Release Notes 13.3R5

Release Notes 13.3R5
®
Release Notes: Junos OS Release 13.3R6
for the EX Series, M Series, MX Series,
PTX Series, and T Series
16 April 2015
Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Junos OS Release Notes for EX Series Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
New and Changed Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
OpenFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Changes in Behavior and Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Dynamic Host Configuration Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
High Availability and Resilency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
User Interface and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Known Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Layer 3 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
OpenFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Known Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Dynamic Host Configuration Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
OpenFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Platform and Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Resolved Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Resolved Issues: Release 13.3R6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Resolved Issues: Release 13.3R5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Resolved Issues: Release 13.3R4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Resolved Issues: Release 13.3R3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Copyright © 2015, Juniper Networks, Inc.
1
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
Resolved Issues: Release 13.3R2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Documentation Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Migration, Upgrade, and Downgrade Instructions . . . . . . . . . . . . . . . . . . . . . . 19
Upgrade and Downgrade Support Policy for Junos OS Releases . . . . . . . 19
Product Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Hardware Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Junos OS Release Notes for M Series Multiservice Edge Routers, MX Series 3D
Universal Edge Routers, and T Series Core Routers . . . . . . . . . . . . . . . . . . . . . 21
New and Changed Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Authentication, Authorization, and Accounting (AAA) (RADIUS) . . . . . . 30
Class of Service (CoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
General Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
High Availability (HA) and Resiliency . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Layer 2 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
MPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
OpenFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Platform and Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Routing Policy and Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Services Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Software Installation and Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Subscriber Management and Services (MX Series) . . . . . . . . . . . . . . . . . 47
VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Changes in Behavior and Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
High Availability (HA) and Resiliency . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
MPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Routing Policy and Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Services Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Software Installation and Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Subscriber Management and Services . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
User Interface and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Known Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Class of Service (CoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
General Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
High Availability (HA) and Resiliency . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Services Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
2
Copyright © 2015, Juniper Networks, Inc.
Software Installation and Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Subscriber Management and Services . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Known Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Authentication and Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Class of Service (CoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Forwarding and Sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
General Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
High Availability (HA) and Resiliency . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Layer 2 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
MPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Platform and Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Routing Policy and Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Services Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Software Installation and Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
User Interface and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Resolved Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Resolved Issues: Release 13.3R6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Resolved Issues: Release 13.3R5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Resolved Issues: Release 13.3R4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Resolved Issues: Release 13.3R3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Resolved Issues: Release 13.3R2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Documentation Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Aggregated Ethernet Interfaces Feature Guide for Routing Devices . . . 136
Chassis-Level Feature Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Class of Service Library for Routing Devices . . . . . . . . . . . . . . . . . . . . . . 140
Dynamic Firewall Feature Guide for Subscriber Services . . . . . . . . . . . . 140
Ethernet Interfaces Feature Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Ethernet Networking Feature Guide for MX Series Routers . . . . . . . . . . . 141
Firewall Filters Feature Guide for Routing Devices . . . . . . . . . . . . . . . . . 143
Interchassis Redundancy Using Virtual Chassis Feature Guide for MX
Series Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Interfaces Feature Guide for Subscriber Management . . . . . . . . . . . . . . 144
Junos Address-Aware Carrier-Grade NAT and IPv6 Feature Guide . . . . 144
Junos OS High Availability Feature Guide for Routing Devices . . . . . . . . 145
Junos® OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX
Series, and T Series . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Layer 2 Configuration Guide, Bridging, Address Learning, and
Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Layer 2 VPNs Feature Guide for Routing Devices . . . . . . . . . . . . . . . . . . 146
Network Management Administration Guide for Routing Devices . . . . . 146
Services Interfaces Configuration Guide . . . . . . . . . . . . . . . . . . . . . . . . . 147
Standards Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Subscriber Management Access Network Guide . . . . . . . . . . . . . . . . . . 153
Subscriber Management Feature Guide . . . . . . . . . . . . . . . . . . . . . . . . . 153
Subscriber Management Provisioning Guide . . . . . . . . . . . . . . . . . . . . . 155
Copyright © 2015, Juniper Networks, Inc.
3
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
System Log Messages Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
System Services Administration Guide for Routing Devices . . . . . . . . . . 155
VPLS Feature Guide for Routing Devices . . . . . . . . . . . . . . . . . . . . . . . . . 155
VPWS Feature Guide for Routing Devices . . . . . . . . . . . . . . . . . . . . . . . . 155
Migration, Upgrade, and Downgrade Instructions . . . . . . . . . . . . . . . . . . . . . 156
Basic Procedure for Upgrading to Release 13.3 . . . . . . . . . . . . . . . . . . . . 156
Upgrade and Downgrade Support Policy for Junos OS Releases . . . . . . 159
Upgrading a Router with Redundant Routing Engines . . . . . . . . . . . . . . 159
Upgrading Juniper Network Routers Running Draft-Rosen Multicast
VPN to Junos OS Release 10.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Upgrading the Software for a Routing Matrix . . . . . . . . . . . . . . . . . . . . . 161
Upgrading Using Unified ISSU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Upgrading from Junos OS Release 9.2 or Earlier on a Router Enabled
for Both PIM and NSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Downgrading from Release 13.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Changes Planned for Future Releases . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Product Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Hardware Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Junos OS Release Notes for PTX Series Packet Transport Routers . . . . . . . . . . . 166
New and Changed Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Class of Service (CoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
General Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
High Availability (HA) and Resiliency . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Software Installation and Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Changes in Behavior and Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
High Availability and Resilency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
User Interface and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Known Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
General Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
MPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Software Installation and Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Resolved Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Resolved Issues: Release 13.3R6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Resolved Issues: Release 13.3R5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Resolved Issues: Release 13.3R4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Resolved Issues: Release 13.3R3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Resolved Issues: Release 13.3R2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Documentation Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Network Management Administration Guide for Routing Devices . . . . . 185
VPWS Feature Guide for Routing Devices . . . . . . . . . . . . . . . . . . . . . . . . 185
4
Copyright © 2015, Juniper Networks, Inc.
Migration, Upgrade, and Downgrade Instructions . . . . . . . . . . . . . . . . . . . . . 185
Upgrading Using Unified ISSU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Upgrading a Router with Redundant Routing Engines . . . . . . . . . . . . . . 186
Basic Procedure for Upgrading to Release 13.3 . . . . . . . . . . . . . . . . . . . . 186
Product Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Hardware Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Third-Party Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Finding More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Opening a Case with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Revision History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Copyright © 2015, Juniper Networks, Inc.
5
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
Introduction
®
Junos OS runs on the following Juniper Networks hardware: ACX Series, EX Series, J
Series, M Series, MX Series, PTX Series, QFabric, QFX Series, SRX Series, and T Series.
These release notes accompany Junos OS Release 13.3R6 for the EX Series, M Series,
MX Series, PTX Series, and T Series. They describe new and changed features, limitations,
and known and resolved problems in the hardware and software.
Junos OS Release Notes for EX Series Switches
These release notes accompany Junos OS Release 13.3R6 for the EX Series. They describe
new and changed features, limitations, and known and resolved problems in the hardware
and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation
webpage, located at http://www.juniper.net/techpubs/software/junos/.
•
New and Changed Features on page 6
•
Changes in Behavior and Syntax on page 8
•
Known Behavior on page 11
•
Known Issues on page 12
•
Resolved Issues on page 13
•
Documentation Updates on page 19
•
Migration, Upgrade, and Downgrade Instructions on page 19
•
Product Compatibility on page 20
New and Changed Features
This section describes the new features and enhancements to existing features in Junos
OS Release 13.3R6 for the EX Series.
6
•
Hardware
•
Infrastructure
•
Multicast
•
Network Management and Monitoring
•
OpenFlow
Copyright © 2015, Juniper Networks, Inc.
New and Changed Features
Hardware
•
Extended cable manager for EX9214 switches—An extended cable manager is now
available for EX9214 switches. The extended cable manager enables you to route
cables away from the front of the line cards and Switch Fabric modules and provides
easier access to the switch than the standard cable manager. To obtain the extended
cable manager, order the MX960 Enhanced Cable Manager, ECM-MX960. (Installation
of the extended cable manager must be done by a technician authorized by Juniper
Networks and that the service cost is in addition to the component cost.)
[See MX960 Cable Manager Description.]
Infrastructure
•
Support for IPv6 for TACACS+ authentication (EX9200)—Starting with Release 13.3,
Junos OS supports IPv6 along with the existing IPv4 support for user authentication
using TACACS+ servers.
Multicast
•
MLD snooping on EX9200 switches—Starting with Junos OS Release 13.3, EX9200
switches support Multicast Listener Discovery (MLD) snooping. MLD snooping constrains
the flooding of IPv6 multicast traffic on VLANs on a switch. When MLD snooping is
enabled on a VLAN, the switch examines MLD messages between hosts and multicast
routers and learns which hosts are interested in receiving traffic for a multicast group.
Based on what it learns, the switch then forwards multicast traffic only to those
interfaces in the VLAN that are connected to interested receivers instead of flooding
the traffic to all interfaces. You configure MLD snooping at either the [edit protocols]
hierarchy level or the [edit routing-instances routing-instance-name protocols] hierarchy
level.
[See Understanding MLD Snooping.]
Network Management and Monitoring
•
sFlow technology on EX9200 switches—Starting with Junos OS Release 13.3, EX9200
switches support sFlow technology, a monitoring technology for high-speed switched
or routed networks. The sFlow monitoring technology randomly samples network
packets and sends the samples to a monitoring station. You can configure sFlow
technology on an EX9200 switch to continuously monitor traffic at wire speed on all
interfaces simultaneously. The sFlow technology is configured at the [edit protocols
sflow] hierarchy level.
[See Understanding How to Use sFlow Technology for Network Monitoring on an EX Series
Switch.]
Copyright © 2015, Juniper Networks, Inc.
7
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
OpenFlow
•
Support for OpenFlow v1.0—Starting with Junos OS Release 13.3, EX9200 switches
support OpenFlow v1.0. You use the OpenFlow remote controller to control traffic in
an existing network by adding, deleting, and modifying flows on switches. You can
configure one OpenFlow virtual switch and one active OpenFlow controller at the [edit
protocols openflow] hierarchy level on each device running Junos OS that supports
OpenFlow.
[See Understanding Support for OpenFlow on Devices Running Junos OS.]
Related
Documentation
•
Changes in Behavior and Syntax on page 8
•
Known Behavior on page 11
•
Known Issues on page 12
•
Resolved Issues on page 13
•
Documentation Updates on page 19
•
Migration, Upgrade, and Downgrade Instructions on page 19
•
Product Compatibility on page 20
Changes in Behavior and Syntax
This section lists the changes in behavior of Junos OS features and changes in the syntax
of Junos OS statements and commands from Junos OS Release 13.3R6 for the EX Series.
8
•
Dynamic Host Configuration Protocol
•
High Availability and Resilency on page 9
•
Interfaces and Chassis on page 9
•
User Interface and Configuration on page 9
Copyright © 2015, Juniper Networks, Inc.
Changes in Behavior and Syntax
Dynamic Host Configuration Protocol
•
DHCP clients can send packets without Option 255 (EX9200)—On EX9200 switches,
starting with Junos OS Release 13.3R5, you can override the DHCP relay agent default
configuration and enable clients to send DHCP packets without Option 255. The default
behavior in Junos OS is to drop packets that do not include Option 255. To override
that default behavior, configure the allow-no-end-options CLI statement under the
[edit forwarding-options dhcp-relay overrides] hierarchy level.
You can also override the DHCP local server configuration and enable clients to send
DHCP packets without Option 255 (end-of-options). The default behavior in Junos OS
is to drop packets that do not include Option 255. To override that default behavior,
configure the allow-no-end-options statement under the [system services
dhcp-local-server overrides] hierarchy level.
High Availability and Resilency
•
New redundancy failover CLI statement (EX Series)—Starting in Junos OS
Release13.3R6, the chassis redundancy failover not-on-disk-underperform statement
prevents gstatd from causing failovers in the case of slow disks on the Routing Engine.
See not-on-disk-underperform and Preventing Graceful Restart in the Case of Slow Disks.
Interfaces and Chassis
•
Direct ARP entries to the correct next-hop interface in an MC-LAG scenario—On
EX9200 switches, the arp-l2-validate statement provides a workaround for issues
related to MAC and ARP entries going out of sync in an MC-LAG scenario. Use the
command to correct mismatches between MAC and ARP entries related to the next-hop
interface.
•
Additional options for the request support information command—On EX9200
switches, the following CLI commands have been added to the output of the request
support information CLI command:
•
show ethernet-switching interface detail
•
show ethernet-switching table
•
show spanning-tree bridge detail
•
show spanning-tree interface
•
show vlans extensive
•
show vrrp summary
User Interface and Configuration
•
Change in the show version command output on EX9200 switches—Starting with
Junos OS Release 13.3, the show version command output includes the Junos field that
displays the Junos OS version running on the switch. This new field is in addition to the
existing field in the show version command that displays a list of installed subpackages
running on the switch that display the Junos OS version number of those subpackages.
Copyright © 2015, Juniper Networks, Inc.
9
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
The new field provides a consistent means of identifying the Junos OS version, instead
of extracting that information from the list of installed subpackages.
In Junos OS Release 13.2 and earlier, the show version command does not have the
Junos field in the output that displays the Junos OS version running on the device as
shown in the following samples. The only way to determine the Junos OS version
running on the device is to review the list of installed subpackages.
Junos OS Release 13.2 and Earlier Releases Without the
Junos Field
Junos OS Release 13.3 and Later Releases With the Junos
Field
[email protected]> show version
Hostname: lab
Model: ex9208
JUNOS Base OS boot [12.3R2.5]
JUNOS Base OS Software Suite [12.3R2.5]
JUNOS Kernel Software Suite [12.3R2.5]
JUNOS Crypto Software Suite [12.3R2.5]
...
[email protected]> show version
Hostname: lab
Model: ex9208
Junos: 13.3R1.4
JUNOS Base OS boot [13.3R1.4]
JUNOS Base OS Software Suite [13.3R1.4]
JUNOS Kernel Software Suite [13.3R1.4]
JUNOS Crypto Software Suite [13.3R1.4]
...
[See show version.]
•
User-defined identifiers using the reserved prefix junos- now correctly cause a commit
error in the CLI—Junos OS reserves the prefix junos- for the identifiers of configurations
defined within the junos-defaults configuration group. User-defined identifiers cannot
start with the string junos-. Starting with Junos OS Release 13.3, if you configured
user-defined identifiers using the reserved prefix through a NETCONF or Junos XML
protocol session, the commit correctly fails. In Junos OS releases earlier than Release
13.3, if you configured user-defined identifiers through the CLI using the reserved prefix,
the commit incorrectly succeeds. Junos OS Release 13.3R1 and later releases now
exhibit the correct behavior. Configurations that currently contain the reserved prefix
for user-defined identifiers other than junos-defaults configuration group identifiers
now correctly results in a commit error in the CLI.
•
Configuring regular expressions (EX9200)—In all supported Junos OS releases, regular
expressions can no longer be configured if they require more than 64 MB of memory
or more than 256 recursions for parsing.
This change in the behavior of Junos OS is in line with the FreeBSD limit. The change
was made in response to a known consumption vulnerability that enables an attacker
to cause a denial-of-service attack (resource exhaustion) by using regular expressions
containing adjacent repetition operators or adjacent bounded repetitions. Junos OS
uses regular expressions in several places within the CLI. Exploitation of this vulnerability
can cause the Routing Engine to crash, leading to a partial denial of service. Repeated
exploitation can result in an extended partial outage of services provided by the routing
protocol process (rpd).
Related
Documentation
10
•
New and Changed Features on page 6
•
Known Behavior on page 11
•
Known Issues on page 12
Copyright © 2015, Juniper Networks, Inc.
Known Behavior
•
Resolved Issues on page 13
•
Documentation Updates on page 19
•
Migration, Upgrade, and Downgrade Instructions on page 19
•
Product Compatibility on page 20
Known Behavior
This section lists known behaviors, system maximums, and limitations in hardware and
software in Junos OS Release 13.3R6 for the EX Series.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
•
Layer 3 Features
•
Multicast
•
OpenFlow
Layer 3 Features
•
On EX9200 switches, BFD on IRB interfaces flaps if BFD is configured for subsecond
timers. PR844951
Multicast
•
If you configure a large number of PIM source-specific multicast (SSM) groups on an
EX9200 switch, the switch might experience periodic IPv6 traffic loss. As a workaround,
configure the pim-join-prune-timeout value on the last-hop router as 250 seconds.
PR853586
OpenFlow
Related
Documentation
•
On EX9200 switches, configuration of a firewall filter on an OpenFlow-enabled interface
is not supported.
•
On EX9200 switches, minor memory leaks might occur if you add and delete the same
multi-VLAN flow on the order of 100,000 such add and delete operations. PR905620
•
New and Changed Features on page 6
•
Changes in Behavior and Syntax on page 8
•
Known Issues on page 12
•
Resolved Issues on page 13
•
Documentation Updates on page 19
•
Migration, Upgrade, and Downgrade Instructions on page 19
•
Product Compatibility on page 20
Copyright © 2015, Juniper Networks, Inc.
11
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
Known Issues
This section lists the known issues in hardware and software in Junos OS Release 13.3R6
for the EX Series.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
•
Dynamic Host Configuration Protocol
•
Infrastructure
•
Interfaces and Chassis
•
Network Management and Monitoring
•
OpenFlow
•
Platform and Infrastructure
Dynamic Host Configuration Protocol
•
On EX9200 switches, the DHCPv6 binding table as shown in the output of the show
dhcp-security ipv6 binding might contain stale entries under the following conditions:
•
There is a mismatch in the link local address between the link local binding and the
dynamic binding.
•
There is no dynamic binding, and a SOLICIT message that matches the link local
entry is received, causing the state of the IPv6 address to transition from BOUND to
WAITING. This resets the lease timer and creates a stale entry.
The presence of stale entries in the DHCPv6 binding table might cause the jdhcpd
process to create a core file. PR1012556
•
On EX9200 switches with DHCPv6 snooping configured, the enterprise ID field of the
DHCPv6 relay message is converted to hexadecimal format and encoded as a text
string when used as the value for the remote ID (DHCPv6 Option 37). This results in
an incorrect value for the enterprise ID. PR1052956
Infrastructure
•
On EX9200 switches, the routing process (rpd) might continuously crash while
processing an (S,G) entry if that entry has been mistakenly deleted. PR942561
•
On EX9200 switches, in a Layer 2 environment, transit packets of size 1514 MTU or
more might be dropped silently when the packets exit a trunk interface for which VLAN
tagging or flexible VLAN tagging is not enabled. PR960638
Interfaces and Chassis
12
•
On EX9200 switches, an LLDP neighbor might not be formed for Layer 3-tagged
interfaces even though peer switches are able to form the neighbor. PR848721
•
On EX9200 switches, when the switch receives LACP control packets from an interface
other than an aggregated Ethernet (AE) interface, it forwards the packets, causing
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
LACP peer devices that receive the packets to reset the LACP connections. This might
cause continuous flaps for all aggregated or multichassis aggregated Ethernet
interfaces. PR1034917
Network Management and Monitoring
•
On EX9200 switches, even if you configure an egress sampling rate for sFlow monitoring
technology, the switch uses the ingress sampling rate instead. PR686002
OpenFlow
•
On EX9200 switches, a BGP session might flap when an OpenFlow interface is receiving
line-rate traffic and the traffic is not matching any rule, and therefore the default action
of packet-in is applied. PR892310
Platform and Infrastructure
Related
Documentation
•
On EX9200 switches, the show ethernet-switching table vlan-name vlan-name | display
xml CLI command does not have the vlan-name attribute in the <l2ng-l2ald-rtb-macdb>
xml tag. PR955910
•
New and Changed Features on page 6
•
Changes in Behavior and Syntax on page 8
•
Known Behavior on page 11
•
Resolved Issues on page 13
•
Documentation Updates on page 19
•
Migration, Upgrade, and Downgrade Instructions on page 19
•
Product Compatibility on page 20
Resolved Issues
This section lists the issues fixed in the Junos OS Release 13.3 main release and the
maintenance releases.
For the most complete and latest information about known Junos OS defects, use the
Juniper online Junos Problem Report Search application.
•
Resolved Issues: Release 13.3R6 on page 14
•
Resolved Issues: Release 13.3R5 on page 14
•
Resolved Issues: Release 13.3R4 on page 15
•
Resolved Issues: Release 13.3R3 on page 16
•
Resolved Issues: Release 13.3R2 on page 17
Copyright © 2015, Juniper Networks, Inc.
13
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
Resolved Issues: Release 13.3R6
Firewall Filters
•
On EX3300 switches, if you use a wildcard mask in firewall filters, the error message
Unaligned memory access by pid 87736 [dfwc] at 1000f5 PC[4adec] might be displayed
at commit. PR996083
Layer 2 Features
•
On EX9200 switches, if MVRP is configured on the aggregated Ethernet (AE) interface,
MVRP might become unstable when the CLI command no-attribute-length-in-pdu is
configured. PR1053664
Routing Protocols
•
On EX9200 switches on which virtual private LAN service (VPLS) is enabled, if the
interfaces on the CE belong to multiple FPCs, when the links between the PE device
and the CE device flap, or when the administrator clears the VPLS MAC table, traffic
might keep flooding in the VPLS routing-instance for more than 2 seconds during the
MAC learning phase. PR1031791
Spanning-Tree Protocols
•
On EX9200 switches running the VLAN Spanning Tree Protocol (VSTP), incoming
BPDUs might not be included in the output of the show spanning-tree statistics interface
command. PR847405
Resolved Issues: Release 13.3R5
Dynamic Host Configuration Protocol (DHCP)
•
On EX9200 switches, Dynamic Host Configuration Protocol (DHCP) relay functionality
might stop working and DHCP does not form new bindings when the number of
subscribers exceeds 1000 due to license restrictions. PR1033921
Infrastructure
14
•
On EX9200 switches, when apply-groups is used in the configuration, the expansion
of interfaces <*> apply-groups is done against all interfaces during the configuration
validation process, even if apply-groups is configured only under a specific interface
stanza. This does not affect the configuration—if the configuration validation passes,
the apply-groups are expanded correctly only against the interfaces for which
apply-groups is configured. PR967233
•
On EX9200 switches, if the disable-logging option is the only option configured at the
[edit system ddos-protection global] hierarchy level, and this option is deleted, the
kernel might generate a core file. PR1014219
•
On EX9200 switches, if the switch receives an ARP packet when the Forwarding
Information Base (FIB) has exceeded the limit of 262144 routes, the kernel might
generate a core file. PR1028714
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
Interfaces and Chassis
•
On EX9200 switches, in an MC-LAG scenario , a MAC address might incorrectly point
to an inter-chassis control link (ICL) after a MAC move from a single-home LAG to the
MC-LAG. PR1034347
Resolved Issues: Release 13.3R4
Dynamic Host Configuration Protocol (DHCP)
•
On an EX9200 switch acting as a DHCP relay agent, DHCP_ACK messages sent from
a DHCP server might not be forwarded to the client if the server identifier in the DHCP
packet is different from that in the DHCP relay agent’s binding table. PR994735
Multicast
•
On EX9200 switches that are configured in a multicast scenario with PIM enabled, an
(S,G) discard route might stop programming if the switch receives resolve requests
from an incorrect reverse-path-forwarding (RPF) interface. After this issue occurs, the
(S,G) state might not be updated when the switch receives multicast traffic from the
correct RPF interfaces, and multicast traffic might be dropped. PR1011098
Platform and Infrastructure
•
On EX9200 switches, the interface alias feature might not work as expected and
interfaces might go up and down after commit. PR981249
•
On an EX9200 switch, if the underlying Layer 2 interface of an IRB interface is changed
from access mode to trunk mode and bi-directional traffic is sent from an interface on
the same switch that has been changed from IRB over Layer 2 to Layer 3 mode, the
Layer 3 traffic toward the IRB interface might be dropped and PPE thread timeout
errors might be displayed. PR995845
Copyright © 2015, Juniper Networks, Inc.
15
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
Routing Protocols
•
On an EX9200 switch with an IGMP configuration in which two receivers are joined to
the same (S,G) and IGMP immediate-leave is configured, when one of the receivers
sends a leave message for the (S,G), the other receiver might not receive traffic for 1-2
minutes. PR979936
Resolved Issues: Release 13.3R3
Authentication and Access Control
•
On an EX Series switch that has both 802.1X authentication (dot1x) and a dynamic
firewall filter enabled, when the server-timeout value is set to a short time (for example,
3 seconds) and a large number of clients try to authenticate simultaneously, a delay
success authentication success message might be received on the switch because of
a RADIUS server timeout. This might cause the firewall filter to corrupt the interfaces
on which the authentication attempts were made, because of which client
authentications might fail. As a workaround, configure a server-timeout value that is
greater than 30 seconds. PR967922
Bridging and Learning
•
On EX9200 switches on which a native VLAN is configured on a link aggregation group
(LAG), if the native VLAN is changed, for example, if the native VLAN ID is changed or
if the native VLAN is disabled, a packet forwarding engine (PFE) thread timeout might
occur and LU chip error messages might be displayed. Traffic might be affected.
PR993080
Dynamic Host Configuration Protocol
•
On EX9200 switches that are configured as a DHCP relay or server over an IRB interface,
the relay and server binding tables might incorrectly display the name of the IRB
interface as the name of the physical interface. You can use the show dhcp relay binding
detail and show dhcp server binding detail commands to display the correct name of
the physical interface. PR972346
•
On an EX9200 switch where a binding already exists for a client, if the client sends a
DHCP discover message, the switch might not relay DHCP offers from any server other
than the server used to establish the existing binding. PR974963
Interfaces and Chassis
16
•
On EX9200 switches, the configuration statement mcae-mac-flush is not available in
the CLI; it is missing from the [edit vlans] hierarchy level. PR984393
•
On EX9200 switches that have a multichassis link aggregation group (MC-LAG)
interfaces configured by using the mac-rewrite statement, the Layer 2 address learning
process (l2ald) might crash, creating a core file. PR997978
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
OpenFlow
•
OpenFlow v1.0 running on an EX9200 switch does not respond reliably to interface up
or down events within a specified time interval. Per a fix implemented in Junos OS
Release 13.3R3.6, OpenFlow v1.0 running on an EX9200 switch responds reliably to
interface up or down events if the echo interval timeout is set to 11 seconds or more.
PR989308
Platform and Infrastructure
•
On an EX9200 switch working as a DHCP server, when you delete an IRB interface or
change the VLAN ID of a VLAN corresponding to an IRB interface, the DHCP process
(jdhcpd) might create a core file after commit because a stale interface entry in the
jdhcpd database has been accessed. PR979565
Routing Protocols
•
On EX9200 switches with IGMP snooping enabled on an IRB interface, some transit
TCP packets might be treated as IGMP packets, causing packets to be dropped.
PR979671
Software Installation and Upgrade
•
When you are upgrading Junos OS on an EX9200 switch, the following warning message
might be displayed: Could not open requirements file for jroute-ex:
/etc/db/pkg/jroute-ex/+REQUIRE. You can ignore this message. PR924106
Spanning-Tree Protocols
•
On EX9200 switches, the MSTI identifier range for MSTP is limited to 1 through 64
while it should be 1 through 4094. PR846878
Resolved Issues: Release 13.3R2
Bridging and Learning
•
On EX9200 switches, trunk configuration [edit interface interface-name unit 0 family
ethernet-switching interface-mode trunk] might not work as expected, causing traffic
loss. PR963175
Dynamic Host Configuration Protocol
•
On an EX9200 switch that is configured for DHCP relay, with the switch acting as the
DHCP relay agent, the switch might not be able to relay broadcast DHCP inform packets,
which are used by the client to get more information from the DHCP server. PR946038
•
On EX9200 switches with Dynamic Host Configuration Protocol (DHCP) relay
configured, permanent Address Resolution Protocol (ARP) entries for relay clients are
installed. When the client is reachable by means of a different preferred path (due to
STP topology changes or MC-LAG changes and so on), the forwarding state is not
refreshed. This might cause packets to be dropped until the relay binding is cleared.
PR961479
Copyright © 2015, Juniper Networks, Inc.
17
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
•
On an EX9200 switch that works as a DHCP relay agent, if the switch receives broadcast
DHCP ACK packets sent by another DHCP relay switch, those packets might be dropped
until the DHCP max-hop limit is reached. PR961520
Infrastructure
•
On EX9200 switches with an EX9200-32XS line card or an EX9200-2C-8XS line card,
10-gigabit ports on the line card might stay offline if a link flaps or an SFP+ is inserted
after the links have been up for more than 3 months. PR905589
•
On an EX Series Virtual Chassis that is configured for DHCP services and configured
with a DHCP server, when a client sends DHCP INFORM packets and then the same
client sends the DHCP RELEASE packet, an IP address conflict might result because
the same IP address has been assigned to two clients. As a workaround:
•
1. Clear the binding table:
[email protected]> clear system services dhcp binding
•
2. Restart the DHCP service:
[email protected]> restart dhcp
PR953586
•
On an EX9200 switch, when the SNMP mib2d daemon polls system statistics from
the kernel, the kernel might cause a memory leak (mbuf leak), which in turn might
cause packets such as ARP packets to be dropped at the kernel. PR953664
•
On an EX9200 switch with scaled ARP entries (for example, 48K entries), in a normal
state, an ARP entry's current time must be less than the expiry time. However, some
events might cause the current time to be greater than the expiry time, which then
leads to the ARP entry being flushed, resulting in connectivity issues. A possible trigger
event might be an Inter-Chassis Link flap in a multichassis link aggregation group
scenario. PR963588
Interfaces and Chassis
•
On EX9200 switches, an inter-IRB route might not work if Q-in-Q tunneling is enabled,
because the TPID (0x9100) is not set on egress dual-tagged packets, and other devices
that receive these untagged packets might drop them. PR942124
•
On an EX Series switch, if you remove an SFP+ and then add it back or reboot the
switch, and the corresponding disabled 10-gigabit interface is a member of a LAG, the
link on that port might be activated. PR947683
Virtual Chassis
Related
Documentation
18
•
On EX9200 Virtual Chassis, the show virtual-chassis vc-port command shows a resync
flag as part of the Status column of the command. The resync flag indicates the
forwarding readiness of the Packet Forwarding Engine (on which VCPs are configured),
after it is up after a reboot. PR946920
•
New and Changed Features on page 6
•
Changes in Behavior and Syntax on page 8
Copyright © 2015, Juniper Networks, Inc.
Documentation Updates
•
Known Behavior on page 11
•
Known Issues on page 12
•
Documentation Updates on page 19
•
Migration, Upgrade, and Downgrade Instructions on page 19
•
Product Compatibility on page 20
Documentation Updates
There are no errata or changes in Junos OS Release 13.3R6 for the EX Series switches
documentation.
Related
Documentation
•
New and Changed Features on page 6
•
Changes in Behavior and Syntax on page 8
•
Known Behavior on page 11
•
Known Issues on page 12
•
Resolved Issues on page 13
•
Migration, Upgrade, and Downgrade Instructions on page 19
•
Product Compatibility on page 20
Migration, Upgrade, and Downgrade Instructions
This section contains upgrade and downgrade policies for Junos OS for the EX Series.
Upgrading or downgrading Junos OS can take several hours, depending on the size and
configuration of the network.
•
Upgrade and Downgrade Support Policy for Junos OS Releases on page 19
Upgrade and Downgrade Support Policy for Junos OS Releases
Support for upgrades and downgrades that span more than three Junos OS releases at
a time is not provided, except for releases that are designated as Extended End-of-Life
(EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can
upgrade directly from one EEOL release to the next EEOL release, even though EEOL
releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after
the currently installed EEOL release, or to two EEOL releases before or after. For example,
Junos OS Releases 10.0, 10.4, and 11.4 are EEOL releases. You can upgrade from Junos OS
Release 10.0 to Release 10.4 or even from Junos OS Release 10.0 to Release 11.4. However,
you cannot upgrade directly from a non-EEOL release that is more than three releases
ahead or behind. For example, you cannot directly upgrade from Junos OS Release 10.3
(a non-EEOL release) to Junos OS Release 11.4 or directly downgrade from Junos OS
Release 11.4 to Junos OS Release 10.3.
Copyright © 2015, Juniper Networks, Inc.
19
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
To upgrade or downgrade from a non-EEOL release to a release more than three releases
before or after, first upgrade to the next EEOL release and then upgrade or downgrade
from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see
http://www.juniper.net/support/eol/junos.html .
For information on software installation and upgrade, see the Installation and Upgrade
Guide.
Related
Documentation
•
New and Changed Features on page 6
•
Changes in Behavior and Syntax on page 8
•
Known Behavior on page 11
•
Known Issues on page 12
•
Resolved Issues on page 13
•
Documentation Updates on page 19
•
Product Compatibility on page 20
Product Compatibility
•
Hardware Compatibility on page 20
Hardware Compatibility
To obtain information about the components that are supported on the devices, and
special compatibility guidelines with the release, see the Hardware Guide for the product.
To determine the features supported on EX Series switches in this release, use the Juniper
Networks Feature Explorer, a Web-based application that helps you to explore and
compare Junos OS feature information to find the right software release and hardware
platform for your network. Find Feature Explorer at:
http://pathfinder.juniper.net/feature-explorer/
Related
Documentation
20
•
New and Changed Features on page 6
•
Changes in Behavior and Syntax on page 8
•
Known Behavior on page 11
•
Known Issues on page 12
•
Resolved Issues on page 13
•
Documentation Updates on page 19
•
Migration, Upgrade, and Downgrade Instructions on page 19
Copyright © 2015, Juniper Networks, Inc.
Junos OS Release Notes for M Series Multiservice Edge Routers, MX Series 3D Universal Edge Routers, and T Series Core Routers
Junos OS Release Notes for M Series Multiservice Edge Routers, MX Series 3D Universal
Edge Routers, and T Series Core Routers
These release notes accompany Junos OS Release 13.3R6 for the M Series, MX Series,
and T Series. They describe new and changed features, limitations, and known and
resolved problems in the hardware and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation
webpage, located at http://www.juniper.net/techpubs/software/junos/.
•
New and Changed Features on page 21
•
Changes in Behavior and Syntax on page 54
•
Known Behavior on page 68
•
Known Issues on page 70
•
Resolved Issues on page 80
•
Documentation Updates on page 135
•
Migration, Upgrade, and Downgrade Instructions on page 156
•
Product Compatibility on page 165
New and Changed Features
This section describes the new features and enhancements to existing features in Junos
OS Release 13.3R6 for the M Series, MX Series, and T Series.
•
Hardware on page 22
•
Authentication, Authorization, and Accounting (AAA) (RADIUS) on page 30
•
Class of Service (CoS) on page 30
•
General Routing on page 32
•
High Availability (HA) and Resiliency on page 33
•
Interfaces and Chassis on page 34
•
IPv6 on page 41
•
Layer 2 Features on page 41
•
MPLS on page 41
•
Multicast on page 42
•
Network Management and Monitoring on page 42
•
OpenFlow on page 43
•
Platform and Infrastructure on page 43
•
Port Security on page 43
•
Routing Policy and Firewall Filters on page 44
•
Routing Protocols on page 45
•
Services Applications on page 46
•
Software Installation and Upgrade on page 47
Copyright © 2015, Juniper Networks, Inc.
21
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
•
Subscriber Management and Services (MX Series) on page 47
•
VPNs on page 53
Hardware
•
MIC support (MX104)—Junos OS Release 13.3 and later releases extend support to
the following MICs on the MX104 3D Universal Edge Routers:
•
ATM MIC with SFP (Model No: MIC-3D-8OC3-2OC12-ATM)
•
DS3/E3 MIC (Model No: MIC-3D-8DS3-E3)
•
Channelized SONET/SDH OC3/STM1 (Multi-rate) MICs with SFP (Model No:
MIC-3D-4CHOC3-2CHOC12)
•
Channelized SONET/SDH OC3/STM1 (Multi-rate) MICs with SFP (Model No:
MIC-3D-8CHOC3-4CHOC12)
•
Multiservices MIC (Model No: MS-MIC-16G)
•
SONET/SDH OC3/STM1 (Multi-rate) MICs with SFP (Model No:
MIC-3D-4OC3OC12-10C48)
•
SONET/SDH OC3/STM1 (Multi-rate) MICs with SFP (Model No:
MIC-3D-8OC3OC12-4OC48)
•
SONET/SDH OC192/STM64 MICs with XFP (Model No: MIC-3D-10C192-XFP)
[See MICs Supported by MX Series Routers in the MX Series Interface Module Reference.]
•
Support for MICs on MPC3E (MX240, MX480, and MX960)—Starting in Junos OS
Release 13.3, the following MICs are supported on the MPC3E (MX-MPC3E-3D):
•
SONET/SDH OC3/STM1 (Multi-Rate) MICs with SFP (MIC-3D-8OC3OC12-4OC48)
•
SONET/SDH OC3/STM1 (Multi-Rate) MICs with SFP (MIC-3D-4OC3OC12-1OC48)
•
SONET/SDH OC192/STM64 MIC with XFP (MIC-3D-1OC192-XFP)
•
DS3/E3 MIC (MIC-3D-8DS3-E3)
The following encapsulations are supported on the aforementioned MICs on MPC3E:
22
•
Cisco High-Level Data Link Control (cHDLC)
•
Flexible Frame Relay
•
Frame Relay
•
Frame Relay for circuit cross-connect (CCC)
•
Frame Relay for translational cross-connect (TCC)
•
MPLS fast reroute
•
MPLS CCC
•
MPLS TCC
•
Point-to-Point Protocol (PPP) (default)
•
PPP for CCC
Copyright © 2015, Juniper Networks, Inc.
New and Changed Features
•
PPP for TCC
•
PPP over Frame Relay
[See MPC3E on MX Series Routers Overview.]
•
CFP-GEN2-CGE-ER4 (MX Series, T1600, and T4000)—The CFP-GEN2-CGE-ER4
transceiver (part number: 740-049763) provides a duplex LC connector and supports
the 100GBASE-ER4 optical interface specification and monitoring. Starting in Junos
OS Release 13.3, the GEN2 optics have been redesigned with newer versions of internal
components for reduced power consumption. The following interface modules support
the CFP-GEN2-CGE-ER4 transceiver. For more information about interface modules,
see the Interface Module Reference for your router.
MX Series routers:
•
100-Gigabit Ethernet MIC with CFP (model number:
MIC3-3D-1X100GE-CFP)—Supported in Junos OS Release 12.1R1 and later
•
2x100GE + 8x10GE MPC4E (model number: MPC4E-3D-2CGE-8XGE)—Supported
in Junos OS Release 12.3R2 and later
T1600 and T4000 routers:
•
100-Gigabit Ethernet PIC with CFP (model numbers: PD-1CE-CFP-FPC4 and
PD-1CGE-CFP)—Supported in Junos OS Releases 12.3R5, 13.2R3, 13.3R1, and later
[See 100-Gigabit Ethernet 100GBASE-R Optical Interface Specifications.]
•
SFP-GE80KCW1470-ET, SFP-GE80KCW1490-ET, SFP-GE80KCW1510-ET,
SFP-GE80KCW1530-ET, SFP-GE80KCW1550-ET, SFP-GE80KCW1570-ET,
SFP-GE80KCW1590-ET, and SFP-GE80KCW1610-ET (MX Series)—Beginning with
Junos OS Release 13.3, these transceivers provide a duplex LC connector and support
operation and monitoring with links up to a distance of 80 km. Each transceiver is tuned
to a different transmit wavelength for use in CWDM applications. These transceivers
are supported on the following interface module. For more information about interface
modules, see the Interface Module Reference for your router.
•
Gigabit Ethernet MIC with SFP (model number: MIC-3D-20GE-SFP) in all versions
of MX-MPC1, MX-MPC2, and MX-MPC3 —Supported in Junos OS Release 12.3R5,
13.2R3, 13.3R1, and later.
[See Gigabit Ethernet SFP CWDM Optical Interface Specification]
•
CFP-GEN2-100GBASE-LR4 (T1600 and T4000)—The CFP-GEN2-100GBASE-LR4
transceiver (part number: 740-047682) provides a duplex LC connector and supports
the 100GBASE-LR4 optical interface specification and monitoring. Starting in Junos
OS Release 13.3, the “GEN2” optics have been redesigned with newer versions of internal
components for reduced power consumption. The following interface modules support
the CFP-GEN2-100GBASE-LR4 transceiver. For more information about interface
modules, see the Interface Module Reference for your router.
Copyright © 2015, Juniper Networks, Inc.
23
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
•
100-Gigabit Ethernet PIC with CFP (model numbers: PD-1CE-CFP-FPC4 and
PD-1CGE-CFP)—Supported in Junos OS Releases 12.3R5, 13.2R3, 13.3R1, and later
[See 100-Gigabit Ethernet 100GBASE-R Optical Interface Specifications.]
•
Software feature support on the MPC5E— Starting in Junos OS Release 13.3, MPC5E
supports the following key features:
•
Basic Layer 2 features and virtual private LAN services (VPLS) functionality
•
Class of service (CoS)
•
Flexible Queuing option—By using an add-on license, MPC5E supports a limited
number of queues (32,000 queues per slot including ingress and egress)
•
Hierarchical QoS
•
Intelligent oversubscription services
•
Interoperability with existing MPCs and DPCs
•
MPLS
•
MX Virtual Chassis
The following features are not supported on MPC5E:
•
Active flow monitoring and services
•
Subscriber management features
[See Protocols and Applications Supported by the MX240, MX480, MX960, MX2010, and
MX2020 MPC5E.]
•
Software feature support on the MPC5EQ— Starting in Junos OS Release 13.3, MPC5EQ
supports 1 million queues per slot on all MX Series routers. All the other software
features supported on MPC5E are also supported on MPC5EQ.
[See Protocols and Applications Supported by the MX240, MX480, MX960, MX2010, and
MX2020 MPC5E.]
•
Support for new 520-gigabit full duplex Modular Port Concentrator (MPC6E) with
two Modular Interface Card (MIC) slots on MX2010 and MX2020 3D Universal Edge
Routers—In Junos OS Release 13.3R3 and later, MX2020 and MX2010 routers support
a new MPC, MPC6E (model number: MX2K-MPC6E). MPC6E is a 100-Gigabit Ethernet
MPC that provides increased density and performance to MX Series routers in
broadband access networks for services such as Layer 3 peering, VPLS and Layer 3
aggregation, and video distribution.
MPC6E provides packet-forwarding services that deliver up to 520 Gbps of full-duplex
traffic. It has two separate slots for MICs and supports four Packet Forwarding Engines
with a throughput of 130 Gbps per Packet Forwarding Engine. It also supports two MIC
slots as WAN ports that provide physical interface flexibility.
MPC6E supports:
24
•
Forwarding capability of up to 130 Gbps per Packet Forwarding Engine
•
100-Gigabit Ethernet interfaces
Copyright © 2015, Juniper Networks, Inc.
New and Changed Features
•
Up to 560 Gbps of full-duplex traffic for the two MIC slots
•
WAN-PHY mode on 10-Gigabit Ethernet interfaces on a per port basis
•
Two separate slots for MICs (MIC6-10G and MIC6-100G-CXP)
•
Two Packet Forwarding Engines for each MIC slot
•
Intelligent oversubscription services
[See Protocols and Applications Supported by the MX240, MX480, MX960, MX2010, and
MX2020 MPC5E.]
•
Feature support on MPC6E—MPC6E supports the following software features in Junos
OS Release 13.3R2:
•
Basic Layer 2 features and virtual private LAN service (VPLS) functionality, except
for Operation, Administration, and Maintenance (OAM)
•
Layer 3 routing protocols
•
MPLS
•
Multicast forwarding
•
Firewall filters and policers
•
Class of service (CoS)
•
Tunnel service
•
Interoperability with existing DPCs and MPCs
•
Internet Group Management Protocol (IGMP) snooping with bridging, integrated
routing and bridging (IRB), or VPLS
•
Intelligent hierarchical policers
•
Layer 2 trunk port
•
MPLS-fast reroute (FRR) VPLS instance prioritization
•
Precision Time Protocol (PTP) (IEEE 1588)
•
Synchronous Ethernet
The following features are not supported on MPC6E:
•
Fine-grained queuing and input queuing
•
Unified in-service software upgrade (ISSU)
•
Active flow monitoring and services
•
Virtual Chassis support
[See Protocols and Applications Supported by the MX240, MX480, MX960, MX2010, and
MX2020 MPC5E.]
•
Support for fixed-configuration MPC on MX240, MX480, MX960, MX2010, and
MX2020 routers—MX240, MX480, MX960, MX2010 and MX2020 routers support a
new MPC, MPC5E (model number: MPC5E-40G10G). On the MX2010 and MX2020
Copyright © 2015, Juniper Networks, Inc.
25
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
routers, MPC5E is housed in an adapter card. MPC5E is a fixed-configuration MPC with
four built-in PICs and does not contain separate slots for Modular Interface Cards
(MICs). MPC5E supports two Packet Forwarding Engines, PFEO and PFE1. PFE0 hosts
PIC0 and PIC2 while PFE1 hosts PIC1 and PIC3. A maximum of two PICs can be kept
powered on (PIC0 or PIC2 and PIC1 or PIC3). The other PICs are required to be kept
powered off.
MPC5E supports:
•
Flexible queuing option by using an add-on license
•
Forwarding capability of up to 130 Gbps per Packet Forwarding Engine
•
Intelligent oversubscription services
•
Quad small form-factor pluggable plus transceivers (QSFP+) and small form-factor
pluggable plus transceivers (SFP+) for connectivity
•
Up to 240 Gbps of full-duplex traffic
•
WAN-PHY mode on 10-Gigabit Ethernet Interfaces on a per-port basis
For more information about the supported and unsupported Junos OS software features
for this MPC, see Protocols and Applications Supported by the MX240, MX480, MX960,
MX2010, and MX2020 MPC5E.
•
Support for new fixed-configuration queuing MPC on MX240, MX480, MX960,
MX2010, and MX2020 routers—MX240, MX480, MX960, MX2010, and MX2020
routers support a new queuing MPC, MPC5EQ (model number: MPC5EQ-40G10G).
On the MX2010 and MX2020 routers, MPC5EQ is housed in an adapter card. MPC5EQ,
like MPC5E, is a fixed-configuration MPC with four built-in PICs and does not contain
separate slots for Modular Interface Cards (MICs). MPC5EQ, like MPC5E supports two
Packet Forwarding Engines, PFEO and PFE1. PFE0 hosts PIC0 and PIC2 while PFE1 hosts
PIC1 and PIC3. A maximum of two PICs can be kept powered on (PIC0 or PIC2 and PIC1
or PIC3). The other PICs are required to be kept powered off.
MPC5EQ supports 1 million queues per slot on all MX Series routers. All the other
software features supported on MPC5E are also supported on MPC5EQ.
For more information about the supported and unsupported Junos OS software features
for this MPC, see Protocols and Applications Supported by the MX240, MX480, MX960,
MX2010, and MX2020 MPC5E.
•
Support for OTN MIC on MPC6E (MX2010 and MX2020 routers)—Starting with Junos
OS Release 13.3R3, the 24-port 10-Gigabit Ethernet OTN MIC with SFPP
(MIC6-10G-OTN) is supported on MPC6E on the MX2010 and MX2020 routers. The
OTN MIC supports both LAN PHY and WAN PHY framing modes on a per-port basis.
The MIC supports the following features:
26
•
Transparent transport of 24 10-Gigabit Ethernet signals with optical channel data
unit 2 (ODU2) and ODU2e framing on a per port basis
•
ITU-standard optical transport network (OTN) performance monitoring and alarm
management
Copyright © 2015, Juniper Networks, Inc.
New and Changed Features
•
Pre-forward error correction (pre-FEC)-based bit error rate (BER). Fast reroute (FRR)
uses the pre-FEC BER as an indication of the condition of an OTN link
To configure the OTN options for this MIC, use the set otn-options statement at the
[edit interfaces interfaceType-fpc/pic/port] hierarchy level.
•
OTN support for 10-Gigabit Ethernet and 100-Gigabit Ethernet interfaces on MPC5E
and MPC6E (MX240, MX480, MX960, MX2010, and MX2020 routers)—Junos OS
Release 13.3 extends optical transport network (OTN) support for 10-Gigabit Ethernet
and 100-Gigabit Ethernet interfaces on MPC5E and MPC6E. MPC5E-40G10G and
MPC5EQ-40G10G support OTN on 10-Gigabit Ethernet interfaces, and MPC5E-100G10G
and MPC5EQ-100G10G support OTN on 10-Gigabit Ethernet interfaces and 100-Gigabit
Ethernet interfaces. The OTN MICs MIC6-10G-OTN and MIC6-100G-CFP2 on MPC6E
support OTN on 10-Gigabit Ethernet interfaces and 100-Gigabit Ethernet interfaces,
respectively.
OTN support includes:
•
Transparent transport of 10-Gigabit Ethernet signals with optical channel transport
unit 2 (OTU2) framing
•
Transparent transport of 100-Gigabit Ethernet signals with OTU4 framing
•
ITU-T standard OTN performance monitoring and alarm management
Compared with SONET/SDH, OTN provides stronger forward error correction,
transparent transport of client signals, and switching scalability. To configure the OTN
options for the interfaces, use the set otn-options configuration statement at the [edit
interfaces interfaceType-fpc/pic/port] hierarchy level.
•
Support for 100 Gigabit-Ethernet OTN MIC on MPC6E (MX2010 and MX2020
routers)—Starting with Junos OS Release 13.3R3, the 2-port 100-Gigabit Ethernet MIC
with CFP2 (MIC6-100G-CFP2) is supported on MPC6E. The MIC supports optical
transport network (OTN) features on the 100-Gigabit Ethernet interfaces and also
supports line-rate throughput of 100 Gbps per port.
The following OTN features are supported:
•
Transparent transport of 2-port 100-Gigabit Ethernet signals with optical channel
data unit 4 (ODU4) framing for each port
•
ITU-standard OTN performance monitoring and alarm management
•
Generic forward error correction (GFEC)
To configure OTN options for this MIC, use the set otn-options statement at the [edit
interfaces interfaceType-fpc/pic/port] hierarchy level.
•
Support for MPC5E on SCBE2 (MX Series routers)—Starting with Junos OS Release
13.3R3, MPC5E is supported on SCBE2 on MX240, MX480, and MX960 routers.
•
Support for enhanced 20-port Gigabit Ethernet MIC (MX5, MX10, MX40, MX80,
MX240, MX480, and MX960)—Starting in Junos OS Release 13.3, an enhanced 20-port
Gigabit Ethernet MIC (model number MIC-3D-20GE-SFP-E) is supported on MX Series
routers. This enhanced MIC supports up to 20 SFP optical transceiver modules, which
include the following:
Copyright © 2015, Juniper Networks, Inc.
27
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
•
•
Fiber-optic small form-factor pluggable (SFP) transceivers:
•
1000BASE-LH (model number: SFP-1GE-LH)
•
1000BASE-LX (model number: SFP-1GE-LX)
•
1000BASE-SX (model number: SFP-1GE-SX)
Copper SFP transceiver:
•
•
1000BASE-T (model number: SFP-1GE-T)
Bidirectional SFP transceivers:
•
1000BASE-BX (model number pairs: SFP-GE10KT13R14 with SFP-GE10KT14R13,
SFP-GE10KT13R15 with SFP-GE10KT15R13, SFP-GE40KT13R15 with
SFP-GE40KT15R13)
These optical transceiver modules can be hot-swapped. You can view the enhanced
20-port Gigabit Ethernet MIC information by using the show chassis hardware command.
•
Multiservices MIC support (MX104)—Starting with Junos OS Release 13.3R2, the
Multiservices MIC (MS-MIC-16G) is supported on MX104 3D Universal Edge Routers.
The Multiservices MIC has an enhanced memory of 16 GB and provides improved scaling
and high performance. Only one Multiservices MIC is supported on the MX104 chassis.
The Multiservices MIC supports the following software features:
•
Active flow monitoring and export of flow monitoring version 9 records, based on
RFC 3954
•
IP Security (IPsec) encryption
•
Network Address Translation (NAT) for IP addresses
•
Port Address Translation (PAT) for port numbers
•
Stateful firewall with packet inspection—detects SYN attacks, ICMP and UDP floods,
and ping-of-death attacks
•
Traffic sampling
[See Multiservices MIC.]
•
28
SFPP-10G-ZR-OTN-XT (MX Series, T1600, and T4000)—Starting with Junos OS
Release 13.3R3, the SFPP-10G-ZR-OTN-XT dual-rate extended temperature transceiver
provides a duplex LC connector and supports the 10GBASE-Z optical interface
specification and monitoring. The transceiver is not specified as part of the 10-Gigabit
Ethernet standard and is instead built according to ITU-T and Juniper Networks
specifications. In addition, the transceiver supports LAN-PHY and WAN-PHY modes
and OTN rates and provides a NEBS-compliant 10-Gigabit Ethernet ZR transceiver for
the MX Series interface modules listed here. The following interface modules support
the SFPP-10G-ZR-OTN-XT transceiver:
Copyright © 2015, Juniper Networks, Inc.
New and Changed Features
MX Series:
•
10-Gigabit Ethernet MIC with SFP+ (model number:
MIC3-3D-10XGE-SFPP)—Supported in Junos OS Release 12.3R5, 13.2R3, 13.3, and
later
•
16-port 10-Gigabit Ethernet (model number: MPC-3D-16XGE-SFPP)—Supported in
Junos OS Release 12.3R5, 13.2R3, 13.3, and later
•
32-port 10-Gigabit Ethernet MPC4E (model number:
MPC4E-3D-32XGE-SFPP)—Supported in Junos OS Release 12.3R5, 13.2R3, 13.3, and
later
•
2-port 100-Gigabit Ethernet + 8-port 10-Gigabit Ethernet MPC4E (model number:
MPC4E-3D-2CGE-8XGE)—Supported in Junos OS Release 12.3R5, 13.2R3, 13.3, and
later
T1600 and T4000 routers:
•
10-Gigabit Ethernet LAN/WAN PIC with Oversubscription and SFP+ (model numbers:
PD-5-10XGE-SFPP and PF-24XGE-SFPP)—Supported in Junos OS Release 12.3R5,
13.2R3, 13.3, and later
•
10-Gigabit Ethernet LAN/WAN PIC with SFP+ (model number:
PF-12XGE-SFPP)—Supported in Junos OS Release 12.3R5, 13.2R3, 13.3, and later
For more information about interface modules, see the “Cables and Connectors” section
in the Interface Module Reference for your router.
[See 10-Gigabit Ethernet 10GBASE Optical Interface Specifications.]
•
Support for hyper mode to increase packet processing rate on enhanced MPCs
(MX240, MX480, MX960, MX2010, and MX2020 routers)—Starting in Junos OS
Release 13.3R4, MPC3E, MPC4E, MPC5E, and MPC6E support the hyper-mode feature.
Enabling the hyper mode feature increases the rate at which a data packet is processed,
which results in the optimization of the lifetime of a data packet. Optimization of the
data packet lifetime enables better performance and throughput.
NOTE: You can enable hyper mode only if the network-service mode on
the router is configured as either enhanced-ip or enhanced-ethernet. Also,
you cannot enable the hyper mode feature for a specific Packet Forwarding
Engine on an MPC—that is, when you enable the feature, it is applicable
for all Packet Forwarding Engines on the router.
When you enable the hyper mode feature, the following features are not supported:
•
Creation of Virtual Chassis.
•
Interoperability with legacy DPCs, including MS-DPCs. The MPC in hyper mode
accepts and transmits data packets only from other existing MPCs.
•
Interoperability with non-Ethernet MICs and non-Ethernet Interfaces such as
channelized interfaces, multilink interfaces, and SONET interfaces.
Copyright © 2015, Juniper Networks, Inc.
29
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
•
Padding of Ethernet Frames with VLAN.
•
Sending Internet Control Message Protocol (ICMP) redirect messages.
•
Termination or tunneling of all subscriber-based services.
•
To configure the hyper mode feature, use the hyper-mode statement at the [edit
forwarding-options] hierarchy level. To view the changed configuration, use the show
forwarding-options hyper-mode command.
