Page is loading ...
Junos
®
OS 10.4 Release Notes
Release 10.4R1
04 February 2011
Revision 5
These release notes accompany Release 10.4R1 of the Junos operating system (Junos
OS). They describe device documentation and known problems with the software. Junos
OS runs on all Juniper Networks M Series, MX Series, and T Series routing platforms, SRX
Series Services Gateways, J Series Services Routers, and EX Series Ethernet Switches.
You can also find these release notes on the Juniper Networks Junos OS Documentation
Web page, which is located at http://www.juniper.net/techpubs/software/junos.
Contents
Junos OS Release Notes for Juniper Networks M Series Multiservice Edge Routers,
MX Series Ethernet Service Routers, and T Series Core Routers . . . . . . . . . . . . 6
New Features in Junos OS Release 10.4 for M Series, MX Series, and T Series
Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Class of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Junos OS XML API and Scripting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Layer 2 Ethernet Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
MPLS Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
MX Series . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Routing Policy and Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Services Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Subscriber Access Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
System Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Changes in Default Behavior and Syntax in Junos OS Release 10.4 for M
Series, MX Series, and T Series Routers . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Class of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Forwarding and Sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Junos OS XML API and Scripting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
MPLS Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Platform and Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
1Copyright © 2011, Juniper Networks, Inc.
Services Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Subscriber Access Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
User Interface and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Issues in Junos OS Release 10.4 for M Series, MX Series, and T Series
Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Current Software Release . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Previous Releases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Errata and Changes in Documentation for Junos OS Release 10.4 for M
Series, MX Series, and T Series Routers . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Changes to the Junos OS Documentation Set . . . . . . . . . . . . . . . . . . . . . 73
Errata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Upgrade and Downgrade Instructions for Junos OS Release 10.4 for M Series,
MX Series, and T Series Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Basic Procedure for Upgrading to Release 10.4 . . . . . . . . . . . . . . . . . . . . 78
Upgrading a Router with Redundant Routing Engines . . . . . . . . . . . . . . . 81
Upgrading Juniper Network Routers Running Draft-Rosen Multicast
VPN to Junos OS Release 10.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Upgrading the Software for a Routing Matrix . . . . . . . . . . . . . . . . . . . . . . 83
Upgrading Using ISSU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Upgrading from Junos OS Release 9.2 or Earlier on a Router Enabled
for Both PIM and NSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Upgrade Policy for Junos OS Extended End-Of-Life Releases . . . . . . . . 85
Downgrade from Release 10.4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Junos OS Release Notes for Juniper Networks SRX Series Services Gateways
and J Series Services Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
New Features in Junos OS Release 10.4 for SRX Series Services Gateways
and J Series Services Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Software Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Hardware Features—SRX210, SRX220, and SRX240 Services
Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Hardware Features—SRX220 Services Gateway with Power Over
Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Hardware Features—SRX1400 Services Gateway . . . . . . . . . . . . . . . . . . 113
Hardware Features—SRX3400 and SRX3600 Services Gateways . . . . 116
Advertising Bandwidth for Neighbors on a Broadcast Link Support . . . . . . . . 117
Group VPN Interoperability with Cisco’s GET VPN . . . . . . . . . . . . . . . . . . . . . 117
Changes in Default Behavior and Syntax in Junos OS Release 10.4 for SRX
Series Services Gateways and J Series Services Routers . . . . . . . . . . . . . 118
Application Identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Application Layer Gateways (ALGs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
AppSecure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Command-Line Interface (CLI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Dynamic VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Flow and Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Integrated Convergence Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Interfaces and Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Copyright © 2011, Juniper Networks, Inc.2
JUNOS OS 10.4 Release Notes
Intrusion Detection and Prevention (IDP) . . . . . . . . . . . . . . . . . . . . . . . . 127
J-Web . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Management and Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Multilink . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Power over Ethernet (PoE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Virtual LANs (VLANs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Wireless LAN (WLAN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Unsupported CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Accounting-Options Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
AX411 Access Point Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Chassis Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Class-of-Service Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Ethernet-Switching Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Firewall Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Interfaces CLI Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Protocols Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Routing Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Services Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
SNMP Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
System Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
IPv6 and MVPN CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Known Limitations in Junos OS Release 10.4 for SRX Series Services
Gateways and J Series Services Routers . . . . . . . . . . . . . . . . . . . . . . . . . 142
AppSecure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Chassis Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Command-Line Interface (CLI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
DOCSIS Mini-PIM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Dynamic Host Configuration Protocol (DHCP) . . . . . . . . . . . . . . . . . . . . 144
Dynamic VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Flow and Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Interfaces and Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Intrusion Detection and Prevention (IDP) . . . . . . . . . . . . . . . . . . . . . . . . 148
IPv6 support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
J-Web . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
NetScreen-Remote . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Network Address Translation (NAT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Point-to-Point Protocol over Ethernet (PPPoE) . . . . . . . . . . . . . . . . . . . 150
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Unified Threat Management (UTM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Wireless LAN (WLAN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
3Copyright © 2011, Juniper Networks, Inc.
