicast traffic between sender and receiver routers in large-scale implementations. This configuration is available under PIM and multicast virtual private network (MVPN) infrastructure. The topology consists of routers on the edge of the IP multicast domain that have a set of IP interfaces and a set of MPLS core-facing interfaces. Internet multicast traffic is carried between the IP routers using ingress replication provider tunnels (data plane) and a full-mesh IGBP session (control plane) through the MPLS cloud. The new mpls-internet-multicast routing instance type is configured for the default master instance on each router to support internet multicast over MPLS. When using PIM as the multicast protocol, the mpls-internet-multicast configuration statement is also included at the [edit protocols pim] hierarchy level in the master instance to associate PIM with the mpls-internet-multicast routing instance. The mpls-internet-multicast routing instance is a non-forwarding instance used only for control plane procedures; it does not support any interface configurations. All multicast and unicast routes used for internet multicast are associated only with the master instance (inet.0), not with the routing instance. Each router participating in internet multicast must be configured for BGP MPLS-based internet multicast for control plane procedures. Support for an ingress replication provider tunnel is also configured on all routers to form a full mesh of MPLS point-to-point label-switched paths (LSPs) for the data provider tunnel. The technology standard used is BGP/MPLS IP MVPN, sometimes referred to as next generation. The multicast IP traffic is encapsulated by the routers and carried to other routers over the LSPs formed by the ingress replication provider tunnel. These LSPs can be existing LSPs or triggered dynamically when the routers use autodiscovery. The ingress replication tunnel can be inclusive or selective, depending on the provider tunnel configuration in the routing instance. Additionally, the ingress replication provider tunnel can be configured to create a new tunnel or to use an existing tunnel when an application requests to add a destination. [Multicast]


25


Multiplay

Integrated Multi-Service Gateway (IMSG) access mode support (VoIP subscriber management)The border signaling gateway (BSG) now provides access mode support, which includes:

Recording of subscriber registrations Tracking of subscriber address of record (AOR)

Access mode support enables the deployment of the BSG in a service providers border with large business enterprises, small offices, and home networks. The BSG enables endpoints and IPBXs to register for SIP service with the carrier/service providers registrar. Access mode support also enables new transaction policies to filter incoming messages based on their registration state. You can now configure additional filtering of incoming messages by entering the uri-hiding and registration-state statements for contacts and request URIs at the [editservices border-signaling-gateway gateway gateway-name sip new-transaction-policy policy-name term term-name from] hierarchy level.

Signaling realms are assigned to the messages handled by service points. The default signaling realm for a subscribers messages is the ingress service point of their register message, so it is not usually necessary to explicitly define signaling realms. However, you may want to assign signaling realms to accumulate information about messages flowing through different service points used by the same customer. When a customer receives services through multiple service points, information on the overall service provided can be accumulated by assigning the same signaling realm to new transaction policies at each service point. You configure signaling realms that can be used in new transaction policies by entering the signaling-realms statement at the [edit services border-signaling-gateway gateway-name sip] hierarchy level. You configure how messages are associated with a signaling realm by entering the signaling-realms statement at the [edit servicesborder-signaling-gateway gateway-name sip new-transaction-policy term term-name]

hierarchy level. You can display information about subscriber registrations, address of record, and signaling realm assignments by using one of the following commands:

show services border-signaling-gateway address-of-record bindings show services border-signaling-gateway registrations

You can clear registration statistics by using the following commands:

clear services border-signaling-gateway registrations statistics show services border-signaling-gateway registrations subscription

[Multiplay Solutions, Services Interfaces, System Basics and Services Command Reference]

Integrated Multi-Service Gateway (IMSG) redirection of messages to contact addressWhen the border signaling gateway (BSG) receives a 3XX response, it now

26



sends a redirected request using a request URI based on the contact information in the 3XX response. You can specify the maximum number of recursive redirection attempts allowed before sending a 408 timeout response by entering the recursion-limit statement at the [edit services border-signaling-gateway gateway gateway-name sip new-transaction-policy policy-name term term-name then on-3xx-response] hierarchy level. Requests are not redirected for 380 responses. [Multiplay Solutions, Services Interfaces]

Integrated Multi-Service Gateway (IMSG) support for up to four border signaling gateways (BSGs) on a routerYou can now configure up to four border signaling gateways on a router. Each BSG must be defined on a separate Multiservices PIC. [Session Border Control Solutions]