Authentication, Authorization, and Accounting (AAA) (RADIUS)
•
RADIUS functionality over IPv6 for system AAA—Starting with Release 13.3R4, Junos
OS supports RADIUS functionality over IPv6 for system AAA (authentication,
authorization, and accounting) in addition to the existing RADIUS functionality over
IPv4 for system AAA. With this feature, Junos OS users can log in to the router
authenticated through RADIUS over an IPv6 network. Thus, Junos OS users can now
configure both IPv4 and IPv6 RADIUS servers for AAA. To accept the IPv6 source
address, include the source-address statement at the [edit system radius-server IPv6]
hierarchy level. (If an IPv6 RADIUS server is configured without any source-address,
default ::0 is considered as the source address.)
Class of Service (CoS)
•
CCC and TCC support on FRF.15, FRF.16, and MLPPP interfaces (MX Series)—Starting
with Release 13.3, Junos OS supports Circuit Cross Connect (CCC) and Translational
Cross Connect (TCC) over Multilink Frame Relay (MLFR) UNI NNI (FRF.16) interface
and TCC over Multilink Frame Relay (MLFR) end-to-end (FRF.15) and Multilink
Point-to-Point Protocol (MLPPP) interfaces. You can implement the cross-connect
over an MPLS network or a local-switched network. When you configure cross-connect
over these interfaces, the peer interface can be of any of the interface types that support
cross-connect.
To configure CCC over FRF.16/MFR interfaces, include the following statements under
the [edit interfaces interface-name unit number] hierarchy level:
family ccc {
translate-discard-eligible;
translate-fecn-and-becn;
translate-plp-control-word-de;
no-asynchronous-notification;
}
To configure TCC over FRF.15/MLFR, FRF.16/MFR, or MLPPP interfaces, include the
following configuration under the [edit interfaces interface-name unit number] hierarchy
level:
family tcc {
protocols [inet iso mpls];
no-asynchronous-notification;
}
To complete CCC or TCC configurations over the multilink Frame Relay interfaces, you
must also specify the interface name under one of the following hierarchies:
30
Copyright © 2015, Juniper Networks, Inc.
New and Changed Features
•
[edit protocols l2circuit neighbor ip-address] if the switching is done over a Layer 2
circuit.
•
[edit protocols connections remote-interface-switch remote-if-sw] if the switching
is done over a remote interface switch.
•
[edit protocols connections interface-switch local-if-switch] if the switching is done
using a local switch.
•
Support for IPv6 traffic over IPsec tunnels on MS-MICs and MS-MPCs (MX
Series)—Starting with Release 13.3, Junos OS extends IPsec support on MS-MICs and
MS-MPCs to IPv6 traffic. IPsec support on MS-MICs and MS-MPCs is limited to the
ESP protocol, and now enables you to configure IPv4 and IPv6 tunnels that can carry
IPv6 as well as IPv4 traffic. To enable IPv6 traffic over an IPsec tunnel, configure an
IPv6 address for the local-gateway statement under the [edit services service-set
service-set-name ipsec-vpn-options] hierarchy level.
•
CoS show command enhancements (MX Series)—Starting in Release 13.3, Junos OS
extends support for CoS show commands with the addition of the show class-of-service
scheduler-hierarchy interface and show class-of-service scheduler-hierarchy interface-set
commands. These commands display subscriber class-of-service interface and
interface-set information.
[See show class-of-service scheduler-hierarchy interface and show class-of-service
scheduler-hierarchy interface-set.]
•
Traffic scheduling and shaping support for GRE tunnel interface output queues (MX
Series)—Beginning with Junos OS Release 13.3, you can manage output queuing of
traffic entering GRE tunnel interfaces hosted on MIC or MPC line cards in MX Series
routers. Support for the output-traffic-control-profile configuration statement, which
applies an output traffic scheduling and shaping profile to the interface, is extended
to GRE tunnel physical and logical interfaces. Support for the
output-traffic-control-profile-remaining configuration statement, which applies an
output traffic scheduling and shaping profile for remaining traffic to the interface, is
extended to GRE tunnel physical interfaces.
NOTE: Interface sets (sets of interfaces used to configure hierarchical CoS
schedulers on supported Ethernet interfaces) are not supported on GRE
tunnel interfaces.
[See Configuring Traffic Control Profiles for Shared Scheduling and Shaping.]
•
New forwarding-class-accounting statement on MX Series routers—Starting in Junos
OS Release 13.3R3, new forwarding class accounting statistics can be enabled at the
[edit interfaces interface-name] and the [edit interfaces interface-name unit
interface-unit-number] hierarchy levels. These statistics replace the need to use firewall
filters for gathering accounting statistics. Statistics can be gathered and displayed for
IPv4, IPv6, MPLS, Layer 2 and Other families in ingress, egress, or both directions.
•
Support for CoS hierarchical schedulers on MPC5E (MX240, MX480, MX960,
MX2010, and MX2020 routers)—Starting in Junos OS Release 13.3R3, class-of-service
Copyright © 2015, Juniper Networks, Inc.
31
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
(CoS) hierarchical schedulers can be configured on MPC5E interfaces. This feature is
supported on egress only.
You can use hierarchical schedulers to define traffic control profiles, which set the
following CoS parameters on a CoS interface:
•
Delay buffer rate
•
Excess bandwidth
•
Guaranteed rate
•
Overhead accounting
•
Scheduler map
•
Shaping rate
General Routing
•
Nonstop active routing support for logical systems (MX Series)— Starting in Junos
OS Release 13.3, this feature enables nonstop active routing support for logical systems
using the nonstop-routing option under the [edit logical-systems logical-system-name
routing-options] hierarchy. As a result of extending nonstop active routing support for
logical systems, the logical-systems argument has been appended in some show
operational commands to allow display of status, process, and event details.
•
Nonstop active routing for multipoint label distribution protocol (M Series, MX Series,
and T Series)— Starting in Junos OS Release 13.3, this feature enables nonstop active
routing for the multipoint label distribution protocol, using the nonstop-routing option
at the [edit routing-options] hierarchy level. The multipoint label distribution protocol
state, event, and process details can be viewed using the p2mp-nsr-synchronization
flag under trace-options.
[See p2mp-ldp-next-hop.]
The show ldp database command displays the entries in the Label Distribution Protocol
(LDP) database for master and standby Routing Engines.
[See show ldp database.]
The show ldp p2mp tunnel command displays the LDP point-to-multipoint tunnel table
information.
[See show ldp p2mp tunnel.]
32
Copyright © 2015, Juniper Networks, Inc.
New and Changed Features
High Availability (HA) and Resiliency
•
MX Series Virtual Chassis support for multichassis link aggregation (MX Series
routers with MPCs)—Starting in Junos OS Release 13.3, an MX Series Virtual Chassis
supports configuration of multichassis link aggregation (MC-LAG). MC-LAG enables
a device to form a logical link aggregation group interface with two or more other
devices. The MC-LAG devices use the Inter-Chassis Communication Protocol (ICCP)
to exchange control information between two MC-LAG network devices.
When you configure MC-LAG with an MX Series Virtual Chassis, the link aggregation
group spans links to two Virtual Chassis configurations. Each Virtual Chassis consists
of two MX Series member routers that form a logical system managed as a single
network element. ICCP exchanges control information between the global master
router (VC-M) of the first Virtual Chassis and the VC-M of the second Virtual Chassis.
NOTE: Internet Group Management Protocol (IGMP) snooping is not
supported on MC-LAG interfaces in an MX Series Virtual Chassis.
[See Configuring Multichassis Link Aggregation.]
•
TCP auto-merge support in nonstop active routing for short duration hold timers for
protocols (BGP, LDP) (kernel) (M Series, MX Series, and T Series)—Beginning with
Junos OS Release 13.3, TCP auto-merge support in nonstop active routing for protocols
(BGP, LDP) (kernel) is enabled on the M Series, MX Series, and T Series. Nonstop active
routing automerge is one of the kernel components of the socket replication. On
switchover, this component merges the socket pairs automatically from the secondary
to the primary Routing Engine. Currently, nonstop active routing switchover from
secondary to primary happens when rpd issues a merge call for each secondary socket
pair to merge them to a single socket, which can result in a delay. To avoid this delay,
this feature introduces an automerge module in the kernel that decouples the secondary
socket merge from rpd and automatically merges secondary sockets on switchover
so that the rpd high priority thread takes advantage of this and generates faster
keep-alive to sustain TCP connections on switchover.
•
Nonstop active routing support for BGP addpath (M Series, MX Series, and T
Series)—Beginning in Junos OS Release 13.3, nonstop active routing support for BGP
addpath is available on the M Series, MX Series, and T Series. Nonstop active routing
support is enabled for the BGP addpath feature. After the nonstop active routing
switchover, addpath-enabled BGP sessions do not bounce. The secondary Routing
Engine maintains the addpath advertisement state before the nonstop active routing
switchover.
•
Interchassis high availability provides stateful redundancy (MS-MPC and MS-MIC
interface cards on MX Series routers)—Starting with Release 13.3, Junos OS supports
stateful high availability (HA) to replicate flow states on an active MS-MPC or MS-MIC
service card to a standby MS-MPC or MS-MIC service card on a different chassis. This
enables the preservation of the state of the existing flows in case of a planned or
unplanned switchover.
Copyright © 2015, Juniper Networks, Inc.
33
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
Services to be synchronized statefully include:
•
Stateful firewall
•
NAT (NAPT44 and APP only)
Both IPv4 and IPv6 sessions are synchronized.
Synchronization occurs for long-lived flows as defined by a configurable synchronization
threshold.
[See Inter-Chassis High Availability for MS-MIC and MS-MPC.]
•
Support for unified in-service software upgrade on MX Series routers with MPC3
and MPC4E (MX240, MX480, and MX960)—Starting in Release 13.3, Junos OS
supports unified in-service software upgrade (ISSU) on MX Series routers with MPC3
and MPC4E. Unified ISSU is a process to upgrade the system software with minimal
disruption of transit traffic and no disruption of the control plane. In this process, the
new system software version must be later than the version of the previous system
software. When unified ISSU completes, the new system software state is identical
to that of the system software when the system upgrade is performed through a cold
boot.
•
MX Series Virtual Chassis support for inline flow monitoring (MX Series routers with
MPCs)—Starting in Junos OS Release 13.3R3, you can configure inline flow monitoring
for an MX Series Virtual Chassis. Inline flow monitoring enables you to actively monitor
the flow of traffic by means of a router participating in the network.
Inline flow monitoring for an MX Series Virtual Chassis provides the following support:
•
Active sampling and exporting of both IPv4 and IPv6 traffic flows
•
Sampling traffic flows in both the ingress and egress directions
•
Configuration of flow collection on either IPv4 or IPv6 devices
•
Use of the IPFIX flow collection template for traffic sampling (both IPv4 and IPv6
export records)
Interfaces and Chassis
34
•
Transmit ESMC SSM quality level from synchronous Ethernet mode (MX
Series)—Starting in Junos OS Release 13.3, when an MX Series router is configured in
synchronous Ethernet mode, the ESMC SSM quality level can be transmitted. The set
chassis synchronization max-transmit-quality-level command sets a threshold
quality level for the entire system.
•
Ethernet frame padding with VLAN (DPCs and MPCs running on MX Series
routers)—Starting in Junos OS Release 13.3, DPCs and MPCs on MX Series routers pad
the Ethernet frame with 68 bytes if the packet is VLAN tagged and the frame length
is less than 68 bytes and greater than or equal to 64 bytes at the egress of the interface.
•
PTP redundancy support for line cards (MX Series and M Series)—Beginning with
Junos OS Release 13.3, line cards on MX Series and M Series routers support slave
redundancy. If multiple slave streams are configured across line cards and the active
Copyright © 2015, Juniper Networks, Inc.
New and Changed Features
slave line card crashes or all of the streams on that line card lose their timing packets,
another slave line card takes over if it has been primed to do so.
•
Increased Layer 3 forwarding capabilities for MPCs and Multiservices DPCs through
FIB localization (MX Series)—Starting in Junos OS Release 13.3, forwarding information
base (FIB) localization characterizes the Packet Forwarding Engines in a router into
two types: FIB-Remote and FIB-Local. FIB-Local Packet Forwarding Engines install all
of the routes from the default route tables into Packet Forwarding Engine forwarding
hardware. FIB-Remote Packet Forwarding Engines create a default (0.0) route that
references a next hop or a unilist of next hops to indicate the FIB-Local that can perform
full IP table looks-ups for received packets. FIB-Remote Packet Forwarding Engines
forward received packets to the set of FIB-Local Packet Forwarding Engines.
The capacity of MPCs is much higher than that of Multiservices DPCs, so an MPC is
designated as the local Packet Forwarding Engine, and a Multiservices DPC is designated
as the remote Packet Forwarding Engine. The remote Packet Forwarding Engine
forwards all network-bound traffic to the local Packet Forwarding Engine. If multiple
MPCs are designated as local Packet Forwarding Engines, then the Multiservices DPC
load balances the traffic using the unilist of next hops as the default route.
•
Support for centralized clocking (MX2020)—Before Junos OS Release 13.3, the
MX2020 supported SyncE (Synchronous Ethernet) in distributed mode, where the
clock module on a line card would lock to the SyncE source and distribute frequency
references to the entire chassis. Starting in Junos OS Release 13.3, the MX2020 uses
the centralized Stratum 3 clock module on the control board to lock onto SyncE and
distribute the frequency to the entire chassis. Supported features include:
•
Clock monitoring, filtering, and holdover
•
Hitless transition from a distributed to centralized clocking mode
•
Distribution of the selected chassis clock source to downstream network elements
through supported line interfaces
You can view the centralized clock module information with the show chassis
synchronization clock-module command.
NOTE: Precision Time Protocol/IEEE 1588 continue to operate in distributed
mode.
•
Enhancements to commit check processing (M Series and MX Series)—Starting in
Junos OS Release 13.3, the processing performance when you issue the commit check
command has been optimized for the following static and dynamic interface types:
•
Logical demultiplexing (demux) interfaces (demux0)
•
PPPoE logical interfaces (pp0)
•
Inline services interfaces (si)
The improved performance for commit check enables the overall commit operation to
complete faster when new demux0, pp0, or si interfaces are added to the configuration.
Copyright © 2015, Juniper Networks, Inc.
35
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
•
Support for ATM virtual connection multiplexing and LLC encapsulation (MX
Series)—Starting in Junos OS Release 13.3, ATM virtual connection (VC) multiplexing
and logical link control (LLC) encapsulation are supported on the Channelized
OC3/STM1 (Multi-Rate) Circuit Emulation MIC with SFP. ATM virtual connection
multiplexing and LLC are the two methods for identifying the protocol carried in ATM
Adaptation Layer 5 (AAL5) frames. The methods are defined in RFC 2684, Multiprotocol
Encapsulation over ATM Adaptation Layer 5.
In the ATM virtual connection multiplexing method, each ATM virtual connection carries
protocol data units (PDUs) of exactly one protocol type. When multiple protocols need
to be transported, there is a separate virtual connection for each protocol.
The LLC encapsulation method enables multiplexing of multiple protocols over a single
ATM virtual connection. The protocol type of each PDU is identified by a prefixed IEEE
802.2 LLC header.
[See ATM Support on Circuit Emulation PICs Overview.]
•
Support for MPLS-signaled LSPs to use GRE tunnels (MX Series)—Starting in Junos
OS Release 13.3, MPLS label-switched paths (LSPs) can use generic routing
encapsulation (GRE) tunnels to traverse routing areas, autonomous systems, and ISPs.
Bridging MPLS LSPs over an intervening IP domain is possible without disrupting the
outlying MPLS domain. This feature is supported on the Channelized OC3/STM1
(Multi-Rate) Circuit Emulation MIC with SFP and is defined in the RFC 4023,
Encapsulating MPLS in IP or Generic Routing Encapsulation (GRE).
[See Configuring MPLS-Signaled LSPs to Use GRE Tunnels.]
•
Support for SCBE2 (MX240, MX480, and MX960)—Starting in Junos OS Release
13.3, the Enhanced SCB—SCBE2 supports the following features:
•
Increased fabric bandwidth per slot
•
Improved external clock redundancy
•
Dynamic multicast replication only
•
GRES
The following scenarios are to be noted when you are using an MX Series router with
an SCBE2:
•
You must configure the set chassis network-services (enhanced-ip |
enhanced-ethernet) configuration command and reboot the router to bring up the
FPCs on the router. However, after the router reboots, the MS DPC, the MX FPC, and
the ADPC are powered off.
•
All the FPCs and DPCs in the router are powered off when you reboot the router
without configuring either the enhanced-ip option or the enhanced-ethernet option
at the [edit chassis network-services] hierarchy level.
•
You must reboot the router when you configure or delete the enhanced-ip option or
the enhanced-ethernet option at the [edit chassis network-services] hierarchy level.
[See Centralized Clocking Overview and Network Services Mode Overview.]
36
Copyright © 2015, Juniper Networks, Inc.
New and Changed Features
•
Support for GPS external clock interface on the SCBE (MX240, MX480, and
MX960)—Starting with Junos OS Release 13.3, you can configure the Enhanced
SCB—SCBE—external clock interface to a GPS timing source, which enables you to
select a GPS external source as the chassis clock source. You can also configure the
external clock interface to output either the selected chassis clock source or a recovered
line clock source with GPS timing signals of 1 MHz, 5 MHz, or 10 MHz with 1 pulse per
second (PPS).
[See Centralized Clocking Overview and Understanding Clock Synchronization on MX
Series Routers.]
•
Support for mixed-rate mode (T4000 and TX Matrix Plus with 3D SIBs)—Starting
with Junos OS Release 13.3, dual-rate mode or mixed-rate mode for PF-24XGE-SFPP
allows you to configure a mix of port speeds of 1 Gigabit and 10 Gigabit. However, on
PF-12XGE-SFPP, note that you can configure port speeds of either 1 Gigabit or 10 Gigabit
when the PIC is in line rate mode.
You can enable mixed-rate-mode and set port speeds with the mixed-rate-mode
statement and the speed 1G |10G statement, respectively, at the [edit chassis fpc x pic
y] hierarchy level. You can disable the mixed-rate mode by using the delete chassis fpc
x pic y mixed-rate-mode statement.
[See Configuring Mixed-Rate Mode Operation.]
•
Extended MPC support for per-unit schedulers (MX Series)—Starting in Junos OS
Release 13.3, you can configure per-unit schedulers on the non-queuing 16x10GE MPC,
MPC3E, and MPC4E, meaning you can include the per-unit-scheduler statement at the
[edit interfaces interface name] hierarchy level. When per-unit schedulers are enabled,
you can define dedicated schedulers for the logical interfaces.
Enabling per-unit schedulers on the 16x10GE MPC, MPC3E, and MPC4E adds additional
output to the show interfaces interface name [detail | extensive] command. This
additional output lists the maximum resources available and the number of configured
resources for schedulers.
[See Scheduler Maps and Shaping Rate to DLCIs and VLANs.]
•
Provider edge link protection for BGP labeled unicast paths (M Series, MX Series,
and T Series)—Starting in Junos OS Release 13.3, a precomputed protection path can
be configured in a Layer 3 VPN such that if a BGP labeled-unicast path between an
edge router in one AS and an edge router in another AS goes down, the protection path
(also known as the backup path) between alternate edge routers in the two ASs can
be used. This is useful in carrier-of-carriers deployments, where a carrier can have
multiple labeled-unicast paths to another carrier. In this case, the protection path
avoids disruption of service if one of the labeled-unicast paths goes down.
[See Understanding Provider Edge Link Protection for BGP Labeled Unicast Paths.]
•
Redundant logical tunnels (MX Series)—Beginning with Junos OS Release 13.3, when
you connect two devices through logical tunnels, you can create and configure multiple
physical logical tunnels and add them to a virtual redundant logical tunnel to provide
redundancy.
Copyright © 2015, Juniper Networks, Inc.
37
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
•
License support to activate ports (MX104)—Starting with Junos OS Release 13.3,
license support has been extended for activating the ports on MX104 3D Universal
Edge Routers. MX104 routers have four built-in ports. By default, in the absence of any
valid licenses, all four built-in ports are deactivated. The upgrade license model with
the feature IDs is described in Table 1 on page 38.
Table 1: Port License Model for the MX104
Feature ID
Feature Name
Functionality
F1
MX104 2X10G Port Activate (0 and 1)
Ability to activate the first two built-in ports (xe-2/0/0 and
xe-2/0/1)
F2
MX104 2X10G Port Activate (2 and 3)
Ability to activate the next two built-in ports (xe-2/0/2 and
xe-2/0/3)
Both features are also provided in a single license key for ease of use. MX104 routers
do not support the graceful license expiry policy.
•
Enhanced load-balancing for MIC and MPC interfaces (MX Series) — Starting with
Junos OS Release 13.3, the following load-balancing solutions are supported on
aggregate Ethernet bundles to correct genuine traffic imbalance among the member
links:
•
Adaptive — Uses real-time feedback and control mechanism to monitor and manage
traffic imbalances.
•
Per-packet random spray — Randomly sprays the packets to the aggregate next
hops to ensure that the next hops are equally loaded, resulting in packet reordering.
The aggregated Ethernet load-balancing solutions are mutually exclusive. To configure,
use the adaptive or per-packet statement at the [edit interfaces aex
aggregated-ether-options load-balance] hierarchy level.
[See Example: Configuring Aggregated Ethernet Load Balancing.]
•
Support for configuring interface alias names—Starting in Junos OS Release 13.3, you
can configure a textual description of a logical unit on a physical interface to be the
alias of an interface name. Interface aliasing is supported only at the unit level. If you
configure an alias name, the alias name is displayed instead of the interface name in
the output of all show, show interfaces, and other operational mode commands.
Configuring an alias for a logical unit of an interface has no effect on how the interface
on the router or switch operates. To specify an interface alias, you can use the alias
statement at the [edit interfaces interface-name unit logical-unit-number] and [edit
logical-systems logical-system-name interfaces interface-name unit logical-unit-number]
hierarchy levels.
[See Interface Alias Name Overview.]
•
38
The request support information command (MX Series)—Starting in Junos OS Release
13.3, when you enter the request support information command with or without the
brief statement, the output includes the show system commit command output, which
displays the commit history and pending commits.
Copyright © 2015, Juniper Networks, Inc.
New and Changed Features
•
Pseudowire logical interface device MAC address configuration (MX Series)—Starting
in Junos OS Release 13.3, you can configure a MAC address for a pseudowire logical
interface device that is used for subscriber interfaces over point-to-point MPLS
pseudowires. This feature enables you to specify the MAC address of your choice in
situations in which network constraints require the use of an explicit MAC address.
[See Configuring a Pseudowire Subscriber Logical Interface Device.]
•
Support for synchronizing the CB of an MX2020 router with external BITS timing
sources (MX2020)—Starting in Junos OS Release 13.3, this feature provides
building-integrated timing supply (BITS) input and output support to the two external
clock interfaces (ECI) on the Control Board. You can configure the ECIs for both input
and output BITS. In the absence of any configuration, the ECI is inactive.
You can configure the BITS ECI by using the synchronization statement at the [edit
chassis] hierarchy level. You can view the BITS ECI information by using the show
chassis synchronization extensive command.
[See Understanding Clock Synchronization on MX Series Routers.]
•
Distribution of Ethernet connectivity fault management sessions (MX
Series)—Starting with Junos OS Release 13.3, connectivity fault management (CFM)
sessions operate in distributed mode and can be processed on the Flexible PIC
Concentrator (FPC) on aggregated Ethernet interfaces. As a result, graceful Routing
Engine switchover (GRES) is supported on aggregated Ethernet interfaces. In releases
before Junos OS Release 13.3, CFM sessions operate in centralized mode and are
processed on the Routing Engine. However, CFM sessions are not supported on
aggregated Ethernet interfaces if the interfaces that form the aggregated Ethernet
bundle are in mixed mode.
CFM sessions are distributed by default. To disable the distribution of CFM sessions
and to operate in centralized mode, include the ppm no-delegate-processing statement
at the [edit routing-options ppm] hierarchy level. However, all CFM sessions should
operate in either only distributed or only centralized mode. A mixed operation of
distributed and centralized modes for CFM sessions is not supported.
[See IEEE 802.1ag OAM Connectivity Fault Management Overview.]
•
Redundant logical tunnels (MX Series)—Beginning with Junos OS Release 13.3, when
you connect two devices through logical tunnels, you can create and configure multiple
physical logical tunnels and add them to a virtual redundant logical tunnel to provide
redundancy.
[See Example: Configuring Redundant Logical Tunnels.]
•
Source class accounting (T4000)—Starting with Junos OS Release 13.3R2, source
class usage (SCU) accounting is performed at ingress on a T4000 Type 5 FPC.
•
SFPP-10G-CT50-ZR (MX Series)—Beginning in Junos OS Release 13.3R3, the
SPFF-10G-CT50-ZR tunable transceiver provides a duplex LC connector and supports
the 10GBASE-Z optical interface specification and monitoring. The transceiver is not
specified as part of the 10-Gigabit Ethernet standard and is instead built according to
Juniper Networks specifications. Only WAN-PHY and LAN-PHY modes are supported.
To configure the wavelength on the transceiver, use the wavelength statement at the
Copyright © 2015, Juniper Networks, Inc.
39
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
[edit interfaces interface-name optics-options] hierarchy level. The following interface
module supports the SPFF-10G-CT50-ZR transceiver:
MX Series:
•
16-port 10-Gigabit Ethernet MPC (model number: MPC-3D-16XGE-SFPP)—Supported
in Junos OS Release 12.3R6, 13.2R3, 13.3R2, 14.1, and later.
For more information about interface modules, see the “Cables and Connectors” section
in the Interface Module Reference for your router.
[See 10-Gigabit Ethernet 10GBASE Optical Interface Specifications and wavelength.]
•
PTP path trace mechanism on MX Series—Starting with Junos OS Release 13.3R4,
you can use a path trace mechanism to detect PTP loops in a PTP ring topology over
an IPv4 network. A path trace is the route that a PTP announce message takes through
the network trail of boundary clocks and is tracked through the path trace TLV in the
announce message. The path trace sequence contains the clock ID of each boundary
clock that an announce message traverses. To view the path trace, use the show ptp
path-trace detail operational mode command.
•
Software feature support (MX104)—Starting in Junos OS Release 13.3, support is
extended for the following software features on the MX104 3D Universal Edge Routers:
•
IP features—IPv6 Provider Edge (6PE), Access Node Control Protocol (ANCP), DHCP
snooping, DHCP Option-82, Multicast Listener Discovery (MLD), and Domain Name
System (DNS).
•
MPLS features—MPLS Transport Profile (MPLS-TP), ATM Single Cell Relay over
MPLS (CRoMPLS) VC Mode, Generalized MPLS (GMPLS), and VPNv6.
•
Multicast features—Distance Vector Multicast Routing Protocol (DVMRP), Multicast
Listener Discovery (MLD), Multicast Listener Discovery (MLD) Snooping, draft
rosen-multicast VPNs, Multicast version 6, and DHCPv6.
•
Layer 2 features—802.1ag threshold negotiation, 802.1X, and Media Access Control
Security (MACsec).
•
Resiliency features—Lawful intercept, Inline J-Flow, dynamic ARP inspection (DAI),
reception of dying-gasp protocol data units (PDU), DHCP snooping for port security,
and nonstop active routing (NSR).
[See Protocols and Applications Supported by MX104 Routers.]
40
Copyright © 2015, Juniper Networks, Inc.
New and Changed Features
IPv6
•
New forwarding-class-accounting statement (MX Series)—Starting in Junos OS Release
13.3R3, new forwarding class accounting statistics can be enabled at the [edit interfaces
interface-name] and [edit interfaces interface-name unit interface-unit-number] hierarchy
levels. These statistics replace the need to use firewall filters for gathering accounting
statistics. Statistics can be gathered in ingress, egress, or both directions. Statistics
are displayed for IPv4, IPv6, MPLS, Layer 2, and Other families.
NOTE: If you implement this feature in Release 13.3R3, contact JTAC prior
to upgrading to Release 14.1R1 or later.
Layer 2 Features
•
Computation of the Layer 2 overhead attribute in interface statistics (T
Series)—Starting in Junos OS Release 13.3, on T Series routers, you can configure an
attribute at the PIC level to include the Layer 2 overhead (header and trailer bytes) in
the physical interface and logical interface statistics for both ingress and egress
directions. Both the transit and total statistical information includes the Layer 2
overhead in the output of the show interfaces interface-name command for each physical
or logical interface on that PIC.
The ifInOctets and ifOutOctets MIB objects display statistics that include Layer 2
overhead bytes.
MPLS
•
Multisegment pseudowire for FEC 129 (M Series, MX Series, and T Series)—Junos
OS Release 13.3 and later releases provide support for establishing a dynamic
multisegment pseudowire (MS-PW) with FEC 129 in an MPLS packet-switched network
(PSN). The stitching provider edge (S-PE) devices in an MS-PW are automatically and
dynamically discovered by BGP, and the pseudowire is signaled by LDP using FEC 129.
This arrangement requires minimum provisioning on the S-PEs, thereby reducing the
configuration burden that is associated with statically configured Layer 2 circuits while
still using LDP as the underlying signaling protocol.
The MS-PW feature also provides operation, administration, and management (OAM)
capabilities, such as ping, traceroute, and Bidirectional Forwarding Detection (BFD),
from the terminating PE (T-PE) devices of an MS-PW.
[See Example: Configuring a Multisegment Pseudowire.]
•
Control word for BGP VPLS (M320 and MX Series)—For hash calculation, transit
routers must determine the payload. While parsing an MPLS encapsulated packet for
hashing, a transit router can incorrectly calculate an Ethernet payload as an IPv4 or
IPv6 payload if the first nibble of the DA MAC is 0x4 or 0x6, respectively. This false
positive can cause out-of-order packet delivery over a pseudowire. Starting in Junos
OS Release 13.3R3, this issue can be avoided by configuring a BGP VPLS PE router to
Copyright © 2015, Juniper Networks, Inc.
41
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
request that other BGP VPLS PE routers insert a control word between the label stack
and the MPLS payload.
Multicast
•
IGMP and PIM snooping support (MPC3E and MPC4E on MX240, MX480, and
MX960)—Starting with Junos OS Release 13.3, IGMP snooping and PIM snooping are
supported on the MX240, MX480, and MX960 and with Modular Port Concentrators
(MPC) MPC3E and MPC4E.
Network Management and Monitoring
•
BFD session enhancements (MX Series routers with MPCs or MICs)—Starting in
Junos OS Release 13.3, the following BFD session enhancements have been introduced:
•
enhanced-ip option—For BFD over aggregated Ethernet (ae) interfaces, configuring
the enhanced-ip option at the [edit chassis network-services] hierarchy level increases
the number of BFD sessions. When you activate or deactivate this option, the router
must be rebooted.
•
•
Inline mode—This enables the router to transmit and receive BFD packets from the
FPC hardware. Currently, for BFD over aggregated Ethernet (ae) interfaces, the inline
mode is supported only on MX Series routers with MPCs/MICs that have configured
the enhanced-ip option. For BFD over Gigabit Ethernet interfaces and VLAN interfaces,
the inline mode is supported by default on all the MX Series routers with MPCs/MICs.
•
Unified ISSU timer negotiation—During unified ISSU, the timer for BFD sessions is
increased from the configured value to 60 seconds.
Support for BFD over child links of AE or LAG bundle (cross-functional Packet
Forwarding Engine/kernel/rpd) (M Series, MX Series, and T Series)—Beginning in
Junos OS Release 13.3, BFD over child links of an AE or LAG bundle is supported. This
feature provides a Layer 3 BFD liveness detection mechanism for child links of the
Ethernet LAG interface. You can enable BFD to run on individual member links of the
LAG to monitor the Layer 3 or Layer 2 forwarding capabilities of individual member
links. These micro BFD sessions are independent of each other despite having a single
client that manages the LAG interface. To enable failure detection for aggregated
Ethernet interfaces, include the bfd-liveness-detection statement at the [edit interfaces
aex aggregated-ether-options bfd-liveness-detection] hierarchy level.
[See Understanding Independent Micro BFD Sessions for LAG.]
42
Copyright © 2015, Juniper Networks, Inc.
New and Changed Features
OpenFlow
•
Support for OpenFlow v1.0 (MX80, MX240, MX480, and MX960)—Starting with
Junos OS Release 13.3, the MX80, MX240, MX480, and MX960 routers support
OpenFlow v1.0. OpenFlow enables you to control traffic in an existing network using
a remote controller by adding, deleting, and modifying flows on a switch. You can
configure one OpenFlow virtual switch and one active OpenFlow controller at the [edit
protocols openflow] hierarchy level on each device running Junos OS that supports
OpenFlow. On MX Series routers that support OpenFlow, you can also direct traffic
from OpenFlow networks over MPLS networks by using logical tunnel interfaces and
MPLS LSP tunnel cross-connects.
[See OpenFlow Feature Guide.]
Platform and Infrastructure
•
Virtual Route Reflector (VRR)—Starting in Junos OS Release 13.3R3, you can implement
route reflector capability using a general purpose virtual machine on a 64-bit Intel-based
blade server or appliance. Benefits of the VRR are:
•
Improved scalability (depending on the server core hardware use)
•
Scalability of the BGP network with lower cost using VRR at multiple locations in
the network
•
Fast and more flexible deployment using Intel servers rather than router hardware
•
Space savings through elimination of router hardware
Port Security
•
Static ARP with multicast MAC address for an IRB interface—Starting in Junos OS
Release 13.3, you can configure a static ARP entry with a multicast MAC address for
an IRB interface that acts as the gateway to the network load balancing (NLB) servers.
Earlier, the NLB servers dropped packets with a unicast IP address and a multicast
MAC address. Junos OS Release 13.3 supports the configuration of a static ARP with
a multicast MAC address.
To configure a static ARP entry with a multicast MAC address for an IRB interface,
configure the ARP entry at the [edit interfaces irb unit logical-unit-number family inet
address address] hierarchy level.
irb {
unit logical-unit-number{
family inet {
address address{
arp address multicast-mac mac-add;
}
}
}
}
Copyright © 2015, Juniper Networks, Inc.
43
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
Routing Policy and Firewall Filters
•
Using a firewall filter to prevent or allow datagram fragmentation (MX
Series)—Starting in Junos OS Release 13.3, you can define a firewall filter term to
prevent or allow datagram fragmentation by setting or clearing the Don’t Fragment
flag in the IPv4 header of packets that are matched by the filter. Specify the desired
action at the [edit firewall family inet filter filter-name term term-name then action]
hierarchy level.
•
To prevent fragmentation of the IP datagram, include the dont-fragment set action
in a term to set the dont-fragment bit to one.
•
To allow fragmentation of the IP datagram, include the dont-fragment clear action
in a term to clear the dont-fragment bit to zero.
[See Configuring a Firewall Filter to Prevent or Allow IPv4 Packet Fragmentation and
Firewall Filter Nonterminating Actions.]
•
New firewall filter gre-key field match condition—Starting in Junos OS Release 13.3R3,
there is a new gre-key match condition at the [edit firewall family inet filter filter-name
term term-name from] hierarchy level. The gre-key match condition allows a user to
match against the gre key field which is an optional field in gre encapsulated packets.
The key can be matched as a single key value and or a range of key values.
•
Support for consistent load balancing for ECMP groups (MX Series routers with
MPCs)—Starting in Junos OS Release 13.3, effective in Junos OS Release 13.3R3, on
MX Series 3D Universal Edge Routers with modular port concentrators (MPCs) only,
you can prevent the reordering of flows to active paths in an ECMP group when one or
more paths fail. Only flows that are inactive are redirected. This feature applies only
to Layer 3 adjacencies learned through external BGP connections. It overrides the
default behavior of disrupting all existing, including active, TCP connections when an
active path fails. Include the consistent-hash statement at the [edit policy-options
policy-statement policy-statement-name then load-balance] hierarchy level. You must
also configure a global per-packet load-balancing policy.
[See Actions in Routing Policy Terms. ]
•
New fast-lookup-filter statement on MX240, MX480, MX960, MX2010, and MX2020
routers with MPC5E, MPC5EQ, and MPC6E MPCs and compatible MICs—Starting in
Junos OS Release 13.3R3, the fast-lookup-filter option is available at the [edit firewall
family (inet | inet6) filter filter-name] hierarchy level. This allows for hardware assist
from compatible MPCs in the firewall filter lookup. There are 4096 hardware filters
available for this purpose, each of which can support up to 255 terms. Within the firewall
filters and their terms, ranges, prefix lists, and the except keyword are all supported.
Only the inet and inet6 protocol families are supported.
•
New action settings for firewall filter term when next-interface is down—In previous
versions of Junos OS, if the then clause of a firewall filter term was set to next-interface
and that next interface went down, traffic was lost because the default action is to
drop the packet.
Starting in Junos OS Release 13.3R3, the actions accept and next term are available at
the [edit firewall family inet filter filter-name term term-name then next-interface
44
Copyright © 2015, Juniper Networks, Inc.
New and Changed Features
interface-name] hierarchy level. There is no new configuration option available if the
firewall filter term action is set to next-ip, meaning that if the next-ip is down, traffic is
still dropped.
The action configured at this level only becomes active if the next-interface is down
and the ARP on the interface is cleared. If not configured, the default action is to drop
the packet.
Routing Protocols
•
Support for BMP version 3—Starting in Junos OS Release 13.3, BGP monitoring protocol
(BMP) version 3 is supported. BMP allows a remote device (the BMP station) to monitor
BGP as it is running on a router or group of routers. BMP version 3 includes substantial
additional functionality versus version 1. The BMP version 3 configuration is incompatible
with the old version. If you are running BMP version 1 on your Juniper Networks devices,
be sure to update your BMP configuration when you upgrade to Junos OS Release 13.3.
[See Configuring BGP Monitoring Protocol Version 3.]
•
Support for consistent load balancing for ECMP groups (MX Series routers with
MPCs)—Effective in Junos OS Release 13.3R3, on MX Series 3D Universal Edge Routers
with modular port concentrators (MPCs) only, you can prevent the reordering of flows
to active paths in an ECMP group when one or more paths fail. Only flows that are
inactive are redirected. This feature applies only to Layer 3 adjacencies learned through
external BGP connections. It overrides the default behavior of disrupting all existing,
including active, TCP connections when an active path fails. Include the consistent-hash
statement at the [edit policy-options policy-statement policy-statement-name then
load-balance] hierarchy level. You must also configure a global per-packet
load-balancing policy.
[See Actions in Routing Policy Terms. ]
•
Recursive DNS server ICMPv6 router advertisement option support (M Series, MX
Series, and T Series)—Beginning with Junos OS Release 13.3R4, you can configure a
maximum of three recursive DNS server addresses and their respective lifetimes via
static configuration at interface level for IPv6 hosts. Previously, rpd supported only
link-local address information, prefix information, and the link MTU. The router
advertisement-based DNS configuration is useful in networks where an IPv6 host’s
address is auto-configured through an IPv6 stateless address and where there is no
DHCPv6 infrastructure available.
To configure the recursive DNS server address, include the dns-server-address statement
at the [edit protocols router-advertisement interface interface-name] hierarchy level.
[See Example: Configuring Recursive DNS Address.]
Copyright © 2015, Juniper Networks, Inc.
45
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
Services Applications
•
Enabling Layer 2 Protocol Tunneling (L2PT) support for VLAN Spanning Tree Protocol
(VSTP) and per-VSTP (MX Series routers with MPC/MICs) —Starting in Junos OS
Release 13.3, this feature enables L2PT support for VSTP/PVSTP.
[See layer2-control.]
You can also enable rewriting of the MAC address for an interface using the
enable-all-ifl option.
[See mac-rewrite.]
•
Chained composite next hops (MX Series and T Series)—Starting in Junos OS Release
13.3, the support of chained composite next hops for directly connected provider edge
(PE) routers varies from one platform to another. On MX Series routers containing both
DPC and MPC FPCs, chained composite next hops are disabled by default. To enable
chained composite next hops on the MX240, MX480, and MX960, the chassis must
be configured to use the enhanced-ip option in network services mode. On T4000
routers containing MPC and FPCs, chained composite next hops are disabled by default.
To enable chained composite next hops on a T4000 router, the chassis must be
configured to use the enhanced-mode option in network services mode.
•
Data plane inline support added for 6rd and 6to4 tunnels connecting IPv6 clients
to IPv4 networks on MX Series routers with MPC line cards—Starting with Release
13.3R3, Junos OS supports inline 6rd and 6to4 on Modular Port Concentrator (MPC)
line cards with Trio chipsets, saving customers the cost of using MS-DPCs for the
required tunneling, encapsulation, and decapsulation processes. Anycast is supported
for 6to4 (next-hop service interfaces only). Hairpinning is also supported for traffic
between 6rd domains.
There are no CLI changes for 6rd and 6to4 configurations. To implement the inline
functionality, configure service interfaces on the MPC card as inline services interfaces
(si-) rather than as MultiServices (ms-) interfaces.
Two new operational commands have been added: show services inline softwire
statistics and clear services inline softwire statistics.
•
IPsec invalid SPI notification (MX Series and T Series)—Starting in Junos OS release
13.3R4, you can enable automatic recovery when peers in a security association (SA)
become unsynchronized. When peers become unsynchronized, this can cause the
transmission of packets with invalid security parameter index (SPI) values and the
dropping of those packets by the receiving peer. You can enable automatic recovery
by using the new respond-bad-spi max-responses configuration statement, which
appears under the hierarchy level [edit services ipsec-vpn ike policy]. This statement
results in a resynchronization of the SAs.
The max-responses value has a default of 5 and a range of 1 through 30.
•
46
Support for RPM probes with IPv6 sources and destinations (MX Series routers with
MPCs)—Starting with Junos OS release 13.3R5, the RPM client router (the router or
switch that originates the RPM probes) can send probe packets to the RPM probe
server (the device that receives the RPM probes) that contains an IPv6 address. To
specify the destination IPv6 address used for the probes, include the target (url ipv6-url
Copyright © 2015, Juniper Networks, Inc.
New and Changed Features
| address ipv6-address) statement at the [edit services rpm probe owner test test-name]
hierarchy level. You can also define the RPM client or the source that sents RPM probes
to contain an IPv6 address. To specify the IPv6 protocol-related settings and the source
IPv6 address of the client from which the RPM probes are sent, include the inet6-options
source-address ipv6-address statement at the [edit services rpm probe owner test
test-name] hierarchy level.
Software Installation and Upgrade
•
Support for autoinstallation of satellite devices in a JNU group—In a Junos Node
Unifier (JNU) topology that contains an MX Series router as a controller that manages
satellite devices, such as EX Series Ethernet Switches, QFX Series devices, and ACX
Series Universal Access Routers, the autoinstallation functionality is supported for the
satellite devices. Starting in Junos OS Release 13.3, JNU has an autoinstallation
mechanism that enables a satellite device to configure itself out-of-the-box with no
manual intervention, using the configuration available either on the network or locally
through a removable media, or using a combination of both. This autoinstallation
method is also called the zero-touch facility.
A JNU factory default file, jnu-factory.conf, is present in the /etc/config/ directory and
contains the configuration to perform autoinstallation on satellite devices. The
zero-touch configuration can be disabled by including the delete-after-commit
statement at the [edit system autoinstallation] hierarchy level and committing the
configuration.
[See Autoinstallation of Satellite Devices in a Junos Node Unifier Group and Configuring
Autoinstallation on JNU Satellite Devices.]
Subscriber Management and Services (MX Series)
•
Pseudowire subscriber logical interfaces MPC support—Starting in Junos OS Release
13.3, pseudowire subscriber logical interfaces are supported on MPCs with Ethernet
MICs only.
•
Service packet counting (MX Series)—Starting in Junos OS Release 13.3, you can
configure the counters that subscriber management uses when capturing volume
statistics for subscribers on a per-service session basis.
•
Inline counters are captured when the event occurs, and do not include any additional
packet processing events that occur after the event.
•
Deferred counters are not incremented until the packet is queued for transmission,
and therefore include the entire packet processing. Deferred counters provide a more
accurate packet count than inline counters, and are more useful for subscriber
accounting and billing.
NOTE: Fast update filters do not support deferred counters.
[See Configuring Service Packet Counting.]
Copyright © 2015, Juniper Networks, Inc.
47
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
•
RADIUS logical line identifier (MX Series)—Starting in Junos OS Release 13.3, service
providers can use a virtual port feature, known as the logical line ID (LLID), to maintain
a reliable and up-to-date customer database for those subscribers who move from
one physical line to another. The LLID, which is based on the subscriber's user name
and circuit ID, is mapped to the subscriber's physical line. When the subscriber moves
to a different physical line, the service provider database is updated to map the LLID
to the new physical line. Subscriber management supports the LLID feature for PPP
subscribers over PPPoE, PPPoA, and LAC.
[See RADIUS Logical Line Identifier (LLID) Overview.]
•
Configurable timers for DHCPv6 address-assignment pools (MX Series)—Starting
in Junos OS Release 13.3, subscriber management on MX Series routers supports
configurable timers for address-assignment pools that are used by a DHCPv6 local
server. In addition to the previously supported maximum-lease-time timer, you can
configure the valid-lifetime and preferred-lifetime timers to manage address leases
provided by address-assignment pools. You can also configure the renew (T1) and
rebind (T2) times that subscriber management uses to extend the lifetimes of addresses
obtained from an address-assignment pool.
[See DHCPv6 Lease Timers.]
•
DHCP statements and options (MX Series)—Starting in Junos OS Release 13.3, you
can use the following statements and options for DHCP subscriber management
support:
•
incoming-interface—New option that provides secondary identification match criteria
for the DHCP auto logout feature when there are duplicate clients.
•
delay-authentication—New statement that conserves managed resources on the
router by delaying subscriber authentication until the DHCP request processing
phase.
•
server-response-time—New statement that configures the timeframe during which
the router monitors DHCP server responsiveness. The router generates a system log
message when the DHCP server does not respond to relayed packets during the
specified time.
•
option hex-string—New option that enables the use of the hex-string option type for
user-defined DHCP attribute options that are added to client packets.
•
duplicate-clients-in-subnet—New statement that configures how the router
distinguishes between duplicate clients in the same subnet. This replaces the
duplicate-clients-on-interface statement, which is now obsolete.
[See client-discover-match, delay-authentication, server-response-time, option, and
duplicate-clients-in-subnet.]
•
48
Support for agent circuit identifier filtering in PPPoE subscriber session lockout
(M120, M320, and MX Series)—Starting in Junos OS Release 13.3, extend PPPoE
subscriber session lockout has been extended to support identification and filtering of
PPPoE subscriber sessions by either the agent circuit identifier (ACI) value or the unique
MAC source address on static or dynamic VLAN and static or dynamic VLAN demux
Copyright © 2015, Juniper Networks, Inc.
New and Changed Features
underlying interfaces. In earlier Junos OS releases, PPPoE subscriber session lockout
identified and filtered subscriber sessions only by their unique MAC source address.
ACI-based or MAC-based PPPoE subscriber session lockout prevents a failed or
short-lived PPPoE subscriber session from reconnecting to the router for a default or
configurable time period. ACI-based PPPoE subscriber session lockout is useful for
configurations such as PPPoE interworking in which MAC source addresses are not
unique on the PPPoE underlying interface.
To configure ACI-based PPPoE subscriber session lockout, use the short-cycle-protection
statement with the filter aci option. To clear an ACI-based lockout condition, issue the
clear pppoe lockout command with the aci option.
[See PPPoE Subscriber Session Lockout Overview.]
•
Subscriber management and services feature parity (MX80)—Starting in Junos OS
Release 13.3, the MX80 supports all subscriber management and services features
that are supported by the MX240, MX480, and MX960 routers. Previously, the MX80
router matched feature support for these routers as of Junos OS Release 11.4.
[See Protocols and Applications Supported by MX5, MX10, MX40, and MX80 Routers.]
•
Subscriber management and services feature and scaling parity (MX2010 and
MX2020)—Starting in Junos OS Release 13.3, the MX2010 and the MX2020 support
all subscriber management and services features that are supported by the MX240,
MX480, and MX960 routers. In addition, the scaling and performance values for the
MX2010 and the MX2020 match those of MX960 routers.
[See Protocols and Applications Supported by MX240, MX480, MX960, MX2010, and
MX2020 MPCs, Protocols and Applications Supported by MX240, MX480, MX960, MX2010,
and MX2020 Enhanced MPCs (MPCEs), Protocols and Applications Supported by the
MX240, MX480, MX960, MX2010, and MX2020 MPC3E, and Protocols and Applications
Supported by the MX240, MX480, MX960, MX2010, and MX2020 MPC4Es.]
•
Per-subscriber support for multiple instances of the same service with different
parameters (MX Series routers with MPCs or MICs)—Starting In Junos OS Release
13.3, a subscriber can have multiple instances of the same service, provided that each
service instance has a different set of parameters. In earlier Junos OS releases, each
subscriber was limited to only a single instance of each service.
You can configure a specific service instance for a particular subscriber by specifying
a service name and unique service parameters for that instance. Each service instance
is uniquely identified by the combination of its service name and service parameters.
Use the request network-access aaa subscriber delete command to deactivate all
instances of a subscriber service by specifying only the service name, or to deactivate
a specific instance of a service by specifying both the service name and its parameters.
In earlier Junos OS releases, you deactivated a service by specifying only its service
name, but not its service parameters.
[See Subscriber Services with Multiple Instances Overview.]
•
RADIUS accounting messages for dual-stack subscribers (MX Series)—Starting in
Junos OS Release 13.3, when an IPv6 address is assigned using DHCPv6, the RADIUS
interim accounting message includes the assigned IPv6 address. If the delegated prefix
Copyright © 2015, Juniper Networks, Inc.
49
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
is provided to the client using DHCPv6-PD, the RADIUS interim accounting message
includes the delegated prefix (IA_PD, such as /56). The
address-change-immediate-update statement is now effective for any address allocation
change after an Acct-Start message is issued (for IPv6NCP and DHCPv6). An immediate
Interim-Acct message is sent upon any subsequent DHCPv6 negotiation and allocation
when new allocated addresses are added. After IPv6NCP negotiation, DHCPv6 address
allocation and negotiation occurs.
[See RADIUS Accounting Messages for Dual-Stack Subscribers.]
•
Support for IPv6 for TACACS+ authentication (M Series, MX Series, and T Series)—
Starting with Release 13.3, Junos OS supports IPv6 along with the existing IPv4 support
for user authentication using TACACS+ servers.
•
Configurable L2TP receive window size (MX Series)—Starting in Junos OS Release
13.3, the new rx-window-size statement at the [edit services l2tp tunnel] hierarchy level
enables you to specify the size of the receive window in the range 4 through 128 on an
L2TP LAC or LNS. The default value is 4. The Receive Window Size AVP (Attribute
Type 10) is not sent in the SCCRQ message when the default value is configured on a
LAC or in the SCCRP message when configured on an LNS.
[See Setting the L2TP Receive Window Size.]
•
Clearing ANCP statistics (MX Series)—Starting in Junos OS Release 13.3, you can
clear all ANCP statistics with the clear ancp statistics command. You can clear statistics
for a particular neighbor identified by the neighbor’s IP address with the clear ancp
statistics ip-address ip-address command. You can clear statistics for a particular
neighbor identified by the neighbor’s IP address with the clear ancp statistics
system-name mac-address command.
[See Clearing and Verifying ANCP Statistics.]
•
ANCP agent support for nonzero partition IDs (MX Series)—Starting in Junos OS
Release 13.3, the ANCP agent on the router can form adjacencies with multiple logical
partitions on a neighbor when you enable the agent to learn partition IDs during
adjacency negotiation with the neighbor. If the agent receives a SYN message from
the neighbor within a configurable period, the agent learns the partition IDs and can
form adjacencies with the partitions. The agent can form an adjacency only with the
neighbor if the SYN is not received within the period, the partition ID is zero, or learning
is not enabled.
[See Configuring the ANCP Agent to Learn ANCP Partition IDs.]
•
Dynamic protocol version detection for ANCP (MX Series)—Starting in Junos OS
Release 13.3, when an ANCP neighbor opens adjacency negotiations, it indicates the
highest version of ANCP that it supports. ANCP neighbors must be able to identify the
supported versions because ANCP Version 1, defined in RFC 6320, Protocol for Access
Node Control Mechanism in Broadband Networks, is not interoperable with the earlier
version based on GSMPv3.
During negotiation, the receiving neighbor returns the value sent by the other neighbor
if it supports that version, or drops the message if it does not. You can still configure
the router to operate in pre-ietf mode for interoperability with neighbors that support
only GMSPv2.
50
Copyright © 2015, Juniper Networks, Inc.
New and Changed Features
[See ANCP Topology Discovery and Traffic Reporting Overview.]
•
Support for ANCP generic response messages and result codes (MX Series)—Starting
in Junos OS Release 13.3, the ANCP agent supports receipt of generic response
messages. Upon receipt, the router generates a system log, increments the generic
message counters, and increments the result code counters. Generic response messages
(GRMs) are typically sent instead of specific response messages when no information
needs to be sent other than a result of success or failure. When the message reports
a failure, it must include one of eight result codes to indicate the cause. A GRM can
also be sent independent of a request when the failure causes the adjacency to be
shut down.
[See ANCP Topology Discovery and Traffic Reporting Overview.]
•
Support for sending and receiving the ANCP Status-Info TLV (MX Series)—Starting
in Junos OS Release 13.3, the Status-Info TLV supplements the generic response
message result codes and provides information about a warning or error condition.
Although usually included in generic response messages, the TLV can also be included
in other ANCP message types. The Status-Info TLV must be included in generic response
messages when the result code indicates a port is down, a port does not exist, a
mandatory TLV is missing, or a TLV is invalid.
[See ANCP Topology Discovery and Traffic Reporting Overview.]
•
DNS address assignment in DHCPv6 IA_NA and IA_PD environments (MX
Series)—Starting in Junos OS Release 12.3R3 and Release 13.3 (but not in Releases
13.1 and 13.2), the DHCPv6 local server returns the DNS server address (DHCPv6
attribute 23) as a global DHCPv6 option, rather than as an IA_NA or IA_PD suboption.
DHCPv6 returns the DNS server address that is specified in the IA_PD or IA_NA pools—if
both address pools are requested, DHCPv6 returns the address specified in the IA_PD
pool only, and ignores any DNS address in the IA_NA pool.
In releases earlier than 12.3R3, and in Releases 13.1 and 13.2, DHCPv6 returns the DNS
server address as a suboption inside the respective DHCPv6 IA_NA or IA_PD header.
You can use the multi-address-embedded-option-response statement at the [edit
system services dhcp-local-server dhcpv6 overrides] hierarchy level to revert to the prior
behavior. However, returning the DNS server address as a suboption can create
interoperability issues for some CPE equipment that cannot recognize the suboption
information.
[See DHCPv6 Options in a DHCPv6 Multiple Address Environment.]
•
Support for filtering trace results by subscribers for AAA, L2TP, and PPP (MX
Series)—Starting in Junos OS Release 13.3, you can filter trace results for some
processes by subscriber. The reduced set of results simplifies troubleshooting in a
scaled environment. Specify the user [email protected] option at the appropriate hierarchy
level:
•
AAA (authd)—[edit system processes general-authentication-service traceoptions
filter]
•
L2TP (jl2tpd)—[edit services l2tp traceoptions filter]
•
PPP (jpppd)—[edit protocols ppp-service traceoptions filter]
Copyright © 2015, Juniper Networks, Inc.
51
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
You can filter on the user, the domain, or both. You can use a wildcard (*) at the
beginning or end of each term, as in the following examples: [email protected], tom*,
*tom, *ample.com, [email protected]*, tom*@*example.com.
You cannot filter results using a wildcard in the middle of the user or domain, as in the
following examples: tom*[email protected], [email protected]*.com.
Traces that have insufficient information to determine the subscriber username are
automatically excluded from the results.
•
Overriding the preferred source address as the source address of Neighbor
Solicitation/Neighbor Advertisement (NS/NA) on unnumbered interfaces (MX
Series)—By default, if a preferred source address is configured on an unnumbered
interface, that preferred address is used as the source address of NS/NA. If no preferred
source address is configured, the router uses a suitable address based on the destination
address scope. Starting in Junos OS Release 13.3, you can configure the router to
override the default configuration of using the preferred source address for NS/NA.