Issues in Junos OS Release 10.4 for SRX Series Services Gateways and J
Series Services Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Outstanding Issues In Junos OS Release 10.4 for SRX Series Services
Gateways and J Series Services Routers . . . . . . . . . . . . . . . . . . . . . 152
Resolved Issues in Junos OS Release 10.4 for SRX Series Services
Gateways and J Series Services Routers . . . . . . . . . . . . . . . . . . . . . 169
Errata and Changes in Documentation for Junos OS Release 10.4 for SRX
Series Services Gateways and J Series Services Routers . . . . . . . . . . . . 172
Changes to the Junos OS Documentation Set . . . . . . . . . . . . . . . . . . . . 172
Errata for the Junos OS Documentation . . . . . . . . . . . . . . . . . . . . . . . . . 173
Errata for the Junos OS Hardware Documentation . . . . . . . . . . . . . . . . . 179
Hardware Requirements for Junos OS Release 10.4 for SRX Series Services
Gateways and J Series Services Routers . . . . . . . . . . . . . . . . . . . . . . . . . 183
Transceiver Compatibility for SRX Series and J Series Devices . . . . . . . 183
Power and Heat Dissipation Requirements for J Series PIMs . . . . . . . . . 183
Supported Third-Party Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
J Series CompactFlash and Memory Requirements . . . . . . . . . . . . . . . . 184
Maximizing ALG Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Integrated Convergence Services Not Supported . . . . . . . . . . . . . . . . . . . . . 185
Upgrade and Downgrade Instructions for Junos OS Release 10.4 for SRX
Series Services Gateways and J Series Services Routers . . . . . . . . . . . . 186
Upgrade Policy for Junos OS Extended End-Of-Life Releases . . . . . . . . 186
Junos OS Release Notes for EX Series Switches . . . . . . . . . . . . . . . . . . . . . . . . . . 187
New Features in Junos OS Release 10.4 for EX Series Switches . . . . . . . . . . 187
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Bridging, VLANs, and Spanning Trees . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Class of Service (CoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Fibre Channel over Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Management and RMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Packet Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Virtual Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Changes in Default Behavior and Syntax in Junos OS Release 10.4 for EX
Series Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Bridging, VLANs, and Spanning Trees . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Class of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Limitations in Junos OS Release 10.4 for EX Series Switches . . . . . . . . . . . . 190
Access Control and Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Bridging, VLANs, and Spanning Trees . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Class of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Ethernet Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
J-Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Spanning Tree Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Copyright © 2011, Juniper Networks, Inc.4
JUNOS OS 10.4 Release Notes
Virtual Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Outstanding Issues in Junos OS Release 10.4 for EX Series Switches . . . . . . 195
Access Control and Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Bridging, VLANs, and Spanning Trees . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Ethernet Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
J-Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Layer 2 and Layer 3 Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Management and RMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Virtual Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Resolved Issues in Junos OS Release 10.4 for EX Series Switches . . . . . . . . 199
Access Control and Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Ethernet Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
J-Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Layer 2 and Layer 3 Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Management and RMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Virtual Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Errata in Documentation for Junos OS Release 10.4 for EX Series
Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
J-Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Virtual Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Upgrade and Downgrade Instructions for Junos OS Release 10.4 for EX
Series Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Upgrading Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Upgrade Policy for Junos OS Extended End-Of-Life Releases . . . . . . . 205
Upgrading or Downgrading from Junos OS Release 9.4R1 for EX Series
Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Upgrading from Junos OS Release 9.3R1 to Release 10.4 for EX Series
Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Junos OS Documentation and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Revision History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
5Copyright © 2011, Juniper Networks, Inc.
Junos OS Release Notes for Juniper Networks M Series Multiservice Edge Routers, MX
Series Ethernet Service Routers, and T Series Core Routers
•
New Features in Junos OS Release 10.4 for M Series, MX Series, and T Series
Routers on page 6
•
Changes in Default Behavior and Syntax in Junos OS Release 10.4 for M Series, MX
Series, and T Series Routers on page 39
•
Issues in Junos OS Release 10.4 for M Series, MX Series, and T Series Routers on page 51
•
Errata and Changes in Documentation for Junos OS Release 10.4 for M Series, MX
Series, and T Series Routers on page 73
•
Upgrade and Downgrade Instructions for Junos OS Release 10.4 for M Series, MX Series,
and T Series Routers on page 78
New Features in Junos OS Release 10.4 for M Series, MX Series, and T Series Routers
The following features have been added to Junos OS Release 10.4. Following the
description is the title of the manual or manuals to consult for further information.
Class of Service
•
Hierarchical policer functionality extended to Modular Interface Cards (MICs) (MX
Series routers)—Provides hierarchical policer feature parity with Enhanced Intelligent
Queuing (IQE) PICs. This is useful in provider edge applications using aggregate policing
for general traffic and when applying a separate policer for premium traffic on a logical
or physical interface.
Hierarchical policing on MICs supports the following features:
•
Ingress traffic is first classified into premium and non-premium traffic before a policer
is applied.
•
The hierarchical policer contains two policers: premium and aggregate.
Premium traffic is policed by both the premium policer and the aggregate policer. While
the premium policer rate-limits premium traffic, the aggregate policer only decrements
the credits but does not drop packets. Non-premium traffic is rate-limited by the
aggregate policer only, resulting in the following behavior:
•
Premium traffic is assured to have the bandwidth configured for the premium policer.
•
Non-premium traffic is policed to the specified rate limit.
For a list of supported MICs, refer to:
http://www.juniper.net/techpubs/en_US/release-independent/junos/topics/reference/
general/mic-mx-series-supported.html.
The logical-interface-policer and physical-interface-policer statements provide additional
hierarchical policer parameters beyond those of the IQE PICs.