Integrated Multi-Service Gateway (IMSG) border signaling gateway (BSG) server clustersServer clusters allow routing incoming transactions to one of several possible next-hops, thus providing load balancing and server redundancy. Server clusters are defined in the CLI and can be used as route policy actions. You define server clusters by entering the server-cluster statement at the [edit services border-signaling-gateway gateway gateway-name sip routing-destinations] hierarchy level. Each cluster consists of configured servers. In order to configure server clusters, you must first configure individual servers and server availability checking by entering statements at the [edit services border-signaling-gateway gateway gateway-name sip routing-destinations] hierarchy level. After configuring routing-destinations, you can configure routing of transactions to a particular server cluster by entering the server-cluster statement at the [edit services border-signaling-gateway gatewaygateway-name sip new-transaction-policy policy-name term term-name then route]

hierarchy level. You can display call activity by server by entering the show services border-signaling-gateway calls command with the by-server option. If you do not use the by server option, you must use the by-service-point option. You can no longer use the show services border-signaling-gateway calls command without specifying one of these two options. You can display unavailable servers by entering the show services border-signaling-gateway routing-blacklist command. [Session Border Control Solutions, Services Interfaces, Systems Basics and Services Command Reference]

Integrated Multi-Service Gateway (IMSG) support on M7i and M10i routersM7i and M10i routers now support the IMSG running on an MS-100 PIC. [Session Border Control Solutions]

Border Gateway Function (BGF) virtual BGF scabilityYou can now configure up to 32 virtual BGFs on a router. Previously, you could configure a maximum of eight virtual BGFs on a router. Those eight virtual BGFs had to reside on a single Multiservices PIC. As of JUNOS Release 10.2, eight virtual BGFs can be configured on each of four Multiservices PICs. [Session Border Control Solutions]


27


Routing Policy and Firewall Filters

Support for MPC firewall filter features (MX Series platforms with Trio MPC/MIC interfaces)If you configure and apply firewalls to an MX Series router with Trio MPCs/MICs, some match conditions are not supported. Generally, all firewall functions are supported through JUNOS Release 9.2. [Layer 2 Configuration]

Removal of input-list and output-list statements for firewall filters for the ccc and mpls protocol families applied to loopback, internal Ethernet, and USB modem interfacesThe input-list filter-names and output list filter-names statements for firewall filters for the ccc and mpls protocol families have been removed for these interfaces: management and internal Ethernet interfaces (fxp), loopback interfaces (lo), and USB modem interfaces (umd). Configuration of input lists and output lists for firewall filters for the ccc and mlps protocol families applied to other interfaces are not affected. [Policy Framework]

Support for the discard action for the tricolor marking policer applied to a firewall filterThe discard action was not previously supported for the tricolor marking policer applied to a firewall filter. With this support for the discard action, the tricolor marking policer no longer needs to include the logical-interface-policer statement at the [edit firewall three-color-policer name] hierarchy level. This change applies only to the following routers: M120, M320 with Enhanced-III FPCSs, MX Series, and M7i and M10i with Enhanced CFEB (CFEB-E). [Policy Framework]

Support for the match condition prefix-list for firewall filters for the protocol family VPLSThis match condition is already supported for IPv4 and IPv6 protocol families. To enable the prefix-list firewall filters match condition for VPLS, include the prefix-list prefix-list-name match condition at the [edit firewall family vpls filter filter-name term term-name from] hierarchy level. [Policy Framework]

Option to enable enhanced jtree memory allocation for Layer 3 VPNs (T640 and T1600 routers with Enhanced Scaling FPC3 and Enhanced Scaling FPC4)To utilize memory across segments, JUNOS Release 10.2 extends support for allocating jtree memory for Layer 3 VPNs in different segments. To enable jtree memory allocation, use the route-memory-enhanced statement at the [edit chassis] hierarchy level, and reboot all affected FPCs to activate the configuration. To verify the configuration, use the show pfe fpc slot detail command.

NOTE: For T Series routers only. With JUNOS Release 10.2, enhanced jtree memory allocation is turned OFF by default. To enable jtree memory allocation, use the route-memory-enhanced statement at the [edit chassis] hierarchy level, and reboot all affected FPCs to activate the configuration. For JUNOS Release 9.3 to 10.1, the default routing tables (inet.0 and inet6.0) use both memory segments by default.