The router ignores the preferred source address and uses an appropriate address based
on the destination address scope.
•
DHCPv6 local server and relay agent username and option 37 (MX Series)—Starting
in Junos OS Releases 12.3R7, 13.2R4, and 13.3R2, the router supports the generation of
an ASCII version of the authentication username. When you configure DHCPv6 local
server or relay agent to concatenate the authentication username with the Agent
Remote-ID option 37, the router uses only the remote-id portion of option 37 and ignores
the enterprise number.
The router no longer supports the enterprise-id and remote-id options for the
relay-agent–remote-id statement.
•
Subscriber management and services feature and scaling parity (MX104)—Starting
in Junos OS Release 13.3R3, the MX104 router supports all subscriber management
and services features that are supported by the MX80 router. In addition, the scaling
and performance values for the MX104 router match those of the MX80 router.
[See Protocols and Applications Supported by MX5, MX10, MX40, and MX80 Routers.]
•
DHCP relay agent for clients in different VRF than DHCP server (MX Series)—Starting
in Junos OS Release 13.3R3, subscriber management provides enhanced security when
exchanging DHCP messages between a DHCP server and DHCP clients that reside in
different virtual routing instances (VRFs). The DHCP cross-VRF message exchange
uses the DHCP relay agent to ensure that there is no direct routing between the client
VRF and the DHCP server VRF.
To exchange DHCP messages between the two VRFs, you configure both the server
side and the client side of the DHCP relay to permit traffic based on the Agent Circuit
ID (DHCP option 82 suboption 1) in DHCPv4 packets and the Relay Agent Interface-ID
(DHCPv6 option 18) in DHCPv6 packets.
•
52
Subscriber management and services feature and scaling parity (MX2010 and
MX2020)—Starting in Junos OS Release 13.3, the MX2010 and the MX2020 support
all subscriber management and services features that are supported by the MX240,
MX480, and MX960 routers. In addition, the scaling and performance values for the
MX2010 and the MX2020 match those of MX960 routers.
Copyright © 2015, Juniper Networks, Inc.
New and Changed Features
VPNs
•
Enhanced multicast VPNs traceoptions statement (M Series, MX Series, and T
Series)—Starting in Junos OS Release 13.3, the multicast VPNs traceoptions statement
has been enhanced starting in Junos OS Release 13.3. This statement can now be
configured at the [edit protocols mpvn] hierarchy level. In addition, the following
traceoption flags have been added: cmcast-join, inter-as-ad, intra-as-ad, leaf-ad,
mdt-safi-ad, source-active, spmsi-ad, tunnel, and umh.
[See Tracing MBGP MVPN Traffic and Operations.]
•
Enhanced egress protection in Layer 3 VPNs (M Series, MX Series, and T
Series)—Starting in Junos OS Release 13.3, enhanced point-of-local-repair (PLR)
functionality is available, in which the PLR reroutes service traffic during an egress
failure. As part of this enhancement, the PLR router no longer needs to be directly
connected to the protector router. Previously, if the PLR was not directly connected
to the protector router, the loop-free alternate route did not find the backup path to
the protector. A new configuration statement, advertise-mode, enables you to set the
method for the interior gateway protocol (IGP) to advertise egress protection
availability.
[See Configuring Layer 3 VPN Egress Protection with RSVP and LDP.]
Related
Documentation
•
Control word for BGP VPLS (M320 and MX Series)—For hash calculation, transit
routers must determine the payload. While parsing an MPLS encapsulated packet for
hashing, a transit router can incorrectly calculate an Ethernet payload as an IPv4 or
IPv6 payload if the first nibble of the DA MAC is 0x4 or 0x6, respectively. This false
positive can cause out-of-order packet delivery over a pseudowire. Starting in Junos
OS Release 13.3R3, this issue can be avoided by configuring a BGP VPLS PE router to
request that other BGP VPLS PE routers insert a control word between the label stack
and the MPLS payload.
•
Loop prevention in VPLS network due to MAC moves (MX Series)— Starting with
Junos OS Release 13.3R3, the base learning interface approach and the statistical
approach can be used to prevent a loop in a VPLS network by disabling the suspect
customer facing interface that is connected to the loop. Some virtual MACs can
genuinely move between different interfaces and such MACs can be configured to
ignore the moves. The cooloff time and statistical approach wait time are used internally
to find out the looped interface. The interface recovery time can be configured to
auto-enable the interface that gets disabled due to a loop in the network. To configure
these parameters of VPLS MAC moves, include the vpls-mac-move statement at the
[edit protocols l2-learning] hierarchy level. The show vpls mac-move-action instance
instance-name command displays the learning interfaces that are disabled, in a VPLS
instance due to a MAC move. The clear vpls mac-move-action interface ifl-name
command enables an interface disabled due to a MAC move.
•
Changes in Behavior and Syntax on page 54
•
Known Behavior on page 68
•
Known Issues on page 70
Copyright © 2015, Juniper Networks, Inc.
53
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
•
Resolved Issues on page 80
•
Documentation Updates on page 135
•
Migration, Upgrade, and Downgrade Instructions on page 156
•
Product Compatibility on page 165
Changes in Behavior and Syntax
This section lists the changes in behavior of Junos OS features and changes in the syntax
of Junos OS statements and commands from Junos OS Release 13.3R6 for the M Series,
MX Series, and T Series.
54
•
High Availability (HA) and Resiliency on page 55
•
Interfaces and Chassis on page 55
•
IPv6 on page 57
•
Management on page 57
•
MPLS on page 57
•
Multicast on page 58
•
Network Management and Monitoring on page 59
•
Routing Policy and Firewall Filters on page 59
•
Routing Protocols on page 59
•
Security on page 60
•
Services Applications on page 60
•
Software Installation and Upgrade on page 63
•
Subscriber Management and Services on page 63
•
User Interface and Configuration on page 67
Copyright © 2015, Juniper Networks, Inc.
Changes in Behavior and Syntax
High Availability (HA) and Resiliency
•
New redundancy failover CLI statement (M, MX, T, TX Matrix Plus)—Starting in Junos
OS Release13.3R6, the chassis redundancy failover not-on-disk-underperform statement
prevents gstatd from causing failovers in the case of slow disks on the Routing Engine.
See not-on-disk-underperform and Preventing Graceful Restart in the Case of Slow Disks.
Interfaces and Chassis
•
Validation of deactivated inline services MLPPP bundle interfaces—Starting with
Junos OS Release 13.3, if you attempt to delete or deactivate a static inline service (si)
MLPPP bundle interface that is still referenced by a member link interface, which could
be PPPoE (pp0) or silogical interfaces, and commit the configuration, the commit
operation fails. You must reactivate such MLPPP bundle interface before committing
the settings. Alternatively, you must ensure that member links do not refer a static
MLPPP bundle before you delete or deactivate the bundle. This method of deactivation
and reactivation of an MLPPP bundle is not applicable for interfaces other than siinterfaces, such as link services IQ (lsq-) and virtual LSQ redundancy (rlsq-) interfaces.
[See Understanding MLPPP Bundles and Link Fragmentation and Interleaving (LFI) on
Serial Links.]
•
Changes to DDoS protection policers for PIM and PIMv6 (MX Series with MPCs,
T4000 with FPC5)—Starting in Junos OS Release 13.3R2, the default values for
bandwidth and burst limits have been reduced for PIM and PIMv6 aggregate policers
to prevent starvation of OSPF and other protocols in the presence of high-rate PIM
activity.
Policer Limit
New Value
Old Value
Bandwidth (pps)
8000
20,000
Burst (pps)
16,000
20,000
To see the default and modified values for DDoS protection packet-type policers, issue
one of the following commands:
•
show ddos-protection protocols parameters brief—Displays all packet-type policers.
•
show ddos-protection protocols protocol-group parameters brief—Displays only
packet-type policers with the specified protocol group.
An asterisk (*) indicates that a value has been modified from the default.
•
Changes to distributed denial of service statement and command syntax—Starting
in Junos OS Release 13.3R2, the protocol group and packet type syntax has changed
for the protocols statement at the [edit system ddos-protection] hierarchy level and
for the various show ddos-protection protocols commands.
The filter-v4 and filter-v6 packet types have been moved from the unclassified protocol
group to the new filter-action protocol group.
Copyright © 2015, Juniper Networks, Inc.
55
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
•
filter-action protocol group—The following packet types are available for unclassified
firewall filter action packets, which are sent to the host because of reject terms in
firewall filters:
•
aggregate—Aggregate of all unclassified filter action packets.
•
filter-v4—Unclassified IPv4 filter action packets.
•
filter-v6—Unclassified IPv6 filter action packets.
•
other—All other unclassified filter action packets that are not IPv4 or IPv6.
The resolve-v4 and resolve-v6 packet types have been removed from the unclassified
protocol group. They are replaced by the new mcast-v4, mcast-v6, ucast-v4, and
ucast-v6 packet types in the new resolve protocol group.
•
resolve protocol group—The following packet types are available for unclassified
resolve packets, which are sent to the host because of a traffic request resolve action:
56
•
aggregate—Aggregate of all unclassified resolve packets.
•
mcast-v4—Unclassified IPv4 multicast resolve packets.
•
mcast-v6—Unclassified IPv6 multicast resolve packets.
•
other—All other unclassified resolve packets.
•
ucast-v4—Unclassified IPv4 unicast resolve packets.
•
ucast-v6—Unclassified IPv6 unicast resolve packets.
•
Deleting PTP clock client (MX104)—Starting with Junos OS Release 13.2, on MX104
routers, when you toggle from a secure slave to an automatic slave or vice versa in the
configuration of a Precision Timing Protocol (PTP) boundary clock, you must first
delete the existing PTP clock client or slave clock settings and then commit the
configuration. You can delete the existing PTP clock client or slave clock settings by
using the delete clock-client ip-address local-ip-address local-ip-address statement at
the [edit protocols ptp master interface interface-name unicast-mode] hierarchy level.
You can then add new clock client configuration by using the set clock-client ip-address
local-ip-address local-ip-address statement at the [edit protocols ptp master interface
interface-name unicast-mode] hierarchy level and committing the configuration.
However, if you attempt to delete the existing PTP clock client and add the new clock
client before committing the configuration, the PTP slave clock remains in the free-run
state and does not operate in the auto-select state (to select the best clock source).
This behavior is expected when PTP client or slave settings are modified.
•
Preventing the filtering of packets by ARP policers (MX Series routers)—Beginning
in Junos OS Release 13.3R3, you can configure the router to disable the processing of
the specified ARP policers on the received ARP packets. Disabling ARP policers can
cause denial-of-service (DoS) attacks on the system. Due to this possibility, we
recommend that you exercise caution while disabling ARP policers. To prevent the
processing of ARP policers on the arriving ARP packets, include the disable-arp-policer
statement at the [edit interfaces interface-name unit logical-unit-number family inet
policer] or the [edit logical-systems logical-system-name interfaces interface-name unit
logical-unit-number family inet policer] hierarchy level. You can configure this statement
Copyright © 2015, Juniper Networks, Inc.
Changes in Behavior and Syntax
only for interfaces with inet address families and on MX Series routers with MPCs.
When you disable ARP policers per interface, the packets are continued to be policed
by the distributed DoS (DDoS) ARP policer. The maximum rate of is 10000 pps per
FPC.
[See Applying Policers.]
IPv6
•
Support for interim logging with NAT64 Starting with Junos OS Release 11.4R11,
interim-logging is supported with NAT64 on microkernel (MS-DPC) platforms. The
configuration statement pba-interim-logging-interval under the [interfaces
services-options] hierarchy level enables the feature for NAT64.
Management
•
Restrictions for crypto algorithms for FIPS in OpenSSH—Starting in Junos OS Release
13.3, the following options are not allowed on systems operating in FIPS mode:
[edit system services ssh]
set macs <algorithm>
Not allowed: hmac-md5, hmac-md5-96, [email protected],
[email protected], hmac-ripemd160,
[email protected], [email protected],
[email protected], [email protected], and
[email protected]
[edit system services ssh]
set key-exchange <algorithm>
Not allowed: group-exchange-sha1, dh-group14-sha1, and dh-group1-sha1.
[edit system services]
set hostkey-algorithm <algorithm | no-algorithm>
Not allowed: ssh-dss and ssh-rsa.
Prior to Junos OS Release 13.3, the options were available but should have been
disallowed.
MPLS
•
Enhanced support for GRE interfaces for GMPLS (MX Series)—Starting in Junos OS
Release 12.3R7, 13.1R5, 13.2R5, 13.3R3 and later, on GRE interfaces for Generalized MPLS
control channels, you can enable the inner IP header’s ToS bits to be copied to the
outer IP packet header. Include the copy-tos-to-outer-ip-header statement at the [edit
interfaces gre unit logical-unit-number] hierarchy level. Previously, the
copy-tos-to-outer-ip-header statement was supported for GRE tunnel interfaces only.
[See copy-tos-to-outer-ip-header.]
•
Enhanced transit LSP statistics collection—Starting in Junos OS Release 13.3R4,
RSVP no longer periodically polls for transit LSP statistics. This change does not affect
the show mpls lsp statistics command or automatic bandwidth operations for ingress
Copyright © 2015, Juniper Networks, Inc.
57
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
LSPs. To enable the polling and display of transit LSP statistics, include the
transit-statistics-polling statement at the [edit protocols mpls statistics] hierarchy
level. You cannot enable transit LSP statistics collection if MPLS statistics collection
is disabled with the no-transit-statistics statement at the [edit protocols mpls statistics]
hierarchy level.
•
Changes to MPLS protection options—In Junos OS releases prior to Release 13.3, you
can configure both fast reroute and node and link protection on the same LSP. Beginning
in Junos OS Release 13.3, you can still configure both fast reroute and node and link
protection on the same LSP; however, when you attempt to commit a configuration
where both features are enabled, a syslog warning message states: The ability to
configure both fast-reroute and link/node-link protection on the same LSP is deprecated
and will be removed in a future release.
Multicast
58
•
PIM snooping support using relay mode (M Series and MX Series)—Starting with
Junos OS Release 13.3, PIM snooping on PE routers is supported using relay mode
instead of proxy mode. This enables CE routers with PIM snooping to send Hello packets
without setting the tracking bit (T-bit) to the PE routers. In relay mode, you need not
configure values for the join-prune-timeout statement and save the Finite State Machine.
To check the status of relay mode on the CLI, use the show pim snooping neighbors
command or the show pim snooping interfaces command.
•
Traffic arriving via IRB when configured in enhanced ip-mode—Beginning with Junos
OS Release 13.3, when configured in enhanced-ip mode, traffic arriving over IRB
(multic-ast source connected over Layer 3) is not forwarded to remote PEs in VPLS
when igmp-snooping is configured along with the use-p2mp-lsp statement.
Copyright © 2015, Juniper Networks, Inc.
Changes in Behavior and Syntax
Network Management and Monitoring
•
Support of new system log by SNMP for notifying target addition (M Series, MX
Series, and T Series)—Beginning with Junos OS Release 13.3, when a new trap target
configuration is added to the agent, SNMP raises a new system log
SNMPD_TRAP_TARGET_ADD_NOTICE. The user can configure an event policy for this
system log event to raise a notification of the new trap target addition. This trap is sent
to all the configured trap targets including the new target.
Routing Policy and Firewall Filters
•
New firewall filter match condition supported on MPC line cards (MX Series)—Starting
in Release 13.3R2, Junos OS supports the gre-key firewall filter match condition on MPC
line cards on MX Series 3D Universal Edge Routers. To configure the gre-key firewall
filter match condition, include the gre-key statement at the [edit firewall family inet
filter filter term term from] hierarchy level.
Routing Protocols
•
Hidden clear commands—Starting in Junos OS Release 13.3, the purge option of the
clear ospf database and clear ospf3 database commands is hidden and unsupported.
•
BGP attribute flag bits—In Junos OS Release 13.2 and earlier, unused attribute flag
bits were propagated unchanged. Starting in Junos OS Release 13.3, BGP attribute flag
bits are reset to zero by default and not propagated. This behavior is being standardized,
as specified in Internet draft draft-hares-idr-update-attrib-low-bits-fix-01, Update
Attribute Flag Low Bits Clarification.
•
Change in configuring keep none and keep all statements—Starting in Junos OS Release
13.3, configuring keep none or keep all no longer causes all BGP sessions to restart. For
peers that do not support route refresh, when you configure keep none or keep all, the
associated BGP sessions are restarted (flapped). For peers that do support route
refresh, the local speaker sends a route refresh and performs an import evaluation. For
these peers, the sessions do not restart when you configure keep none or keep all. To
determine if a peer supports refresh, check for Peer supports Refresh capability in the
output of the show bgp neighbor command. In previous releases, configuring keep none
or keep all caused all BGP sessions to restart.
•
Modification to the default BGP extended community value— Starting in Junos OS
13.3, Junos OS modifies the default BGP extended community value used for MVPN
IPv4 VRF route import (RT-import) to the IANA-standardized value. The
mvpn-iana-rt-import statement is the default. The mvpn-iana-rt-import statement has
been deprecated; we recommend that you remove it from configurations.
•
BGP hides a route received with a label block size greater than 256—Beginning with
Junos OS Release 15.1, when a BGP peer (running Junos OS) sends a route with a label
block size greater than 256, the local speaker hides the route and does not re-advertise
this route. The output of show route detail/extensive hidden/all will display the hidden
route and state the reason as label block size exceeds max supported value. In earlier
Junos OS Releases, when a peer sent a route with a label block size greater than 256,
the routing protocol process (rpd) terminated abnormally.
Copyright © 2015, Juniper Networks, Inc.
59
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
Security
•
Packet types added for DDoS protection L2TP policers (MX Series with MPCs, T4000
with FPC5)—The following eight packet types have been added to the DDoS protection
L2TP protocol group to provide flexibility in controlling L2TP packets:
cdn
scccn
hello
sccrq
iccn
stopccn
icrq
unclassified
Previously, no individual packet types were available for this protocol group and all
L2TP packets were policed the same based on the aggregate policer value. The default
values for the bandwidth and burst policers for all packet types is 20,000 pps. The
default recover-time is 300 seconds for each of the L2TP packet types.
Services Applications
•
Restriction for RPM probe test data-size—In Junos OS Release 13.2 and earlier releases,
the data-size statement at the [edit services rpm probe owner test test-name] hierarchy
level did not enforce any additional restrictions when the hardware-timestamp was
included. Starting in Junos OS Release 13.3, the data-size value must be at least 100
bytes smaller than the default MTU of the interface of the RPM client interface when
the hardware-timestamp statement is used.
[edit services rpm probe owner test test-name]
hardware-time-stamp;
data-size size;
60
•
New ranges for TWAMP server connections—In Junos OS Release 13.2 and earlier
releases, the maximum-connections statement at the [edit services rpm twamp server]
hierarchy level had a range of 1 through 2048. Starting in Junos OS Release 13.3, the
maximum-connections statement has a range of 1 through 1000. In Junos OS Release
13.2 and earlier releases, the maximum-connections-per-client statement at the [edit
services rpm twamp server] hierarchy level had a range of 1 through 1024. Starting in
Junos OS Release 13.3, the maximum-connections-per-client statement has a range
of 1 through 500.
•
New range for data-size statement—In Junos OS Release 13.2 and earlier releases,
the data-size statement at the [edit services rpm probe owner test test-name] hierarchy
level had a range of 0 through 65507. Starting in Junos OS Release 13.3R1, the data-size
statement has a range of 0 through 65400.
•
Restriction for NAT rules with translation type stateful-nat-64—In Junos OS Release
13.2 and earlier releases, the following restriction was not enforced by the CLI: if the
translation-type statement in the then statement of a NAT rule was set to
stateful-nat-64, the range specified by the destination-address-range or the
destination-prefix-list in the from statement needed to be within the range specified
Copyright © 2015, Juniper Networks, Inc.
Changes in Behavior and Syntax
by the destination-prefix statement in the then statement. Starting in Junos OS Release
13.3, this restriction is enforced.
[edit services nat]
rule rule-name {
term term-name {
from {
destination-address-range low minimum-value high maximum-value <except>;
destination-prefix-list list-name <except>;
}
then {
destination-prefix destination-prefix;
}
}
}
•
Change in running RPM traceoptions—Starting in Junos OS Release 13.2, running RPM
traceoptions is performed from the [edit services rpm] hierarchy. Prior to Junos OS
Release 13.2, running RPM traceoptions was performed at the [edit snmp] hierarchy
level.
The RPM traceoptions are configured as follows:
[edit services rpm]
traceoptions {
file filename <files number> <match regular-expression > <size maximum-file-size>
<world-readable | no-world-readable>;
flag flag;
}
This issue was being tracked by PR857470.
•
Restrictions for maximum block size for NAT port block allocation—Beginning with
Junos OS Release 13.3, the maximum blocksize for NAT port block allocation (PBA) is
32,000.
•
Support for display of NAT type for EIF flows (MX Series routers with MS-MICs and
MS-MPCs)—Starting with Junos OS Release 13.3R4, the output of the show services
sessions extensive command, the Translation Type field displays the value as NAPT-44
for Endpoint Independent Filtering (EIF) flows. Also, the label, EIF, is displayed beside
the translation type parameter to enable easy identification of EIF flows.
•
Support for passive-mode tunneling (MX Series routers with MS-MICs and
MS-MPCs)—Starting with Junos OS Release 13.3R4, passive mode tunneling is
supported on MS-MICs and MS-MPCs. You can include the passive-mode-tunneling
statement at the [edit services service-set service-set-name ipsec-vpn-options] hierarchy
level to enable the service set to tunnel malformed packets.
Copyright © 2015, Juniper Networks, Inc.
61
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
NOTE: The header-integrity-check option that is supported on MS-MICs
and MS-MPCs to verify the packet header for anomalies in IP, TCP, UDP,
and ICMP information and flag such anomalies and errors has a functionality
that is opposite to the functionality caused by passive mode tunneling. If
you configure both the header-integrity-check statement and the
passive-mode tunneling statement on MS-MICs and MS-MPCs, and attempt
to commit such a configuration, an error is displayed during commit.
The passive mode tunneling functionality (by including the
passive-mode-tunneling statement at the [edit services service-set
service-set-name ipsec-vpn-options] hierarchy level) is a superset of the
capability to disable IPsec tunnel endpoint in the traceroute output (by
including no-ipsec-tunnel-in-traceroute statement at the [edit services
ipsec-vpn] hierarchy level). Passive mode tunneling also bypasses the
active IP checks and tunnel MTU check in addition to not treating an IPsec
tunnel as a next-hop as configured by the no-ipsec-tunnel-in-traceroute
statement.
62
•
Interoperation of ingress sampling and PIC-based flow monitoring (MX
Series)—Starting in Junos OS Release 13.3R6, If PIC-based flow monitoring is enabled
on an ms- logical interface, a commit check error occurs when you attempt to configure
ingress traffic sampling on that particular ms- logical interface. This error occurs
because a combination of ingress sampling and PIC-based flow monitoring operations
on an ms- logical interface causes undesired flow monitoring behavior and might result
in repeated sampling of a single packet. You must not configure ingress traffic sampling
on ms- logical interfaces on which PIC-based flow monitoring is enabled.
•
Generation of mspmand core file for flow control (MX Series with MS-MICs and
MS-MPCs)—Starting with Junos OS Release 13.3R6, instead of an eJunos kernel core
file, the multiservices PIC management daemon core file is generated when a prolonged
flow control occurs and when you configure the setting to generate a core file during
prolonged flow control (by using the dump-on-flow-control option). The watchdog
functionality continues to generate a kernel core file in such scenarios.
•
Change in support for service options configuration on service PICs at the MS and
AMS interface levels (MX Series)—Starting in Junos OS Release 13.3R6, when a
multiservices PIC (ms- interface) is a member interface of an AMS bundle, you can
configure the service options to be applied on the interface only at the ms- interface
level or the AMS bundle level by including the services-options statement at the [edit
interfaces interface-name] hierarchy level at a point in time. You cannot define service
options for a service PIC at both the AMS bundle level and at the ms- interface level
simultaneously. When you define the service options at the MS level or the AMS bundle
level, the service options are applied to all the service-sets on the ms- interface or AMS
interface defined at ms-fpc/pic/port.logical-unit or amsN respectively.
•
Changes in the format of session open and close system log messages (MX Series
with MS-MICs and MS-MPCs)—Starting with Junos OS Release 13.3R7, with the Junos
OS Extension-Provider packages installed and configured on the device for MS-MPCs
and MS-MICs, the formats of the MSVCS_LOG_SESSION_OPEN and
Copyright © 2015, Juniper Networks, Inc.
Changes in Behavior and Syntax
MSVCS_LOG_SESSION_CLOSE system log messages are modified to toggle the order
of the destination IPv4 address and destination port address displayed in the log
messages be consistent and uniform with the formats of the session open and close
logs of MS-DPCs.
The following is the modified format of the MSVCS_LOG_SESSION_OPEN and
MSVCS_LOG_SESSION_CLOSE system log messages:
month date hh:mm:ss syslog-server-ip-address yyyy-mm-dd hh:mm:ss
{NAT-type}<MSVCS_LOG_SESSION_CLOSE or MSVCS_LOG_SESSION_OPEN>:App:
application, source-interface-name fpc/pic/port\address in hexadecimal format
source-address:source-port source-nat-information ->
destination-address:destination-port destination-nat-information (protocol-name)
The following is an example of the session closure message generated for MS-MPCs
and MS-MICs.
Nov 26 13:00:07 10.137.159.1 2014-11-26 07:22:44:
{Dynamic-NAT-64-SS-NHS-1}MSVCS_LOG_SESSION_CLOSE: application:none, ae4.454
2402:8100:1:160:1:2:d384:463c:36822 [49.14.64.37:12261] -> [141.101.120.14]
64:ff9b::8d65:780e:80 (TCP)
Software Installation and Upgrade
•
Upgrading Junos OS in one step (MX Series)—Starting in Junos OS Release 13.3, you
can specify multiple configuration files in one step when you upgrade Junos OS on your
device. When you enter the request system software add or the request system software
validate command, you can use the upgrade-with-config option. You can also use the
upgrade-with-config-format option when the configuration file is in the text format.
Subscriber Management and Services
•
Subscriber login when lawful intercept fails—Starting in Junos OS Release 13.3, when
lawful intercept activation fails during a subscriber login, the subscriber login is not
denied. An SNMP message is still generated that indicates the lawful intercept activation
failed. In Junos OS releases prior to 13.2R2, the subscriber login was denied if lawful
intercept activation failed.
•
Change to test aaa ppp user and test aaa dhcp user commands—Starting in Junos OS
Release 13.3, the test aaa ppp user and test aaa dhcp user commands no longer display
service activation status because service activation is not required in these commands.
In earlier releases, the commands displayed service activation status to indicate whether
service activation failed or succeeded. Service-related RADIUS attribute values are
still displayed.
•
Configuring domain maps to use the default routing instance (MX Series)—Starting
in Junos OS Release 13.3, on MX Series routers you can explicitly configure a domain
map to use the default (master) routing instance for the AAA or subscriber contexts.
This enhancement enables you to configure a domain map to use the default routing
instance in cases where a nondefault routing instance is currently referenced, or in
other scenarios in which you need to explicitly reference the default routing instance.
Copyright © 2015, Juniper Networks, Inc.
63
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
•
Configuration support to prevent the LACP MC-LAG system ID from reverting to the
default LACP system ID on ICCP failure—Beginning in Junos OS Release 13.3, you can
configure the prefer-status-control-active statement with the status-control standby
configuration at the [edit interfaces aeX aggregated-ether-options mc-ae] hierarchy
level to prevent the LACP MC-LAG system ID from reverting to the default LACP system
ID on ICCP failure. Use this configuration only if you can ensure that ICCP does not go
down unless the router is down. You must also configure the hold-time down value (at
the [edit interfaces interface-name] hierarchy level) for the interchassis link with the
status-control standby configuration to be higher than the ICCP BFD timeout. This
configuration prevents traffic loss by ensuring that when the router with the
status-control active configuration goes down, the router with the status-control standby
configuration does not go into standby mode.
•
Support for rejecting IPv6CP negotiation in the absence of an authorized address
(MX Series)—Starting in Junos OS Release 13.3, you can control the behavior of the
router in a situation where IPv6CP negotiation is initiated for subscriber sessions when
no authorized addresses are available. By default, IPv6CP negotiation is enabled to
proceed for an IPv6-only session when AAA has not provided an appropriate IPv6
address or prefix. In the absence of the address, the negotiation cannot successfully
complete. To prevent endless client negotiation of IPv6CP, include the
reject-unauthorized-ipv6cp statement at the [edit protocols ppp-service] hierarchy
level, which enables the jpppd process to reject the negotiation attempt.
•
Support for ignoring DSL Forum VSAs from directly connected devices (MX
Series)—When CPE devices are directly connected to a BNG, you might want the router
to ignore any DSL Forum VSAs that it receives in PPPoE control packets because the
VSAs can be spoofed by malicious subscribers. Spoofing is particularly serious when
the targeted VSAs are used to authenticate the subscriber, such as Agent-Circuit-Id
[26-1] and Agent-Remote-ID [26-2].
To ignore the DSL Forum VSAs, starting in Junos OS Release 13.3, include the
direct-connect statement for PPPoE interfaces or PPPoE underlying interfaces at the
following hierarchy levels:
•
[edit dynamic-profiles profile-name interfaces demux0 unit logical-unit-number family
pppoe]
•
[edit dynamic-profiles profile-name interfaces interface-name unit logical-unit-number
family pppoe]
•
[edit dynamic-profiles profile-name interfaces interface-name unit logical-unit-number
pppoe-underlying-options]
•
[edit interfaces interface-name unit logical-unit-number family pppoe]
•
[edit interfaces interface-name unit logical-unit-number pppoe-underlying-options]
•
[edit logical-systems logical-system-name interfaces interface-name unit
logical-unit-number family pppoe]
•
[edit logical-systems logical-system-name interfaces interface-name unit
logical-unit-number pppoe-underlying-options]
64
Copyright © 2015, Juniper Networks, Inc.
Changes in Behavior and Syntax
You can determine whether direct-connect is configured for particular interfaces by
issuing the show interfaces or show pppoe underlying-interfaces command.
•
ANCP agent behavior for invalid generic response messages (MX Series)—Starting
in Junos OS Release 13.3, when the ANCP agent receives an incorrect or unexpected
generic response message from an ANCP neighbor, it immediately drops the packet,
generates a system log notice message, and takes no further action.
•
Changes to ANCP show command output (MX Series)—Starting in Junos OS Release
13.3, the show ancp neighbor command displays information for all configured ANCP
neighbors regardless of operational state. In earlier releases, it displayed information
only for neighbors in the Established state. The Time field, which displays the elapsed
time since the neighbor entered its current state, has replaced the Up TIme field. An
asterisk (*) prefixed to the neighbor entry indicates that the adjacency information
might be stale.
In Junos OS Release 13.3 and later, the show ancp subscriber command displays
information for all subscribers regardless of operational state. In earlier releases, it
displayed information only for active subscribers in the Established state. An asterisk
(*) prefixed to the subscriber entry indicates that the information might be stale. Two
asterisks (**) indicate that the neighbor associated with the subscriber has lost its
adjacency.
•
Enhanced accounting statistics (M Series, MX Series, and T Series)—Starting in Junos
OS Release 13.3, the show network-access aaa statistics accounting command includes
the optional detail keyword, which provides additional information about the RADIUS
accounting statistics. You can use the enhanced details for troubleshooting
investigations.
[See Verifying and Managing Subscriber AAA Information.]
•
Support for processing Cisco VSAs in RADIUS messages for service
provisioning—Starting with Junos OS Release 13.3R3, Cisco VSAs are supported for
provisioning and management of services in RADIUS messages, in addition to the
supported Juniper VSAs for administration of subscriber sessions. In a deployment in
which a customer premises equipment (CPE) is connected over an access network to
a broadband remote access gateway, the Steel-Belted Radius Carrier (SBRC)
application might be used as the authentication and accounting server using RADIUS
as the protocol and the Cisco BroadHop application might be used as the Policy Control
and Charging Rules Function (PCRF) server for provisioning services using RADIUS
change of authorization (CoA) messages. Both the SBRC and the Cisco BroadHop
servers are considered to be connected with the broadband gateway in such a topology.
By default, service accounting is disabled. If you configure service accounting using
both RADIUS attributes and the CLI interface, the RADIUS setting takes precedence
over the CLI setting. To enable service accounting using the CLI, include the accounting
statement at the [edit access profile profile-name service] hierarchy level. To enable
interim service accounting updates and configure the amount of time that the router
waits before sending a new service accounting update, include the update-interval
minutes statement at the [edit access profile profile-name service accounting] hierarchy
level.
Copyright © 2015, Juniper Networks, Inc.
65
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
You can configure the router to collect time statistics, or both volume and time statistics,
for the service accounting sessions being managed by AAA. To configure the collection
of statistical details that are time-based only, include the statistics time statement at
the [edit access profile profile-name service accounting] hierarchy level. To configure
the collection of statistical details that are both volume-time-based only, include the
statistics volume-time statement at the [edit access profile profile-name service
accounting] hierarchy level.
•
Specifying the UDP port for RADIUS dynamic-request servers—Beginning in Junos
OS Release 13.3, you can define the UDP port number to configure the port on which
the router that functions as the RADIUS dynamic-request server must receive requests
from RADIUS servers. By default, the router listens on UDP port 3799 for dynamic
requests from remote RADIUS servers. You can configure the UDP port number to be
used for dynamic requests for a specific access profile or for all of the access profiles
on the router. To define the UDP port number, include the dynamic-request-port
port-number statement at the [edit access profile profile-name radius-server
server-address] or the [edit access radius-server server-address] hierarchy level.
•
DCHP Relay subscriber and proxy-mode support (MX Series)—Starting with Junos
OS Release 13.3, when DHCP Relay Agent for subscriber management is configured in
proxy-mode, DHCP Request packets for which no client/subscriber state exists on the
Relay Agent (stray requests) behave according to RFC 2131 Section 4.3.2: “If the DHCP
server has no record of this client, then it MUST remain silent, and MAY output a warning
to the network administrator. This behavior is necessary for peaceful coexistence of
non-communicating DHCP servers on the same wire.” Such behavior also occurs when
multiple, non-communicating, proxy-mode Relay Agents are processing DHCP Request
packets from the same client or subscriber. In some network configurations, Relay
Agent can send a NAK to the client or subscriber when Relay Agent is not configured
to act on bind-on-request. The NAK prevents Relay Agent from forwarding the DHCP
Request to the server or, in the case of a client move, when the packet is not directed
to the proxy-mode Relay Agent that receives it. DHCP Relay Agent for subscriber
management no longer generates a NAK in place of the server in response to stray
requests but relies on the server to respond appropriately to the client or subscriber.
For those cases when packets are configured not to be forwarded to the server
(no-bind-on-request is configured), or when the packet is determined not to be directed
to the receiving Relay Agent, those packets are silently discarded in accordance with
RFC 2131 Section 4.3.2.
•
Addition of pw-width option to the nas-port-extended-format statement—Starting in
Junos OS Release 13.3R4, you can configure the number of bits for the pseudowire field
in the extended-format NAS-Port attribute for Ethernet subscribers. Specify the value
with the pw-width option in the nas-port-extended-format statement at the [edit access
profile profile-name radius options] hierarchy level. The configured fields appear in the
following order in the binary representation of the extended format:
aggregated-ethernet slot adapter port pseudo-wire stacked-vlan vlan
The width value also appears in the Cisco NAS-Port-Info AVP (100).
•
66
LAC configuration no longer required for L2TP tunnel switching with RADIUS
attributes (MX Series)—Starting in Junos OS Release 13.3R6, when you use Juniper
Networks VSA 26-91 to provide tunnel profile information for L2TP tunnel switching,
Copyright © 2015, Juniper Networks, Inc.
Changes in Behavior and Syntax
you no longer have to configure a tunnel profile on the LAC. In earlier releases, tunnel
switching failed when you did not also configure the LAC, even when the RADIUS
attributes were present.
User Interface and Configuration
•
User-defined identifiers using the reserved prefix junos- now correctly cause a commit
error in the CLI (M Series, MX Series, and T Series)—Junos OS reserves the prefix
junos- for the identifiers of configurations defined within the junos-defaults configuration
group. User-defined identifiers cannot start with the string junos-. If you configured
user-defined identifiers using the reserved prefix through a NETCONF or Junos XML
protocol session, the commit correctly fails. Prior to Junos OS Release 13.3, if you
configured user-defined identifiers through the CLI using the reserved prefix, the commit
incorrectly succeeded. Junos OS Release 13.3 and later releases exhibit the correct
behavior. Configurations that currently contain the reserved prefix for user-defined
identifiers other than junos-defaults configuration group identifiers will now correctly
result in a commit error in the CLI.
•
Change in show version command output (M Series, MX Series, and T
Series)—Beginning in Junos OS Release 13.3, the show version command output includes
the new Junos field that displays the Junos OS version running on the device. This new
field is in addition to the list of installed sub-packages running on the device that also
display the Junos OS version number of those sub-packages. This field provides a
consistent means of identifying the Junos OS version, rather than extracting that
information from the list of installed subpackages.
In Junos OS Release 13.2 and earlier, the show version command does not have the
single Junos field in the output that displays the Junos OS version running on the device.
The only way to determine the Junos OS version running on the device is to review the
list of installed subpackages.
Junos OS Release 13.2 and Earlier Releases Without the
Junos Field
Junos OS Release 13.3 and Later Releases With the Junos
Field
[email protected]> show version
Hostname: lab
Model: mx960
JUNOS Base OS boot [12.2R2.4]
JUNOS Base OS Software Suite [12.2R2.4]
JUNOS Kernel Software Suite [12.2R2.4]
JUNOS Crypto Software Suite [12.2R2.4]
...
[email protected]> show version
Hostname: lab
Model: mx960
Junos: 13.3R1.4
JUNOS Base OS boot [13.3R1.4]
JUNOS Base OS Software Suite [13.3R1.4]
JUNOS Kernel Software Suite [13.3R1.4]
JUNOS Crypto Software Suite [13.3R1.4]
...
[See show version.]
•
Configuring regular expressions (M Series, MX Series, and T Series)—In all supported
Junos OS releases, regular expressions can no longer be configured if they require more
than 64 MB of memory or more than 256 recursions for parsing.
This change in the behavior of Junos OS is in line with the FreeBSD limit. The change
was made in response to a known consumption vulnerability that allows an attacker
to cause a denial of service (resource exhaustion) attack by using regular expressions
Copyright © 2015, Juniper Networks, Inc.
67
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
containing adjacent repetition operators or adjacent bounded repetitions. Junos OS
uses regular expressions in several places within the CLI. Exploitation of this vulnerability
can cause the Routing Engine to crash, leading to a partial denial of service. Repeated
exploitation can result in an extended partial outage of services provided by the routing
protocol process (rpd).
Related
Documentation
•
New and Changed Features on page 21
•
Known Behavior on page 68
•
Known Issues on page 70
•
Resolved Issues on page 80
•
Documentation Updates on page 135
•
Migration, Upgrade, and Downgrade Instructions on page 156
•
Product Compatibility on page 165
Known Behavior
This section contains the known behavior, system maximums, and limitations in hardware
and software in Junos OS Release 13.3R6 for the M Series, MX Series, and T Series.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
•
Class of Service (CoS) on page 68
•
General Routing on page 69
•
High Availability (HA) and Resiliency on page 69
•
Services Applications on page 69
•
Software Installation and Upgrade on page 69
•
Subscriber Management and Services on page 69
Class of Service (CoS)
•
If you define more than one forwarding class for a given queue number, do not use the
name of a default forwarding class for one of the new classes, because doing so causes
the forwarding class with the default name to be deleted. For example, do not configure
the following, because doing so deletes the best-effort class:
[email protected]# set class-of-service forwarding-classes class be queue-num 0
[email protected]# set class-of-service forwarding-classes class best-effort queue-num 0
[email protected]# commit
•
68
To use per-priority shaping on a physical interface on the MX104 router, you must
enable hierarchical scheduling on the interface with the set hierarchical-scheduler
statement at the [edit interface interface-name] hierarchy level.
Copyright © 2015, Juniper Networks, Inc.
Known Behavior
General Routing
•
In MX2020 routers and T Series routers, memory usage of the device increases when
auto-64-bit statement is issued.
High Availability (HA) and Resiliency
•
The MPC5E, MPC5EQ, and MP6E cards do not support unified ISSU on an MX Series
Virtual Chassis.
Services Applications
•
With static NAT configured as basic NAT44 or destination NAT44 on MX Series routers
with MS-MICs and MS-MPCs, the input and output bytes and traffic rate values
displayed under the Input bytes and Output bytes fields respectively in the output of
the show interfaces command differ by approximately 25 percent for ms- interfaces
with lower packet sizes.
Software Installation and Upgrade
•
Downgrading to Junos OS 12.3 when the configuration includes the
targeted-distribution statement—In Junos OS Release 12.3, the targetted-distribution
statement at the [edit interfaces demux0 unit logical-unit-number] hierarchy level is
misspelled. Starting in Junos OS Release 13.3, the spelling for this statement is corrected
to targeted-distribution. If you use the misspelled targetted-distribution statement in
Junos OS Release 13.3 or higher, the CLI corrects the spelling to targeted-distribution
in your configuration, so existing scripts still work. The correct spelling is not backward
compatible; Junos OS Release 12.3 supports only the targetted-distribution spelling. If
you downgrade from Release 13.3 or higher to Release 12.3, all correctly spelled
targeted-distribution statements are removed from the configuration and configuration
scripts with the correct spelling fail.
Subscriber Management and Services
•
The clear pppoe sessions command does not have an all option and consequently
clears all current PPPoE subscriber sessions when you enter the command. The CLI
does not prompt you to confirm that you want to clear all sessions. When you want to
gracefully terminate a subscriber session, always include the interface name associated
with the session. For some network configurations, if your subscribers have unique
usernames, you can alternatively issue the clear network-access aaa subscriber username
command.
•
On the MX Series, subscriber management uses firewall filters to capture and report
the volume-based service accounting counters that are used for subscriber billing. You
must always consider the relationship between firewall filters and service accounting
counters, especially when clearing firewall statistics. When you use the clear firewall
command (to clear the statistics displayed by the show firewall command), the
command also clears the service accounting counters that are reported to the RADIUS
accounting server. For this reason, you must be cautious in specifying which firewall
Copyright © 2015, Juniper Networks, Inc.
69
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
statistics you want to clear. When you reset firewall statistics to zero, you also zero
the counters reported to RADIUS.
Related
Documentation
•
On the MX Series, subscriber management provides a route suppression feature that
enables you to override the DHCP default behavior that adds access-internal and
destination routes for DHCPv4 sessions, and to access-internal and access routes for
DHCPv6 sessions. However, you cannot suppress access-internal routes when the
subscriber is configured with both IA_NA and IA_PD addresses over IP demux interfaces,
because the IA_PD route relies on the IA_NA route for next-hop connectivity.
•
The “Configuring Tunnel Interfaces on MX Series Routers” topic in the Services Interfaces
Configuration Guide fails to state that Ingress queuing and tunnel services cannot be
configured on the same MPC as it causes Packet Forwarding Engine forwarding to
stop. Each feature can, however, be configured and used separately.
•
New and Changed Features on page 21
•
Changes in Behavior and Syntax on page 54
•
Known Issues on page 70
•
Resolved Issues on page 80
•
Documentation Updates on page 135
•
Migration, Upgrade, and Downgrade Instructions on page 156
•
Product Compatibility on page 165
Known Issues
This section lists the known issues in hardware and software in Junos OS Release 13.3R6
for the M Series, MX Series, and T Series.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
70
•
Authentication and Access Control on page 71
•
Class of Service (CoS) on page 71
•
Forwarding and Sampling on page 71
•
General Routing on page 71
•
High Availability (HA) and Resiliency on page 73
•
Interfaces and Chassis on page 73
•
Layer 2 Features on page 74
•
MPLS on page 74
•
Network Management and Monitoring on page 75
•
Platform and Infrastructure on page 75
•
Routing Protocols on page 77
•
Routing Policy and Firewall Filters on page 78
Copyright © 2015, Juniper Networks, Inc.
Known Issues
•
Services Applications on page 78
•
Software Installation and Upgrade on page 79
•
User Interface and Configuration on page 79
•
VPNs on page 79
Authentication and Access Control
•
The syslog message "UI_OPEN_TIMEOUT: Timeout connecting to peer" might appear
if "show version detail" command is executed. This log is a cosmetic log and could be
ignored. PR895320
Class of Service (CoS)
•
COSD errors are seen while Routing Engine switchover without GRES enabled. PR827534
•
COSD errors - COSD_GENCFG_WRITE_FAILED: GENCFG write failed (op, minor_type)
= (add, policy inline) for tbl 4 if 7454 /2/0 Reason: File exists are during Routing Engine
switchover. PR827538
•
COSD errors COSD_GENCFG_WRITE_FAILED: GENCFG write failed (op, minor_type)
= (add, fixed classification) for tbl 3 if 1460 sp-3/2/0.16383 Reason: File exists are
seen when MS PIC comes online. PR854047
•
CoS relevant misconfiguration (e.g. configure classifier exp for LT interfaces implicitly
using "interface all" way) might cause cosd crash. If cosd experiences multiple crashes
within a short time, it might not be able to restart. PR969900
Forwarding and Sampling
•
Accounting-data log file contains multiple header lines. PR881832
•
When we configure unsupported firewall filter on channelized interfaces, commit error
message show without this fix was misleading. With this fix, commit error will have a
message like below: mgd: error: layer2-policer is not supported for interface so-3/2/0.
PR897975
General Routing
•
next-hop-group configuration statement is not supported under routing-instance
hierarchy, but this configuration statement is present under this hierarchy. This PR is
opened to remove next-hop-group knob from routing-instance hierarchy. PR731264
•
Changing the static route configuration from next-hop to qualified-next-hop might
result in static route getting missed from routing table. Restarting routing process can
bring back the routes but with rpd core. PR827727
•
PPPoE IPv6 access router might not respond the first ICMPv6 RS message. PR869212
•
The flat accounting files are made compliant to the documentation described XML
schema. PR902019
•
When the NSR switchover happened immediately after a lot of vrf routing-instances
being deleted, garbage lsi interfaces will remain in kernel, while they are removed from
Copyright © 2015, Juniper Networks, Inc.
71
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
RPD. Those garbage interfaces will result KRT queue stack issue upon later lsi
re-configuration. PR912861
•
Periodic "show subscribers" CLI requests during the GRES recovery (on a scaled system)
might lead to spawning of too many subinfo processes. As a side effect, CoA requests
might not be serviced while system is kept busy by subinfo processes due to authd
might take long time to be recovered (it was observed that authd is not recovered after
1+ hours). PR915677
•
While a duplicate interface address (IFA) is configured for an interface, software will
accept that with a warning message. But at kernel side cannot accept duplicate IFA,
and needs to delete the next-hop created for this operation. However, the cleanup
might not remove the duplicated IFA under heavy kernel workload. As a result, kernel
might crash while trying to update this duplicated IFA to Packet Forwarding Engine
side. PR936807
•
Destination ERR alarm is not getting cleared even after FPC offlined. PR937862
•
The SNMP Get, GetBulk, or GetNext request response for lldpPortConfigTable was
not filtering-out the information of interfaces that are configured in the filter-interfaces
statement at the [edit snmp] hierarchy level. The issue is resolved now. PR946975
•
When BCM0 interface goes down, Routing Engine should switchover on M320. PR949517
•
"show chassis fabric topology" display error when HSL2 link fault between F13 and
F2S. PR962268
•
On T4000 with Type-5 FPC (T4000-FPC5-3D), if a single request times out or
occasional timeouts were seen over long period of time, the timeout error bit is not
cleared correctly. This leads to destination being marked dead, and the traffics cannot
flow from source Packet Forwarding Engine to destination Packet Forwarding Engine.
PR963467
72
•
When mirror destination interface is a next-hop-subgroup and enhanced-ip chassis
configuration statement is enabled, family any mirroring applied on L3 interfaces
(inet/inet6) might not work in certain scenarios. PR972138
•
In the VPLS environment with control-word configuration, when the "control-word" is
changed to "no-control-word", there is a five minutes service outage. PR987216
•
If a user configures an MX-VC member with member ID 2, the Virtual Chassis master
Routing Engine may eventually experience a kernel panic. PR989291
•
If encapsulation type is "ppp" for the SONET interface on IQE PIC, sometimes the MTU
change might not work. PR1001880
•
When a static discard route is configured with no-install option but actual forwarding
using different next hop, if egress sampling is enabled on the forwarding outgoing
interface (OIF), traffic leaving that interface would have incorrect OIF on the flow
records, resulting in unreliable flow records and incorrect billing. There is no traffic
impact though. PR1002287
•
A raw IP packet with invalid Memory Buffer (mbuf) length may trigger a kernel crash.
The invalid mbuf length might be set by other daemons wrongly. PR1006320
Copyright © 2015, Juniper Networks, Inc.
Known Issues
•
On M Series, MX Series, T Series platform with DHCP relay configured, the router might
keep filling a specific partition "/var/mfs/sdb" with files named log.XXXX and this
would eventually cause DHCP relay fail. PR1017642
•
This issue only affects OC-48 MICs. If an SFP is inserted into an OC-48 MIC port that
has been disabled the SFP will not show up in a >show chassis hardware command.
The issue is fixed with a patch. Contact JTAC to find out which version is best for you.
PR1031851
High Availability (HA) and Resiliency
•
Configuring the maximum segment size (MSS) for the TCP connection for BGP
neighbors, if "mtu-discovery" and "path-mtu-discovery" configuration statements are
removed, the default MSS value of 512 will be used instead, this is not an expected
behavior. PR835220
•
During a router hardware upgrade procedure, in dual Routing Engines system, the newly
installed Routing Engine may overwrite the other Routing Engine configuration with
the factory default configuration. As a result, both Routing Engines may bootup in
"Amnesiac" mode. This situation can occur under following conditions: - RE0 has
default factory configuration and, - RE1 has "commit synchronize" enabled - Both RE0
and RE1 boot-up simultaneously, or - RE0 is UP and running and RE1 is restarted.
PR909692
•
If NSR Routing Engine switchover has done right after committing the configuration
change which deletes routing-instance(s), some of those instances might not be
deleted from forwarding table. PR914878
Interfaces and Chassis
•
Packet Forwarding Engine continues to forward traffic to DHCP client on a demux
interface when ae0 interface is down. In this scenario the AE interface bundle has five
members and configured with minimum link value of 4. When two members are down,
the ae0 interface also goes down, but Packet Forwarding Engine continues to forward
traffic on other members for the demux interface. PR836846
•
Ethernet OAM: Ethernet Loopback test can only be performed if MAC DA is known in
the MAC table. PR879358
•
Customer may observe a traffic spike for few seconds on vc shaping when doing GRES.
PR925327
•
PPPoA session would not come up on removal/addition of cable to the tester port.
PR939404
•
After graceful Routing Engine switchover, there might be possible scenario wherein
renaming of an existing AE interface might fail with the following error
"CHASSISD_MAC_ADDRESS_AE_ERROR: chassisd MAC address allocation error for
ae". The problem is that when an AE device is removed, chassisd on the backup does
not remove the AE device from its’ MAC allocation data structure. PR943849
•
Demux Subscriber logical interfaces might show the interface as 'Hardware-Down'
even though the underlying ae bundle and its member link shows up. PR971272
Copyright © 2015, Juniper Networks, Inc.
73
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
•
In Ethernet OAM connectivity-fault-management, Junos OS default encodes MAID(MD
name and MA name) in character format. Currently only 43 octets are supported in
Junos OS for the MD + MA name. Junos OS needs to support maximum length of 44
octets for MAID per the standards. PR997834
•
When IEEE 802.3ah OAM link-fault management action profile is configured to define
event and the resulting action, the link might flap after it is brought down by an event
but brought up by other events erroneously. PR1000607
•
In scenario that MX Series routers serve as a L2TP network server (LNS) and
Point-to-Point Protocol (PPP) sessions through established L2TP tunnels, if malformed
or incomplete PPPoE packet is received, the jpppd process (daemon which is
responsible for PPP based protocol) might crash while stripping HDLC header.
PR1002164
•
During the test of login/logout of couple of thousands of PPPoE subscibers, pppoed
may crash by generating a core file. PR1041367
•
jpppd core dump at ../../../../src/bsd/lib/libthr/thread/thr_kern.c due to heap allocation
failure .PR1047660
Layer 2 Features
•
When the "filter-interfaces" is configured, if SNMP walk is executed, the l2cpd process
might in a dead loop. At that moment, if the router receives ARP request packet, it
might drop the packet due to high CPU utilization. So the router fails to learn MAC
address, the traffic forwarding will be affected. PR982447
•
When toggling VLAN tagging type from "flexible-vlan-tagging" to "vlan-tagging" or
vice versa, the integrated bridging and routing (IRB) MTU should be changed
accordingly. However the IRB MTU is not re-computed in this case, which might lead
to connectivity outage. PR928746
•
In MX Series Virtual Chassis scenario with LACP configuration. In rare condition, after
VC-M chassis powers down, the LACP state getting stuck in ATTACHED state, all traffic
carried over these affected access LAGs are blackholed. PR959041
•
After change the way of getting site ID of VPLS from fixed site-id to automatic-site-id
on one site while other sites are still using the fixed site-id in the network, the rpd
process might crash due to the site ID get by "automatic-site-id" may conflict to site
ID which were configured as fixed site ID on other sites. PR1054985
MPLS
74
•
RSVP graceful restart does not function for LSPs that have a forwarding adjacency
(FA) label-switched path (LSP) as a next hop. PR60256
•
For point-to-multipoint LSPs configured for VPLS, the "ping mpls" command reports
100 percent packet loss even though the VPLS connection is active. PR287990
•
In current Junos OS, lsping/lsptrace utilities have compatibility issue with other vendor
routers. Millisecond field might show huge value which result incorrect RTD calculated.
[email protected]> ping mpls ldp 192.168.228.7/32 source 192.168.199.193/32 exp 5 count
5 size 100 detail Request for seq 1, to interface 510, label 1102, packet size 100 Reply
Copyright © 2015, Juniper Networks, Inc.
Known Issues
for seq 1, return code: Egress-ok, time: 3993729.963 ms <--- Local transmit time:
2013-04-29 12:05:06 IST 873.491 ms Remote receive time: 2013-04-29 12:05:06 IST
3994603.454 <---- This is a cosmetic issue and current software limitation. PR891734
•
Although NSR does not support mplsoamd and it does not run on backup Routing
Engine, backup rpd is attempting to do task_connect to mplsoamd. This behavior
causes periodical message popping up on backup Routing Engine. rpd[2840]:
task_connect: task MPLSOAMD I/O./var/run/mplsoamd_control addr
/var/run/mplsoamd_control: No such file or directory. PR938284
•
If we set the following configuration and hit "show mpls admin-groups-extended"
command, we can see this issue. In this case, we don't set "admin-groups" for
"admin-groups-extended-range". << conifg >> set routing-options
admin-groups-extended-range minimum 50 set routing-options
admin-groups-extended-range maximum 300 set protocols mpls interface all <<
show command >> [email protected]# run show mpls admin-groups-extended error:
timeout communicating with routing daemon <<<<<<<<<<<<<<<<<< we need to
wait this message about 30 seconds - 60 seconds. PR966613
•
When we set the following configuration, we can see this issue. << configuration >>
set routing-options admin-groups-extended-range minimum 2147483647 set
routing-options admin-groups-extended-range maximum 3500000000 set
routing-options admin-groups-extended test1 group-value 2147483647 set
routing-options admin-groups-extended test2 group-value 2147483648 set protocols
mpls interface all << show command >> [email protected]# run show mpls
admin-groups-extended Group Value test1 2147483647 test2 -2147483648
<<<<<<<<<<<<<<<< Extended administrative groups range: [
2147483647..-794967296 ] <<<<<<<<<<<<<<< PR966615
Network Management and Monitoring
•
When syslog server is configured using hostname, after Routing Engine switchover
router stopped sending the syslogs to external syslog server. Immediately after
switchover, DNS was not accessible because it will take some time to learn route to
DNS. System stopped retrying DNS resolution and syslogging stopped. System was
running GRES (no NSR). PR947869
•
show snmp get/getnext for OID greater than 128B fails from router, the fix for this PR
adds support for "show snmp get/getnext" for OIDs greater than 128B. PR1063516
Platform and Infrastructure
•
Adaptive load-balance functionality is only supported for unicast traffic. If the aggregate
bundle contains logical interfaces for bridge or vpls domains, flooded traffic might get
dropped. PR821237
•
When scripts are synchronized from one Routing Engine to the other, the destination
for the scripts in the other Routing Engine should be based on the configuration on the
other Routing Engine. This issue prevents this from happening and destination for
scripts depends on the current Routing Engine from which the scripts was synchronized
instead of the configuration on the other Routing Engine. PR841087
Copyright © 2015, Juniper Networks, Inc.