You can apply the policer at the inet, inet6, or mpls family level, as follows:
[edit interfaces ge-0/1/0 unit 0 family (inet | inet6 | mpls)]
input-hierarchical-policer Test-HP;
Copyright © 2011, Juniper Networks, Inc.6
JUNOS OS 10.4 Release Notes
By making a hierarchical policer a logical-interface-policer, you can achieve aggregation
within a logical interface. A hierarchical policer configured as a physical-interface-policer
supports aggregation within a physical interface. Please note that you still apply the
hierarchical policer at the interface and traffic of the families that do not have the
hierarchical policer will be policer. This is different from IQE PICs, where you apply a
hierarchical policer at the logical or physical interface.
For hierarchical policing of all traffic through a logical interface, a hierarchical policer
can be made a logical-interface-policer and applied to all families in the logical interface.
Similarly, you can achieve aggregation at the physical interface level.
[Network Interfaces, Class of Service, Policy]
•
DSCP classification for VPLS at the ingress PE (M320 with Enhanced Type III FPC
and M120)—Enables you to configure DSCP classification for VPLS at an ingress PE
for encapsulation types vlan-vpls (IQ2 or IQ2E PICs) or ATM II IQ PIC. To configure,
define the DSCP classifier at the [edit class-of-service classifiers dscp dscp-name]
hierarchy level and apply the DSCP classifier at the [edit interfaces at-fpc-pic-port
unit-logical-unit-number classifiers] hierarchy level. The ATM interface must be included
in the routing instance.
[Class of Service]
Interfaces and Chassis
•
Extend support for 64-bit Junos OS to include RE-1800 Series Routing Engines
(M120, M320, MX960, MX480, and MX240 routers)—Supported Routing Engines
include:
•
RE-1800x2-A—Supports 64-bit Junos OS on M120 and M320 routers.
•
RE-1800x2-S—Supports 64-bit Junos OS on MX240, MX480, and MX960 routers.
•
RE-1800x4-S—Supports 64-bit Junos OS on MX240, MX480, and MX960 routers.
[System Basics]
•
Ethernet encapsulation for ATM scheduler (M7i, M10i, M120, and M320 [with
Enhanced III FPC] routers)—Enables support for the configuration of an ATM scheduler
map on an Ethernet VPLS over a bridged ATM interface.
[Network Interfaces]
•
Synchronous Ethernet (SyncE) on MX80 routers and MX Series routers with
MPCs—Supports the Ethernet synchronization messaging channel (ESMC), G.8264-like
clock selection mechanism, and external clocking on MX80 routers and MX Series
routers with MPCs. Wireless backhaul and wireline transport services are the primary
applications for these features.
The following features are supported:
•
On MX80 routers and MX Series routers, MPCs based on G.8261 and G.8262. This
feature does not work on the fixed configuration version of the MX80 routers.
•
All Ethernet type ports are supported on MX80 routers and MX Series routers with
MPCs
7Copyright © 2011, Juniper Networks, Inc.
New Features in Junos OS Release 10.4 for M Series, MX Series, and T Series Routers
•
ESMC support as per G.8264
•
CLI command selection of clock sources
•
Monitoring clock sources (maximum of two clock sources can be monitored
simultaneously)
•
Revertive and nonrevertive modes
To configure SyncE, include the synchronization statement and its substatements at
the [edit chassis] hierarchy level.
[Network Interfaces, Interfaces Command Reference]
•
Enhanced container interface allows ATM children for containers—M Series and T
Series routers with ATM2 PICs automatically copy the parent container interface
configuration to the children interfaces. Container interfaces do not go down during
APS switchovers, thereby shielding upper layers. This feature allows the various ATM
features to work over the container ATM for APS.
To specify ATM children within a container interface, use the container-list cin statement
and (primary | standby) option at the [edit interface at-fpc/pic/slot container] hierarchy
level.
To configure a container interface, including its children, use the cin statement and its
options at the [edit interface ci-n] hierarchy level.
Container ATM APS does not support inter-chassis APS. MLPPP over ATM CI is also
not supported.
[Network Interfaces]
•
Signaling neighboring routers of fabric down on T1600 and T640 routers—The
signaling of neighboring routers is supported when a T640 or T1600 router is unable
to carry traffic due to all fabric planes being taken offline for one of the following
reasons:
•
CLI or offline button pressed
•
Automatically taken offline by the SPMB due to high temperature.
•
PIO errors and voltage errors detected by the SPMB CPU to the SIBs.
The following scenarios are not supported by this feature:
•
All PFEs get destination errors on all planes to all destinations, even with the SIBs
staying online.
•
Complete fabric loss caused by destination timeouts, with the SIBs still online.
When chassisd detects that all fabric planes are down, the router reboots all FPCs in
the system. When the FPCs come back up, the interfaces will not be created again,
since all fabric planes are down.
Once you diagnose and fix the cause of all fabric planes going down, you must then
bring the SIBs back online. Bringing the SIBs back online brings up the interfaces.
Copyright © 2011, Juniper Networks, Inc.8
JUNOS OS 10.4 Release Notes
Fabric down signaling to neighboring routers offers the following benefits:
•
FPCs reboot when the control plane connection to the Routing Engine times out.
•
Extends a simple approach to reboot FPCs when the dataplane blacks out.
When the router transitions from a state where SIBs are online or spare to a state where
there are no SIBs are online, then all the FPCs in the system are rebooted. An ERRMSG
indicates if all fabric planes are down, and the FPCs will reboot if any fabric planes do
not come up in 2 minutes.