28



[System Basics]

Layer 2 Gigabit Ethernet logical interface policing support extended to MX Series routersEnables you to configure the following policer types on the input and output interfaces:

Single-rate two color Two-rate color-blind three color Two-rate color-aware three color Single-rate color-blind three color Single-rate color-aware three color

To configure, create the policer at the [edit firewall] hierarchy level. In addition to the policer condition and action, you must include the logical-interface-policer statement. To apply the policer to the input or output interface, include the layer2-policer statement at the [edit interface ge-fpc/pic/port unit logical-unit-number] hierarchy level. [Network Interfaces, Class of Service, Policy]

Routing Protocols

Only the system log notes failure to add routes to the Trio MPC/MIC (MX Series platforms)For Layer 3 and MPLS features, the Trio MPC/MIC is compatible with JUNOS Release 9.2. However, the syslog process is the only mechanism that records failure to add routes to the MPC. [Routing Protocols]

Keepalive support for GRE interfaces (ichip-based M Series and MX Series routers)Enables GRE tunnel interfaces to detect when a tunnel interface is down. This feature is needed in static routing environments in which the keepalive mechanism in a dynamic routing protocol cannot be relied upon to detect a link down condition. To configure keepalives on GRE tunnel interface, include both the keepalive-time statement and the hold-time statement at the [edit protocols oam gre-tunnel interface interface-name] hierarchy level.

NOTE: For proper operation of keepalives on a GRE interface, you must also include the family inet statement at the [edit interfaces interface-name unit unit] hierarchy level. If you do not include this statement, the interface is marked as down.

[Services Interfaces, Interfaces Command Reference]

Support for OSPF database protection for OSPF and OSPFv3Enables you to limit the number of link-state advertisements (LSAs) not generated by the router in a given OSPF instance. This feature is particularly useful for networks configured with VPN routing and forwarding on provider edge and customer edge routers using the OSPF routing protocol. By limiting LSAs not generated by the router, the link-state database in your network is protected from being overrun by excessive LSAs from sources other


29


than your router. To enable database protection, include the database-protection statement at the [edit protocols (ospf | ospf3)] hierarchy level. This feature also supports routing instances, logical systems, and OSPFv3 realsms. Besides configuring the maximum number of LSAs not from the router, you can specify parameters to determine how your network will respond when certain conditions are met. These parameters include a warning threshold for issuing warning messages, an ignore count to limit the number of times the database can enter the ignore state before it goes into the isolate state, and a reset time for resuming normal operations if the database has avoided being in the ignore or isolate state for the specified period of time. However, once the link-state database enters the isolate state, a command to reset the database must be issued before normal operations can be resumed. In support of this feature, the clear ospf database-protection command has been added, and the output for the show ospf overview command has been enhanced to show the current database protection status. [Routing Protocols]

Revert time for redundant Layer 2 pseudowiresYou can now modify the behavior for redundant Layer 2 circuit and VPLS pseudowires by configuring a revert time. When a primary pseudowire fails and traffic is switched to an alternate pseudowire, the revert time specifies how long the router should wait before attempting to switch the traffic back to the primary pseudowire. The router does not attempt to switch traffic back to the primary pseudowire if the primary pseudowires has not been restored. To configure a revert time for redundant Layer 2 pseudowires, specify a time, in seconds, using the revert-time statement at the [edit protocols l2circuit neighbor address interface interface-name] hierarchy level for Layer 2 circuit configurations, and at the [edit routing-instances routing-instance-name protocols vpls neighbor address] hierarchy level for VPLS configurations. [VPNs]

Support for having the algorithm that determines that the single best path skip the step that evaluates an AS pathBy default, the third step of the algorithm that determines the active route evaluates the length of an AS path. To enable the JUNOS Software to skip this step, include the as-path-ignore statement at the [edit protocols bgp path-selection] hierarchy level. You cannot configure this statement for a specific routing instance. [Routing Protocols]

Services Applications

Inline flow monitoring support (MX240, MX480, and MX960 only)Adds the capability to support flow monitoring and sampling services inline in the data path, without the need for a services PIC, on MX Series Modular Port Concentrators (MPCs). To configure inline flow monitoring, include the inline-jflow statement at the [edit forwarding-options sampling instance instance-name family inet output] hierarchy level. Inline sampling exclusively supports a new format called version-ipfix that uses UDP as the transport protocol. When you configure inline sampling, you must include the version-ipfix statement at the [edit forwarding-options sampling instance instance-name family inet output flow-server address] hierarchy level and also at the [edit services

30



flow-monitoring] hierarchy level. The following operational commands include new inline fpc keywords to display inline configuration information: show services accounting errors, show services accounting flow, and show services accounting status.

[Services Interfaces, System Basics and Services Command Reference]

AACL statistics for dynamic packet-triggered subscribersProvide support for packet-triggered subscribers and policy control (PTSP) statistics collection in a flat file using the local policy decision function (L-PDF). If you specify in the rule that statistics collection and reporting are based on application or application group for each subscriber, then this flat file method is used. To specify that PTSP statistics are reported, include the flag pstp-statistics statement at the [edit system services local-policy-decision-function traceoptions] hierarchy level. To configure the AACL statistics profile to support PTSP statistics collection, include the record-mode interim-active-only statement at the [edit system services local-policy-decision-function aacl-statistics-profile profile-name] hierarchy level and include all-fields at the [edit system services local-policy-decision-function aacl-statistics-profile profile-name aacl-fields] hierarchy level. The following operational commands display information about the packet-triggered subscribers: show services subscriber bandwidth, show services subscriber dynamic-policies, show services subscriber flows, show services subscriber sessions, and show services subscriber statistics. [Services Interfaces, System Basics and Services Command Reference, Subscriber Access]

Subscriber Access Management

Support for subscriber management features on Trio MPC/MIC interfaces (MX Series routers)Enables support for all subscriber management features introduced in JUNOS Release 10.1 and lower-numbered releases on Trio MPC/MIC interfaces available on MX Series routers. For a list of the subscriber management features and other protocols and applications supported on the MX Series MPCs, see Protocols and Applications Supported by MX Series MPCs in the MX Series 3D Universal Edge Routers Line Card Guide. [Subscriber Access, MX Series Line Card ]

Subscriber secure policy traffic mirroring on Trio MPC/MIC interfaces on MX Series routersEnables you to configure subscriber secure policy traffic mirroring to provide RADIUS-initiated mirroring for subscribers on interfaces that are running over Trio MPC/MIC interfaces on MX Series routers. [Subscriber Access]

Support for frame and cell-shaping mode and byte adjustments on static and dynamic subscriber interfaces (MX Series routers)Enables you to configure frame-based and cell-based shaping mode and byte adjustments on static or dynamic subscriber interfaces in a broadband access network. This feature is supported on Trio MPC/MIC interfaces on MX Series routers. In a broadband access network, ATM traffic can be passed downstream from other customer premise equipment (CPE) to the MX Series router. Managing the bandwidth


31


of downstream ATM traffic to Ethernet interfaces can be difficult because of the different Layer 2 encapsulations. You can configure the shaping mode to shape downstream ATM traffic based on either frames or cells. In frame shaping mode, shaping is based on the number of bytes in the frame, without regard to cell encapsulation or padding overhead. Frame is the default shaping mode on the router. In cell shaping mode, shaping is based on the number of bytes in cells and accounts for the ATM cell encapsulation and padding overhead. When you specify cell shaping, the resulting traffic stream conforms exactly to the policing rates configured in downstream ATM switches, reducing the number of packet drops in the Ethernet network. In addition, you can account for the different byte sizes per encapsulation by configuring a byte adjustment value for the shaping mode. For example, you can configure frame shaping mode and a byte adjustment value to account for differences in Layer 2 protocols for downstream Ethernet traffic. To configure the shaping mode, include the new overhead-accounting (frame-mode | cell-mode) statement at the [edit class-of-service traffic-control-profiles profile-name] hierarchy level or the [edit dynamic-profiles class-of-service traffic-control-profiles profile-name] hierarchy level. To configure byte adjustments, include the bytes byte-value option with the overhead-accounting (frame-mode | cell-mode) statement. We recommend that you configure the byte-value that represents the difference between the CPE protocol overhead and the BRAS protocol overhead. The configurable range is -120 to 124 bytes. [Subscriber Access, Class of Service]

Support for dynamic distribution of excess bandwidth among different subscriber services on subscriber interfaces (MX Series routers with Trio MPC/MIC interfaces)Enables you to control the distribution of excess bandwidth sharing on dynamic subscriber interfaces on Trio MPC/MIC interfaces available on MX Series routers. In earlier releases, excess bandwidth sharing was supported on EQ DPCs only. Service providers often used tiered services that must utilize excess bandwidth as traffic patterns vary. By default, excess bandwidth between a configured guaranteed rate and shaping rate is shared equally among all queues with the same excess priority value, which might not be optimal for all subscribers to a service. To configure the excess rate for a traffic control profile in a dynamic profile, include the excess-rate statement at the [edit dynamic-profiles profile-name class-of-service traffic-control-profiles profile-name] hierarchy level and apply the traffic control profile at the [edit dynamic-profiles profile-name class-of-service interfaces interface-name] hierarchy level. To configure the excess rate for a queue, include the excess-rate and excess-priority statements at the [edit dynamic-profiles profile-name class-of-service scheduler scheduler-name] hierarchy level. [Subscriber Access]

Support for MAC address validation on Trio MPC/MIC interfaces on MX Series routersEnables MAC (source address) validation to use filters over Trio MPC/MIC

32



interfaces on MX Series routers. MAC validation is the process of verifying that the origin of the MAC address received matches the origin present in the router ARP entry table. You can enable MAC validation in either strict or loose mode on static or dynamic demux interfaces using dynamic profiles. [Subscriber Access]

Support for IP demux subscriber secure policy and MAC validate configuration on Trio MPC/MIC interfacesEnables the configuration of subscriber secure policy and MAC validation using dynamic IP demux interfaces over Trio MPC/MIC physical interfaces on MX Series routers. [Subscriber Access]

Support for dynamic 802.1Q VLAN interface configuration for PPPoE over Trio MPC/MIC interfaces on MX Series routersEnables you to configure dynamic 802.1Q VLANs for PPPoE on Trio MPC/MIC interfaces on MX Series routers. This support includes an enhancement to the accept statement to include a new pppoe VLAN Ethernet packet type. You can specify this packet type at the [edit interfaces interface-name auto-configure vlan-ranges dynamic-profile profile-name] and the [editinterfaces interface-name auto-configure stacked-vlan-ranges dynamic-profile profile-name] hierarchy levels. The pppoe VLAN Ethernet packet type option is supported

only for Trio MPC/MIC interfaces on MX Series routers. [Subscriber Access]

Support for IPv6 demux configuration on Trio MPC/MIC interfaces on MX Series routersEnables dynamic IPv6 demux configuration on Trio MPC/MIC interfaces on MX Series routers. [Subscriber Access]

Support for dynamic CoS for IP demux interfaces on Trio MPC/MIC interfaces (MX Series routers)Enables you to configure dynamic CoS for a static or dynamic IP demultiplexing (demux) subscriber interface on the Trio MPC/MIC interfaces available on MX Series routers. In earlier releases, dynamic CoS for IP demux interfaces was supported on EQ DPCs only. Hierarchical CoS for aggregated Ethernet interfaces is now supported on the Trio MPC/MIC family when a static or dynamic demux subscriber interface is the underlying interface. In earlier releases, hierarchical CoS for aggregated Ethernet was only supported on the Trio MPC/MIC family when a static or dynamic VLAN was the underlying interface. [Subscriber Access]

Support for non-hierarchical dynamic CoS configurations on subscriber interfaces (MX Series routers)Enables you to dynamically configure per-unit scheduling for subscriber interfaces configured on EQ DPCs and Trio MPC/MIC interfaces on MX Series routers and Ethernet Enhanced IQ2 (IQ2E) PICs on M120 and M320 routers. In earlier releases, you had to enable hierarchical scheduling prior to configuring a dynamic access or service profile with CoS parameters. In per-unit scheduling configurations, each Layer 3 scheduler node is allocated a dedicated set of queues. If you do not explicitly configure CoS parameters, a default traffic profile with queues is


33


attached to the logical interface. Interfaces are not dynamically created with a new set of queues when the existing queue limit is reached. To enable per-unit scheduling for the subscriber interface, include the per-unit-scheduler statement at the [edit interfaces interface-name] hierarchy level. You can then configure dynamic CoS parameters at the [edit dynamic-profiles profile-name class-of-service] hierarchy level and the remaining static parameters at the [edit class-of-service] hierarchy level. [Subscriber Access]

PPPoE service name table enhancements (M120, M320, and MX Series routers)Support the following new and enhanced features for PPPoE service name tables:

Configuration of any service. The any service acts as a default service for non-empty service entries that do not match the empty or named service entries configured in the PPPoE service name table on the router. The any service is useful when you want to match the agent circuit ID and agent remote ID information for a PPPoE client, but do not care about the service name tag that is transmitted in the control packet. To configure the any service, include the service any statement at the [edit protocols pppoe service-name-table table-name] hierarchy level.

Association of agent circuit identifier/agent remote identifier (ACI/ARI) pairs with empty or any service. Associating an ACI/ARI pair wi

Date post:	07-Nov-2014
Category:	Documents
Upload:	producmedia
View:	413 times
Download:	5 times

Junos Release Notes 10.2

Documents