75
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
•
Wrong source IP is used when responding to traceroute in L3VPN setup. This is not an
indication of traffic taking wrong link. PR883701
•
On all high-end MX Series devices, when a router is acting as an NTP broadcast server,
broadcast addresses must be in the default routing instance. NTP messages are not
broadcasted when the address is configured in a VPN virtual routing and forwarding
(VRF) instance. PR887646
•
The jcs:dampen() function will not perform correctly if the system clock is moved to
an earlier time. PR930482
•
For certain combinations of MX Series MPCs and Junos OS versions, PCI Express errors
might appear during the FPC boot process. In such a situation the PCI Express errors
are harmless and can be safely ignored. PR940339
•
Backing up the configuration with transfer-on-commit does not work in an MX-VC
environment PR947444
•
With FPC3-E3 type FPC, the internal pc- interface statistics on the IQ/IQ2 PIC will be
the same as the ingress interface statistics of the physical interface if family mpls is
configured. It is a cosmetic display issue. PR953183
•
In multi-chassis platform, one of LCC's mastership change causes other LCC's
SPARE-SIB's Active-LED to be set abnormally instead of "actual active plane's LED".
There is no impact on operation, it is a cosmetic issue. * only if spare-SIB is SIB#0. For
example, - SCC-RE0(M),RE1(B) | LCC0-RE0(M),RE1(B) | LCC1-RE0(M),RE1(B) all-chassis SIB0 is spare status. - LCC0's mastership change makes the issue on LCC1.
- LCC1's spare-SIB0's active LED to be set abnormally. PR972457
•
The problem is seen because CFMD is getting a configuration commit after the MX-VC
switch has happened. This commit is deleting the cfmd session and then creating a
new session which is causing the old information of action-profile to be deleted which
brings the interface back up. This problem fixes by the code correction. PR974663
•
XML traceroute does not display as-numbers. PR988727
•
In PPPoE over ATM subscriber management environment with active subscribers is
present, when issue with the "show arp" command, an ARP core file is generated.
PR1006306
76
•
The overhead values need to be represented with 8 bits to cover the range "-120..124",
but the microcode is only using the last 7 bits. PR1020446
•
CPQ RLDRAM ECC single and double bit error will generate CM alarm. "show chassis
alarms" command can be used to view CM alarm. Details ======= 1> CPQ RLDRAM
ECC single bit error in last 10 secs will raise minor CM alarm. 2> No CPQ RLDRAM ECC
single bit error in last 10 secs will clear minor CM alarm. 3> CPQ RLDRAM ECC double
bit error will raise Major CM alarm (this alarm will not be cleared until the FPC is
restarted). PR1023146
•
Recurring LMEM data errors may cause Lu chip wedge. PR1033660
Copyright © 2015, Juniper Networks, Inc.
Known Issues
•
The Priority code point (PCP) and Drop eligible indicator (DEI) bit in 802.1Q header are
preserved while packet gets routed within the same Packet Forwarding Engine. The
expected behavior is resetting the PCP and DEI bit when the packet is routed. PR1036756
•
Observation domain ID in exported flow records is wrong in Hyperion and snorkel line
card. PR1066319
Routing Protocols
•
It is necessary that the MSDP peer local-address matches the PIM RP address on
routers that are RP. MSDP RPF check might fail in rare cases when both these addresses
are not equal. PR35806
•
When you configure damping globally and use the import policy to prevent damping
for specific routes, and a peer sends a new route that has the local interface address
as the next hop, the route is added to the routing table with default damping
parameters, even though the import policy has a nondefault setting. As a result, damping
settings do not change appropriately when the route attributes change. PR51975
•
Continuous soft core-dump may be observed due to bgp-path-selection code. RPD
forks a child and the child asserts to produce a core-dump. The problem is with
route-ordering. And it is auto-corrected after collecting this soft-assert-coredump,
without any impact to traffic/service. PR815146
•
When a Bidirectional Protocol Independent Multicast (PIM) rendezvous point (RP) is
configured on a physical interface, such as fe-0/0/0 not the loopback interface, after
restarting the routing, the Reverse Path Forwarding (RPF) interface might not be added
to the accepting interface list for the affected groups, then some traffic can not be
forwarded normally. PR842623
•
If Node-link protection is required in case of multiple ECMP primary paths, Node-link
protection command: ("set protocols ospf area <area_Id> interface <interface_name>
node-link-protection") needs to be configured on all the outgoing-interfaces of
PLR(Point of Local Repair)node that fall on the ECMP path to the primary. For eg.in
the following diagram: PLR: RTA Destination: RTC Primary paths:
RTA-->lt-1/2/10.102-->RTB-->lt-1/2/10.203-->RTC;
RTA-->lt-1/2/10.122-->RTB-->lt-1/2/10.203-->RTC; Outgoing interfaces on PLR:
lt-1/2/10.102 lt-1/2/10.122 Node-link protection needs to be enabled on both lt-1/2/10.102
and lt-1/2/10.122 if backup route avoiding RTB needs to be computed. (cost 1)
|-----|-------------lt-1/2/10.102(81.1.2.2 )----------------|-----| | | (cost 1) | | | RTA
|-------------lt-1/2/10.122(82.11.22.2)----------------| RTB | |_____| |_____| | | | |lt-1/2/10.203
| 81.3.3.3 | | (cost 1000) |-----| | |----lt-1/2/10.103(81.1.3.1) -----| RTC |--------------------|
|-----| The behavior is corrected from release 14.1 and Node-link protection can be
configured on any one of the interfaces on the ECMP path. PR924290
•
When a Junos OS router with multicast enabled receives IGMP packets with protocol
DVMRP (IGMP_PROTO_DVMRP) to the IGMP port is 0x5 (DVMRP_ASK_NEIGHBORS2),
IGMP builds a neighbor list and responds back to the source IP address of the sender.
This source IP address can be a unicast address or a multicast address. There is no
throttling of responses. The requests are answered at the highest rate possible.
Secondary impacts are that the routing protocol daemon (rpd) IGMP utilization goes
Copyright © 2015, Juniper Networks, Inc.
77
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
very high and the host path and interface network control queues can get congested.
Refer to KB29553 for more information and mitigation. PR945215
•
In rare cases, rpd may write a core file with signature "rt_notbest_sanity: Path selection
failure on ..." The core is 'soft', which means there should be no impact to traffic or
routing protocols. PR946415
•
In a scaled setup a restart routing or NSR switchover can result in duplicate msdp
entries. PR977841
•
With BGP multipath configured, if a BGP route's multiple protocol nexthops are resolved
to different types of IGP routes with a same metric, high rpd process utilization might
be observed due to the BGP multipath task. PR1017372
•
The multicast traffic might be pruned with a static IGMP join configuration upon
receiving an IGMP leave group message when the interface is not a querier on the
corresponding interface. PR1034270
Routing Policy and Firewall Filters
•
There are two routing-instances, AAA and BBB. AAA's instance-type is default
(non-forwarding). BBB's instance-type is virtual-router. Create a policy to import routes
from routing-instances AAA to BBB. If the instance-type of AAA is changed from default
to virtual-router after the routing-policy is already configured, the route is missing from
routing-instance BBB. PR969944
Services Applications
78
•
When you specify a standard application at the [edit security idp idp-policy
<policy-name> rulebase-ips rule <rule-name> match application] hierarchy level, IDP
does not detect the attack on the nonstandard port (for example, junos:ftp on port
85). Whether it is a custom or predefined application, the application name does not
matter. IDP simply looks at the protocol and port from the application definition. Only
when traffic matches the protocol and port does IDP try to match or detect against
the associated attack. PR477748
•
When Ipsec tunnels scaled we need to have multiple proposals, otherwise all of these
tunnels do rekey almost around the same time, so load on the kmd would be too high
to handle it. Currently kmd (Routing Engine) is limited by tunnel setup rate of 6 tnl/sec.
So, 1k tunnels bring up would take around 150-200 seconds . It is better to split the
configuration with different proposals (each with 1k) having different lifetime values,
scattered by 200 seconds. PR929693
•
On M Series, MX Series, T Series routers (platforms) with Services PIC, the incoming
interface is a services interface. If the services interface receives "ICMP MTU Exceeded"
message, the message might be dropped. PR977627
•
Stale entries after connecting and disconnecting 100 PPPoE Dual Stack subscribers
with DTCP filters based on CID. PR979517
•
With Real Time Streaming Protocol (RTSP) Application Layer Gateway (ALG) enabled,
the PIC might crash in case the transport header in status reply from the media server
is bigger than 240 bytes. PR1027977
Copyright © 2015, Juniper Networks, Inc.
Known Issues
Software Installation and Upgrade
•
Filesystem corruption might lead to routing engine boot up failure. This problem is
observed when directory structure on hard disk (or SSD) is inconsistent. Such a failure
should not result in boot up problem normally, but due to the software bug the affected
Junos OS releases mount /var filesystem incorrectly. The affected platforms are
M/T/MX/TX. PR905214
User Interface and Configuration
•
Selecting the Monitor port for any port in the Chassis Viewer page takes the user to
the common Port Monitoring page instead of the corresponding Monitoring page of
the selected port. PR446890
•
User needs to wait until the page is completely loaded before navigating away from
the current page. PR567756
•
Using the Internet Explorer 7 browser, while deleting a user from the Configure > System
Properties > User Management > Users page on the J-Web interface, the system is not
showing warning message, whereas in the Firefox browser error messages are shown.
PR595932
•
If you access the J-Web interface using the Microsoft Internet Web browser version 7,
on the BGP Configuration page (Configure > Routing > BGP), all flags might be shown
in the Configured Flags list (in the Edit Global Settings window, on the Trace Options
tab) even though the flags are not configured. As a workaround, use the Mozilla Firefox
Web browser. PR603669
•
On the J-Web interface, next hop column in Monitor > Routing > Route Information
displays only the interface address and the corresponding IP address is missing. The
title of the first column displays "static route address" instead of "Destination Address."
PR684552
VPNs
•
When you modify the frame-relay-tcc statement at the [edit interfaces interface-name
unit logical-unit-number] hierarchy level of a Layer 2 VPN, the connection for the
second logical interface might not come up. As a workaround, restart the chassis
process (chassisd) or reboot the router. PR32763
•
BGP community 0xFF04 (65284) is a well known community (NOPEER), but it is
incorrectly displayed as "mvpn-mcast-rpt" in the cli command "show route". This is a
show command issue only. No operational mis-behavior will be observed on the
router/network. PR479156
•
In the Rosen MVPN environment, the RP-PE is an assert loser, another PE is sending
traffic over the data-mdt. If a new receiver PE with higher rate comes up, because
internal workflow processes wrong, the receiver PE might reset data-mdt. This leads
to traffic loss. PR999760
•
In NG-MVPN scenario with multiple source PEs for a same group, if an inactive source
PE has local receivers, the routing protocol process (rpd) on this PE might cause
multicast traffic loss and continuous IFF-MISMATCH error. PR1009215
Copyright © 2015, Juniper Networks, Inc.
79
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
Related
Documentation
•
New and Changed Features on page 21
•
Changes in Behavior and Syntax on page 54
•
Known Behavior on page 68
•
Resolved Issues on page 80
•
Documentation Updates on page 135
•
Migration, Upgrade, and Downgrade Instructions on page 156
•
Product Compatibility on page 165
Resolved Issues
This section lists the issues fixed in the Junos OS main release and the maintenance
releases.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
•
Resolved Issues: Release 13.3R6 on page 80
•
Resolved Issues: Release 13.3R5 on page 90
•
Resolved Issues: Release 13.3R4 on page 102
•
Resolved Issues: Release 13.3R3 on page 111
•
Resolved Issues: Release 13.3R2 on page 126
Resolved Issues: Release 13.3R6
Forwarding and Sampling
•
This issue affects a system with two Routing Engines with "graceful-switchover"
configured. When performs upgrade to Junos OS Release 13.3 from previous releases,
without deactivating "graceful-switchover", master and backup Routing Engines are
likely to become unresponsive due to running out of memory. The Routing Engines
need a power reset to restore service. PR1033926
•
When a firewall filter, which is used to de-encapsulate the IPv4 packets encapsulated
in IPv6 GRE header, is attached to interface hosts on MX Series MPC/MIC, the IPv6
GRE header would be de-encapsulated but the inner IPv4 packet would end up getting
dropped and not forwarded. This issue affects the packet with IPv4 over IPv6 GRE
header only, and those packets with IPv6 over IPv6 GRE header are not affected.
PR1054039
•
shared-bandwidth-policer failure results in subscriber exceeding the configured limit.
PR1056098
80
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
General Routing
•
On MX Series platform with Enhanced DPCs equipped, after router rebooted, the IRB
broadcast channel is not enabled, all the broadcast packets that are received in the
IRB interface will get dropped. Also when ping is given the below L2Channel error
increases as ping packets are sent: [email protected]>show interfaces ge-*/*/* extensive
| match channel L3 incompletes: 0, L2 channel errors: 10, L2 mismatch timeouts: 0.
PR876456
•
DPD may not work with link-type IPSec tunnels when NAT is present between the
IPSec peers. Even when NAT is not present between the IPsec peers, the issue can
occur with lesser probability. PR895719
•
On T/TX/TXP platforms, once detecting rchip sram parity errors, both parity-error
correction process and automatic jtree simulation are invoked within interrupt context
which triggers an assertion and resulting a FPC restart with coredump. FPC Type 5-3D
are not affected. Junos OS Releases 13.3R1 and later are exposed. PR944967
•
When a router is booted with AE having per-unit-scheduler configuration and hosted
on an EQ DPC, AE as well as its children get default traffic control profile on its control
logical interface. However, if a non-AE GE interface is created on the DPC with
per-unit-scheduler configuration, it will get default scheduler map on its control logical
interface. PR946927
•
In large scale L3VPN environment(in this case, there are 80K L3VPN routes) with
non-stop active routing (NSR) enabled, when the L3VPN routes are added and deleted
frequently, in rare condition, the Composite Next Hop (cnh) deletion from kernel after
backup rpd process learns cnhs with duplicated key but with different nhids. This might
lead to rpd process crash on backup Routing Engine. This issue is not reproducible and
only happened once. PR959331
•
On MX Series, delete an interface A from routing-instance VRF1; then create
routing-instance VRF2 and interface A is added to VRF2 with qualified-next-hop
configured; finally, delete VRF1. Commit the entire above configuration once, in rare
condition, rpd might crash. PR985085
•
On MX104 router with SONET/SDH OC3/STM1 (Multi-Rate) MIC. In rare condition, if
the MIC is plugged out from MX104, the PFE might crash, the traffic forwarding will be
affected. These MICs as below belong to SONET/SDH OC3/STM1 (Multi-Rate) MIC:
* MIC-3D-8OC3OC12-4OC48 * MIC-3D-4OC3OC12-1OC48 *
MIC-3D-8CHOC3-4CHOC12 * MIC-3D-4CHOC3-2CHOC12 * MIC-3D-8DS3-E3 *
MIC-3D-8CHDS3-E3-B * MIC-3D-1OC192-XFP. PR997821
•
An unnecessary update from the routing protocol process (rpd) to the route record
database might be triggered by certain configuration change. This process causes jump
in CPU utilization of all Packet Forwarding Engines. PR1002107
•
On MX Series Virtual Chassis with the no-split-detection configured, in some rare
circumstances, the transit traffic might get dropped if all of the virtual chassis ports
(VCP) go down and come up quickly (within few seconds). PR1008508
Copyright © 2015, Juniper Networks, Inc.
81
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
•
On MX Series platforms with ADPC FPCs, M120, or M7i/M10i with Enhanced CFEB, each
VPLS LSI interface flapping triggers a memory leak in jtree segment 0. There is no
memory leak in FPC heap 0 memory. PR1009985
•
When destinations are pointing to protocol next-hops as unilist type or IP forwarding
next-hops as unilist, which in scenarios like using Loop-Free Alternate Routes for OSPF
(LFA-OSPF) with link protection or MPLS FRR is enabled. If flapping the active interface
very fast, especially an interface comes back up before Kernel gets a chance to delete
all the unilist next-hops, those unilist next-hops which have not been deleted yet would
be re-used. As a result, the corresponding destinations are pointing to discard
next-hop(s) or replaced next-hop(s) in Packet Forwarding Engine Jtree. The "discard"
next-hop(s) causes traffic blackhole while the "replaced" next-hop(s) diverts traffic
to other active next-hop(s) in the unlist. Those unilist next-hops which have been
already deleted are safe and get updated accordingly. This is a day one timing issue.
PR1016649
82
•
Under corner cases, if there are multiple back-to-back Virtual Chassis port (VCP)
related CLI commands, Network Processing Card (NPC) core may be observed and
FPC hosting the VC ports might reboot. PR1017901.
•
If you issue the show services nat mappings details command with a large number of
service sets configured (such as 1000 service sets) and one or two NAT mappings
specified, the command takes a certain amount of time to display the output. During
this period, if you deactivate or activate the services, a multiservices PIC management
daemon core file is generated. PR1019996
•
Enabling sampling on an ms- interface is not supported configuration, if
'forwarding-opions sampling sample-once' is subsequently deactivated, the FPC may
reboot. PR1021946
•
On MX Series router with IPv6 subscribers, after performing GRES or reloading one line
card which has underlying interfaces for demux, some demux interfaces might be stuck
in Tentative state, and some other demux interfaces which has the same link local
addresses might be unable to send any IPv6 RA message. PR1026724
•
On MPC5E line card, if a firewall filter with large-scale terms (more than 1300 etc.) is
attached to an interface, traffic drop might be seen. PR1027516
•
With an unrecognized or unsupported Control Board (CB), mismatch link speed might
be seen between fabric and FPCs, which results in FPCs CRC/destination errors and
fabric planes offline. Second issue is in a race condition, Fabric Manager (FM) might
process the stale destination disable event but the error is cleared indeed, it will result
in the unnecessary FPC offline and not allowing Fabric Hardening action to trigger and
recover. PR1031561
•
If a logical interface is used as the qualified-next-hop (which implies the logical interface
has unnumbered-address configured), and there are changes in the logical interface
filter configuration, then the static route might disappear from routing table. To make
it reappear, need to delete it from the configuration and add it back. PR1035598.
•
For MLPPP interface on MX Series based line card, in some very rare conditions, the
received fragmented packets might be dropped. PR1041412
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
•
On MX Series platform with one of the following protocols configuration, flapping the
protocols will trigger the Composite Next-hop change operation. In rare condition,
since it is not proper programmed, the FPC might crash. This is a day-1 issue. - LDP MPLS - Point-to-multipoint LSP - RSVP - Static LSPs. PR1045794
•
Once default route 0.0.0.0/0 is added, deleted or changed, the PFEMAN thread running
on the MPC/FPC5 needs more than 600 mseconds to program such changes. This is
long enough to trigger LFM or BFD flap. Junos OS Release 13.3R2 or later is exposed to
this symptom. PR1045828
•
On T Series FPC 1-3 and M320 except E3-FPC with fib-local configuration. If there are
multiple FIB local FPCs or the FIB local is a multiple Packet Forwarding Engine FPC,
the TCP packets might be out of order, packets re-ordering would occur. It reduces the
application level throughput for any protocols running over TCP. PR1049613
•
In the PPP dual-stack subscribers environment, in rare condition, if bringing up 1000
dual-stack subscribers quickly, the PPP negotiation might fail. Then PPP retries
negotiation, all subscribers fully establish. PR1050415
•
Incorrect flow count is reported in the field 'count' of V9 header in all the packets sent
to the collector. PR1050543
•
This problem is because of a race condition, where other FPCs are not able to drain
"which is 1 second" Fabric Streams connecting to FPC which is getting offline. With
this situation - even when FPC comes online, other FPCs which have observed message
"xmchip_dstat_stream_wait_to_drain" will not be able to send traffic to that particular
FPC over fabric. There is no workaround. To recover, we have to reboot FPCs which
observed error message "xmchip_dstat_stream_wait_to_drain". PR1052472
•
As a precautionary measure, a periodic sanity check is added to Ichip based FPC. It
checks FPC error conditions and performs the appropriate actions in case of an error.
PR1056161
•
IFCM error messages may occur in logs when it is not used. We lowered the severity of
the message to avoid confusion. PR1057712
•
This problem scenario with stuck DEMUX VLANs was observed after upgrade to 12.3
from previous release of 11.4X27. PR1054914
•
When enabling pseudowire subscribers the "show subscribers extensive" command
does not display CoS policies applied to the subscriber interface. This issue was fixed
in 13.3R6, 14.1R5 and 14.2R3. PR1060036
•
bfd-protected ospf-session and bfd-protected bgp-session fail to come up via site-site
IPSec tunnel. As a workaround use no-ipsec-tunnel-in-traceroute cli configuration
statement. PR1061342
Copyright © 2015, Juniper Networks, Inc.
83
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
Interfaces and Chassis
•
Refer to the following topology. If we set interface ge-1/0/8 disable, interface xe-2/0/0
and xe-2/1/0 become down status because "asynchronous-notification" feature.
However after 3 or 4 seconds, ether OAM detects link-fault status changed to good.
And then, interface xe-2/0/0 and xe-2/1/0 change link status from down to up. The
conditions are the following. 1. Configure MPLS circuit with ether CCC. 2. Configure
"asynchronous-notification" on CE facing interface in both PEs. 3. Configure ether OAM
to one of PE, CE pair. 4. Use DPC 10 giga-interface on DTU. * This behavior did not occur
with MPC and DPC 1 giga-interface. << topology >>
********************************************************************* local
link remote link DPC 10ge | xe-2/0/0 V ge-1/0/6 ge-1/0/8 [ CE ]----------[ PE ]---------[
PE ]----------[ CE ] xe-2/1/0 ge-1/0/7 ge-1/0/9 (DTU) <--------> <-------> <-------->
ether CCC MPLS ether CCC asynchronous-notification asynchronous-notification
<--------> ether OAM *CE:MX240 PE:MX240
*********************************************************************
PR973840
•
With vrf-table-label configured on the routing-instances, when an FPC with Enhanced
IQ (IQE) PIC is sharing the same Forwarding Engine Board (FEB) with another FPC,
and the FEB has two core-facing interfaces configured with the family mpls on
aforementioned FPCs separately, the label-switched interface (LSI) might be removed
incorrectly on the working FPC when the other FPC with IQE PIC is set to offline.
PR1027034
84
•
If DPCE 20x 1GE + 2x 10GE X card is present in the chassis, BFD sessions over AE
interfaces may not be distributed.PR1032604
•
Some duplicate entries are reported in jnx-chas-defines.mib. This patch removes the
duplicate entries to fix the issue. PR1036026
•
FRR switching time is much higher than 50 ms (e.g. might be 400-900 ms) when
protected links are located on MX Series Gigabit Ethernet enhanced and hardened
MICs (i.e. MIC model name end with -E or -EH, currently, the supported MICs are
MIC-3D-20GE-SFP-E and MIC-3D-20GE-SFP-EH). PR1038999
•
Using PPP authentication with a specifically crafted PAP Authenticate-Request may
cause the Juniper Networks PPP daemon (jpppd) to crash and restart. After PPPoE
Discovery and LCP phase is successfully negotiated, when the crafted PAP
Authenticate-Request is received, jpppd crashes and no response is sent by the
broadband edge router to the subscriber. The jpppd continues to crash every time the
subscriber re-sends the PAP Authenticate-Request. PR1040665
•
In case of the IQ2 or IQ2E PIC are working in tunnel-only mode, rebooting the tunnel
PIC while the traffic is passing through the tunnel might cause the tunnel PIC to not
transfer traffic any more. PR1041811
•
jpppd daemon ran out of memory as subscribers login failed due to missing CoS
parameters. Below logs will be seen in messages when the subscribers login fail. Nov
16 12:19:21 jtac-host jpppd: Semantic check failed for profile=PPPoE-1-QoS, error=301
Nov 16 12:19:21 jtac-host jpppd: dyn_prof_send_request: add pre_processing failure,
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
error=301 Nov 16 12:19:21 jtac-host jpppd: Profile: PPPoE-1-QoS variable:
$junos-cos-shaping-rate value: failed semantic check PR1042247
•
clear interfaces interface-set statistics all fails due to memory limitation. PR1045683
•
On MX Series routers (platforms) with Enhanced Switch Control Board (SCBE), when
the fan tray is inserted or pulled out, the chassisd process might crash. PR1048021
•
When Inherit is part of lower logical interface Unit, VRRPD parses it before Active. In
this case, VRRPD attaches a dummy Active to the Inherit, with the assumption that
the Active will be available soon and then replication of information from Active to
Inherit will take place. However, the replication of the priority was not done correctly
due to which the Inherit group was stuck with priority of 0. PR1051135
•
mru remains set at previous value after deleting mru under group-profile ppp-options.
PR1059720
Layer 2 Features
•
On multiple Routing Engines system with NSR enabled, if the FEC129 VPLS instance
has "no-tunnel-service" configured, the VPLS might show status as "OL" (no outgoing
label) after performing Routing Engine switchover. PR1050744
•
After FPC restart, bridge domain (BD) implicit filters for Ethernet ring protection
switching (ERPS) might get reprogrammed with wrong logical interface (ifl) index,
which cause ERPS to not work correctly. PR1021795
•
If a customer is using SNMP and performs an snmpwalk on the dhcp binding table, not
all of the entries may be displayed. This fix resolves that issue so that bindings for all
IP addresses are displayed. PR1033158
•
On a router with DHCP local server configured, if there are scaled number of DHCP
subscribers connected, most of the subscribers might get stuck in "RELEASE" status
after performing graceful Routing Engine switchover (GRES). PR1038385
•
In DHCP dynamic subscriber management scenario, when maintain DHCP subscribers
during interface delete is configured, some interface indices might be reused by a new
interface if system is under stress (such as high connection speed, many clients and
individual log files configured to be larger than 100M). In this case, it might result in
subscriber being associated with an interface that no longer exists. PR1044002
MPLS
•
Error "tag_icmp_route:failed to find a chain composite ahead of fwd nh" might be
observed when doing traceroute. PR999034
•
When configuring point-to-multipoint (P2MP) Label Distribution Protocol (LDP)
label-switched paths (LSPs), the labels will never be freed even though they are no
longer needed. This could lead to the MPLS label exhaustion eventually. To clear the
state, the rpd process will restart with core files. PR1032061
•
On the P2MP LSP transit router with link protection enabled, if the LSP is the last
subLSP, tearing the last subLSP (for example, an RESV tear message is received from
downstream router) might crash the routing protocol process (rpd). PR1036452
Copyright © 2015, Juniper Networks, Inc.
85
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
•
When node-protection is enabled for a specified LSP and optimize-timer for a
node-protecting bypass LSP is configured on router, the bypass route might
get-optimized in such a way that it traverses through the very node that the bypass is
trying to protect during re-optimization. As a consequence, the node-protecting bypass
LSP only provide link protection instead of node protection. PR1045055
•
On M/MX/T Series routers, dynamic-rsvp-lsp is configured under interface
link-protection hierarchy level. After interface flap, the bypass LSP does not come up.
PR1054155
Multicast
•
In multicast environment, if GRES is performed immediately after a routing-instance
being deleted, the krt (kernel routing table) queue might get stuck after adding back
the routing-instances which were deleted. PR1001122
Network Management and Monitoring
•
Mib2d cores while trying to re-add a lag child into the internal DB. Since the entry is
already present in the internal DB. Before adding the child link, mib2d does a lookup
on the tree, to know if the entry is not already there. However, this lookup returns no
results, since the child link is part of snmp filter-interface configuration. PR1039508
•
SNMP mib walk jnxMac does not return value with et- interfaces on
MPC3/MPC4/MPC5/MPC6. PR1051960
•
There is no specific counter name in the MIB2D_COUNTER_DECREASING syslog
message. PR1061225
Platform and Infrastructure
86
•
With inline jflow enabled, if the low 12 bits of the packet counter are zero (0x000)
while copying packets count from hash record into flow export packet, the
packetDeltaCount counter might be incorrect in inline jflow records. There is no traffic
impact but may impact billing. PR886222
•
For inline BFD over aggregated Ethernet (AE) interface which member links are hosted
on different FPCs, BFD packets coming on ingress line card will be steered to anchor
Packet Forwarding Engine through fabric. If FPC reconnects to master Routing Engine
(such as Routing Engine switchover operation), the inline BFD session punts the BFD
packet to host, the BFD packet should go through loopback interface filter of VRF on
which it is received. But in this case, the BFD packet might hit the wrong loopback
interface filter from wrong routing-instance since the VRF information is not carried
across fabric. PR993882
•
BFD session within default routing-instance are not coming up once inline-services pic
is configured and fixed class-of-service forwarding-class is assigned. BFD session
operating in no-delegate-processing are not affected. PR999647
•
On MX Series platform with scaled set-up, after deactivate/activate or renaming a
bridge domain (BD) which has irb interface associated, the IGMP snooping configured
under the BD might not work any more. Note it happens only when the router is in
"network-services enhanced-ip" mode. PR1024613
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
•
A Packet Forwarding Engine memory leak is seen when multicast receivers are
connected in a bridge domain where IGMP snooping is enabled and IGMP messages
exchanged between the multicast receivers and the layer 3 IRB (Integrated Routing
and Bridging) interface. PR1027473
•
Aggregated Ethernet interface does not send PPPoE client echo reply when ae interface
bundle spans multiple FPC(s). PR1031218
•
On MX Series 3D MPC, when there is a congested Packet Forwarding Engine destination,
the non-congested Packet Forwarding Engine destinations might experience an
unexpected packet drop. PR1033071
•
sa-multicast load sharing method under [chassis <> fpc <> pic <> forwarding-mode]
is not working on 100GE interface on MX Series FPC. PR1035180
•
The micro BFD sessions won't come up if incoming untagged micro BFD packets contain
a source MAC where the last 12 bits are zero. PR1035295
•
Presence of /8 prefix in two terms results in incorrect filter processing and unexpected
behavior. PR1042889
•
When IRB interface is configured with VRRP in layer 2 VPLS/bridge-domain, in corner
cases IRB interface may not respond to ARP request targeting to IRB sub-interface IP
address. PR1043571
•
In a scaled subscriber management environment, the output of CLI command "show
subscribers" and its sub flavors might print more pages and has to be terminated by
"Ctrl+c" or "q". But this was not closing the back end Session Database (SDB)
connection properly. Over a period of time, this will cause inconsistency and the
subscriber management infrastructure daemon (smid) fails to register and no new
subscribers could connect. PR1045820
•
On T4000 and FPC Type 5-3D or TXP-3D platforms , BFD sessions operating in
100msec interval with default multiplier of 3 might randomly flap after the
enhancements implemented via PR967013. BFD sessions with lower intervals of
100msec or higher intervals are not exposed. The internal FPC thread, monitoring the
High Speed Fabric links had a run time of longer then 100 msec. PR1047229
•
By default, after 16x10GE MPC boards come up, about 75% of queues were allocated
to support rich queuing with MQ chip. Such allocation causes MQ driver software
module to poll stats. Polling stats causes this rise in CPU usage. PR1048947
Routing Protocols
•
In the multicast environment, in rare condition, after graceful Routing Engine switchover
(GRES) is executed, the rpd process might crash due to receiving NULL incoming logical
interface. PR999085
•
When BGP add-path feature is enabled on BGP route-reflector (RR) router, and if the
RR router has mix of add-path receive-enabled client and add-path receive-disabled
(which is default) client, due to a timing issue, the rpd process on RR might crash when
routes update/withdraw. PR1024813
•
When a BGP peer goes down, the route for this peer should be withdrawn. If it happens
that a enqueued BGP route update for this peer has not been sent out, issuing the CLI
Copyright © 2015, Juniper Networks, Inc.
87
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
command "show route advertising-protocol bgp <peer-addr>" might crash the routing
protocol process (rpd). This is very corner issue and hardly to be experienced.
PR1028390
•
When BGP is doing path selection with default behavior, soft-asserts requests are
introduced. If BGP routes flap a lot, it needs to do path selection frequently, because
of which a great deal soft-asserts might be produced which will cause unnecessary
high CPU and some service issues, such as SNMP can not respond and even rpd core.
PR1030272
•
When "clear bfd session" is issued immediately (before the Poll - Final sequence is
completed) post config check-in for interval change from higher to lower
minimum-interval value, BFD sessions don't revert to lower interval. PR1033231
•
Issue in populating isisRouterTable values. Some entries are not filled correctly. This
does not block/affect the functionality of ISIS or other components. PR1040234
•
If labeled BGP routes are leaked from inet.3 table to inet.0, then activation of BGP
"add-path" feature might crash the routing protocol process (rpd). PR1044221
•
BFD session might reset on commit if version is configured. The adaptive RX interval
gets set to 0 which results in the reset. A sample configuration of BFD version is as
follows: protocols { bgp { bfd-liveness-detection { version 1; minimum-interval 1000;
transmit-interval { minimum-interval 1000; } } } PR1045037
•
When BGP and ICCP are the client of the same multi-hop BFD session, BFD runs in
centralized (non-distributed) mode. But if nonstop-routing configuration is added and
enabled, running mode of BFD is changed to distributed mode. This behavior is incorrect
but it would not affect to protocols which is client of the BFD session. However, if
Routing Engine switchover is performed after enabling NSR, the BFD session will get
unstable and all the client protocols also get unstable. PR1046755
•
Junos OS Multicast Source Discovery Protocol (MSDP) implementation is closing an
established MSDP session and underlying TCP session on reception of source-active
TLV from the peer when this source-active TLV have an "Entry Count" field of zero.
"Entry Count" is a field within SA message which defines how many source/group
tuples are present within SA message. PR1052381
•
The BGP session sending add-path prefixes can cause an rpd crash when the add-path
IDs that it allocates roll over from 65535 to 0. If the routes contributing add-path
prefixes are changing, the allocated path-id can eventually reach this value. This fix
changes the allocation scheme to always use the lowest available free path-id, so a
rollover will never occur. PR1053339
•
After multicast traffic source incoming interface and source ip RPF (reverse path
forwarding) route switching to a different interface, the multicast route cache upstream
interface might not be refreshed to be in sync with the pim join upstream interface.
This is incorrect and will cause packet blackhole for the affected multicast stream.
PR1057023
•
88
RPD cored at isisSysLevelTable_next function when we do snmpwalk/snmpget with
invalid value in snmp data variable part. With this fix,added sanity checks for those
OIDs that do not have checks in earlier versions. PR1060485
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
Routing Policy and Firewall Filters
•
In the BGP environment, if operator "!" exists in the regex for as-path, the commit
operation fails. PR1040719
Services Applications
•
Added support to bring up Tunnel-switched sessions when tunnel-group is not
configured at LTS and tunnel attributes are returned from RADIUS. PR1030799
•
When NAT has multiple terms that refer to the same NAT Pool, the command 'show
snmp mib walk jnxSvcsMibRoot ascii' always prints out jnxNatPoolTransHits for the
count of jnxNatRuleTransHits in the first term. PR1035635
•
The cause of the KMD crash is not known. This is not due to SA (Security Association)
memory corruption. The code sees that SA is getting freed without clearing the table
entry. PR1036023
•
When the tunnel between L2TP access concentrator (LAC) and L2TP network server
(LNS) is destroyed, the tunnel information will be maintained until destruct-timeout
expire (if the destruct-timeout is not configured, the default value is 300 seconds). If
the same tunnel is restarted within the destruct-timeout expire, the LNS will use the
previously negotiated non default UDP port, which might lead to the tunnel negotiation
failure. PR1060310
Subscriber Access Management
•
The MX960 will send out error message when it processes idle-timeout. PR1041654
VPNs
•
For VPLS over VPLS topology, when the VPLS payload has two labels
(Customer-VPLS-label and Customer-MPLS-label), the frame might be dropped by
the core facing interface hosted on IQ2 PIC with "L2 mismatch timeout" error. This
particular scenario is fixed. But there are some other worse scenarios which might hit
this issue again due to the system architecture limitation, which are not fixed but need
to avoid: * Addition of VLAN tags on Service provider's or CE's VPLS payload e.g.
configuring QinQ. * Addition of MPLS tags on Service provider or CE's VPLS payload.
* Enabling VPLS payload load balancing on Service provider's PE router. PR1038103
•
In NG MVPN, after the route to C-RP flaps, traffic loss might be seen for a short period
of time. PR1049294
•
In NG-MVPN scenario, when a source is directly connected to a PE that is acting as an
RP stops sending the traffic, the PE never withdraws the Type 5 route. This causes the
Type 7 routes and forwarding routes to remain on the egress and ingress PEs. PR1051799
•
In L2VPN scenario with local switching enabled, in corner cases, the rpd process might
crash after flapping the PE-CE link. For example, if the L2VPN connection type changes
from remote to local after link flaps, for a brief period of time, two route entries (for
old remote VC connection and for the new local VC connection) might exist for the
same egress route (with interface name as destination prefix). In that case, when
deleting remote VC connection and route entry associated with that remote connection,
Copyright © 2015, Juniper Networks, Inc.
89
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
the rpd might crash due to trying to reset an internal variable which is already reset
during route addition for the new local VC connection. PR1053887
Resolved Issues: Release 13.3R5
Class of Service (CoS)
•
Sometimes MX Series might respond with "no such instance" of the second OID when
two CoS OIDs in the single SNMP packet. PR1015342
•
This issue specific to rate-limit on trunk port in DPC due to a software issue that
installing rate-limit variables to egress Packet Forwarding Engine does not work
normally. PR1022966
•
For ichip based platform, IQ2 pic expects FC index in the cookie from ichip for packet
queuing. For Transit traffic, fc index is coming in cookie where are for host outbound
traffic, queue number is coming in cookie to IQ2 pic. As IQ2 pic is not aware whether
traffic is transit or host outbound, it treats value received in cookie as FC value and
looks into fc_to_q table to fetch queue number. This is causing issue in queueing of
host outbound traffic in IQ2 PIC in incorrect queue. This is a day one issue and will come
if in FC to Queue mapping, fc id and queue number are not same. PR1033572
Forwarding and Sampling
•
On the 32-bit Junos OS, when a very big burst-size-limit value (2147492676 and above)
is configured in the ingress interface policer, the kernel may drop Routing Engine
destined traffic. PR1010008
•
Deactivating Inline Jflow configuration does not make memory release normally.
PR1013320
•
When an ARP policer is applied to an interface, it appears commented out in the
configuration with the following message: "invalid path element 'disable_arp_policer'".
PR1014598
•
When an MX Series specific filter is configured on an interface located on a DPC, the
filter is not being installed and no warning message is logged on the message log file.
PR1022836
90
•
Adding "fast-lookup-filter" knob to a firewall filter using one or more terms with
"next-term" action could cause dfwc crash during commit (commit check phase).
Hence because of this bug, this disallows use of "fast-lookup-filter" feature on firewall
filters with terms using "next-term". This PR fixes the above bug exposed during firewall
compiler optimization of filters using next-terms and fast-lookup-filter. PR1029761
•
This issue affects a system with two routing engines with "graceful-switchover"
configured. When performs upgrade to Junos OS version 13.3 from previous releases,
without deactivating "graceful-switchover", master and backup Routing Engines is
likely to become unresponsive due to running out of memory. The routing engines need
power reset to restore service. PR1033926
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
General Routing
•
"show services accounting usage" does not populate cpu utilization for XLP based
cards . Please use "show services service-sets cpu-usage". PR864104
•
Leak in /mfs/var/sdb/iflstatsDB.db. PR924761
•
In this scenario the CPCD (captive-portal-content-delivery) is configured for
HTTP-REDIRECT for Subscriber Management clients using MS-DPC. When services
sessions start to redirect the HTTP traffic, the memory-usage consistently increments
for MSPMAND on the multi-service PIC. The memory limit then might cause packets
loss. PR954079
•
MPLS traceroute causes "rttable-mismatch" syslog messages. PR960493
•
On MX Series DPC line cards with redundancy System Control Boards (SCBs), when
active SCB goes down ungracefully by unexpected event (such as turn off Power Entry
Modules (PEMs)), traffic loss is observed and cannot be recovered on standby SCB
as expected. PR961241
•
In the dual Routing Engines scenario with large scale nexthops (in this case, more than
1-million nexthops and around 8K VRFs). In rare condition, kernel might crash on backup
and/or master Routing Engine due to exhaustion of nexthop index space. PR976117
•
1) Due to a previous fix chassisd on the protocol master Routing Engine and the protocol
backup Routing Engine connect to the main snmpd on the protocol master using the
following methods. a) Chassisd on the protocol master Routing Engine connects using
a local socket since snmpd is running locally. b) Chassisd on the protocol backup
Routing Engine connects using a TNP socket since snmpd is not local. 2) However this
fix changed the way the other daemons connect to snmpd. All important daemons
run on the protocol master and should connect to snmpd using a local socket. However
the fix changed it so that all daemons that ran on the protocol master (other than
chassisd) tried to connect using the TNP socket. SNMPD does not accept these
connections. As a fix, in an MX-VC, we made sure that chassisd connects to all processes
which run on the protocol master using internal socket while the chassisd process on
the protocol backup and protocol lincecard connect connect using TNP socket.
PR986009
•
In the dual Routing Engines scenario, in rare condition, while executing GRES and
deleting interfaces at the same time, it is possible that a nexthop delete message is
not sent to rpd process, causing rpd to keep a nexthop index (NHID) that kernel has
already deleted. Later when kernel allocates this NHID for next new nexthop and sends
it to rpd process, rpd process might crash due to duplicate NHID. PR987102
•
MX 960/480/240 fantray red alarm temp changed from 75C to 80C. PR995225
•
In the dual Routing Engines scenario with NSR configuration, backup peer proxy thread
is hogging CPU for more than 1 second if there are multiple updates (>5000) going
from master Routing Engine to backup Routing Engine. This is leading to FPC socket
disconnections. The traffic forwarding might be affected. PR996720
•
By default, the syslog utility exports 800,000 logs per second to a remote syslog server.
You can modify the number of syslogs to be sent by including the message-rate-limit
statement at the [edit interfaces interface-name services-options syslog] hierarchy
Copyright © 2015, Juniper Networks, Inc.
91
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
level to suit your deployment needs. The rate at which syslog messages can be sent
to the Routing Engine is 10,000 logs per second. PR1001201
•
With NSR enabled, when activating a BGP session in a routing instance, and the interface
route is imported into the main routing instance, the TCP receive window might
decrement until it hits 0 after receiving incoming BGP traffic arrives from the main
routing instance. PR1003576
•
MS-DPC memory leak on system service set when HTTP Redirect attempts to process
none-HTTP traffic with HTTP ports (80/8080/443). PR1008332
•
When deleting a routing-instance or making changes to the routing-instance, the
deletion of the routing-instance to kernel might come before the deletion of the logical
interfaces in the routing-instance, resulting in rpd crash. This is a timing issue, hard to
reproduce. PR1009426
•
On MX Series platforms with ADPC FPCs, M120 or M7i/M10i with Enhanced CFEB each
VPLS LSI interface flapping triggers a memory leak in jtree segment 0. There is no
memory leak in FPC heap 0 memory. PR1009985
•
Unknown unicast flood is seen with interface flap after router reboot and with static
MAC, no-mac-learning, interface-mac-limit configured for a virtual-switch. PR1014222
•
The routing protocol daemon (rpd) might crash continuously with core-files upon
adding a sub-interface with "disable" configuration to a MC-LAG interface. PR1014300
•
Sending multicast traffic to subscribers which have lawful interception enabled might
crash the FPC. PR1014569
•
For 64-bit Junos OS, the route protocols process (rpd) might crash and generate core
file during IBGP route churn when using IBGP multipath and multiple levels of IBGP
route/next-hop recursion. PR1014827
•
If the service option configured on aggregated Multiservices (AMS) interface is different
from its member interface, conflict would happen which might cause some serious
issue. After this fix, service-options configuration (which includes timeouts/sessios-limit
etc.) should only be configured on all members interfaces when configure AMS bundle.
PR1014898
92
•
A new global knob is added at the top level CLI "set forwarding-options port-mirroring
[no-preserve-ingress-tag]" By default the system behavior would remain as it is today
where ingress mirrored copy would contain VLAN content exactly as what came in
wire over ingress. However, if this knob is configured, if any VLAN modification happens
to packet as part of its datapath processing, that would get retained in the ingress
mirrored copy ie we will not restore VLAN to what came in ingress on wire. PR1015149
•
This PR is implementing traceoptions debug enhancements to detect route-record
corruption events. The route-record traceoptions debug will be enabled as follows:
---------------------------- [email protected]> edit Entering configuration mode [edit]
[email protected]# set routing-options traceoptions flag route-record [edit] [email protected]#
commit ---------------------------- PR1015820
•
hash-key command is no longer treated as a hidden command and considered invalid
input in 12.3 for small footprint routers (these platforms don't support the hash-key
feature), this could cause configuration failure during a software upgrade if hash-key
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
command is configured prior to the upgrade. This PR reverses the above change and
allows hash-key command to be ignored on unsupported platforms: show configuration
forwarding-options ## ## Warning: configuration block ignored: unsupported platform
(mx80) ## hash-key { family inet { layer-3; } } PR1016339
•
In dynamic subscribers management environment with "maintain-subscriber" feature
enabled, when scaling up the logged in subscribers, the demux interface might not be
associated with the subscriber and "show auto-configuration extensive" CLI command
only print partial output. PR1017544
•
MAC accounting support was added for 40G and 100G interfaces on MPC3 and MPC4
cards. PR1017595
•
Traffic destined to the Broadcast or Network address of a Network Address Translation
(NAT) pool using the address prefix setting for the MS-MIC/MS-MPC card causes a
traffic loop that spikes the CPU. PR1019354
•
On a MX Series-based FPCs, when there are next-hop changes, the "heap 0" memory
of the FPC may experience memory leakage which will eventually causes memory
exhaustion. PR1019794
•
No performance or functional impact. Can be safely ignored. "Ignore the PTP message
(2) as this MPC doesn't support EEC" should be moved from notice to debug level.
PR1020161
•
When source address is configured under ms interface, and the service-set has syslog
host as local the FPC slot is printed as -ve. PR1020854
•
Trace file size is already limited to 1 Mega bytes, but the actual issue is different. When
file reaches its maximum allowed size, an attempt is made to rotate trace file. But
trace files count is presently set to 0 (default), so rotate is not functional. As a result
all logs are appended to the same trace file even after crossing max limit. PR1021076
•
MQCHIP(0) mqchip_get_q_forwarded_stats() invalid q_sys 0 q_num messages are
continously shows in logs.It will cause two GE or XGE interfaces to not forward traffic.
PR1021951
•
The host MPC might continuously crash when trying to online a faulty MS-MIC after
discovering the hardware failure. PR1026310
•
On MPC5E line card, if a firewall filter with large-scale terms (more than 1300 etc.) is
attached to an interface, traffic drop might be seen. PR1027516
•
For M320 or T Series FPCs (M320 non-E3 FPC and T Series non-FPC5) with queuing
PIC, if the configured total buffer size temporal values exceeds the supported maximum
scheduler buffer size for the PIC (e.g. For PD-5-10XGE-SFPP PIC, the maximum
temporal buffer size that can be configured for a scheduler is 40,000 microseconds),
the default scheduler [95,0,0,5] is applied instead of the default chassis scheduler
[25,25,25,25], which might result in the packet drops on Q1 and Q2. PR1027547
•
In a rare case, rdd core is reported under /usr/sbin/rdd as soon as applying the group
and commit is performed. PR1029810
•
On MX Series platform with MS-MPC card, after performing switchover from master
RE0 to backup RE1, 2 internal ARP entries for Routing Engine address (128.0.0.1) on
Copyright © 2015, Juniper Networks, Inc.
93
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
MS-MPC PICs pointing to two eth interfaces connect to CB0 and CB1 separately might
be wrongly created. Then if pull out RE0/CB0, the MS-PIC would still select the eth
interface connects to CB0, which results in loss of connectivity because that path is
not available anymore. PR1030119
•
PCS statistics counter is now displayed for PTX 100GE interfces in below command:
cli > monitor interface <intf> PR1030819
•
In rare cases, the AUTHD daemon may crash and cause a corruption of subscriber
dynamic profiles. In-use profiles may be incorrectly marked as not in use. Any subscribers
that reference that profile are forced to remain in Terminating state, until the router is
rebooted. Daemon restarts and GRES switches are ineffective in working around this
situation. PR1032548
High Availability (HA) and Resiliency
•
This issue occurs in rare condition. In the dual Routing Engines scenario, doing interface
flap after Routing Engine switchover. If this action is repeated many times, the stale
indirect nexthop entry might be seen in kernel, this leads to traffic blackhole. PR987959
Infrastructure
•
SNMP socket sequence error log. PR986613
Interfaces and Chassis
94
•
If dynamic VLAN subscriber interface is over a physical interface (IFD), and there are
active subscribers over the interface, when deactivate the dynamic VLAN related
configuration under the IFD and add the IFD to an aggregated Ethernet (AE) interface
which has LACP enabled, the Routing Engine might crash and get rebooted. PR931028
•
In the dynamic-profile environment with preferred-source-address configuration. If
subscribers stuck in terminating state, it is impossible to commit changes. PR978156
•
In the bridge domain configuration with IRB interface environment, the IRB interface
INET/ISO MTU is set to 1500. When the MTU on IRB interface is deleted, the MTU
would not be changed. PR990018
•
In the PPPoE environment, when the subscriber logs in successfully but profile activate
fails, due to code processing error, the address entry is not deleted in the authd's DAP
pool. So when the subscriber tries to log in again, it connects fails. PR995543
•
In L2 circuit, with async notification configured on a client facing interface goes down,
then on the remote PE the corresponding CE interface shows up in show interface terse
output while in log snmp reports interface down. PR1001547
•
As current Junos OS Multichassis link aggregation groups (MC-LAGs) design, the ARP
entry will not sync when learning ARP via ARP request but not Gratuitous ARP/ARP
reply, in some specific scenarios (e.g. a host changes its MAC address without sending
a Gratuitous ARP), traffic loss might occur. PR1009591
•
IS-IS Adjacency may flap after unified ISSU. This behavior is being further analyzed
and fixed in further releases. PR1015895
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
•
VRRP daemon (vrrpd) memory leak might be observed in "show system processes
extensive" when VRRP is set with routing-instance and then change any configuration.
PR1022400
•
On M120, when two type 1 FPCs are sharing the same FEB and they are both carrying
core facing interface, with vrf-table-label/no-tunnel-service configuration, the LSI
interfaces might be removed incorrect on a working FPC when the other is set to offline.
PR1027034
•
"set forwarding-options enhanced-hash-key symmetric" knob will not get applied on
MX104 Packet Forwarding Engine. PR1028931
•
If DPCE 20x 1GE + 2x 10GE X card is present in the chassis, BFD sessions over AE
interfaces may not be distributed PR1032604
•
Some duplicate entries are reported in jnx-chas-defines.mib. This patch removes the
duplicate entries to fix the issue. PR1036026
Layer 2 Features
•
After configuration change or convergence events, kernel may report ifl_index_alloc
failures for LSI interfaces and causing KRT queue ENOMEM issue, eventually preventing
new logical interfaces being added to the system. This condition always recovers on
its own once convergence is completed. PR997015
•
If "maintain-subscriber" knob is enabled on the router, DHCPv6 server/relay might be
unable to process any packet if deactivate and then activate the routing instance,
which means the subscribers can not get the IPv6 addresses. Please note, even with
the fix, the results of this scenario is also expected if with "maintain-subscriber" knob
enabled, please consider using the workaround to avoid this issue. PR1018131
•
After FPC restart, bridge domain (BD) implicit filters for Ethernet ring protection
switching (ERPS) might get reprogrammed with wrong logical interface index, which
causes ERPS to not work correctly. PR1021795
•
In a mixed VPLS instance where both LDP and BGP flavors are present with "best-site"
knob configured under "site" block, any cli change in that instance will result in rpd
crash. PR1025885
MPLS
•
When the size of a Routing Engine generated packet going over an MPLS LSP is larger
than MTU (i.e. MTU minus its header size) of an underlying interface, and the extra
bytes leading to IP-fragmentation is as small as <8 bytes, then that small-fragment
will be dropped by kernel and lead to packet drop with kernel message
"tag_attach_labels(): m_pullup() failed". For example - If SNMP Response with specific
size fall into above mentioned condition then small fragment will be dropped by kernel
and eventually the SNMP response will fail. PR1011548
•
In MPLS scenario with TX/TXP router acting as the transit node, performing MPLS LSP
ping or traceroute from ingress node might cause kernel crash on the transit node due
to improper timer initialization between SCC and LCC chassis. PR1020021
•
Ted link information of protocol from highest credibility level is used irrespective of the
level at which CSPF is computing. i.e., cspf-metric in "show mpls lsp extensive" would
Copyright © 2015, Juniper Networks, Inc.
95
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
have the sum of te-metric of IGP with highest credibility at each hop in ERO. This has
been corrected and the cspf-metric will be sum of te-metric of current credibility at
each hop. PR1021593
•
When RSVP label-switched-path (LSP) optimize is enabled, RSVP LSP might stay
down after a graceful Routing Engine mastership switchover (GRES). To resolve the
problem, the corresponding label-switched-path configuration needs to be deactivated,
then, be activated again. PR1025413
Network Management and Monitoring
•
Mib2d cores while trying to re-add a lag child into the patricia tree. Since the entry is
already present in the patricia tree. Before adding the child link mib2d does a lookup
on the tree, to know if the entry is not already there. However, this lookup returns no
results, since the child link is part of snmp filter-interface configuration. PR1039508
Platform and Infrastructure
•
When apply-groups are used in the configuration, the expansion of interfaces <*>
apply-groups will be done against all interfaces during the configuration validation
process, even if the apply-group is configured only under a specific interface stanza.
PR967233
96
•
The GNU debugger, gdb, can be exploited in a way that may allow execution of arbitrary
unsigned binary applications. PR968335
•
On MX series routers with MX Series linecards in a setup involving Packet Forwarding
Engine fast reroute (FRR) applications, if an interface is down for more than ARP
timeout interval or if ARP entries are cleared by cli commands, then after the interface
is up again packet forwarding issues may be seen for traffic being forwarded over that
interface. PR980052
•
Have BFD session between one router supporting inline-BFD (MX Series and Junos 13.3
or higher) and the other which does not support inline-BFD (any version and non-MX
Series, or MX Series and Junos <13.3). When the "failure detection time" is less than
50ms, the BFD session might flap. PR982258
•
On MX2020/MX2010 we might see sporadic FO request time-out error reported under
heavy system traffic load. This would mean the request returning into a grant took
longer then +/-30usec. The packet will still get forwarded through the fabric hence no
operational impact. [May 6 18:56:59.174 LOG: Err] MQCHIP(2) FO Request time-out
error [May 6 19:33:47.555 LOG: Info] CMTFPC: Fabric request time out pfe 2 plane 6
pg 0, trying recovery. PR991274
•
On MX Series router with MX Series linecard or T4000 router with type5 FPC, there
are 4k GRE tunnels with different MTU value. When the packets go through GRE tunnel,
if the packets size more than tunnel MTU, in rare condition, the GRE interface might
get stuck due to packets reassembling failure. PR993903
•
When receiving traffic coming on MPC and going out on DPC, the MAC entry on a Packet
Forwarding Engine might not be up-to-date and the frames targeted to a known MAC
address will be flooded across the bridge domain. PR1003525
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
•
Micro BFD sessions are used to monitor the status of individual LAG member links.