An ERRMSG indicates the reason for FPC reboot on fabric connectivity loss.
The chassisd daemon traces when an FPC comes online, but a PIC attach is not done
because no fabric plane is present.
A CLI warning that the FPCs will reboot is issued when the last fabric plane is taken
offline.
You will need to bring the SIBs online after determining why the SIBs were not online.
When the first SIB goes online, and link training with the FPCs completes, the interfaces
will be created.
Fabric down signaling to neighboring routers functionality is available by default, and
no user configuration is required to enable it.
No new CLI commands or alarms are introduced for this feature. Alarms are already
implemented for when the SIBs are not online.
[Network Interfaces, System Basics]
•
New enterprise-specific MIB to support digital optical monitoring (MX960, MX480,
MX240, and 10-Gigabit Ethernet LAN/WAN PIC with XFP on T640 and T1600
routers)—Junos OS Release 10.4 introduces JUNIPER-DOM-MIB, a new
enterprise-specific MIB to extend MIB support for digital optical monitoring.
JUNIPER-DOM-MIB supports the SNMP Get request for statistics and SNMP Trap
notifications for alarms.
JUNIPER-DOM-MIB is part of the JUNIPER-SMI MIB hierarchy level.
The following MIB objects are supported by JUNIPER-DOM-MIB for digital optical
monitoring:
•
jnxDomCurrentTable
•
jnxDomAlarmSet
•
jnxDomAlarmCleared
[SNMP MIBs and Traps Reference]
•
Transition of IPv4 traffic to IPv6 addresses using Dual Stack Lite (DS-Lite)—Adds
support for DS-Lite, a means for transitioning IPv4 traffic to IPv6 addresses. This
transition will become necessary as the supply of unique IPv4 addresses nears
exhaustion. New subscriber homes are allocated IPv6 addresses and IPv6-capable
equipment; DS-Lite provides a method for the private IPv4 addresses behind the IPv6
equipment to reach the IPv4 network. An IPv4 host communicates with a NAT endpoint
9Copyright © 2011, Juniper Networks, Inc.
New Features in Junos OS Release 10.4 for M Series, MX Series, and T Series Routers
over an IPv6 network using softwires. DS-Lite creates the IPv6 softwires that terminate
on the services PIC. Packets coming out of the softwire can then have other services
such as NAT applied on them.
[Services Interface, System Basics and Services Command Reference]
•
Support for SONET/SDH OC48/STM16 Enhanced IQ (IQE) PIC with SFP (M320,
MX240, MX480, MX960, T640 and T1600 routers)Supports a 4-port SONET/SDH
OC48 Enhanced IQ (IQE) PIC (Type 3) with per data-link connection identifier (DLCI)
queuing. Supported FPCs include T640-FPC3-ES, M320-FPC3-E3, and MX-FPC3.
Class of service (CoS) enables enhanced egress queuing, buffering, and traffic shaping.
CoS supports eight queues per logical interface, a per-unit scheduler, and two shaping
rates: a Committed Information Rate (CIR) and Peak Information Rate (PIR) per
data-link connection identifier (DLCI). Other CoS features include, but are not restricted
to, sharing of excess bandwidth among logical interfaces, five levels of priorities
(including Strict High), ingress behavior aggregate (BA) classification, queue rate-limit
policer, ingress rewrite, egress rewrite, and a forwarding class to queue remapping per
DLCI.
The SONET/SDH OC48/STM 16 PIC supports CoS features similar to those in IQ2E
PICs, in terms of behavior and configuration statements. This PIC supports the following
Layer 2 protocols: PPP, Frame Relay, and Cisco HDLC encapsulations.
For more information, see the PC-4OC48-STM16-IQE-SFP documentation for your
router:
•
SONET/SDH OC48/STM16 Enhanced IQ (IQE) PIC with SFP (T1600 Router)
•
SONET/SDH OC48/STM16 Enhanced IQ (IQE) PIC with SFP (T640 Router)
•
SONET/SDH OC48/STM16 Enhanced IQ (IQE) PIC with SFP (MX Series Routers)
•
SONET/SDH OC48/STM16 Enhanced IQ (IQE) PIC with SFP (M320 Router)
[PIC Guide, Network Interfaces, Class of Service]
•
IPv6 statistics from IQ2 and IQ2E PICs on M320 routers with Enhanced III FPCs and
T Series routers—Support statistical accounting for IPv6 traffic traversing the IQ2 and
IQ2E PICs on M320 routers with Enhanced III FPCs and T Series routers.
For IQ2 and IQ2E PIC interfaces, the IPv6 traffic that is reported will be the total statistics
(sum of local and transit IPv6 traffic) in the ingress and egress direction. The IPv6
traffic in the ingress direction will be accounted separately only if the IPv6 family is
configured for the logical interface.
Statistics are maintained for routed IPv6 packets in the egress direction.
Byte and packet counters are maintained in the ingress and egress direction.
Differences in IPv6 statistics for IQ2 interfaces and all other interfaces are as follows:
•
IQ2 and IQ2E PIC interfaces report the total statistics for the IPv6 traffic. For other
interfaces, the transit statistics are reported.
•
IQ2 and IQ2E PIC interfaces report all IPv6 traffic received on the logical interface.