When micro BFD configurations are added after the LAG bundle configuration in
separate commit, the micro BFD sessions for all the member links might remain in
"Down" state. PR1006809
•
On TX Matrix Plus routers or TX Matrix Plus routers with 3D SIBs, all the incoming
interfaces on an FPC are deactivated when none of the fabric planes are functional.
By default, the interfaces remain activated. You can enable the deactivation of
interfaces by using the fpc-restart configuration statement at the edit chassis fabric
degraded hierarchy level. PR1008726
•
If rate-limit has been configured in scheduler for MX-VC VCP ports, unified ISSU might
fail. PR1009590
•
MPLS traffic going through the ingress pre-classifier logic may not determine mpls
payload correctly classifying mpls packet into control queue versus non-control queue
and expose possible packet re-order. PR1010604
•
The fix was committed for this PR# but it also needs DDOS configuration additional
to this fix and it is as below: 1) check the "show ddos-protection protocols statistics
terse" 2) For each of the Control plane protocols on the system like ospf/vrrp/pvstp,
it is recommended to configure 2X of the rate as give below example along with
increasing DDOS rate for virtual-chassis control. Example, ######## set system
ddos-protection protocols virtual-chassis control-high bandwidth 20000 set system
ddos-protection protocols virtual-chassis control-high burst 20000 set system
ddos-protection protocols ospf aggregate bandwidth 1000 set system ddos-protection
protocols ospf aggregate burst 1000 set system ddos-protection protocols vrrp
aggregate bandwidth 100 set system ddos-protection protocols vrrp aggregate burst
100. PR1017640
•
For MX Series platform with inline Network Address Translation (NAT) service, when
using "source-prefix" or "destination-prefix" in a NAT translation rule, a pool is implicitly
created, appending "_jinpool_" with the rule name and term name with a form :
_jinpool_{rule_name}_{term_name}. The name might be cropped due to the maximum
length limitation (64 characters). If that happens, both pools might get the same name
and result in the indeterminate behavior (statistic issue, drop or incorrect translation).
PR1020033
•
Problem scenario: The error logs "CHASSISD_FCHIP_CONFIG_MD_ERROR" will appear
during FPC normal boot up time and also during FPC restart time for each plane and
for each gimlet FPC. Problem statement: Ths Error logs
"CHASSISD_FCHIP_CONFIG_MD_ERROR" are observed only in M320 chassis containing
FPCs based on Gimlet chipsets. Due to this error logs the rate limit for the fabric port
connecting the PFE 1 will be set to the default values. PR1020551
•
On MX Series based line card, if normal BFD sessions (e.g. BFD for OSPF) and micro
BFD sessions are configured over LAG, it might be seen that only micro BFD sessions
come up and other normal BFD sessions keep in down state. PR1021584
•
On MX Series based platform, with igmp-snooping enabled and a multicast route with
integrated routing and bridging (IRB) as a downstream interface, a multicast composite
nexthop is created with a list of L3 and corresponding L2 nexthops. In a rare corner
Copyright © 2015, Juniper Networks, Inc.
97
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
case, the corresponding L2 nexthop to the L3 IRB nexthop is a DISCARD nexthop and
will cause the FPC to crash. PR1026124
•
When receiving traffic coming on MPC and going out on DPC, an Ethernet frame with
known DMAC will be flooded to the whole bridge domain after flapping the link which
the given MAC is learnt for more than 32 times. PR1026879
•
When a layer 2 frame entered the VPLS end point on the label switched interface (LSI)
interface with VLAN tagged, the frame is incorrectly interpreted and treated as no
VLAN frame. So the VLAN tag will not be popped although the outbound interface has
a pop configuration. PR1027513
•
On ICHIP line-card, when the packets are queued for several seconds due to interface
congestion and get aged, the ICHIP might not able to detect those aged packets and
thus fail to drain the queue out, which results in the FPC showing CRC errors and going
into wedge condition. PR1028769
•
MX Series-based line card might crash when trying to install the composite next-hop
used for the next-hop-group configuration related to port mirroring of traffic over IRB
to an LSI attached to VPLS instance for a remote host. PR1029070
•
For BFD over aggregated Ethernet (AE) interfaces on MX Series routers with MS-MPC
that have configured the enhanced-ip option, the BFD distribution to Packet Forwarding
Engine for AE interface might not happen. PR1031916
•
This check ( log message) has been added as part an enhancement in the JNH error
report. For FC accounting on AE interface, ingress FC accounting is enabled on AE
interface nexthops and egress FC accounting is enabled on AE child member next hops.
While fetching stats for AE, both member child IFL and AE IFL stats are fetched and
added for result. If ingress FC accounting is enabled on AE IFL, while fetching statistics
for child member links this error trace is coming because of this newly added JNH error
trace. The fix is to put a check to not call for child member FC statistics when egress
accounting is not enabled on AE bundle. PR1032952
•
When the 'enhanced hash key service-load-balancing' feature is used by MPC line
cards load balancing of flows across multiple service PICS via the source-address
across does not work when iBGP is used to steer traffic to the inside service-interface
on the MX. For example the operator will see on the stateful firewall that the same
source-address has flows across multiple service interfaces. PR1034770
•
Presence of /8 prefix in two terms results in incorrect filter processing and unexpected
behavior. PR1042889
Routing Policy and Firewall Filters
98
•
Executing CLI command "show route resolution" and stopping the command output
before reaching the end of the database, the rpd process might crash when executing
the same command again. PR1023682
•
In the BGP environment, if operator "!" exists in the regex for as-path, the commit
operation failure. PR1040719
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
Routing Protocols
•
Prefixes that are marked with two or more route target communities (matching multiple
configured targets configured in policies) will be using more CPU resources. The time
it takes to process this kind of prefixes depends on the number of VRFs and the number
of routes that are sharing this particularity. This can lead to prolonged CPU utilization
in rpd. PR895194
•
Bringing up DFWD based BFD sessions at scale causes a churn in DFW as a result of
which the FPC CPU usage remains at 100% for a prolonged timespan. PR992990
•
When all the below conditions are met, if the knob "path-selection
always-compare-med" is configured, the rpd process might crash. - routing-instance
(VR, VRF) with no BGP configuration - rib-group in default instance with
routing-instance.inet.0 as secondary-rib - rib-group applied to BGP in default instance
- BGP routes from master tables (inet.0) leaked to the routing-instance table
(routing-instance.inet.0). PR995586
•
In the multicast environment, in rare condition, after graceful Routing Engine switchover
(GRES) is executed, the rpd process might crash due to receiving NULL incoming logical
interface. PR999085
•
Abnormal ip6 route-calculation behavior can be seen when ospf3-te-shortcut is
configured. PR1006951
•
When the same PIM RP address is learnt in multiple VRFs, with NSR configured, rpd
on the backup Routing Engine may crash due memory corruption by the PIM module.
PR1008578
•
When inet.3/inet6.3 is not enabled, BGP group uses inet6.0 table to advertise the
routes for both inet6 unicast and inet6 labeled-unicast families. When BGP family is
changed, BGP sessions re-establish. When BGP starts to advertise routes to the peer,
BGP expects to see route label however if the old inet6 unicast routes are still present
(not completely cleaned), then rpd process crashes. The fix is to separate BGP group
for inet6 unicast with inet6 labeled-unicast with same rib. The old peers are cleaned
up in the old group and new peers are established in new group. Thus, new peer
establishment is not delayed by the cleanup of the old peer. PR1011034
•
IS-IS router table MIB issues, when we do "show snmp mib walk
isisRouterHostName/isisRouterTable" we were not getting exact hostname as it is in
"show isis hostname" so the actual implementation was not as per RFC-4444, because
it was showing only the hostnames of the devices which are immediate neighbors of
Dut. Added level info to get sysis_entry per each level correctly and filled
data(isisRouterTable) correctly. PR1011208
•
Under certain sequence of events RPD can assert after a RPD_RV_SESSIONDOWN
event. PR1013583
•
With multicast discard route present, if a RP router has no pd- interface, it might not
generate (S,G) join to upstream when receiving MSDP source active (SA) message.
PR1014145
•
When receiving open message with any capability after the "add-path" capability from
BGP peer, the session will be bounced. PR1016736
Copyright © 2015, Juniper Networks, Inc.
99
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
•
The snmp trap generated when an ipv6 BFD session goes up/down does not contain
the ipv6 bfd session address. PR1018122
•
Junos OS implementation of RFC3107 uses unspecified label (0x000000) when
sending route with label withdrawn message. This means Junos OS sends 0x000000
instead of 0x800000 for label withdrawn, which is inconsistent with RFC3107.
PR1018434
•
Multicast packets might get dropped with NSR configured and graceful switch over of
the Routing Engine is performed. PR1020459
•
Establish two BFD sessions between two routers, one is single-hop BFD for directly
connected interface and the other is multi-hop MPLS OAM BFD. If configuring the
MPLS OAM on the same interface with single-hop BFD, when bringing down MPLS
OAM from the ingress, it might result in the OAM BFD session deleted on ingress but
it still receiving OAM BFD down packet from egress. Since there is no session matching
this BFD packet, it does a normal look up and brings down the single-hop BFD session
which is on the same interface. PR1021287
•
If auto-export feature is enabled together with rib-groups configuration option, the rpd
process might crash. PR1028522
•
In distributed BFD (which is enabled by default), if the CLIENT session (for example
BGP) flaps due to any reason, the multi-hop BFD session that comes Up after the flap
would not be delegated to FPC. PR1032617
•
When "clear bfd session" is issued immediately(before the Poll - Final sequence is
completed) post configuration check-in for interval change from higher to lower
minimum-interval value, BFD sessions do not revert to lower interval. PR1033231
•
Issue in populating IS-IS router table values. Some entries are not filled correctly. This
does not block/affect the functionality of IS-IS or other components. PR1040234
Services Applications
100
•
In the large scaled L2TP subscriber management environment (in this case, 60K tunnels
up with 1 session each). When logout and login 15K sessions, in rare condition, the jl2tpd
process (L2TP daemon) might crash. PR913576
•
If a destination-prefix or source-prefix is used like below example, the Network Address
Translation (NAT) rule and term names will be used to generate an internal jpool with
a form : _jpool_{rule_name}_{term_name}. If the generated jpool name exceeds 64
characters in length, it will get truncated. If the truncated jpool name get overlapped
with other generated jpool name it will lead to an inconsistent pool usage. [email protected]#
show services nat rule A_RULE_NAME_WHICH_IS_LONG_12345 { ... term
A_TERM_ALSO_WITH_LONG_NAME_1 { from { source-address { 10.20.20.1/32; } } then
{ translated { source-prefix 10.10.10.1/32; <--- translation-type { source static; } } } }
term A_TERM_ALSO_WITH_LONG_NAME_2 { from { source-address { 10.20.20.22/32;
} } then { translated { source-prefix 10.10.10.2/32; <--- translation-type { source static;
} } } } } First jpool =
_jpool_A_RULE_NAME_WHICH_IS_LONG_1234_A_TERM_ALSO_WITH_LONG_NAME_1
> 64 characters. Second jpool =
_jpool_A_RULE_NAME_WHICH_IS_LONG_1234_A_TERM_ALSO_WITH_LONG_NAME_2
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
> 64 characters. The resulted jpool
"_jpool_A_RULE_NAME_WHICH_IS_LONG_1234_A_TERM_ALSO_WITH_" will be used
wrongly in both terms. PR973465
•
In L2TP scenario, when the LNS is flooded by high rate L2TP messages from LAC, the
CPU on Routing Engine might keep too busy to bring up new sessions. PR990081
•
Softwire tunnel count management is inconsistent and incorrect, thus the output of
"show service softwire statistics" might be incorrect. PR1015365
•
L2TP LNS dropped all tunnels/sessions after a commit PR1020420
•
On MX Series router that configured as L2TP tunnel switch (LTS), after receiving a
Call-Disconnect-Notify (CDN) message on LNS interface from remote LNS, the L2TP
daemon (l2tpd) might crash and generate a core file. PR1021881
•
An MS-DPC PIC coredump may be generated if ICMP is used with EIM. PR1028142
•
Issue 1: "timeout-remaining" for some filters installed on the DFC pic. (Stream Times
out) Root cause: There was an issue with arithmetic operation that lead to wrap around
of remaining_time variable. Hence it was having a very huge value. Fix: Necessary
conditions are put in place to ensure there is no wrap around happening. Issue 2:
Problem with forwarding traffic to the CD during random DTCP ADDs. (Streams Drop)
Root cause: Whenever a DTCP ADD is received by DFC PIC, a new filter is created and
placed in a list data structure called quick-list. 5-tuples of each data packet that is
hitting DFC PIC is matched against the filters in quick-list. Whenever a match is found,
the 5-tuple(flow) is tagged/attached with the matched filter. The matching would
continue for other flows as well and it continues till the filter is moved out of quick-list.
There was a bug in this logic that made filters to move out of quick-list is a sporadic
manner. Some moved within few millisecond. So, for such filters there won't be any
flows to which they are attached. Hence the issue. Fix: With this fix, the process of filter
movement out of quick-list is streamlined. A filter would move out of quick-list only
after ensuring that all active flows got a chance to get matched against that particular
filter. PR1029004
User Interface and Configuration
•
When PIM is enabled via apply-groups to one routing-instance whose instance-type
is not defined (no-forwarding type is set), incorrect constraint check of PIM will cause
routing protocol daemon (rpd) to crash upon any configuration change later. PR915603
•
CST: chassis core generated while applying group configuration on chassis > FPC.
PR936150
VPNs
•
In the 12.3 release after issuing a "request pim multicast-tunnel rebalance" command
the software may place the default encapsulation and decapsulation devices for a
Rosen MVPN on different tunnel devices. PR1011074
•
The problem is that MSDP is periodically polling PIM for S,G's to determine if the S,G
is still active. This check helps MSDP determine if the source is active and therefore
the SA still be sent. There is a possibility that PIM will return that the S,G is no longer
active which causes MSDP to remove the MSDP state and notify MVPN to remove the
Copyright © 2015, Juniper Networks, Inc.
101
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
Type 5. One of the checks PIM makes is to determine if it is the local RP for the S,G.
During a re-configuration period where any commit is done, PIM re-evaluates whether
it is a local RP. It waits until all the configuration is read and all the interfaces have
come up before making this determination. The local rp state is cleared out early in
this RP re-evaluation process, however, which allows for a window of time where the
local RP state was cleared out but it has not yet been re-evaluated. During this window
PIM may believe it is not the local rp and return FALSE to MSDP for the given source.
If MSDP makes the call into PIM during this window after a configuration
change(commit), then it is possible that the Source Active(Type 5) state will be
removed. The fix will be to clear out the local rp state right before it is re-evaluated ie
after it reads configuration for all interfaces; to not allow any time gap where it could
be inconsistent. PR1015155
Resolved Issues: Release 13.3R4
Resolved Issues
Authentication and Access Control
•
The syslog message "UI_OPEN_TIMEOUT: Timeout connecting to peer" might appear
if "show version detail" command is executed. This log is a cosmetic log and can be
ignored. This issue is fixed from Junos OS Release 13.3 onwards. PR895320
Class of Service (CoS)
•
On MX Series routers with both MX linecard (in this case, MPC and MPCE on the box)
and other type linecard (DPCE on the box). When the Default Frame Relay DE Loss
Priority Map is configured and commited, all FPCs are getting restarted with core-files.
PR990911
•
102
SNMP get-request for OID jnxCosIngressQstatTxedBytes (ingress queue) might return
the value of jnxCosQstatTxedBytes (egress queue). But SNMP walk works fine since
it uses get-next-request. PR1011641
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
Forwarding and Sampling
•
When a firewall filter has one or more terms which have MX Series-only match condition
or actions, such filters will not be listed during SNMP query. This behavior is seen
typically after Routing Engine reboot/upgrade/master-ship switch. Restarting mib2d
process will cause to learn these MX Series-only filters: cli > restart mib-process After
mib2d restart, SNMP mib walk of firewall OIDs will: - list all the OIDs corresponding
this MX Series-only filter - count correctly as configured in the filter Now, despite the
SNMP mib walk for firewall OIDs lists all OIDs and appropriate values, messages logs
will report the following logs for every interface that has this MX Series-only filter
applied. > Jul 8 15:52:09 galway-re0 mib2d[4616]:
%DAEMON-3-MIB2D_RTSLIB_READ_FAILURE: get_counter_list: failed in reading
counter names ae33.1009-i: 288 (No such file or directory) > Jul 8 15:52:09 galway-re0
mib2d[4616]: %DAEMON-3-MIB2D_RTSLIB_READ_FAILURE: get_counter_list: failed
in reading counter names ae31.1004-i: 257 (No such file or directory) > Jul 8 15:52:09
galway-re0 mib2d[4616]: %DAEMON-3-MIB2D_RTSLIB_READ_FAILURE:
get_counter_list: failed in reading counter names ae33.1010-i: 289 (No such file or
directory) > Jul 8 15:52:09 galway-re0 mib2d[4616]:
%DAEMON-3-MIB2D_RTSLIB_READ_FAILURE: get_counter_list: failed in reading
counter names ae31.1004-i: 257 (No such file or directory) The above two issues are
addressed in this PR fix. PR988566
General Routing
•
On TXP/TXP-3D platform, a bad I2C device on SFC Switch Interface Board (SIB) might
cause Switch Processor Mezzanine Board (SPMB) to crash and all SIBs to be unable
to online. PR846679
•
Changing the redundancy mode of rlsq interface from "hot-standby" to "warm-standby"
on the fly might lead to kernel crash and the router will go in db> prompt. PR880451
•
A few particular sequence of member failures in an AMS with HA-enabled and with
NAPT-44 configured can cause sessions to reset after a GRES (or SPD restart).
PR910802
•
In scale DHCP subscribers scenario (e.g. 54K dual-stack DHCPv4/DHCPv6), graceful
Routing Engine switchover (GRES) is configured. If Routing Engine switchover occurs,
after that execute the command "[email protected]> show dynamic-configuration" many
times, large scale DHCP or DHCPv6 subscribers might be terminated. PR968021
•
In the dual Routing Engines scenario with 8K PPP dual stack subscribers. In rare
condition, after Routing Engine switchover, some subscribers are stuck in terminating
state forever. PR974300
•
1) Due to a previous fix chassisd on the protocol master Routing Engine and the protocol
backup Routing Engine connect to the main snmpd on the protocol master using the
following methods. a) Chassisd on the protocol master Routing Engine connects using
a local socket since snmpd is running locally. b) Chassisd on the protocol backup
Routing Engine connects using a TNP socket since snmpd is not local. 2) However this
fix changed the way the other daemons connect to snmpd. All important daemons
run on the protocol master and should connect to snmpd using a local socket. However
the fix changed it so that all daemons that ran on the protocol master (other than
Copyright © 2015, Juniper Networks, Inc.
103
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
chassisd) tried to connect using the TNP socket. SNMPD does not accept these
connections. As a fix, in an MX-VC, we made sure that chassisd connects to all processes
which run on the protocol master using internal socket while the chassisd process on
the protocol backup and protocol lincecard connect connect using TNP socket.
PR986009
•
In 6PE scenario, when PE router is sending IPv6 TCP traffic to MPLS core, in rare
occasions, the kernel might crash and reboot with a vmcore file dumped. PR988418
•
OpenFlow v1.0 running on an MX Series router does not respond reliably to interface
up or down events within a specified time interval. Per a fix implemented in Junos OS
Release 13.3R3.6, OpenFlow v1.0 running on an MX Series router responds reliably to
interface up or down events if the echo interval timeout is set to 11 seconds or more.
PR989308
•
On M7i/M10i with enchanced CFEB, M320 with E3-FPC, M120 and MX with DPC. If
"no-local-switching" is present in the bridge domain, then the IGMP-snooping is not
functioning and client cannot see the multicast traffic. PR989755
•
During large scale MVPN routes churn events, some core-facing IGP protocols (like
OSPF or LDP) might flap or experience a long convergence time. PR989787
•
Commit error needs to be reported when using unsupported NAPT44 nat-options
max-sessions-per-subscriber configuration with MS-MIC/MS-MPC. PR993320
•
On T4000 router with type5 FPC. After FPC rebooting, if chassisd process does not
get FPC ready/FPC online ACK message from FPC in 360 seconds, the FPC might reset
again. PR998075
•
On M/MX/T Series routers (platforms) with Network Address Port Translation (NAPT)
configuration. When the router receives the packet whose value of protocol field in the
IPv4 header is 61, the router erroneously does NAPT44 translation. In the correct
situation, the packet should not be translated and forwarded. PR999265
•
The PIC memory gauge counters show up as 0 after a GRES switchover in the "show
chassis pic fpc-slot X pic-slot Y" output. PR1000111
•
On MX240/MX480/MX960 routers running as precision time protocol (PTP) master
when interconnect with MX104 routers running as slave, the PTP clocking state might
get stuck in "INITIALIZING" for the first created PTP port and not be aligned to clocking
state. Another issue is that when issue command "show ptp clock", wrong "slot"
number might be seen on MX104 slave. PR1001282
•
"Syslog generated for session-open will have nat port information only if it is different
from the original source port". PR1001912
•
If issue the command "show services nat mappings endpoint-independent" or "show
services nat mappings address-pooling-paired" or "show services sessions" and kill it
immediately when using EIM/APP feature with too many EIM/APP entries present in
the system, lots of ipc message reply failure messages may be seen in the syslog.
PR1002683
•
104
Multi-Services PIC could crash and restart on receiving a stray SIGQUIT signal due to
it not handling the signal. PR1004195
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
•
When several PICs are set up as an aggregated Multi-services (AMS) doing
load-balancing, if one PIC of the AMS bundle gets offline and then gets online, 30 to
40 seconds momentary traffic loss might be seen. PR1005665
•
Ingress queuing is not supported on MPC5 (With Q-MPC) when Optical Transport
Network (OTN) is enabled. Enabling ingress queuing with OTN would lead to line card
crash. PR1008569
•
With more than eight service-sets configured, when using SNMP mibwalk for service-set
(object "jnxSpSvcSetTable") info, the mspmand process (which manages the
Multi-Services PIC) might crash. PR1009138
•
When the SIB plane state changed to fault state, it should read the FPGA for the power
related information instead of reading from the cpld. PR1009402
•
Whenever an FPC goes down suddenly due to hardware failure, the data traffic in
transit towards this FPC from the other FPCs could be stuck in the fabric queue thereby
triggering fabric drops due to lack of buffers to transmit the data to active destination
FPCs. PR1009777
•
On ALG router without "flow-control-options" configured, MS-MIC might not service
packets any more once prolonged flow control is hit and cleared. PR1009968
Interfaces and Chassis
•
When the GE port is configured with WAN PHY mode, a "Zero length TLV" message
might be reported from the port. This is a cosmetic issue. PR673937
•
With nonstop active routing (NSR) enabled, the VRRP tracking routes state on backup
Routing Engine might not get synchronized when adding/deleting the tracking routes.
PR983608
•
On MX Series platform, when an aggregated Ethernet bundle participating as Layer2
interface within bridge-domain goes down, the following syslog messages could be
observed. The messages would be associated with FPC0 even if there are no link(s)
from this FPC0 participating in the affected aggregate-ethernet bundle. mib2d[2782]:
SNMP_TRAP_LINK_DOWN: ifIndex 636, ifAdminStatus up(1), ifOperStatus down(2),
ifName xe-3/3/2 mib2d[2782]: SNMP_TRAP_LINK_DOWN: ifIndex 637, ifAdminStatus
up(1), ifOperStatus down(2), ifName xe-3/3/3 mib2d[2782]: SNMP_TRAP_LINK_DOWN:
ifIndex 740, ifAdminStatus up(1), ifOperStatus down(2), ifName ae102 fpc0 LUCHIP(0)
Congestion Detected, Active Zones f:f:f:f:f:f:f:f:f:f:f:f:f:f:f:f fpc0 LUCHIP(0) Congestion
Detected, Active Zones 2:0:0:0:0:8:a:0:0:0:0:0:8:4:0:a alarmd[1600]: Alarm set: FPC
color=RED, class=CHASSIS, reason=FPC 0 Major Errors craftd[1601]: Major alarm set,
FPC 0 Major Errors fpc0 LUCHIP(0) Congestion Detected, Active Zones
2:0:0:0:0:8:a:0:0:0:0:0:8:4:0:a alarmd[1600]: Alarm cleared: FPC color=RED,
class=CHASSIS, reason=FPC 0 Major Errors craftd[1601]: Major alarm cleared, FPC 0
Major Errors fpc0 LUCHIP(0): Secondary PPE 0 zone 1 timeout. fpc0 PPE Sync XTXN
Err Trap: Count 7095, PC 10, 0x0010: trap_nexthop_return fpc0 PPE Thread Timeout
Trap: Count 226, PC 34a, 0x034a: nh_ret_last fpc0 PPE PPE Stack Err Trap: Count 15,
PC 366, 0x0366: add_default_layer1_overhead fpc0 PPE PPE HW Fault Trap: Count
10, PC 3c9, 0x03c9: bm_label_save_label fpc0 LUCHIP(0) RMC 0 Uninitialized
EDMEM[0x3f38b5] Read (0x6db6db6d6db6db6d) fpc0 LUCHIP(0) RMC 1 Uninitialized
EDMEM[0x394cdf] Read (0x6db6db6d6db6db6d) fpc0 LUCHIP(0) RMC 2
Copyright © 2015, Juniper Networks, Inc.
105
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
Uninitialized EDMEM[0x3d9565] Read (0x6db6db6d6db6db6d) fpc0 LUCHIP(0)
RMC 3 Uninitialized EDMEM[0x3d81b6] Read (0x6db6db6d6db6db6d) These message
would be transient in nature. PR990023
•
In the demux interfaces over aggregated Ethernet (AE) environment with
targeted-distribution configuration. The index of AE interface is confused when the
index is more than 100. It copies only four bytes from interface name. (e.g. If bind demux
interface to ae110, it will be bound to ae11 at the same time). The traffic forwarding
might be affected. PR998906
•
On MX Series router with MX Series linecard or T4000 router with type5 FPC, when
the "Hardware-assisted-timestamping" is enabled, the MPC modules might crash with
a core file generated. The core files could be seen by executing CLI command "show
system core-dumps". PR999392
•
IGMP joins do not work for PPP subscribers that are using MLPPP and LNS. PR1001214
•
Fabric Blackholing logic recovery for certain cases will be done with different action
(Phase 1/2/3) based on the problem. PR1009502
•
Here is the expected behavior for CFM CCM: 1. UP MEP CFM session a. If there is a
manually configured ieee-802.1 classifier attached to the interface, then forwarding
class of the CCM injected should match the respective classifier. b. If there interface
in which CFM is configured has no ieee-802.1 based 1p classified, then the forwarding
class of the CCM will take as configured in "host-outbound-traffic". c. In case if there
is no "host-outbound-classifier" present then packets will be treated as network control
(Q3). 2. Down MEP CFM session a. forwarding class of the CCM will always depends
on the FC classified based on "host-outbound-traffic". If it is not configured, then it
will always take Q3. PR1010929
J-Web
•
An insufficient validation vulnerability in J-Web can allow an authenticated user to
execute arbitrary commands. This may allow a user with low privilege (such as read
only access) to get complete administrative access. This scope of this vulnerability is
limited to only those users with valid, authenticated login credentials. Please refer to
JSA10560 for more information. PR826518
Layer 2 Features
106
•
In BGP signaled VPLS/VPWS scenario, rpd process memory leak might occur when
groups with wildcard configuration is applied to the routing instance. PR987727
•
When "system no-redirect" is configured, l2 descriptor destination MAC address gets
overwritten and causes "DA rejects" on next-hop router. PR989323
•
In race condition, when FPC gets rebooted or reset, link(s) from this FPC which are
part of aggregated Ethernet bundle would remain in LACP "Detached" state indefinitely.
[email protected]> show lacp interfaces ae102 Aggregated interface: ae102 LACP state:
Role Exp Def Dist Col Syn Aggr Timeout Activity xe-2/0/0 Actor No Yes No No No Yes
Fast Active xe-2/0/0 Partner No Yes No No No Yes Fast Passive xe-2/0/1 Actor No No
Yes Yes Yes Yes Fast Active xe-2/0/1 Partner No No Yes Yes Yes Yes Fast Active LACP
protocol: Receive State Transmit State Mux State xe-2/0/0 Defaulted Fast periodic
Detached xe-2/0/1 Current Fast periodic Collecting distributing [email protected]> show
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
interfaces xe-2/0/0 terse Interface Admin Link Proto Local Remote xe-2/0/0 up up
xe-2/0/0.0 up up aenet --> ae102.0 xe-2/0/0.32767 up up aenet --> ae102.32767 This
issue would be seen when associated aggregated Ethernet bundle is configured for
vlan-tagging. To clear this condition, the affected interface should be deactivated and
activated using CLI commands. [email protected]# deactivate interfaces xe-2/0/0
[email protected]# commit [email protected]# activate interfaces xe-2/0/0 [email protected]# commit
PR998246
•
In the Ethernet ring protection switching (ERPS) environment, once graceful Routing
Engine switchover (GRES) happens on the ring protection links (RPLs) owner node,
there will be a ~30s Ring automatic protection switching (R-APS) message storm in
the ring, which in turn causes some VPLS instance flapping. PR1004066
•
In BGP-VPLS scenarios with GRES activated, rpd process might crash in cycles after
manually restarting rpd. PR1011165
MPLS
•
In the MPLS environment with no-cspf and strict ERO configuration. In race condition,
if a PATH message with routing loop error is received before standby Routing Engine
has resolved the correct PATH message with no loop, some of LSP are not replicated
on standby Routing Engine. If Routing Engine switchover occurs, the forwarding traffic
might be affected. PR986714
Network Management and Monitoring
•
The Packet Forwarding Engine local protocol statistics are 32-bit counters. If there is
a rollover (typical candidates are arp/lacp), those counters start from zero. mib2d will
add all counters again if one of the pfe statistics traffic counter is less then the previous
collected counter, causing the multiplication affect. PR986712
•
Alarm management daemon runs on master and backup Routing Engines on dual
Routing Engine systems. There is a 80 megabyte alarm.db file that is copied over from
master Routing Engine to backup Routing Engine when the alarm-management daemon
has come up on both the Routing Engines. The basic issue is that alarm-management
daemon is trying to copy the alarm.db file over and over again in an infinite loop on the
system, causing CPU utilization shooting up after every 20 seconds or so. PR988969
Platform and Infrastructure
•
The error message 'unlink(): failed to delete .perm file: No such file or directory' was
logged when disconnecting from a Telnet session to the router. PR876508
•
The cprod commands essentially allow "root" access to FPCs. Therefore, access to
those commands should be highly restricted. The issue here is any user with "shell"
permission will be allowed to use cprod command. We should add restrictions to cprod
to only "root" permission users. PR924574
•
The continuous executing of CLI mib walk command might cause user being unable
to issue show commands and enter configure mode with error "Little memory remains.
Command not stored in history." PR949735
•
On MX Series platform, MPC might crash and reboot when a non-template filter gets
deleted (but does not get completely cleaned up) and the same filter index gets
Copyright © 2015, Juniper Networks, Inc.
107
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
reassigned to a template filter. This could be considered as a timing issue given it comes
with a very specific sequence of events only. PR949975
•
When a port being used for port mirroring goes down due to an external factor, such
as a fiber cut or the remote side rebooting, the FPC CPU may rise to 100% for 4 minutes
and then followed by a reboot of the FPC with a reason of "pfeman watchdog expired".
The issue will only be observed occasionally and requires that the FPC CPU is already
very busy and very large firewall filters (thousands of terms long) to be used. If any of
these three factors are not present, the issue will not occur. As such disabling the port
being used for port mirroring on the Juniper prior to bringing down that link is sufficient
to avoid this issue. PR968393
•
On MX Series based line card, VPLS traffic might get blocked for about 5 minutes
(timer of MAC address aged-out) after re-negotiating control-word. PR973222
•
The problem is seen because CFMD is getting a configuration commit after the MX-VC
switch has happened. This commit is deleting the cfmd session and then creating a
new session which is causing the old information of action-profile to be deleted which
brings the interface back up. This problem is fixed by the code correction. PR974663
•
On MX Virtual Chassis platforms, if you configure the interface alias feature, the feature
might not work as expected and interfaces might go up and down after commit.
PR981249
108
•
Have BFD session between one router supporting inline-BFD (MX Series and Junos 13.3
or higher) and the other which does not support inline-BFD (any version and non-MX
Series, or MX Series and Junos OS prior to 13.3). When the "failure detection time" is
less than 50 ms, the BFD session might flap. PR982258
•
On MX2020/MX2010 we might see sporadic FO request time-out error reported under
heavy system traffic load. This would mean the request returning into a grant took
longer then +/-30usec. The packet will still get forwarded through the fabric hence no
operational impact. [May 6 18:56:59.174 LOG: Err] MQCHIP(2) FO Request time-out
error [May 6 19:33:47.555 LOG: Info] CMTFPC: Fabric request time out pfe 2 plane 6
pg 0, trying recovery PR991274
•
Packets dropped with IPv6 reject route are currently subjected to loopback ipv6 filter
processing on MX Series-based line cards. As a result the packet dropped by a reject
route may be seen from the "show firewall log". PR994363
•
On an MX Series router with MX Series linecard or T4000 router with type5. When the
firewall filter under the [forwarding-options] hierarchy within a bridge domain is
removed, it might result in lookup error and frame drop might be observed. PR999083
•
In the IRB interface environment with "destination-class-usage" configuration. If the
bridge domain ID is the same as Destination Class Usage (DCU) ID (bridge domain ID
and DCU ID are generated by system), the firewall filter might match wrong packets,
the packet forwarding would be affected. PR999649
•
On M7i, or M10i equipped with Enhanced Compact Forwarding Engine Board (CFEB-E).
When a MPLS LSP flaps, the CFEB-E is unable to recover 8 bytes of JTREE memory
per event. PR1000385
•
MS PIC may reset after GRES in case of excessive resolve traffic. PR1001620
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
•
When sending traffic coming on MPC and going out on DPC, the MAC entry on a Packet
Forwarding Engine will not be up-to-date and the frames targeted to a known MAC
address will be flooded across the bridge domain. PR1003525
•
The non-first IP fragments containing UDP payload may be mistakenly interpreted as
PTP packets if the following conditions are met: - the byte at the offset 9 in the IP
packet contains 0x11 (decimal 17) - UDP payload - the two bytes at the offset 22 in the
IP packet contain the value 0x01 0x3f (decimal 319; byte 22=0x01 and byte 23=0x3f)
- PTP protocol The mis-identification of the packet as PTP will trigger the corruption
of the fragment payload. PR1006718
•
When Micro-BFD configurations is added after the ae bundle configuration, then
micro-bfd session for all the member links remains in "Down" state. Below is the snippet
as reference, when ae100 LACP state is "Disturbing", while micro-BFD session remain
in "Down" state while on the other end the session would be in "Init" state.
[email protected]> show lacp interfaces ae100 Aggregated interface: ae100 LACP state:
Role Exp Def Dist Col Syn Aggr Timeout Activity xe-0/3/0 Actor No No Yes Yes Yes
Yes Fast Active xe-0/3/0 Partner No No Yes Yes Yes Yes Fast Active xe-0/3/1 Actor
No No Yes Yes Yes Yes Fast Active xe-0/3/1 Partner No No Yes Yes Yes Yes Fast Active
LACP protocol: Receive State Transmit State Mux State xe-0/3/0 Current Fast periodic
Collecting distributing xe-0/3/1 Current Fast periodic Collecting distributing
[email protected]> show bfd session address 10.10.100.145 Detect Transmit Address State
Interface Time Interval Multiplier 10.10.100.145 Down xe-0/3/0 0.000 1.000 3
10.10.100.145 Down xe-0/3/1 0.000 1.000 3 PR1006809
•
Memory allocated in reference to the BFD session was not getting freed up. This resulted
in memory leak and the memory exhaustion triggered crash. PR1007432
Routing Protocols
•
When the IPv6 address on fxp0 is active during bootup, the joining of the all-router
group causes the kernel to create a ff02::2 route with a private next-hop, which is not
pushed to the Packet Forwarding Engine. When a non-fxp0 interface is active later,
the private next-hop will be shared by the non-fxp0 interface as well, resulting in packet
drops destined to ff02::2 on the non-management interface. - After this PR, the
advertising interface should be configured via the following CLI. [edit protocols] +
router-advertisement { + interface <interface_name>; + } PR824998
•
Performing CLI command "clear multicast bandwidth-admission interface <int>" on
64-bit Junos OS results the rpd process crash. The command should be used without
the interface qualifier on the impacted releases. PR949680
•
There are two receivers joined to same (S,G) and IGMP immediate-leave is configured.
When one of the receivers sends the leave message for (S,G), another receiver is not
receiving the traffic for 1-2 minutes. PR979936
•
In the P2MP environment with OSPF adjacency are established. One router's time is
set to earlier date than another router. OSPF adjacency might not come up when one
router goes down and comes up. PR991540
•
Bringing up DFWD based BFD sessions at scale causes a churn in DFW as a result of
which the FPC CPU usage remains at 100% for a prolonged timespan. PR992990
Copyright © 2015, Juniper Networks, Inc.
109
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
•
BMP is not sending a correctly formatted prefix for inet/inet6 labeled unicast BGP
family routes. This occurs if the route resides in the inet[6].0 table, and not if the route
resides in the inet[6].3 table. PR996374
•
There are two scenarios that the rpd might crash. The first scenario is when all BGP
peers flap with bgp route target proxy configured. The second scenario is when BGP
session is configured in a way that one side is configured with family l2vpn
auto-discovery-only, while on the other side is configured with both family l2vpn
signaling and keep all knobs. PR1002190
•
When IS-IS is configured for traffic engineer (TE), after remove family mpls from the
interface and remove the specific interface from [edit protocols rsvp] and [edit
protocols mpls] hierarchy level, corresponding link is not removed from the TED as
expected. PR1003159
•
When there are more than 65535 "flow-spec" routes existing in the routing table, the
rpd process might crash because it exceeds the current maximum supportable scaling
numbers (Current scaling numbers are in the range of 10K~16K). PR1004575
•
During unified in-service software upgrade (ISSU), when a Bidirectional Forwarding
Detection (BFD) session negotiation is happening, if the session is configured with 10
seconds or higher interval, BFD session would flap. PR1010161
•
Misconfiguring BGP route validation session to the router itself might lead to rpd process
crash. PR1010216
•
In scaled BFD scenarios, BFD unified ISSU poll negotiation will fail causing the BFD
session to flap during unified ISSU. PR1012859
•
Multicast packets might get dropped with NSR configured and graceful switchover of
the Routing Engine is performed. PR1020459
Services Applications
•
On MX240/480/960 routers with MS-DPC with "deterministic-port-block-allocation
block-size" configuration. In rare condition, when the "block-size" is set to a larger value
(in this case, block-size=16128), the Services PIC might crash. PR994107
•
jflow-logging: seen "mspmand.core.ms41.0.gz*" with data traffic. PR994256
•
The redundant services PIC (rsp-) interfaces or redundant Multiservices (rms-)
interfaces configured with "hot-standby" mode might flap upon committing any
configuration change (will happen for even an unrelated interface description change).
PR1000591
•
110
The following messages are being logged at ERR not DEBUG severity: mspd[3618]:
mspd: No member config mspd[3618]: mspd: Building package info This PR sets the
correct severity. PR1003640
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
Subscriber Access Management
•
MIB entries for jnxUserAAAAccessPoolRoutingInstance may not appear after deleting
and re-adding an assignement pool under a routing instance. PR998967
VPNs
•
In the Rosen MVPN environment, some data would pass intermittently over the default
MDT even after hitting threshold to switch to data MDT. PR999019
•
Serving site B is not receiving all the traffic from serving site A when traffic is reduced
from the exceeded cmcast limit. PR1001861
Resolved Issues: Release 13.3R3
Class of Service (CoS)
•
We cannot bind classifier on GRE interface" for MX Series routers with MPCs and MICs
for some customer demand now. To restore the old behavior, we can configure
'exp-default' knob on GRE interface with the fixed Junos OS image. << example >>
set class-of-service interfaces gr-0/0/0 unit 0 classifiers exp default. PR941908
•
If any of the schedulers have an ID of zero, cosd process might crash following a commit.
PR953523
•
Sometimes the cosd generate the coredump when add/delete child interface on the
LAG bundle. PR961119
•
Applying a scheduler with transmit rate below 65,535 bps and rate-limit option fails
the commit if the associated interface is an non-existing interface or a virtual interface.
PR964647
•
On MX Series router with non-Q DPC (in this case, DPCE 40x 1GE R), when the
"interface-set" is configured on a non-Q DPC, then execute the command "show
interfaces interface-set queue <interface-set-name>", the DPC might crash. PR979668
Forwarding and Sampling
•
VPLS mac-table doesn't gets populated with mac of previous lt interface after replacing
the lt interface in the configuration, that might cause CE connected to the lt interface
to get isolated. PR955314
•
When port-mirroring or sampling is configured, if a lot of route updates are happening
in the system, the routing protocol convergence time might be long and packets loss
might be observed. PR963060
•
In the large scaled DHCP subscribers setup (e.g. 54,000 dual-stack DHCP subscribers),
dynamic firewall daemon (dfwd) memory leak during DHCP subscribers login/logout.
PR967328
•
DPC crashed after deactivate/activate [routing-instances TPIX bridge-domains IX
bridge-options]. PR983640
Copyright © 2015, Juniper Networks, Inc.
111
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
General Routing
•
The ingress family feature (uRPF) unicast Reverse Path Forwarding check execution
order was invalidated when (FBF) Filter Based Forwarding was enabled on MX Series
routers with MPCs or MICs. This solution repositions uRPF just prior to Filter Based
Forwaarding (FBF), so that both actions are compatible and applicable. This applies
to both IPv4 and IPv6. PR805599
•
On MX Series routers containing multiple Packet Forwarding Engines such as
MX240/MX480/MX960/MX2010/MX2020, with either MPC3E or MPC4E cards (MPC3
Type 3 3D/MPC4E 3D 2CGE+8XGE/MPC4E 3D 32XGE), if multicast traffic or Layer 2
flood traffic enters the router via these MPC3E or MPC4E line cards, these line cards
may exhibit a lockup, and one or more of their Packet Forwarding Engines corrupt traffic
towards the router fabric. PR931755
•
In the MX-VC scenario, have chassis fabric redundancy mode set to increased bandwidth
([email protected]# set chassis fabric redundancy-mode increased-bandwidth). Then
configure the "offline-on-fabric-bandwidth-reduction" for any slot ([email protected]# set
chassis fpc <slot> offline-on-fabric-bandwidth-reduction). After that execute commit,
the commit check failed and chassisd crashed with core-dumps. PR932356
•
This problem occurs when a large amount of services and ams configuration is changed
in a single override operation. A workaround for this problem is to offline and online
the PIC during or after the configuration change. PR933674
•
In Junos OS versions later than 11.2 where IFL localization is enabled, Routing Engine
mastership switchover could lead to IFL indexes inconsistency in Ichip FPCs when
graceful Routing Engine switchover (GRES) is configured. This inconsistency could
gradually lead to IFL index overlaps and traffic blackholing. PR940122
•
When nonstop active routing (NSR) is configured and the memory utilization of rpd
process on the backup Routing Engine is high (1.4G or above), the rpd crash on backup
Routing Engine may bounce the BGP sessions on the master Routing Engine. PR942981
•
Under particular scenarios, commit action might lead the Context-Identifier to be
ignored when OSPF protocol refresh its database. Then the PE router will stop
advertising this Context-Identifier out. PR954033
•
FPC might lose the socket connection to the Routing Engine during the time kernel
live-core dump is active. IGP session might get dropped after the socket connection
got closed. The FPC will get restarted by the kernel once the live-core dump has finished.
PR954045
112
•
Software will monitor the FPD dial setting in SFC and LCC and raise a alarm if changed
during runtime. In SFC the config dial and in LCC M/S dial will be monitored. PR955319
•
"show interfaces et-x/y/z extensive" will display MRU now. MRU can be configured at
"set interfaces et-x/y/z gigether-options mru" If MRU is not configured then it is
defaulted to MTU + 8. MRU displayed from the CLI does not include the CRC. PR958162
•
To support control word on BGP-VPLS for M-320 (i-chip) and MX (DPC + MPC), below
2 config knobs are newly introduced. routing-instances { green { protocols { vpls { +
control-word; <<<<<<<<< new knob. + no-control-word; <<<<<<<< new knob. } } }
} To omit IP payload over ether-pw from hash-key for MX Series, A new knob like below
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
will be provided. forwarding-options { enhanced-hash-key { family mpls { +
no-ether-pseudowire; } } } PR958685
•
In subscriber management environment, upgrade Junos OS to specific version (include
12.3R6 13.2R4 13.3R2) via ISSU might make subsequence subscribers fail to connect
with following error: "jdhcpd_profile_request: Add Profile dhcp request failed for client
in state LOCAL_SERVER_STATE_WAIT_AUTH_REQ: error = 301". PR959828
•
On MX Virtual Chassis (MX-VC), if multiple VCP ports are configured between MPC5E
cards, traffic might not be load balanced over the VCP ports, besides, packets might
get lost due to VC ingress and egress next-hop caches getting out of synchronization.
PR960803
•
Default threshold for ES-FPC errors is 1 for major errors and 10 for minor errors, when
the threshold is reached, some actions (eg, alarm|offline-pic|log|get-state|offline|reset)
will be taken by FPC as configured. This feature is designed for permament/real errors.
The issue here is that even some transient errors (eg, link flaps) will also trigger the
default action. In some cases, it might cause panic for the FPC. PR961165
•
Ethernet over ATM LLC has missing OUI information. PR961468
•
On all Junos OS platforms, if an event occurs that causes the Packet Forwarding Engine
to restart, service might be interrupted because the stale interface index has not been
deleted. PR962558
•
In the initial router configuration, if static routes are configured over GRE interface and
OAM is enable, then the static routes may remain active while the GRE tunnel is down.
PR966353
•
NH tracing provides a lightweight mechanism to capture NH chains traversed by packets
of interest for further examination. PR967450
•
Support for layer 3 VPN localization has been deprecated in the Junos OS releases and
platforms listed below. This affects the following CLI command: "set routing-instances
[instance-name] routing-options localize" Junos OS releases: - 12.3R7 (CLI command
is hidden) - 13.1R5 (CLI command is hidden) - 13.2R5 (CLI command is hidden) - 13.3R3
(CLI command is removed) - 14.1 (CLI command is removed) - 14.2 (CLI command is
removed) Platforms: - M 320 Series router - MX Series routers (all) - T Series routers
(all). PR967584
•
On MX Series platform, when the Channelized T1/E1 Circuit Emulation MIC
(MIC-3D-16CHE1-T1-CE) with non-enhanced queuing MPC1 or MPC2 is inserted, no
traffic is being forwarded out of the T1/E1 ports. PR967861
•
Although receiving the flow specification (flowspec) routes with packet-length,
icmp-code or icmp-type matching rules from a BGP peer properly, the local firewall
filter in the Packet Forwarding Engines might not include these matching rules.
PR968125
•
Autoheal denied reason may not be shown if CRC errors occurs on the same cable
from F13 side more than once in an autoheal window and subsequently error is seen
is again from LCC side. PR973783
Copyright © 2015, Juniper Networks, Inc.
113
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
•
In processing for fpc-resync and fab-liveness packets if error occurs while sending
packet we do not free the packet. This causes packets buffers to leak and eventually
the packet heap runs out of memory. PR973892
•
You cannot configure an MTU value on family inet greater than 1496 if there is a trunk
port configured on the interface; if you configure an MTU greater than 1496, a commit
error occurs. If you configure an MTU value on a physical interface on which a trunk
interface is configured, the configured MTU value is ignored and the value is set to 1518.
These issues do not occur if there is no trunk port on the interface. PR974809
•
PPP over ATM transit traffic was not being fragmented correctly by ATM MIC. The
changes allow the fragmentation of the transit traffic to work properly. PR976508
•
Changing service-set configuration continuously during scaled traffic conditions may
result in mspmand process crash and a core file generated. PR978032
•
On T Series router with FIB Localization enabled, if reboot the Routing Engine while
scaled traffic running, the FIB-remote FPC might crash. PR979098
•
In the high scale P2MP LSP environment, heap memory leak might occur when the
LSP flaps. Then some P2MP LSPs might be not installed, so the traffic will lose.
PR979211
114
•
scale-subscriber "License Used" filed shows wrong value after GRES. PR980399
•
In rare condition, when PPPoE subscribers login with large amounts of configuration
data, the subscriber management infrastructure daemon (smid) and authentication
service process (authd) might crash, and no new subscribers could connect to the
router. PR980646
•
In the BFD environment with static route, the BFD session is established between two
routers. When disable the subinterface on one router, the BFD AdminDown packet will
be sent out from the router (this is not expected). But according to RFC 5882, another
router receives the AdminDown packet, the static route will never be deleted on it. That
might cause traffic packets to be dropped. PR982588
•
In scenario of NG-MVPN with P2MP LSP as provider tunnel, Kernel Routing Table (KRT)
might get stuck after making changes for MVPN, then traffic loss will be seen, and
besides, rpd process might crash while trying to generate a live core dump. PR982959
•
With a firewall policer configured on more than 256 IFFs (interface address family) of
a PIC, then offline and online the PIC might cause the FPC to crash. PR983999
•
OpenSSL library in Junos OS was patched to resolve CVE-2010-5298. PR984416
•
On M7i/M10i with enchanced CFEB, M320 with E3-FPC, M120 and MX with DPC. In a
race condition, the Dense Port Concentrator (DPC) may crash when ifls get added to
an ifl-set while that same ifl-set get deactivated/deleted in class-of-service. For
example: # set interfaces interface-set interface_set_JTAC_ge-3/0/0 interface ge-3/0/0
unit 100 # deactivate class-of-service interfaces interface-set
interface_set_JTAC_ge-3/0/0 # commit or (quick commit of following changes) # set
interfaces interface-set interface_set_JTAC_ge-3/0/0 interface ge-3/0/0 # commit
# deactivate class-of-service interfaces interface-set interface_set_JTAC_ge-3/0/0
# commit. PR985974
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
•
OpenFlow does not respond to port_down events when the echo interval timeout is
set for less than 11 seconds. PR989308
•
The fabric performance of MPC1, MPC2, or 16xXE MPC in 'increased-bandwidth' mode
on an MX960 populated with SCBE's will be less compared to redundant mode due
to XF1 ASIC scheduling bugs. PR993787
•
Under normal circumstances, the Maximum Receive Unit (MRU) value is set to MTU
size + 8 bytes (e.g. MTU=9102, MRU=9102+8=9110). But in this case, when MTU is set
to a large value (MTU=9192) on AE interface, the MRU still uses the default value 1522
bytes. So when the interface receives packets which size are more than 1522 bytes, the
packets are dropped. PR994826
•
On 10X10GE SFPP, when an interface configured for CCC and asynchronous-notification,
and it is told to turn off its laser. Its laser flaps on and off for some period of time.
PR996277
•
On T4000 router with type5 FPC. After FPC rebooting, if chassisd process does not
get FPC ready/FPC online ACK message from FPC in 360 seconds, the FPC might reset
again. PR998075
•
The PIC memory gauge counters show up as 0 after a GRES switchover in the "show
chassis pic fpc-slot X pic-slot Y" output. PR1000111
•
Service PIC on MS-MPC card could core-dump and restart on receiving a stray SIGQUIT
signal due to it not handling the signal. With this fix we ignore SIGQUIT signal and avoid
Service PIC restart. PR1004195
•
When using AMS load-balancing if a PIC in the AMS bundled if offline for any reason
and the operator on-lines the pic there is slight 30 to 40 second momentary traffic
loss. PR1005665
Infrastructure
•
On RE-S-1800 family of Routing Engine, after an intensive writing to SSD, the immediate
rebooting might cause SSD to corrupt. PR937774
Interfaces and Chassis
•
If the "tunnel-destination" address of a Generic Routing Encapsulation (GRE) interface
is placed in one instance and the GRE interface is placed in another routing-instance,
the lookup for the GRE tunnel destination is done on inet.0 instead of the appropriate
routing instance's inet.0 table. The similar issue could happen on IP-over-IP or
Automatic Multicast Tunneling (AMT) tunnels too. PR851165
•
NPC crash seen while verifying Inline Jflow in both RE0 and RE1 and do switchover 10
times and verify new files are updated properly. This is software bug which have been
fixed in 12.3R5. PR905916
•
The Packet Forwarding Engine alarms raised by PFEMAN thread using cmalarm api
calls will not be transmitted to Routing Engine. As impact, these alarms will not reflect
on Routing Engine. There is no impact on functionality, otherwise. PR921254
•
If offline and remove a Non-Ethernet Modular Interface Card (MIC) from MX Series
and then perform a unified in-service-software-upgrade (ISSU), the unified ISSU may
Copyright © 2015, Juniper Networks, Inc.
115
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
get aborted. This happens because although the MIC is removed physically but it does
not get removed from the hardware database (HWDB), which makes the chassis
mistakenly try to offline the already removed MIC during unified ISSU and in turn cause
the upgrade failure. PR923569
•
Queue stats counters for AE interface will become invalid after deactivating ifl on the
AE interface. PR926617
•
Strange FRU Insertion trap[RE PCMCIA card 0] is generated when Routing Engine
master-switching is done on box with RE-1800. PR943767
•
Kernel crash might happen when a router running a Junos OS install with the fix to PR
937774 is rebooted. This problem will not be observed during the upgrade to this Junos
OS install. It occurs late enough in the shutdown procedure that it shouldn't interfere
with normal operation. PR956691
•
When an ifl containing some vrrp group configuration is deleted, snmp walk on vrrp
MIB may loop continuously. PR957975
•
If there is an IRB interface configured for "family inet6" in a bridge-domain on an MX
Series router, the Packet Forwarding Engine may not correctly update the next-hop
for an IPv6 route when the MAC address associated with the next-hop moves from an
AE interface to a non-AE interface. PR958019
•
In very uncommon situation, we will see LCCs chassisd state is inconsistent with SFC
chassisd state, this is very misleading in troubleshooting stage. This PR fixed this issue.
PR963342
116
•
Link speed of a LAG bundle may not properly reflect the total bandwidth, when
microBFD is enabled on the LAG interface. PR967046
•
Temperature Top and Bottom are swapped in show chassis environments output for
Type3/Type4 FPCs of T Series. PR975758
•
In the large scaled VPLS environment , during delete routing-instance of type VPLS,
the memory is not getting freed. The connectivity-fault management daemon (cfmd)
might crash with a core file generated.The core files could be seen by executing CLI
command "show system core-dumps". PR975858
•
Vrrpd memory leaks only on backup Routing Engine without any operation on condition
that graceful-switchover under chassis/redundancy is enabled and nonstop-routing
under routing-options is disabled with configuring ipv6 vrrp groups. PR978057
•
In the multilink frame relay (mlfr) environment with "disable-tx" configuration. When
the differential delay exceeds the red limit, the transmission is disabled on the bundle
link. When it is restored, the link should be added back. But in this case, the link stays
disable state and it is not rejoined to the bundle. PR978855
•
After the following process, we can find MCAE becomes standby/standby status. Even
if we set "set interfaces aeX aggregated-ether-options mc-ae events iccp-peer-down
prefer-status-control-active" for both routers, we can find this issue. << topology
example >> iccp ge-1/0/1 ge-1/0/1 [ MX80(router A)]-----------------[MX240(router
B)] \ ae0 ae0 / --active-- \ / --standby-- \ MC-LAG / \ / \ / ae0(ge-0/0/0)\
/ae0(ge-0/0/1) [ EX4200(switch C) ] << process >> initial status router A : active
router B : standby 1. disable ae0 of router A. 2. disable iccp link of router A. 3. disable
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
ae0 of switch C 4. enable iccp link of router A. (Please wait until iccp status up.) 5.
enable ae0 of switch C 6. enable ae0 of router A. PR982713
•
When upgrading to 13.3R2, customer may see the following messages: Chassis control
process: rtslib: ERROR kernel does not support all messages: expected 104 got 103,a
reboot or software upgrade may be required Chassis control process: Chassis control
process: rtslib: WARNING version mismatch for msg macsec (103): expected 99 got
191,a reboot or software upgrade may be required Chassis control process: Chassis
control process: rtslib: ERROR kernel does not support all messages: expected 104 got
103,a reboot or software upgrade may be required Chassis control process: Chassis
control process: rtslib: WARNING version mismatch for msg macsec (103): expected
99 got 191,a reboot or software upgrade may be required These messages are generated
during validating the new chassis management daemon against the old kernel, and
are harmless. PR983735
•
1GbE SFP(EX-SFP-1FE-LX) output optical power is restored after reseating by manual
removal/insert of SFP although the IF is disabled. PR984192
•
SNMP OID VRRP-MIB::vrrpAssoIpAddrRowStatus returns only one Ip address when
the interface ifl has configured with two virtual-addressees under two vrrp-groups.
PR987992
•
Following messages could be seen on the router for the FPC slot which are even empty.
These messages are cosmetic and could be ignored. chassisd[1637]: %DAEMON-6:
FPC 0 does not support Pic power off config cmd ignoring the config change
chassisd[1637]: %DAEMON-6: FPC 2 does not support Pic power off config cmd
ignoring the config change. PR988987
•
CFMD may crash after configuration change of an interface in a logical system which
is under OAM config for a l2vpn instance. PR991122
Layer 2 Features
•
When DHCP local server and DHCP relay are both configured on same router, the DHCP
relay binding might get lost if a graceful Routing Engine switchover (GRES) is performed.
PR940111
•
In L3 Wholesale environment, the DHCP clients might fail to renew their address in
DHCP relay scenario. PR956675
•
Configuring Ethernet Ring Protection Switching (ERPS), after changing interface's
MTU on Ring Protection Link (RPL) owner, all the interfaces on RPL owner change into
forwarding state, hence cause a layer 2 loop. PR964727
•
On MX Series platform with Ethernet Ring Protection Switching (ERPS) configuration,
after disabled Ring Protection Link (RPL) interface and then move RPL from west
interface to east interface, as a result, the ERPS east and west interface might go into
discard state at same time. PR970121
•
In DHCPv6 subscriber environment, changing the c-tags (inner vlan) without clear the
DHCPv6 clients first is not recommended, it might cause the subscriber to use the old
inner vlan even after DHCPv6 RENEW process. PR970451
Copyright © 2015, Juniper Networks, Inc.
117
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
•
When Cisco running in an old version of PVST+, it does not carry VLAN ID in the end of
BPDU. So Juniper Networks equipment fails to responds to Topology Change
Notification ACK packet when it interoperates with Cisco equipment. After the fix,
Juniper equipment will read the VLAN ID information from Ethernet header. PR984563
•
Layer 2 Control Protocol process (l2cpd) is used to enable features such as Layer 2
protocol tunneling or nonstop bridging. If a router receives a Link Layer Discovery
Protocol (LLDP) packets with multiple management address TLV, memory leak might
occur which resulting in l2cpd process crash. PR986716
•
jnxLacpTimeOut trap may show negative values and incorrect values for jnxLacpifIndex
and jnxLacpAggregateifIndex. PR994725
•
In race condition, when FPC gets rebooted or reset, link(s) from this FPC which are
part of aggregate-ethernet bundle would remain in LACP "Detached" state indefinitely.
[email protected]> show lacp interfaces ae102 Aggregated interface: ae102 LACP state: Role
Exp Def Dist Col Syn Aggr Timeout Activity xe-2/0/0 Actor No Yes No No No Yes Fast
Active xe-2/0/0 Partner No Yes No No No Yes Fast Passive xe-2/0/1 Actor No No Yes
Yes Yes Yes Fast Active xe-2/0/1 Partner No No Yes Yes Yes Yes Fast Active LACP
protocol: Receive State Transmit State Mux State xe-2/0/0 Defaulted Fast periodic
Detached xe-2/0/1 Current Fast periodic Collecting distributing [email protected]> show
interfaces xe-2/0/0 terse Interface Admin Link Proto Local Remote xe-2/0/0 up up
xe-2/0/0.0 up up aenet --> ae102.0 xe-2/0/0.32767 up up aenet --> ae102.32767 This
issue would be seen when associated aggregate-ethernet bundle is configured for
vlan-tagging. To clear this condition, the affected interface should be deactivated and
activated using cli commands. ============ [edit] [email protected]# deactivate
interfaces xe-2/0/0 [edit] [email protected]# commit [edit] [email protected]# activate interfaces
xe-2/0/0 [edit] [email protected]# commit ============ PR998246
MPLS
118
•
When the install prefix (specified by the "install" knob) and destination prefix (specified
by the "to" address of the LSP) are same for a static LSP, the routing protocol process
(rpd) might crash while deleting the LSP. PR958005
•
During SNMP walk on table MPLS cross-connect table (mplsXCTable) in case of flood
nexthop, the rpd might crash. PR964600
•
In the large scaled MPLS setup with NSR enabled. When restart routing protocol
daemon (rpd) on standby Routing Engine, or reload standby Routing Engine, or reload
router, some filtered output label bindings might be missed on the backup Routing
Engine, which leads to Label Distribution Protocol (LDP) database between the master
and backup Routing Engines are inconsistent. PR970816
•
In a scaled MPLS environment, whenever fast reroute (FRR) or Link Protection (LP)
or Node Protection (NP) is configured, the switchover from the primary LSP to the
secondary LSP might cause traffic loss for few seconds. PR973070
•
In the MPLS environment, when execute the command "show snmp mib walk
mplsXCTable" to walk the MPLS cross connect table, the routing protocol daemon
(rpd) CPU utilization might reach over 90%, and the rpd process doesn't respond to
any CLI show commands. PR978381
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
•
snmpwalk/snmpgetnext or "show snmp mib walk" fail when polling MPLSLSPOCTETS,
MPLSLSPPACKETS, MPLSLSPINFOOCTETS or MPLSLSPINFOPACKETS. PR981061
•
LSP metric modification leads to Constrained Shortest Path First(CSPF) computation
and resignaling. It should update RSVP routes directly. PR985099
•
In the MPLS environment with "egress-protection" configuration, there is a direct LDP
session between primary PE and protector. One context-id is configured as primary
PE's loopback address or any LDP enabled interface address. When delete the whole
apply-group or delete the ldp policy from apply-group, the routing protocol daemon
(rpd) might crash. PR988775
•
In the virtual private LAN service (VPLS) environment with multihoming (FEC 129) is
configured, when the router receives the label request for the Forwarding Equivalency
Class (FEC) 129, if there is no route for the specific FEC 129, the routing protocol daemon
might crash. PR992983
Network Management and Monitoring
•
Alarm management daemon runs on master and backup Routing Engine on dual
Routing Engine systems. There is a 80 megabyte alarm.db file that is copied over from
master Routing Engine to backup Routing Engine when the alarm-management daemon
has come up on both the Routing Engines. The basic issue is that alarm-management
daemon is trying to copy the alarm.db file over and over again in an infinite loop on the
system, causing CPU utilization to shoot up after every 20 seconds or so. PR988969
OpenFlow
•
OpenFlow v1.0 running on an MX Series router does not respond reliably to interface
up or down events within a specified time interval. Per a fix implemented in Junos OS
Release 13.3R3.6, OpenFlow v1.0 running on an MX Series router responds reliably to
interface up or down events if the echo interval timeout is set to 11 seconds or more.
PR989308
Platform and Infrastructure
•
Since the AC Power System on MX2020 is a N+N feed redundant and N+1 power supply
modules (PSMs) redundant, there are two separate input stages per PSM , each
connected to one of the two different/redundant feeds. However, only one stage is
active at a time. This means, the other input stage (unused input stage) may be bad
and system will not know about it till it tries to switch to it in case of a feed failure.
PR832434
•
When using OSPF/OSPFv3 with interface type point-to-point, it is possible that the
OSPF session (using multicast traffic exclusively) to come up before next-hop resolution
is done (ARP, or ND). In this case, transit traffic will be discarded, until resolution is
done. When you have multiple links available, then the route will be balanced using a
"unilist" next-hop. When one of the links in the "unilist" doesn’t have layer2 resolution,
these next-hops will actually drop traffic. The fix added by this PR will make unilist not
contain forwarding and non-forwarding at the same time. When the NH resolution will
be done, then the link will be added to the unilist. PR832974
Copyright © 2015, Juniper Networks, Inc.
119
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
•
The error message 'unlink(): failed to delete .perm file: No such file or directory' was
logged when disconnecting from a Telnet session to the router. PR876508
•
When the instance have vlan-id all and adding interface unit with "vlan-tags outer X
inner Y" to this instance, traffic from ALL instance VLANs is leaking over that unit tagged
with outer tag X and each VLANs own inner tag A,B.C,..... Fix: When the instance have
vlan-id all, for dual tagged ifl the inner vlan check will be done. PR883760
•
On MX Series based line card, for interfaces tagged with VLAN ID same as the
native-vlan-id configured on the interface, FPC adds Native VLAN ID to the packets
received on the interface and destined to the host. This is irrespective of the packet
content. This results in the packets getting doubly tagged when receiving packets
which are already tagged with VLAN ID matching the Native VLAN ID, and thus cause
ARP resolution failure on Native VLAN. For example, the ARP packets to IRB (on VLAN
101) are tagged with VLAN ID 101 (which is also the native VLAN ID) and are getting
additional tagged. Hence they are dropped by the IRB and this can cause the ARP
request packet not getting resolved on Native VLAN. PR917576
•
When the transit traffic is hitting the router and the destination is a local segment IP
which requires ARP resolution, it's mis-classified by the DDOS filter and an incorrect
policer is applied. This leads to host queue congestion. PR924807
•
Starting with Junos 13.3 and later, the range of cli screen-with is 40 through 1024 (in
earlier Junos OS releases, the range is 0 through 1024). This PR restores the option of
setting screen-width to 0 resulting in unlimited screen width. PR936460
•
The Routing Engine and FPCs are connected with an internal Ethernet switch. In some
rare case, the FPCs might receive a malformed packet from the Routing Engine (e.g.
packet gets corrupted somewhere on its way from Routing Engine to FPC). Then the
toxic traffic might crash the FPC. PR938578
•
MPC Type 2 3D may crash with CPU hog due to excessive link flaps causing the
interrupts to go high. PR938956
•
On a router which does a MPLS label POP operation (penultimate hop router for
example) if the resulting packet (IPv4 or IPv6) is corrupted then it will be dropped.
PR943382
120
•
If a PE router is both egress and trazit node for a p2mp lsp, the Packet Forwarding
Engine may report errors and install a discard state for the fib entry representing the
p2mp lsp label with bottom of stack bit set to 0 . This problem does not have any
impact since there is no application using the s=0 entry of a p2mp lsp. PR950575
•
* MX2020 FanTray power specification. - zone#1:FT#3 - gets power from zone#1 only
- zone#1:FT#2 - gets power from zone#0 in case of no-power in zone#1 - zone#0:FT#1
- gets power from zone#0 only - zone#0:FT#0 - gets power from zone#1 in case of
no-power in zone#0 - Critical(Minimum) number for MX2020 operation is 3 If one of
zone has no PSM, then it means FAN single-fault in the chassis's point of view. For
example, if zone#1 has no PSM, then the FT#3 doesn't get power as it is local-powered
FT. Hence, in this case, the FT#3-LED should show ORANGE to notify the single-fault
to user, while FT#2 can shows GREEN if it gets enough power from zone#0. In addition,
CRAFT-LED for FT#3 should be turned off. * Due to HW-limit(bicolor), it could not
show ORANGE color. In current implementation, both CRAFT-LED, FT#3-LED show
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
GREEN. That's problem. * NOTE: Junos OS doesn't support FT double-fault scenario.
(MX2020 needs minimum 3 FTs.) If FT#2 gets in trouble in above case(i.e.,FT
double-fault), the user should see serious cooling-trouble on SFMs within 1 minute.
PR957395
•
Unable to modify dynamic configuration database after first commit. PR959450
•
When we set "traffic-manager mode ingress-and-egress" on "MIC-3D-40GE-TX (3D
40x 1GE(LAN) RJ45)", we cannot use ingress queue correctly on PIC2 and PIC3. *Note:
We cannot see this issue if we set the above configuration to PIC0 or PIC1. PR959915
•
Certain combinations of Junos OS CLI commands and arguments have been found to
be exploitable in a way that can allow root access to the operating system. This may
allow any user with permissions to run these CLI commands the ability to achieve
elevated privileges and gain complete control of the device. Refer to JSA10634 for
more information. PR965762
•
Certain combinations of Junos OS CLI commands and arguments have been found to
be exploitable in a way that can allow root access to the operating system. This may
allow any user with permissions to run these CLI commands the ability to achieve
elevated privileges and gain complete control of the device. Refer to JSA10634 for
more information. PR966808
•
Certain combinations of Junos OS CLI commands and arguments have been found to
be exploitable in a way that can allow root access to the operating system. This may
allow any user with permissions to run these CLI commands the ability to achieve
elevated privileges and gain complete control of the device. Refer to JSA10634 for
more information. PR969365
•
A defect in L3VPN Make Before Break code was resulting in freeing memory
corresponding to old nexthops which is being used by egress Packet Forwarding Engine.
This was resulting in memory corruption. PR971821
•
With NG-MVPN, multicast traffic might get duplicated and/or blackholed if a PE router,
with active local receivers, is also a transit node and the p2mp lsp is branched down
over an aggregate interface with members on different Packet Forwarding Engines.
PR973938
•
SNMP alarms/traps could be generated for unpowered fan trays when only one zone
is powered. PR982970
•
On MX Series platform, when filter is applied on the interface with the action of "then
next-interface", the packets that are forwarded by the firewall filter would be corrupted.
PR986555
•
Interface alias was not shown in the show commands when configured. Now interface
alias will be shown (IF CONFIGURED) in show commands containing interface names.
A |display no-interface-alias command adds the ability to show the actual interface
name if its needed. PR988245
•
When services packet(interface-style) is diverted to different routing-instance using
a firewall filter, route lookup of the services packet was matching a reject route which
results in PPE thread timeout. PR988553
Copyright © 2015, Juniper Networks, Inc.
121
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
•
TXP with 13.1R4 might not trigger autoheal after 65535 CRC error event on inter-chassis
optical hsl2 link. Customer will need to do manual fabric plane reset to recover the
faulty SIBs after the 65535 CRC error event. PR988886
•
NPC core /../src/pfe/ukern/cpu-ppc/ppc603e_panic.c:68. PR989240
•
On logical-systems, backup rpd of logical systems is not getting SIGHUP when the
"commit fast-synchronize" statement at the [edit system] hierarchy level is enabled.
It causes the issue "restarting backup rpd" of logical systems (as part of recovery
mechanism). PR990347
•
When two midplane link errors are present between F13 and F2 Sibs then CLOS rerouting
logic does not work properly. This can introduce RODR packet drops and result in
destination errors in the plane. PR992677
•
"delete" or "deactivate" of apply-group defining the entire TACACS or RADIUS
configuration configured under [edit system apply-group <>] does not take effect on
commit. This could lead to TACACS or RADIUS based authentication to still continue
working despite removal (delete/deactivate) of configuration. PR992837
•
On MX Series router with MPCs or MICs or T4000 router with type5 FPC, if the CoS
scheduler is configured without transmit-rate while with buffer-size temporal, the
Packet Forwarding Engine might not allocate buffer for the associated queue. The
issue might lead to packets loss. PR999029
•
The configuration to be applied to the feature auto backup Routing Engine upgrade
for NON-GRES case when back up Routing Engine has unsupported CB. policy
FRU-UNSUPPORTED { events CHASSISD_FRU_UNSUPPORTED; attributes-match {
CHASSISD_FRU_UNSUPPORTED.fru-name matches CB; } then { event-script
auto-image-upgrade.slax; } } event-script { file auto-image-upgrade.slax; }
Recommended setting: -------------------- Since above
CHASSISD_FRU_UNSUPPORTED event generated for every 20 mins on box after boot
up, to stop from repetitive execution of this event policy, we can specify following
'within clause' in the event policy configuration. policy FRU-UNSUPPORTED { events
CHASSISD_FRU_UNSUPPORTED; within 1200 { not events
CHASSISD_FRU_UNSUPPORTED; } attributes-match {
CHASSISD_FRU_UNSUPPORTED.fru-name matches CB; } then { event-script
auto-image-upgrade.slax; } } event-script { file auto-image-upgrade.slax; } PR1000476
Routing Protocols
122
•
In PIM-SM network with "bootstrap routing" RP selection mechanism used, it is observed
that some bootstrap messages (BSMs) generation and forwarding behavior of Junos
OS does not conform to RFC standard, specifically in the section 3.2 (Bootstrap
message generation), 3.3 (Sending Candidate-RP-Advertisement Messages) and 3.4
(Creating the RP-Set at the BSR). PR871678
•
In Protocol Independent Multicast (PIM) scenario, if interface get deleted before the
(S,G) route is installed in the Routing Information Base (RIB), then this interface index
might be re-used by kernel for another interface and thus cause routing protocol process
(rpd) core. PR913706
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
•
The rpd process might crash when executing the command "show route
advertising-protocol bgp <nbr>" without a table option, or with a table that is not
advertised by BGP. PR959535
•
In the scenario of multicast receiver could receive traffic from mLDP or PIM, if at first
the multicast traffic is flowing over PIM, then the flapping of PIM protocol will cause
the traffic to flow over mLDP and later switch back to PIM, but the mLDP
forwarding-cache might not get pruned, which resulting duplicated traffic. PR963031
•
In certain rare circumstances, BGP NSR replication to the backup Routing Engine may
not make forward progress. This was due to an issue where an internal buffer was not
correctly cleared in rare circumstances when the backup Routing Engine was
experiencing high CPU. PR975012
•
In scaled BGP environment, if an NSR enabled router does not have any routing-instance
configured, after flapping BGP groups with multiple peers, some BGP neighbors might
get stuck in 'not advertising' state. PR978183
•
In the dual Routing Engine scenario, after an Routing Engine switchover, the periodic
packet management daemon (ppmd) might exit. PR979541
•
On MX Series platforms with IGMP snooping enabled on an IRB interface, some transit
TCP packets may be wrongly considered as IGMP packets, causing packets to be
dropped. PR979671
•
Due to some corner cases, certain commits could cause the input and/or output BGP
policies to be reexamined causing an increase in rpd CPU utilization PR979971
•
PPMD filter is not programmed properly which is resulting Routing Engine to absorb
BFD packets instead of Packet Forwarding Engine. PR985035
•
In Junos OS, by default the RIP protocol "send" option is set to Multicast RIPv2. When
this "send" option is changed from "multicast"(active) to "none"(passive) or vice-versa,
rpd core might be seen on the router. PR986444
•
In V4 RG, member site receives traffic from both serving sites for few sources upon
withdraw/inject routes for 30 seconds. PR988561
•
OSPF adjacency is not coming up with error "OSPF packet ignored: authentication
failure (sequence error)" in p2mp when remote peer goes down. PR991540
Services Applications
•
Any SIP MESSAGE request will be dropped by the SIP ALG, this type of request is
unsupported from day one. This is rare type of request which will not prevent more
usual SIP operations such as voice calls, but it may affect some instant messaging
applications based on SIP. PR881813
•
Clearing the stateful firewall subscriber analysis causes the active subscriber count to
display a very huge number. The large number is seen because when a subscriber times
out the number of active subscribers is decremented. If it is set to zero using the clear
command, then a decrement would give an incorrect result. There is no impact to the
overall functionality and the fix is expected to be present in 14.1R2. PR939832
•
Ping failure from LNS to MLPPP client. PR952708
Copyright © 2015, Juniper Networks, Inc.
123
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
•
The dynamic flow control process (dfcd) might core dump when Dynamic Tasking
Control Protocol (DTCP) trigger request is same for both the VLAN and DHCP
subscriber. PR962810
•
Message type for if_msg_ifl_channel_delete should be lower severity and not an error.
PR965298
•
In the context of DS-Lite softwire scenario, where the Address Family Transition Router
(AFTR) node performs NAT with Endpoint Independent Filtering (EIF) and Endpoint
Independent Mapping (EIM) enabled, the simultaneous arrival of two packets from
opposite sides of the NAT will trigger the creation of the same flow, which in a race
condition results in the Service-PIC restart. PR966255
•
During the Junos OS enhancement of the Port Control Protocol a few issues were
identified regarding NAT flows creation, clearing of the mappings, releasing the
addresses in use, etc. PR967971
•
In the L2TP scenario with dual Routing Engines. After subscriber management
infrastructure daemon (smid) being restarted, because the delete notification to backup
Routing Engine might be lost, the subscriber database (SDB) information does not
synchronize between master Routing Engine and standby Routing Engine. After Routing
Engine switchover is executed, the Layer 2 Tunneling Protocol daemon (jl2tpd) might
crash, and new L2TP subscribers are unable to dial. PR968947
•
When transferring large FTP file, the server might send packets with incorrect layer 4
checksum. If inline NAT service is enabled on the router, it might transit the packets to
client instead of dropping it, which eventually causes the client FTP time out. PR972402
•
If a PPPoE/PPP user disconnects in the access network without the LAC/LNS noticing
it to tear down the connection (also the PPP keepalive hasn't detected yet), and a
second PPP request comes from the same subscriber on the L2TP tunnel (same or
different LAC/tunnel), then a second route is added to the table having the next hop
"service to unknown". PR981488
•
The cflow export would cease due to memory exhaustion when flow-monitoring is
enabled using Adaptive Services II PIC due to memory leak condition. While in this
condition, user would see increments in "Packet dropped (no memory)" as below:
[email protected]> show services accounting errors Service Accounting interface: sp-3/0/0,
Local interface index: 320 Service name: (default sampling) Interface state: Accounting
Error information Packets dropped (no memory): 315805425, Packets dropped (not
IP): 0. PR982160
•
In H323 ALG with CGNAT scenario, the MS-PIC might crash when the ALG is deleting
an H323 conversation due to the deleting port is outside of allocated NAT port-block
range. PR982780
•
On M/MX/T Series routers (platforms) with Services PIC with dynamic-nat44
translation-type configured, when the flows are cleared the IP addresses in use are
never freed. This issue is present in JunOS 11.4R7 and all more recent releases without
this fix. PR986974
•
In large scale L2TP LNS environment. When the SNMP MIB JNX-L2TP-MIB is walked
continuously, the memory of the L2TP daemon (jl2tpd) increases due to memory leak.
PR987678
124
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
Software Installation and Upgrade
•
Routing Engine could be brought to DB mode when rebooting after interrupted
downgrade. PR966462
•
By upgrade-with-config, user can specify a configuration to be applied on upgrade,
but the configuration file will not be loaded post upgrading. As a result, router will bring
up with old configuration. PR983291
Subscriber Access Management
•
In early Release 13.3 code, if NSR and 64-bit rpd are used, there is a chance that the
Routing Engine may lose the primary floating IP address assigned to both Routing
Engine after a couple of GRES Routing Engine switchovers. This issue had been
corrected in later Release 13.3 branch codes. PR973278
User Interface and Configuration
•
When load large scale configuration, due to the ddl object not being freed properly
after it's accessed, load configuration failed with error: Out of object identifiers.
PR985324
VPNs
•
Upon withdraw /inject bgp routes in the serving PEs for two different
route-groups,member/regular sites receive traffic from both serving sites for 60
seconds. PR973623
•
Route group member site and regular site may receive data from two serving sites of
two groups for the same (S,G). This only happens when in one RG there are no receivers.
PR974245
•
In Rosen MVPN environment, if there a two multihomed ingress PEs, when the route
to multicast source flaps, the receiver router might keep switching between sender
Data MDTs, which resulting in traffic loss. PR974914
•
In the Rosen MVPN environment, setting the TOS IP control packet bit can avoid the
possibility of data-mdt TLV messages being dropped in the core during congestion.
But in this case, the TOS field to indicate its IP control packet (0xc0) is not set. This
might lead to traffic loss. PR981523
•
The S-PMSI tunnel might fail to be originated from ingress PE after flapping the routes
to customer multicast source. PR983410
•
In MVPN scenario, a multihomed ingress PE might fail to advertise type-4 after losing
routes to local sources. PR984946
•
In AT route-group scenario, source route is flapped on preferred serving site. After that
the member site fails to originate type-4 even though it has type-5 and type-3 from
non-preferred serving sites. PR994687
Copyright © 2015, Juniper Networks, Inc.
125
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
Resolved Issues: Release 13.3R2
Forwarding and Sampling
•
When MAC addresses move, Layer 2 address learning process (l2ald) will be called
and produces some other child processes. The child processes cannot be terminated.
Then maximum process limitation is reached and the Routing Engine is locked up.
PR943026
General Routing
•
When gr- interface is disabled, the DECAP-NH also needs to be deleted / set to discard.
PR791277
•
When transit packets with TTL expired is received, FPC is responsible for sending an
ICMP TTL Expired message back to the sender. There is a 500pps per Packet Forwarding
Engine rate limit so that FPC is not overwhelmed when large volume of transit traffic
with TTL expired is received. PR893598
•
MXVC /kernel: rts_ifstate_client_open:Number of ifstate clients have reached
threshold,current = 63 maximum = 63. PR894974
•
On MX Series platforms with MPC4E-3D-32XGE-SFFP/MIC3-3D-10XGE-SFPP equipped,
10G ports of these cards might stay offline where a link flaps or an SFP+ is inserted
after above 3 months of link up. PR905589
•
This PR addresses a timing issue, which happens when "no-vrf-propagate-ttl" is
configured in the routing-instance configuration. When this configuration is present, it
might sometime create a situation where the route selection happens of a route which
is yet to be resolved in secondary vrf table, which results in a RPD core. PR917536
•
MX80 routers now support CLI command "show system resource-monitor summary".
PR925794
•
In the Point-to-Point Protocol over Ethernet (PPPoE) scenario, for access or
access-internal routes using an unnumbered interface, if MAC is not specified along
with qualified-nexthop, the routing protocol process (rpd) will fabricate a MAC address
for it. When the access route or point-to-point interface itself is brought down, the rpd
created qualified-nexthop is being freed, due to mismatch between qualified-nexthop
and the kernel created point-to-point nexthop, rpd crashes and a core file is generated.
PR935978
126
•
Some "service-set" have already existed, when add/delete "stateful-firewall-rules"
about more than 400 lines to the existing "service-set", then execute commit, the
traffic stopped and never restore without offline/online MS-MIC. PR937489
•
In subscriber management environment, profile database files at backup Routing
Engine get corrupted when the dynamic profile versioning and commit fast-synchronize
are enabled in configuration. After GRES when the backup Routing Engine become
master, all the existing DHCP subscribers stuck in RELEASE State and new DHCP
subscribers can't bind at this point. PR941780
•
DS0/T1 channel throughput on "16x CHE1T1, RJ48" card with PPP/CISCO-HDLC is not
N*64kbps. PR944287
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
•
PIC level "account-layer2-overhead" knob with ethernet-bridge doesn't add
"Adjustment Bytes". As a workaround, configure it under interface level. PR946131
•
Egress multicast statistics display incorrectly after flapping of ae member links on
M320 or T Series FPC (M320 non-E3 FPC and T Series non-ES FPC). PR946760
•
With scaled configuration of ATM VCs (~4000 VCs) on a single
MIC-3D-8OC3-2OC12-ATM ATM MIC, the MIC might crash. The crash is not seen with
lower scale (i.e. less than 3500 VCs per MIC). PR947434
•
When configuring "no-readvertise" flag to existing static route, then this static route
will not exported to other VPN routing and forwarding (VRF) tables from onwards
which is expected. However, for the static route that has already exported to other
VRF tables before "no-readvertise" configuration, no deletion event occurs. Also, the
"rt-export" bit still set for the static route which is exported to other routing tables after
"no-readvertise" configuration. PR950994
•
CLI command "show interfaces queue" does not account for interface queue drops
due to Head drops. This resulted in the "Queued" packets/bytes counter to be less
than what was actually received and dropped on that interface queue. This PR fixes
this issue. Head-drops, being a type of RED mechanism, are now accounted under the
"RED-dropped" section of the CLI command "show interfaces queue". PR951235
•
In a scaled network and on a multi-chassis platform with BGP ECMP configured, when
the master Routing Engine of line-card chassis (LCC) crashes, LCC would go through
a reboot process to bring up the backup Routing Engine, during which the neighbor
session of BGP over aggregated Ethernet (AE) interface might get broken. This is
because the Unilist NHs of the AE are stuck at standby state and therefore no traffic
can be transmit through. PR953365
•
On systems running Junos OS Release 13.3R1 and nonstop active routing (NSR) is
enabled, when "switchover-on-routing-crash" under [edit set system] hierarchy is set,
Routing Engine switchover should happen only when the routing protocol process
(rpd) crashes. But unexpected Routing Engine switchover can be seen when performing
the CLI command "request system core-dump routing running" to manually generate
a rpd live core. PR954067
•
If an aggregated Ethernet (AE) interface has the "scaled" member-link scheduling
mode (which is the default mode), and multiple forwarding-classes map to a same
queue, then the actual transmit-percent might be unable to reach the configured
scheduler. PR954789
•
Default threshold for ES-FPC errors is 1 for major errors and 10 for minor errors, when
the threshold is reached, some actions (for example,
alarm|offline-pic|log|get-state|offline|reset) will be taken by FPC as configured. This
feature is designed for permament/real errors. The issue here is that even some transient
errors (eg, link flaps) will also trigger the default action. In some cases, it might cause
panic for the FPC. PR961165
•
Sessions are getting reset when SFW rule and/or NAT term are added/deleted in a
service set having NAT also. PR961353
•
On T Series or M320 routers with OSPF knob, if have large-scale routes (for example,
180K Composite Nexthop), when do costing-out and costing-in operations along with
Copyright © 2015, Juniper Networks, Inc.
127
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
changing gigether-options of core router facing interface multiple times continuously,
the Flexible PIC Concentrator (FPC) CPU utilization might increase to 100%, and then
FPC might crash. PR961473
•
On an MX Series router with dynamic vlan scenario, when improper sort order data is
sent to dynamic vlan on the Packet Forwarding Engine, the Modular Port Concentrator
(MPC) might crash and generate core files. PR961645
•
For MXVC platform, the pfe reconnect timer extends from the default 15s to 60s
temporarily. This will be reversed once Packet Forwarding Engine connection issues
resolved. PR963576
•
Display issue only. "show route cumulative vpn-family" command is using "inet.6" for
vpnv6 routes instead of inet6.0. PR966828
•
Destination alarms are cleared after fabric event even though destination errors are
present in the system. PR967013
•
NH tracing provides a lightweight mechanism to capture NH chains traversed by packets
of interest for further examination. PR967450
High Availability (HA) and Resiliency
128
•
/var/log/messages is getting filled up with following GRES related messages. These
are harmless and due to the log level(info). *** messages *** Dec 1 22:46:49.201 re0
/kernel: update_slave_peer_gres_status: vksid 0 is_slave_peer_gres_ready 1
is_local_slave_peer_gres_ready 0 Dec 1 22:46:49.201 re0 /kernel: vks[0] 1 vks[1] 0 Dec
1 22:46:49.201 re0 /kernel: PFE-MASTER - vks[0] 1 vks[1] 0 Dec 1 22:46:49.201 re0
/kernel: Slave is ready for GRES for vksid 0 Dec 1 22:46:49.201 re0 /kernel:
update_slave_peer_gres_status: vksid 0 is_slave_peer_gres_ready 1
is_local_slave_peer_gres_ready 0 Dec 1 22:46:49.201 re0 /kernel: vks[0] 1 vks[1] 0 Dec
1 22:46:49.201 re0 /kernel: PFE-MASTER - vks[0] 1 vks[1] 0 Dec 1 22:46:49.201 re0
/kernel: Slave is ready for GRES for vksid 0 Dec 1 22:46:49.401 re0 /kernel:
update_slave_peer_gres_status: vksid 0 is_slave_peer_gres_ready 1
is_local_slave_peer_gres_ready 0 Dec 1 22:46:49.401 re0 /kernel: vks[0] 1 vks[1] 0 Dec
1 22:46:49.401 re0 /kernel: PFE-MASTER - vks[0] 1 vks[1] 0 Dec 1 22:46:49.401 re0
/kernel: Slave is ready for GRES for vksid 0 Dec 1 22:46:53.000 re0 /kernel:
update_slave_peer_gres_status: vksid 0 is_slave_peer_gres_ready 1
is_local_slave_peer_gres_ready 0 Dec 1 22:46:53.000 re0 /kernel: vks[0] 1 vks[1] 0 Dec
1 22:46:53.000 re0 /kernel: PFE-MASTER - vks[0] 1 vks[1] 0 Dec 1 22:46:53.000 re0
/kernel: Slave is ready for GRES for vksid 0 PR918075
•
When performing a unified in-service software upgrade (ISSU) validate against a router
with ISSU unsupported hardware equipped, the unsupported hardware is being taken
offline, as if an actual ISSU is being performed. In addition, the unsupported hardware
is still offline after the ISSU validate is completed. The workaround is rebooting or
executing CLI commands to bring the offline hardware back online. PR949882
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
Infrastructure
•
On RE-S-1800 family of Routing Engines, after an intensive writing to SSD, the
immediate rebooting might cause SSD to corrupt. PR937774
Interfaces and Chassis
•
The Packet Forwarding Engine alarms raised by PFEMAN thread using cmalarm api
calls will not be transmitted to the Routing Engine. As impact, these alarms will not
reflect on the Routing Engine. There is no impact on functionality, otherwise. PR921254
•
Traffic that uses MPLS next-hops enters bridge-domain via IRB interface and if
forwarding next-hop moves from non-aggregate interface to aggregate interface (MAC
move), the MPLS next-hops are not correctly programmed in the Packet Forwarding
Engine and are dropped. The child next-hop of the aggregate interfaces are missing.
Once IRB MPLS next-hop moves from aggregate interface to non-aggregate interfaces
are not affected. IPv4 traffic will not trigger traffic drop upon mac move. The second
symptom is a possible kernel core-dump on the new backup Routing-Engine after
mastership switch. This applies to an IRB mac move for ipv4,ipv6 and mpls next-hops.
PR924015
•
"Too many I2C Failures" alarm happens when a FRU (in this case:
PWR-MX960-4100-AC-S) experienced six consecutive i2c read/write failures. While
the PEM is still providing power to the chassis, the chassisd daemon cannot read/write
information from the PEM until it is reseated. In recent investigation, engineering team
has come up some enhancements for this MX960 HC AC PEM: 1. PEM i2c bus hang
avoidance 2. Junos OS recovery from a hung i2c bus 3. noise reduction This Junos OS
eliminates the need for the PEM FW upgrade, and at the same time is 100% compatible
with those PEMs which have been upgraded. PR928861
•
Traffic is not flowing over Demux input interface A technical description can be found
in the Knowledge Base: http://kb.juniper.net/KB28821. PR937035
•
PCS statistics counter(Bit errors/Errored blocks) not working on Mammoth PIC(xge).
PR942719
•
Digital Optical Monitoring MIB jnxDomCurrentRxLaserPower gives wrong value in
12.3R3-S6. PR946758
•
When Connectivity Fault Management (CFM) is configured, if maintenance domain
intermediate point (MIP) session associated with default maintenance domain (MD)
is inactive, a deletion of the interface cannot delete the MIP session structure, hence
might causing memory leak. This crash could also be seen if delete more than one
Virtual private LAN service (VPLS) routing instance with no neighbor configuration.
PR947499
•
When transit traffic of Ethernet frames of size less than 64 bytes is received by 1x
10GE(LAN/WAN) IQ2E PIC, the router forwards the frames instead of dropping them.
PR954996
•
Before the problem was fixed, the CLI "show interfaces et-x/x/x extensive” did not give
full information. PR956497
Copyright © 2015, Juniper Networks, Inc.
129
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
•
Kernel crash might happen when a router running a Junos OS install with the fix to PR
937774 is rebooted. This problem will not be observed during the upgrade to this install.
It occurs late enough in the shutdown procedure that it shouldn't interfere with normal
operation. PR956691
•
When micro Bidirectional Forwarding Detection (mBFD) is configured on aggregated
Ethernet (AE) interface, if a member link of the AE interface is removed, if a member
link is marked admin down or disabled at CLI, the BFD session would correspondingly
be down. However, the corresponding member link in the peer end continues to forward
traffic. PR963314
•
In a very uncommon situation, we see that LCCs chassisd state is inconsistent with
SFC chassisd state. This is very misleading in troubleshooting stage. PR963342
Layer 2 Features
•
Service accounting interim updates not being sent. PR940179
•
In the unified in-service software upgrade (ISSU) for Dynamic Host Configuration
Protocol (DHCP) scenario, when ISSU initiates, if there are some subscribers stuck in
login state and keep sending discover/request packets, this leads to ISSU ready check
failing and ISSU aborting as a result. PR949337
•
IP address change of a DHCP relay interface does not get reflected in gateway IP
address (giaddr) when maintain-subscribers knob is enabled, which needs to restart
DHCP daemon to make it work again. PR951909
•
When link level adjacency across IRB interface goes down, targeted LDP session might
also go down even if there is a alternate route. PR959396
MPLS
•
When static LSPs are configured on a node, RPD could assert upon committing a
MPLS-related configuration change. Example: router> show system rollback compare
9 8 [edit protocols mpls] interface ae11.0 { ... } + interface as3.0 { + admin-group red;
+} [edit protocols isis interface as3.0 level 2] ! inactive: metric 2610; The following
error is seen in /var/log/messages in-relation to a static lsp, immediately following the
above-mentioned configuration change: rpd[1583]: UI_CONFIGURATION_ERROR:
Process: rpd, path: [edit groups STATELESS_ARIADNE protocols mpls
static-label-switched-path static-lsp], statement: transit 1033465, static-lsp:
incoming-label 1033465 has already been configured by this or other static applications.
PR930058
•
MX Series routers with FPCs could crash during next-hop resolution triggered by indirect
next-hop change. PR944393
•
In certain circumstance, the Junos OS rpd route flash job and LDP connection job are
always running, starving other work such as stale route deletion. These jobs are running
as LDP is continuously sending label map and label withdraw messages for some of
the prefixes under ldp egress policy. This is due to LDP processing a BGP route from
inet.3 for which it has a ingress tunnel (the same prefix is also learned via IGP) creating
a circular dependency as BGP routes can themselves be resolved over a LDP route.
PR945234
130
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
•
In a highly scaled configuration, the reroute of transit RSVP LSPs can result in BGP flap
due to lack of keepalive messages being generated by the Routing Engine. PR946030
•
The RSVP bandwidth of the aggregated Ethernet (AE) bundle does not adjust properly
when a member link is added to AE interface, and at the same time an IP address is
removed from this AE bundle. PR948690
•
On IS-IS interfaces configured with point-to-point and ldp-synchronization, after a
change of IP address on the interface from the remote router, and if the old Label
Distribution Protocol (LDP) adjacency times-out after the new LDP adjacency is up,
the IS-IS protocol will be notified about the old LDP adjacency down event and the
LDP sync state will remain in "hold-down" even if the new LDP adjacency is up.
PR955219
•
When Packet Forwarding Engine fast reroute (FRR) applications are in use (such as
MPLS facility backup, fast-reroute, loop free alternates), a flap of the primary path
could be triggered due to an interface flap or by Bidirectional Forwarding Detection
(BFD) session flap. However, this interface/session flap might lead to a permanent
use of the backup path, which means the original primary path could not be active
again. PR955231
•
We add timer for all aggregate LDP prefixes but are not deleting it when the timer
expires because of a bug. Since the timer is not expiring, we never update the route for
any change. This will be sitting in the routing table as a stale entry. PR956661
•
The Label Distribution Protocol (LDP) feature is enabled and the background job "LDP
sync send filtered label job" is running, when shut down the LDP, due to LDP failing to
delete a job that didn't exist while shutting down, routing protocol process (rpd) might
crash. PR968825
Platform and Infrastructure
•
In an MX-VC environment, in certain situations the inter-chassis traffic might not be
equally balanced across all available vcp links after adding extra links. PR915383
•
Transit traffic is being improperly classified and competing with legitimate control
plane traffic. PR924807
•
With MX Series routers with MPCs or MICs, changing the MTU on one interface might
cause Layer 2 traffic interruption on other interfaces in the same FPC. PR935090
•
When chained-composite-nexthop ingress L3VPN is configured, and if two PEs are
directly connected, the unicast nexhhop on egress is IPv4 protocol encapsulated only
and no LSP label push, thus COS rewrite mask could not correctly set by IPv4 Unicast
nexthop, which leads to MPLS exp rewrite not working. PR941066
•
TWAMP connection/session will come up only if the session padding length is greater
than or equal to 27 bytes on the TWAMP Client. The valid range of padding length
supported by the TWAMP Server is 27 bytes to 1400 bytes. If IXIA is used as the TWAMP
Client, packet length range from 41 bytes to 1024 bytes is supported. PR943320
•
In a highly congested system (for example, high multicast traffic rate),
traffic/subscribers loss might occur while performing unified in-service software upgrade
(ISSU). PR945516
Copyright © 2015, Juniper Networks, Inc.
131
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
•
On I-chip platforms, when forwarding table filter (FTF) is configured for a virtual private
LAN service (VPLS) routing instance, the jtree memory corruption might occur if the
routing table attached by FTF is destroyed. The routing table that is attached by FTF
can get destroyed with different events such as an interface that is part of the VPLS
routing instance flaps or route-distinguisher is changed. PR945669
•
Tested with 13.3 daily image "13.3-20140101.0". Issue not observed. Able to see both
the vlan fields updated properly. PR946964
•
On MX Series routers with MPCs, when multicast traffic flows over the integrated
routing and bridging (IRB) interfaces, MPC might crash due to memory leak. PR947112
•
In PPPoE subscriber management environment, if the BRAS router is an MX Series
router with MS-DPC equipped and traffic from the subscribers is NATed on MS-DPC
card, when PPPoE subscribers flap, heap memory leak might occur on the MS-DPC.
PR948031
•
MIC-3D-40GE-TX (3D 40x 1GE(LAN) RJ45) restarts with core files repeatedly after
configuring "VRRP interface" and "traffic-manager mode ingress-and-egress" on PIC2
or PIC3. PR950806
•
Current display of "cli> request chassis routing-engine hard-disk-test show-status"
command for Unigen SSD identified by "UGB94BPHxxxxxx-KCI" is incorrect and can
be misleading when used for troubleshooting. For example, attribute 199 is displayed
as "UDMA CRC Error Count" and is actually "Total Count of Write Sector". PR951277
•
Traffic unbalance can be seen in output interface of 2nd node in the cascaded topology.
Current Junos OS hash-seed implementation on MX Series routers with MPCs or MICs
can be used to protect the hash-cascade problem(unbalance at 2nd node output,
0:100 for example) but it doesn't work very well (60:40 or 70:30 can be seen). The fix
made an enhancement, so that it can deliver nearly 50:50 LB performance. PR953243
•
On MX Series or T4000 router, when a firewall filter is applied to allow only trusted IP
and router loopback address to request NTP service on the router in case of NTP DDoS
attack, the counter for the NTP protocol of the output of "show ddos-protection
protocols ntp" would be always null, though it is confirmed that there is an NTP DDoS
attack. The reason for this is that the only the multicast NTP packet is treated as an
NTP packet by the filter, whereas the unicast one is not. PR954862
•
When operating in enhanced-IP mode, for bridge-domains/vpls instances with snooping
configuration, multicast data forwarding does not happen properly for multicast data
that is being routed over IRB interfaces associated with the bridge-domains/vpls
instances to egress on trunk ports associated with the bridge-domains/vpls instances.
PR955553
•
132
rmopd will throw an error without jcrypto package which is absent in export build.
Domestic version does not have this error because of the presence of jcrypto. The issue
exists in only Release 13.3 and not on branches before that. PR960757
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
•
In current Junos OS, a PSM shows dc output value even though it is turned off by a
switch. This cosmetic bug causes miscalculation of actual usage in 'show chassis
power'. PR960865
•
Upon the deletion of a routing-instance and subsequent commit, error logs are
generated from each Type 1 - 3(non E3) based FPC. These logs are cosmetic and can
be ignored. PR964326
Routing Policy and Firewall Filters
•
Policy with Install-nexthop lsp might not work as expected when there is an LSP path
change triggering route resolution. PR931741
•
Configuration of an extended community such as: rt-import:*:* src-as:*:* fails because
the wildcard is not allowed during the configuration validation process. PR944400
Routing Protocols
•
On MX Series routers containing multiple Packet Forwarding Engines such as
MX240/MX480/MX960/MX2010/MX2020 routers, with DPC (Dense Port
Concentrator) or FPC (Flexible Port Concentrator) or with line cards designated with
"3D", RPD might restart when attempting to send a PIM assert message on an interface
(whose interface index exceeds 65536). It is likely that RPD restarts repeatedly, since
after RPD has restarted and protocols have converged, the same PIM assert will trigger
further RPD restarts. PR879981
•
On the first hop router if the traffic is received from a remote source and the
accept-remote-source knob is configured, the RPF information for the remote source
is not created. PR932405
•
Due to new features and the required infrastructure the rpd memory footprint has
increased by as much as 5% between Releases 12.3 and 13.3. PR957550
•
In scaled BGP routes environment, the BGP router has dual Routing Engines, graceful
Routing Engine switchover (GRES) and nonstop active routing (NSR) is configured,
after performing the operation of deactivate/activate BGP groups and commit the
configuration, the BGP router might be stuck in "not-advertising" state. PR961459
•
With BGP import policy as next-hop peer-address, if the local router receives inet (or
inet-vpn) flow network-layer reachability information (NLRI), routing protocol process
(rpd) might crash. Junos OS is designed to create a fictitious next hop for inet flow and
inet-vpn flow families as they don't send/expect-to-receive next hops. So in this case
when the import-policy set a non-null next-hop for the received inet (or inet-vpn) flow
route, it could not handle it properly which might result in rpd crash. PR966130
•
In a scaled setup, if BGP peers flap during an NSR, the sessions can end up out of sync
between the master and backup Routing Engines. To recover you can clear the affected
neighbors. PR966206
•
In a highly scaled setup after an NSR, some BGP sessions might be idle on both master
and backup Routing Engines. To recover, clear the affected peer using the CLI. PR967788
Copyright © 2015, Juniper Networks, Inc.
133
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
Services Applications
•
SIP call forwarding might fail when NAT is used between parties even though the SIP
ALG is in use. PR839629
•
Junos OS Release 11.4 introduced the IKEv2 support and a stricter check on IKE/IPsec
SAs proposal parameters. PR843893
•
DNS multiple queries A and AAAA might cause the Service-PIC to restart. PR943425
•
During a rare scenario, switchover on another sp interface can crash a service PIC when
running traffic in hairpinning scenario. PR945114
•
Jl2tpd process experiences high CPU condition if the process is restarted or if GRES is
executed. The jl2tpd process does recover. The length of the high CPU condition is
directly proportional to the number of tunnels on average, it is 1 second per tunnel.
PR955378
Subscriber Access Management
•
LNS-Service accounting updates not sent. PR944807
•
Radius attribute ignore logical-system-routing-instance not ignoring VSA26-1. PR953802
•
Configuration change of the IPv4 address range in address-assignment pool does not
always take effect. PR954793
User Interface and Configuration
•
If a configuration file that contains groups related configuration is loaded by command
"load replace", a "commit confirmed" operation might fail. When this issue occurs, the
new configuration is committed even if you do not confirm it within the specified time
limit. PR925512
VPNs
Related
Documentation
134
•
The issue happens when the virtual routing forwarding (vrf) is configured
"no-vrf-propagate-ttl" and the vrf import policy changes the local preference of the
vrf route. With "no-vrf-propagate-ttl", BGP will resolve the primary l3vpn route and
the vrf secondary route separately. The root cause is overwriting the route parameters
of the second vrf route with the route parameters of the primary route. So changes to
the local preference of the vrf route might not work. PR935574
•
NG MVPN receiver PE does not generate TYPE 4 route after receiving TYPE 3. PR953449
•
With these high amount of streams, we have a higher number of data-mdt-tlvs to
process which is becoming a bottleneck. PR957280
•
Before Release 13.3R2, if no loopback interface inside vrf was configured, then Rosen
V6 might not be able to use default main loopback as source for PE_PE pim
communications., As a result, Rosen v6 neighbor will not be formed toward remote
PEs. PR966825
•
New and Changed Features on page 21
Copyright © 2015, Juniper Networks, Inc.
Documentation Updates
•
Changes in Behavior and Syntax on page 54
•
Known Behavior on page 68
•
Known Issues on page 70
•
Documentation Updates on page 135
•
Migration, Upgrade, and Downgrade Instructions on page 156
•
Product Compatibility on page 165
Documentation Updates
This section lists the errata and changes in Junos OS Release 13.3R6 documentation for
the M Series, MX Series, and T Series.
•
Aggregated Ethernet Interfaces Feature Guide for Routing Devices on page 136
•
Chassis-Level Feature Guide on page 138
•
Class of Service Library for Routing Devices on page 140
•
Dynamic Firewall Feature Guide for Subscriber Services on page 140
•
Ethernet Interfaces Feature Guide on page 140
•
Ethernet Networking Feature Guide for MX Series Routers on page 141
•
Firewall Filters Feature Guide for Routing Devices on page 143
•
Interchassis Redundancy Using Virtual Chassis Feature Guide for MX Series
Routers on page 143
•
Interfaces Feature Guide for Subscriber Management on page 144
•
Junos Address-Aware Carrier-Grade NAT and IPv6 Feature Guide on page 144
•
Junos OS High Availability Feature Guide for Routing Devices on page 145
•
Junos® OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T
Series on page 145
•
Layer 2 Configuration Guide, Bridging, Address Learning, and Forwarding on page 145
•
Layer 2 VPNs Feature Guide for Routing Devices on page 146
•
Network Management Administration Guide for Routing Devices on page 146
•
Services Interfaces Configuration Guide on page 147
•
Standards Reference on page 152
•
Subscriber Management Access Network Guide on page 153
•
Subscriber Management Feature Guide on page 153
•
Subscriber Management Provisioning Guide on page 155
•
System Log Messages Reference on page 155
•
System Services Administration Guide for Routing Devices on page 155
•
VPLS Feature Guide for Routing Devices on page 155
•
VPWS Feature Guide for Routing Devices on page 155
Copyright © 2015, Juniper Networks, Inc.
135
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
Aggregated Ethernet Interfaces Feature Guide for Routing Devices
•
The following enhancements and additions apply to the “Example: Configuring
Multichassis Link Aggregation in an Active- Active Bridging Domain on MX Series
Routers” topic:
•
The Topology Diagram section fails to mention that interface ge-1/0/2 functions as
the ICCP link between the two PE devices, interface ge-1/1/1 is the ICL-PL link, and
interface ge-1/1/4 is the link that connects to the server or the MC- LAG client device.
•
As a best practice, we recommend that you configure the ICCP and ICL interfaces
over aggregated Ethernet interfaces instead of other interfaces such as Gigabit
Ethernet interfaces, depending on your topology requirements and framework.
•
You must disable RSTP on the ICL-PL interfaces for an MC-LAG in an active-active
bridging domain.
•
The Step-by-Step Procedure section for Router PE2 that is illustrated in the example
is missing, although the quick configuration statements are presented.
To configure Router PE2:
1.
Specify the number of aggregated Ethernet interfaces to be created.
[edit chassis]
[email protected]# set aggregated-devices ethernet device-count 5
2. Specify the members to be included within the aggregated Ethernet bundles.
[edit interfaces]
[email protected]# set ge-1/0/5 gigether-options 802.3ad ae1
[email protected]# set ge-1/1/0 gigether-options 802.3ad ae0
3. Configure the interfaces that connect to senders or receivers, the ICL interfaces,
and the ICCP interfaces.
[edit interfaces]
[email protected]# set ge-1/0/3 flexible-vlan-tagging
[email protected]# set ge-1/0/3 encapsulation flexible-ethernet-services
[email protected]# set ge-1/0/3 unit 0 encapsulation vlan-bridge
[email protected]# set ge-1/0/3 unit 0 vlan-id-range 100-110
[email protected]# set ge-1/0/4 flexible-vlan-tagging
[email protected]# set ge-1/0/4 encapsulation flexible-ethernet-services
[email protected]# set ge-1/0/4 unit 0 encapsulation vlan-bridge
[email protected]# set ge-1/0/4 unit 0 vlan-id-range 100-110
[email protected]# set ge-1/0/5 gigether-options 802.3ad ae0
[email protected]# set ge-1/1/0 gigether-options 802.3ad ae1
4. Configure parameters on the aggregated Ethernet bundles.
[edit interfaces ae0]
[email protected]# set flexible-vlan-tagging
[email protected]# set encapsulation flexible-ethernet-services
[email protected]# set unit 0 encapsulation vlan-bridge
[email protected]# set unit 0 vlan-id-range 100-110
[email protected]# set unit 0 multi-chassis-protection 100.100.100.1 interface ge-1/0/4.0
136
Copyright © 2015, Juniper Networks, Inc.
Documentation Updates
[edit interfaces ae1]
[email protected]# set flexible-vlan-tagging
[email protected]# set encapsulation flexible-ethernet-services
[email protected]# set unit 0 encapsulation vlan-bridge
[email protected]# set unit 0 vlan-id-range 100-110
[email protected]# set unit 0 multi-chassis-protection 100.100.100.1 interface ge-1/0/4.0
5. Configure LACP on the aggregated Ethernet bundles.
[edit interfaces ae0 aggregated-ether-options]
[email protected]# set lacp active
[email protected]# set lacp system-priority 100
[email protected]# set lacp system-id 00:00:00:00:00:05
[email protected]# set lacp admin-key 1
[edit interfaces ae1 aggregated-ether-options]
[email protected]# set lacp active
[email protected]# set lacp system-priority 100
[email protected]# set lacp system-id 00:00:00:00:00:05
[email protected]# set lacp admin-key 1
6. Configure the MC-LAG interfaces.
[edit interfaces ae0 aggregated-ether-options]
[email protected]# set mc-ae mc-ae-id 5
[email protected]# set mc-ae redundancy-group 10
[email protected]# set mc-ae chassis-id 1
[email protected]# set mc-ae mode active-active
[email protected]# set mc-ae status-control active
[edit interfaces ae1 aggregated-ether-options]
[email protected]# set mc-ae mc-ae-id 10
[email protected]# set mc-ae redundancy-group 10
[email protected]# set mc-ae chassis-id 1
[email protected]# set mc-ae mode active-active
[email protected]# set mc-ae status-control active
The multichassis aggregated Ethernet identification number (mc-ae-id) specifies
which link aggregation group the aggregated Ethernet interface belongs to. The
ae0 interfaces on Router PE1 and Router PE2 are configured with mc-ae-id 5. The
ae1 interfaces on Router PE1 and Router PE2 are configured with mc-ae-id 10.
The redundancy-group 10 statement is used by ICCP to associate multiple chassis
that perform similar redundancy functions and to establish a communication
channel so that applications on peering chassis can send messages to each other.
The ae0 and ae1 interfaces on Router PE1 and Router PE2 are configured with the
same redundancy group redundancy-group 10.
The chassis-id statement is used by LACP for calculating the port number of the
MC-LAG's physical member links. Router PE2 uses chassid-id 1 to identify both
its ae0 and ae1 interfaces. Router PE2 uses chassis-id 0 to identify both its ae0
and ae1 interfaces.
Copyright © 2015, Juniper Networks, Inc.
137
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
The mode statement indicates whether an MC-LAG is in active-standby mode
or active-active mode. Chassis that are in the same group must be in the same
mode.