For all other interfaces, only the routed traffic is accounted.
Copyright © 2011, Juniper Networks, Inc.10
JUNOS OS 10.4 Release Notes
•
IQ2 and IQ2E PIC interfaces report IPv6 statistics for the Layer 2 frame size. For all
other interfaces, the Layer 3 packet size is accounted.
The IPv6 statistics can be viewed by logging in to the individual IQ2 PIC or IQ2E PIC, or
by using the CLI.
Local statistics are not accounted separately.
To display total IPv6 statistics for IQ2 and IQ2E PICs, use the show interfaces extensive
command.
NOTE: The reported IPv6 statistics do not account for the traffic manager
drops in egress direction or the Packet Forwarding Engine/traffic manager
drops in the ingress direction. Transit statistics are not accounted separately
because the IQ2 and IQ2E PICs cannot differentiate between transit and
local statistics.
[Network Interfaces]
•
100-Gigabit Ethernet PIC interoperability with VLAN steering—Supports
interoperability with similar PICs from other vendors using a VLAN steering forwarding
option. Previously, the PICs required interconnection to the same model PIC.
Interoperability with interfaces from other vendors was not supported. Junos OS Release
10.4 introduces a new VLAN steering algorithm to configure 100-Gigabit Ethernet PIC
interoperation with similar interfaces from other vendors.
Two packet forwarding modes exist under the forwarding-mode statement. SA multicast
mode, for proprietary connection of two Juniper Networks 100-Gigabit Ethernet PICs,
uses the Ethernet header SA MAC address multicast bit to steer the packets to the
appropriate PFE. VLAN steering mode allows the PIC to connect to non-Juniper
Networks equipment. On ingress, the PIC compares the outer VLAN ID against a
user-defined VLAN ID and VLAN mask combination and steers the packet accordingly.
Modifying the forwarding mode config reboots the PIC.
VLAN steering overview:
•
In VLAN steering mode, the SA multicast bit is not used for packet steering.
•
In SA multicast bit steering mode, VLAN ID and VLAN mask configuration is not used
for packet steering.
•
Configuration of packet forwarding mode and VLAN steering mode uses CLI
commands that result in a PIC reboot.
•
There are three tag types for ingress packets:
•
Untagged ingress packet–The packet is sent to PFE1.
•
Ingress packet with one VLAN–The packet forwards based on the VLAN ID.
•
Ingress packet with two VLANs–The packet forwards based on the outer VLAN
ID.
11Copyright © 2011, Juniper Networks, Inc.
New Features in Junos OS Release 10.4 for M Series, MX Series, and T Series Routers
•
VLAN rules describe how the router forwards packets. For VLAN steering, you must
use one of the two rules available in the CLI:
•
Odd-even rule–Odd number VLAN IDs go to PFE1; even number VLAN IDs go to
PFE0.
•
High-low rule–1 through 2047 VLAN IDs go to PFE0; 2048 through 4096 VLAN
IDs go to PFE1.
•
When configured in VLAN steering mode, the PIC can be configured in two physical
interface mode or in aggregated Ethernet (AE) mode:
•
Two physical interface mode–When the PIC is in two physical interface mode, it
creates physical interfaces et-x/0/0:0 and et-x/0/0:1. Each physical interface can
configure its own logical interface and VLAN. CLI enforces the following restrictions
on commit:
•
The VLAN ID configuration must comply with the selected VLAN rule.
•
The previous restriction implies that the same VLAN ID cannot be configured
on both physical interfaces.
•
AE mode–In AE mode, the two physical interfaces on the same PIC are aggregated
into one AE physical interface. PIC egress traffic is based on the AE internal hash
algorithm. PIC ingress traffic steering is based on the customized VLAN ID rule. CLI
enforces the following restrictions on commit:
•
The PIC AE working in VLAN steering mode includes both links of this PIC, and
only the links of this PIC.
•
The PIC AE working in SA multicast steering mode can include more than one
PIC to achieve more than 100-gigabit capacity.
To configure the PIC forwarding mode, include the forwarding-mode statement and
its options at the [edit chassis fpc number pic number] hierarchy level.
[Network Interfaces]
•
New control queue disable feature (T Series routers with 10-Gigabit Ethernet PIC
with oversubscription)—Provides a new CLI statement for disabling the control queue
feature for the 10-Gigabit Ethernet PIC with oversubscription. To disable the control
queue, use the no-pre-classifier statement at the [chassis] hierarchy level.
When the no-pre-classifier statement is set, the control queue feature will be disabled
for all ports on that 10-Gigabit Ethernet PIC with oversubscription. Deleting this
configuration results in the control queue feature being re-enabled on all the ports of
that PIC.
[edit chassis]
fpc 2 {
pic 0 {
no-pre-classifier;
}
}
Copyright © 2011, Juniper Networks, Inc.12
JUNOS OS 10.4 Release Notes
NOTE:
1. This feature is applicable in both oversubscribed and line-rate modes.
2. The control queue feature is enabled by default in both oversubscribed
and line-rate modes, which can be overridden by the user configuration.
3. CLI show commands remain unchanged. When the control queue is
disabled, various show queue commands continue to show the control
queue in the output. However, all control queue counters are reported
as zeros.
4. Enabling or disabling the control queue feature results in the PIC being
bounced (offline/online).
Once the control queue feature is disabled, then the Layer 2 and Layer 3 control packets
are subject to queue selection based on the BA classification. However, the following
control protocol packets are not classified using BA classification, as they might not
have a VLAN, MPLS, or IP header:
•
Untagged ARP packets
•
Untagged Layer 2 control packets such as LACP or Ethernet OAM
•
Untagged IS-IS packets
When the control queue feature is disabled, untagged ARP/IS-IS and other untagged
Layer 2 control packets will go to the restricted queue corresponding to the forwarding
class associated with queue 0.
[Network Interfaces]
Junos OS XML API and Scripting
New Junos OS XML API operational request tag elements—Table 1 on page 13 shows
the Junos OS Extensible Markup Language (XML) operational request tag elements that
are new in Junos OS Release 10.4 along with the corresponding CLI command and
response tag element for each one.
Table 1: Junos OS XML Tag Elements and CLI Command Equivalents New in Junos OS Release
10.4
Response Tag ElementCLI CommandRequest Tag Element
NONErequest dhcpv6 server reconfigure<request-
dhcpv6-server-
reconfigure-information>request_dhcpv6_
server_reconfigure_information
NONErequest system license update<request-license-update>
request_license_update
NONErequest system software nonstop-upgrade<request-package-nonstop-upgrade>
request_package_nonstop_upgrade
13Copyright © 2011, Juniper Networks, Inc.
New Features in Junos OS Release 10.4 for M Series, MX Series, and T Series Routers
Table 1: Junos OS XML Tag Elements and CLI Command Equivalents New in Junos OS Release
10.4 (continued)
Response Tag ElementCLI CommandRequest Tag Element
<amt-instance-statistics>show amt statistics<get-amt-statistics> get_amt_statistics
<amt-summary>show amt summary<get-amt-summary> get_amt_summary
<amt-tunnel-information>show amt tunnel<get-amt-tunnel-information>
get_amt_tunnel_information
<rps-chassis-information>show chassis redundant-power-supply<get-rps-chassis-information>
get_rps_chassis_information
NONEshow chassis routing-engine bios<get-bios-version-information>
get_bios_version_information
<cos-congestion-notification-information>show class-of-service congestion-notification<get-cos-
congestion-
notification-
information>
get_cos_congestion_notification_information
<firewall-information>show firewall filter version<get-firewall-log-information>
get_firewall_log_information
<ingress-replication-information>show ingress-replication<get-interface-information>
get_interface_information
<isis-context-identifier- information>show isis context-identifier<get-isis-context-
identifier-origin-
information> get_isis_context_
identifier_origin_information
<isis-context-identifier-origin-information>show isis context-identifier identifier<get-isis-database-information>
get_isis_database_information
<mpls-context-identifier- information>show mpls context-identifier<get-mpls-cspf-information>
get_mpls_cspf_information
<domain-map-statistics>show network-access domain-map statistics<get-authentication-pending-table>
get_authentication_pending_table
<ospf-context-id-information>show ospf context-identifier<get-ospf-database-information>
get_ospf_database_information
<rps-led-information>show redundant-power-supply led<get-rps-power-supply-information>
get_rps_power_supply_information
<rps-power-supply-information>showredundant-power-supplypower-supply<get-rps-status-information>
get_rps_status_information
Copyright © 2011, Juniper Networks, Inc.14
JUNOS OS 10.4 Release Notes
Table 1: Junos OS XML Tag Elements and CLI Command Equivalents New in Junos OS Release
10.4 (continued)
Response Tag ElementCLI CommandRequest Tag Element
<rps-status-information>show redundant-power-supply status<get-rps-version-information>
get_rps_version_information
<rps-version-information>show redundant-power-supply version<get-rip-general-statistics-information>
get_rip_general_statistics_information
<idp-policy-commit-status>show security idp policy-commit-status<get-idp-policy-template- information>
get_idp_policy_template_information
<bsg-charging-statistics>show services border-signaling-gateway
charging statistics
<get-service-border-signaling-
gateway-charging-status>
get_service_border_signaling_
gateway_charging_status
<bsg-charging-status>show services border-signaling-gateway
charging status
<get-service-bsg-denied-messages>
get_service_bsg_denied_messages
<service-l2tp-destination- information>show services l2tp destination<get-services-l2tp-radius-
accounting-statistics-information>
get_services_l2tp_radius_acco
unting_statistics_information
<msp-session-table>show services sessions<get-service-softwire-statistics-information>
get_service_softwire_statistics
_information
<service-softwire-table- information>show services softwire<get_service_sfw_
conversation_
information>
get_service_sfw_conversation
_information
<service-fwnat-flow-table-
information>
show services softwire flows<get_service_
sfw_flow_analysis_
information>
get_service_sfw_flow_analysi
s_information
<service-softwire-statistics-information>show services softwire statistics<get_service_sfw_
flow_table_information>
get_service_sfw_flow_table_i nformation
<service-sfw-flow-analysis-information>show services stateful-firewall flow-analysis<get_service_sfw_sip_register-
information>
get_service_sfw_sip_register_i nformation
<clock-synchronization- statistics>show synchronous-ethernet esmc statistics<get_synchronous_ethernet_esmc-statistics>
get_synchronous_ethernet_esmc-statistics
15Copyright © 2011, Juniper Networks, Inc.
New Features in Junos OS Release 10.4 for M Series, MX Series, and T Series Routers
Table 1: Junos OS XML Tag Elements and CLI Command Equivalents New in Junos OS Release
10.4 (continued)
Response Tag ElementCLI CommandRequest Tag Element
<clock-synchronization-
esmc-transmit>
show synchronous-ethernet esmc transmit<get_synchronous_ethernet_esmc_transmit>
get_synchronous_ethernet_esmc_transmit
NONEshow synchronous-ethernet
global-information
<get_synchronous_ethernet_global_information>
get_-synchronous_ethernet_global_information
<relay-group-information>show system relay group<get_system_resource_cleanup_
processes_information>
get_system_resource_cleanup_
processes_information
<relay-group-member>show system relay member<get_rollback_information>
get_rollback_information
<relay-summary>show system relay summary<get_dhcp_binding_information>
get_dhcp_binding_information
<clock-synchronization-
clear-output>
clear synchronous-
ethernet esmc
statistics
<clear_synchronous_
ethernet_esmc_
statistics>clear_synchronous_
ethernet_e smc_
statistics
Layer 2 Ethernet Services
•
Feature support for Trio 3D MPCs and MICs (MX Series routers)—Enables you to
configure the following features through Junos OS Release 9.1: load balancing, Ethernet
OAM IEEE 802.1ag Phase 4 MIP support, LLDP, BPDU guard and loop guard, IRB support
for interworking of LDP-VPLS and BGP-VPLS, BGP multihoming for Inter-AS VPLS,
VPLS Ethernet as a core-facing interface, and limitations on next-hop flooding.
[Layer 2 Configuration]
•
Ethernet CFM support on Trio 3D MPCs and MICs (MX Series routers)—Enables
support for Ethernet connectivity fault management (CFM) defined by IEEE 802.1ag
for family bridge interfaces. However, MEP configuration is not supported on aggregated
Ethernet interfaces.
[Layer 2 Configuration]
MPLS Applications
•
MPLS support on services PICs—Adds MPLS label pop support for services PICs on
Junos OS routers. Previously all MPLS traffic would be dropped at the services PIC. No
changes are required to CLI configurations for this enhancement. In-service software
upgrade (unified ISSU) is supported for tag next hops for MPLS on services PIC traffic,
but no support is provided for tags over IPv6 packets or labels on multiple gateways.
[MPLS]
Copyright © 2011, Juniper Networks, Inc.16
JUNOS OS 10.4 Release Notes
•
Adding descriptions for bypass LSP—You can now add a text describing a bypass
LSP using the description option at the [edit protocols rsvp interface interface-name
link-protection bypass bypass-lsp-name] hierarchy level. Enclose any descriptive text
that includes spaces in quotation marks (" "). Any descriptive text you include is
displayed in the output of the show rsvp session bypass command and has no effect
on the operation of the bypass LSP.
[MPLS]
Multicast
•
Nonstop active routing PIM support for IPv6—Starting with Release 10.4, Junos OS
extends the nonstop active routing support for Protocol Independent Multicast (PIM),
which is already supported on IPv4, to include the IPv6 address families. The extension
of nonstop active routing PIM support to IPv6 enables IPv6 routers to maintain
self-generation IDs, multicast session states, dynamic interface states, list of neighbors,
and RPSets across Routing Engine switchovers.
The nonstop active routing support for PIM on IPv6 is similar to the nonstop active
routing PIM support on IPv4 except for the following:
•
Nonstop active routing support for PIM on IPv6 supports an embedded rendezvous
point (RP) on non-RP routers.
•
Nonstop active routing support for PIM on IPv6 does not support auto-RP, as auto-RP
is not supported on IPv6.
For more information about nonstop active routing PIM support on IPv4 and IPv6, see
the Junos OS High Availability Configuration Guide.
[High Availability, Multicast]
MX Series
•
Support for MX Series—While these features have been available on the MX Series
routers in the past, we have now qualified the following features on the Trio chipset.
For MPLS, RSVP, and LDP:
•
BFD session failure action for LDP LSPs (including ECMP)
•
RSVP Graceful Restart interop with Cisco using Nodal Hello support
•
Failure action on BFD session down of RSVP LSPs in JUNOS
•
RSVP transit
•
L3VPN testing using RSVP
•
NSR: RSVP ingress
•
BFD via LDP
17Copyright © 2011, Juniper Networks, Inc.
New Features in Junos OS Release 10.4 for M Series, MX Series, and T Series Routers
For Multicast:
•
OSPF
•
OSPF Database Protection
•
RFC 4136 OSPF Refresh and Flooding Reduction in Stable Topologies
•
PIM SSM in provider space (Draft-Rosen 7)
•
NG MVPN - PIM-SSM I-PMSI and deployment scenario testing
•
MVPN C-PIM in plain ASM mode
•
NGEN MVPN hub and spoke support with GRE S-PMSI transport
•
PIM Join suppression support
•
Translating PIM states to IGMP/MLD messages
•
Disable PIM for IPv6 via CLI
•
IPv6 multicast support over L3VPNs
•
PIM neighbor should be maintained wherever possible
•
Data MDT SAFI (draft-rosen-l3vpn-mvpn-profiles)
•
Inter-provider Option A support with Rosen 7
•
Rosen 7 interoperability with Cisco IOS
For VPNs:
•
VPLS: Configurable label block size (min 2)
•
Interoperate LDP-VPLS and BGP-VPLS with FEC 128
•
LDP-VPLS
•
Interprovider VPLS Option "E": EBGP redistribution of labeled routes
Miscellaneous:
•
Support to commit configuration from op/event scripts
•
Per PFE per packet load balancing
•
Next Hop Handling Enhancements (Phase 3)
•
Support local-as alias hidden command
•
MIB Enhancements for Manual Bypass Tunnel Management
•
ISIS LFA
•
Improve IGMPv3 performance using bulk updates
Copyright © 2011, Juniper Networks, Inc.18
JUNOS OS 10.4 Release Notes
•
Improve IGMPv3 performance using bulk updates - with snooping
•
Allow ASM group override of SSM ranges
Routing Policy and Firewall Filters
•
New routing policy system log message—Junos OS Release 10.3 supports a new
routing policy system log message. The RPD_PLCY_CFG_NH_NETMASK system log
message provides information about ignored netmasks. If you have a policy statement
with a term that contains a next-hop address with a netmask, the netmask is ignored.
The following sample shows the new system log message (depending on your network
configuration, the type of message you see might be different):
Jun 18 11:22:43 pro5-d rpd[1403]: RPD_PLCY_CFG_NH_NETMASK: Netmask ignored for
next hop: 10.0.0.1/24.
[System Log Messages Reference]
•
Support for displaying the firewall filter version information—You can display the
version number of the firewall filter installed in the Routing Engine. The initial version
number is 1 and increments by one when you modify the firewall filter settings or an
associated prefix action. To show the version number of the installed firewall filter,
use the show firewall filter version operational mode command.
[Routing Protocols and Policies Command Reference]
Routing Protocols
•
Point-to-multipoint (P2MP) LSP load balancing across aggregated Ethernet links
(M Series except M320)—Enables you to load-balance VPLS multicast and P2MP
multicast traffic over link aggregation. This feature also re-load-balances traffic after
a change in the next-hop topology. Next-hop topology changes might include but are
not limited to:
•
Layer 2 membership change in the link aggregation
•
Indirect next-hop change
•
Composite next-hop change
No new configuration is required to configure this feature. The load balancing over
aggregated links is automatically enabled with this release. For a sample topology and
configuration example, see Junos OS Policy Framework Configuration Guide.
[Policy]
•
Support for disabling traps for passive OSPFv2 interfaces—You can now disable
interface state change traps for passive OSPF interfaces. Passive OSPF interfaces
advertise address information as an internal OSPF route, but do not run the actual
protocol. If you are only interested in receiving notifications for active OSPF interfaces,
disabling traps for passive OSPF interfaces reduces the number of notifications received
and processed by the SNMP server. This allows you to more quickly and easily scan
the logs for potential issues on active OSPF interfaces.
To disable and stop receiving notifications for state changes in a passive OSPF interface,
include the no-interface-state-traps statement at the following hierarchy levels:
19Copyright © 2011, Juniper Networks, Inc.
New Features in Junos OS Release 10.4 for M Series, MX Series, and T Series Routers
•
[edit logical-systems logical-system-name protocols ospf area area-id interface
interface-name]
•
[edit logical-systems logical-system-name routing-instances routing-instance-name
protocols ospf area area-id interface interface-name]
•
[edit protocols ospf area area-id interface interface-name]
•
[edit routing-instances routing-instance-name protocols ospf area area-id interface
interface-name]
[Routing Protocols]
•
Behavior change for BGP-independent AS domains—Independent domains use the
transitive path attribute 128 (attribute set) messages to tunnel the independent
domain’s BGP attributes through the internal BGP (IBGP) core. In Junos OS Release
10.3 and later, if you have not configured an independent domain in any routing instance,
BGP treats the received attribute 128 message as an unknown attribute. The AS path
field in the show route command has been updated to display an unrecognized attribute
and associated hexadecimal value if you have not configured an independent domain.
The following is a sample output of the AS path field (depending on your network
configuration, the output might be different):
AS path: [12345] I Unrecognized Attributes: 40 bytes
AS path: Attr flags e0 code 80: 00 09 eb 1a 40 01 01 00 40 02 08 02 03 fd e9 fd e9 01
2d 40 05 04 00 00 00 64 c0
[Routing Protocols]
•
Support for disabling the attribute set messages on independent AS domains for
BGP loop detection—BGP loop detection for a specific route uses the local autonomous
system (AS) domain for the routing instance. By default, all routing instances belong
to a single primary routing instance domain. Therefore, BGP loop detection uses the
local ASs configured on all of the routing instances. Depending on your network
configuration, this default behavior can cause routes to be looped and hidden.
To limit the local ASs in the primary routing instance, configure an independent AS
domain for a routing instance. Independent domains use the transitive path attribute
128 (attribute set) messages to tunnel the independent domain’s BGP attributes
through the internal BGP (IBGP) core. If you want to configure independent domains
to maintain the independence of local ASs in the routing instance and perform BGP
loop detection only for the specified local ASs in the routing instance, disable attribute
set messages on the independent domain. To disable attribute set messages, include
the independent-domain no-attrset statement at the following hierarchy levels:
•
[edit logical-systems logical-system-name routing-instances routing-instance-name
routing-options autonomous-system autonomous-system]
•
[edit routing-instances routing-instance-name routing-options autonomous-system
autonomous-system]
[Routing Protocols]
Copyright © 2011, Juniper Networks, Inc.20
JUNOS OS 10.4 Release Notes
/