7. Configure a domain that includes the set of logical ports.
[edit bridge-domains bd0]
[email protected]# set domain-type bridge
[email protected]# set vlan-id all
[email protected]# set service-id 20
[email protected]# set interface ae0.0
[email protected]# set interface ae1.0
[email protected]# set interface ge-1/0/3.0
[email protected]# set interface ge-1/1/1.0
[email protected]# set interface ge-1/1/4.0
The ports within a bridge domain share the same flooding or broadcast
characteristics in order to perform Layer 2 bridging.
The bridge-level service-id statement is required to link related bridge domains
across peers (in this case Router PE1 and Router PE2), and should be configured
with the same value.
8. Configure ICCP parameters.
[edit protocols iccp]
[email protected]# set local-ip-addr 100.100.100.2
[email protected]# set peer 100.100.100.1 redundancy-group-id-list 10
[email protected]# set peer 100.100.100.1 liveness-detection minimum-interval 1000
9. Configure the service ID at the global level.
[edit switch-options]
[email protected]# set service-id 10
You must configure the same unique network-wide configuration for a service in
the set of PE routers providing the service. This service ID is required if the
multichassis aggregated Ethernet interfaces are part of a bridge domain.
Chassis-Level Feature Guide
•
The following additional information regarding the compatibility of modules for the
interoperation of RPM clients and RPM servers applies to the “Configuring RPM Probes”
section in the “Configuring Real-Time Performance Monitoring” topic:
Keep the following points in mind when you configure RPM clients and RPM servers:
138
•
You cannot configure an RPM client that is PIC-based and an RPM server that is
based on either the Packet Forwarding Engine or Routing Engine to receive the RPM
probes.
•
You cannot configure an RPM client that is Packet Forwarding Engine-based and an
RPM server that receives the RPM probes to be on the PIC or Routing Engine.
•
The RPM client and RPM server must be located on the same type of module. For
example, if the RPM client is PIC-based, the RPM server must also be PIC-based,
Copyright © 2015, Juniper Networks, Inc.
Documentation Updates
and if the RPM server is Packet Forwarding Engine-based, the RPM client must also
be Packet Forwarding Engine-based.
•
The show chassis fabric unreachable-destinations command is incorrectly mentioned
as supported on MX240, MX480, and MX960 routers from Junos OS Release 11.4R2
and Junos OS Release 12.1. The Supported Platforms section of this topic also incorrectly
state MX240, MX480, and MX960 routers as supported routers for this command.
This command is not available on the MX240, MX480, and MX960 routers. Instead,
the correct command is the show chassis fabric destinations command, which you can
use to view the state of fabric destinations for all FPCs.
•
The following additional information regarding the processing of TWAMP traffic applies
to the "Configuring TWAMP Servers" section in the "Configuring TWAMP" topic:
The preceding configuration settings that are described define a TWAMP server on the
router that enables a TWAMP client to connect to the server using any media interface
IP address such as a ge- interface. In such a scenario, the router functions as a TWAMP
server and timestamping is performed in the ukernel of the media-facing FPC.
To configure an inline TWAMP server, which causes timestamping to be performed as
part of the inline services (si-) interface processing, configure the amount of bandwidth
reserved on each Packet Forwarding Engine for tunnel traffic using inline services by
including the bandwidth (1g | 10g) statement at the [edit chassis fpc slot-number pic
number inline-services] hierarchy level and specify the service PIC logical interface that
provides the TWAMP service by including the twamp-server statement at the [edit
interfaces sp-fpc/pic/port unit logical-unit- number family inet] hierarchy level.
•
The description of the check option available with the request chassis routing-engine
master command topic fails to state that this option is supported on MX104 routers
and PTX5000 routers, in addition to the list of device models mentioned in that topic.
Also, this option is incorrectly stated as supported on MX240 routers, whereas this
option is not supported on those routers.
•
The network-services configuration statement topic inadvertently fails to state that
the enhanced network services mode settings, such as the enhanced-ethernet and the
enhanced-ip option, are supported on MS-MPCs on MX Series routers.
•
The "Configuring Redundancy Fabric Mode for Active Control Boards on MX Series
Routers" topic incorrectly states that on MX routers that contain the enhanced SCB
with Trio chips and the MPC3E, redundancy mode is enabled by default. The correct
default behavior is that on MX routers that contain the enhanced SCB, regardless of
the type of DPC or MPC installed on it, the default mode is the redundancy mode.
Copyright © 2015, Juniper Networks, Inc.
139
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
Class of Service Library for Routing Devices
•
The Applying Scheduler Maps and Shaping Rate to DLCIs and VLANs and Scaling of
Per-VLAN Queuing on Non-Queuing MPCs topics in the CoS Output Queuing and
Scheduling Feature Guide for Routing Devices fails to mention that you can configure
can also configure logical interface scheduling on the 8x10GE ports of an 2x100GE +
8x10GE MPC4E, apart the 2x100GE ports.
Dynamic Firewall Feature Guide for Subscriber Services
•
The enhanced-policer topic fails to include a reference to the “Enhanced Policer
Statistics Overview” topic. The overview topic explains how the enhanced policer
enables you to analyze traffic statistics for debugging purposes.
The enhanced policer statistics are as follows:
•
Offered packet statistics for traffic subjected to policing.
•
OOS packet statistics for packets that are marked out-of-specification by the policer.
Changes to all packets that have out-of-specification actions, such as discard, color
marking, or forwarding-class, are included in this counter.
•
Transmitted packet statistics for traffic that is not discarded by the policer. When
the policer action is discard, the statistics are the same as the in-spec statistics;
when the policer action is non-discard (loss-priority or forwarding-class), the statistics
are included in this counter.
To enable collection of enhanced statistics, include the enhanced-policer statement
at the [edit chassis] hierarchy level. To view these statistics, include the detail option
when you issue the show firewall, show firewall filter filter-name, or show policer
command.
Ethernet Interfaces Feature Guide
•
In the Output Fields section of the show interfaces (10-Gigabit Ethernet), show interfaces
(Gigabit Ethernet), and show interfaces (Fast Ethernet) command topics of the Ethernet
Interfaces Feature Guide, the descriptions of the Bit errors and Errored blocks fields that
are displayed under the PCS Statistics section of the output are ambiguous. The
following are the revised descriptions of these fields:
•
Bit errors—The number of seconds during which at least one bit error rate (BER)
occurred while the PCS receiver is operating in normal mode.
•
Errored blocks—The number of seconds when at least one errored block occurred
while the PCS receiver is operating in normal mode.
•
140
The [edit protocols lacp] hierarchy level topic fails to mention that the ppm centralized
statement is supported at this level for MX Series routers. This statement has been
supported from Junos OS Release 9.4. You can use the ppm statement to switch
between distributed and centralized periodic packet management (PPM). By default,
distributed PPM is active. To enable centralized PPM, include the ppm centralized
statement at the [edit protocols lacp] hierarchy level. You can disable distributed PPM
Copyright © 2015, Juniper Networks, Inc.
Documentation Updates
processing for all packets that use PPM and run all PPM processing on the Routing
Engine by configuring the no-delegate-processing configuration statement at the [edit
routing-options ppm] hierarchy level.
•
The following additional information regarding the working of unnumbered interfaces
applies to the “Example: Configuring an Unnumbered Ethernet Interface section in the
Configuring an Unnumbered Interface” topic:
The sample configuration that is described works correctly on M Series and T Series
routers. For unnumbered interfaces on MX Series routers, you must additionally
configure static routes on an unnumbered Ethernet interface by including the
qualified-next-hop statement at the [edit routing-options static route destination-prefix]
hierarchy level to specify the unnumbered Ethernet interface as the next-hop interface
for a configured static route.
Ethernet Networking Feature Guide for MX Series Routers
•
The following corrections apply to the “Example: Configuring One VPLS Instance for
Several VLANs” topic:
The following sentence is erroneously presented:
If VLANs 1 through 1000 for customer C1 span the same sites, then the vlan-id all and
vlan-id-list-range statements provide a way to switch all of these VLANs with a
minimum configuration effort and fewer switch resources.
The correct description is as follows:
If VLANs 1 through 1000 for customer C1 span the same sites, then the vlan-id all and
vlan-id-list statements provide a way to switch all of these VLANs with a minimum
configuration effort and fewer switch resources.
The following example replaces the existing example that illustrates the use of the
vlan-id all statement:
[edit]
interfaces ge-1/0/0 {
encapsulation flexible-ethernet-services;
flexible-vlan-tagging;
unit 1 {
encapsulation vlan-vpls;
family bridge {
interface-mode trunk;
vlan-id-list 1-1000; # Note the use of the VLAN id list statement.
}
}
unit 11 {
encapsulation vlan-vpls;
family bridge {
interface-mode trunk;
vlan-id-list 1500;
}
}
}
interfaces ge-2/0/0 {
encapsulation flexible-ethernet-services;
Copyright © 2015, Juniper Networks, Inc.
141
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
flexible-vlan-tagging;
unit 1 {
encapsulation vlan-vpls;
family bridge {
interface-mode trunk;
vlan-id-list 1-1000; # Note the use of the VLAN id list statement.
}
}
}
interfaces ge-3/0/0 {
encapsulation flexible-ethernet-services;
flexible-vlan-tagging;
family bridge {
unit 1 {
encapsulation vlan-vpls;
interface-mode trunk;
vlan-id-list 1-1000; # Note the use of the VLAN id list statement.
}
}
}
interfaces ge-6/0/0 {
encapsulation flexible-ethernet-services;
flexible-vlan-tagging;
family bridge {
unit 11 {
encapsulation vlan-vpls;
interface-mode trunk;
vlan-id-list 1500;
}
}
}
routing-instances {
customer-c1-virtual-switch {
instance-type virtual-switch;
interface ge-1/0/0.1;
interface ge-2/0/0.1;
interface ge-3/0/0.1;
bridge-domains {
c1-vlan-v1-to-v1000 {
vlan-id all; # Note the use of the VLAN id all statement
}
}
} # End of customer-c1-v1-to-v1000
customer-c2-virtual-switch {
instance-type virtual-switch;
interface ge-1/0/0.11;
interface ge-6/0/0.11;
bridge-domains {
c1-vlan-v1500 {
vlan-id all; # Note the use of the VLAN id all statement
}
}
} # End of customer-c1-v1500
} # End of routing-instances
142
Copyright © 2015, Juniper Networks, Inc.
Documentation Updates
Note the use of the vlan-id all statement in the virtual-switch instance called
customer-c1-v1-to-v1000.
Firewall Filters Feature Guide for Routing Devices
•
The following additional information regarding the decapsulation of GRE packets as
a terminating action for firewall filters applies to the "Firewall Filter Terminating Actions"
topic:
NOTE: The decapsulate action that you configure at the [edit firewall family
inet filter filter-name term term-name] hierarchy level does not process traffic
with IPv4 and IPv6 options. As a result, traffic with such options is discarded
by the decapsulation of GRE packets functionality.
Interchassis Redundancy Using Virtual Chassis Feature Guide for MX Series
Routers
•
In the Junos OS 13.2 Release Notes for M Series Multiservice Edge Routers, MX Series 3D
Universal Edge Routers, and T Series Core Routers, the Support for MX Series Virtual
Chassis (MX Series routers with MPC3E interfaces) feature description failed to mention
that you can configure a two-member MX Series Virtual Chassis on both MPC3E
modules and MPC4E modules. The correct description for this feature is as follows:
•
Support for MX Series Virtual Chassis on MX Series routers with MPC3E and MPC4E
interfaces—Extends support for configuring a two-member MX Series Virtual Chassis
to MX240, MX480, and MX960 routers with any of the following modules installed:
•
MPC3E (model number MX-MPC3E-3D)
•
32x10GE MPC4E (Model number: MPC4E-3D-32XGE-SFPP)
•
2x100GE + 8x10GE MPC4E (Model number: MPC4E-3D-2CGE-8XGE)
All MX Series Virtual Chassis features are supported on these modules.
In earlier Junos OS releases, MX Series routers did not support MX Series Virtual
Chassis configuration on MPC3E and MPC4E modules.
[See Junos OS High Availability Library for Routing Devices and Junos OS for MX Series
3D Universal Edge Routers.]
•
The following additional information applies to the Virtual Chassis Components Overview
topic in the Interchassis Redundancy Using Virtual Chassis Feature Guide for MX Series
Routers for Junos OS Release 11.2 and later releases.
When you configure chassis properties for MPCs installed in a member router in an
MX Series Virtual Chassis, keep the following points in mind:
•
Statements included at the [edit chassis member member-id fpc slot slot-number]
hierarchy level apply to the MPC (FPC) in the specified slot number only on the
specified member router in the Virtual Chassis.
Copyright © 2015, Juniper Networks, Inc.
143
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
For example, if you issue the set chassis member 0 fpc slot 1 power off statement,
only the MPC installed in slot 1 of member ID 0 in the Virtual Chassis is powered off.
•
Statements included at the [edit chassis fpc slot slot-number] hierarchy level apply
to the MPCs (FPCs) in the specified slot number on each member router in the Virtual
Chassis.
For example, if you issue the set chassis fpc slot 1 power off statement in a
two-member MX Series Virtual Chassis, both the MPC installed in slot 1 of member
ID 0 and the MPC installed in slot 1 of member ID 1 are powered off.
BEST PRACTICE: To ensure that the statement you use to configure MPC
chassis properties in a Virtual Chassis applies to the intended member
router and MPC, we recommend that you always include the member
member-ID option before the fpc keyword, where member-id is 0 or 1 for a
two-member MX Series Virtual Chassis.
Interfaces Feature Guide for Subscriber Management
•
IP Demux Interfaces over Static or Dynamic VLAN Demux Interfaces— The “IP Demux
Interfaces over Static or Dynamic VLAN Demux Interfaces” topic incorrectly states that
both DPCs and MPCs support VLAN demux subscriber interfaces. In fact, only MPCs
support these interfaces.
Junos Address-Aware Carrier-Grade NAT and IPv6 Feature Guide
•
The following note applies to the topic “Configuring Address Pools for Network Address
Port Translation (NAPT) Overview”:
NOTE: When 99 percent of the total available ports in a pool for napt-44
are used, no new flows are allowed on that NAT pool.
•
Several errors were found in the configuration statements included in the “Example:
Configuring Inline Network Address Translation” topic. The topic has been corrected
on the Web and in the Junos Address Aware Carrier Grade NAT and IPv6 Feature Guide
PDF.
•
The address-allocation statement topic fails to state the following additional
information regarding addresses allocation on MS-MICs and MS-MPCs:
Regardless of whether the round-robin method of allocation is addresses is enabled
by using the address-allocation round-robin statement, round-robin allocation is enabled
by default on MS-MICs and MS-MPCs.
•
144
The topic “Configuring Secured Port Block Allocation” contains a note listing
configuration changes that require a reboot of the services PIC. The note has been
updated to include a change to the NAT pool name.
Copyright © 2015, Juniper Networks, Inc.
Documentation Updates
•
The following information regarding the guidelines for configuration of IP addresses
for NAT processing applies to the "Configuring Source and Destination Addresses
Network Address Translation Overview " section of the "Network Address Translation
Rules Overiew" topic:
The addresses that are specified as valid in the inet.0 routing table and not supported
for NAT translation are orlonger match filter types. You cannot specify any regions
within such address prefixes in a NAT pool.
•
The following information regarding the working of APP with NAT rules applies to the
"Network Address Translation Rules Overiew" topic:
For MX Series routers with MS-MICs and MS-MPCs, although the address pooling
paired (APP) functionality is enabled within a NAT rule (by including the address-pooling
statement at the [edit services nat rule rule-name term term-name then translated]
hierarchy level), it is a characteristic of a NAT pool. Such a NAT pool for which APP is
enabled cannot be shared with NAT rules that do not have APP configured.
Junos OS High Availability Feature Guide for Routing Devices
•
In Junos OS Release 13.3, the “Unified ISSU System Requirements” topic in the Junos
OS High Availability Feature Guide for Routing Devices incorrectly states in Table 2:
Unified ISSU Protocol Support that an MX Series Virtual Chassis supports unified ISSU
in Junos OS Release 12.2 and later releases. In fact, an MX Series Virtual Chassis supports
unified ISSU in Junos OS Release 14.1 and later releases.
[See Unified ISSU System Requirements.]
®
Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and
T Series
•
Virtual Chassis support on MX104 routers—In Junos OS Release 13.3, the “Software
®
feature support (MX104)” feature description in the Release Notes: Junos OS Release
13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series incorrectly states
in the Layer 2 Features section that Virtual Chassis is supported on MX104 routers.
Virtual Chassis is not supported on MX104 routers.
Layer 2 Configuration Guide, Bridging, Address Learning, and Forwarding
•
The following information regarding the differences in the default limit on MAC
addresses that can be learned on an access port and a trunk port is inadvertently
omitted from the “Limiting MAC Addresses Learned from an Interface in a Bridge
Domain” topic:
•
For an access port, the default limit on the maximum number of MAC addresses
that can be learned on an access port is 1024. Because an access port can be
configured in only one bridge domain in a network topology, the default limit is 1024
addresses, which is same as the limit for MAC addresses learned on a logical interface
in a bridge domain (configured by including the interface-mac-limit limit statement
at the [edit bridge-domains bridge-domain-name bridge-options interface
interface-name] or [edit bridge-domains bridge-domain-name bridge-options] hierarchy
level.
Copyright © 2015, Juniper Networks, Inc.
145
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
•
•
For a trunk port, the default limit on the maximum number of MAC addresses that
can be learned on a trunk port is 8192. Because a trunk port can be associated with
multiple bride domains, the default limit is the same as the limit for MAC addresses
learned on a logical interface in a virtual switch instance (configured by including
the interface-mac-limit limit statement at the [edit routing-instances
routing-instance-name switch-options interface interface-name] hierarchy level for a
virtual switch instance).
The following additional information applies to the "Configuring VLAN Identifiers for
Bridge Domains and VPLS Routing Instances" topic:
The maximum number of Layer 2 interfaces that you can associate with a bridge domain
or a VPLS instance on MX Series routers is 4000.
Layer 2 VPNs Feature Guide for Routing Devices
•
The descriptions of the pw-label-ttl-1 and router-alert-label options in the
control-channel (Protocols OAM) configuration statement topic are incorrectly and
interchangeably stated. The correct descriptions of these options are as follows:
•
pw-label-ttl-1—For BGP-based pseudowires that send OAM packets with the MPLS
pseudowire label and time-to-live (TTL) set to 1.
•
router-alert-label—For BGP-based pseudowires that send OAM packets with router
alert label.
Network Management Administration Guide for Routing Devices
•
The syntax of the filter-interfaces statement in the “SNMP Configuration Statement”
section is incorrect. The correct syntax is as follows:
filter-interfaces {
all-internal-interfaces;
interfaces interface-names{
interface 1;
interface 2;
}
}
[See filter-interfaces.]
146
Copyright © 2015, Juniper Networks, Inc.
Documentation Updates
Services Interfaces Configuration Guide
•
In the Lines of Sample DTCP Parameter File table in the “Flow-Tap Filter Operation”
topic, the description for the Seq:10 command contained in the DTCP file incorrectly
states that the router looks for a newer sequence number before accepting and
implementing new parameters, and that any configuration attempt with an older
sequence number is rejected by the dynamic flow capture process.
The following guideline correctly describes the processing of the Seq:10 command in
the DTCP file:
The router does not validate the sequence number attribute during any configuration
changes that are performed for a DTCP parameter file sent to the router from the
mediation device. Regardless of whether the sequence number conflicts with a previous
sequence number or is unique, it is disregarded and not considered.
The following additional fields are missing from the Lines of Sample DTCP Parameter
File table:
Command
Description
DELETE DTCP/0.6
This indicates the DTCP version to be used. DTCP/0.6 should be used for all versions of Junos OS up
to and including Junos OS 8.5. DTCP/0.7 should be used for Junos OS 9.0 and later. However, Junos
OS 9.5R2 and later also accept previous versions of DTCP.
If any unsupported parameters are received for a particular DTCP version, the request is rejected.
NOTE: The notification responses from Junos OS contains the same DTCP version that the control
source has communicated to Junos OS. For notifications being sent even before the control source
has contacted Junos OS, the DTCP version 0.7 will be used.
CRITERIA-ID:
criteria-id
This line denotes the ID that DTCP assigns for the mirrored session when you create a DTCP ADD
message. Use this ID in your DELETE messages to disable the intercept for a specific subscriber. To
view the ID, use the DTCP LIST message. The CRITERIA-ID and the Cdest-ID are mutually exclusive in
DELETE messages.
[See Flow-Tap Filter Operation.]
•
The following additional information applies to the sample configuration described in
the “Example: Flow-Tap Configuration” topic of the “Flow Monitoring” chapter.
NOTE: The described example applies only to M Series and T Series routers,
except M160 and TX Matrix routers. For MX Series routers, because the
flow-tap application resides in the Packet Forwarding Engine rather than
a service PIC or Dense Port Concentrator (DPC), the Packet Forwarding
Engine must send the packet to a tunnel logical (vt-) interface to
encapsulate the intercepted packet. In such a scenario, you need to allocate
a tunnel interface and assign it to the dynamic flow capture process for
FlowTapLite to use.
Copyright © 2015, Juniper Networks, Inc.
147
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
•
The following information is missing from the passive-mode-tunneling configuration
statement and the “Example: Configuring Junos VPN Site Secure on MS MIC and
MS-MPC” topic:
Passive module tunneling is not supported on MS-MICs and MS-MPCs.
•
The open-timeout configuration statement topic and the “Configuring Default Timeout
Settings for Services Interfaces” topic incorrectly state that the default value of the
timeout period for TCP session establishment is 30 seconds. The correct default value
is 5 seconds.
•
The Supported Platforms section of theset chassis display message command topic
erroneously states that this command is supported on MX Series routers. This command
is not available on MX Series routers.
•
The following information regarding the restriction on prefix lengths that can be
configured in NAT pools on MS-MPCs and MS-MICs applies to the "Configuring Source
and Destination Addresses Network Address Translation Overview " section of the
"Network Address Translation Rules Overiew" topic:
On MX Series routers with MS-MPCs and MS-MICs, if you configure a NAT address
pool with a prefix length that is equal to or greater than /16, the PIC does not contain
sufficient memory to provision the configured pool. Also, memory utilization problems
might occur if you attempt to configure many pools whose combined total IP addresses
exceed /16. In such circumstances, a system logging message is generated stating that
the NAT pool name is failed to be created and that the service set is not activated. On
MS-MPCs and MS-MICs, you must not configure NAT pools with prefix lengths greater
than /16.
•
The following procedure applies to the “Provisioning Flow-Tap to a Linux Mediation
Device” topic:
The following example shows the syntax to invoke the Perl script from a Linux device
for deleting a previously configured Flow-Tap session:
1.
Invoke the Perl script:
[[email protected] flowtap]# ./dfcclient.pl
2. Use the following line to push the parameter file del_lea1_tcp.flowtap to the router.
In this example, 10.209.75.199 is the IP address of the router, and verint verint123 is
the username and password that has permission to implement flow-tap-operation.
Any firewall that is between the mediation device and the routing device should
allow ssh and port 32001.
[[email protected] flowtap]# ./dfcclient.pl 10.209.75.199 verint verint123 del_lea1_tcp.flowtap
The following settings are contained in the del_lea1_tcp.flowtap DTCP parameter
file. DTCP DELETE can use either Criteria- ID to delete only that criteria or Cdest-ID
to delete everything with cdest-ID that you previously created.
DELETE DTCP/0.7
Csource-ID: dtcp
Cdest-ID: LEA1
Flags: STATIC
148
Copyright © 2015, Juniper Networks, Inc.
Documentation Updates
3. Use the show policer | match flow statement to verify that the flow-tap filter is
removed from the router:
The following sample shows how to disable mirroring for a specific subscriber by using
the CRITERIA-ID.
DELETE DTCP/0.7
Csource-ID: dtcp1
CRITERIA-ID: 2
Flags: STATIC
Seq: 10
Authentication-Info: 7e84ae871b12f2da023b038774115bb8d955f17e
DTCP/0.7 200 OK
SEQ: 10
CRITERIA-COUNT: 1
TIMESTAMP: 2011-02-13 16:00:02.802
AUTHENTICATION-INFO: 2834ff32ec07d84753a046cfb552e072cc27d50b
•
The following additional information regarding the interoperation of sample actions
in firewall filters and traffic sampling applies to the “Minimum Configuration for Traffic
Sampling” section in the “Configuring Traffic Sampling” topic:
The following prerequisites apply to M Series, MX Series, and T Series routers when
you configure traffic sampling on interfaces and in firewall filters:
•
•
If you configure a sample action in a firewall filter for an inet or inet6 family on an
interface without configuring the forwarding-options settings, operational problems
might occur if you also configure port mirroring or flow-tap functionalities. In such a
scenario, all the packets that match the firewall filter are incorrectly sent to the
service PIC.
•
If you include the then sample statement at the [edit firewall family inet filter
filter-name term term-name] hierarchy level to specify a sample action in a firewall
filter for IPv4 packets, you must also include the family inet statement at the [edit
forwarding-options sampling] hierarchy level or the instance instance-name family
inet statement at the [edit forwarding-options sampling] hierarchy level. Similarly,
if you include the then sample statement at the [edit firewall family inet6 filter
filter-name term term-name] hierarchy level to specify a sample action in a firewall
filter for IPv6 packets, you must also include the family inet6 statement at the [edit
forwarding-options sampling] hierarchy level or the instance instance-name family
inet6 statement at the [edit forwarding-options sampling] hierarchy level. Otherwise,
a commit error occurs when you attempt to commit the configuration.
•
Also, if you configure traffic sampling on a logical interface by including the sampling
input or sampling output statements at the [edit interface interface-name unit
logical-unit-number] hierarchy level, you must also include the family inet | inet6
statement at the [edit forwarding-options sampling] hierarchy level, or the instance
instance-name family inet | inet6 statement at the [edit forwarding-options sampling]
hierarchy level.
The “Configuring Port Mirroring” topic erroneously states that the input statement can
be included under the [edit forwarding-options port-mirroring family (inet | inet6) output]
hierarchy level. Only the output statement is available at the [edit forwarding-options
Copyright © 2015, Juniper Networks, Inc.
149
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
port-mirroring family (inet | inet6)] hierarchy level. To configure the input packet
properties for port mirroring, you must include the input statement at the [edit
forwarding-options port-mirroring] hierarchy level.
To configure port mirroring on a logical interface, configure the following statements
at the [edit forwarding-options port-mirroring] hierarchy level:
[edit forwarding-options port-mirroring]
input {
maximum-packet-length bytes
rate rate;
run-length number;
}
family (inet|inet6) {
output {
interface interface-name {
next-hop address;
}
no-filter-check;
}
}
Also, the note incorrectly states that the input statement can also be configured at the
[edit forwarding-options port-mirroring] hierarchy level and that it is only maintained
for backward compatibility. The note also mentions that the configuration of the output
statement is deprecated at the [edit forwarding-options port-mirroring] hierarchy level.
The correct behavior regarding the port-mirroring configuration for the packets to be
mirrored and for the destination at which the packets are to be received is as follows:
NOTE: The input statement is deprecated at the [edit forwarding-options
port-mirroring family (inet | inet6)] hierarchy level and is maintained only
for backward compatibility. You must include the input statement at the
[edit forwarding-options port-mirroring] hierarchy level.
•
In the Output Fields section of the show services ipsec-vpn ipsec security-associations
command topic of the Junos VPN Site Secure Feature Guide, the descriptions of the
Local Identity and Remote Identity fields are not clear and complete. The following are
the revised descriptions of these fields:
•
Local Identity—Protocol, address or prefix, and port number of the local entity of the
IPsec association. The format is id-type-name
(proto-name:port-number,[0..id-data-len] = iddata-presentation). The protocol is
always displayed as any because it is not user-configurable in the IPsec rule. Similarly,
the port number field in the output is always displayed as 0 because it is not
user-configurable in the IPsec rule. The value of the id-data-len parameter can be
one of the following, depending on the address configured in the IPsec rule:
150
•
For an IPv4 address, the length is 4 and the value displayed is 3.
•
For a subnet mask of an IPv4 address, the length is 8 and the value displayed is 7.
•
For a range of IPv4 addresses, the length is 8 and the value displayed is 7.
Copyright © 2015, Juniper Networks, Inc.
Documentation Updates
•
For an IPv6 address prefix, the length is 16 and the value displayed is 15.
•
For a subnet mask of an IPv6 address prefix, the length is 32 and the value displayed
is 31.
•
For a range of IPv6 address prefixes, the length is 32 and the value displayed is 31.
The value of the id-data-presentation field denotes the IPv4 address or IPv6 prefix
details. If the fully qualified domain name (FQDN) is specified instead of the address
for the local peer of the IPsec association, it is displayed instead of the address
details.
•
Remote Identity—Protocol, address or prefix, and port number of the remote entity
of the IPsec association. The format is id-type-name
(proto-name:port-number,[0..id-data-len] = iddata-presentation). The protocol is
always displayed as any because it is not user-configurable in the IPsec rule. Similarly,
the port number field in the output is always displayed as 0 because it is not
user-configurable in the IPsec rule. The value of the id-data-len parameter can be
one of the following, depending on the address configured in the IPsec rule:
•
For an IPv4 address, the length is 4 and the value displayed is 3.
•
For a subnet mask of an IPv4 address, the length is 8 and the value displayed is 7.
•
For a range of IPv4 addresses, the length is 8 and the value displayed is 7.
•
For an IPv6 address prefix, the length is 16 and the value displayed is 15.
•
For a subnet mask of an IPv6 address prefix, the length is 32 and the value displayed
is 31.
•
For a range of IPv6 address prefixes, the length is 32 and the value displayed is 31.
The value of the id-data-presentation field denotes the IPv4 address or IPv6 prefix
details. If the fully qualified domain name (FQDN) is specified instead of the address
for the remote peer of the IPsec association, it is displayed instead of the address
details.
•
•
The “Understanding Aggregated Mulitservices Interfaces” and the “Example:
Configuring an Aggregated Mulitservices Interface (AMS)” topics in the Services
Interface Configuration Guide incorrectly state that when member-failure-options is
not configured, the default behavior is to redistribute the traffic among the available
interfaces. The correct behavior is that when the member-failure-options statement
is not configured, the default behavior is to drop member traffic with a rejoin timeout
of 120 seconds.
The functionality to log the cflowd records in a log file before they are exported to a
cflowd server (by including the local-dump statement at the [edit forwarding-options
sampling instance instance-name family (inet |inet6 |mpls) output flow-server hostname]
hierarchy level) is not supported when you configure inline flow monitoring (by including
Copyright © 2015, Juniper Networks, Inc.
151
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
the inline-jflow statement at the [edit forwarding-options sampling instance
instance-name family inet output] hierarchy level).
•
The following information regarding the interoperation of FTP ALG and address-pooling
paired features is missing from the "ALG Descriptions" topic of the "Application
Properties" chapter:
On MS-MPCs and MS-MICs, for passive FTP to work properly without FTP application
layer gateway (ALG) enabled (by not specifying the application junos-ftp statement
at the [edit services stateful-firewall rule rule-name term term-name from] and the [edit
services nat rule rule-name term term-name from] hierarchy levels), you must enable
the address pooling paired (APP) functionality enabled (by including the
address-pooling statement at the [edit services nat rule rule-name term term-name then
translated] hierarchy level). Such a configuration causes the data and control FTP
sessions to receive the same NAT address.
Standards Reference
•
The “Supported Flow Monitoring and Discard Accounting Standards” topic fails to
mention the following additional information:
On MX Series routers, Junos OS partially supports the following RFCs:
•
152
RFC 5101, Specification of the IP Flow Information Export (IPFIX) Protocol for the
Exchange of IP Traffic Flow Information
Copyright © 2015, Juniper Networks, Inc.
Documentation Updates
•
RFC 5102, Information Model for IP Flow Information Export
Subscriber Management Access Network Guide
•
The LAC Tunnel Selection Overview, Configuring Weighted Load Balancing for LAC Tunnel
Sessions and weighted-load-balancing (L2TP LAC) topics in the Junos OS Broadband
Subscriber Management and Services Library incorrectly describe how weighted load
balancing works on an L2TP LAC. The topics state that the tunnel with the highest
weight (highest session limit) within a preference level is selected until it has reached
its maximum sessions limit, and then the tunnel with the next higher weight is selected,
and so on.
In fact, when weighted load balancing is configured, tunnels are selected randomly
within a preference level, but the distribution of selected tunnels is related to their
weight. The LAC generates a random number within a range equal to the aggregate
total of all session limits for all tunnels in the preference level. Portions of the
range—pools of numbers—are associated with the tunnels according to their weight;
a higher weight results in a larger pool. The random number is more likely to be in a
larger pool, so a tunnel with a higher weight (larger pool) is more likely to be selected
than a tunnel with a lower weight (smaller pool).
For example, consider a level that has only two tunnels, A and B. Tunnel A has a
maximum sessions limit of 1000 and tunnel B has a limit of 2000 sessions, resulting
in an aggregate total of 3000 sessions. The LAC generates a random number in the
range from 0 through 2999. A pool of 1000 numbers, the portion of the range from 0
through 999, is associated with tunnel A. A pool of 2000 numbers, the portion of the
range from 1000 through 2999, is associated with tunnel B. If the generated number
is less than 1000, then tunnel A is selected, even though it has a lower weight than
tunnel B. If the generated number is 1000 or larger, then tunnel B is selected. Because
the pool of possible generated numbers for tunnel B (2000) is twice that for tunnel A
(1000), tunnel B is, on average, selected twice as often as tunnel A.
Subscriber Management Feature Guide
•
In the Junos OS Subscriber Management Feature Guide, the fail-over-within-preference
statement at the [edit services l2tp] hierarchy level is incorrectly spelled. The correct
spelling for this statement is failover-within-preference.
•
The Junos OS Release 13.3 Subscriber Management Feature Guide fails to include the
new [email protected] option for filtering AAA, L2TP, and PPP traces by subscriber. See
the feature description in these Release Notes titled Support for filtering trace results
by subscribers for AAA, L2TP, and PPP for information about using this option.
•
The “Example: HTTP Service Within a Service Set” topic in the Subscriber Management
Feature Guide erroneously describes how to configure captive portal content delivery
rules in service sets.
Copyright © 2015, Juniper Networks, Inc.
153
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
Use the following procedure to configure captive portal content delivery rules in service
sets:
1.
Define one or more rules with the rule rule-name statement at the [edit services
captive-portal-content-delivery] hierarchy level. In each rule you specify one or more
terms to match on an application, destination address, or destination prefix list;
where the match takes place; and actions to be taken when the match occurs,
2. (Optional) Define one or more rule sets by listing the rules to be included in the set
with the rule-set rule-set-name statement at the [edit services
captive-portal-content-delivery] hierarchy level.
3. Configure a captive portal content delivery profile with the profile profile-name
statement at the [edit services captive-portal-content-delivery] hierarchy level.
4. In the profile, specify a list of rules with the cpcd-rules [rule-name] statement or a
list of rule sets with the cpcd-rule-sets [rule-set-name] statement. Both statements
are at the [edit services captive-portal-content-delivery profile profile-name] hierarchy
level.
5. Associate the profile with a service set with the captive-portal-content-delivery-profile
profile-name statement at the [edit services service-set service-set-name] hierarchy
level.
•
The “LAC Tunnel Selection Overview” topic in the Junos OS Subscriber Management
Feature Guide incorrectly describes the current behavior for failover between preference
levels. The topic states that when the tunnels at every preference level have a
destination in the lockout state, the LAC cycles back to the highest preference level
and waits for the lockout time for a destination at that level to expire before attempting
to connect and starting the process over.
In fact, the current behavior in this situation is that from the tunnels present at the
lowest level of preference (highest preference number), the LAC selects the tunnel
that has the destination with the shortest remaining lockout time. The LAC ignores the
lockout and attempts to connect to the destination.
•
The Subscriber Management Scaling Values (XLS) spreadsheet previously reported
that 64,000 PPPoE subscribers are supported per interface for Junos OS Release 12.3
and subsequent releases. In fact, the chassis supports 128,000 PPPoE subscribers
beginning in Junos OS Release 12.3.
You can access the latest version of the Subscriber Management Scaling Values (XLS)
spreadsheet from the Downloads box at Junos OS Subscriber Management and Services
Library.
154
Copyright © 2015, Juniper Networks, Inc.
Documentation Updates
Subscriber Management Provisioning Guide
•
The table in the topic, “AAA Access Messages and Supported RADIUS Attributes and
Juniper Networks VSAs for Junos OS” incorrectly indicates that VSA 26-1
(Virtual-Router) supports CoA Request messages. VSA 26-1 does not support CoA
Request messages.
System Log Messages Reference
•
The formats of the MSVCS_LOG_SESSION_OPEN and MSVCS_LOG_SESSION_CLOSE
system log messages in the "MSVCS System Log Messages" chapter are incorrectly
specified. The following is the correct and complete format of the
MSVCS_LOG_SESSION_OPEN and MSVCS_LOG_SESSION_CLOSE system log
messages:
App: application, source-interface-name fpc/pic/port\address in hexadecimal format
source-address:source-port source-nat-information ->
destination-address:destination-port destination-nat-information (protocol-name)
hh:mm:ss.milliseconds protocol-name (tos tos-bit-value, ttl ttl-value, id id-number,
offset offset-value, flags [ip-flag-type], proto protocol- name (protocol-id), length
number)
System Services Administration Guide for Routing Devices
•
The “Configuring the SSH Protocol Version” topic incorrectly states that both version
1 and version 2 of the SSH protocol are enabled by default. The topic should state that
version 2 of the SSH protocol is enabled by default, and you must explicitly configure
version 1 if you want to enable it.
VPLS Feature Guide for Routing Devices
•
The following information regarding the working of firewall filters and policers with
MAC addresses applies to the "Configuring Firewall Filters and Policers for VPLS "
topic:
The behavior of firewall filters processing with MAC addresses differs between DPCs
and MPCs. On MPCs, interface filters are always applied before MAC learning occurs.
The input forwarding table filter is applied after MAC learning is completed. However,
on DPCs, MAC learning occurs independently of the application of filters. If the CE-facing
interface of the PE where the firewall filter is applied is an MPC, then the MAC entry
times out and is never learned again. However, if the CE-facing interface of the PE
where the firewall filter is applied is an DP, then the MAC entry is not timed out and if
the MAC address entry is manually cleared, it is relearned.
VPWS Feature Guide for Routing Devices
•
In Junos OS Release 13.3, the Layer 2 Circuits Feature Guide for Routing Devices has been
renamed VPWS Feature Guide for Routing Devices. VPWS content has been added to
this guide, and has been removed from the VPLS Feature Guide for Routing Devices.
Copyright © 2015, Juniper Networks, Inc.
155
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
Related
Documentation
•
New and Changed Features on page 21
•
Changes in Behavior and Syntax on page 54
•
Known Behavior on page 68
•
Known Issues on page 70
•
Resolved Issues on page 80
•
Migration, Upgrade, and Downgrade Instructions on page 156
•
Product Compatibility on page 165
Migration, Upgrade, and Downgrade Instructions
This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade
policies for Junos OS for the M Series, MX Series, and T Series. Upgrading or downgrading
Junos OS can take several hours, depending on the size and configuration of the network.
•
Basic Procedure for Upgrading to Release 13.3 on page 156
•
Upgrade and Downgrade Support Policy for Junos OS Releases on page 159
•
Upgrading a Router with Redundant Routing Engines on page 159
•
Upgrading Juniper Network Routers Running Draft-Rosen Multicast VPN to Junos OS
Release 10.1 on page 160
•
Upgrading the Software for a Routing Matrix on page 161
•
Upgrading Using Unified ISSU on page 162
•
Upgrading from Junos OS Release 9.2 or Earlier on a Router Enabled for Both PIM and
NSR on page 163
•
Downgrading from Release 13.3 on page 164
•
Changes Planned for Future Releases on page 164
Basic Procedure for Upgrading to Release 13.3
In order to upgrade to Junos OS 10.0 or later, you must be running Junos OS 9.0S2, 9.1S1,
9.2R4, 9.3R3, 9.4R3, 9.5R1, or later minor versions, or you must specify the no-validate
option on the request system software install command.
When upgrading or downgrading Junos OS, always use the jinstall package. Use other
packages (such as the jbundle package) only when so instructed by a Juniper Networks
support representative. For information about the contents of the jinstall package and
details of the installation process, see the Installation and Upgrade Guide.
NOTE: With Junos OS Release 9.0 and later, the compact flash disk memory
requirement for Junos OS is 1 GB. For M7i and M10i routers with only 256 MB
memory, see the Customer Support Center JTAC Technical Bulletin
PSN-2007-10-001 at
https://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2007-10-001
&actionBtn=Search
156
Copyright © 2015, Juniper Networks, Inc.
Migration, Upgrade, and Downgrade Instructions
NOTE: Before upgrading, back up the file system and the currently active
Junos OS configuration so that you can recover to a known, stable
environment in case the upgrade is unsuccessful. Issue the following
command:
[email protected]> request system snapshot
The installation process rebuilds the file system and completely reinstalls
Junos OS. Configuration information from the previous software installation
is retained, but the contents of log files might be erased. Stored files on the
routing platform, such as configuration templates and shell scripts (the only
exceptions are the juniper.conf and ssh files) might be removed. To preserve
the stored files, copy them to another system before upgrading or
downgrading the routing platform. For more information, see the Junos OS
Administration Library for Routing Devices.
Copyright © 2015, Juniper Networks, Inc.
157
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
The download and installation process for Junos OS Release 13.3 is different from previous
Junos OS releases.
Before upgrading to 64-bit Junos OS, read the instruction on the following pages:
•
To check Routing Engine compatibility, see Supported Routing Engines by Router.
•
To read the upgrade instructions, see Upgrading to 64-bit Junos OS.
1.
Using a Web browser, navigate to the All Junos Platforms software download URL on
the Juniper Networks webpage:
http://www.juniper.net/support/downloads/
2. Select the name of the Junos platform for the software that you want to download.
3. Select the release number (the number of the software version that you want to
download) from the Release drop-down list to the right of the Download Software
page.
4. Select the Software tab.
5. In the Install Package section of the Software tab, select the software package for the
release.
6. Log in to the Juniper Networks authentication system using the username (generally
your e-mail address) and password supplied by Juniper Networks representatives.
7. Review and accept the End User License Agreement.
8. Download the software to a local host.
9. Copy the software to the routing platform or to your internal software distribution
site.
10. Install the new jinstall package on the routing platform.
NOTE: We recommend that you upgrade all software packages out of
band using the console because in-band connections are lost during the
upgrade process.
Customers in the United States and Canada, use the following command:
[email protected]> request system software add validate reboot
source/jinstall-13.3R61-domestic-signed.tgz
All other customers, use the following command:
[email protected]> request system software add validate reboot
source/jinstall-13.3R61-export-signed.tgz
Replace source with one of the following values:
•
/pathname—For a software package that is installed from a local directory on the
router.
•
For software packages that are downloaded and installed from a remote location:
•
158
ftp://hostname/pathname
Copyright © 2015, Juniper Networks, Inc.
Migration, Upgrade, and Downgrade Instructions
•
http://hostname/pathname
•
scp://hostname/pathname (available only for Canada and U.S. version)
The validate option validates the software package against the current configuration
as a prerequisite to adding the software package to ensure that the router reboots
successfully. This is the default behavior when the software package being added is
a different release.
Adding the reboot command reboots the router after the upgrade is validated and
installed. When the reboot is complete, the router displays the login prompt. The
loading process can take 5 to 10 minutes.
Rebooting occurs only if the upgrade is successful.
NOTE: After you install a Junos OS Release 13.3 jinstall package, you cannot
issue the request system software rollback command to return to the previously
installed software. Instead you must issue the request system software add
validate command and specify the jinstall package that corresponds to the
previously installed software.
Upgrade and Downgrade Support Policy for Junos OS Releases
Support for upgrades and downgrades that span more than three Junos OS releases at
a time is not provided, except for releases that are designated as Extended End-of-Life
(EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can
upgrade directly from one EEOL release to the next EEOL release even though EEOL
releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after
the currently installed EEOL release, or to two EEOL releases before or after. For example,
Junos OS Releases 10.0, 10.4, and 11.4 are EEOL releases. You can upgrade from Junos
OS Release 10.0 to Release 10.4 or even from Junos OS Release 10.0 to Release 11.4.
However, you cannot upgrade directly from a non-EEOL release that is more than three
releases ahead or behind. For example, you cannot directly upgrade from Junos OS
Release 10.3 (a non-EEOL release) to Junos OS Release 11.4 or directly downgrade from
Junos OS Release 11.4 to Junos OS Release 10.3.
To upgrade or downgrade from a non-EEOL release to a release more than three releases
before or after, first upgrade to the next EEOL release and then upgrade or downgrade
from that EEOL release to your target release.
For more information on EEOL releases and to review a list of EEOL releases, see
http://www.juniper.net/support/eol/junos.html
Upgrading a Router with Redundant Routing Engines
If the router has two Routing Engines, perform a Junos OS installation on each Routing
Engine separately to avoid disrupting network operation as follows:
Copyright © 2015, Juniper Networks, Inc.
159
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
1.
Disable graceful Routing Engine switchover (GRES) on the master Routing Engine
and save the configuration change to both Routing Engines.
2. Install the new Junos OS release on the backup Routing Engine while keeping the
currently running software version on the master Routing Engine.
3. After making sure that the new software version is running correctly on the backup
Routing Engine, switch over to the backup Routing Engine to activate the new software.
4. Install the new software on the original master Routing Engine that is now active as
the backup Routing Engine.
For the detailed procedure, see the Installation and Upgrade Guide.
Upgrading Juniper Network Routers Running Draft-Rosen Multicast VPN to Junos
OS Release 10.1
In releases prior to Junos OS Release 10.1, the draft-rosen multicast VPN feature
implements the unicast lo0.x address configured within that instance as the source
address used to establish PIM neighbors and create the multicast tunnel. In this mode,
the multicast VPN loopback address is used for reverse path forwarding (RPF) route
resolution to create the reverse path tree (RPT), or multicast tunnel. The multicast VPN
loopback address is also used as the source address in outgoing PIM control messages.
In Junos OS Release 10.1 and later, you can use the router’s main instance loopback
(lo0.0) address (rather than the multicast VPN loopback address) to establish the PIM
state for the multicast VPN. We strongly recommend that you perform the following
procedure when upgrading to Junos OS Release 10.1 if your draft-rosen multicast VPN
network includes both Juniper Network routers and other vendors’ routers functioning
as provider edge (PE) routers. Doing so preserves multicast VPN connectivity throughout
the upgrade process.
Because Junos OS Release 10.1 supports using the router’s main instance loopback (lo0.0)
address, it is no longer necessary for the multicast VPN loopback address to match the
main instance loopback adddress lo0.0 to maintain interoperability.
NOTE: You might want to maintain a multicast VPN instance lo0.x address
to use for protocol peering (such as IBGP sessions), or as a stable router
identifier, or to support the PIM bootstrap server function within the VPN
instance.
Complete the following steps when upgrading routers in your draft-rosen multicast VPN
network to Junos OS Release 10.1 if you want to configure the routers’s main instance
loopback address for draft-rosen multicast VPN:
1.
Upgrade all M7i and M10i routers to Junos OS Release 10.1 before you configure the
loopback address for draft-rosen Multicast VPN.
NOTE: Do not configure the new feature until all the M7i and M10i routers
in the network have been upgraded to Junos OS Release 10.1.
160
Copyright © 2015, Juniper Networks, Inc.
Migration, Upgrade, and Downgrade Instructions
2. After you have upgraded all routers, configure each router’s main instance loopback
address as the source address for multicast interfaces. Include the default-vpn-source
interface-name loopback-interface-name] statement at the [edit protocols pim]
hierarchy level.
3. After you have configured the router’s main loopback address on each PE router,
delete the multicast VPN loopback address (lo0.x) from all routers.
We also recommend that you remove the multicast VPN loopback address from all
PE routers from other vendors. In Junos OS releases prior to 10.1, to ensure
interoperability with other vendors’ routers in a draft-rosen multicast VPN network,
you had to perform additional configuration. Remove that configuration from both
the Juniper Networks routers and the other vendors’ routers. This configuration should
be on Juniper Networks routers and on the other vendors’ routers where you configured
the lo0.mvpn address in each VRF instance as the same address as the main loopback
(lo0.0) address.
This configuration is not required when you upgrade to Junos OS Release 10.1 and use
the main loopback address as the source address for multicast interfaces.
NOTE: To maintain a loopback address for a specific instance, configure
a loopback address value that does not match the main instance address
(lo0.0).
For more information about configuring the draft-rosen Multicast VPN feature, see the
Multicast Protocols Feature Guide for Routing Devices.
Upgrading the Software for a Routing Matrix
A routing matrix can be either a TX Matrix router as the switch-card chassis (SCC) or a
TX Matrix Plus router as the switch-fabric chassis (SFC). By default, when you upgrade
software for a TX Matrix router or a TX Matrix Plus router, the new image is loaded onto
the TX Matrix or TX Matrix Plus router (specified in the Junos OS CLI by using the scc or
sfc option) and distributed to all line-card chassis (LCCs) in the routing matrix (specified
in the Junos OS CLI by using the lcc option). To avoid network disruption during the
upgrade, ensure the following conditions before beginning the upgrade process:
•
A minimum of free disk space and DRAM on each Routing Engine. The software upgrade
will fail on any Routing Engine without the required amount of free disk space and
DRAM. To determine the amount of disk space currently available on all Routing Engines
of the routing matrix, use the CLI show system storage command. To determine the
amount of DRAM currently available on all the Routing Engines in the routing matrix,
use the CLI show chassis routing-engine command.
•
The master Routing Engines of the TX Matrix or TX Matrix Plus router (SCC or SFC)
and all LCCs connected to the SCC or SFC are all re0 or are all re1.
•
The backup Routing Engines of the TX Matrix or TX Matrix Plus router (SCC or SFC)
and all LCCs connected to the SCC or SFC are all re1 or are all re0.
Copyright © 2015, Juniper Networks, Inc.
161
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
•
All master Routing Engines in all routers run the same version of software. This is
necessary for the routing matrix to operate.
•
All master and backup Routing Engines run the same version of software before
beginning the upgrade procedure. Different versions of the Junos OS can have
incompatible message formats especially if you turn on GRES. Because the steps in
the process include changing mastership, running the same version of software is
recommended.
•
For a routing matrix with a TX Matrix router, the same Routing Engine model is used
within a TX Matrix router (SCC) and within a T640 router (LCC) of a routing matrix.
For example, a routing matrix with an SCC using two RE-A-2000s and an LCC using
two RE-1600s is supported. However, an SCC or an LCC with two different Routing
Engine models is not supported. We suggest that all Routing Engines be the same
model throughout all routers in the routing matrix. To determine the Routing Engine
type, use the CLI show chassis hardware | match routing command.
•
For a routing matrix with a TX Matrix Plus router, the SFC contains two model
RE-DUO-C2600-16G Routing Engines, and each LCC contains two model
RE-DUO-C1800-8G or RE-DUO-C1800-16G Routing Engines.
BEST PRACTICE: Make sure that all master Routing Engines are re0 and all
backup Routing Engines are re1 (or vice versa). For the purposes of this
document, the master Routing Engine is re0 and the backup Routing Engine
is re1.
To upgrade the software for a routing matrix, perform the following steps:
1.
Disable graceful Routing Engine switchover (GRES) on the master Routing Engine
(re0) and save the configuration change to both Routing Engines.
2. Install the new Junos OS release on the backup Routing Engine (re1) while keeping
the currently running software version on the master Routing Engine (re0).
3. Load the new Junos OS on the backup Routing Engine. After making sure that the new
software version is running correctly on the backup Routing Engine (re1), switch
mastership back to the original master Routing Engine (re0) to activate the new
software.
4. Install the new software on the new backup Routing Engine (re0).
For the detailed procedure, see the Routing Matrix with a TX Matrix Router Deployment Guide
or the Routing Matrix with a TX Matrix Plus Router Deployment Guide.
Upgrading Using Unified ISSU
Unified in-service software upgrade (ISSU) enables you to upgrade between two different
Junos OS releases with no disruption on the control plane and with minimal disruption
of traffic. Unified in-service software upgrade is only supported by dual Routing Engine
platforms. In addition, graceful Routing Engine switchover (GRES) and nonstop active
routing (NSR) must be enabled. For additional information about using unified in-service
software upgrade, see the High Availability Feature Guide for Routing Devices.
162
Copyright © 2015, Juniper Networks, Inc.
Migration, Upgrade, and Downgrade Instructions
Upgrading from Junos OS Release 9.2 or Earlier on a Router Enabled for Both PIM
and NSR
Junos OS Release 9.3 introduced NSR support for PIM for IPv4 traffic. However, the
following PIM features are not currently supported with NSR. The commit operation fails
if the configuration includes both NSR and one or more of these features:
•
Anycast RP
•
Draft-Rosen multicast VPNs (MVPNs)
•
Local RP
•
Next-generation MVPNs with PIM provider tunnels
•
PIM join load balancing
Junos OS Release 9.3 introduced a new configuration statement that disables NSR for
PIM only, so that you can activate incompatible PIM features and continue to use NSR
for the other protocols on the router: the nonstop-routing disable statement at the [edit
protocols pim] hierarchy level. (Note that this statement disables NSR for all PIM features,
not only incompatible features.)
If neither NSR nor PIM is enabled on the router to be upgraded or if one of the unsupported
PIM features is enabled but NSR is not enabled, no additional steps are necessary and
you can use the standard upgrade procedure described in other sections of these
instructions. If NSR is enabled and no NSR-incompatible PIM features are enabled, use
the standard reboot or ISSU procedures described in the other sections of these
instructions.
Because the nonstop-routing disable statement was not available in Junos OS Release
9.2 and earlier, if both NSR and an incompatible PIM feature are enabled on a router to
be upgraded from Junos OS Release 9.2 or earlier to a later release, you must disable
PIM before the upgrade and reenable it after the router is running the upgraded Junos
OS and you have entered the nonstop-routing disable statement. If your router is running
Junos OS Release 9.3 or later, you can upgrade to a later release without disabling NSR
or PIM–simply use the standard reboot or ISSU procedures described in the other sections
of these instructions.
To disable and reenable PIM:
1.
On the router running Junos OS Release 9.2 or earlier, enter configuration mode and
disable PIM:
[edit]
[email protected]# deactivate protocols pim
[email protected]# commit
2. Upgrade to Junos OS Release 9.3 or later software using the instructions appropriate
for the router type. You can either use the standard procedure with reboot or use ISSU.
3. After the router reboots and is running the upgraded Junos OS, enter configuration
mode, disable PIM NSR with the nonstop-routing disable statement, and then reenable
PIM:
Copyright © 2015, Juniper Networks, Inc.
163
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
[edit]
[email protected]# set protocols pim nonstop-routing disable
[email protected]# activate protocols pim
[email protected]# commit
Downgrading from Release 13.3
To downgrade from Release 13.3 to another supported release, follow the procedure for
upgrading, but replace the 13.3 jinstall package with one that corresponds to the
appropriate release.
NOTE: You cannot downgrade more than three releases. For example, if your
routing platform is running Junos OS Release 11.4, you can downgrade the
software to Release 10.4 directly, but not to Release 10.3 or earlier; as a
workaround, you can first downgrade to Release 10.4 and then downgrade
to Release 10.3.
For more information, see the Installation and Upgrade Guide.
Changes Planned for Future Releases
The following are changes planned for future releases.
Routing Protocols
•
Change in Junos OS support for the BGP Monitoring Protocol (BMP)—In Junos OS
Release 13.3 and later, the currently supported version of BMP, BMP version 1, as defined
in Internet draft draft-ietf-grow-bmp-01, is planned to be replaced with BMP version
3, as defined in Internet draft draft-ietf-grow-bmp-07.txt. Junos OS can support only
one of these versions of BMP in a release. Therefore, Junos OS Release 13.2 and earlier
releases will continue to support BMP version 1, as defined in Internet draft
draft-ietf-grow-bmp-01. Junos OS Release 13.3 and later support only the updated
BMP version 3 defined in Internet draft draft-ietf-grow-bmp-07.txt. This also means
that beginning in Junos OS Release 13.3, BMP version 3 configurations are not backwards
compatible with BMP version 1 configurations from earlier Junos OS releases.
•
Removal of support for provider backbone bridging (MX Series routers) from Release
14.1—Starting with Junos OS Release 14.1, the provider backbone bridging (PBB)
capability is disabled and not supported on MX Series routers. The pbb-options
statement and its substatements at the [edit routing-instances routing-instance-name]
hierarchy level and the pbb-service-options statement and its substatements at the
[edit routing-instances routing-instance-name service-groups service-group-name]
hierarchy level are no longer available for configuring customer and provider routing
instances for PBB. When you upgrade MX Series routers running Junos OS Releases
12.3, 13.2, or 13.3 to Junos OS Release 14.1 and if your deployment contains PBB settings
in configuration files, the configuration files after the upgrade need to be modified to
remove the PBB-specific attributes because PBB is not supported in Release 14.1 and
later.
[See Provider Backbone Bridging Feature Guide for Routing Devices.]
164
Copyright © 2015, Juniper Networks, Inc.
Product Compatibility
Related
Documentation
•
New and Changed Features on page 21
•
Changes in Behavior and Syntax on page 54
•
Known Behavior on page 68
•
Documentation Updates on page 135
•
Product Compatibility on page 165
Product Compatibility
•
Hardware Compatibility on page 165
Hardware Compatibility
To obtain information about the components that are supported on the devices, and
special compatibility guidelines with the release, see the Hardware Guide and the Interface
Module Reference for the product.
To determine the features supported on M Series, MX Series, and T Series devices in this
release, use the Juniper Networks Feature Explorer, a Web-based application that helps
you to explore and compare Junos OS feature information to find the right software
release and hardware platform for your network. Find Feature Explorer at:
http://pathfinder.juniper.net/feature-explorer/
Related
Documentation
•
New and Changed Features on page 21
•
Changes in Behavior and Syntax on page 54
•
Documentation Updates on page 135
•
Migration, Upgrade, and Downgrade Instructions on page 156
Copyright © 2015, Juniper Networks, Inc.
165
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
Junos OS Release Notes for PTX Series Packet Transport Routers
These release notes accompany Junos OS Release 13.3R6 for the PTX Series. They
describe new and changed features, limitations, and known and resolved problems in
the hardware and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation
webpage, located at http://www.juniper.net/techpubs/software/junos/.
•
New and Changed Features on page 166
•
Changes in Behavior and Syntax on page 172
•
Known Issues on page 174
•
Resolved Issues on page 176
•
Documentation Updates on page 185
•
Migration, Upgrade, and Downgrade Instructions on page 185
•
Product Compatibility on page 188
New and Changed Features
This section describes the new features and enhancements to existing features in Junos
OS Release 13.3R6 for the PTX Series.
•
Hardware on page 166
•
Class of Service (CoS) on page 168
•
General Routing on page 168
•
High Availability (HA) and Resiliency on page 168
•
Interfaces and Chassis on page 168
•
Network Management and Monitoring on page 171
•
Routing Protocols on page 171
•
Software Installation and Upgrade on page 172
Hardware
•
PTX3000 Packet Transport Router—The Juniper Networks PTX3000 Packet Transport
Router provides 10-Gigabit Ethernet, 40-Gigabit Ethernet, and 100-Gigabit Ethernet
interfaces for large networks and network applications, such as those supported by
ISPs. The router accommodates up to eight Flexible PIC Concentrators (FPCs), each
of which supports one PIC. The compact design of the PTX3000 router allows up to
four chassis to be installed back-to-back in a single four-post rack. The PTX3000
router can be configured with single-phase AC or DC power supply modules.
[See the PTX3000 Packet Transport Router Hardware Guide.]
•
166
CFP-GEN2-CGE-ER4 and CFP-GEN2-100GBASE-LR4 (PTX5000)—The
CFP-GEN2-CGE-ER4 transceiver (part number: 740-049763) provides a duplex LC
connector and supports the 100GBASE-ER4 optical interface specification and
monitoring. The CFP-GEN2-100GBASE-LR4 transceiver (part number: 740-047682)
Copyright © 2015, Juniper Networks, Inc.
New and Changed Features
provides a duplex LC connector and supports the 100GBASE-LR4 optical interface
specification and monitoring. Starting in Junos OS Release 13.3, the “GEN2” optics have
been redesigned with newer versions of internal components for reduced power
consumption. The following interface module supports the CFP-GEN2-CGE-ER4 and
CFP-GEN2-100GBASE-LR4 transceivers. For more information about interface modules,
see the Interface Module Reference for your router.
•
100-Gigabit Ethernet PIC with CFP (model number:
P1-PTX-2-100GE-CFP)—Supported in Junos OS Release 12.3R5, 13.2R3, 13.3R1, and
later
[See 100-Gigabit Ethernet 100GBASE-R Optical Interface Specifications.]
Copyright © 2015, Juniper Networks, Inc.
167
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
Class of Service (CoS)
•
Support for strict-priority scheduling (PTX Series)—Beginning with Junos OS Release
13.3, interfaces on PTX Series routers support strict-priority scheduling. Configured
queues are processed in strict-priority order. Within the guaranteed region, multiple
CoS queues that compete in the same hardware-based priority level are selected
based on the packet round-robin algorithm, while within the excess region, selection
is based on the WRR algorithm. The queues receive equal share when they send the
same packet size. Otherwise, the queues receive shares proportional to the respective
packet sizes sent. To enable configuration of strict-priority scheduling for a physical
interface on a PTX Series router, include the strict-priority-scheduler statement in the
traffic control profile associated with the interface.
[See Understanding Scheduling on PTX Series Routers.]
General Routing
•
Nonstop active routing support for logical systems (PTX Series)— Starting in Junos
OS Release 13.3, this feature enables nonstop active routing support for logical systems
using the nonstop-routing option under the [edit logical-systems logical-system-name
routing-options] hierarchy. As a result of extending nonstop active routing support for
logical systems, the logical-systems argument has been appended in some show
operational commands to allow display of status, process, and event details.
High Availability (HA) and Resiliency
•
Nonstop active routing support for BGP addpath (PTX Series)—Beginning in Junos
OS Release 13.3, nonstop active routing support for BGP addpath is available on the
PTX Series. Nonstop active routing support is enabled for the BGP addpath feature.
After the nonstop active routing switchover, addpath-enabled BGP sessions do not
bounce. The secondary Routing Engine maintains the addpath advertisement state
before the nonstop active routing switchover.
Interfaces and Chassis
168
•
FPC self-healing (PTX Series)—Starting in Junos OS Release 13.3, PTX Series routers
allow you to configure Packet Forwarding Engine-related error levels (fatal, major, or
minor) and the actions to perform (alarm, disable-pfe, or log) when a specified
threshold is reached. Previously, Packet Forwarding Engine-related errors would disable
the FPC. Using this command Packet Forwarding Engine errors can be isolated thereby
reducing the need for a field replacement. This command is available at the [edit
chassis fpc slot-number] and [edit chassis] hierarchy levels.
•
2-port 100-Gigabit DWDM OTN PIC (PTX3000)—Beginning with Junos OS Release
13.3, the 2-port 100-Gigabit dense wavelength division multiplexing (DWDM) optical
transport network (OTN) PIC is supported by Type 5 FPCs on PTX3000 routers. The
100-Gigabit DWDM OTN PIC supports the following features:
•
Transparent transport of two 100-Gigabit Ethernet signals with OTU4 framing
•
ITU-standard OTN performance monitoring and alarm management
Copyright © 2015, Juniper Networks, Inc.
New and Changed Features
•
Dual polarization quadrature phase shift keying (DP-QPSK) modulation and
soft-decision forward error correction (SD-FEC) for long haul and metro applications
You can use SNMP to manage the PIC based on RFC 3591, Managed Objects for the
Optical Interface Type.
[See 100-Gigabit Ethernet OTN Options Configuration Overview.]
•
Pre-FEC BER fast reroute (PTX3000)—Starting in Junos OS Release 13.3, the 100-Gbps
DWDM OTN PIC (P1-PTX-2-100G-WDM) supports pre-forward error correction
(pre-FEC) bit error rate (BER) monitoring as a condition for MPLS fast reroute (FRR).
Pre-FEC BER FRR uses pre-FEC BER as an indication of the condition of an optical
transport network (OTN) link. When the pre-FEC BER degrade threshold is reached,
the PIC stops forwarding packets to the remote interface and raises an interface alarm.
Ingress packets continue to be processed. When Pre-FEC BER FRR is used with MPLS
FRR or another link protection method, traffic is then rerouted to a different interface.
You can optionally enable backward FRR to inject local pre-FEC status into the
transmitted OTN frames, notifying the remote interface. The remote interface then
reroutes traffic to a different interface. When you use pre-FEC BER FRR and backward
FRR, notification of signal degradation and rerouting of traffic can occur in less time
than through a Layer 3 protocol.
[See 100-Gigabit Ethernet OTN Options Configuration Overview.]
•
Support for configuring interface alias names (PTX Series)—Beginning in Junos OS
Release 13.3, you can configure a textual description of a physical interface or the
logical unit of an interface to be the alias of an interface name. If you configure an
interface alias, this alias name is displayed in the output of the show interfaces
commands instead of the interface name. Also, in the output of all of the show and
operational mode commands that display the interface names, the alias name is
displayed instead of the interface name if you configure the alias name. It has no effect
on the operation of the interface on the router or switch. You can use the alias statement
at the [edit interfaces interface-name], [edit interfaces interface-name unit
logical-unit-number], and [edit logical-systems logical-system-name interfaces
interface-name unit logical-unit-number] hierarchy levels to specify an interface alias.
[See Interface Alias Name Overview]
•
Support for active flow monitoring version 9 (PTX5000 routers with
CSE2000)—Starting with Junos OS Release 13.3, Carrier-Grade Service Engine
(CSE2000) supports active flow monitoring version 9 on PTX5000 routers.
The CSE2000 is tethered to a PTX5000 router to enable active flow monitoring version
9. Active flow monitoring version 9 supports IPV4, MPLS, and IPV6 templates to collect
a set of sampled flows and send the records to a specified host.
•
SFPP-10G-CT50-ZR (PTX Series)—Beginning in Junos OS Release 13.3R3, the
SPFF-10G-CT50-ZR tunable transceiver provides a duplex LC connector and supports
the 10GBASE-Z optical interface specification and monitoring. The transceiver is not
specified as part of the 10-Gigabit Ethernet standard and is instead built according to
Juniper Networks specifications. Only WAN-PHY and LAN-PHY modes are supported.
To configure the wavelength on the transceiver, use the wavelength statement at the
Copyright © 2015, Juniper Networks, Inc.
169
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
[edit interfaces interface-name optics-options] hierarchy level. The following interface
module supports the SPFF-10G-CT50-ZR transceiver:
PTX:
•
10-Gigabit Ethernet LAN/WAN OTN PIC with SFP+ (model number:
P1-PTX-24-10G-W-SFPP)—Supported in Junos OS Release 13.2R3, 13.3R2, and later
For more information about interface modules, see the “Cables and Connectors” section
in the Interface Module Reference for your router.
[See 10-Gigabit Ethernet 10GBASE Optical Interface Specifications and wavelength.]
•
SFPP-10G-ZR-OTN-XT (PTX Series)—Starting with Junos OS Release 13.3R3, the
SFPP-10G-ZR-OTN-XT dual-rate extended temperature transceiver provides a duplex
LC connector and supports the 10GBASE-Z optical interface specification and
monitoring. The transceiver is not specified as part of the 10-Gigabit Ethernet standard
and is instead built according to ITU-T and Juniper Networks specifications. The
following interface modules support the SFPP-10G-ZR-OTN-XT transceiver:
PTX:
•
10-Gigabit Ethernet PIC with SFP+ (model number:
P1-PTX-24-10GE-SFPP)—Supported in Junos OS Release 12.3R5, 13.2R3, 13.3, and
later
•
10-Gigabit Ethernet LAN/WAN OTN PIC with SFP+ (model number:
P1-PTX-24-10G-W-SFPP)—Supported in Junos OS Release 12.3R5, 13.2R3, 13.3, and
later
For more information about interface modules, see the “Cables and Connectors” section
in the Interface Module Reference for your router.
[See 10-Gigabit Ethernet 10GBASE Optical Interface Specifications.]
•
OTN support for PTX Series—Starting in Junos OS Release 13.3, you can configure
OTN mode on 10-Gigabit Ethernet interfaces on PTX Series Packet Transport Routers.
Only the 24-port 10-Gigabit Ethernet LAN/WAN PIC with SFP+ (model number:
P1-PTX-24-10G-W-SFPP) supports OTN mode. The following OTN framing modes
are supported:
•
10-Gigabit Ethernet LAN-PHY over OTU2e/OTU1e
•
10-Gigabit Ethernet WAN-PHY over OTU2
The following forward error correction (FEC) types are supported:
170
•
GFEC (G.709)
•
EFEC (G.975.1 I.4)
•
UFEC (G.975.1 I.7)
•
None
Copyright © 2015, Juniper Networks, Inc.
New and Changed Features
You can monitor various transport features like 24-hour bins and transport states by
using the transport-monitoring statement at the [edit interfaces] hierarchy level.
•
Support for active flow monitoring version 9 (PTX3000 routers with
CSE2000)—Starting with Junos OS Release 13.3R4, Carrier-Grade Service Engine
(CSE2000) supports active flow monitoring version 9 on PTX3000 routers.
The CSE2000 is tethered to a PTX3000 router to enable active flow monitoring version
9. Active flow monitoring version 9 supports IPv4, MPLS, and IPv6 templates to collect
a set of sampled flows and send the records to a specified host.
Network Management and Monitoring
•
Support for BFD over child links of AE or LAG bundle (cross-functional Packet
Forwarding Engine/kernel/rpd) (PTX Series)—Beginning in Junos OS Release 13.3,
BFD over child links of an AE or LAG bundle is supported on the PTX Series. This feature
provides a Layer 3 BFD liveness detection mechanism for child links of the Ethernet
LAG interface. You can enable BFD to run on individual member links of the LAG to
monitor the Layer 3 or Layer 2 forwarding capabilities of individual member links. These
micro BFD sessions are independent of each other despite having a single client that
manages the LAG interface. To enable failure detection for aggregated Ethernet
interfaces, include the bfd-liveness-detection statement at the [edit interfaces aex
aggregated-ether-options bfd-liveness-detection] hierarchy level.
[See Understanding Independent Micro BFD Sessions for LAG.]
Routing Protocols
•
Bidirectional PIM support (PTX5000)—Beginning with Junos OS Release 13.3,
bidirectional PIM is supported on the PTX5000. The following caveats are applicable
for the bidrectional PIM configuration on the PTX 5000:
•
The PTX5000 can be configured both as a bidirectional PIM rendezvous point and
the source node.
•
For the PTX5000, you can configure the auto-rp statement at the [edit protocols
pim rp] or the [edit routing-instances routing-instance-name protocols pim rp] hierarchy
level with the mapping option, but not the announce option.
Copyright © 2015, Juniper Networks, Inc.
171
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
•
The PTX5000 does not support nonstop active routing in Junos OS Release 13.3.
•
The PTX5000 does not support unified in-service software upgrade (ISSU) in Junos
OS Release 13.3.
Software Installation and Upgrade
•
Unified ISSU support for the 100-Gbps DWDM OTN PIC (PTX5000)—Starting in
Junos OS Release 13.3, the 100-Gbps DWDM OTN PIC (P1-PTX-2-100G-WDM) supports
unified in-service software upgrade (ISSU) on PTX5000 routers. Unified ISSU enables
you to upgrade between two different Junos OS releases with no disruption on the
control plane and with minimal disruption of traffic.
[See Unified ISSU System Requirements.]
Related
Documentation
•
Changes in Behavior and Syntax on page 172
•
Known Issues on page 174
•
Resolved Issues on page 176
•
Documentation Updates on page 185
•
Migration, Upgrade, and Downgrade Instructions on page 185
•
Product Compatibility on page 188
Changes in Behavior and Syntax
This section lists the changes in behavior of Junos OS features and changes in the syntax
of Junos OS statements and commands from Junos OS Release 13.3R6 for the PTX
Series.
•
High Availability and Resilency on page 172
•
Interfaces and Chassis on page 172
•
Routing Protocols on page 173
•
User Interface and Configuration on page 173
High Availability and Resilency
•
New redundancy failover CLI statement (PTX Series)—Starting in Junos OS
Release13.3R6, the chassis redundancy failover not-on-disk-underperform statement
prevents gstatd from causing failovers in the case of slow disks on the Routing Engine.
See not-on-disk-underperform and Preventing Graceful Restart in the Case of Slow Disks.
Interfaces and Chassis
•
172
Change to interpolated WRED drop probability (PTX Series)—In Junos OS Releases
13.2R4 and 13.3R2, the interpolated fill level of 0 percent has a drop probability of 0
percent for weighted random early detection (WRED). In earlier Junos OS releases,
interpolated WRED can have a nonzero drop probability for a fill level of 0 percent,
Copyright © 2015, Juniper Networks, Inc.
Changes in Behavior and Syntax
which can cause packets to be dropped even when the queue is not congested or the
port is not oversubscribed.
•
Exporting active flow monitoring version 9 packets from CSE2000 to PTX Series
routers—Starting with Junos OS Release 13.3R4, active flow monitoring version 9
records created by CSE2000 are sent back to PTX Series Routers on the 10-Gigabit
Ethernet interface. The PTX Series routers then forward the version 9 flow records to
the version 9 flow server.
In releases before Junos OS Release 13.3R4, the version 9 records are sent to the version
9 flow server by means of a separate external collector port. PR985729
Routing Protocols
•
Modification to the default BGP extended community value—Junos OS modifies the
default BGP extended community value used for MVPN IPv4 VRF route import
(RT-import) to the IANA-standardized value. The behavior of the mvpn-iana-rt-import
statement is now the default. The mvpn-iana-rt-import statement has been deprecated;
we recommend that you remove it from configurations.
User Interface and Configuration
•
User-defined identifiers using the reserved prefix junos- now correctly cause a commit
error in the CLI (PTX Series)—Junos OS reserves the prefix junos- for the identifiers of
configurations defined within the junos-defaults configuration group. User-defined
identifiers cannot start with the string junos-. If you configured user-defined identifiers
using the reserved prefix through a NETCONF or Junos XML protocol session, the
commit would correctly fail. Prior to Junos OS Release 13.3, if you configured
user-defined identifiers through the CLI using the reserved prefix, the commit would
incorrectly succeed. Junos OS Release 13.3 and later releases exhibit the correct
behavior. Configurations that currently contain the reserved prefix for user-defined
identifiers other than junos-defaults configuration group identifiers now correctly result
in a commit error in the CLI.
•
Change in show version command output (PTX Series)—Beginning in Junos OS
Release 13.3, the show version command output includes the new Junos field that
displays the Junos OS version running on the device. This new field is in addition to the
list of installed sub-packages running on the device that also display the Junos OS
version number of those sub-packages. This field provides a consistent means of
identifying the Junos OS version, rather than extracting that information from the list
of installed sub-packages.
In Junos OS Release 13.2 and earlier, the show version command does not have the
single Junos field in the output that displays the Junos OS version running on the device.
Copyright © 2015, Juniper Networks, Inc.
173
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
The only way to determine the Junos OS version running on the device is to review the
list of installed sub-packages.
Junos OS Release 13.2 and Earlier Releases Without the
Junos Field
Junos OS Release 13.3 and Later Releases With the Junos
Field
[email protected]> show version
Hostname: lab
Model: ptx5000
JUNOS Base OS boot [12.3R2.5]
JUNOS Base OS Software Suite [12.3R2.5]
JUNOS 64–bit Kernel Software Suite [12.3R2.5]
JUNOS Crypto Software Suite [12.3R2.5]
...
[email protected]> show version
Hostname: lab
Model: ptx5000
Junos: 13.3R1.4
JUNOS Base OS boot [13.3R1.4]
JUNOS Base OS Software Suite [13.3R1.4]
JUNOS 64-bit Kernel Software Suite [13.3R1.4]
JUNOS Crypto Software Suite [13.3R1.4]
...
[See show version.]
•
Configuring regular expressions (M Series, MX Series, and T Series)— In all supported
Junos OS releases, regular expressions can no longer be configured if they require more
than 64 MB of memory or more than 256 recursions for parsing.
This change in the behavior of Junos OS is in line with the FreeBSD limit. The change
was made in response to a known consumption vulnerability that allows an attacker
to cause a denial-of-service (resource exhaustion) attack by using regular expressions
containing adjacent repetition operators or adjacent bounded repetitions. Junos OS
uses regular expressions in several places within the CLI. Exploitation of this vulnerability
can cause the Routing Engine to crash, leading to a partial denial of service. Repeated
exploitation can result in an extended partial outage of services provided by the routing
protocol process (rpd).
Related
Documentation
•
New and Changed Features on page 166
•
Known Issues on page 174
•
Resolved Issues on page 176
•
Documentation Updates on page 185
•
Migration, Upgrade, and Downgrade Instructions on page 185
•
Product Compatibility on page 188
Known Issues
This section lists the known issues in hardware and software in Junos OS Release 13.3R6.
The identifier following the description is the tracking number in the Juniper Networks
Problem Report (PR) tracking system.
174
•
Hardware on page 175
•
General Routing on page 175
•
MPLS on page 176
Copyright © 2015, Juniper Networks, Inc.
Known Issues
•
Network Management and Monitoring on page 176
•
Software Installation and Upgrade on page 176
Hardware
•
CCG configuration change does not reprogram hardware automatically. PR896226
General Routing
•
"rnh_get_forwarding_nh: RNH type 1 unexpected" kernel error messages observed.
PR866282
•
Remote End connected to an interface of PTX 4x100GE PIC, might observe interface
flap with active MAC RF, even if the link switching is being done well within the interface
hold-down timer configured at Remote End. PR909635
•
This PR fixes the issue where output ifIndex being exported as 0. Unless there is a
critical business need, we do not plan to backport the fix to releases earlier than 14.1
PR964745
•
The PTX Series router is not supposed to generate pause frames even if it gets
congestion. The behavior is to drop aggressively if it ever runs out of queuing memory.
PR968803
•
When "request system halt" is executed on a PTX Series router, the Routing Engine is
halted, but the PTX Series router does not display Halt message on the CRAFT-Interface
confirming that the system has halted. PR971303
•
Traffic loss might be seen on flapping the CE-PE interface on the PTX platform.
Although on using 13.3R4.6 or higher release no traffic loss will be seen on flapping the
access facing interface. PR1026955
Copyright © 2015, Juniper Networks, Inc.
175
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
MPLS
•
The problem is seen in PTX Series routers where the composite next-hops are not
observed for a given VPN mpls route and hence the show route output command gives
a truncated value which results in script failure. This may be due to default disabled
l3vpn-cnh in case of transit l3vpn router on PTX Series platform. If Resync blob is not
set, RPD will create indirect next-hop for transit route on PE-PE connection network
on PTX Series. If Resync blob is set, RPD will create composite next-hop for transit
route on PE-PE connection network on PTX Series. Using composite next-hop (cnh)
can help scaled network. However, either indirect (inh) or composite next-hops work
properly in control and forwarding planes. PR1007311
Network Management and Monitoring
•
At some instances, the master Routing Engine fail to export some syslog facility
messages to the external syslog server after Routing Engine switchover. PR898030
Software Installation and Upgrade
•
Filesystem corruption might lead to Routing Engine bootup failure. This problem is
observed when directory structure on hard disk (or SSD) is inconsistent. Such a failure
should not result in bootup problem normally, but due to the software bug, the affected
Junos OS releases mount /var filesystem incorrectly. The affected platform is PTX.
PR905214
Related
Documentation
•
New and Changed Features on page 166
•
Changes in Behavior and Syntax on page 172
•
Resolved Issues on page 176
•
Documentation Updates on page 185
•
Migration, Upgrade, and Downgrade Instructions on page 185
•
Product Compatibility on page 188
Resolved Issues
This section lists the issues fixed in the Junos OS main release and the maintenance
releases. The identifier following the description is the tracking number in the Juniper
Networks Problem Report (PR) tracking system.
176
•
Resolved Issues: Release 13.3R6 on page 177
•
Resolved Issues: Release 13.3R5 on page 178
•
Resolved Issues: Release 13.3R4 on page 179
•
Resolved Issues: Release 13.3R3 on page 180
•
Resolved Issues: Release 13.3R2 on page 181
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
Resolved Issues: Release 13.3R6
General Routing
•
On PTX Series routers with MPLS environment (30k transit LSP), large number of
MPLS interfaces (in this case, 200 interfaces) are configured with 0 or 1 MPLS labels.
When these interfaces flap, the FPC kernel memory usage might leak. PR995893
•
The problem is seen in PTX Series routers where the composite nexthops are not
observed, for a given VPN mpls route and hence the show route output command gives
a truncated value which results in script failure. This may be due to default disabled
l3vpn-cnh in case of transit l3vpn router on PTX Series platform. If Resync blob is not
set, RPD will create indirect nexthop for transit route on PE-PE connection network on
PTX. If Resync blob is set, RPD will create composite nexthop for transit route on PE-PE
connection network on PTX Series. Using composite nexthop (cnh) can help scaled
network. However, either indirect (inh) or composite nexthops work properly in control
and forwarding planes. PR1007311
•
On PTX5000, the packet drop is observed along with the parity error read from l3bnd_ht
entry corresponding to certain addresses. With this SRAM parity error, ASIC will
unconditionally drop the packet even PTX does not use l3bnd_ht during lookup. The
parity check for l3bnd_ht lookup for PTX5000 will be disabled to avoid the SRAM parity
error and packet drop as a workaround. We also add new log message to report the
counter value change for slu.hw_err trap count - TL[<num>]: SLU hw error count <xxx>
(prev count <yyy>). PR1012513
•
LACP on AE interfaces currently does not support unified ISSU unsupported on PTX
Series platform. A warning message is presented before performing unified ISSU if
LACP is so configured, then the user can discontinue the unified ISSU process. PR1018233
•
When there is link/node protection/ECMP for RSVP/LDP transit or egress LSPs with
huge scaling and continuous flapping of LSPs like auto-bandwidth case, traffic might
get black-holed upon LSP re-optimizations. The issue would get triggered if the same
unilist list-id (unilist list-id is a unique id for unilist nexthop) is allocated for two different
unilist forwarding topologies. This situation arises when the unilist list-id wraps around
after max value of 65535. After the wraparound, if there is long living list-id (which can
be due to some node/link protected LSP that has not been re-optimized for long time),
the Packet Forwarding Engine assigns the same list-id during allocation (upon other
LSP re-optimizations) and this will trigger the issue as the new unilist will be directed
to incorrect interface. PR1043747
•
On PTX Series platform with one of the following protocols configuration, flapping the
protocols will trigger the Composite Next-hop change operation. In rare condition,
since it is not proper programmed, the FPC might crash. This is a day-1 issue. - LDP MPLS - Point-to-multipoint LSP - RSVP - Static LSPs. PR1045794
•
Fix for this PR was not available at the time of 13.2R7 release time frame. Fix is avaiable
in 13.2R8. 1)Non revertive mode is configured in PTX5000 where external clock is
connected to it. 2)Primary clock is set to gps-0-10mhz 3)Secondary clock is set to
fpc-0 4)Hence master clock will be locked to primary clock 5)When primary clock is
deleted, the master clock locked to secondary clock 6)Since non-revertive mode is
Copyright © 2015, Juniper Networks, Inc.
177
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
configured, when primary clock is added back it should not fall back to primary, it should
stay in secondary. But here it is falling back to Primary clock. PR1052549
•
When the port on 24x 10GE(LWO) SFP+ (which never went link up since the PIC is
onlined) is configured as CLI loopback, the ports will receive framing error during until
the interface gets physically linked up. (i.e. with real fiber instead of CLI loop). There
would be no problem in normal use. This is only seen in self-loopback testing with CLI
loopback. PR1057364
Interfaces and Chassis
•
When changing the speed from 10G to 1G multiple times, the ping will not work due to
the serdes not being in the right state. A restart of the pic could fix this issue. PR988663
MPLS
•
On P2MP MPLS LSP transit router with NSR enabled, when RSVP refresh reduction
feature is enabled and LSP link protection is configured on all interfaces, slight P2MP
traffic loss might be seen after the graceful Routing Engine switchover (GRES) is done.
PR1023393
•
In MPLS traffic engineering with link or node protection enabled, after adding Shared
Risk Link Group (SRLG) configuration, the bypass LSP might ignore the constraint and
use a unexpected path. PR1034636
Platform and Infrastructure
•
In some rare conditions, setting up configuration access privileges using the
"allow-configuration-regexps" or "deny-configuration-regexps” statements will crash
the management daemon (mgd), which serves a central role in the user-interface
component of Junos OS. PR1029384
Routing Protocols
•
After adding Shared Risk Link Group (SRLG) configuration on an interface, the interface
would be deleted from the TED database. If the interface is traversed by LSP optimal
path, in some cases, the re-optimization that occurs selects a sub-optimal path.
PR1035359
•
With any single hop BFD session and MPLS OAM BFD session configured over same
interface, when the interface is disabled and enabled back immediately (e.g. a delay
of 10 sec between the two commit check in), the single hop BFD session might get
stuck into Init-Init state due to Down packet is received from other end for MPLS BFD
session on the same interface might get demultiplexed to single hop BFD session
wrongly. PR1039149
Resolved Issues: Release 13.3R5
General Routing
•
178
When large number of IGMP join packets trying to reach router, some IGMP packets
may get dropped. PR1007057
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
•
PCS statistics counter is now displayed for PTX 100GE interfaces in the following: cli
> monitor interface <intf> PR1030819
Infrastructure
•
SNMP socket sequence error log. PR986613
Interfaces and Chassis
•
Interface statistic information is wrong for IPV6. This is expected behavior because
ipv6 transit stat is not supported yet. PR965360
•
On PTX Series platform, CFP-100G-LR4 and CFP2-100G-LR4 optics report incorrect
"Laser output power" values on all four lanes in cli > show interface diagnostics optics
<intf>. PR1021541
MPLS
•
When a PTX Series router is at the merge-point (MP) of a bypass LSP, if MPLS
explicit-null has been enabled on the router, and the loopback interface has not been
configured under protocol RSVP, the bypass LSP might not work correctly. PR1012221
•
On P2MP MPLS LSP transit router with NSR enabled, when RSVP refresh reduction
feature is enabled and LSP link protection is configured on all interfaces, slight P2MP
traffic loss might be seen after the graceful Routing Engine switchover (GRES) is done.
PR1023393
Layer 2 Features
•
The PTX Series router is not supposed to generate pause frames even if it gets
congestion. The behavior is to drop aggressively if it ever runs out of queuing memory.
run out case. PR968803
Routing Protocols
•
Establish two BFD sessions between two routers, one is single-hop BFD for directly
connected interface and the other is multi-hop MPLS OAM BFD. If configuring the
MPLS OAM on the same interface with single-hop BFD, when bringing down MPLS
OAM from the ingress, it might result in the OAM BFD session deleted on ingress but
it still receiving OAM BFD down packet from egress. Since there is no session matching
this BFD packet, it does a normal look up and brings down the single-hop BFD session
which is on the same interface. PR1021287
Resolved Issues: Release 13.3R4
General Routing
•
On PTX Series routers with AE interface, when the PTX is in ingress node for P2MP
LSP, the double traffic rate might be seen. PR987005
•
When a large number of IGMP join packets try to reach the router, some IGMP packets
might get dropped. PR1007057
Copyright © 2015, Juniper Networks, Inc.
179
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
MPLS
•
On PTX Series platform working as LSP ingress router, the MPLS auto-bandwidth
feature might cause FPC to wedge condition with all interfaces down. PR1005339
Network Management and Monitoring
•
This PR fixes the issue where output ifIndex was being exported as 0. Unless there is
a critical business need, we do not plan to backport the fix to releases earlier than 14.1.
PR964745
Routing Protocols
•
For bidirectional PIM, the show multicast statistics command does not display the input
counters. This is because a bidirectional route associates with multiple incoming
interfaces (iif's). The statistics are collected per mroute, and the packet for bidirectional
groups might come in from any of the iif's. There is no way to impose the incoming
traffic of the route to one of the iif's. PIM-SM, on the other hand, has only one iif per
mroute, and hence the incoming counters are displayed for all PIM-SM routes.
PR865694
Resolved Issues: Release 13.3R3
Authentication and Access Control
•
"delete" or "deactivate" of apply-group defining the entire TACACS or RADIUS
configuration configured under [edit system apply-group <>] does not take affect on
commit. This could lead to TACACS or RADIUS based authentication to still continue
working despite removal (delete/deactivate) of configuration. PR992837
General Routing
•
Kernel crash might happen when a router running a Junos OS install with the fix to PR
937774 is rebooted. This problem will not be observed during the upgrade to this Junos
OS install. It occurs late enough in the shutdown procedure that it shouldn't interfere
with normal operation. PR956691
•
On PTX Series platform, performing Routing Engine switchover might cause flabel
(fabric token) to be out of sync between the master Routing Engine and backup Routing
Engine, which results in FPC crash. PR981202
Interfaces and Chassis
180
•
SFP+-10G-ZR (part number = 740-052562) is not fully supported on
P1-PTX-24-10G-W-SFPP pic. Inserting the optic on P1-PTX-24-10G-W-SFPP pic can
cause FPC core on the pic. PR974783
•
Sometimes cosd generates a corefile when add/delete a child interface on the LAG
bundle. PR961119
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
IPv6
•
On PTX Series platform, when receiving high rate ipv4/ipv6/mpls packets with TTL
equals 1, the ICMP TTL expired messages are sent back to the sender not according
with the ICMP rate limit settings. PR893129
•
PTX Series drops packets containing same source and destination IP due to LAND
attack check. PR934364
MPLS
•
In rare scenarios, the routing protocol process can fail to read the mesh-group
information from the kernel, which might result in the VPLS connections for that
routing-instance to stay in MI (Mesh-Group ID not available) state. The workaround is
to deactivate/activate the routing-instance. PR892593
•
MPLS traceroute does not work with logical router. PR965883
•
When issue "traceroute mpls rsvp lsp-name" from the MPLS LSP ingress node, if there
are PTX Series routers on the LSP path, PTX Series would not list correct downstream
router's IP in the TLV of the response packet. PR966986
Routing Policy and Firewall Filters
•
On PTX Series platform, when a firewall filter has many terms, all the terms might not
work correctly due to incorrect order of terms due to mis-programming. PR973545
VLAN Infrastructure
•
Commits less than 3 minutes apart with per-vlan-queuing configuration should be
avoided, as this might lead to interrupts or undesirable side-effects. PR897601
Resolved Issues: Release 13.3R2
Chassis Cluster
•
When only one end of an AE link sees LACP timeouts or there is intermittent LACP loss
on the AE link, it does not result in AE flap. PR908059
Dynamic Host Configuration Protocol (DHCP)
•
DHCP relay feature doesn't work on PTX3000. PR864601
General Routing
•
On PTX Series Packet Transport Routers, we support only 48k longest prefix match
(LPM) routes. If the limit of 48,000 longest prefix match (LPM) routes is exceeded,
the kernel routing table (KRT) queue can be stuck with the error "Longest Prefix
Match(LPM) route limit is exceeded." PR801271
•
RPD on the backup Routing Engine might crash when it receives a malformed message
from the master. This can occur at high scale with nonstop active routing enabled
when a large flood of updates are being sent to the backup. There is no workaround
Copyright © 2015, Juniper Networks, Inc.
181
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
to avoid the problem, but it is rare and backup RPD will restart and the system will
recover without intervention. PR830057
•
While performing GRES, the following error message appears: Feb 24 21:23:57 striker1
license-check[1555]: LIBJNX_REPLICATE_RCP_ERROR: rcp -T
re0:/config/license_revoked.db /config/license_revoked.db.new : rcp:
/config/license_revoked.db: No such file or directory This error is seen when no license
is revoked on the master Routing Engine. It is safe to ignore as it will not affect any
licensing functionality. PR859151
Interfaces and Chassis
•
Interrupt storm happened when press craft button with "craft-lockout". PR870410
•
On the PTX Series, while deactivating or activating a firewall filter that has tcp-flags
in the match condition on a loopback interface (e.g. lo0.0), memory corruption could
occur when the filter configuration is pushed to the Packet Forwarding Engine, or is
removed from the Packet Forwarding Engine, causing all the FPCs to crash and generate
core files. The following is logged by the FPCs a few seconds prior to the failure:
fpc1 dfw_match_branch_db_destroy:77filter index 1, dfw 0x20bb2a90, match_branch_db
not empty on filter delete
fpc2 dfw_match_branch_db_destroy:77filter index 1, dfw 0x205a6340, match_branch_db
not empty on filter delete
fpc0 dfw_match_branch_db_destroy:77filter index 1, dfw 0x20471c38, match_branch_db
not empty on filter delete
PR874512
•
FPC crash can be triggered by a SBE event after accessing a protected memory region,
as indicated in the following log: "System Exception: Illegal data access to protected
memory!" The DDR memory monitors SBEs and reports the errors as they are
encountered. After the syslog indicates a corrupted address, the scrubbing logic tries
to scrub that location by reading and flushing out 32-byte cache line containing that
location in an attempt to update that memory location with correct data. If that memory
location is read-only, it causes illegal access to protected memory exception as reported
and resets the FPC. The above-mentioned scrubbing logic is not needed because even
if SBE is detected, the data is already corrected by the DDR and CPU has a good copy
of the data to continue its execution path. PR919681
•
100GE interfaces on the PTX Series do not display PCS BIP-8 error counters when
queried from the FPC command show mtip-cgpcs <> errors. PR920439
•
USB install failed with 13.3B1-PS.1. PR931231
Layer 2 Features
•
In some configurations, the MAC address of an AE bundle would fail to be copied to
its child interfaces. This causes the destination MAC address filter check to fail on those
child interfaces, thus preventing ARP resolution and in turn causing the failure in
establishing new egress LSPs.
The workarounds are identified as the following:
•
182
Issuing "commit full" on the router, or
Copyright © 2015, Juniper Networks, Inc.
Resolved Issues
•
Adding AE configuration and child interface configuration as two separate commits:
a. Add AE interface configuration, without adding child interface configuration.
b. Commit.
c. Add the child interface configuration (et interface configurations) for the AE
interface.
d. Commit.
PR901744
MPLS
•
In an RSVP P2MP crossover/pass-through scenario, more than one sub-LSP can use
the same PHOP and NHOP. If link protection is enabled in the above-mentioned
scenario, when a 'primary link up' event is immediately followed by a Path Tear message,
disassociation of the routes/nexthops are sequential in nature. When the
routes/nexthops disassociation is in progress, if a sub-LSP receives a path tear/PSB
delete will lead to this core file. PR739375
•
When a PTX Series router is a penultimate hop of one P2MP LSP branch and acts as
a transit LSR on another branch for the same P2MP LSP, the MPLS packets going out
from the penultimate hop branch might be tagged with an incorrect Ethertype field.
PR867246
•
RPD (routing-protocol process) generates a core file on receipt of an RESV message
with an unexpected next-hop address. To avoid the crash, drop the RESV message
with a different next-hop IP address, and then the LSP will time out due to lack of
refresh by the RESV message and the session is reset. PR887734
•
Changing the preference on an LSP was considered a catastrophic event, tearing down
the current path and then re-establishing a new one. This PR makes the preference
change minor and only needs a new path to be re-signalled in a make-before-break
manner. PR897182
Copyright © 2015, Juniper Networks, Inc.
183
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
Multicast
•
Starting in Junos OS Release 13.2, PTX Series routers accept traffic from remote sources
to enable the remote source to be learned and advertised by MSDP so that receivers
in other MSDP areas can join the source. To configure this feature, use the
accept-remote-source configuration statement at the [edit protocols pim interface
interface-name] hierarchy level.
NOTE: On PTX Series routers requiring tunnel services, the PIM
accept-remote-source configuration statement is not supported.
PR891500
Network Management and Monitoring
•
"Power Supply failure", "Power Supply Removed" or "Fan/Blower Removed" messages
and SNMP trap hourly occur. PR860223
•
Changing the domain-name doesn't reflect in DNS query unless a Commit full is done.
This bug in management daemon (mgd) has been resolved by ensuring mgd propagates
the new domain-name to file /var/etc/resolv.conf, so that this can be used for future
DNS queries. PR918552
Software Installation and Upgrade
•
Both Routing Engines might crash when performing graceful Routing Engine switchover
(GRES) or unified in-service software upgrade (ISSU). The root cause of the panic here
is the addresses used for internal communication are not taken from the new logical
interfaces in such scenarios. PR851086
•
In this case, since the overall package (jinstall) is signed, the underlying component
packages are not required to be signed explicitly. However the infrastructure was written
in such a way to display a warning message if the component package is not signed.
PR932974
Subscriber Management and Services
Related
Documentation
184
•
Processing of a neighbor advertisement can get into an infinite loop in the kernel, given
a special set of events with regard to the Neighbor cache entry state and the incoming
neighbor advertisement. PR756656
•
New and Changed Features on page 166
•
Changes in Behavior and Syntax on page 172
•
Known Issues on page 174
•
Resolved Issues on page 176
•
Documentation Updates on page 185
•
Migration, Upgrade, and Downgrade Instructions on page 185
Copyright © 2015, Juniper Networks, Inc.
Documentation Updates
•
Product Compatibility on page 188
Documentation Updates
This section lists the errata and changes in Junos OS Release 13.3R6 documentation for
the PTX Series.
•
Network Management Administration Guide for Routing Devices on page 185
•
VPWS Feature Guide for Routing Devices on page 185
Network Management Administration Guide for Routing Devices
•
The syntax of the filter-interfaces statement in the “SNMP Configuration Statement”
section is incorrect. The correct syntax is as follows:
filter-interfaces {
all-internal-interfaces;
interfaces interface-names{
interface 1;
interface 2;
}
}
[See filter-interfaces.]
VPWS Feature Guide for Routing Devices
Related
Documentation
•
In Junos OS Release 13.3, the Layer 2 Circuits Feature Guide for Routing Devices has been
renamed VPWS Feature Guide for Routing Devices. VPWS content has been added to
this guide, and has been removed from the VPLS Feature Guide for Routing Devices.
•
New and Changed Features on page 166
•
Changes in Behavior and Syntax on page 172
•
Known Issues on page 174
•
Resolved Issues on page 176
•
Migration, Upgrade, and Downgrade Instructions on page 185
•
Product Compatibility on page 188
Migration, Upgrade, and Downgrade Instructions
This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade
policies for Junos OS for the PTX Series. Upgrading or downgrading Junos OS can take
several hours, depending on the size and configuration of the network.
•
Upgrading Using Unified ISSU on page 186
•
Upgrading a Router with Redundant Routing Engines on page 186
•
Basic Procedure for Upgrading to Release 13.3 on page 186
Copyright © 2015, Juniper Networks, Inc.
185
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
Upgrading Using Unified ISSU
Unified in-service software upgrade (ISSU) enables you to upgrade between two different
Junos OS releases with no disruption on the control plane and with minimal disruption
of traffic. Unified in-service software upgrade is only supported by dual Routing Engine
platforms. In addition, graceful Routing Engine switchover (GRES) and nonstop active
routing (NSR) must be enabled. For additional information about using unified in-service
software upgrade, see the High Availability Feature Guide for Routing Devices.
Upgrading a Router with Redundant Routing Engines
If the router has two Routing Engines, perform a Junos OS installation on each Routing
Engine separately to avoid disrupting network operation as follows:
1.
Disable graceful Routing Engine switchover (GRES) on the master Routing Engine
and save the configuration change to both Routing Engines.
2. Install the new Junos OS release on the backup Routing Engine while keeping the
currently running software version on the master Routing Engine.
3. After making sure that the new software version is running correctly on the backup
Routing Engine, switch over to the backup Routing Engine to activate the new software.
4. Install the new software on the original master Routing Engine that is now active as
the backup Routing Engine.
For the detailed procedure, see the Installation and Upgrade Guide.
Basic Procedure for Upgrading to Release 13.3
When upgrading or downgrading Junos OS, use the jinstall package. For information
about the contents of the jinstall package and details of the installation process, see the
Installation and Upgrade Guide. Use other packages, such as the jbundle package, only
when so instructed by a Juniper Networks support representative.
NOTE: Back up the file system and the currently active Junos OS configuration
before upgrading Junos OS. This allows you to recover to a known, stable
environment if the upgrade is unsuccessful. Issue the following command:
[email protected]> request system snapshot
NOTE: The installation process rebuilds the file system and completely
reinstalls Junos OS. Configuration information from the previous software
installation is retained, but the contents of log files might be erased. Stored
files on the router, such as configuration templates and shell scripts (the only
exceptions are the juniper.conf and ssh files), might be removed. To preserve
the stored files, copy them to another system before upgrading or
downgrading the routing platform. For more information, see the Junos OS
Administration Library for Routing Devices.
186
Copyright © 2015, Juniper Networks, Inc.
Migration, Upgrade, and Downgrade Instructions
NOTE: We recommend that you upgrade all software packages out of band
using the console because in-band connections are lost during the upgrade
process.
The download and installation process for Junos OS Release 13.3 is different from previous
Junos OS releases.
1.
Using a Web browser, navigate to the All Junos Platforms software download URL
on the Juniper Networks webpage:
http://www.juniper.net/support/downloads/
2. Select the name of the Junos OS platform for the software that you want to download.
3. Select the release number (the number of the software version that you want to
download) from the Release drop-down list to the right of the Download Software
page.
4. Select the Software tab.
5. In the Install Package section of the Software tab, select the software package for
the release.
6. Log in to the Juniper Networks authentication system using the username (generally
your e-mail address) and password supplied by Juniper Networks representatives.
7. Review and accept the End User License Agreement.
8. Download the software to a local host.
9. Copy the software to the routing platform or to your internal software distribution
site.
10. Install the new jinstall package on the router.
NOTE: After you install a Junos OS Release 13.3 jinstall package, you
cannot issue the request system software rollback command to return to
the previously installed software. Instead you must issue the request
system software add validate command and specify the jinstall package
that corresponds to the previously installed software.
The validate option validates the software package against the current configuration
as a prerequisite to adding the software package to ensure that the router reboots
successfully. This is the default behavior when the software package being added is
a different release. Adding the reboot command reboots the router after the upgrade
is validated and installed. When the reboot is complete, the router displays the login
prompt. The loading process can take 5 to 10 minutes. Rebooting occurs only if the
upgrade is successful.
Customers in the United States and Canada, use the following command:
[email protected]> request system software add validate reboot
source/jinstall-13.3R61-domestic-signed.tgz
Copyright © 2015, Juniper Networks, Inc.
187
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
All other customers, use the following command:
[email protected]> request system software add validate reboot
source/jinstall-13.3R61-export-signed.tgz
Replace the source with one of the following values:
•
/pathname—For a software package that is installed from a local directory on the
router.
•
For software packages that are downloaded and installed from a remote location:
•
ftp://hostname/pathname
•
http://hostname/pathname
•
scp://hostname/pathname (available only for Canada and U.S. version)
The validate option validates the software package against the current configuration
as a prerequisite to adding the software package to ensure that the router reboots
successfully. This is the default behavior when the software package being added is
a different release.
Adding the reboot command reboots the router after the upgrade is validated and
installed. When the reboot is complete, the router displays the login prompt. The
loading process can take 5 to 10 minutes.
Rebooting occurs only if the upgrade is successful.
NOTE: After you install a Junos OS Release 13.3 jinstall package, you cannot
issue the request system software rollback command to return to the previously
installed software. Instead you must issue the request system software add
validate command and specify the jinstall package that corresponds to the
previously installed software.
Related
Documentation
•
New and Changed Features on page 166
•
Changes in Behavior and Syntax on page 172
•
Known Issues on page 174
•
Resolved Issues on page 176
•
Documentation Updates on page 185
•
Product Compatibility on page 188
Product Compatibility
•
188
Hardware Compatibility on page 189
Copyright © 2015, Juniper Networks, Inc.
Product Compatibility
Hardware Compatibility
To obtain information about the components that are supported on the devices, and
special compatibility guidelines with the release, see the Hardware Guide and the Interface
Module Reference for the product.
To determine the features supported on PTX Series devices in this release, use the Juniper
Networks Feature Explorer, a Web-based application that helps you to explore and
compare Junos OS feature information to find the right software release and hardware
platform for your network. Find Feature Explorer at:
http://pathfinder.juniper.net/feature-explorer/
Related
Documentation
•
New and Changed Features on page 166
•
Changes in Behavior and Syntax on page 172
•
Known Issues on page 174
•
Documentation Updates on page 185
•
Migration, Upgrade, and Downgrade Instructions on page 185
Copyright © 2015, Juniper Networks, Inc.
189
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
Third-Party Components
This product includes third-party components. To obtain a complete list of third-party
components, see Copyright and Trademark Information.
For a list of open source attributes for this Junos OS release, see Open Source: Source
Files and Attributions.
Finding More Information
For the latest, most complete information about known and resolved issues with Junos
OS, see the Juniper Networks Problem Report Search application at:
http://prsearch.juniper.net .
Juniper Networks Feature Explorer is a Web-based application that helps you to explore
and compare Junos OS feature information to find the correct software release and
hardware platform for your network. Find Feature Explorer at:
http://pathfinder.juniper.net/feature-explorer/.
Juniper Networks Content Explorer is a Web-based application that helps you explore
Juniper Networks technical documentation by product, task, and software release, and
download documentation in PDF format. Find Content Explorer at:
http://www.juniper.net/techpubs/content-applications/content-explorer/.
Documentation Feedback
We encourage you to provide feedback, comments, and suggestions so that we can
improve the documentation. You can send your comments to
[email protected], or fill out the documentation feedback form at
https://www.juniper.net/cgi-bin/docbugreport/ . If you are using e-mail, be sure to include
the following information with your comments:
•
Document or topic name
•
URL or page number
•
Software release version (if applicable)
Requesting Technical Support
Technical product support is available through the Juniper Networks Technical Assistance
Center (JTAC). If you are a customer with an active J-Care or JNASC support contract,
or are covered under warranty, and need postsales technical support, you can access
our tools and resources online or open a case with JTAC.
•
190
JTAC policies—For a complete understanding of our JTAC procedures and policies,
review the JTAC User Guide located at
http://www.juniper.net/customers/support/downloads/710059.pdf .
Copyright © 2015, Juniper Networks, Inc.
Requesting Technical Support
•
Product warranties—For product warranty information, visit
http://www.juniper.net/support/warranty/.
•
JTAC Hours of Operation —The JTAC centers have resources available 24 hours a day,
7 days a week, 365 days a year.
Self-Help Online Tools and Resources
For quick and easy problem resolution, Juniper Networks has designed an online
self-service portal called the Customer Support Center (CSC) that provides you with the
following features:
•
Find CSC offerings: http://www.juniper.net/customers/support/
•
Search for known bugs: http://www2.juniper.net/kb/
•
Find product documentation: http://www.juniper.net/techpubs/
•
Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/
•
Download the latest versions of software and review release notes:
http://www.juniper.net/customers/csc/software/
•
Search technical bulletins for relevant hardware and software notifications:
http://kb.juniper.net/InfoCenter/
•
Join and participate in the Juniper Networks Community Forum:
http://www.juniper.net/company/communities/
•
Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/
To verify service entitlement by product serial number, use our Serial Number Entitlement
(SNE) Tool located at https://tools.juniper.net/SerialNumberEntitlementSearch/.
Opening a Case with JTAC
You can open a case with JTAC on the Web or by telephone.
•
Use the Case Management tool in the CSC at http://www.juniper.net/cm/ .
•
Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).
For international or direct-dial options in countries without toll-free numbers, visit us at
http://www.juniper.net/support/requesting-support.html .
If you are reporting a hardware or software problem, issue the following command from
the CLI before contacting support:
[email protected]> request support information | save filename
To provide a core file to Juniper Networks for analysis, compress the file with the gzip
utility, rename the file to include your company name, and copy it to
ftp.juniper.net/pub/incoming. Then send the filename, along with software version
information (the output of the show version command) and the configuration, to
[email protected] For documentation issues, fill out the bug report form located at
https://www.juniper.net/cgi-bin/docbugreport/.
Copyright © 2015, Juniper Networks, Inc.
191
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series
Revision History
16 April 2015—Revision 3, Junos OS Release 13.3R6– EX Series, M Series, MX Series, PTX
Series, and T Series.
9 April 2015—Revision 2, Junos OS Release 13.3R6– EX Series, M Series, MX Series, PTX
Series, and T Series.
2 April 2015—Revision 1, Junos OS Release 13.3R6– EX Series, M Series, MX Series, PTX
Series, and T Series.
15 January 2015—Revision 3, Junos OS Release 13.3R5– EX Series, M Series, MX Series,
PTX Series, and T Series.
8 January 2015—Revision 2, Junos OS Release 13.3R5– EX Series, M Series, MX Series,
PTX Series, and T Series.
29 December 2014—Revision 1, Junos OS Release 13.3R5– EX Series, M Series, MX Series,
PTX Series, and T Series.
7 October 2014—Revision 3, Junos OS Release 13.3R4– EX Series, M Series, MX Series,
PTX Series, and T Series.
30 September 2014—Revision 2, Junos OS Release 13.3R4– EX Series, M Series, MX Series,
PTX Series, and T Series.
23 September 2014—Revision 1, Junos OS Release 13.3R4– EX Series, M Series, MX Series,
PTX Series, and T Series.
28 August 2014—Revision 7, Junos OS Release 13.3R3– EX Series, M Series, MX Series,
PTX Series, and T Series.
21 August 2014—Revision 6, Junos OS Release 13.3R3– EX Series, M Series, MX Series,
PTX Series, and T Series.
14 August 2014—Revision 5, Junos OS Release 13.3R3– EX Series, M Series, MX Series,
PTX Series, and T Series.
12 August 2014—Revision 4, Junos OS Release 13.3R3– EX Series, M Series, MX Series,
PTX Series, and T Series.
5 August 2014—Revision 3, Junos OS Release 13.3R3– EX Series, M Series, MX Series,
PTX Series, and T Series.
29 July 2014—Revision 2, Junos OS Release 13.3R3– EX Series, M Series, MX Series, PTX
Series, and T Series.
22 July 2014—Revision 1, Junos OS Release 13.3R3– EX Series, M Series, MX Series, PTX
Series, and T Series.
26 June 2014—Revision 6, Junos OS Release 13.3R2– EX Series, M Series, MX Series, PTX
Series, and T Series.
192
Copyright © 2015, Juniper Networks, Inc.
Requesting Technical Support
29 May 2014—Revision 5, Junos OS Release 13.3R2– EX Series, M Series, MX Series, PTX
Series, and T Series.
20 May 2014—Revision 4, Junos OS Release 13.3R2– EX Series, M Series, MX Series, PTX
Series, and T Series.
12 May 2014—Revision 3, Junos OS Release 13.3R2– EX Series, M Series, MX Series, PTX
Series, and T Series.
9 May 2014—Revision 2, Junos OS Release 13.3R2– EX Series, M Series, MX Series, PTX
Series, and T Series.
28 April 2014—Revision 1, Junos OS Release 13.3R2– EX Series, M Series, MX Series, PTX
Series, and T Series.
20 March 2014—Revision 5, Junos OS Release 13.3R1– EX Series, M Series, MX Series,
PTX Series, and T Series.
27 February 2014—Revision 4, Junos OS Release 13.3R1– EX Series, M Series, MX Series,
PTX Series, and T Series.
6 February 2014—Revision 3, Junos OS Release 13.3R1– EX Series, M Series, MX Series,
PTX Series, and T Series.
30 January 2014—Revision 2, Junos OS Release 13.3R1– EX Series, M Series, MX Series,
PTX Series, and T Series.
23 January 2014—Revision 1, Junos OS Release 13.3R1– EX Series, M Series, MX Series,
PTX Series, and T Series.
Copyright © 2015, Juniper Networks, Inc. All rights reserved.
Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United
States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other
trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,
transfer, or otherwise revise this publication without notice.
Copyright © 2015, Juniper Networks, Inc.
193
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement