Release Notes - Juniper Networks

®
Junos OS 12.2 Release Notes
Release 12.2R1
02 October 2012
Revision 3
These release notes accompany Release 12.2R1 of the Junos OS. They describe device
documentation and known problems with the software. Junos OS runs on all Juniper
Networks M Series, MX Series, and T Series routing platforms, EX Series Ethernet Switches,
and the ACX Series.
For the latest, most complete information about outstanding and resolved issues with
the Junos OS software, see the Juniper Networks online software defect search application
at http://www.juniper.net/prsearch.
You can also find these release notes on the Juniper Networks Junos OS Documentation
Web page, which is located at https://www.juniper.net/techpubs/software/junos/.
Contents
Junos OS Release Notes for ACX Series Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
New Features in Junos OS Release 12.2 for ACX Series Routers . . . . . . . . . . . . 5
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Class of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Layer 2 and Layer 3 Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
MPLS Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Network Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Power Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Software Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Time Division Multiplexing (TDM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Timing and Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Known Limitations in Junos OS Release 12.2 for ACX Series Routers . . . . . . . 25
Class of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
MPLS Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Copyright © 2012, Juniper Networks, Inc.
1
Junos OS 12.2 Release Notes
Outstanding Issues in Junos OS Release 12.2 for ACX Series Routers . . . . . . . 27
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Junos OS Release Notes for EX Series Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
New Features in Junos OS Release 12.2 for EX Series Switches . . . . . . . . . . . 28
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Access Control and Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Ethernet Switching and Spanning Trees . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
J-Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Management and RMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
MPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Power over Ethernet (PoE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Virtual Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Changes in Default Behavior and Syntax in Junos OS Release 12.2 for EX
Series Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Ethernet Switching and Spanning Trees . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Limitations in Junos OS Release 12.2 for EX Series Switches . . . . . . . . . . . . . . 37
Access Control and Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Ethernet Switching and Spanning Trees . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
J-Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Layer 2 and Layer 3 Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Management and RMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Virtual Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Outstanding Issues in Junos OS Release 12.2 for EX Series Switches . . . . . . . 43
Access Control and Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Converged Networks (LAN and SAN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Ethernet Switching and Spanning Trees . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
J-Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Layer 2 and Layer 3 Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Management and RMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Multicast Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Software Upgrade and Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Virtual Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Resolved Issues in Junos OS Release 12.2 for EX Series Switches . . . . . . . . . 50
Issues Resolved in Release 12.2R1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
2
Copyright © 2012, Juniper Networks, Inc.
Changes to and Errata in Documentation for Junos OS Release 12.2 for EX
Series Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Changes to Junos OS for EX Series Switches Documentation . . . . . . . . 60
Errata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Upgrade and Downgrade Instructions for Junos OS Release 12.2 for EX Series
Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Upgrade and Downgrade Support Policy for Junos OS Releases . . . . . . 62
Upgrading to Junos OS Release 12.1R2 or Later Releases, with Existing
VSTP Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Upgrading from Junos OS Release 10.4R3 or Later . . . . . . . . . . . . . . . . . 62
Upgrading from Junos OS Release 10.4R2 or Earlier . . . . . . . . . . . . . . . . 64
Upgrading EX Series Switches Using NSSU . . . . . . . . . . . . . . . . . . . . . . . 64
Junos OS Release Notes for M Series Multiservice Edge Routers, MX Series 3D
Universal Edge Routers, and T Series Core Routers . . . . . . . . . . . . . . . . . . . . . 67
New Features in Junos OS Release 12.2 for M Series, MX Series, and T Series
Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Class of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Junos OS Installation and Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Junos OS XML API and Scripting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Layer 2 Ethernet Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
MPLS Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Network Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Routing Policy and Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Subscriber Access Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
User Interface and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Changes in Default Behavior and Syntax, and for Future Releases in Junos
OS Release 12.2 for M Series, MX Series, and T Series Routers . . . . . . . . 114
Changes in Default Behavior and Syntax . . . . . . . . . . . . . . . . . . . . . . . . . 114
Issues in Junos OS Release 12.2 for M Series, MX Series, and T Series
Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Current Software Release . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Previous Releases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Errata and Changes in Documentation for Junos OS Release 12.2 for M Series,
MX Series, and T Series Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Errata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Changes to the Junos OS Documentation Set . . . . . . . . . . . . . . . . . . . . . 151
Upgrade and Downgrade Instructions for Junos OS Release 12.2 for M Series,
MX Series, and T Series Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Basic Procedure for Upgrading to Release 12.2 . . . . . . . . . . . . . . . . . . . . 152
Upgrade and Downgrade Support Policy for Junos OS Releases . . . . . . 155
Upgrading a Router with Redundant Routing Engines . . . . . . . . . . . . . . 156
Copyright © 2012, Juniper Networks, Inc.
3
Junos OS 12.2 Release Notes
Upgrading Juniper Network Routers Running Draft-Rosen Multicast
VPN to Junos OS Release 10.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Upgrading the Software for a Routing Matrix . . . . . . . . . . . . . . . . . . . . . 158
Upgrading Using ISSU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Upgrading from Junos OS Release 9.2 or Earlier on a Router Enabled
for Both PIM and NSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Downgrading from Release 12.2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Junos OS Documentation and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Revision History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
4
Copyright © 2012, Juniper Networks, Inc.
Junos OS Release Notes for ACX Series Routers
Junos OS Release Notes for ACX Series Routers
•
New Features in Junos OS Release 12.2 for ACX Series Routers on page 5
•
Known Limitations in Junos OS Release 12.2 for ACX Series Routers on page 25
•
Outstanding Issues in Junos OS Release 12.2 for ACX Series Routers on page 27
New Features in Junos OS Release 12.2 for ACX Series Routers
Powered by Junos OS, ACX Series Universal Access Routers provide superior management
for rapid provisioning to the access network. They are designed to support residential,
mobile, and business access. ACX Series routers include the ACX1000 and the ACX2000
routers.
The following are key features of ACX Series routers:
•
High performance up to 10 Gigabit Ethernet capable
•
Seamless MPLS traffic engineering for optimal paths and per-customer quality of
service in the access layer
•
Built-in Precision Timing Protocol (PTP) and Synchronized Ethernet (SyncE) to
eliminate dropped calls and data retransmissions
•
Environmentally hardened with 65 W Power over Ethernet (PoE+)
The following features have been added to Junos OS Release 12.2 for ACX Series Universal
Access Routers. Following the description is the title of the manual or manuals to consult
for further information:
•
Hardware on page 5
•
Class of Service on page 6
•
Infrastructure on page 7
•
Interfaces and Chassis on page 7
•
Layer 2 and Layer 3 Protocols on page 11
•
MPLS Applications on page 13
•
Network Management on page 16
•
Power Management on page 16
•
Firewall Filters on page 17
•
Software Architecture on page 17
•
Time Division Multiplexing (TDM) on page 18
•
Timing and Synchronization on page 20
Hardware
•
New ACX1000 Universal Access Router—Starting in Release 12.2, Junos OS supports
the ACX1000 router. These routers enable a wide range of business and residential
applications and services, including microwave cell site aggregation, MSO mobile
backhaul service cell site deployment, and service provider or operator cell site
Copyright © 2012, Juniper Networks, Inc.
5
Junos OS 12.2 Release Notes
deployment. The ACX1000 router is a compact access router that is one rack unit (U)
tall. The ACX1000 router contains 8 T1 and E1 ports and 8 Gigabit Ethernet ports. The
ACX1000 router also supports either 4 RJ45 (Cu) ports or installation of 4 Gigabit
Ethernet SFP transceivers.
[See ACX1000 Universal Access Router.]
•
New ACX2000 Universal Access Router—Starting in Release 12.2, Junos OS supports
the ACX2000 router. These routers enables a wide range of business and residential
applications and services, including microwave cell site aggregation, MSO mobile
backhaul service cell site deployment, and service provider or operator cell site
deployment. The ACX2000 router is a compact access router that is one rack unit (U)
tall. The ACX2000 router contains 16 T1 and E1 ports, 6 Gigabit Ethernet ports, and 2
PoE ports. The ACX2000 router also supports installation of two Gigabit Ethernet SFP
transceivers and two 10-Gigabit Ethernet SFP+ transceivers.
[See ACX2000 Universal Access Router.]
Class of Service
•
Existing CoS features supported on the ACX Series Universal Access Routers—Existing
Junos OS class-of-service (CoS) features are supported without changes to statements
or functionality.
The following key CoS features are supported:
•
Physical interface-based classifiers at the [edit class-of-service interfaces
interfaces-name] hierarchy level
•
Fixed classification for all ingress packets traversing a logical interface to a single
forwarding class. Fixed classification is supported on all interfaces types.
•
Experimental (EXP) bits located in each MPLS label and used to encode the CoS
value of a packet as it traverses an LSP. To configure global EXP bits, include the
exp statement at the [edit class-of-service system-defaults classifiers] hierarchy
level.
•
Attachment of the following rewrite rules to the physical interface at the [edit
class-of-service interfaces interface-name rewrite-rules] hierarchy level: IP ToS, DSCP,
and IEEE 802.1p bit value.
•
Rewrite rules for MPLS EXP bits on the logical interface at the [edit class-of-service
interfaces interface-name unit unit-number rewrite-rule] hierarchy level.
NOTE: Fine-grained rewrite is not be possible, even using multifield filters.
Queuing and scheduling features include:
6
•
Support for up to eight forwarding classes.
•
Up to eight egress queues per port.
•
Internal buffer of 2 MB with per-egress queue buffer management.
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for ACX Series Routers
•
Three weighted random early detection (WRED) curves for TCP and one WRED
curve for non-TCP. There are two fill levels and two drop probabilities per WRED
curve; the drop probability corresponding to the first fill must be zero.
•
Strict-priority and weighted deficit round robin scheduling.
•
Multiple strict-priority queues per port.
•
Per-queue committed information rate (CIR) and peak information rate (PIR).
•
Per-physical-port shaping.
Queue statistics features include:
•
Per-egress-queue enqueue statistics in packets, bytes, packets per second (pps),
bits per second (bps).
•
Per-egress-queue transmit statistics in packets, bytes, pps, and bps.
•
Per-egress-queue drop statistics in packets and pps.
Infrastructure
•
Dual-root partitioning—All ACX Series routers support dual-root partitioning. Dual-root
partitioning means that the primary and backup Junos OS images are kept in two
independently bootable root partitions. If the primary root partition becomes corrupted,
the system remains fully functional by booting from the backup Junos OS image located
in the other root partition.
[See Dual-Root Partitioning ACX Series Universal Access Routers Overview.]
Interfaces and Chassis
•
Junos OS support for chassis management of ACX Series Universal Access Routers—
The ACX router chassis are available in the following series:
•
ACX1000
•
ACX2000
The ACX router chassis does not have redundancy support.
The following CLI operational mode commands support chassis management
operations on an ACX Series Universal Access Router:
Show commands:
•
show chassis alarms
•
show chassis craft-interface
•
show chassis environment
•
show chassis feb
•
show chassis firmware
Copyright © 2012, Juniper Networks, Inc.
7
Junos OS 12.2 Release Notes
•
show chassis fpc < pic-status >
•
show chassis hardware < clei-models | detail | extensive | models >
•
show chassis mac-addresses
•
show chassis routing-engine
•
show chassis pic fpc-slot fpc-slot pic-slot pic slot
Request command:
•
request chassis feb restart slot slot-number
Restart command:
•
restart chassis-control < gracefully | immediately | soft >
[See System Basics: Chassis-Level Features Configuration Guide.]
•
Gigabit Ethernet physical interface features (ACX Series Universal Access
Routers)—The following Gigabit Ethernet physical interface features are supported
on ACX Series Universal Access routers:
•
Autonegotiation for Gigabit Ethernet interfaces—Exchange of the following
parameters is supported: speed and duplex mode. Autonegotiation can be enabled
or disabled. When autonegotiation is disabled, the speed has to be explicitly
configured to 10–100 Mbps. To configure autonegotiation, include the
auto-negotiation statement at the [edit interfaces interface-name gigether-options]
hierarchy level. To disable the autonegotiation, include the no-auto-negotiation
statement at the [edit interfaces interface-name gigether-options] hierarchy level.
[See Gigabit Ethernet Autonegotiation Overview and Junos OS Ethernet Interfaces
Configuration Guide.]
•
Event handling of SFP insertion and removal—When you insert a small form-factor
pluggable transceiver (SFP), the port needs to be configured with the correct speed
for that interface (Gigabit Ethernet or 10-Gigabit Ethernet). The following details
apply to SFP insertion and removal:
•
•
8
SFP-based 1-Gigabit Ethernet interfaces support the following standards:
•
1000BASE-SX
•
1000BASE-LX
•
1000BASE-T
•
100BASE-FX (100M)
The 10-Gigabit Ethernet interfaces based on SFP+ support the following standards
in addition to the 1-Gigabit Ethernet interface standards mentioned above.
•
10GBASE-SR
•
10GBASE-LR
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for ACX Series Routers
•
On an SFP+ port, the port speed is not set by autonegotiation. Instead, it is
determined by the speed of the SFP that is inserted or removed. The default speed
of the SFP+ port is 10 Gbps. However, when a Gigabit Ethernet SFP is inserted in
the SFP+ slot, Junos OS changes the speed to 1 Gbps. When the Gigabit Ethernet
SFP is removed, the port speed is automatically reset to the default 10 Gbps.
[See Junos OS Interfaces Fundamentals Configuration Guide.]
•
Explicit disabling of the physical interface—Disable a physical interface by effectively
unconfiguring it. To disable an interface, include the disable statement at the [edit
interfaces interface-name ] hierarchy level.
[See disable (Interface).]
•
Loopback—Local loopback is supported at the gigether-options hierarchy level. Local
loopback allows packets to flow in toward the system. To configure the local
loopback, include the loopback statement at the [edit interfaces interface-name
gigether-options] hierarchy level.
[See loopback (Aggregated Ethernet, Fast Ethernet, and Gigabit Ethernet).]
•
Loss of signal (LOS) alarm—A LOS alarm indicates that a signal could not be
detected at the physical interface level. The LOS is generated by the physical interface
and displays a Link Up or Link Down event. To display LOS and other alarms, issue
the show interfaces interface-name extensive command.
[See show interfaces extensive.]
•
Maximum transmission unit (MTU)—Specify the MTU size for the interface. To
configure the MTU, specify the bytes in the mtu statement at the [edit interfaces
interface-name] hierarchy level.
[See Configuring the Media MTU.]
•
Remote fault notification for 10-Gigabit Ethernet interfaces—Notifies each end of
a connection of the failure at that end. When the failure is identified, the link is brought
down and the LED light is turned off. This feature is not user configured.
[See Detecting Remote Faults.]
•
Statistics collection and handling—Port-level input and output error statistics and
the logical interface level statistics are collected automatically from the Packet
Forwarding Engine. To display statistics, issue the show interfaces interface-name
(brief | extensive) operational mode command.
[See show interfaces statistics.]
NOTE: The ACX Series routers do not support flow control based on PAUSE
frames.
[See Junos OS Ethernet Interfaces Configuration Guide and Junos OS System Basics
Configuration Guide.]
Copyright © 2012, Juniper Networks, Inc.
9
Junos OS 12.2 Release Notes
•
Media type selection (ACX1000 Universal Access routers)—You can select the media
type (copper or fiber for the 1-Gigabit Ethernet interfaces. To specify the media type,
include the new media-type statement with the copper or fiber option at the [edit
interfaces interface-name] hierarchy level.
NOTE: Media type selection is applicable to ports only in slot 2.
[See Junos OS Ethernet Interfaces Configuration Guide.]
•
IEEE 802.1ag OAM CFM and ITU-T Y.1731—The ACX Series routers support the IEEE
802.1ag standard for Operation, Administration, and Management (OAM) connectivity
fault management (CFM) and the ITU-T Y.1731 standard for Ethernet service OAM.
The IEEE 802.1ag standard defines mechanisms for end-to-end Ethernet service
assurance over any path, whether a single link or multiple links spanning networks
composed of multiple LANs.
The ITU-T Y.1731 uses different terminology than IEEE 802.1ag and in addition defines
Ethernet service OAM features for fault monitoring, diagnostics, and performance
monitoring.
The following key CFM and Ethernet service OAM features are supported:
•
Continuity check
•
Loopback messages
•
Traceroute messages
•
Linktrace messages
In addition, the following key ITU-T Y.1731 Ethernet Service OAM features are supported:
•
Performance monitoring
•
Delay measurements
•
Loss measurements
NOTE: Maintenance intermediate points (MIP) are not supported on the
ACX Series routers.
NOTE: The test signal, automatic protection switching, maintenance
communication channel, experimental, and vendor-specific PDUs are not
supported for generation or receipt in Junos OS or on the ACX Series routers.
The proactive and dual-ended loss measurement functionality of ITU-T
Y1731 is not supported.
10
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for ACX Series Routers
[See IEEE 802.1ag OAM Connectivity Fault Management Overview, ITU-T Y.1731 Ethernet
Service OAM, and Ethernet Interfaces.]
•
IEEE 802.3ah OAM link-fault management—The ACX Series routers support the IEEE
802.3ah standard for Operation, Administration, and Management (OAM). The IEEE
802.3ah standard defines a set of link fault management mechanisms to detect and
report link faults on a single point-to-point Ethernet LAN. The following OAM link fault
management features are supported:
•
Discovery
•
Link monitoring
•
Remote fault detection
•
Remote loopback
[See IEEE 802.3ah OAM Link-Fault Management Overview.]
Layer 2 and Layer 3 Protocols
•
IPv4 for unicast forwarding—With this initial release, the ACX Series routers support
basic IPv4 for unicast forwarding. The following key forwarding features are supported:
•
Exception handling—All basic exception handling features are supported, including
but not limited to option packets, TTL expiry, MTU exceeded condition, redirect
condition, and so on. In addition, Internet Control Message Protocol (ICMP) is
supported to respond to various exception conditions.
•
ARP—Address Resolution Protocol (ARP) is supported to the full extent available
in the Junos OS, including but not limited to packet receive and transmit, ARP
resolution trigger, and policing of ARP packets through implicit filters.
•
IP fragmentation—Fragmentation is in software and the number of packets
fragmented is rate limited.
[See TTL Processing on Incoming MPLS Packets and Configuring the Junos OS ARP Learning
and Aging Options for Mapping IPv4 Network Addresses to MAC Addresses.]
•
Layer 2 control packets–The forwarding path supports the following types of Layer 2
control packets (excluding Operation, Administration, and Maintenance (OAM) packets)
in both directions, receiving and forwarding:
•
Ethernet control packets—ARP, ISIS, 1588v2, Ethernet Synchronization Messaging
Channel (ESMC).
[See Configuring the Control Word for Layer 2 Circuits.]
•
Host path—The host path to and from the CPU is supported in the following ways:
•
Host-bound traffic, prioritized into multiple queues, to support various levels of traffic.
•
Hardware-based policing used to limit denial-of-service attacks.
Copyright © 2012, Juniper Networks, Inc.
11
Junos OS 12.2 Release Notes
•
Protocol and flow-based policing.
•
Code point-based classification and prioritization of packets from the host to the
external world.
[See Path Messages.]
•
Keepalives—The ACX Series routers support high resolution timers of up to 10 ms for
driving keepalives for various OAM features, such as Bidirectional Forwarding Detection
(BFD) and connectivity fault management (CFM).
[See Junos OS Interfaces Fundamentals Configuration Guide.]
•
Counters and statistics—Most packet-level and byte-level statistics for various entities
in the forwarding path available in Junos OS are supported. The following counters
and statistics are supported:
•
Ingress and egress packet and byte counters for logical interfaces, Ethernet
pseudowires, and MPLS transit label-switched paths.
•
Discard packets counter for system-wide global Packet Forwarding Engine statistics.
[See Display Traffic from the Point of View of the Packet Forwarding Engine.]
•
Statistics collection and reporting for Gigabit Ethernet interfaces—For Gigabit
Ethernet interfaces, Packet Forwarding Engine statistics are disabled by default. To
enable Gigabit Ethernet interface statistics, you must specifically configure them. To
configure Gigabit Ethernet interface statistics, include the new statistics statement at
the [edit interfaces interface-name unit logical-unit-number] hierarchy level. To display
statistics, issue the show interfaces interface-name (brief | extensive) operational mode
command.
[See Junos OS Ethernet Interfaces Configuration Guide and Fast Ethernet and Gigabit
Ethernet Counters]
•
Scaling and performance—The following scaling and performance features are
supported for interfaces and routes on the ACX Series routers:
•
Interfaces—Any logical interface enabled with IPv4 or MPLS is considered a Layer 3
interface. The maximum number of Layer 3 interfaces is 1000.
Dual-tagged interfaces—The Tag Protocol Identifier (TPID) for dual-tagged interfaces
must meet the following conditions:
•
12
•
One inner TPID can be specified or used in the system.
•
The standard value of 0x8100 is allowed for the inner TPID.
•
A maximum of four outer standard TPID values, that is, 0x8100, 0x9100, 0x9200,
0x88a8.
Route parameters—On the ACX Series routers, all routes use a single, fully qualified
match table and a single longest prefix match (LPM) route table. The following
numbers assume an exclusive use of these tables for a particular type of route. If
there is a mix, the numbers can change. The maximum number of supported routes
is the following:
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for ACX Series Routers
•
For IPv4, 8,000 fully qualified match table and 12,000 LPM table.
•
For MPLS, 3,000 label lookup entries, 2,000 maximum transit unidirectional LSPs,
and 1,000 maximum Ethernet psuedowires. Only one MPLS lookup table is
supported.
NOTE: Multicast is not supported on the ACX Series routers.
NOTE: With Junos OS, you can partition a single router into multiple
logical devices that perform independent routing tasks. The ACX Series
routers do not support this feature. Only one logical system is supported,
the default logical system. The [edit logical-systems] hierarchy level is
not supported.
•
Next-hop parameters—The ACX Series router supports a maximum of 7,000 unicast
next-hop entries. This number is shared between IPv4, MPLS, and Ethernet
pseudowires. The actual number is a little less than 7,000 because a few of the
next-hop entries are allocated and used internally. An additional 1,000 of separate
unicast entries are allowed for TDM and ATM pseudowires.
•
Address Resolution Protocol (ARP) parameters—The maximum number of ARP
entries is 7,000.
[See Junos OS Interfaces Fundamentals Configuration Guide.]
•
BFD and VCCV—Bidirectional Forwarding Detection (BFD) support for virtual circuit
connection verification (VCCV) allows you to configure a control channel for a
pseudowire, in addition to the corresponding operations and management functions
to be used over that control channel. BFD provides a low resource mechanism for the
continuous monitoring of the pseudowire data path and for detecting data plane
failures.
[See Configuring BFD for VCCV for Layer 2 VPNs, Layer 2 Circuits, and VPLS
MPLS Applications
•
Label-switching router (LSR)—With MPLS enabled, the ACX Series router can act as
an LSR. An LSR processes label-switched packets and forwards packets based on
their labels.
[See Junos OS MPLS Applications Configuration Guide and MPLS Overview for ACX Series
Universal Access Routers.]
•
Label edge router (LER)—The ACX Series router processes IPv4 traffic and pseudowire
traffic over the MPLS network. The traffic is processed in both ingress and egress
directions. Configuring MPLS on the LER is the same as configuring an LSR.
[See Junos OS MPLS Applications Configuration Guide and MPLS Overview for ACX Series
Universal Access Routers.]
Copyright © 2012, Juniper Networks, Inc.
13
Junos OS 12.2 Release Notes
•
Pseudowire transport service—A pseudowire carries Layer 1 and Layer 2 information
over an IP/MPLS network infrastructure. Ethernet, ATM, and TDM pseudowires are
supported. Only similar endpoints are supported on the ACX Series routers. For example,
T1 to T1, ATM to ATM, and Ethernet to Ethernet.
[See Pseudowire Overview for ACX Series Universal Access Routers.]
•
Pseudowire redundancy—A redundant pseudowire acts as a backup connection
between PE routers and CE devices, maintaining Layer 2 circuits and services after
certain types of failures. Pseudowire redundancy improves the reliability of certain
types of networks (metro, for example) where a single point of failure could interrupt
service for multiple customers. The following pseudowire redundancy features are
supported:
•
Pseudowire standby—A standby pseudowire can act as a backup connection
between PE routers and CE devices, maintaining Layer 2 circuit and VPLS services
after certain types of failures. To configure pseudowire standby, include the
backup-neighbor statement at the [edit protocols l2circuit neighbor address interface
interface-name] hierarchy level.
•
Protect interface—A backup for the protected interface in case of failure. Network
traffic uses the primary interface only so long as the primary interface functions. If
the primary interface fails, traffic is switched to the protect interface. To configure
the protect interface, specify the protect-interface statement at the [edit protocols
l2circuit local-switching interface interface-name] hierarchy level.
•
Hot and cold standby—Hot standby enables swift cutover to the backup or standby
pseudowire. Cold standby is the inclusion of the backup-neighbor statement and the
absence of the standby statement in the configuration. By default, a pseudowire is
not backed up. The following hot standby configurations are supported:
•
Pseudowire hot standby—A pseudowire configured with a backup neighbor is
considered a standby pseudowire. When you configure that pseudowire with the
standby statement at the [edit protocols l2circuit neighbor address interface
interface-name backup-neighbor] hierarchy level, it is considered on hot standby.
A pseudowire configured with only the backup-neighbor statement is considered
on cold standby.
When you configure the standby statement on a backed-up pseudowire, traffic
flows over both the active and standby pseudowires to the CE device. The CE
device drops the traffic from the standby pseudowire, unless the active pseudowire
fails. If the active pseudowire fails, the CE device automatically switches to the
standby pseudowire.
•
•
14
Label-switched path (LSP) hot standby for secondary paths—For an LSP, the
hot standby state is meaningful only on secondary LSP paths. Maintaining a path
in a hot-standby state enables swift cut over to the secondary path when
downstream routers on the current active path indicate connectivity problems.
To configure hot standby for an LSP, include the standby statement at the [edit
protocols mpls label-switched-path lsp-name secondary] hierarchy level.
Ethernet connectivity fault management (CFM)—The following major features of
CFM for Ethernet pseudowires only are supported:
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for ACX Series Routers
•
Connection protection—Fault monitoring using the continuity check protocol. This
is a neighbor discovery and health check protocol that discovers and maintains
adjacencies at the VLAN or link level.
•
Path protection—Path discovery and fault verification using the linktrace protocol.
Similar to IP traceroute, this protocol maps the path taken to a destination MAC
address through one or more bridged networks between the source and destination.
[See Redundant Pseudowires for Layer 2 Circuits and VPLS, Configuring the Protect
Interface, Junos OS Layer 2 Configuration Guide, and Junos OS MPLS Applications
Configuration Guide.]
•
Control word—The control word is 4 bytes long and is inserted between the Layer 2
protocol data unit (PDU) being transported and the virtual connection label. To
configure the control word, include the (control-word | no-control-word) statement at
the [edit protocols l2circuit neighbor address interface interface-name] hierarchy level.
[See Configuring the Control Word for Layer 2 Circuits.]
•
Uniform and pipe mode—In an MPLS network, uniform mode is the default. Uniform
mode makes all the nodes that a label-switched path (LSP) traverses visible to nodes
outside the LSP tunnel. In contrast, pipe mode acts like a circuit and must be enabled.
In pipe mode, when MPLS packets traverse the network, only the LSP ingress and
egress points are visible to nodes that are outside the LSP tunnel. To configure pipe
mode, include the no-propagate-ttl statement at the [edit protocols mpls] hierarchy
level on each router that is in the path of the LSP. The global no-propagate-ttl statement
disables time-to-live (TTL) propagation at the router level and affects all RSVP-signaled
or LDP-signaled LSPs. Only the global configuration of TTL propagation is supported.
[See no-propagate-ttl.]
•
Exception packet handling for MPLS—The following types of exception packet handling
are supported:
•
Router alert
•
Time-to-live (TTL) expiry value
•
Virtual circuit connection verification (VCCV)
[See Junos OS MPLS Applications Configuration Guide.]
•
Fast reroute—Fast reroute is supported on ACX Series routers. Fast reroute provides
redundancy for a label-switched path (LSP) path.
[See Junos OS MPLS Applications Configuration Guide.]
•
Link protection—Link protection helps ensure that traffic traversing a specific interface
from one router to another can continue to reach its destination in the event that this
interface fails.
[See Link Protection.]
•
Node-link protection—Node-link protection establishes a bypass LSP through a
different router altogether.
Copyright © 2012, Juniper Networks, Inc.
15
Junos OS 12.2 Release Notes
[See Node-Link Protection.]
•
MPLS ping and traceroute—The ACX Series routers supports MPLS ping and traceroute
to the extent supported by Junos OS. Junos OS partially supports LSP ping and
traceroute commands based on RFC 4379, Detecting Multi-Protocol Label Switched
(MPLS) Data Plane Failures. However, Junos OS supports this functionality on LSP
transit routers and head-end routers only. If a ping or traceroute command is issued
from a router that fully supports RFC 4379, it can propagate correctly on routers running
Junos OS.
[See Pinging LSPs.]
Network Management
•
Extends support for autoinstallation on ACX Series routers—The autoinstallation
mechanism for discovering, retrieving, and loading an appropriate configuration is now
supported by the ACX Series Universal Access Routers.
[See ACX Series Autoinstallation Overview]
Power Management
•
16
Power over Ethernet (PoE) (ACX2000 Universal Access routers)—PoE is supported
based on the IEEE 802.3af and IEEE 802.3at standards. Two ports on the ACX2000
router support PoE interfaces. The PoE interfaces permit electric power, along with
data, to be passed over a copper Ethernet LAN cable. The PoE controller keeps track
of the PoE power consumption on the router and allocates power to the PoE ports.
•
The PoE interface supports up to 65 W of Power over Ethernet (PoE+).
•
High-power mode—With this new mode of power delivery, all four pairs of wires in
the RJ45 cable have an option to deliver up to 65 W power per port provided
high-power mode over the four pairs is requested. To enable high-power mode,
include the high-power option at the [edit poe management] hierarchy level and
include the maximum-power watts statement at the [edit poe interface
(interface-name | interface-all)] hierarchy level.
•
Control the PoE interfaces with the following configuration statements and
commands:
•
To enable PoE physical interfaces, include the interface statement at the [edit
poe] hierarchy level. Specify an individual PoE interface with the interface-name
option, or all PoE interfaces with the interface-all option.
•
Disable the PoE interface with the disable statement at the [edit poe interface-name
| interface-all] hierarchy level.
•
Configure the PoE interface to gather voltage and power information by including
the telemetries statement at the [edit poe interface (interface-name | interface-all)]
hierarchy level. Specify the following options for this statement: disable, duration
hours, and interval minutes.
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for ACX Series Routers
•
Display the power consumption with the show poe controller command.
•
Display the configured PoE interfaces with the show poe interface command.
[See Understanding PoE on ACX Series Universal Access Routers, Junos OS Ethernet
Interfaces Configuration Guide, and Junos OS System Basics Configuration Guide.]
Firewall Filters
•
Firewall features supported on ACX Series Universal Access Routers—Existing Junos
OS firewall features are supported without changes to statements or functionality.
The following is the list of key supported firewall features and any conditions associated
with them:
•
Configuration of filters for the following protocol families only: any, ccc, inet, and
mpls.
•
Firewall filters applied to a logical interface must have the interface-specific
statement included at the respective family hierarchy level.
•
An egress filter must always have the interface-specific statement configured.
•
Configuration of policers and three-color policers.
•
Actions—for example, count, discard, log, and so on.
•
Operational mode commands for firewall filters are supported on the ACX Series
routers without changes.
[See Standard Firewall Filter Match Conditions and Actions on ACX Series Routers Overview.]
Software Architecture
•
ACX Series router architecture—The ACX Series router is a single-board router with
a built-in Routing Engine and one Packet Forwarding Engine that has one Flexible PIC
Concentrator (FPC 0). Because there is no switching fabric, the single Packet Forwarding
Engine takes care of packet forwarding.
•
Routing Engine—Provides Layer 3 routing services and network management.
•
Packet Forwarding Engine—Performs Layer 2 and Layer 3 packet switching, route
lookups, and packet forwarding.
[See ACX Series Universal Access Router Overview.]
•
Packet Forwarding Engine management—The request chassis feb restart slot
slot-number command is introduced to restart the specified Forwarding Engine Board
(FEB). When you enter this command, you are provided feedback on the status of your
request. For example:
user@host> request chassis feb restart slot 0
FEB will be restarted NOW.
[See request chassis feb.]
Copyright © 2012, Juniper Networks, Inc.
17
Junos OS 12.2 Release Notes
•
Dual-speed Gigabit Ethernet interface—The Gigabit Ethernet ports on the router have
the capacity to work as a 1 or 10 Gigabit Ethernet interface, depending on the type of
small form-factor pluggable (SFP) transceiver inserted. When you insert an SFP+
transceiver, the interface works at the 10 Gigabit speed. When you insert an SFP
transceiver, the interface works at the 1 Gigabit speed. Configuration is not required
because the speed is determined automatically based on the type of inserted SFP
transceiver. The dual-speed interface is automatically created with the xe prefix, for
example, xe-4/0/0.
The same configuration statements are used for both speeds and CoS parameters are
scaled as a percentage of the port speed. To configure a dual-speed Gigabit Ethernet
interface, include the interface xe-fpc/pic/port statement at the [edit interfaces]
hierarchy level. To display the interface speed and other details, issue the show
interfaces command.
[See Understanding Interfaces on ACX Series Universal Access Routers.]
•
SNMP and MIB support—The ACX Series routers support all existing MIBs that identify
all the different components of the chassis, for instance, the power supply, and so on.
Existing MIB support is defined in Standard SNMP MIBs Supported by Junos OS and
Enterprise-Specific MIBs and Supported Devices.
•
Memory utilization—The show chassis routing-engine and the show chassis feb
commands can be used to find the memory allocated for each of the Routing Engine
and Packet Forwarding Engine components. [See show chassis routing-engine and show
chassis feb.]
•
System snapshot support—The request system snapshot command allows you to
create a copy of the currently running software on another media—for example, a
universal serial bus (USB) storage device, the active slice of a dual-root partitioned
router, or the alternate slice of a dual-root partitioned router. Typically, this command
is used prior to the upgrade of the software image on the dual internal NAND flash
device (with the da0s1 or da0s2 slices) or to remedy a bad image, thereby preventing
the bad image from rendering the system useless. A snapshot to another media ensures
that the device can boot from the other media in case the system does not boot up
from the current image.
[See Understanding System Snapshot on an ACX Series Router, Example: Taking a
Snapshot of the Software and Configuration, and request system snapshot (ACX Series).]
Time Division Multiplexing (TDM)
•
18
T1 and E1 interfaces time-division multiplexing (TDM) support—Existing Junos OS
TDM features are supported without changes to statements or functionality. The
following key TDM features for Channelized T1 (ct1) interfaces and Channelized E1
(ce1) interfaces are supported:
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for ACX Series Routers
•
T1/E1 ports—The ACX1000 has 8 built-in TDM ports. The ACX2000 has 16 built-in
TDM ports. T1/E1 mode selection is at the PIC level. To set the T1/E1 mode, include
the framing statement with the t1 or e1 option at the [chassis fpc 0 pic slot-number]
hierarchy level. All ports can be T1 or E1. Mixing T1s and E1s is not supported.
[See framing.]
•
T1/E1 channelization—Full channelization is supported. Partitioning is not supported.
To configure full channelization, include the no-partition statement at the [edit
interfaces ct1-fpc/pic/port] hierarchy level or at the [edit interfaces ce1-fpc/pic/port]
hierarchy level, depending on the interface type.
[See no-partition.]
•
T1/E1 encapsulation—Structure-Agnostic TDM over Packet (SAToP) defined in RFC
4553 is supported. SAToP is used to transport complete TDM frames across the
transport network, creating a smooth migration from legacy TDM to the central
office. Traffic is kept at a constant bit rate of 1.544 Mbps for T1 and 2.048 Mbps plus
overhead for E1 interfaces.
[See SAToP Emulation on T1 and E1 Interfaces Overview.]
•
Alarms, defects, and statistics—Display alarms, defects, and statistics for interfaces
running on the ACX Series routers.
[See show interfaces (T1 or E1).]
•
BERT algorithms—Run BERT for interfaces running on the ACX Series routers.
[See Configuring T1 BERT Properties and test interface t1-bert-start.]
•
External and internal loopback—Use loopback testing to isolate interface problems.
By default, loopback is not configured.
[See Configuring T1 Loopback Capability, Configuring E1 Loopback Capability, Junos OS
Interfaces Network Operations Guide, and Junos OS E1/E3/T1/T3 Interfaces Configuration
Guide.]
•
ATM time-division multiplexing (TDM) support—Existing Junos OS TDM features are
supported without changes to statements or functionality. The following key TDM
features for ATM are supported:
•
Inverse Multiplexing for ATM (IMA)—Defined by the ATM Forum IMA specification
version 1.1. IMA is a standardized technology used to transport ATM traffic over a
bundle of T1 and E1 interfaces, also known as an IMA group. Up to eight links per
bundle and 16 bundles for PIC are supported.
[See Configuring Inverse Multiplexing for ATM (IMA).]
•
Inverse Multiplexing for ATM (IMA) Layer 2 encapsulation—Layer 2 encapsulation
for IMA pseudowire initiation and termination on the ACX Series routers is supported.
To configure encapsulation at the logical interface level, include the encapsulation
statement with the atm-ccc-cell-relay or atm-ccc-vc-mux option at the [edit interface
interface-name unit logical-unit-number] hierarchy level.
[See Understanding Encapsulation on an Interface (ACX Series Routers).]
Copyright © 2012, Juniper Networks, Inc.
19
Junos OS 12.2 Release Notes
•
Denied packets counter—The show interfaces command for ATM interfaces, show
interfaces at-fpc/pic/port extensive supports a new field: denied packets. The denied
packets field displays the number of packets dropped due to VLAN priority deny packets
or due to an error forwarding configuration that might cause a negative frame length,
that is, the stripping size is larger than the packet size.
[See show interfaces (ATM).]
•
TDM and ATM class-of-service (CoS)—Junos OS CoS enables you to classify traffic
into classes and offer various levels of throughput and packet loss when congestion
occurs. Fixed classification is supported on the ACX Series routers. To configure fixed
classification, include the forwarding-class statement at the [edit class-of-service
interfaces interface-name unit logical-unit-number] hierarchy level.
[See forwarding-class (Interfaces) and CoS on ACX Series Universal Access Routers Features
Overview.]
•
ATM policing and shaping–Policing, or rate limiting, is an important component of
firewall filters that lets you limit the amount of traffic that passes into or out of an
interface. Shaping uses queuing and scheduling to shape the outgoing traffic. For more
information about supported policing and shaping on the ACX Series routers, see the
Firewalls section of these release notes.
[See Standard Firewall Filter Match Conditions and Actions on ACX Series Routers Overview.]
Timing and Synchronization
•
Timing and synchronization support at the chassis level—All existing Junos OS timing
and synchronization features are supported at the [edit chassis synchronization]
hierarchy level without changes to statements or functionality, except for the external-a
and the external-b statements, which are not supported on the ACX Series routers.
Instead of the external-a and the external-b statements, the ACX Series routers support
the new bits and gps statements at the [edit chassis synchronization source] hierarchy
level.
•
bits—The external building-integrated timing supply (BITS) device is connected to
the router’s T1 or E1 BITS interface, which upon configuration becomes a candidate
for selection as the clock source by the clock source selection algorithm.
•
gps—The 10-MHz clock input received from the Global Positioning System (GPS) is
considered one of the candidate sources for chassis synchronization by the clock
source selection algorithm.
20
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for ACX Series Routers
Both the bits and gps statements include the following options:
•
priority number—Specify a priority level between 1 and 5. When not specified, gps
has higher default priority than bits, and bits has higher default priority than other
Gigabit Ethernet, 10-Gigabit Ethernet, T1, or E1 clock sources, which have the lowest
default priority.
•
quality-level (prc | prs |sec | smc | ssu-a | ssu-b | st2 | st3 | st3e | st4 | stu |
tnc)—Specify the expected quality of the incoming clock on this source. Specific
quality-level options are valid depending on the configured network-option: option-1
or option-2 at the [edit chassis synchronization] hierarchy level.
•
•
Both option I and option II SSM quality levels (QL) are supported:
•
Both option-1 and option-2 Synchronization Status Message (SSM) quality
levels (QL) are supported:
•
For option-2, the default QL for external clocks is QL_STU whether or not QL
is enabled.
request force-switch—Force a switch to the source provided that the source is
enabled and not locked out. Only one configured source may be force-switched.
•
request lockout—A lockout may be configured for any source. When a lockout is
configured for a source, that source will not be considered by the selection process.
[See Clock Sources for the ACX Series Universal Access Routers, bits, and gps.]
•
T1 or E1 BITS interface (ACX2000 router)—The ACX2000 router has a T1 or E1 building
integrated timing source (BITS) interface that you can connect to an external clock.
After you connect the interface to the external clock, you can configure the BITS
interface so that the BITS interface becomes a candidate source for chassis
synchronization to the external clock. The frequency of the BITS interface depends on
the Synchronous Ethernet equipment (EEC) slave clock selected with the
network-option statement at the [edit chassis synchronization] hierarchy level.
•
option-1—EEC-Option 1 applies to Synchronous Ethernet equipment optimized for
2048 Kbps. With this option, the BITs interface operates at the speed of an E1
interface.
•
option-2—EEC-Option 2 applies to Synchronous Ethernet equipment optimized for
1544 Kbps. With this option, the BITS interface operates at the speed of a T1 interface.
To configure the BITS interface as the candidate source for synchronization, include
the bits statement and options at the [edit chassis synchronization source] hierarchy
level.
[See External Clock Synchronization Overview for ACX Series Routers and source (Chassis
Synchronization).]
•
Global Positioning System (GPS)—GPS is a navigation aid system that uses signals
from satellites to calculate the actual position of a GPS-capable receiver. These signals
are not only used for determining the position of the receiver on Earth but also as a
very accurate time base. There are GPS receivers with 10-MHz clock frequency output
Copyright © 2012, Juniper Networks, Inc.
21
Junos OS 12.2 Release Notes
synchronized to a GPS satellite. The ACX Series router has a SubMinature version B
(SMB) connector that can take 10-MHz sine-wave input from a GPS receiver. To
configure this 10-MHz clock from a GPS receiver as a candidate clock source for chassis
synchronization, include the gps statement and options at the [edit chassis
synchronization source] hierarchy level.
[See Configuring External Clock Synchronization for ACX Series Routers and gps.]
•
Automatic clock selection—In automatic clock selection, the system chooses up to
two best upstream clock sources. The system then uses the clock recovered from one
of the sources to lock the chassis clock. If an upstream clock with acceptable good
quality is not available or if the system is configured in free-run mode, the system uses
the internal oscillator. The following automatic clock selection features are supported
for Synchronous Ethernet, T1 or E1 line timing sources, and external inputs:
NOTE: Automatic clock selection does not apply to the IEEE 1588v2
recovered clock.
•
Basis of automatic clock selection—Automatic clock selection of the best quality
clock source is based on the Ethernet Synchronization Message Channel (ESMC)
Synchronization Status Message (SSM) quality level, the configured quality level,
and the priority. To configure the clock mode, include the clock-mode statement
with the free-run option or the auto-select option at the [edit chassis synchronization]
hierarchy level. When the free-run option is configured, the chassis is locked to the
free-running local oscillator, which is the Stratum 3E oscillator. The auto-select
option enables the clock source selection algorithm to run.
[See clock-mode.]
•
Clock Source Selection Algorithm—The clock source selection algorithm is triggered
by the following events:
•
Signal failure detected on the currently selected source.
•
Changes in the received ESMC SSM quality level (QL)
•
Configuration changes. For example, the addition or deletion of a clock source, a
change to the QL mode, and so on.
Automatic clock selection supports two modes on the ACX Series router: QL enabled
and QL disabled. To configure QL mode, include the quality-mode-enable statement
at the [edit chassis synchronization] hierarchy level.
22
•
QL disabled—The default setting is disable, which means that when the
quality-mode-enable statement is not configured, QL is disabled. In this mode, the
best clock is selected based on the configured ESMC SSM QL. If the QL of the
configured clocks are equal, the clock selection is based on the configured priority.
If both the configured QL and priority are equal, one of the sources is randomly
selected.
•
QL enabled—In this mode, the best clock is selected based on the incoming ESMC
SSM QL as long as the incoming QL is at least as good as the source’s configured
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for ACX Series Routers
QL. If the QLs are equal, the clock selection is based on the configured priority. If
both the received QL and the priority are equal, one of the sources is selected
randomly.
•
Configured or received clock selection—The selection-mode (configured-quality |
received-quality) statement specifies whether the clock source selection algorithm
should use the configured or received ESMC SSM quality level for clock selection. In
both the selection modes, the interface qualifies for clock source selection only when
the received ESMC SSM quality level on the interface is equal to or greater than the
configured ESMC SSM quality level for the interface.
When the selection-mode statement is set as configured-quality, the clock source
selection algorithm uses the ESMC SSM quality level configured for a clock source.
When the selection-mode statement is set as received-quality, the clock source
selection algorithm uses the ESMC SSM quality level received on the interface that
is configured as a clock source.
NOTE: For the selection-mode statement configuration to take effect,
you must set the quality-mode-enable statement at the [edit chassis
synchronization] hierarchy level.
[See Automatic Clock Selection Overview, , Clock Sources for the ACX Series Universal
Access Routers, and synchronization (ACX Series).]
•
Synchronous Ethernet (ACX2000)—Synchronous Ethernet is a physical layer frequency
transfer technology modeled after synchronization in SONET/SDH. Traditional Ethernet
nodes, which do not support Synchronous Ethernet, do not carry synchronization from
one node link to another. Synchronous Ethernet capable nodes, however, can
synchronize their chassis clock to a clock recovered from an interface connected to an
upstream clock master. After which, the clock is used to time data sent to downstream
clock slaves, forming a synchronization trail from a Primary Reference Clock (PRC) to
Ethernet equipment clocks (EECs) and transferring frequency synchronization along
the trail.
The ITU G.8264 specification defines the Synchronization Status Message (SSM)
protocol and its format for Synchronous Ethernet to ensure interoperability between
Synchronous Ethernet equipment used for frequency transfer, for example,
SONET/SDH. Synchronous Ethernet provides stable frequency synchronization to a
PRC and is not affected by load on the network. However it requires that all the nodes
from the PRC to the last downstream node are Synchronous Ethernet capable.
Synchronous Ethernet is a recommended technology for mobile networks that require
frequency-only synchronization, for example 2G or 3G base stations.
[See Synchronous Ethernet Overview on the ACX Series Universal Access Routers.]
•
Precision Timing Protocol (PTP), also known as IEEE 1588v2—PTP synchronizes
clocks between nodes in a network, thereby enabling the distribution of an accurate
clock over a packet-switched network. This synchronization is achieved through packets
that are transmitted and received in a session between a master clock and a slave
Copyright © 2012, Juniper Networks, Inc.
23
Junos OS 12.2 Release Notes
clock. The master clock is external to the ACX Series router, for example, a TCA Series
Timing Client or an MX Series router.
Most existing PTP statements are supported without changes in functionality, see [edit
protocols ptp] Hierarchy Level for details about particular statements. The following
new PTP statements are supported:
•
ipv4-dscp number—Specifies the value used as the DiffServ code point (DSCP) value
for all PTP IPV4 packets originated by the router. To configure the DSCP value,
include the ipv4-dscp number statement at the [edit protocols ptp] hierarchy level.
[See ipv4-dscp.]
•
announce-interval announce-interval-value—This value specifies the rate of announce
messages that a PTP slave clock requests from the master clock during a unicast
negotiation session. The announce interval is configured on the slave clock. To
configure the announce interval, include the announce-interval announce-interval-value
statement at the [edit protocols ptp slave] hierarchy level. The configuration of the
announce-interval statement is effective only when the unicast-negotiation statement
is also configured at the [edit protocols ptp] hierarchy level.
[See announce-interval.]
•
grant-duration interval—When unicast negotiation is enabled, the local PTP slave
clock requests announce, sync, and delay-response messages from the master clock.
In each request, the slave clock asks for the packets to be sent at a specified rate
and the it provides a duration for which the rate is valid. The grant-duration value is
specified in seconds. The default grant duration is 3600 seconds or 1 hour. To
configure the grant duration, include the grant-duration interval statement at the
[edit protocols ptp slave] hierarchy level.
[See grant-duration.]
•
asymmetry number—A compensating value for networks in which there is path
asymmetry between the 1588v2 slave and master clocks. Specify a positive or
negative value that is added to the path delay value from the slave clock to the
master clock, making the delay symmetric and equal to the path from the master
clock to the slave clock. The asymmetry value is in nanoseconds and can vary from
minus (–)100 milliseconds to 100 milliseconds, allowing compensation for up to
1/10 of a second of path asymmetry. To configure an asymmetrical value, include
the asymmetry number statement at the [edit protocols ptp slave interface
interface-name unicast-mode clock-source ip-address local-ip-address ip-address]
hierarchy level.
[See asymmetry.]
•
24
sync-interval interval—Requested log mean interval between sync messages. The
sync-interval is configured on the slave clock and specifies the rate at which sync
messages are requested to be sent from the master clock to the slave clock. The
specified value is the log2 value of the requested sync packet rate. Because the
accepted value varies from –6 to 0 the specified packet rate will be from 2^-6 to
2^0 or from 64 packets per second to 1 packet per second.
Copyright © 2012, Juniper Networks, Inc.
Known Limitations in Junos OS Release 12.2 for ACX Series Routers
The configuration of the sync-interval statement is effective only when the
unicast-negotiation statement is also configured at the [edit protocols ptp] hierarchy
level.
[See sync-interval.]
The following key PTP features are supported:
•
Ordinary clock (slave only)—The PTP ordinary slave clock estimates time offset
from the PTP master clock and tries to align its own time and frequency with that
of the master clock. ACX Series routers support the IEEE 1588v2 compliant ordinary
slave clock. To configure a slave clock, include the slave statement and options at
the [edit protocols ptp] hierarchy level.
•
PTP over User Datagram Protocol (UDP) over IPv4—The IEEE1588v2 standard
specifies different transport protocols for carrying PTP packets. For example, PTP
over Ethernet, PTP over UDP over IPV4, and PTP over UDP over IPV6. The ACX Series
routers support PTP over UDP over IPV4.
•
Unicast mode (IPv4 on Gigabit Ethernet interfaces only)—Unicast mode is a
user-to-user protocol used to send a datagram to a single recipient. Unicast mode
is used for transporting PTP messages. To configure unicast mode on an interface,
include the unicast-mode statement at the [edit protocols ptp slave interface
interface-name] hierarchy level.
[See Precision Timing Protocol (PTP) on ACX Series Universal Access Routers, [edit
protocols ptp] Hierarchy Level, Example: Configuring an Ordinary Slave Clock With
Unicast-Negotiation, and Example: Configuring an Ordinary Slave Clock Without
Unicast-Negotiation.]
Related
Documentation
•
Known Limitations in Junos OS Release 12.2 for ACX Series Routers on page 25
•
Outstanding Issues in Junos OS Release 12.2 for ACX Series Routers on page 27
Known Limitations in Junos OS Release 12.2 for ACX Series Routers
The following software limitations currently exist in Juniper Networks ACX Series Universal
Access Routers. The identifier following the descriptions is the tracking number in the
Juniper Networks Problem Report (PR) tracking system.
Copyright © 2012, Juniper Networks, Inc.
25
Junos OS 12.2 Release Notes
Class of Service
•
When the rewrite-rules statement is configured with the dscp or the inet-precedence
options at the [edit class-of-service interfaces] hierarchy level, the expectation is that
the DiffServ code point (DSCP) or IPv4 precedence rewrite rules take effect only on
IP packets. However, in addition to the IP packets, the DSCP or IPv4 rewrite takes effect
on the IP header inside the Ethernet pseudowire payload as well. [PR/664062: This
is a known limitation.]
Firewall Filters
•
On ACX routers, packet drops in the egress interface queue are also counted as input
packet rejects under the Filter statistics section in the output of the show interface
extensive command when it is run on the ingress interface. [PR/612441: This is a known
software limitation.]
•
When the statistics statement is configured on a logical interface, for example [edit
interface name-X unit unit-Y ], when the (policer | count | three-color-policer) statements
are configured in a firewall filter for the family any, for example [edit firewall family any
filter filter-XYZ term term-T then] hierarchy level, and the configured filter-XYZ is
specified in the output statement of the above logical interface at the [edit interface
name-X unit unit-Y filter] hierarchy level, the counters from the configuration of another
firewall family filter on the logical interface do not work. [PR/678847: This is a known
limitation.]
•
The policing rate can be incorrect if the following configurations are applied together:
•
The policer or three-color-policer statement configured in a firewall filter, for example
filter-XYZ at the [edit firewall family any filter filter-XYZ term term-T then] hierarchy
level, and filter-XYZ is specified as an ingress or egress firewall filter on a logical
interface, for example interface-X unit-Y at the [edit interface interface-X unit unit-Y
filter (input|output) filter-XYZ] hierarchy level.
•
The policer or three-color-policer statement configured in a firewall filter, for example
filter-ABC at the [edit firewall family name-XX filter filter-ABC term term-T then]
hierarchy level, and filter-ABC is configured as an ingress or egress firewall filter on
a family of the same logical interface interface-X unit-Y at the [edit interface
interface-X unit unit-Y family name-XX filter (input|output) filter-ABC] hierarchy level.
NOTE: If one of these configurations is applied independently, then the
correct policer rate can be observed.
[PR/678950: This is a known limitation.]
26
Copyright © 2012, Juniper Networks, Inc.
Outstanding Issues in Junos OS Release 12.2 for ACX Series Routers
Interfaces and Chassis
•
When the differential-delay number option is configured in the ima-group-option
statement at the [edit interfaces at-fpc/pic/ima-group-no] hierarchy level, with a value
less than 10, some of the member links might not come up and the group might remain
down resulting in traffic loss. A workaround is to keep the differential delay value above
10 for all IMA bundles. [PR/726279: This is a known limitation.]
MPLS Applications
Related
Documentation
•
The scaling numbers for pseudowires and MPLS label routes published for the ACX
Series routers are valid only when the protocols adopt graceful restart. In case of
non-graceful restart, the scaling numbers would become half of the published numbers.
[PR/683581: This is a known limitation.]
•
New Features in Junos OS Release 12.2 for ACX Series Routers on page 5
•
Outstanding Issues in Junos OS Release 12.2 for ACX Series Routers on page 27
Outstanding Issues in Junos OS Release 12.2 for ACX Series Routers
The following problems currently exist in Juniper Networks ACX Series Universal Access
Routers. The identifier following the descriptions is the tracking number in the Juniper
Networks Problem Report (PR) tracking system.
Interfaces and Chassis
Related
Documentation
•
On ACX1000 and ACX2000 routers outbound host traffic not shown the respective
interface queue statistics as per the configuration. This is due to a known limitation.
However, the actual queuing and scheduling happens as per the configuration.
[PR/772149]
•
New Features in Junos OS Release 12.2 for ACX Series Routers on page 5
•
Known Limitations in Junos OS Release 12.2 for ACX Series Routers on page 25
Copyright © 2012, Juniper Networks, Inc.
27
Junos OS 12.2 Release Notes
Junos OS Release Notes for EX Series Switches
•
New Features in Junos OS Release 12.2 for EX Series Switches on page 28
•
Changes in Default Behavior and Syntax in Junos OS Release 12.2 for EX Series
Switches on page 36
•
Limitations in Junos OS Release 12.2 for EX Series Switches on page 37
•
Outstanding Issues in Junos OS Release 12.2 for EX Series Switches on page 43
•
Resolved Issues in Junos OS Release 12.2 for EX Series Switches on page 50
•
Changes to and Errata in Documentation for Junos OS Release 12.2 for EX Series
Switches on page 60
•
Upgrade and Downgrade Instructions for Junos OS Release 12.2 for EX Series
Switches on page 61
New Features in Junos OS Release 12.2 for EX Series Switches
This section describes new features in Release 12.2 of the Junos operating system (Junos
OS) for EX Series switches.
Not all EX Series software features are supported on all EX Series switches in the current
release. For a list of all EX Series software features and their platform support, see EX
Series Switch Software Features Overview and EX Series Virtual Chassis Software Features
Overview.
New features are described on the following pages:
28
•
Hardware on page 29
•
Access Control and Port Security on page 31
•
Ethernet Switching and Spanning Trees on page 31
•
Firewall Filters on page 32
•
High Availability on page 32
•
Infrastructure on page 33
•
Interfaces on page 33
•
J-Web Interface on page 34
•
Management and RMON on page 34
•
MPLS on page 34
•
Power over Ethernet (PoE) on page 35
•
Virtual Chassis on page 35
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for EX Series Switches
Hardware
•
EX2200 Virtual Chassis—You can now configure an EX2200 Virtual Chassis. A Virtual
Chassis is a collection of interconnected switches that you can manage and control
as a single entity through one master switch. You can interconnect up to four EX2200
switches in a Virtual Chassis. [See EX2200, EX3300, EX4200, EX4500, and EX4550
Virtual Chassis Overview.]
•
EX4550 switches—EX4550 switches provide high performance, scalable connectivity,
and carrier-class reliability for high-density environments such as campus aggregation,
branch offices, and data center networks.
EX4550 switches are available in the following four models, with AC or DC power
supplies:
•
EX4550-32F-AFI
•
EX4550-32F-AFO
•
EX4550-32F-DC-AFI
•
EX4550-32F-DC-AFO
All models provide 32 wire-speed 10-gigabit small form-factor pluggable (SFP+)
network ports that can house either 1-Gigabit Ethernet connectors or 10-Gigabit Ethernet
connectors and two slots for housing 8-port 1/10-Gb SFP+ expansion modules or the
128-Gb Virtual Chassis module, or both.
EX4550 switches support 650 W hot-insertable and hot-removable field-replaceable
unit (FRU) power supplies.
EX4550 switches support the following optical transceivers:
•
EX-SFP-1GE-LX
•
EX-SFP-1GE-SX
•
EX-SFP-1GE-T
•
EX-SFP-10GE-DAC-1M
•
EX-SFP-10GE-DAC-3M
•
EX-SFP-10GE-DAC-5M
•
EX-SFP-10GE-DAC-7M
•
EX-SFP-10GE-ER
•
EX-SFP-10GE-LR
•
EX-SFP-10GE-LRM
•
EX-SFP-10GE-SR
•
EX-SFP-10GE-USR
Copyright © 2012, Juniper Networks, Inc.
29
Junos OS 12.2 Release Notes
[See EX4550 Hardware Documentation.]
30
•
EX4550 Virtual Chassis module—EX4550 switches support the 128G Virtual Chassis
module, which can connect EX4550 switches to EX4200 switches, EX4500 switches,
or other EX4550 switches to form one unit that you can manage as a single Virtual
Chassis. The Virtual Chassis module provides two dedicated Virtual Chassis ports
(VCPs) that can be used to connect the switch to other Virtual Chassis member
switches. However, it is not mandatory to install a Virtual Chassis module to connect
an EX4550 switch in a Virtual Chassis configuration. [See Virtual Chassis Module in
EX4550 Switches.]
•
EX4550 8X 1/10G SFP+ expansion module—You can install up to two 8X 1/10G SFP+
optional expansion modules in an EX4550 switch. Each expansion module provides
eight SFP+ ports for connecting to core devices in a data center. You can install SFP
or SFP+ transceivers in these ports. [See Expansion Modules in EX4550 Switches.]
•
New optical transceiver support for EX8200 switches—The EX8200-2XS-40P and
EX8200-2XS-40T line cards now support the following optical transceivers:
•
EX-SFP-FE20KT13R15
•
EX-SFP-FE20KT15R13
•
EX-SFP-1FE-FX
•
EX-SFP-1FE-LH
•
EX-SFP-1FE-LX40K
•
EX-SFP-GE10KT13R14
•
EX-SFP-GE10KT13R15
•
EX-SFP-GE10KT14R13
•
EX-SFP-GE10KT15R13
•
EX-SFP-GE40KT13R15
•
EX-SFP-GE40KT15R13
•
EX-SFP-1G-CWDM-LH (wavelengths of 1470 nm, 1490 nm, 1510 nm, 1530 nm,
1550 nm, 1570 nm, 1590 nm, and 1610 nm)
•
EX-SFP-1GE-LH
•
EX-SFP-1GE-LX40K
•
EX-SFP-10GE-ACT-1M
•
EX-SFP-10GE-ACT-3M
•
EX-SFP-10GE-ACT-5M
•
EX-SFP-10GE-DAC-1M
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for EX Series Switches
•
EX-SFP-10GE-DAC-3M
•
EX-SFP-10GE-DAC-5M
•
EX-SFP-10GE-DAC-7M
•
EX-SFP-10GE-LRM
•
EX-SFP-10GE-USR
[See Optical Interface Support in EX8200 Switches.]
•
DOM support on Virtual Chassis ports—EX3300, EX4200, and EX4500 switches now
support digital optical monitoring (DOM) on Gigabit Ethernet and 10-Gigabit Ethernet
VCPs. [See Optical Interface Support in EX3300 Switches, Optical Interface Support in
EX4200 Switches, Optical Interface Support in EX4500 Switches, and the show interfaces
diagnostics optics command.]
Access Control and Port Security
•
Support for the Infranet Controller (IC) as an external captive-portal server—If you
have connected an EX Series switch to the Junos Pulse Access Control Service and
you want to use the captive portal feature, use the Access Control Service as an external
captive portal server. For accessing a protected network resource that is connected
to the switch, a user must first sign in to the Access Control Service for authentication
and endpoint security checking. The captive portal redirects the user to a login page
located on the Access Control Service. When the user logs in, the Access Control Service
examines the endpoint for compliance with security policies. If the endpoint passes
the security check, the user is authenticated and is granted access to the protected
resource. [See Understanding Centralized Network Access Control and EX Series Switches.]
•
Junos Pulse Access Control Service—Junos Pulse Access Control Service eliminates
the need for you to configure firewall filters on each EX Series switch. Instead, you
define resource access policies centrally on the network access control (NAC) device.
Resource access policies define which network resources are allowed or are denied
for a user, based upon the user’s role. The NAC device distributes these policies to all
connected switches. The NAC device thus functions as a centralized policy management
server. The switch converts resource access policies into filter definitions and applies
these to the appropriate ports. [See Junos Pulse Access Control Service and Using the
EX Series Switch as an Infranet Enforcer.]
Ethernet Switching and Spanning Trees
•
Filtering BPDUs without blocking the port—The original BPDU port block disabled
the port, preventing all traffic from forwarding through the port. The drop statement
lets you filter BPDUs instead of disabling the port. The port drops only incompatible
BPDUs that try to enter at the port. Any other ingress traffic continues to be forwarded
when the port is active. [See Understanding BPDU Protection for STP, RSTP, and MSTP
on EX Series Switches and the drop configuration statement.]
•
Increased number of RTGs on EX8200 Virtual Chassis—Redundant trunk groups
(RTGs) provide redundancy in cases of link or line card failures. You can now configure
Copyright © 2012, Juniper Networks, Inc.
31
Junos OS 12.2 Release Notes
up to 254 RTGs on either an EX8200 switch or an EX8200 Virtual Chassis. [See
Understanding Redundant Trunk Links on EX Series Switches.]
•
VSTP compatibility with Cisco PVST+—When you configure VSTP using the set
protocol vstp vlan all configuration mode command, VLAN ID 1 is now excluded, thus
making Junos OS VSTP compatible with Cisco PVST+. To include VLAN ID 1 in the
VSTP VLAN, you must now add it explicitly using the set protocol vstp vlan 1
configuration mode command. [See Understanding VSTP for EX Series Switches and
the vlan (VSTP) configuration statement.]
Firewall Filters
•
EX8200 management counters for displaying policer billing information—You can
obtain policer statistics in EX8200 switches by using three global management
counters. You can assign any number of ingress policers to each global management
counter and obtain the policer statistics. The policer statistics for each global
management counter are the aggregate of the policer statistics for all policers
associated with that global management counter. [See Understanding the Use of
Policers in Firewall Filters, Configuring Policers to Control Traffic Rates (CLI Procedure),
the counter configuration statement, and the show firewall filter command.]
High Availability
32
•
NSR for IPv6 RIPng with BFD, IPv6 OSPFv3 with BFD, and IPv6 IS-IS with BFD support
on EX3300 Virtual Chassis, EX4200 Virtual Chassis, and EX4500 Virtual
Chassis—Nonstop active routing (NSR) for IPv6 IS-IS with BFD, IPv6 OSPFv3 with
BFD, and IPv6 RIPng with BFD is now supported on EX3300 Virtual Chassis, EX4200
Virtual Chassis, and EX4500 Virtual Chassis. You can now configure NSR to enable a
transparent switchover between the master and backup Routing Engines without
having to restart any of these protocols. [See Understanding Nonstop Active Routing
on EX Series Switches.]
•
NSR for OSPFv3 and RIPng with BFD support on EX4200 Virtual Chassis and EX4500
Virtual Chassis—Nonstop active routing (NSR) for OSPFv3 and RIPng with BFD is now
supported on EX4200 Virtual Chassis and EX4500 Virtual Chassis. You can now
configure NSR to enable a transparent switchover between the master and backup
Routing Engines without having to restart OSPFv3 and RIPng with BFD. [See
Understanding Nonstop Active Routing on EX Series Switches.]
•
NSR for PIM on EX3300 Virtual Chassis, EX4200 Virtual Chassis, EX4500 Virtual
Chassis, and EX6200 switches—Nonstop routing (NSR) for Protocol Independent
Multicast (PIM) is now supported on EX3300 Virtual Chassis, EX4200 Virtual Chassis,
EX4500 Virtual Chassis, and EX6200 switches. You can now configure NSR to enable
a transparent switchover between the master and backup Routing Engines without
having to restart PIM. [See Understanding Nonstop Active Routing on EX Series Switches.]
•
NSSU support on EX3300 Virtual Chassis and EX6200 switches—Nonstop software
upgrade (NSSU), which permits you to upgrade the software running on a switch or
Virtual Chassis with minimal disruption to traffic, is now supported on EX3300 Virtual
Chassis and on EX6200 switches. [See Understanding Nonstop Software Upgrade on
EX Series Switches.]
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for EX Series Switches
Infrastructure
•
Automatic switch provisioning without manual intervention—Automatic switch
provisioning without manual intervention is now supported. When you physically
connect a switch to the network and boot it with a default configuration, it attempts
to upgrade software automatically and autoinstall a configuration file from the network.
The switch uses information provided by a DHCP server to determine whether to
perform these actions and to locate the necessary software image and configuration
files on the network. If you do not configure the DHCP server to provide this information,
the switch boots with the preinstalled software and default configuration. [See
Understanding EZ Touchless Provisioning on EX Series Switches.]
•
Complete EX Series–specific configuration statements hierarchies—Documentation
is now provided that lists all supported and unsupported configuration statements in
each configuration hierarchy level on EX Series switches. Supported statements are
those that you can use to configure some aspect of a software feature on the switch.
Unsupported statements are those that appear in the command-line interface (CLI)
on the switch, but that have no effect on switch operation if you configure them. [See
the Configuration tab on User Interfaces on EX Series Switches.]
•
Enhancements to the display of packet drop and error counters—The software now
provides additional debugging ability in retrieving packet drop information and errors.
The following operational mode commands have been added or updated to allow you
to retrieve packet drop information and errors: show pfe statistics bridge, show pfe
statistics errors, and show pfe statistics traffic. [See the show pfe statistics bridge, show
pfe statistics error, and show pfe statistics traffic commands.]
•
New software features for EX3300 switches—Several new features that were
introduced in earlier EX Series switches are now supported on EX3300 switches and
EX3300 Virtual Chassis. [See EX Series Switch Software Features Overview and EX
Series Virtual Chassis Software Features Overview for a list of supported features.]
•
Routing Engine SDK package—The Routing Engine SDK (RE SDK) package is now
supported on EX4200 standalone switches, EX4200 Virtual Chassis, EX4500
standalone switches, EX4500 Virtual Chassis, EX8200 standalone switches, EX8200
Virtual Chassis, and mixed EX4200 and EX4500 Virtual Chassis. The Junos Software
Development Kit (SDK) allows partners of the Junos SDK program to build custom
applications that run on Junos OS. The RE SDK enables developers to create
applications to run on the control plane or Routing Engine. [See Junos SDK.]
Interfaces
•
Energy Efficient Ethernet—Energy Efficient Ethernet (EEE) reduces the power
consumption of BASE-T copper physical layers (PHYs) during periods of low link
utilization. EEE, an Institute of Electrical and Electronics Engineers (IEEE) 802.3az
standard, specifies a signaling protocol, Low Power Idle (LPI), to achieve the
power-saving goal during the idle time of links. [See Understanding How Energy Efficient
Ethernet Reduces Power Consumption on Interfaces.]
•
Load balancing of multicast traffic over aggregated Ethernet interfaces on EX8200
switches—You can now virtually aggregate four 10-gigabit links on EX8200 switches
Copyright © 2012, Juniper Networks, Inc.
33
Junos OS 12.2 Release Notes
to form a 40-gigabit point-to-point link channel for data. You can use the show chassis
multicast load-balance command to see whether multicast load balancing is enabled
and, if it is enabled, what the hash mode has been set to. [See Understanding Multicast
Load Balancing Over 10-Gigabit Links for Routed Multicast Traffic on Switches.]
J-Web Interface
•
J-Web interface configuration for EX4550 32-F switch—You can configure the EX4550
32-F switch in the J-Web interface. [See User Interfaces on EX Series Switches.]
Management and RMON
•
Juniper Networks enterprise-specific interface MIB enhancements—The jnxIfTable
in the Juniper Networks enterprise-specific interface MIB has been enhanced to display
the count of the number of cyclic redundancy check (CRC) errors and frame check
sequence (FCS) errors. [See Juniper Networks Enterprise-Specific MIBs and Junos OS
Enterprise MIBs.]
MPLS
•
MPLS support on EX4500 standalone switches and EX4500 Virtual Chassis—EX4500
standalone switches and EX4500 Virtual Chassis now support all MPLS features that
are supported on EX8200 switches with the following exceptions:
•
MPLS is not supported in a mixed EX4200 and EX4500 Virtual Chassis. EX4500
switches support IP over MPLS only when the switches are configured to perform
penultimate-hop popping (PHP). MPLS over routed VLAN interfaces (RVIs),
label-switched path (LSP) statistics, unicast reverse-path forwarding (RPF) statistics,
MPLS class of service (CoS), traffic policing, DiffServ-aware LSPs, graceful Routing
Engine switchover (GRES), and equal-cost multipath (ECMP) are not supported.
•
EX4500 standalone switches and EX4500 Virtual Chassis support a maximum of
125 instances of Layer 2 VPN, Layer 3 VPN, or CCC connections; or a combination of
these.
•
LSP ping and traceroute operations for circuit cross-connects (CCCs), Layer 2 circuits,
and Layer 2 virtual private networks (VPNs) are not supported.
•
An MPLS configuration that consists of a mix of EX8200 and EX4500 switches does
not support VLAN CCCs.
•
VLAN CCCs require that the VLAN ID be the same at both ends of the connection.
The VLAN ID translation feature is not supported.
•
The time to live (TTL) of MPLS packets is not decremented in the ingress MPLS
switch.
•
The pipe model of TTL handling is not supported on a Layer 3 VPN if an EX4500
switch is configured as the ingress provider edge (PE) switch.
[See MPLS for EX Series Switches.]
34
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for EX Series Switches
•
MPLS support on EX8200 Virtual Chassis—EX8200 Virtual Chassis now support
MPLS on all member switches. [See MPLS for EX Series Switches.]
•
MPLS protocol enhancements on EX8200 standalone switches and EX8200 Virtual
Chassis —EX8200 standalone switches and EX8200 Virtual Chassis now support the
following protocols:
•
Bidirectional Forwarding Detection (BFD) protocol. BFD is a simple hello mechanism
that detects failures in a network. Hello packets are sent at a specified, regular
interval. A neighbor failure is assumed when the routing device stops receiving a
reply from the neighbor after a specified interval. You can also use a ping operation
to detect network failures. BFD is supported for label-switched paths (LSPs) (both
RSVP and LDP), Layer 3 virtual private networks (VPNs), and Multi-Gateway
Multipath (MGMP) networks.
•
The ping operation is now supported for LSPs and Layer 3 VPNs. Note that the
processing resources required for BFD are much less than those required for a ping
operation. In addition, BFD is capable of detecting data plane failure faster than the
ping operation.
•
You can perform a traceroute operation to display the route that packets take to a
specified network host, for an MPLS-based Layer 3 VPN.
[See MPLS for EX Series Switches.]
Power over Ethernet (PoE)
•
LLDP PoE power negotiation—EX2200, EX3300, EX4200 PX, EX4500, EX6200, and
EX8200 switches now support Link Layer Discovery Protocol (LLDP) Power over
Ethernet (PoE) power negotiation. The switch can dynamically allocate PoE power to
powered devices based on their needs and obtain the PoE priority value from powered
devices using LLDP. [See Understanding PoE on EX Series Switches.]
Virtual Chassis
Related
Documentation
•
Hardware rate limiting on XRE200 External Routing Engines—Internal hardware rate
limiting has been modified to help secure the XRE200 External Routing Engine control
plane. [See XRE200 External Routing Engine Documentation.]
•
Changes in Default Behavior and Syntax in Junos OS Release 12.2 for EX Series Switches
on page 36
•
Limitations in Junos OS Release 12.2 for EX Series Switches on page 37
•
Outstanding Issues in Junos OS Release 12.2 for EX Series Switches on page 43
•
Resolved Issues in Junos OS Release 12.2 for EX Series Switches on page 50
•
Changes to and Errata in Documentation for Junos OS Release 12.2 for EX Series
Switches on page 60
•
Upgrade and Downgrade Instructions for Junos OS Release 12.2 for EX Series Switches
on page 61
Copyright © 2012, Juniper Networks, Inc.
35
Junos OS 12.2 Release Notes
Changes in Default Behavior and Syntax in Junos OS Release 12.2 for EX Series Switches
This section lists the changes in default behavior and syntax in Junos OS Release 12.2 for
EX Series switches.
Ethernet Switching and Spanning Trees
•
When you configure VSTP using the set protocol vstp vlan all configuration mode
command, VLAN ID 1 is now excluded, thus making the Junos VSTP compatible with
Cisco PVST+. To include VLAN ID 1 in the VSTP VLAN, you must now add it explicitly
using the set protocol vstp vlan 1 configuration mode command.
Infrastructure
•
When you boot EX Series switches with the default configuration, the switch behavior
has changed. When you physically connect a switch to the network and boot it with a
default configuration, the switch attempts to upgrade software automatically and
autoinstall a configuration file from the network. The switch uses information provided
by a DHCP server to determine whether to perform these actions and to locate the
necessary software image and configuration files on the network. If you do not configure
the DHCP server to provide this information, the switch boots with the preinstalled
software and default configuration.
The switch uses different DHCP options than those for previous releases to locate
configuration files on the network when it is booted with a default configuration. For
more information, see the new documentation for automatic switch provisioning
without manual intervention.
Related
Documentation
36
•
The switch monitors available disk space in the /var partition every 30 seconds. If disk
space in the /var partition is more than 75 percent of the partition space, the switch
displays a yellow alarm. If disk space in the /var partition is more than 90 percent of
the partition space, the switch displays both a yellow alarm and a red alarm. To avoid
getting these warnings, use the request system storage cleanup command to clear up
the disk space.
•
New Features in Junos OS Release 12.2 for EX Series Switches on page 28
•
Limitations in Junos OS Release 12.2 for EX Series Switches on page 37
•
Outstanding Issues in Junos OS Release 12.2 for EX Series Switches on page 43
•
Resolved Issues in Junos OS Release 12.2 for EX Series Switches on page 50
•
Changes to and Errata in Documentation for Junos OS Release 12.2 for EX Series
Switches on page 60
•
Upgrade and Downgrade Instructions for Junos OS Release 12.2 for EX Series Switches
on page 61
Copyright © 2012, Juniper Networks, Inc.
Limitations in Junos OS Release 12.2 for EX Series Switches
Limitations in Junos OS Release 12.2 for EX Series Switches
This section lists the limitations in Junos OS Release 12.2 for EX Series switches. If the
limitation is associated with an item in our bug database, the description is followed by
the bug tracking number.
For the most complete and latest information about known Junos OS defects, use the
Juniper online Junos Problem Report Search application.
Access Control and Port Security
•
You cannot configure a security certificate to provide additional security for the
connection between an EX Series switch and Junos Pulse Access Control Service; that
is, the ca-profile and server-certificate-subject configuration statements are not
supported. [This is a known software limitation.]
•
On EX Series switches, you cannot configure 802.1X authentication on redundant trunk
groups (RTGs). [This is a known software limitation.]
Ethernet Switching and Spanning Trees
•
On EX Series switches, only dynamically learned routes can be imported from one
routing table group to another. [This is a known software limitation.]
Firewall Filters
•
On EX3200 and EX4200 switches, when a very large number of firewall filters are
included in the configuration, it might take a long time, possibly a few minutes, for the
egress filter rules to be installed. [PR/468806: This is a known software limitation.]
•
On EX3300 switches, if you add and delete filters with a large number of terms (on
the order of 1000 or more) in the same commit operation, not all the filters are installed.
As a workaround, add filters in one commit operation, and delete filters in a separate
commit operation. [PR/581982: This is a known software limitation.]
•
On EX8200 switches, if you configure an implicit or explicit discard action as the last
term in an IPv6 firewall filter on a loopback (lo0) interface, all the control traffic from
the loopback interface is dropped. To prevent this, you must configure an explicit accept
action. [This is a known software limitation.]
Hardware
•
On 40-port SFP+ line cards for EX8200 switches, the LEDs on the left of the network
ports do not blink to indicate that there is link activity if you set the speed of the network
ports to 10/100/1000 Mbps. However, if you set the speed to 10 Gbps, the LEDs blink.
[PR/502178: This is a known limitation.]
•
The Uplink Modules in EX3200 Switches topic notes the following behavior for the SFP
uplink module, which provides four ports for 1-gigabit small form-factor pluggable
(SFP) transceivers: “On an EX3200 switch, if you install a transceiver in an SFP uplink
module, a corresponding network port from the last four built-in ports is disabled. For
example, if you install an SFP transceiver in port 2 on the uplink module (ge-0/1/2) on
Copyright © 2012, Juniper Networks, Inc.
37
Junos OS 12.2 Release Notes
24-port models, then ge-0/0/22 is disabled. The disabled port is not listed in the output
of show interface commands.”
Another note on the same page describes similar behavior for the SFP+ uplink module:
“On an EX3200 switch, if you install a transceiver in an SFP+ uplink module when the
uplink module is operating in 1-gigabit mode, a corresponding network port from the
last four built-in ports is disabled. For example, if you install an SFP transceiver in port
2 on the uplink module (ge-0/1/2), then ge-0/0/22 is disabled. The disabled port is
not listed in the output of show interfaces commands.”
However, in both cases what actually occurs is that when you install the SFP uplink
module or explicitly configure the mode on an SFP+ uplink module to 1-gigabit operating
mode and do not reboot the switch, the last four built-in ports on the switch are
disabled. If transceivers are installed in the uplink module, the corresponding built-in
network ports are not displayed in the output of show interfaces commands. The
workaround is to move all four links to the uplink module, or to reboot the switch for
correct initialization of the ports.
[PR/686467: This is a known limitation.]
•
You cannot connect EX2200-12P switches to the pre-standard Cisco IP Phone 7960
with a straight cable. As a workaround, use a crossover cable. [PR/726929: This is a
known limitation.]
High Availability
•
You cannot verify that nonstop bridging (NSB) is synchronizing Layer 2 protocol
information to the backup Routing Engine even when NSB is properly configured.
[PR/701495: This is a known software limitation.]
•
On EX Series Virtual Chassis running Junos OS Release 11.2 or earlier, the same MAC
address might be assigned to multiple Layer 2 interfaces and aggregated Ethernet
interfaces on different member switches. This is an expected behavior: you cannot
assign a unique MAC address to each interface when the Virtual Chassis is running
Junos OS Release 11.2 or earlier. However, starting in Junos OS Release 11.3, you can
assign unique MAC addresses to these Virtual Chassis interfaces.
If you use nonstop software upgrade (NSSU) to upgrade a Virtual Chassis from Junos
OS Release 11.2 or earlier to Junos OS Release 11.3 or later, you might see the same
MAC address assigned to multiple interfaces on different member switches. To ensure
that the interfaces have unique MAC addresses, either perform the upgrade without
using NSSU or reboot the Virtual Chassis after you perform the upgrade with NSSU.
[PR/775203: This is a known software limitation.]
38
Copyright © 2012, Juniper Networks, Inc.
Limitations in Junos OS Release 12.2 for EX Series Switches
Infrastructure
•
On EX Series switches, the show snmp mib walk etherMIB command does not display
any output, even though the etherMIB is supported. This occurs because the values
are not populated at the module level—they are populated at the table level only. You
can issue the show snmp mib walk dot3StatsTable, show snmp mib walk dot3PauseTable,
and show snmp mib walk dot3ControlTable commands to display the output at the
table level. [This is a known software limitation.]
•
Momentary loss of an inter-Routing Engine IPC message might trigger an alarm that
displays the message Loss of communication with Backup RE. However, no functionality
is affected. [PR/477943: This is a known software limitation.]
•
Routing between virtual routing instances for local direct routes is not supported.
[PR/490932: This is a known software limitation.]
•
On EX4500 switches, the maintenance menu is not disabled even if you include the
lcd maintenance-menu disable statement in the configuration. [PR/551546: This is a
known software limitation.]
•
When you enable the filter-id attribute on the RADIUS server for a particular client,
none of the required 802.1X authentication rules are installed in the IPv6 database.
Therefore, IPv6 traffic on the authenticated interface is not filtered; only IPv4 traffic is
filtered on that interface. [PR/560381: This is a known software limitation.]
•
On EX8200 switches, if OAM link-fault management (LFM) is configured on a member
of a VLAN on which Q-in-Q tunneling is also enabled, OAM PDUs cannot be transmitted
to the Routing Engine. [PR/583053: This is a known software limitation.]
•
When you reconfigure the maximum transmission unit (MTU) value of a next hop more
than eight times without restarting the switch, the interface uses the maximum value
of the eight previously configured values as the next MTU value. [PR/590106: This is
a known software limitation.]
•
On EX8208 and EX8216 switches that have two Routing Engines, one Routing Engine
cannot be running Junos OS Release 10.4 or later while the other one is running Junos
OS Release 10.3 or earlier. Ensure that both Routing Engines in a single switch run either
Junos OS Release 10.4 or later or Junos OS Release 10.3 or earlier. [PR/604378: This
is a known software limitation.]
•
When you configure a static route that has two multihop paths, BFD might become
unstable and the routing protocol process (rpd) might crash. [PR/701966: This is a
known software limitation.]
•
On EX6210 and EX8200 switches that have two Routing Engines, and on EX8200
Virtual Chassis that have two XRE200 External Routing Engine modules, you cannot
issue the commit synchronize command from the J-Web interface. As a workaround,
issue this command from the CLI. [This is a known software limitation.]
•
If the accounting server is not available, you might experience trouble viewing system
information on EX4200 switches. If you attempt to execute CLI commands related to
system options, the following error message might be displayed: error communicating
with fpc0. This error is a result of the common command forwarding used by EX4200
switches to gather information about other members in a Virtual Chassis. When you
Copyright © 2012, Juniper Networks, Inc.
39
Junos OS 12.2 Release Notes
issue commands related to system options through the CLI, a new management process
(mgd) is initiated. The management process on one Virtual Chassis member opens a
connection to a management process on another member, logs in, and extracts the
information. Because the EX4200 switch is a Virtual Chassis, this sequence of events
occurs even on a standalone EX4200 switch. The connection from one mgd process
to another is treated as a login event. If system accounting is configured for login events,
the switch attempts to connect to the accounting server before executing the CLI
command. If the accounting server is not available, the connection times out. As a
workaround, either ensure that the accounting server is reachable or disable the
configuration of system accounting for login events. [This is a known software
limitation.]
Interfaces
•
EX Series switches do not support IPv6 interface statistics. Therefore, all values in the
output of the show snmp mib walk ipv6IfStatsTable command always display a count
of 0. [PR/480651: This is a known software limitation.]
•
On EX8216 switches, a link might go down momentarily when an interface is added to
a LAG. [PR/510176: This is a known software limitation.]
•
On EX Series switches, if you clear LAG interface statistics while the LAG is down, then
bring up the LAG and pass traffic without checking for statistics, and finally bring the
LAG interface down and check interface statistics again, the statistics might be
inaccurate. As a workaround, use the show interfaces interface-name command to
check LAG interface statistics before bringing down the interface. [PR/542018: This is
a known software limitation.]
•
Power over Ethernet (PoE) and Power over Ethernet Plus (PoE+) cannot be configured
for EX8200 member switches in an EX8200 Virtual Chassis using the XRE200 External
Routing Engine.
If you have not cabled the Virtual Chassis, configure PoE or PoE+ on each EX8200
member switch before cabling the Virtual Chassis. See Configuring PoE (CLI Procedure).
To configure PoE and PoE+ on an EX8200 member switch in an operational EX8200
Virtual Chassis:
1.
Power off the EX8200 member switch. See Powering Off an EX8200 Switch.
2. Uncable the switch from the Virtual Chassis.
3. Power on the switch. See Powering On an EX8200 Switch
4. Log in to the switch. See Connecting an EX Series Switch to a Management Console.
5. Configure PoE. See Configuring PoE (CLI Procedure).
6. Cable the EX8200 member switch back into the EX8200 Virtual Chassis. See
Connecting an EX8200 Switch to an XRE200 External Routing Engine.
[This is a known software limitation.]
40
Copyright © 2012, Juniper Networks, Inc.
Limitations in Junos OS Release 12.2 for EX Series Switches
J-Web Interface
•
In the J-Web interface, you cannot commit some configuration changes in the Ports
Configuration page or the VLAN Configuration page because of the following limitations
for port-mirroring ports and port-mirroring VLANs:
•
A port configured as the output port for an analyzer cannot be a member of any
VLAN other than the default VLAN.
•
A VLAN configured to receive analyzer output can be associated with only one
interface.
[PR/400814: This is a known software limitation.]
•
In the J-Web interface, the Ethernet Switching Monitor page (Monitor > Switching >
Ethernet Switching) might not display monitoring details if the switch has more than
13,000 MAC entries. [PR/425693: This is a known software limitation.]
•
If you insert four or more EX8200-40XS line cards in an EX8208 or EX8216 switch, the
Support Information page (Maintain > Customer Support > Support Information) in
the J-Web interface might fail to load because the configuration might be larger than
the maximum size of 5 MB. The error message Configuration too large to handle is
displayed. [PR/552549: This is a known software limitation.]
•
In the J-Web interface, you cannot configure interface ranges and interface groups.
[This issue was being tracked by PR/600559.]
•
The J-Web interface does not support role-based access control; it supports only users
in the super-user authorization class. So a user who is not in the super-user class, such
as a user with view-only permission, is able to launch the J-Web interface and is allowed
to configure everything, but the configuration fails on the switch, and the switch displays
access permission errors. [PR/604595: This is a known software limitation.]
Layer 2 and Layer 3 Protocols
•
On EX 3200 and EX4200 switches, MPLS on Layer 3 tagged subinterfaces and routed
VLAN interfaces (RVIs) is not supported, even though the CLI allows you to commit a
configuration that enables these features. [PR/612434: This is a known software
limitation.]
Management and RMON
•
On EX Series switches, an SNMP query fails when the SNMP index size of a table is
greater than 128 bytes, because the Net SNMP tool does not support SNMP index sizes
greater than 128 bytes. [PR/441789: This is a known software limitation.]
•
When MVRP is configured on a trunk interface, you cannot configure connectivity fault
management (CFM) on that interface. [PR/540218: This is a known software limitation.]
Virtual Chassis
•
A standalone EX4500 switch with its PIC mode set to virtual-chassis has less bandwidth
available for network ports than an EX4500 switch with its PIC mode set to intraconnect.
Copyright © 2012, Juniper Networks, Inc.
41
Junos OS 12.2 Release Notes
The network ports on a standalone EX4500 switch with a virtual-chassis PIC mode
setting often do not achieve line-rate performance.
The PIC mode on an EX4500 switch can be set to virtual-chassis if:
•
The switch was ordered with a Virtual Chassis module installed and thus has its PIC
mode set to virtual-chassis by default.
•
You entered the request chassis pic-mode virtual-chassis operational mode command
to configure the switch as a member of a Virtual Chassis.
You can check the PIC mode for your EX4500 switch that has a Virtual Chassis module
installed by entering the show chassis pic-mode command.
You must always set the PIC mode on a standalone EX4500 switch to intraconnect.
Set the PIC mode to intraconnect by entering the request chassis pic-mode intraconnect
operational mode command.
[This is a known software limitation.]
•
The automatic software update feature is not supported on EX4500 switches that
are members of a Virtual Chassis. [PR/541084: This is a known software limitation.]
•
When an EX4500 switch becomes a member of a Virtual Chassis, it is assigned a
member ID. If that member ID is a nonzero value, then if the software on that member
switch is downgraded to a software image that does not support Virtual Chassis, you
cannot change the member ID to 0. A standalone EX4500 switch must have a member
ID of 0. The workaround is to convert the EX4500 Virtual Chassis member switch to
a standalone EX4500 switch before downgrading the software to an earlier release,
as follows:
1.
Disconnect all Virtual Chassis cables from the member to be downgraded.
2. Convert the member switch to a standalone EX4500 switch by issuing the request
virtual-chassis reactivate command.
3. Renumber the member ID of the standalone switch to 0 by issuing the request
virtual-chassis renumber command.
4. Downgrade the software to the earlier release.
[PR/547590: This is a known software limitation.]
•
When you add a new member switch to an existing EX4200 Virtual Chassis, EX4500
Virtual Chassis, or mixed EX4200 and EX4500 Virtual Chassis in a ring topology, a
member switch that was already part of the Virtual Chassis might become
nonoperational for several seconds. The member switch will return to the operational
state with no user intervention. Network traffic to the member switch is dropped during
the downtime. To avoid this issue, follow this procedure:
1.
Cable one dedicated or user-configured Virtual Chassis port (VCP) on the new
member switch to the existing Virtual Chassis.
2. Power on the new member switch.
42
Copyright © 2012, Juniper Networks, Inc.
Outstanding Issues in Junos OS Release 12.2 for EX Series Switches
3. Wait for the new switch to become operational in the Virtual Chassis. Monitor the
show virtual-chassis command output to confirm the new switch is recognized by
the Virtual Chassis and is in the Prsnt state.
4. Cable the other dedicated or user-configured VCP on the new member switch to
the Virtual Chassis.
[PR/591404: This is a known software limitation.]
Related
Documentation
•
New Features in Junos OS Release 12.2 for EX Series Switches on page 28
•
Changes in Default Behavior and Syntax in Junos OS Release 12.2 for EX Series Switches
on page 36
•
Outstanding Issues in Junos OS Release 12.2 for EX Series Switches on page 43
•
Resolved Issues in Junos OS Release 12.2 for EX Series Switches on page 50
•
Changes to and Errata in Documentation for Junos OS Release 12.2 for EX Series
Switches on page 60
•
Upgrade and Downgrade Instructions for Junos OS Release 12.2 for EX Series Switches
on page 61
Outstanding Issues in Junos OS Release 12.2 for EX Series Switches
The following are outstanding issues in Junos OS Release 12.2R1 for EX Series switches.
The identifier following the description is the tracking number in our bug database.
For the most complete and latest information about known Junos OS defects, use the
Juniper online Junos Problem Report Search application.
NOTE: Other software issues that are common to both EX Series switches
and M, MX, and T Series routers are listed in “Issues in Junos OS Release 12.2
for M Series, MX Series, and T Series Routers” on page 122.
Copyright © 2012, Juniper Networks, Inc.
43
Junos OS 12.2 Release Notes
Access Control and Port Security
•
On aggregated Ethernet (ae) interfaces, the Link Layer Discovery Protocol (LLDP)
might not work. [PR/781814]
Converged Networks (LAN and SAN)
•
On EX4500 switches, the DCBX protocol does not work. [PR/795835]
Ethernet Switching and Spanning Trees
•
If the bridge priority of a VLAN Spanning Tree Protocol (VSTP) root bridge is changed
such that this bridge becomes a nonroot bridge, the transition might take more than
2 minutes, and you might see a loop during the transition. [PR/661691]
•
You cannot configure a VLAN whose name contains a hyphen (-). As a workaround,
use an underscore (_) in the name instead. [PR/753090]
•
Link-protection switchover and revertive mode might not work as expected.
[PR/781493]
•
Ethernet Ring Protection Switching (ERPS; G.8032) does not block PVST BPDUs.
[PR/793891]
Firewall Filters
•
If you apply a policer to an interface, the policer might not work, and messages similar
to the following are logged: dfw_bind_policer_template_to_filter:205 Binding policer
fails. [PR/802489]
Hardware
44
•
On EX4550 switches, link autonegotiation does not work on 1-Gb SFP interfaces.
[PR/795626]
•
Non-Juniper Networks DAC cables do not work on EX Series switches. [PR/808139]
•
The backlight on the LCD panel of EX4550 switches does not turn on. [PR/820473]
Copyright © 2012, Juniper Networks, Inc.
Outstanding Issues in Junos OS Release 12.2 for EX Series Switches
High Availability
•
After you perform a nonstop software upgrade (NSSU), you might notice a traffic
outage of 150 seconds while the line cards are restarting. [PR/800460]
Infrastructure
•
On EX8208 switches, when a line card that has no interface configurations and is not
connected to any device is taken offline using the request chassis fpc-slot slot-number
offline command, the Bidirectional Forwarding Detection process (bfd) starts and
stops repeatedly. The same bfd process behavior occurs on a line card that is connected
to a Layer 3 domain when another line card that is on the same switch and is connected
to a Layer 2 domain is taken offline. [PR/548225]
•
The output of the show system users no-resolve command displays the resolved
hostname. [PR/672599]
•
The wildcard range unprotect configuration statement might not be synchronized with
the backup Routing Engine. [PR/735221]
•
After the system has been up for days, EX8200 line cards might reach 100 percent
CPU usage and then stay at 100 percent. [PR/752454]
•
On EX4550 switches, if you configure the management (me0) interface and a static
route, the switch is unable to connect to a gateway. [PR/786184]
•
When you add a new virtual routing and forwarding (VRF) instance, existing firewall
filters might not be applied to the new VRF instance. [PR/786662]
•
On XRE200 External Routing Engines on which DHCP snooping and dynamic ARP
inspection are enabled, when packets are transmitted out a different line card type
from the ingress interface, an SFID core file might be created. [PR/794293]
•
On an EX4550 Virtual Chassis, the show chassis environment power-supply-unit CLI
command does not show the power supply status of all the member interfaces. Use
the show chassis hardware CLI command to see the status of the power supplies in
various member interfaces. [PR 817397]
Interfaces
•
When you disable a static link aggregation group (LAG) on an aggregated Ethernet
(ae) interface, Ethernet ring protection traffic traveling in one direction might be lost
for 3 to 5 seconds, and traffic traveling in the other direction might contain extra packets.
[PR/703091]
•
EX4200 and WX4500 switches support 64 aggregated Ethernet interfaces even though
the hardware can support 111 interfaces. [PR/746239]
•
When you issue the show vrrp brief command, a VRRP process (vrrpd) core file might
be created. [PR/782227]
Copyright © 2012, Juniper Networks, Inc.
45
Junos OS 12.2 Release Notes
•
An interface on an EX4550-32F switch might go up and down randomly even when
no cable is plugged in. [PR/803578]
•
On EX3300 switches, when you configure VRRP with MD5 authentication with the
preempt option on an integrated routing and bridging (IRB) interface, a vmcore file
might be created. As a workaround, delete the preempt option and disable MD5
authentication for VRRP. [PR/808839]
J-Web Interface
•
On EX Series switches and on SRX3400, SRX3600, SRX5600, and SRX5800 Series
Services Gateways, when you use the Microsoft Internet Explorer browser to open
reports from the following pages in the J-Web interface, the reports open in the same
browser session:
•
Files page (Maintain > Files)
•
History page (Maintain > Config Management > History)
•
Port Troubleshooting page (Troubleshoot > Troubleshoot > Troubleshoot Port)
•
Static Routing page (Monitor > Routing > Route Information)
•
Support Information page (Maintain > Customer Support > Support Information)
•
View Events page (Monitor > Events and Alarms > View Events)
[PR/433883]
46
•
In the J-Web interface, in the Port Security Configuration page, you are required to
configure the action option when you configure the MAC limit option even though
configuring an action value is not mandatory in the CLI. [PR/434836]
•
In the J-Web interface on EX4200 switches; SRX100, SRX210, SRX240, and SRX650
Security Gateways; and all J Series devices, if you try to change the position of columns
using the drag-and-drop method, only the column header moves to the new position
instead of the entire column in the OSPF Global Settings table in the OSPF Configuration
page, the Global Information table in the BGP Configuration page, or the Add Interface
window in the LACP (Link Aggregation Control Protocol) Configuration page.
[PR/465030]
•
If you configure an IPv6 address for a VLAN in the J-Web interface, you cannot then
edit the VLAN configuration. [PR/466633]
•
When a large number of static routes are configured and you have navigated to pages
other than page 1 in the Route Information table in the Static Routing monitoring page
in the J-Web interface (Monitor > Routing > Route Information), changing the Route
Table to query other routes refreshes the page but does not return to page 1. For
example, if you run a query from page 3 and the new query returns very few results,
the Results table continues to display page 3 and shows no results. To view the results,
navigate to page 1 manually. [PR/476338]
•
In the J-Web interface for EX4500 switches, the Port Configuration page (Configure
> Interfaces > Ports), the Port Security Configuration page (Configure > Security > Port
Copyright © 2012, Juniper Networks, Inc.
Outstanding Issues in Junos OS Release 12.2 for EX Series Switches
Security), and the Filters Configuration page (Configure > Security > Filters) display
features that are not supported on EX4500 switches. [PR/525671]
•
When you use an HTTPS connection in the Microsoft Internet Explorer browser to save
a report from the following pages in the J-Web interface, the error message “Internet
Explorer was not able to open the Internet site” is displayed on the following pages:
•
Files page (Maintain > Files)
•
History page (Maintain > Config Management > History)
•
Port Troubleshooting page (Troubleshoot > Troubleshoot > Troubleshoot Port)
•
Static Routing page (Monitor > Routing > Route Information)
•
Support Information page (Maintain > Customer Support > Support Information)
•
View Events page (Monitor > Events and Alarms > View Events)
[PR/542887]
•
When you open a J-Web interface session using HTTPS, then enter a username and
password and click the Login button, the J-Web interface takes 20 seconds longer to
launch and load the Dashboard page than it does if you use HTTP. [PR/549934]
•
In the J-Web interface, you cannot upload a software package using the HTTPS
protocol. As a workaround, use either the HTTP protocol or the CLI. [PR/562560]
•
If you have accessed the J-Web interface using an HTTPS connection through the
Microsoft Internet Explorer Web browser, you might not be able to download and save
reports from some pages on the Monitor, Maintain, and Troubleshoot tabs. Some
affected pages are at these locations:
•
Maintain > Files > Log Files > Download
•
Maintain > Config Management > History
•
Maintain > Customer Support > Support Information > Generate Report
•
Troubleshoot > Troubleshoot Port > Generate Report
•
Monitor > Events and Alarms > View Events > Generate Report
•
Monitor > Routing > Route Information > Generate Report
As a workaround, use the Mozilla Firefox Web browser to download and save reports
using an HTTPS connection. [PR/566581]
•
If you access the J-Web interface using the Microsoft Internet Web browser version 7,
on the BGP Configuration page (Configure > Routing > BGP), all flags might be shown
in the Configured Flags list (in the Edit Global Settings window, on the Trace Options
tab) even though the flags are not configured. As a workaround, use the Mozilla Firefox
Web browser. [PR/603669]
•
In the J-Web interface, HTTPS access might work with an invalid certificate. As a
workaround, after you change the certificate, issue the restart web-management
command to restart the J-Web interface. [PR/700135]
Copyright © 2012, Juniper Networks, Inc.
47
Junos OS 12.2 Release Notes
48
•
In the J-Web interface, you cannot configure a large VLAN range. For example, you
cannot configure the range to be 1-4093. [PR/700873]
•
On EX4500 Virtual Chassis, if you use the CLI to switch from virtual-chassis mode to
intraconnect mode, the J-Web interface dashboard might not list all the Virtual Chassis
hardware components, and the image of the master and backup switch chassis might
not be visible after an autorefresh occurs. The J-Web interface dashboard also might
not list the vcp-0 and vcp-1 Virtual Chassis ports in the rear view of an EX4200 switch
(in the linecard role) that is part of an EX4500 Virtual Chassis. [PR/702924]
•
On EX2200-C switches, if you have changed the media type and committed the change,
the Ports Configuration page (Configure > Interfaces > Ports) might not list the uplink
port. [PR/742847]
•
In the J-Web interface, you cannot configure the TCP fragment flag for a firewall filter
on the Filters Configuration page (Configure > Security > Filters). [PR/756241]
•
If you have a J-Web interface session open on a standalone EX Series switch, and if
you then add another switch to create a Virtual Chassis, the chassis viewer might be
aligned incorrectly on the dashboard. As a workaround, manually refresh the J-Web
session. [PR/756711]
•
In the J-Web interface, you cannot delete a term from a firewall filter and simultaneously
add a new term to that filter on the Filters Configuration page (Configure > Security >
Filters). [PR/769534]
•
After you remove or reboot a Virtual Chassis member (either the backup or a line card),
when you click other members in the J-Web interface, the chassis view for those
members might not expand, and the dashboard might log the following error: stackImg
is null or not an object. [PR/771415]
•
If a Virtual Chassis contains more than six members, the Support Information page
(Maintain > Customer Support > Support information) might not load. [PR/777372]
•
Some component names shown by the tooltip on the Temperature in Health Status
Panel of the dashboard might be truncated. As a result, you might see many
components that have the same name displayed. For example, the components GEPHY
Front Left, GEPHY Front Middle, and GEPHY Front Right might all be displayed as
GEPHYFront. [PR/778313]
•
On EX Series Virtual Chassis that have more than five members, logging in to the J-Web
interface dashboard might take more than 30 seconds. [PR/785300]
•
If you issue the set protocols rstp interface logical-interface-name edge configuration
command from the command-line interface (CLI), the J-Web interface might show
that the configuration in the Configuration detail for Desktop and Phone page is not
applicable for the port profile. However, no functionality for the Desktop and Phone
port profile is affected. [PR/791323]
•
In the J-Web interface, if you enable a spanning-tree protocol (STP, RSTP, or MSTP)
and then exclude some ports from the spanning tree, you might not be able to include
these ports as part of a Redundant Trunk Group (RTG). [PR/791759]
Copyright © 2012, Juniper Networks, Inc.
Outstanding Issues in Junos OS Release 12.2 for EX Series Switches
•
In the J-Web interface on EX4500 and EX4550 switches, you can configure temporal
and exact-temporal buffers, which are not supported by the Junos OS software.
[PR/796719]
•
In an EX4550 mixed-mode Virtual Chassis in which an EX4550 switch is the master
and at least one Virtual Chassis member supports Power over Ethernet (PoE), if you
click Configure > POE and then click another tab, a javascript error might be displayed.
[PR/797256]
•
In the J-Web interface on EX4550 switches, if you are using in-band management and
select EZsetup, the error message undefined configuration delivery failed is displayed
even though the configuration has been successfully committed. [PR/800523]
Layer 2 and Layer 3 Protocols
•
After a nonstop software upgrade (NSSU) operation, OSPF might remain in the INIT
state because the flooding entry is not programmed correctly. [PR/811178]
Management and RMON
•
The incorrect ifType might be displayed for counters on physical interfaces.
[PR/784620]
•
After a Routing Engine switchover, LACP and MIB process (mib2d) core files might be
created. [PR/790966]
•
In logical systems, you cannot use snmpwalk for SNMP polling. As a workaround,
configure the client at the [edit snmp community logical-system] hierarchy level.
[PR/791859]
Multicast Protocols
•
While multicast is resolving routes, the following SPF-related error might be displayed:
SPF:spf_change_sre(),383: jt_change () returned error-code(Not found:4)![PR/774675]
•
On XRE200 External Routing Engines on which PIM is configured, a nonstop software
upgrade (NSSU) operation might fail when performed when an MSDP peer is not yet
up. As a workaround, either disable nonstop active routing (NSR) for PIM using the set
protocols pim nonstop-routing disable configuration comment or ensure that MSDP
has reached the Established state before starting an NSSU operation. [PR/799137]
Copyright © 2012, Juniper Networks, Inc.
49
Junos OS 12.2 Release Notes
Software Upgrade and Installation
•
After you upgrade the Junos OS software, a ppmd core might be created and protocols
that use ppmd might not work correctly. [PR/802315]
Virtual Chassis
Related
Documentation
•
On EX8200 Virtual Chassis, when you perform an snmpwalk operation on the
jnxPsuMIB, the output shows details only for the power supplies on a single line card
member. [PR/689656]
•
When you remove the hard drive on an EX-XRE200 External Routing Engine, an SNMP
trap and a system alarm are not generated. [PR/710213]
•
In EX4200 and EX4500 mixed-mode Virtual Chassis, the following log message is
seen after every reboot: CHASSISD_PIC_OID_UNKNOWN: Unable to find OID for PIC.
Also, for the line cards on the EX4200 switch, the jnxContentsType MIB might report
the value jnxEX4500MediaCardSpacePIC.0. [PR/711871]
•
In a mixed EX4200 and EX4500 Virtual Chassis, the master chassis view might display
the temperature indicator of the backup. [PR/783052]
•
On EX4550 Virtual Chassis, if you configure more than 2036 routed VLAN interfaces
(RVIs), ping operations might fail. [PR/791821]
•
New Features in Junos OS Release 12.2 for EX Series Switches on page 28
•
Changes in Default Behavior and Syntax in Junos OS Release 12.2 for EX Series Switches
on page 36
•
Limitations in Junos OS Release 12.2 for EX Series Switches on page 37
•
Resolved Issues in Junos OS Release 12.2 for EX Series Switches on page 50
•
Changes to and Errata in Documentation for Junos OS Release 12.2 for EX Series
Switches on page 60
•
Upgrade and Downgrade Instructions for Junos OS Release 12.2 for EX Series Switches
on page 61
Resolved Issues in Junos OS Release 12.2 for EX Series Switches
The following are the issues that have been resolved in Junos OS Release 12.2 for EX
Series switches. The identifier following the descriptions is the tracking number in our
bug database.
For the most complete and latest information about known Junos OS defects, use the
Juniper online Junos Problem Report Search application.
50
Copyright © 2012, Juniper Networks, Inc.
Resolved Issues in Junos OS Release 12.2 for EX Series Switches
NOTE: Other software issues that are common to both EX Series switches
and M, MX, and T Series routers are listed in “Issues in Junos OS Release 12.2
for M Series, MX Series, and T Series Routers” on page 122.
•
Issues Resolved in Release 12.2R1 on page 51
Issues Resolved in Release 12.2R1
The following issues have been resolved since Junos OS Release 12.1. The identifier
following the description is the tracking number in our bug database.
Access Control and Port Security
•
You cannot configure the level for storm control. [PR/734307: This issue has been
resolved.]
•
EX3200 switches might repeatedly create 802.1X core files. As a workaround, if access
accounting is enabled, disable it by issuing the deactivate access profile profile-name
accounting configuration mode command. [PR/739921: This issue has been resolved.]
•
When you configure the Multiple VLAN Registration Protocol (MVRP), the LLDP process
might create a core file as the result of a memory leak. [PR/740793: This issue has
been resolved.]
•
If you enable 802.1X with MAC RADIUS authentication, that is, by including the
mac-radius statement in the configuration, the authentication manager process (authd)
might reach a memory limit when there are approximately 250 users. As a workaround,
reset the authd process when it reaches 85 percent of its RLIMIT_DATA value (that is,
85 percent of 130 MB). To check the amount of memory being used by the authd
process, use the show system processes extensive operational mode command.
[PR/783363: This issue has been resolved.]
•
When access configuration is not required and the guest VLAN feature is configured,
supplicants might not be authenticated using the guest VLAN, and they might remain
in the connecting state. [PR/783606: This issue has been resolved.]
•
DHCP snooping might not allow DHCP Inform ACK packets to pass to the client.
[PR/787161: This issue has been resolved.]
•
If you configure 802.1X (dot1X) with static MAC bypass and a new host is added to the
exclusion list, the MAC addresses of existing hosts that have already been successfully
authenticated by static MAC bypass might move to an incorrect VLAN. [PR/787679:
This issue has been resolved.]
Copyright © 2012, Juniper Networks, Inc.
51
Junos OS 12.2 Release Notes
Converged Networks (LAN and SAN)
•
On EX4500 switches, the DCBX protocol does not work. [PR/795835: This issue has
been resolved.]
Ethernet Switching and Spanning Trees
•
When you enable Q-in-Q tunneling and MLD snooping, no snooping database is present
on the switch. [PR/693224: This issue has been resolved.]
•
On EX Series switches, during the MAC learning period, excessive log messages similar
to MRVL-L2:mrvl_fdb_mac_entry_uc_set() might be displayed. [PR/695200: This issue
has been resolved.]
•
The Layer 3 traffic on an integrated routing and bridging (IRB) trunk interface might
fail. [PR/732237: This issue has been resolved.]
•
When you configure an IPv6 address on a VLAN interface that is down, the IPv6 address
might go into the Tentative state. [PR/733651: This issue has been resolved.]
•
When using VSTP, if you try to enable all VLANs on a physical interface that is a member
of all the VLANs, a configuration error might be displayed. For more information, see
“Upgrade and Downgrade Instructions for Junos OS Release 12.2 for EX Series Switches”
on page 61. [PR/736488: This issue has been resolved.]
•
If a VLAN change occurs quickly, the client might not be able to get an IP address.
[PR/746479: This issue has been resolved.]
•
When VRRP is running between two EX8200 switches on a VLAN, after a master
switchover, both switches might act as master. [PR/752868: This issue has been
resolved.]
Firewall Filters
•
If multiple firewall rules are being programmed into the switch hardware simultaneously,
a Packet Forwarding Engine (pfem) core file might be created. [PR/746337: This issue
has been resolved.]
Hardware
52
•
After you have disabled the LCD Maintenance Menu and rebooted the switch, the
EZSetup option might be available. [PR/707279: This issue has been resolved.]
•
The EZsetup option is available on the LCD Maintenance Menu regardless of the factory
default status of the switch. [PR/736411: This issue has been resolved.]
•
On EX3300 switches, power supply failure errors might occur. To circumvent this
problem, a software workaround has been provided. The software reads the power
supply bit multiple times before it declares the power supply module to be down.
[PR/743115: This issue has been resolved.]
Copyright © 2012, Juniper Networks, Inc.
Resolved Issues in Junos OS Release 12.2 for EX Series Switches
High Availability
•
No command-line interface (CLI) command is available to verify that nonstop bridging
(NSB) is enabled. To do this, you can now use the show ethernet-switching task
replication command. [PR/613452: This issue has been resolved.]
•
If you perform a nonstop software upgrade (NSSU) operation that includes the reboot
option, some traffic loss might occur. [PR/717662: This issue has been resolved.]
•
On an XRE200 External Routing Engine, when you perform a nonstop software upgrade
(NSSU) operation that includes the reboot option, the physical link might flap, which
causes traffic loss and protocol flapping. [PR/718472: This issue has been resolved.]
•
When nonstop bridging (NSB) is enabled on a switch, if you issue the show spanning-tree
interface msti msti-id command on the backup Routing Engine, no output is displayed.
[PR/732676: This issue has been resolved.]
•
When you configure nonstop active routing (NSR) for IP multicast, RPD on the backup
switch might create a core file. [PR/734769: This issue has been resolved.]
•
During a graceful Routing Engine switchover (GRES) operation, ICMP packets might
be dropped. [PR/737168: This issue has been resolved.]
•
After a graceful Routing Engine switchover (GRES) operation with nonstop bridging
(NSB), the MSTP port boundary status might be displayed incorrectly. [PR/737179:
This issue has been resolved.]
Infrastructure
•
If you enable gratuitous ARP by including the gratuitous-arp-reply,
no-gratuitous-arp-reply, or no-gratuitous-arp-request statement in the configuration,
the switch might process gratuitous ARP packets incorrectly. [PR/518948: This issue
has been resolved.]
•
Rate limiting for management traffic (namely, FTP, SSH, and Telnet) arriving on network
ports causes file transfer speeds to be slow. [PR/691250: This issue has been resolved.
•
In some cases, broadcast traffic that is received on the management port (me0) is
broadcast to other subnets on the switch. [PR/705584: This issue has been resolved.]
•
In previous releases, typing the Alt-break sequence on the console put the console
interface in debugger mode (the db> prompt). You can now configure the system
no-debugger-on-alt-break statement to disable the Alt-break sequence on the serial
console. [PR/717491: This issue has been resolved.]
•
When the switch power-cycles ungracefully, the contents of flash memory and the
switch’s file system might become out of sync. [PR/719101: This issue has been
resolved.]
•
The allow-configuration-regexps statement at the [edit system login class] hierarchy
level does not work exactly the same way as the deprecated allow-configuration
statement at the same hierarchy level. [PR/720013: This issue has been resolved.]
•
NTP-related show commands, such as show ntp status, might display incorrect output.
[PR/722528: This issue has been resolved.]
Copyright © 2012, Juniper Networks, Inc.
53
Junos OS 12.2 Release Notes
54
•
On EX4200 switches, after you issue the request system zeroize media command, you
might not be able to establish a connection with the switch using SSH, and you might
not be able to issue the commit command on the switch. [PR/723918: This issue has
been resolved.]
•
On EX8208 switches, when the Switch Fabric and Routing Engine (SRE) module is in
the spare state and you configure it to go offline and then come back online again, the
module’s ST LED does not turn back on. [PR/724455: This issue has been resolved.]
•
If you issue the show krt next-hop or show krt iflist-next-hop command, and if you later
delete a route or the route is removed, an rpd core file might be created. [PR/727014:
This issue has been resolved.]
•
On EX8200 switches, after you issue the request system zeroize media command, the
line cards might not come online. [PR/728082: This issue has been resolved.]
•
If you include the autoinstallation configuration statement at the [edit system] hierarchy
level, the switch interfaces might not work correctly. [PR/728344: This issue has been
resolved.]
•
The Ethernet switching process (eswd) might create a core file. [PR/732263: This issue
has been resolved.]
•
If you abruptly take a power supply offline, a chassis manager process (chassimd)
core file might be created. [PR/737604: This issue has been resolved.]
•
The request system zeroize command might not erase all files, such as files in the
/config, /var/db/config, and /var/db directories. [PR/737916: This issue has been
resolved.]
•
If you use EZsetup to configure a root password that contains a comma (,), the
characters after the comma are not checked during authentication, so it is possible to
log in to the switch with several different passwords. As a workaround, configure the
root password from the CLI. [PR/738310: This issue has been resolved.]
•
When you quickly insert and then remove a line card, the chassis manager process
(chassism) might become unstable. [PR/740730: This issue has been resolved.]
•
On EX Series switches and SRX Series Services Gateways, when you enable "Change
password every time the user logs out" on the active directory, the user is unable to
change his or her password. [PR/740869: This issue has been resolved.]
•
On EX8200 switches, a chassis manager process (chassism) core file might be created.
[PR/745964: This issue has been resolved.]
•
If you have configured PIM in dense or dense-sparse mode and there are more than
1500 sources for a group, a scheduler slip error (RPD_SCHED_SLIP) might occur, and
IGMP might use a large number of CPU cycles. [PR/748420: This issue has been
resolved.]
•
When there is a large amount of NetBIOS traffic on the network, the switch might
exhibit high latency while pinging between VLANs. [PR/748707: This issue has been
resolved.]
Copyright © 2012, Juniper Networks, Inc.
Resolved Issues in Junos OS Release 12.2 for EX Series Switches
•
On EX4200 switches, a Packet Forwarding Engine process (pfem) core file might be
created while the switch is running the PFE internal support script and saving the output
to a file. [PR/749974: This issue has been resolved.]
•
On all EX Series switches except EX8200 switches, if you have configured several
policer settings in the same filter, they might all be overwritten when you change one
of the settings. As a workaround, delete the setting, then add it back again with the
desired changes. [PR/750497: This issue has been resolved.]
•
You might see the following message in log files: Kernel/ (COMPOSITE NEXT HOP)
failed, err 6 (No Memory). [PR/751985: This issue has been resolved.]
•
On EX3300 switches, if you configure more than 20 BGPv6 neighbor sessions, the
command-line interface (CLI) might display the db> prompt. [PR/753261: This issue
has been resolved.]
•
On EX8200 switch line cards, a Packet Forwarding Engine process (pfem) core file
might be created as the result of a memory segmentation fault. [PR/757108: This issue
has been resolved.]
•
On XRE200 External Routing Engines, when you issue the show chassis hardware
(<get-chassis-inventory>) command, duplicate occurrences of <name> and
<serial-number> tags under the <chassis> tag might result in malformed XML output.
[PR/772507: This issue has been resolved.]
•
When an EX Series switch is routing multicast traffic, that traffic might not exit from
the multicast router port in the source VLAN. [PR/773787: This issue has been resolved.]
•
EX4500 Series switches and EX8200-40XS line cards do not forward IP UDP packets
when their destination port is 0x013f (PTP) or when the fragmented packet has the
value 0x013f at the same offset (0x2c). [PR/775329: This issue has been resolved.]
•
When EX Series switches receive packets across a GRE tunnel, the switches might not
generate ARP packet. [PR/782323: This issue has been resolved.]
•
After you remove an IPv6 interface configuration and then perform a rollback operation,
the IPv4 label might change to explicit null. [PR/786537: This issue has been resolved.]
•
When many packets are queued to have their next hop resolved, some packets might
become corrupted. [PR/790201: This issue has been resolved.]
•
If you configure IPv6 and VRRP, the IPv6 VRRP MAC address might be used incorrectly
as the source MAC address when routing traffic across VLANs. [PR/791586: This issue
has been resolved.]
Interfaces
•
When you configure the no-preempt and interface-tracking options on a switch that is
a VRRP master router, if the VRRP mastership is taken over by a switch that is a VRRP
backup router and the tracking interface on the original master router goes down, then
if the tracking interface on the original master router comes back up and the master's
original priority is restored, the new master's mastership might transition to the original
master router. [PR/699243: This issue has been resolved.]
•
After multiple graceful Routing Engine switching (GRES) operations, the virtual
management Ethernet (vme) interface might go down and then come up again after
Copyright © 2012, Juniper Networks, Inc.
55
Junos OS 12.2 Release Notes
you issue the restart ethernet-switching command. [PR/719424: This issue has been
resolved.]
•
When you delete the VLAN mapping for an aggregated Ethernet (ae) interface, the
Ethernet switching process (eswd) might crash and display the error message No vlan
matches vlan tag 116 for interface ae5.0. [PR/731731: This issue has been resolved.]
•
On EX8200 switches, the master-only configuration for the management interface
does not work. [PR/753765: This issue has been resolved.]
•
When EX Series switches receive packets across a GRE tunnel, they might not generate
and send ARP packets to the device at the other end of the tunnel. [PR/782323: This
issue has been resolved.]
J-Web Interface
•
In the J-Web interface on EX Series switches, J4350 Services Router, M Series routers,
MX Series routers, and SRX210 Services Gateways, you cannot log out of the device
using the CLI Terminal page (Diagnose > CLI Terminal), because the Logout option is
not listed on the page. [PR/401772]
•
If you have created dynamic VLANs by enabling MVRP from the CLI, then in the J-Web
interface, the following features do not work with dynamic VLANs and static VLANs:
•
In the Port Configuration page (Configure > Interface > Ports)—Port profile (select
the interface, click Edit, and select Port Role) or the VLAN option (select the interface,
click Edit, and select VLAN Options).
•
VLAN option in the LACP (Link Aggregation Control Protocol) Configuration page
(Configure > Interface > Link Aggregation)—Select the aggregated interface, click
Edit, and click VLAN.
•
In the 802.1X Configuration page (Configure > Security > 802.1x)—VLAN assignment
in the exclusion list (click Exclusion List and select VLAN Assignment) or the move
to guest VLAN option (select the port, click Edit, select 802.1X Configuration, and
click the Authentication tab).
•
Port security configuration page (Configure > Security > Port Security).
•
In the Port Mirroring Configuration page (Configure > Security > Port
Mirroring)—Analyzer VLAN or ingress or egress VLAN (click Add or Edit and then add
or edit the VLAN).
[PR/669188: This issue has been resolved.]
56
•
The J-Web interface is vulnerable to HTML cross-site scripting attacks, also called XST
or cross-site tracing. [PR/752398: This issue has been resolved.]
•
When a large number of inbound HTTP connections are established over an extended
period of time, the HTTP process (httpd) might become trapped in a loop, resulting in
high CPU utilization. The CPU load continues even after the stream of connection
attempts is terminated. To reduce the CPU load, you must kill the process from the
shell. Two workarounds are to disable the J-Web interface or to allow access to the
J-Web interface only from trusted networks. Alternatively, apply a policer at the edge
or on the control plane (lo0) to rate-limit inbound connections to TCP port 80. Note
Copyright © 2012, Juniper Networks, Inc.
Resolved Issues in Junos OS Release 12.2 for EX Series Switches
that the typical side effects of applying rate limiting to services (for example, an
increased risk of successful DoS attacks) also apply to inbound J-Web interface
connections, so care should be taken before making changes to control plane protection
firewall filters. See RFC 6192 for guidance on protecting the router's control plane.
[PR/693434: This issue has been resolved.]
•
In the Login/Splash screen and the Help mapping file, the copyright date is set to 2011.
[PR/731790: This issue has been resolved.]
•
On the J-Web dashboard the Total number of ports field in the Capacity utilization
page might show incorrect values for a mixed EX4200 and EX4500 Virtual Chassis.
As a workaround, use the show chassis hardware | match PIC | except Virtual command
to display the correct values. [PR/734766: This issue has been resolved.]
•
In the J-Web interface, if you click the EX8200-48T, EX8200-48F, or EX8200-8XS
line card in the chassis view in the dashboard, the expanded line card might not load
its interfaces and might not display the interface status for both the EX8208 and
EX8216 switches. As a workaround, first click the EX8200-40XS in the same chassis
view and then close that line card. Then, click the EX8200-48T, EX8200-48F, or
EX8200-8XS line card to display the status of all interfaces. [PR/742448: This issue
has been resolved.]
•
If you used the CLI to create a redundant trunk link (RTG) group whose members are
not trunk ports, you cannot edit this group from the J-Web interface. As a workaround,
edit the group from the CLI. [PR/745458: This issue has been resolved.]
•
For EX Series switches, when you use the J-Web interface software upload package,
the unlink option does not work. [PR/746546: This issue has been resolved.]
•
When a switch has no routed interfaces, you cannot use the J-Web interface to add
OSPF areas. As a workaround, use the CLI to add these areas. [PR/746624: This issue
has been resolved.]
•
In the J-Web interface on an EX8200 switch that is set in virtual-chassis mode, when
you expand the number of uplink modules, line cards that have no uplink module report
an error or map ports to nonexistent modules. This problem happens the first time that
you configure capacity utilization values. [PR/750854: This issue has been resolved.]
•
When you configure the no-tcp-reset statement, the J-Web interface might be slow or
unresponsive. [PR/754175: This issue has been resolved.]
•
In the J-Web interface on EX Series switches and on M Series and MX Series routers,
you might not be able to upload a configuration file from the Upload page (Maintain
> Config Mgmt > Upload). [PR/784009: This issue has been resolved.]
•
In the J-Web interface, the Help page for the Install package in the Software
Maintenance page (Maintain > Software) might not appear. [PR/786654: This issue
has been resolved.]
Layer 2 and Layer 3 Protocols
•
On EX2200, EX3300, and EX6200 switches, and on EX8200 Virtual Chassis, NetBIOS
snooping does not work. [PR/706588: This issue has been resolved.]
Copyright © 2012, Juniper Networks, Inc.
57
Junos OS 12.2 Release Notes
•
If you try to configure a Layer 3 protocol such as IS-IS, OSPF, or RIP on a Layer 2 interface
(that is, an interface configured with the family ethernet-switching), the commit
operation fails. [PR/729923: This issue has been resolved.]
•
When a BFD session has stale entries, it might flap. [PR/744302: This issue has been
resolved.]
Management and RMON
•
The connectivity-fault management (CFM) process (cfmd) might create a core file.
[PR/597302: This issue has been resolved.]
•
When you are using IS-IS for forwarding only IPv6 traffic and IPv4 routing is not
configured, if you perform an SNMP get/walk on an IS-IS routing database table, the
RPD process might crash and restart, possibly causing a momentary traffic drop.
[PR/753936: This issue has been resolved.]
•
When an SNMP string is longer than 30 characters, it is not displayed in Junos OS
command output. [PR/781521: This issue has been resolved.]
•
On EX Series switches, and M Series Multiservice Edge Routers, MX Series 3D Universal
Edge Routers, and T Series Core Routers, after you upgrade to Junos OS Release 11.4R3,
11.4R4, or 12.1R2, the device might stop responding to SNMP ifIndex list queries. As a
workaround, restart the switch. If restarting the switch is not an option, restart the
shared-memory daemon (shm-rtsdbd). [PR/782231: This issue has been resolved.]
MPLS
•
On EX3200 and EX4200 switches, no counters are incremented in MPLS statistics
files for label-switched paths (LSPs) that are used for circuit cross-connects (CCCs).
[PR/724371: This issue has been resolved.]
Software Installation and Upgrade
58
•
When you use NSSU to upgrade from Junos OS Release 11.3R5, all traffic across a link
aggregation group (LAG) might be dropped. [PR/733050: This issue has been resolved.]
•
The unlink option in the request system software add package unlink command does
not work on EX Series switches. [PR/739795: This issue has been resolved.]
Copyright © 2012, Juniper Networks, Inc.
Resolved Issues in Junos OS Release 12.2 for EX Series Switches
Unified Access Control (UAC)
•
When an EX Series switch is configured as a Junos OS enforcer on an IC Series Unified
Access Control Appliance, the Odyssey Access Client (OAC) status might change from
open/authenticating to open and authenticated. [PR/742369: This issue has been
resolved.]
Virtual Chassis
•
On EX4200 Virtual Chassis, if you delete an uplink interface on which the family mpls
option is configured, the MPLS functionality on the corresponding symmetric interfaces
on the other members might be affected. [PR/704480: This issue has been resolved.]
•
On EX8200 Virtual Chassis, when you swap the members of a link aggregation group
(LAG), a vmcore or ksyncd core file might be created on the backup Routing Engine.
[PR/711679: This issue has been resolved.]
•
In a setup in which two XRE200 External Routing Engines (one acting as the master,
the other as the backup) are connected to a member of an EX8200 Virtual Chassis
that has two Routing Engines (one acting as the master, the other as the backup), if
you remove the master Routing Engine or if you reboot this Routing Engine (for example,
using the request system reboot member 0 re0 command when re0 is the master Routing
Engine), interfaces on which the Link Aggregation Control Protocol (LACP) is configured
might flap. This interface flapping does not occur if you remove or reboot the backup
Routing Engine. [PR/718857: This issue has been resolved.]
•
On EX4500 Virtual Chassis, you cannot configure a mastership priority of 0 from the
J-Web interface. As a workaround, configure this priority from the CLI. [PR/721426:
This issue has been resolved.]
•
The XRE200 External Routing Engine temperature monitors, which you can view using
the show chassis environment command, might report temperatures that are twice as
high as the actual temperature. This temperature-reporting error has no impact on
XRE200 External Routing Engine behavior. The fans and the system receive the correct
temperature internally, so unwanted fan speed changes or an XRE200 External Routing
Engine shutdown cannot occur as a result of this misreported temperature. However,
the incorrect reported temperatures generate alarms and alarm messages. [PR/734233:
This issue has been resolved.]
•
In some help files, the copyright date is set to 2011 instead of 2012. [PR/735607: This
issue has been resolved.]
•
On EX4200 switches and EX4200 Virtual Chassis, the event process (eventd) might
create a core file. [PR/737893: This issue has been resolved.]
•
On EX3300 switches, when a Virtual Chassis is formed, the Virtual Chassis backup
member’s console CLI does not automatically redirect to the Virtual Chassis master's
console CLI. As a workaround, manually log out from the Virtual Chassis backup
member. [PR/744241: This issue has been resolved.]
•
When you configure EX4200 Virtual Chassis with automated installation scripts, the
installation might fail. As a workaround, include the member option in the request
system scripts add command. [PR/747476: This issue has been resolved.]
Copyright © 2012, Juniper Networks, Inc.
59
Junos OS 12.2 Release Notes
Related
Documentation
•
On EX8200 standalone switches or EX8200 Virtual Chassis on which an aggregated
Ethernet interface is configured, multiple core files might be created on the line cards.
[PR/749298: This issue has been resolved.]
•
In EX8200 Virtual Chassis, the switch might incorrectly send untagged packets. As a
result, some hosts in the VLAN might experience connectivity issues. [PR/752021: This
issue has been resolved.]
•
In EX8200 Virtual Chassis, after one Virtual Chassis member is rebooted, the line card
of the corresponding rebooted linecard chassis is not brought down immediately, and
hence the peer sees that the interfaces remain in the Up state. Additionally, the interface
state is not be cleared immediately in the switch card chassis kernel. The result is that
the protocol session goes down and traffic loss occurs even if you have configured
nonstop active routing (NSR). [PR/754603: This issue has been resolved.]
•
New Features in Junos OS Release 12.2 for EX Series Switches on page 28
•
Changes in Default Behavior and Syntax in Junos OS Release 12.2 for EX Series Switches
on page 36
•
Limitations in Junos OS Release 12.2 for EX Series Switches on page 37
•
Outstanding Issues in Junos OS Release 12.2 for EX Series Switches on page 43
•
Changes to and Errata in Documentation for Junos OS Release 12.2 for EX Series
Switches on page 60
•
Upgrade and Downgrade Instructions for Junos OS Release 12.2 for EX Series Switches
on page 61
Changes to and Errata in Documentation for Junos OS Release 12.2 for EX Series Switches
•
Changes to Junos OS for EX Series Switches Documentation on page 60
•
Errata on page 60
Changes to Junos OS for EX Series Switches Documentation
No changes have been made to the documentation for Junos OS Release 12.2 for EX
Series switches since it was published.
Errata
This section lists outstanding issues with the published documentation for Junos OS
Release 12.2 for EX Series switches.
60
Copyright © 2012, Juniper Networks, Inc.
Upgrade and Downgrade Instructions for Junos OS Release 12.2 for EX Series Switches
•
auto-sw-update configuration statement—The auto-sw-update configuration
statement topic does not include information about the ex-4200 and ex-4500 options
that were introduced for the statement in Junos OS Release 12.2. These options enable
the automatic software update feature for all mixed Virtual Chassis that include EX4200
and EX4500 member switches.
You can use the instructions in Configuring Automatic Software Update on EX2200,
EX3300, EX4200, EX4500, or EX4550 Virtual Chassis Member Switches (CLI
Procedure) to enable the automatic software update feature for your mixed Virtual
Chassis that includes EX4200 and EX4500 member switches.
The auto-sw-update configuration statement topic will be updated in a later release.
[This issue is being tracked by PR/541092.]
Related
Documentation
•
Ethernet OAM link fault management—You can configure Ethernet OAM link fault
management (LFM) on aggregated interfaces.
•
Multicast load balancing on EX8200 switches—On EX8200 switches, you can use
the show chassis multicast load-balance command to see whether multicast load
balancing is enabled, and if it is, what the hash mode has been set to. The command
description will be added to the EX Series documentation in an upcoming release. [This
issue was being tracked by PR/665072.]
•
request system software validate command—The documentation for the request
system software validate command incorrectly states that this command is supported
on EX Series switches. This command is not supported on any EX Series switches.
[This issue is being tracked by PR/803185.]
•
vlans configuration statement—The documentation for the vlans configuration
statement incorrectly states the required privilege levels as routing and routing-control.
The correct privilege level for this statement is system and system-control.
•
New Features in Junos OS Release 12.2 for EX Series Switches on page 28
•
Changes in Default Behavior and Syntax in Junos OS Release 12.2 for EX Series Switches
on page 36
•
Limitations in Junos OS Release 12.2 for EX Series Switches on page 37
•
Outstanding Issues in Junos OS Release 12.2 for EX Series Switches on page 43
•
Resolved Issues in Junos OS Release 12.2 for EX Series Switches on page 50
•
Upgrade and Downgrade Instructions for Junos OS Release 12.2 for EX Series Switches
on page 61
Upgrade and Downgrade Instructions for Junos OS Release 12.2 for EX Series Switches
This section discusses the following topics:
•
Upgrade and Downgrade Support Policy for Junos OS Releases on page 62
•
Upgrading to Junos OS Release 12.1R2 or Later Releases, with Existing VSTP
Configurations on page 62
•
Upgrading from Junos OS Release 10.4R3 or Later on page 62
Copyright © 2012, Juniper Networks, Inc.
61
Junos OS 12.2 Release Notes
•
Upgrading from Junos OS Release 10.4R2 or Earlier on page 64
•
Upgrading EX Series Switches Using NSSU on page 64
Upgrade and Downgrade Support Policy for Junos OS Releases
Support for upgrades and downgrades that span more than three Junos OS releases at
a time is not provided, except for releases that are designated as Extended End-of-Life
(EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can
upgrade directly from one EEOL release to the next EEOL release even though EEOL
releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after
the currently installed EEOL release, or to two EEOL releases before or after. For example,
Junos OS Releases 10.0, 10.4, and 11.4 are EEOL releases. You can upgrade from Junos OS
Release 10.0 to Release 10.4 or even from Junos OS Release 10.0 to Release 11.4. However,
you cannot upgrade directly from a non-EEOL release that is more than three releases
ahead or behind. For example, you cannot directly upgrade from Junos OS Release 10.3
(a non-EEOL release) to Junos OS Release 11.4 or directly downgrade from Junos OS
Release 11.4 to Junos OS Release 10.3.
To upgrade or downgrade from a non-EEOL release to a release more than three releases
before or after, first upgrade to the next EEOL release and then upgrade or downgrade
from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see
Junos Software Dates & Milestones.
Upgrading to Junos OS Release 12.1R2 or Later Releases, with Existing VSTP
Configurations
If you are upgrading to Junos OS Release 12.1R2 or later releases, including Release 12.2R1,
ensure that any VSTP configurations on the switch meet the following guidelines. If the
VSTP configurations do not meet these guidelines and you run the upgrade, the upgrade
fails and you have to connect the console, change the invalid VSTP configurations, and
commit the changed configurations through the console. Guidelines for VSTP
configurations are:
•
If you have specified physical interfaces for VSTP-configured VLANs, ensure that those
interfaces are members of the VLANs specified in the VSTP configuration. If the VSTP
configuration specifies vlan all, then the interfaces configured under vstp vlan all must
be members of all VLANs.
•
If the interfaces are not members of the VLANs in the VSTP configurations but are
already added to the VSTP configurations, remove them from those configurations,
add them to the VLANs, and then add them back to the VSTP configurations.
This issue is being tracked by PR/736488 in our bug database.
Upgrading from Junos OS Release 10.4R3 or Later
This section contains the procedure for upgrading from Junos OS Release 10.4R3 or later
to Junos OS Release 12.2. You can use this procedure to upgrade Junos OS on a standalone
62
Copyright © 2012, Juniper Networks, Inc.
Upgrade and Downgrade Instructions for Junos OS Release 12.2 for EX Series Switches
EX Series switch with a single Routing Engine and to upgrade all members of a Virtual
Chassis or a single member of a Virtual Chassis.
To upgrade Junos OS on an EX6200 or EX8200 switch with dual Routing Engines, see
Installing Software on an EX Series Switch with Redundant Routing Engines (CLI Procedure).
On switches with dual Routing Engines or on Virtual Chassis, you might also be able to
use nonstop software upgrade (NSSU) to upgrade Junos OS. See “Upgrading EX Series
Switches Using NSSU” on page 64 for more information.
To upgrade Junos OS on a switch with a single Routing Engine or on a Virtual Chassis:
1.
Download the software package as described in Downloading Software Packages from
Juniper Networks.
2. (Optional) Back up the current software configuration to a second storage option.
See the Junos OS Installation and Upgrade Guide for instructions.
3. (Optional) Copy the software package to the switch. We recommend that you use
FTP to copy the file to the /var/tmp directory.
This step is optional because you can also upgrade Junos OS using a software image
that is stored at a remote location.
4. Install the new software package on the switch:
user@switch> request system software add package
Replace package with one of the following paths:
•
/var/tmp/package.tgz—For a software package in a local directory on the switch
•
ftp://hostname/pathname/package.tgz or
http://hostname/pathname/package.tgz—For a software package on a remote server
package.tgz is the name of the package; for example,
jinstall-ex-4200-11.4R1.8-domestic-signed.tgz.
To install software packages on all switches in a mixed EX4200 and EX4500 Virtual
Chassis, use the set option to specify both the EX4200 package and the EX4500
package:
user@switch> request system software add set [package package]
To install the software package on only one member of a Virtual Chassis, include the
member option:
user@switch> request system software add package member member-id
Other members of the Virtual Chassis are not affected. To install the software on all
members of the Virtual Chassis, do not include the member option.
Copyright © 2012, Juniper Networks, Inc.
63
Junos OS 12.2 Release Notes
NOTE: To abort the installation, do not reboot your device. Instead, finish
the installation, and then issue the request system software delete
package.tgz command, where package.tgz is the name of the package; for
example, jinstall-ex-8200-11.4R1.8-domestic-signed.tgz. This is the last
chance to stop the installation.
5. Reboot the switch to start the new software:
user@switch> request system reboot
To reboot only a single member in a Virtual Chassis, include the member option:
user@switch> request system reboot member
6. After the reboot has completed, log in and verify that the new version of the software
is properly installed:
user@switch> show version
7. Once you have verified that the new Junos OS version is working properly, copy the
version to the alternate slice to ensure that if the system automatically boots from
the backup partition, it uses the same Junos OS version:
user@switch> request system snapshot slice alternate
To update the alternate root partitions on all members of a Virtual Chassis, include
the all-members option:
user@switch> request system snapshot slice alternate all-members
Upgrading from Junos OS Release 10.4R2 or Earlier
To upgrade to Junos OS Release 12.2 from Release 10.4R2 or earlier, first upgrade to Junos
OS Release 11.4 by following the instructions in the Junos OS Release 11.4 release notes.
See Upgrading from Junos OS Release 10.4R2 or Earlier or Upgrading from Junos OS Release
10.4R3 or Later in the Junos OS 11.4 Release Notes.
Upgrading EX Series Switches Using NSSU
You can use nonstop software upgrade (NSSU) to upgrade Junos OS releases on
standalone EX6200 and EX8200 switches with dual Routing Engines and on EX3300,
EX4200, EX4500, and EX8200 Virtual Chassis. For instructions on how to perform an
upgrade using NSSU, see:
•
Upgrading Software on an EX3300 Virtual Chassis, EX4200 Virtual Chassis, EX4500
Virtual Chassis, or Mixed EX4200 and EX4500 Virtual Chassis Using Nonstop Software
Upgrade (CLI Procedure)
•
Upgrading Software on an EX6200 or EX8200 Standalone Switch Using Nonstop Software
Upgrade (CLI Procedure)
•
Upgrading Software on an EX8200 Virtual Chassis Using Nonstop Software Upgrade (CLI
Procedure)
64
Copyright © 2012, Juniper Networks, Inc.
Upgrade and Downgrade Instructions for Junos OS Release 12.2 for EX Series Switches
Table 1 on page 65 details the switch platforms on which NSSU is supported and the
required Junos OS releases.
Table 1: Platform and Junos OS Upgrade Support for NSSU
Switch Platform
Upgrade from Junos OS
Release x.x
Upgrade to Junos OS Release 12.2
EX3300 Virtual Chassis
Releases earlier than 12.1R2
Not supported
12.1R2 or later
Supported
Releases earlier than 12.1R1
Not supported
12.1R1 or later
Supported
Releases earlier than 12.1R2
Not supported
12.1R2 or later
Supported
10.4R1 or later
Not supported
11.1R1 or later
Supported
11.2R1 or later
Supported
11.3R1 or later
Supported
11.4R1 or later
Supported
12.R1 or later
Supported
10.4R1 or later
Not supported
11.1R1, 11.1R2, or 11.1R3
Not recommended
11.1R4 or later
Supported
11.2R1 or later
Supported
11.3R1 or later
Supported
11.4R1 or later
Supported
12.1R1 or later
Supported
EX4200 Virtual Chassis, EX4500 Virtual Chassis,
and mixed EX4200 and EX4500 Virtual Chassis
EX6200 standalone switch
EX8200 standalone switch
EX8200 Virtual Chassis
On an EX8200 Virtual Chassis, an NSSU operation can be performed only if you have
configured the XRE200 External Routing Engine member ID to be 8 or 9.
Copyright © 2012, Juniper Networks, Inc.
65
Junos OS 12.2 Release Notes
NOTE: If you are using NSSU to upgrade the software on an EX8200 switch
from Junos OS Release 11.1 and sFlow technology is enabled, disable sFlow
technology before you perform the upgrade using NSSU. After the upgrade
is complete, you can reenable sFlow technology. If you do not disable sFlow
technology before you perform the upgrade with NSSU, sFlow technology
does not work properly. This issue does not affect upgrades from Junos OS
Release 11.2 or later.
NOTE: If you are using NSSU to upgrade the software on an EX8200 switch
from Junos OS Release 11.1 and NetBIOS snooping is enabled, disable NetBIOS
snooping before you perform the upgrade using NSSU. After the upgrade is
complete, you can reenable NetBIOS snooping. If you do not disable NetBIOS
snooping before you perform the upgrade with NSSU, NetBIOS snooping will
not work properly. This issue does not affect upgrades from Junos OS Release
11.2 or later.
Related
Documentation
66
•
New Features in Junos OS Release 12.2 for EX Series Switches on page 28
•
Changes in Default Behavior and Syntax in Junos OS Release 12.2 for EX Series Switches
on page 36
•
Limitations in Junos OS Release 12.2 for EX Series Switches on page 37
•
Outstanding Issues in Junos OS Release 12.2 for EX Series Switches on page 43
•
Resolved Issues in Junos OS Release 12.2 for EX Series Switches on page 50
•
Changes to and Errata in Documentation for Junos OS Release 12.2 for EX Series
Switches on page 60
Copyright © 2012, Juniper Networks, Inc.
Junos OS Release Notes for M Series Multiservice Edge Routers, MX Series 3D Universal Edge Routers, and T Series Core Routers
Junos OS Release Notes for M Series Multiservice Edge Routers, MX Series 3D Universal
Edge Routers, and T Series Core Routers
•
New Features in Junos OS Release 12.2 for M Series, MX Series, and T Series
Routers on page 67
•
Changes in Default Behavior and Syntax, and for Future Releases in Junos OS Release
12.2 for M Series, MX Series, and T Series Routers on page 114
•
Issues in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers on page 122
•
Errata and Changes in Documentation for Junos OS Release 12.2 for M Series, MX Series,
and T Series Routers on page 145
•
Upgrade and Downgrade Instructions for Junos OS Release 12.2 for M Series, MX Series,
and T Series Routers on page 152
New Features in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
The following features have been added to Junos OS Release 12.2. Following the
description is the title of the manual or manuals to consult for further information.
•
Class of Service on page 67
•
Firewall Filters on page 72
•
Forwarding on page 72
•
High Availability on page 73
•
Interfaces and Chassis on page 74
•
Junos OS Installation and Upgrade on page 88
•
Junos OS XML API and Scripting on page 89
•
Layer 2 Ethernet Services on page 90
•
MPLS Applications on page 94
•
Multicast on page 95
•
Network Management on page 98
•
Routing Policy and Firewall Filters on page 98
•
Routing Protocols on page 100
•
Subscriber Access Management on page 100
•
User Interface and Configuration on page 110
•
VPNs on page 110
Class of Service
•
Class-of-service features on the SONET/SDH OC192/STM64 MICs (MX Series
routers)—The following class-of-service (CoS) features are supported on the 1-port
SONET/SDH OC192/STM64 MICs (model number: MIC-3D-1OC192-XFP):
Copyright © 2012, Juniper Networks, Inc.
67
Junos OS 12.2 Release Notes
•
Preclassification: The preclassifier block classifies the arriving packets. Packets are
preclassified into traffic classes (drop precedence and scheduling priority of a packet
depend on the traffic class) based on the sources of priority information.
•
Ingress behavior aggregate (BA) classification for DiffServ code point (DSCP), IP
precedence, and MPLS EXP bits.
•
Shaping rates at the queue level.
•
Configurable bandwidth profiles with percentages.
•
Dynamic bandwidth allocation among different services.
•
Scheduler node scaling.
•
By default, eight egress queues are created on the physical interface. If per-unit
scheduling is not configured, the same eight queues are shared across all logical
interfaces.
•
Simple ingress policers.
•
On MPCs that do not support rich queuing (for example, MX-MPC-3D), only
coarse-grained queuing is provided.
•
On MPCs that do not support rich queuing, scheduling is available only at the physical
interface level and not at the logical interface level. The per-unit scheduler cannot
be configured on any of the physical interfaces on a MIC.
•
On MPCs that support rich queuing (for example, MX-MPC1-3D-Q), the per-unit
scheduler statement can be configured on a physical interface only if the
encapsulation is Frame Relay. If per-unit scheduling is configured, then each logical
interface has eight queues.
•
Three levels of scheduling are supported on MPCs that support rich queuing:
•
Layer 1: Port level
•
Layer 2: Logical interface level
•
Layer 3: Queue level
•
Delay buffer allocation. By default, 100 ms worth of buffer is available on all the
MPCs with or without rich queuing.
•
Parameters at the logical and physical interface levels: guaranteed-rate, shaping-rate,
and weighted-rate.
[See BA Classifier Overview, Scheduler Node Scaling on Trio MPC/MIC Interfaces Overview,
CoS on Trio MPC/MIC Features Overview, per-unit-scheduler, Providing a Guaranteed
Minimum Rate, and shaping-rate.]
•
68
Class-of-service features supported on the T4000 Core Router—The following
class-of-service (CoS) features are supported on the T4000 Core Router (Type 5
FPCs):
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
Layer 3 Rewrite:
•
IPv4 DSCP rewrite
•
IPv4 INET Precedence rewrite
•
IPv6 DSCP rewrite
•
MPLS EXP rewrite
•
Simultaneous MPLS EXP and IPv4 Precedence rewrite
In the case of L3VPN/L2VPN/VPLS, the following rules apply to simultaneous MPLS
EXP and IPv4 precedence rewrite operation, under the [edit class-of-service interfaces
interface-name unit logical-unit-number rewrite-rules exp rewrite-rule-name] protocol
protocol-types; hierarchy:
The protocol statement defines the types of MPLS packets and possible packet
configurations for the following options:
•
mpls
•
mpls-inet-both
•
mpls-inet-both-non-vpn
NOTE: For L3VPN/L2VPN/VPLS, mpls-inet-both is not supported on
T4000.
Aggregated Ethernet:
•
All CoS mechanisms that are supported on regular interfaces are supported on
bundles.
•
CoS with member links can be on different packet forwarding engines and line cards.
Shaping and Scheduling
•
•
Physical interface scheduling (eight queues per port)
•
Four packet loss priority levels
•
Unused bandwidth sharing among queues
•
Per physical interface shaping
Support for physical interface (IFD) shaping on T4000 Routers (Type 5
FPCs)—Enables a physical interface to shape traffic based on the rate-limited
bandwidth of the total interface bandwidth. This feature applies to physical interfaces
on T4000 routers with Type 5 FPCs.
You can shape the output of a physical interface so that the interface transmits less
traffic than it is physically capable of carrying.
Copyright © 2012, Juniper Networks, Inc.
69
Junos OS 12.2 Release Notes
To shape traffic on the physical interface, include the shaping-rate statement at the
[edit class-of-service interfaces interface-name] hierarchy level or include the
output-traffic-control-profile statement at the [edit class-of-service interfaces
interface-name] hierarchy level.
[See Applying a Shaping Rate to Physical Interfaces on T4000 Routers with Type 5 FPCs
Overview.]
•
CLI support for global and physical interface level classifiers—Enables classification
and rewrite at physical interface and global bind-points.
You can define EXP classification at a global level.
You can define the following features at the physical interface level:
•
DSCP and inet-precedence classifiers
•
DSCP and inet- precedence rewrites
•
ieee-802.1 classifiers (inner and outer)
•
ieee-802.1 rewrites (outer)
You can define the following features at the logical interface level:
•
Fixed classification
•
EXP rewrites
To configure global EXP classifiers, include the classifiers exp classifier-name statement
at the [edit class-of-service] system-defaults hierarchy level.
To configure classifiers or rewrite rules at the physical interface, include either the
classifiers or the rewrite-rules statement at the [edit class-of-service interfaces
interface-name] hierarchy level. To display classifiers configured under system-defaults,
enter the show class-of-service system-defaults command.
To display classifiers and rewrites bound to physical interfaces, enter the show
class-of-service interfaces Interface-name command.
[See Classifiers and Rewrite Rules at the Global and Physical Interface Levels Overview.]
•
Support for rate limiting on T4000 Type 5 FPC (T4000-FPC5-3D)—You can configure
rate limiting on T4000 routers with Type 5 FPC at the [edit class-of-service schedulers
scheduler-name] hierarchy level.
[See transmit-rate.]
•
Support for hierarchical schedulers on Aggregated Ethernet interfaces (MX Series
Routers)—Enables you to apply hierarchical schedulers on aggregated Ethernet (AE)
bundles through the use of interface-sets. This feature is supported at egress only on
MX Series routers.
You can configure interface sets for AE interfaces created under static configurations.
You can configure class-of-service parameters on aggregated interfaces, in either
link-protect or non-link-protect mode at the physical interface level. The CoS
configuration is fully replicated for all AE member links in link-protect mode.
70
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
You can control the way these parameters are applied to member-links in
non-link-protect mode by configuring the aggregated interface to operate in scaled
mode or replicate mode. By default, scaled mode is used.
The link membership list and scheduler mode of the interface set is inherited from the
underlying aggregated Ethernet interface over which the interface set is configured.
When an aggregated Ethernet interface operates in link protection mode, or if the
scheduler mode is set to member-link-scheduler replicate, the scheduling parameters
of the interface set are copied to each of the member links.
If the scheduler mode of the aggregated Ethernet interface is set to
member-link-scheduler scale, the scheduling parameters are scaled based on the
number of active member links (scaling factor is 1/A, where A is the number of active
links in the bundle) and applied to each of the aggregated interface member links.
To configure an interface set, include the interface-set interface-set-name statement
at the [edit class-of-service interfaces] hierarchy level.
To apply scheduling and queuing parameters to the interface-set, include the
output-traffic-control-profile profile-name statement at the [edit class-of-service
interfaces interface-set interface-set-name] hierarchy level.
To apply the traffic control profile to the interface or interface set, include the
output-traffic-control-profile-remaining profile-name statement at the [edit
class-of-service interfaces interface-name] hierarchy level, or the [edit class-of-service
interfaces interface-name interface-set interface-set-name] hierarchy level, respectively.
[See Hierarchical Schedulers on Aggregated Ethernet Interfaces Overview.]
•
Enhancement to the Intelligent Oversubscription Feature on SONET/SDH
OC48/STM16 IQE PICs—Beginning with Junos OS 12.2, the support for maximum
bandwidth optimization on SONET/SDH OC48/STM16 IQE PICs is increased to 300
percent with an additional priority group being created for all queues marked with low
priority. When the sum of transmission rate for all queues exceeds 100 percent, the
interface is in an oversubscribed state. At the time of oversubscription, the queues are
split into three priority groups with the intelligent oversubscription feature enhancement:
•
Strict High
•
High, Medium-High, and Medium-Low
•
Low
The sum of transmission rates for all queues in each of the above the priority groups
is less than or equal to 100 percent, thereby allowing the SONET/SDH OC48/STM16
IQE PICs to support the maximum bandwidth optimization by overconfiguring the
available bandwidth up to 300 percent.
Copyright © 2012, Juniper Networks, Inc.
71
Junos OS 12.2 Release Notes
Firewall Filters
•
Filter-based forwarding to a specific outgoing interface or destination IP address
(MX Series routers with MPCs)—Enables you to use filter-based forwarding
(sometimes also referred to as policy-based routing or PBR) to apply a match condition
and send packets to a certain outgoing interface or to a certain IPv4 or IPv6 address.
To configure, use the next-interface, next-ip, or next-ip6 firewall filter action.
[See Example: Configuring Filter-Based Forwarding to a Specific Outgoing Interface or
Destination IP Address.]
Forwarding
•
Host fast reroute—Adds a precomputed protection path into the Packet Forwarding
Engine, such that if a link between a provider edge device and a server farm becomes
unusable for forwarding, the Packet Forwarding Engine can use another path without
having to wait for the router or the protocols to provide updated forwarding information.
Host fast reroute is a technology that protects IP endpoints on multipoint interfaces,
such as Ethernet. This technology is important in data centers where fast service
restoration for server endpoints is critical. After an interface or a link goes down, host
fast reroute enables the local repair time to be approximately 50 milliseconds. You
can configure Host fast reroute by adding the link-protection statement to the interface
configuration in the routing instance. We recommend that you include this statement
on all provider edge (PE) devices that are connected to server farms through multipoint
interfaces.
[See Example: Configuring Host Fast Reroute.]
•
Distributed keepalive support from Packet Forwarding Engine to LNS PPP tunneled
sessions on MPCs (MX Series routers)—Junos OS supports client-initiated and
server-initiated Point-to-Point Link Control Protocol (PPP LCP) echo request and reply
packet handling from the Packet Forwarding Engine to the L2TP Network Server (LNS)
PPP tunneled sessions on an MPC.
Keepalive aging timeout is defined as the product of the keepalive interval and
down-count values at the LNS. If the keepalive aging timeout is greater than 180
seconds, the keepalive packets are handled at the Routing Engine. If the aging timeout
is less than or equal to 180 seconds, the packets are handled at the Packet Forwarding
Engine.
NOTE: When you scale the network to handle thousands of sessions, we
recommend that you configure the keepalive aging timeout to be less than
180 seconds.
The display of the show ppp interface extensive command is enhanced to show the
keepalive statistics for keepalives that are handled at the Routing Engine.
[See show ppp interface.]
•
72
Limiting traffic black-hole time on M320 routers by detecting Packet Forwarding
Engine destinations that are unreachable over the fabric—Enables M320 routers to
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
limit traffic black-hole time by detecting unreachable destination Packet Forwarding
Engines. The router signals neighboring routers when it cannot carry traffic because of
the inability of some or all source Packet Forwarding Engines to forward traffic to some
or all destination Packet Forwarding Engines on any fabric plane, after interfaces have
been created. This inability to forward traffic results in a traffic black hole.
When the system detects unreachable Packet Forwarding Engine destinations, healing
from a traffic black hole is attempted. If the healing fails, the system turns off the
interfaces, thereby stopping the black hole and initiating the recovery process.
The recovery process consists of the following steps:
1.
Fabric plane restart phase: Healing is attempted by restarting the fabric planes one
by one.
2. Fabric plane and FPC restart phase: Healing is attempted by restarting both the
fabric planes and the FPCs. If there are bad FPCs that are unable to initiate
high-speed links to the fabric after reboot, creation of a traffic black hole is limited
because no interfaces are created for these FPCs.
3. FPC offline phase: Traffic black hole is limited by turning the SIBs offline and by
turning off interfaces because previous attempts at recovery have failed.
[See action-fpc-restart-disable, show chassis fabric unreachable-destinations, and show
chassis fabric reachability.]
•
Forwarding table filter behavior (T Series routers)—For T Series routers other than
T4000, a packet forwarded by the forwarding table reaches the egress forwarding
table filter irrespective of whether the packet is actually forwarded by the forwarding
table or not. The packet reaches the egress filter even if the route points to reject or
discard next hops.
On a T4000 Type 5 FPC, the packet reaches the egress filter only if it is forwarded by
the forwarding table.
[See Applying Filters to Forwarding Tables.]
High Availability
•
Support for VRRPv3 (M Series and MX Series routers)—Junos OS Release 12.2 supports
Virtual Router Redundancy Protocol version 3 (VRRPv3). The support for VRRPv3 is
implemented in compliance with RFC 5798, Virtual Router Redundancy Protocol (VRRP)
Version 3 for IPv4 and IPv6. Additionally, Junos OS Release 12.2 supports VRRP MIB for
VRRPv3. The support for VRRP MIB for VRRPv3 is implemented in compliance with
RFC 6527, Definitions of Managed Objects for the Virtual Router Redundancy Protocol
Version 3 (VRRPv3).
To enable VRRPv3, set the version-3 statement at the [edit protocols vrrp] hierarchy
level.
NOTE: When enabling VRRPv3, you must ensure that VRRPv3 is enabled
on all the VRRP routers in the network. This is because VRRPv3 does not
interoperate with previous versions of VRRP.
Copyright © 2012, Juniper Networks, Inc.
73
Junos OS 12.2 Release Notes
The output of the show vrrp command has been modified to indicate the VRRP version
that is enabled on the router.
[See Junos OS Support for VRRPv3.]
•
Support to reduce the VRRP convergence time for quicker traffic restoration (M
Series and MX Series routers)—Enables faster convergence time for the Virtual Router
Redundancy Protocol (VRRP), thereby reducing the traffic restoration time to less
than 1 second.
To reduce the traffic restoration time, use the following statements at the [edit protocols
vrrp] hierarchy level:
•
delegate-processing statement to configure the distributed periodic packet
management process (ppmd) to send VRRP advertisements when the ppmd process
is busy.
•
skew-timer-disable statement to disable the skew timer, thereby reducing the time
required to transition to the master state.
•
global-advertisements-threshold statement to configure the number of fast
advertisements that can be missed by a backup router before it starts transitioning
to the master state.
You can use the show protocols vrrp configuration mode command to see the VRRP
configuration information.
NOTE:
• The reduction in convergence time is not applicable when VRRP is
configured over integrated routing and bridging (IRB) interfaces,
aggregated Ethernet interfaces, and multichassis link aggregation group
(MC-LAG) interfaces.
•
Compared to other routers, the convergence time and the traffic
restoration time is less for MX Series routers with MPCs.
•
Reduction in convergence time is applicable for all types of configurations
at the physical interface but the convergence time might not be less than
1 second for all the configurations. The convergence time depends on
the number of groups that are transitioning from the backup to the master
state and the interval at which these groups are transitioning.
[See Improving the Convergence Time for VRRP and Configuring VRRP to Improve
Convergence Time.]
Interfaces and Chassis
•
74
Support for SONET/SDH OC192/STM64 MICs (MX Series routers)—The following
SONET/SDH interface features are supported on the 1-port SONET/SDH OC192/STM64
MIC (model number MIC-3D-1OC192-XFP):
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
•
SONET or SDH framing—To enable SONET or SDH framing, include the framing
statement at the [edit chassis fpc slot-number pic pic-number port port-number]
hierarchy level.
•
Default framing mode is SONET.
•
Total MIC bandwidth cannot exceed 10 Gbps.
•
The single port is configured as clear channel with the speed of OC192 or STM64.
The default port speed is OC192.
•
The MIC supports remote and local loopback. Loopbacks can be configured
independently on the port.
•
Automatic protection switching (APS) support is based on K1/K2 bytes in SONET
frames.
•
The following header bytes can be configured on the MIC using the CLI:
•
Section user channel bytes: F1
•
Line user channel bytes: K1, K2, S1
•
Path user channel bytes: G1, F2, Z3, Z4, C2, E1
•
Configuration for the defect trigger can be ignored. Such ignored defects do not
contribute to the interface being marked as down or up.
•
Clock source can be set as external or internal.
•
Path trace identifier to identify the path of the circuit.
•
Incrementing or fixed STM ID to enable interpretability with older equipment.
NOTE: The following features are not supported on the 1-port SONET/SDH
OC192/STM64 MICs:
•
Aggregate SONET (link bundling)
•
Multirate configuration
•
Link Capacity Adjustment Scheme (LCAS)
•
Virtual concatenation
[See Configuring SONET/SDH Physical Interface Properties.]
•
Support for Channelized OC3/STM1 (Multi-Rate) Circuit Emulation MIC with SFP
(MX Series Routers)—Junos OS Release 12.2 supports circuit emulation interfaces on
MX Series routers. The Channelized OC3/STM1 (Multi-Rate) Circuit Emulation MIC
with SFP (model number: MIC-3D-4COC3-1COC12-CE) is rate-selectable and can be
configured as 4-port OC3/STM1 or 1-port OC12/STM4.
Copyright © 2012, Juniper Networks, Inc.
75
Junos OS 12.2 Release Notes
NOTE: Junos OS Release 12.2 supports only the rate-selectable 4-port
OC3/STM1 MIC.
The following features are supported on the Channelized OC3/STM1 (Multi-Rate)
Circuit Emulation MIC with SFP:
•
Per-MIC SONET/SDH framing
•
Internal and loop clocking
•
Structure-Agnostic Time Division Multiplexing (TDM) over Packet (SAToP)
•
Structure-aware TDM Circuit Emulation Service over Packet-Switched Network
(CESoPSN)
•
Pseudowire Emulation Edge to Edge (PWE3) Control Word for use over an MPLS
PSN
[See Channelized OC3/STM1 (Multi-Rate) Circuit Emulation MIC with SFP, Configuring
SAToP on 4-port Channelized OC3/STM1 Circuit Emulation MICs, and Configuring CESoPSN
on 4-Port Channelized OC3/STM1 Circuit Emulation MICs.]
•
Support for centralized clocking on the Enhanced MX Switch Control Board (SCB)
(MX240, MX480, and MX960 routers)—The Enhanced MX SCB uses the centralized
Stratum 3 clock module to provide the following features:
•
Clock monitoring, filtering, and holdover
•
Hitless transition from a distributed to centralized clocking mode
•
Distribution of the selected chassis clock source to downstream network elements
through supported line interfaces
You can view the centralized clock module information with the command show chassis
synchronization clock-module.
[See Examples: Configuring Centralized Clocking on the Enhanced MX Switch Control Board.]
•
Support for 100-Gigabit Ethernet MIC with CXP (MIC3-3D-1X100GE-CXP) for the
MPC3E on MX240, MX480, and MX960 routers—The 100-Gigabit Ethernet MIC with
CXP (MIC3-3D-1X100GE-CXP) is a 1-port 100-Gigabit Ethernet MIC with a
standards-compliant 100GBASE-SR10 interface. The 100-Gigabit Ethernet MIC with
CXP uses 100-Gigabit CXP optical transceiver modules for connectivity. It supports up
to ten 10-Gigabit Ethernet interfaces and occupies MIC slot 0 or 1 in the MPC3E. The
100-Gigabit Ethernet MIC with CXP supports the same features as the other MICs
supported on the MPC3E.
[See MPC3E on MX Series Routers Overview..]
•
76
Support for 40-Gigabit Ethernet MIC with QSFPP (MIC3-3D-2X40GE-QSFPP) for
the MPC3E on MX240, MX480, and MX960 routers—The 40-Gigabit Ethernet MIC
with QSFPP (MIC3-3D-2X40GE-QSFPP) is a 2-port 40-Gigabit Ethernet MIC with a
standards-compliant 40GBASE-SR4 interface. It uses quad small form-factor pluggable
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
(QSFPP) optical transceiver modules for connectivity. It occupies slot 0 or 1 in the
MPC3E and supports the same features as the other MICs supported on the MPC3E.
[See MPC3E on MX Series Routers Overview..]
•
Ethernet OAM functionality on MPC3E—Enables OAM-related operations such as
link fault management and link discovery on MPC3E.
The following OAM features are supported on MPC3E:
•
Fault detection using continuity check protocol
•
Path discovery using link trace protocol
•
Fault verification and isolation using loopback protocol
•
Distributed PPMD for improved scaling
•
GRES support
•
RDI support
•
Action profiles
[See MPC3E MIC Overview.]
•
Firewall, Network Address Translation, and intrusion detection service on
MPC3E—Junos OS Release 12.2 supports firewall services, Network Address Translation,
and intrusion detection services on MPC3E.
[See MPC3E MIC Overview.]
•
Dynamic application awareness support on MPC3E—Adds support for dynamic
application awareness functionality and scaling on MPC3E.
[See MPC3E MIC Overview.]
•
Port-mirroring support on MPC3E—Adds support for binding up to two port-mirroring
instances to the same Packet Fowarding Engine on MPC3E. This enables you to choose
multiple mirror destinations by specifying different port-mirroring instances in the
filters. You must include the port-mirror-instance instance-name statement at the [edit
firewall filter filter-name term term-name then] hierarchy level. You must also include
the port-mirror-instance instance-name statement at the [edit chassis fpc number]
hierarchy level to specify the FPC to be used.
[See MPC3E MIC Overview.]
•
Support for 2-port 10-Gigabit Ethernet MIC with XFP on MPC3E (MX240, MX480,
and MX960 routers)—Starting with Junos OS Release 12.2, MPC3E (MX-MPC3E-3D)
supports the 2-port 10-Gigabit Ethernet MIC with XFP (MIC-3D-2XGE-XFP). All features
supported by the 2-port 10-Gigabit Ethernet MIC with XFP continue to be supported
on the MPC3E.
[See MPC3E MIC Overview and MPC3E on MX Series Routers Overview.]
•
Support for active flow monitoring features on the MPC3E (MX Series routers with
MPC/MIC interfaces)—The MPC3E supports active flow monitoring features from
Copyright © 2012, Juniper Networks, Inc.
77
Junos OS 12.2 Release Notes
Junos OS Release 10.4. Flow monitoring versions 5, 8, and 9 support active flow
monitoring. The active flow monitoring features supported are sampling, sampling
with templates, sampling per sampling instance, port mirroring, multiple port mirroring,
discard accounting, and flow-tap processing.
[See Protocols and Applications Supported by the MX240, MX480, MX960 MPC3E.]
•
Extends support for flow monitoring services to T4000 routers—Starting with Junos
OS Release 12.2R1, the Multiservices 400 PIC on Enhanced Scaling FPC2 supports
passive flow monitoring, flow collection, and dynamic flow capture.
[See Passive Flow Monitoring, Flow Collection, and Dynamic Flow Capture.]
•
Support for 24-port 10-Gigabit Ethernet LAN/WAN PIC with SFP+ on Type 5 FPC
(T4000 routers)—Starting with Junos OS Release 12.2, the 24-port 10-Gigabit Ethernet
LAN/WAN PIC with SFP+ (model number PF-24XGE-SFPP) is supported on T4000
routers.
The following major software features are supported on the 24-port 10-Gigabit Ethernet
LAN/WAN PIC with SFP+:
•
Two-to-one oversubscription of traffic in oversubscribed mode.
•
Twenty-four 10-Gigabit Ethernet interfaces in oversubscribed mode or 12 ports in
line-rate mode.
•
All Junos OS configuration commands supported on the existing 10-Gigabit Ethernet
LAN/WAN PIC with SFP+.
•
The output of the show interfaces extensive operational mode command displays
preclassification queue counters.
•
Line-rate mode operation of first 12 ports can be achieved by the set chassis fpc
fpc-number pic pic-number linerate-mode command.
•
LAN PHY mode and WAN PHY mode support on a per-port basis.
•
Aggregated Ethernet is supported only in line-rate mode.
•
4000 logical interfaces per physical interface and 32,000 logical interfaces per
chassis.
NOTE: Graceful Routing Engine switchover (GRES) and nonstop active
routing (NSR) are supported on T4000 routers.
Note that the preclassification is restricted to two traffic classes, and is not
user-configurable. Traffic is classified as control or best effort with non class-of-service
(CoS)-aware tail drops of best effort traffic in oversubscribed mode.
For detailed feature support and exceptions, see 24-port 10-Gigabit Ethernet LAN/WAN
PIC on Type 5 FPC Overview.
[See show interfaces extensive.]
78
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
•
Support for WAN PHY mode on 24-port 10-Gigabit Ethernet LAN/WAN PIC with
SFP+ (T4000 routers)—Starting with Junos OS Release 12.2, WAN PHY mode is
supported on the 24-port 10-Gigabit Ethernet LAN/WAN PIC with SFP+
(PF-24XGE-SFPP), which is plugged into the Type 5 FPC of T4000 routers.
The following WAN PHY features are supported on the 24-port 10-Gigabit Ethernet
LAN/WAN PIC with SFP+:
•
WAN PHY mode on a per-port basis.
•
Insertion and detection of path trace messages.
•
Ethernet WAN Interface Sublayer (WIS) object.
To configure WAN PHY mode on a per-port basis, set the wan-phy option for the framing
statement at the [edit interface interface-name] hierarchy level.
NOTE: When PHY mode changes, interface traffic is disrupted because of
port reinitialization.
When WAN PHY mode is configured on an interface, the following SONET options are
supported:
•
Loopback (local and remote)
•
Path trace
•
Trigger options
[See 10-Gigabit Ethernet LAN/WAN PIC Overview and 24-port 10-Gigabit Ethernet LAN/WAN
PIC on Type 5 FPC Overview.]
•
Extends support for unicast RPF loose mode (MX Series routers)—Junos OS Release
12.2 extends support for unicast reverse path forwarding (unicast RPF) loose mode
with the ability to discard packets with the source address pointing to the discard
interface to MX Series routers. This feature, in conjunction with Remote Triggered Black
Hole (RTBH) filtering, provides a mechanism to discard packets from untrusted sources.
BGP policies in edge routers ensure that packets with untrusted source addresses have
their next hop set to a discard route. When a packet arrives at the router with an
untrusted source address, unicast RPF performs a route lookup of the source address.
Because the source address route points to a discard next hop, the packet is dropped.
This feature is supported on both IPv4 (inet) and IPv6 (inet6) address families.
To configure unicast RPF loose mode, include the mode option in the rpf-check
statement at the [edit interfaces] hierarchy level.
To configure unicast RPF loose mode with the ability to discard packets, you can use
the rpf-loose-mode-discard inet statement at the [edit forwarding options] hierarchy
level. Use the show interfaces extensive operational mode command to view the packet
drops.
[See Configuring Unicast RPF.]
Copyright © 2012, Juniper Networks, Inc.
79
Junos OS 12.2 Release Notes
•
Switch fabric fault management for T4000 routers—The T4000 router consists of
a Switch Interface Board (SIB) with fabric bandwidth double the capacity of the T1600
router. The fabric fault management functionality is similar to that in T1600 routers.
The fabric fault management functionality involves monitoring all high-speed links
connected to the fabric and the ones within the fabric core for link failures and link
errors. Action is taken based on the fault and its location. The actions include:
•
Reporting link errors in system log files and sending this information to the Routing
Engine.
•
Reporting link failures at the Flexible Port Concentrator (FPC) or at the SIB and
sending this information to the Routing Engine.
•
Marking a SIB in Check state.
•
Moving a SIB into Fault state.
The following are the high-level indications of fabric faults that are monitored by Junos
OS:
•
An SNMP trap is generated whenever a SIB is reported as Check or Fault.
•
show chassis alarms—Indicates that a SIB is in Check or Fault state.
•
show chassis sibs—Indicates that a SIB is in Check or Fault state or that a SIB is in
Offline state when the SIB initializes (this occurs when the SIB does not power on
fully).
•
show chassis fabric fpcs—Indicates whether any fabric links are in error on the FPC’s
side.
•
show chassis fabric sibs—Indicates whether any fabric links are in error on the SIB’s
side.
•
The /var/log/messages system log messages file at the Routing Engine has error
messages with the prefix CHASSISD_FM_ERROR.
•
The SIBs display the FAIL LED.
[See Fabric Fault Handling Overview and System Basics: Chassis-Level Features
Configuration Guide.]
•
80
Pseudowire TDM MIB support extended to support CESoPSN and SAToP
encapsulations on Channelized OC3/STM1 (Multi-Rate) Circuit Emulation MIC with
SFP (MX80 routers with a modular chassis, and MX240, MX480, and MX960
routers)—Starting with Junos OS Release 12.2, the Pseudowire TDM MIB supports
Circuit Emulation Service over Packet-Switched Network (CESoPSN) and
Structure-Agnostic TDM over Packet (SAToP) encapsulations configured on
Channelized OC3/STM1 (Multi-Rate) Circuit Emulation MIC with SFP
(MIC-3D-4COC3-1COC12-CE). The SAToP encapsulation is supported on T1 and E1
interfaces configured on this MIC. The CESoPSN encapsulation is supported on NxDS0
interfaces configured on the MIC.
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
[See Interpreting the Enterprise-Specific Pseudowire TDM MIB.]
•
IPv6 support for application identification (APPID)—As of Junos OS Release 12.2,
APPID is enabled for IPv6 packets. There is no additional configuration needed for IPv6
support, when AI is enabled, IPv6 support is enabled automatically.
•
Support IPv6 in packet-triggered subscribers and policy control (PTSP),
application-aware access list (AACL), and local policy decision function (LPDF)
services—As of Junos OS Release 12.2, PTSP, AACL, and LPDF services, including CLI
configuration commands, show commands, and data path processing support IPv6
addressing. All statements that previously accepted only IPv4 addresses, address
ranges, and address prefix lengths now also accept IPv6 addresses, address ranges,
and address prefix lengths.
For LPDF, you can include the ipv6-address and ipv6-prefix-length fields at the [edit
services local-policy-decision-function statistics aacl-statistics-profile profile-name
aacl-fields] hierarchy level in order to display them with bulk statistics.
NOTE: The IPv6 fields (ipv6-address and ipv6-prefix-length) are only
supported for record-type interim at the [edit services
local-policy-decision-function statistics aacl-statistics-profile profile-name]
hierarchy levels, therefore, the fields appear only on the S- (Login) record.
The following operational commands support IPv6 capabilities:
•
show services local-policy-decision-function flows interface interface-name—The IPv4
flows shown as currently defined. A new section is added that shows the IPv6 flows.
•
show services application-aware-access-list flows—The IPv4 flows are shown as
currently defined. A new section is added that shows the IPv6 flows.
•
show services local-policy-decision-function statistics—The IPv4 flows are shown as
currently defined. A new section is added that shows the IPv6 flows.
•
show services application-aware-access-list statistics—The same output is shown
as for show services local-policy-decision-function statistics.
•
show services subscriber sessions—The IP address entered in this command can be
either IPv4 or IPv6.
•
show services subscriber flows—The command displays the IPv4 or IPv6 address.
•
show services subscriber bandwidth—The IP address entered in this command can
be either IPv4 or IPv6.
[See Configuring AACL Rules, Configuring Statistics Profiles.]
•
Support for link fault management (IEEE 802.3ah) features and connectivity fault
management (IEEE 802.1ag) protocols on T4000 routers—Starting with Junos OS
Release 12.2, the link fault management features and the connectivity fault management
protocols listed in Table 2 on page 82 are supported on T4000 routers with the following
PICs:
Copyright © 2012, Juniper Networks, Inc.
81
Junos OS 12.2 Release Notes
•
100-Gigabit Ethernet PIC with CFP (PD-1CGE-CFP)
•
10-Gigabit Ethernet LAN/WAN PIC with SFP+ (PF-12XGE-SFPP)
•
24-port 10-Gigabit Ethernet PIC (PF-24XGE-SFPP)
•
10-Gigabit Ethernet LAN/WAN PIC with XFP (PD-4XGE-XFP)
•
10-Gigabit Ethernet LAN/WAN PIC with SFP+ (PD-5-10XGE-SFPP)
Table 2: Link Fault Management Features and Connectivity Fault Management Protocols
Link Fault Management Features
Connectivity Fault Management Protocols
Link discovery
Continuity check protocol
Fault detection
Loopback protocol
Action profiles
Linktrace protocol
Event thresholds
NOTE: The remote loopback feature mentioned in section 57.2.11 of IEEE
802.3ah is not supported on T4000 routers.
[See IEEE 802.3ah OAM Link-Fault Management Overview and IEEE 802.1ag OAM
Connectivity Fault Management Overview.]
•
Extends support for port mirroring with next-hop groups to T4000 Type 5 FPC
(T4000-FPC5-3D)— Junos OS Release 12.2 supports port mirroring and multipacket
port mirroring on the T4000 Type 5 FPC.
[See Port Mirroring.]
•
Support for reporting total statistics for IPv6 traffic traversing through T4000
routers—Starting with Junos OS Release 12.2, total statistics (sum of local and transit
traffic) is reported for traffic traversing through the following PICs on T4000 routers:
•
10-Gigabit Ethernet IQ2 PIC with XFP (PC-1XGE-TYPE3-XFP-IQ2)
•
10-Gigabit Ethernet Enhanced IQ2 (IQ2E) PIC with XFP (PC-1XGE-TYPE3-XFP-IQ2E)
•
12-port 10-Gigabit Ethernet LAN/WAN PIC with SFP+ (PF-12XGE-SFPP)
•
24-port 10-Gigabit Ethernet LAN/WAN PIC with SFP+ (PF-24XGE-SFPP)
You can view the IPv6 statistics by issuing the following commands:
•
show interface extensive
•
show snmp mib walk ipv6IfStatsTable
[See show interfaces extensive.]
82
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
•
Merge and sort of VLAN ranges—Starting with Release 12.2, Junos OS provides a merge
and sort feature for VLAN ranges. The merge feature enables Junos OS to merge
overlapping VLAN ranges and to display combined values for such ranges. For example,
if your configuration has multiple VLAN ranges of 1–15, 12–22, and 17–30, Junos OS
displays the VLAN member range as 1–30, which is the combined value for all three
ranges. The sort feature enables Junos OS to sort the VLAN range values in such a way
that the numeric values are listed in ascending order followed by alphanumeric values.
However, if there are only alphanumeric values in the configuration, such values are
displayed in the same sequence as they were configured.
Junos OS Release 12.2 and later support the merge and sort feature for the following
configuration statements :
•
vlan-id-list at [interfaces interface-name unit unit] and [bridge-domains domain]
hierarchy levels.
•
vlan tags inner-list at the [interfaces interface-name unit unit] hierarchy level.
[See Merge and Sort Support for VLAN Ranges.]
•
Single-core Routing Engine support for M7i and M10i routers—Starting with Junos
OS Release 12.2, a single-core Routing Engine is added to the M7i and M10i routers.
This Routing Engine is based on the single-core Intel Xeon CPU, operating at 1.73 GHz
with 2 MB cache and has two DDR3 DIMM slots operating at 800 MHz that support
4 GB memory with error checking and correction (ECC). The new Routing Engine also
supports:
•
82574 Gigabit Ethernet Controller
•
4 GB CompactFlash card
•
USB 2.0
•
Front accessible 64 GB solid-state drive (SSD)
All CLI commands supported on the older Routing Engine are supported on the new
Routing Engine.
[See Supported Routing Engines by Chassis.]
•
Support for hierarchical schedulers on aggregated Ethernet interfaces (MX Series
routers)—Enables you to apply hierarchical schedulers on aggregated Ethernet bundles
through the use of interface sets. This feature is supported at egress only on MX Series
routers.
You can configure interface sets for aggregated Ethernet interfaces created under
static configuration, as well as dynamic configurations.
You can configure class-of-service parameters on aggregated interfaces, in either
link-protect or non-link-protect mode. You can configure these parameters at the
physical, interface set, and logical interface levels. The CoS configuration is fully
replicated for all aggregated Ethernet member links.
You can control the way these parameters are applied by configuring the aggregated
interface to operate in scaled mode or replicate mode.
Copyright © 2012, Juniper Networks, Inc.
83
Junos OS 12.2 Release Notes
The link membership list and scheduler mode of the interface set is inherited from the
underlying aggregated Ethernet interface over the interface set is configured. When
an aggregated Ethernet interface operates in link protection mode, or if the scheduler
mode is set to member-link-scheduler replicate, the scheduling parameters of the
interface set are copied to each of the member links.
If the scheduler mode of the aggregated Ethernet interface is set to
member-link-scheduler scale, the scheduling parameters are scaled based on the
number of active member links (scaling factor is 1/A, where A is the number of active
links in the bundle) and applied to each of the aggregated interface member links.
To configure an interface set, include the interface-set interface-set-name statement
at the [edit class-of-service interfaces] hierarchy level.
To apply scheduling and queuing parameters to the interface set, include the
output-traffic-control-profile profile-name statement at the [edit class-of-service
interfaces interface-set interface-set-name] hierarchy level.
To apply the traffic control profile to the interface or interface set, include the
output-traffic-control-profile-remaining profile-name statement at the [edit
class-of-service interfaces interface-name] hierarchy level or the [edit class-of-service
interfaces interface-name interface-set interface-set-name] hierarchy level.
[See Hierarchical Schedulers on Aggregated Ethernet Interfaces Overview.]
•
Support for trunk port enhancements (MX Series routers with MPC3E)—Extends
support of the trunk port features to MX240, MX480, and MX960 routers with MPC3E
(model no: MX-MPC3E-3D). You can configure a single logical interface to support a
list of VLANs or to accept packets with no VLAN tag. You can also configure multiple
logical trunk interfaces on a single physical interface.
You can also configure dynamic profiles for VPLS pseudowires, VLAN identifier
translation, and automatic bridge domain configuration. To configure dynamic profiles,
include the profile-name statement at the following hierarchy level:
[edit dynamic-profiles]
[See Dynamic Profiles for VPLS Pseudowires.]
With the VLAN translation feature, you can configure a trunk port interface to translate
the VLAN identifier associated with the ingress interface into the VLAN identifier of the
destination bridge domain at egress. To configure multiple bridge domains, include
the vlan-id-list and vlan-id-range statements at the following hierarchy level:
[edit bridge-domains bridge-domain-name]
[See Example: Configuring Multiple Bridge Domains with a VLAN ID List.]
Layer 3 multicast is now supported on Layer 2 trunk ports through integrated routing
and bridging (IRB) interfaces.
•
84
Support for disabling an FPC with degraded fabric bandwidth —An FPC working with
degraded fabric bandwidth can affect the re-routing process and can cause partial
traffic black holes. On an MX960, MX480, or MX240 router, you can now configure
the option to bring down an FPC whose fabric bandwidth has degraded because of
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
link errors or bad fabric planes. This configuration is particularly useful in partial black
hole scenarios where bringing the FPC offline results in faster re-routing.
To configure this option on an FPC, use the offline-on-fabric-bandwidth-reduction
statement at the [edit chassis fpc slot-number] hierarchy level.
Configuring this feature does not affect the system. You can configure this feature
without restarting the FPC or restarting the system.
[See Disabling an FPC with Degraded Fabric Bandwidth and
offline-on-fabric-bandwidth-reduction.]
•
Interoperability of Type 3 FPCs and Type 4 FPCs with Type 5 FPCs (T4000
routers)—Support for interoperability of T640 Enhanced Scaling FPC3, T1600 Enhanced
Scaling FPC4, and T640 Enhanced Scaling FPC4-1P with T4000 FPC5 is now possible
with fabric notification translation. This feature is supported on T4000 routers.
Basic packet forwarding, IPv4, IPv6, MPLS, and multicast (dataplane) are currently
supported through this feature.
[See T4000 Core Router PIC Guide.]
•
Support for 16 GB line card chassis (LCC) Routing Engine (RE-DUO-C1800-16G) on
standalone T640 routers, standalone T1600 routers, T1600 routers connected to
a TXP Matrix router, and standalone T4000 routers—The 16 GB line card chassis
(LCC) Routing Engine (RE-DUO-C1800-16G) supports both 32-bit and 64-bit Junos
OS builds. However, the T4000 router supports only 64-bit Junos.
The output of the following show commands is updated to reflect the new Routing
Engine:
•
show chassis routing engine—Shows available memory as 16G in the output in the
64-bit image only.
•
show chassis hardware—Shows field-replaceable unit (FRU) identification and
displays the correct Routing Engine type and model number in the output.
•
show system alarms—Shows alarms currently active in output.
[See Supported Routing Engines by Chassis and System Basics: Chassis-Level Features
Configuration Guide.]
•
Support for user-defined system identifier in LACP—The user-defined system identifier
in the Link Aggregation Control Protocol (LACP) enables two ports from two separate
routers (M Series or MX Series routers) to act as though they were part of the same
aggregate group.
[See Configuring Aggregated Ethernet LACP.]
•
SAToP support extended to MIC-3D-4COC3-1COC12-CE—Starting with Junos OS
Release 12.2R1, the support for Structure-Agnostic time-division multiplexing over
Packet (SAToP) is extended to MIC-3D-4COC3-1COC12-CE. You can configure 84 T1
channels on each coc3 interface on this MIC.
[See Configuring SAToP on 4-port Channelized OC3/STM1 Circuit Emulation MICs.]
Copyright © 2012, Juniper Networks, Inc.
85
Junos OS 12.2 Release Notes
•
SONET/SDH support on the Channelized OC3/STM1 (Multi-Rate) Circuit Emulation
MIC with SFP (MIC-3D-4COC3-1COC12-CE)—Starting with Junos OS Release 12.2R1,
the SONET/SDH interfaces are supported on the Channelized OC3/STM1 (Multi-Rate)
Circuit Emulation MIC with SFP.
You can configure the following SONET/SDH physical interface properties:
•
•
Loopback capability
•
Framing
•
Interface speed
•
Automatic Protection Switching
•
External or loop timing
•
Internal timing
•
Up or down defect hold-time
Support for PWE3 routing extension in CESoPSN for LDP/RSVP signaling—Support
for PWE3 routing extension in CESoPSN for LDP/RSVP signaling is available in Junos
OS Release 12.2R1 and later releases.
[See Configuring the Pseudowire Interface.]
•
CESoPSN support for MIC-3D-4COC3-1COC12-CE, for all values of N in NxDS0
interfaces (MX80, MX240, MX480, and MX960 routers)—Starting with Junos OS
Release 12.2, Circuit Emulation Service over Packet-Switched Network (CESoPSN) is
supported on the Circuit Emulation MIC (MIC-3D-4COC3-1COC12-CE), for all values
of N in NxDS0 interfaces. CESoPSN encapsulation is supported on NxDS0 interfaces.
NOTE: The Circuit Emulation MIC (MIC-3D-4COC3-1COC12-CE) supports
CESoPSN services without channel-associated signaling (CAS).
An NxDS0 interface can be configured from either a channelized T1 interface (CT1) or
a channelized E1 interface (CE1).
The value of N is 24 when a DS0 interface is configured from a CT1 interface and 31
when a DS0 interface is configured from a CE1 interface.
To configure an NxDS0 interface, configure the set ct1-x/y/z:1:3 partition 1 timeslot 1-4,
9, 22-24 interface-type ds statement at the [edit interfaces] hierarchy level. Then create
the DS interface by configuring the set ds-x/y/z:1:3:1 encapsulation cesopsn unit 0
statement at the [edit interfaces] hierarchy level.
[See Configuring CESoPSN on 4-Port Channelized OC3/STM1 Circuit Emulation MICs.]
•
802.1ad provider bridge support—Extends support for 802.1ad provider bridge features
to MX Series MPC3E interfaces.
[See Configuring and Applying IEEE 802.1ad Classifiers.]
86
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
•
Support to interoperate the 100-Gigabit Ethernet PIC on Type 4 FPC (T1600 routers)
with the 100-Gigabit Ethernet PIC on Type 5 FPC (T4000 routers)—Enables the
interoperability between the 100-Gigabit Ethernet PIC on Type 4 FPC (on T1600 routers)
and the 100-Gigabit Ethernet PIC on Type 5 FPC (on T4000 routers) by enabling a
source address (SA) multicast bit steering mode on the 100-Gigabit Ethernet PIC on
Type 5 FPC. The SA multicast bit steering mode uses the multicast bit in the source
MAC address for packet steering.
By default, the SA multicast bit steering mode is not enabled on the 100-Gigabit
Ethernet PIC on Type 5 FPC. To enable the SA multicast bit steering mode on the
100-Gigabit Ethernet PIC on Type 5 FPC, include the forwarding-mode sa-multicast
statement at the [edit chassis fpc fpc-slot-number pic pic-slot-number] hierarchy level.
NOTE: The configuration of the forwarding-mode sa-multicast statement
results in a PIC bounce—that is, the 100-Gigabit Ethernet PIC on Type 5
FPC goes offline and comes back online.
[See Interoperability Between the 100-Gigabit Ethernet PIC on Type 4 FPC and the
100-Gigabit Ethernet PIC on Type 5 FPC and Configuring the Interoperability Between the
100-Gigabit Ethernet PIC on Type 5 FPC and the 100-Gigabit Ethernet PIC on Type 4 FPC.]
•
Support for Precision Time Protocol (MX80, MX240, MX480, and MX960
routers)—Starting with Junos OS Release 12.2, Precision Time Protocol (PTP), also
known as IEEE 1588v2, is supported on MX80 routers with precision timing support
(MX80-P). On MX240, MX480, and MX960 routers, PTP is supported on the Enhanced
Module Port Concentrator (MPCE) MX-MPC2E-3D-P and its Ethernet Modular Interface
Cards (MICs).
PTP synchronizes clocks between nodes in a network, thereby enabling the distribution
of an accurate clock over a packet-switched network. This synchronization is achieved
through packets that are transmitted and received in a session between a master clock
and a slave clock.
NOTE: Unified in-service software upgrade (unified ISSU) is currently not
supported when PTP is configured on MX240, MX480, and MX960 routers.
NOTE: To switch between the PTP and Synchronous Ethernet modes, you
must first deactivate the configuration for the current mode and then
commit the configuration. Wait for a short period of 30 seconds, configure
the new mode and its related parameters, and then commit the
configuration.
[See System Basics: Chassis-Level Features Configuration Guide and PTP Operational Mode
Commands.]
•
Support for Synchronous Ethernet and Precision Time Protocol on MX Series routers
with Channelized OC3/STM1 (Multi-Rate) Circuit Emulation MIC with SFP (MX
Copyright © 2012, Juniper Networks, Inc.
87
Junos OS 12.2 Release Notes
Series routers)—Starting with Junos OS Release 12.2R1, Synchronous Ethernet and
Precision Time Protocol (PTP) are supported on MX Series routers with Channelized
OC3/STM1 (Multi-Rate) Circuit Emulation MIC with SFP (MIC-3D-4COC3-1COC12-CE).
The clock derived by Synchronous Ethernet and PTP is used to drive the SONET/SDH
interfaces on this MIC.
[See System Basics: Chassis-Level Features Configuration Guide.]
Junos OS Installation and Upgrade
•
Licensable ports on MX5, MX10, and MX40 routers—License keys are available to
enhance the port capacity on MX5, MX10, and MX40 routers up to the port capacity
of an MX80 router The MX5, MX10, and MX40 routers are derived from the modular
MX80 chassis with similar slot and port assignments, and provide all functionality
available on an MX80 router, but at a lower capacity. Restricting port capacity is
achieved by making a set of MIC slots and ports licensable. MICs without a license are
locked, and are unlocked or made usable by installing appropriate upgrade licenses.
[See Junos OS License Key.]
•
Release-based capacity licenses in chassis mode—Support for enforcing license-based
restrictions while upgrading Junos OS is provided, along with support for an upgrade
license key for license-based features. When upgrading a Junos OS installation, a
license for a feature is considered valid if the release version in the license key is greater
than or equal to the release version of the software upgrade. Valid license keys are
displayed in the output of show system license.
[See Junos OS License Key.]
•
Smooth upgrade and downgrade procedures for T4000 routers—You can upgrade
a T1600 router with SF-based SIB (SIB-I8-SF with model number–SIB-I-T1600-S)
and a T640 router with F16 2.0-based SIB only (SIB-I8-F16 2.0 SIBs with model
number–SIB-I-T640-B-S) to a T4000 router. You can also downgrade a T4000 router
to a T640 router or a T1600 router.
To upgrade from a T640 chassis or T1600 chassis to a T4000 chassis, use the set
chassis fabric upgrade-mode t4000 command. To downgrade from a T4000 chassis
to a T1600 chassis or a T640 chassis, use the set chassis fabric upgrade-mode default
command.
[ See T4000 Core Router Hardware Guide.]
•
ICMP redirect—As of Junos OS Release 12.2, ICMP redirect messages for the IPv6 family
are enabled by default for devices using line cards with the Junos Trio chipset. This
feature checks all IPv6 packets that enter and exit on the interface and provides ICMP
redirect messages to notify hosts when a better route is available for a particular
destination. All redirects can be disabled by using the set system no-redirects command.
•
Retain, delete, or validate add-on packages during installation—Three new operational
statements allow you to retain, delete, or validate a set of software add-on packages
when upgrading or downgrading a Junos OS software package. This allows you to
manage multiple software add-on packages at the same time. The new commands
are request system software add set, request system software delete set, and request
system software validate set.
88
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
[See Upgrading Software Packages.]
Junos OS XML API and Scripting
•
libslax distribution supports SLAX script development—libslax is an open-source
implementation of the SLAX language using the "New BSD License." libslax is written
in C and is built on top of the libxml2, libxslt, and libexslt libraries. The libslax distribution
contains the libslax library, incorporates a SLAX writer and SLAX parser, a debugger,
a profiler, and the SLAX processor (slaxproc). The SLAX processor is a command-line
tool that can validate SLAX script syntax, convert between SLAX and XSLT formats,
and format, debug, or run SLAX scripts.
The libslax tools are included as part of the standard Junos OS. However, you can
download and install the libslax distribution on a computer with a UNIX-like operating
system to develop SLAX scripts outside of Junos OS. Links to the current releases,
source code, documentation, and support materials for libslax are available at the
SLAX community and support site at http://www.libslax.org .
[See libslax Distribution Overview.]
•
Support for NETCONF tracing operations—Starting with Junos OS Release 12.2, you
can configure tracing operations for the NETCONF XML management protocol.
NETCONF tracing operations record NETCONF session data in a trace file. The default
trace file is /var/log/netconf. By default, NETCONF tracing operations are not enabled.
You configure NETCONF tracing operations at the [edit system services netconf
traceoptions] hierarchy level. To enable NETCONF tracing operations and to trace all
incoming and outgoing data from NETCONF sessions on that device, configure the flag
all statement. To restrict tracing to only incoming or outgoing NETCONF data, configure
the flag value as either incoming or outgoing, respectively. Additionally, to restrict the
trace output to include only those lines that match a particular expression, configure
the file match statement and define the regular expression against the output is
matched.
To control the tracing operation from within a NETCONF session, configure the
on-demand statement. This requires that you start and stop tracing operations from
within the NETCONF session. If you configure the on-demand statement, you must
issue the <rpc><request-netconf-trace><start/></request-netconf-trace></rpc>
RPC in the NETCONF session to start tracing operations for that session. To stop tracing
for that NETCONF session, issue the
<rpc><request-netconf-trace><stop/></request-netconf-trace></rpc> RPC.
[See Example: Configuring NETCONF Tracing Operations.]
•
jcs:load-configuration template supports the rollback parameter and a null
configuration—The jcs:load-configuration template now supports the rollback
parameter, which rolls back the configuration to a previously committed configuration.
Specify the rollback number of the configuration, and the configuration is loaded from
the associated file.
The jcs:load-configuration template now accepts a NULL configuration for the
configuration parameter. If you supply a NULL configuration, the template performs a
Copyright © 2012, Juniper Networks, Inc.
89
Junos OS 12.2 Release Notes
simple commit of the candidate configuration. Otherwise, configuration changes are
incorporated into the candidate configuration as specified by the action parameter.
•
jcs:open() extension function support for routing-instances—The jcs:open() extension
function returns a connection handle that is used to execute RPCs on a local or remote
device. To redirect the SSH connection to originate from within a specific routing
instance, include the name of the routing instance in the connection parameters. The
routing instance must be configured at the [edit routing-instances] hierarchy level, and
the remote device must be reachable either using the routing table for that routing
instance or from one of the interfaces configured under that routing instance.
[See open() Function (jcs Namespace).]
•
Support for commit script access to the pre-inheritance candidate configuration in
configure private sessions—Commit scripts can now invoke the <get-configuration>
RPC in a private configuration session to retrieve the private, pre-inheritance candidate
configuration for that session. The <get-configuration> RPC now includes the
database-path attribute, which is used to specify the location of the pre-inheritance
configuration database. In addition, the global variable, $junos-context contains a new
commit-context/database-path element , which stores the location of the session’s
pre-inheritance candidate configuration.
To construct a commit script that retrieves the pre-inheritance candidate configuration
specific to that session, include the <get-configuration> RPC in the commit script, and
set the <database-path> attribute to $junos-context/commit-context/database-path.
Layer 2 Ethernet Services
•
90
Support for Layer 2 features on the SONET/SDH OC192/STM64 MICs (MX Series
routers)—The following Layer 2 features are supported on the 1-port SONET/SDH
OC192/STM64 MIC (model number MIC-3D-1OC192-XFP):
•
Interface MTU settings (range: 256–9192 bytes).
•
High-Level Data Link Control (HDLC) Payload scrambling.
•
HDLC CRC checking supports two modes—crc-16 and crc-32.
•
Default idle cycle transmit value is 0x7E.
•
Encapsulations:
•
cisco-hdlc—Cisco-compatible HDLC framing
•
cisco-hdlc-ccc—Cisco-compatible HDLC framing for a cross-connect
•
cisco-hdlc-tcc—Cisco-compatible HDLC framing for a translational cross-connect
•
flexible-frame-relay—Multiple Frame Relay encapsulations
•
frame-relay—Frame Relay encapsulation
•
frame-relay-ccc—Frame Relay for a cross-connect
•
frame-relay-tcc—Frame Relay for a translational cross-connect
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
•
ppp—Serial Point-to-Point Protocol (PPP) device
•
ppp-ccc—Serial PPP device for a cross-connect
•
ppp-tcc—Serial PPP device for a translational cross-connect
•
MPLS circuit cross-connect
•
MPLS translational cross-connect
•
MPLS fast reroute
NOTE: The following Layer 2 encapsulations are not supported on the
1-port SONET/SDH OC192/STM64 MICs:
•
Multilink Frame Relay end-to-end (FRF.15)
•
Multilink Frame Relay end-to-end (FRF.16)
•
Multilink PPP
•
Generic Framing Procedure (GFP)
[See encapsulation (Physical Interface), MTU, and Configuring SONET/SDH HDLC Payload
Scrambling]
•
Subscriber Secure Policy support for Layer 2 Tunneling Protocol (L2TP) subscribers
(MX Series routers)—Subscriber Secure Policy now supports L2TP subscribers
terminating at the Layer 2 network server.
[See Subscriber Secure Policy and L2TP LNS Subscribers.]
•
Extends support for MAC filtering, accounting, policing, and learning to T4000 Type
5 FPC (T4000-FPC5-3D)—Support for logical interface-level MAC filtering, accounting,
policing, and learning for source media access control (MAC) is extended to the T4000
Type 5 FPC. The following features are not supported on the T4000 Type 5 FPC:
•
MAC filtering, accounting, and policing for destination MAC at the logical interface
level.
NOTE: Because destination MAC filtering is not supported, the hardware
is configured to accept all the multicast packets. This configuration
enables the OSPF protocol to work.
•
Premium MAC policers at the logical interface level.
•
MAC filtering, accounting, and policing at the physical interface level.
[See 12-port 10-Gigabit Ethernet LAN/WAN PIC on Type 5 FPC Overview and 100-Gigabit
Ethernet PIC on Type 5 FPC Overview.]
Copyright © 2012, Juniper Networks, Inc.
91
Junos OS 12.2 Release Notes
•
MIB support for Layer 2 policer statistics (MX Series routers)—Adds MIB functionality
to display Layer 2 policer statistics on MX series routers. Use the show interface
interface-name detail command to view Layer 2 policer statistics in the MIB.
[See show snmp mib.]
•
Support for Layer 2 and Layer 2.5 features (MX Series routers with MPC3E)—Starting
with Junos OS Release 12.2, support for the Layer 2 and Layer 2.5 protocols is extended
to MX240, MX480, and MX960 routers with MPC3E (model number MX-MPC3E-3D).
The following features are supported:
•
IGMP snooping for multichassis link aggregation group (MC-LAG) interfaces.
[See IGMP Snooping in MC-LAG Active-Active on MX Series Router Overview.]
•
Configurable label block sizes for VPLS
•
Connectivity fault management process flooding to interfaces based on mesh groups
•
Layer 2 address learning in logical systems.
[See Layer 2 Learning and Forwarding in a Logical System Overview.]
•
Ethernet Ring Protection Switching for multiple ring instances on the same physical
ring.
[See Ethernet Ring Protection Using Ring Instances for Load Balancing.]
•
Transit and bypass static label-switched paths (LSPs)
•
Layer 2 Gigabit Ethernet logical interface policing
•
Static LSP statistics
•
Multiple VLAN Registration Protocol (MVRP)—IEEE 802.1ak-2007.
[See Understanding Multiple VLAN Registration Protocol (MVRP) on MX Series Routers.]
•
Support for Layer 2 Ethernet OAM (MX Series routers with MPC3E)—Extends support
for Layer 2 Ethernet OAM features (802.3ah only) through Junos OS Release 12.2 to
MX240, MX480, and MX960 routers with MPC3E (model number MX-MPC3E-3D).
The following Layer 2 Ethernet OAM functions are supported:
•
Distributed periodic packet management process (ppmd) for improved scaling
•
Graceful Routing Engine switchover (GRES)
•
Remote defect indication (RDI)
•
Configuration of action profiles
[See IEEE 802.3ah OAM Link-Fault Management Overview.]
•
Layer 2 protocols on MPC3E—Enables Layer 2 protocols on MPC3E.
The following Layer 2 protocols are now supported on MPC3E:
•
92
BPDU-protect
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
The BPDU-protect feature is part of an L2CPD module for MX Series devices that
runs the spanning tree suite of protocols. Spanning tree protocols (STPs) break
loops in a Layer 2 bridged network, protecting the network from possible broadcast
storms. BPDU-protect helps prevent misbehaving applications or devices from
interfering with STP operations.
•
Root guard
The root guard feature protects the root bridge by restricting the core bridge from
allowing the edge bridge to declare any others as “parent.” This ensures that the
core bridge is always elected as a root bridge and protected.
•
BPDU loop protect
STP breaks loops by blocking a port, preventing it from receiving or forwarding data
frames. An STP loop occurs when an STP blocking port erroneously transitions to
the forwarding state. The loop protect feature checks to see whether BPDUs are not
received on a non-designated port, and then moves that port into the STP
loop-inconsistent blocking state, instead of the learning/forwarding state.
[See MPC3E MIC Overview.]
•
Support for integrated routing and bridging (IRB) MAC synchronization in
multichassis link aggregation for aggregated Ethernet (MX Series routers)—MX
Series routers with MPCs/MICs operating in multichassis link aggregation (MC-LAG)
with aggregated Ethernet configurations now support integrated routing and bridging
(IRB) MAC address synchronization. In earlier releases, VRRP was the only solution for
sharing the same MAC across MC-LAG chassis for IRB interfaces. This feature is
supported on 32-bit interfaces only and interoperates with earlier MPC/MIC releases.
[See Active-Active Bridging and VRRP over IRB Functionality on MX Series Routers Overview.]
•
Layer 2 Integrated routing and bridging functionality on MPC3E—Junos OS Release
12.2 supports Layer 2 integrated routing and bridging (IRB) interfaces on MPC3E. IRB
interfaces act as Layer 3 routing interfaces for bridge domains.
•
L2PT support on MPC3E—Junos OS supports Layer 2 protocol tunneling (L2PT) on
MX Series MPC3E interfaces.
•
BFD support for VCCV for Layer 2 VPNs, Layer 2 circuits, and VPLS on MPC3E (MX
Series routers)—Bidirectional Forwarding Detection (BFD) support for virtual circuit
connectvity verification (VCCV) on MPC3E interfaces enables you to configure a control
channel for a pseudowire, in addition to performing the corresponding OAM functions
to be used over that control channel.
BFD provides a low-resource mechanism for the continuous monitoring of the
pseudowire data path and for detecting data plane failures. This feature provides
support for asynchronous mode BFD for VCCV as described in RFC 5885, Bidirectional
Forwarding Detection (BFD) for the Pseudowire Virtual Circuit Connectivity Verification
(VCCV). Alternatively, you can use a ping operation to detect pseudowire failures.
However, the processing resources required for a ping operation are greater than what
is needed for BFD. In addition, BFD is capable of detecting data plane failure faster
than a VCCV ping. BFD for pseudowires is supported for Layer 2 circuits (LDP-based),
Layer 2 VPNs (BGP-based), and VPLS (LDP-based or BGP-based).
Copyright © 2012, Juniper Networks, Inc.
93
Junos OS 12.2 Release Notes
Starting with Release 12.2, Junos OS introduces a distributed model for BFD for VCCV.
Unlike in previous releases where BFD for VCCV followed a Routing Engine-based
implementation, in Release 12.2 and later, BFD for VCCV follows a distributed
implementation over PIC concentrators such as DPC, FPC, MPC, and MPC3E.
In Junos OS Release 12.2 and later, the periodic packet management process (ppmd)
on the PIC concentrators handles the periodic packet management (send and receive)
for BFD for VCCV. This enables Junos OS to create more BFD for VCCV sessions, and
to reduce the time taken for error detection. Similarly, the distributed implementation
improves the performance of Routing Engines because the Routing Engine resources
used for BFD for VCCV implementation become available for Routing Engine-related
applications when the BFD for VCCV-related processing moves to the PIC concentrators.
The distributed BFD for VCCV implementation also enables the BFD for VCCV sessions
to remain active across graceful restarts.
[See Configuring BFD for VCCV for Layer 2 VPNs, Layer 2 Circuits, and VPLS.]
MPLS Applications
•
Require BFD-triggered Packet Forwarding Engine local repair—Enables you to
configure BFD and MPLS ping for fast-failure detection without relying on fast physical
level detection. With links between routers, when a route goes down, the rpd
recalculates the next best path. When MPLS-FRR is enabled, ifl messages are flooded
to all FPCs. The edge FPC enables the bypass MPLS LSP tunnel. Lastly, all routes are
repaired and sent through the bypass MPLS LSP tunnel. The amount of time it takes
to repair all routes is proportional to the number of routes.
[See BFD-Triggered Local Repair for Rapid Convergence.]
•
LDP downstream on demand—The Label Distribution Protocol (LDP) is widely deployed
in downstream unsolicited advertisement mode. As service providers integrate the
access and aggregation networks into a single MPLS domain, LDP downstream on
demand is needed to distribute the bindings between access and aggregation networks
to keep the access node control plane as lightweight as possible and to avoid storing
thousands of label bindings from upstream aggregation nodes. Instead of learning and
storing all label bindings for all possible loopback addresses within the MPLS network,
the access node uses LDP downstream on demand to request the label bindings for
only the FECs corresponding to the loopback addresses of those egress nodes to which
it has services configured.
To enable LDP downstream on demand on the router, include the
downstream-on-demand statement at the [edit protocols ldp session session-address]
hierarchy level. Specify the LDP downstream on demand policy using the
dod-request-policy statement at the [edit protocols ldp] hierarchy level to send label
bindings to the access node.
[See Example: Configuring LDP Downstream on Demand.]
•
94
Corouted bidirectional packet LSPs—A corouted bidirectional packet LSP is a
combination of two LSPs sharing the same path between a pair of ingress and egress
nodes. It is established using the GMPLS extensions to RSVP-TE. This type of LSP can
be used to carry any of the standard types of MPLS-based traffic, including Layer 2
VPNs, Layer 2 circuits, and Layer 3 VPNs. You can configure a single BFD session for
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
the bidirectional LSP (you do not need to configure a BFD session for each LSP in each
direction). You can also configure a single standby bidirectional LSP to provide a backup
for the primary bidirectional LSP.
Configure the corouted-bidirectional statement at the [edit protocols mpls
label-switched-path lsp-name] hierarchy level to specify that the LSP be established
as a corouted bidirectional packet LSP. For the reverse path, configure the
corouted-bidirectional-passive statement at the [edit protocols mpls label-switched-path
lsp-name] hierarchy level to associate the LSP with the initial bidirectional LSP when
it is signaled at the ingress router. You cannot configure both of these statements on
the same LSP.
[See Configuring Corouted Bidirectional LSPs.]
•
Extends support for filtering MPLS-tagged IPv4 packets based on match conditions
to T4000 Type 5 FPC (T4000-FPC5-3D)—The support for filtering MPLS-tagged
IPv4 packets based on IP parameters up to five MPLS stacked labels is extended to
the T4000 Type 5 FPC.
[See Standard Firewall Filter Match Conditions for MPLS-Tagged IPv4 or IPv6 Traffic.]
•
Support for filtering MPLS-tagged IPv6 packets based on match conditions on
T4000 Type 5 FPC (T4000-FPC5-3D)—Junos OS supports filtering MPLS-tagged
IPv6 packets based on IP parameters up to five MPLS stacked labels.
To configure the filter match conditions for the mpls family based on IP parameters,
include the from statement at the [edit firewall family family-name filter filter-name
term term-name] hierarchy level:
from {
match-conditions;
}
[See Standard Firewall Filter Match Conditions for MPLS-Tagged IPv4 or IPv6 Traffic.]
•
Point-to-multipoint LSP traceroute support for T4000 routers—You can use the
label-switched path (LSP) trace utility to diagnose data plane failures in
point-to-multipoint LSPs. To trace a point-to-multipoint LSP, issue the traceroute mpls
rsvp multipoint command. The command also includes the egress option, enables you
to specify a particular endpoint, and includes the ttl option, which enables you to limit
the number of hops to trace.
[See traceroute mpls rsvp.]
Multicast
•
Controlling PIM resources for multicast VPNs—Junos OS 12.2 introduces the following
PIM configuration options to protect against potential misbehaving customer edge
(CE) devices and VPN routing and forwarding (VRF) routing instances:
•
Limit the number of accepted PIM joins for any-source groups (*,G) and
source-specific (S,G) groups. You can optionally configure a system log warning
threshold, which allows you to generate and review system log messages to detect
whether an excessive number of PIM joins have been received on the device. The
system log warning threshold is a percentage of the configured PIM join limit. You
Copyright © 2012, Juniper Networks, Inc.
95
Junos OS 12.2 Release Notes
can further specify a log interval, which is the amount of time (in seconds) between
the log messages. To configure PIM join limits and the associated logging threshold,
include the sglimit maximum limit<threshold value> <log-interval seconds> statement
at the following hierarchy levels:
•
•
96
•
[edit logical-systems logical-system-name protocols pim]
•
[edit logical-systems logical-system-name routing-instances routing-instance-name
protocols pim]
•
[edit protocols pim]
•
[edit routing-instances routing-instance-name protocols pim]
Limit the number of received PIM register messages on a rendezvous point (RP).
You can optionally configure a system log warning threshold, which allows you to
generate and review system log messages to detect whether an excessive number
of PIM register messages have been received on the device. The system log warning
threshold is a percentage of the configured PIM register message limit. You can
further specify a log interval, which is the amount of time (in seconds) between the
log messages. To configure PIM register message limits and the associated logging
threshold, include the register-limit maximum limit <threshold value> <log-interval
seconds> statement at the following hierarchy levels:
•
[edit logical-systems logical-system-name protocols pim rp]
•
[edit logical-systems logical-system-name routing-instances routing-instance-name
protocols pim rp]
•
[edit protocols pim rp]
•
[edit routing-instances routing-instance-name protocols pim rp]
Limit the number of group-to-RP mappings on an RP. You can optionally configure
a system log warning threshold, which allows you to generate and review system
log messages to detect whether an excessive number of group-to-RP mappings
have been received on the device. The system log warning threshold is a percentage
of the configured group-to-RP mapping limit. You can further specify a log interval,
which is the amount of time (in seconds) between the log messages. To configure
group-to-RP mapping limits and the associated logging threshold, include the
group-rp-mapping maximum limit <threshold value> <log-interval seconds> statement
at the following hierarchy levels:
•
[edit logical-systems logical-system-name protocols pim rp]
•
[edit logical-systems logical-system-name routing-instances routing-instance-name
protocols pim rp]
•
[edit protocols pim rp]
•
[edit routing-instances routing-instance-name protocols pim rp]
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
NOTE: The group-to-RP mappings limit does not apply to static RP or
embedded RP configurations.
As a result of these PIM configuration options, the show pim statistics instance
instance-name command has been updated to display the configured limits and
currently accepted values for PIM join states and PIM register limits. The PIM register
limit values are displayed on RPs configured for PIM register limits.
[See Example: Configuring PIM State Limits.]
•
Nonstop active routing PIM support for draft-rosen MVPNs—Starting with Release
12.2, Junos OS extends the nonstop active routing PIM support to draft-rosen MVPNs.
Nonstop active routing PIM support for draft-rosen MVPNs enables nonstop active
routing-enabled devices to preserve draft-rosen MPVN-related information—such as
default and data MDT states—across switchovers. In releases earlier than Release 12.2,
nonstop active routing PIM configuration was incompatible with draft-rosen MVPN
configuration.
The backup Routing Engine sets up the default multicast distribution tree (MDT) based
on the configuration and the information it receives from the master Routing Engine,
and keeps updating the default MDT state information.
However, for data MDTs, the backup Routing Engine relies on the master Routing Engine
to provide updates when data MDTs are created, updated, or deleted. The backup
Routing Engine neither monitors data MDT flow rates nor triggers a data MDT switchover
based on variations in flow rates. Similarly, the backup Routing Engine does not maintain
the data MDT delay timer or timeout timer. It does not send MDT join TLV packets for
the data MDTs until it takes over as the master Routing Engine. After the switchover,
the new master Routing Engine starts sending MDT join TLV packets for each data
MDT, and also resets the data MDT timers. Note that the expiration time for the timers
might vary from the original values on the previous master Routing Engine.
NOTE: Nonstop active routing support for PIM does not include support
for next-generation MVPNs. The commit fails if you configure nonstop
active routing for PIM on devices configured for next-generation MVPN
setups.
[See Nonstop Active Routing System Requirements.]
•
Support for PIM automatic make-before-break (MBB) join load balancing—Ensures
that PIM joins are evenly redistributed to all upstream PIM neighbors on an ECMP path.
When an interface is added to an ECMP path, MBB provides a switchover to an alternate
path with minimal traffic disruption. The feature can be enabled by using the automatic
statement at the [edit protocols pim join-load-balance] hierarchy level. When a new
neighbor is available, the time taken to create a path to the neighbor (standby path)
can be configured by using the standby-path-creation-delay seconds statement at the
[edit protocols pim] hierarchy level. In the absence of this statement, the standby path
is created immediately and the joins are redistributed as soon as the new neighbor is
Copyright © 2012, Juniper Networks, Inc.
97
Junos OS 12.2 Release Notes
added to the network. For a join to be moved to the standby path in the absence of
traffic, the idle-standby-path-switchover-delay seconds statement is configured at the
[edit protocols pim] hierarchy level. In the absence of this statement, the join is not
moved until traffic is received on the standby path.
[See Example: Configuring PIM Make-Before-Break (MBB) Join Load Balancing.]
•
BFD client support for PIM IPv6—Enables you to configure BFD liveness detection for
IPv6 interfaces using Protocol Independent Multicast (PIM). Bidirectional Forwarding
Detection (BFD) enables rapid detection of communication failures between adjacent
systems. By default, authentication for BFD sessions is disabled. However, when you
run BFD over Network Layer protocols, the risk of service attacks can be significant.
[See Example: Configuring BFD Liveness Detection for PIM IPv6.]
Network Management
•
Updated MIB for IPv6 networks—Junos OS Release 12.2 and later, Junos OS support
the IP Forwarding MIB table and related objects used for forwarding IP packets in IPv6
networks (in addition to IPv4 networks), as per RFC 4292. The inetCidrRouteTable
table displays IP version-independent multipath CIDR routes. The inetCidrRouteNumber
object indicates the number of current routes in the inetCidrRouteTable table. The
inetCidrRouteDiscards object counts the number of valid routes that are discarded
from the inetCidrRouteTable table.
[See IP Forwarding MIB.]
•
Support for RFC 4087—Junos OS Release 12.2 and later support two standard tables
of the IP Tunnel MIB for managing tunnels of any type over IPv4 and IPv6 networks.
The tunnelIfTable table provides information about the tunnels known to a router. The
tunnelInetConfigTable table displays information about the dynamic creation of tunnels,
and mapping of endpoint addresses to the current interface index value.
[See Standard SNMP MIBs Supported by Junos OS.]
Routing Policy and Firewall Filters
•
98
Extends filter and policer feature support to T4000 Type 5 FPC
(T4000-FPC5-3D)—The following filter and policer features supported on the T1600
Enhanced Scaling Type 4 FPC (T1600-FPC4-ES) are also supported on the T4000
Type 5 FPC (T4000-FPC5-3D):
•
Label-switched path (LSP) policers
•
Address Resolution Protocol (ARP) policers
•
Tricolor marking policers
•
Forwarding table filters
•
Filter-based forwarding
•
Prefix-specific actions
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
The following filter and policer features supported on the T1600 Enhanced Scaling
Type 4 FPC (T1600-FPC4-ES) are not supported on the T4000 Type 5 FPC
(T4000-FPC5-3D):
•
Service PIC-related filters.
•
Applying a policer at the logical interface level.
•
Filter actions such as ipsec-sa, service-accounting, and service-filter-hit.
•
The dscp 0 action is not supported during the interoperation between a T1600
Enhanced Scaling Type 4 FPC and a T4000 Type 5 FPC.
•
Shared bandwidth policer.
•
A filter attached at the Layer 2 application point (that is, at the logical interface level)
is unable to match with the forwarding class of a packet that is set by a Layer 3
classifier such as DSCP, DSCP V6, inet-precedence, or mpls-exp.
•
Using interface-group and interface-group-except as match conditions for the VPLS
family filter.
•
Applying filters at set interfaces lo0 unit 0 family any filter input filter-name.
•
For a three-color policer operating in color-aware mode and when the PLP of the
input packet is medium-low, the color of the input packet to the policer is mapped
to the color yellow.
In such a scenario, if the color of the input packet remains unchanged, the policer
operates in the following way:
•
On a T1600 Enhanced Scaling Type 4 FPC (T1600-FPC4-ES), the PLP of the
output packet remains medium-low.
•
On a T4000 Type 5 FPC (T4000-FPC5-3D), the PLP of the output packet is
marked as medium-high.
Because of this difference, for any applications (such as rewrite and WRED selection
on egress interface) that use PLP, the packets are treated differently for the same
flow depending on the FPC type (T1600 Enhanced Scaling FPC4 (T1600-FPC4-ES)
or T4000 FPC5 (T4000-FPC5-3D)) on which the policer is applied.
[See Configuring Policers for LSPs, Three-Color Policer Configuration Overview, Configuring
Forwarding Table Filters, Filter-Based Forwarding Overview, Prefix-Specific Action
Configuration, and Color-Aware Mode.]
•
Hierarchical policer support for T4000 Type 5 FPC (T4000-FPC5-3D)—Type 5 FPCs
on T4000 routers support hierarchical policers only at the interface family level.
NOTE: Support for hierarchical policers at the physical and logical interface
levels requires the presence of an IQE PIC. Because the T4000 Type 5 FPC
does not have an IQE PIC, hierarchical policers are not supported at the
physical and logical interface levels on this FPC.
Copyright © 2012, Juniper Networks, Inc.
99
Junos OS 12.2 Release Notes
[See hierarchical-policer and aggregate (Hierarchical Policer).]
Routing Protocols
•
Origin validation for BGP—Enables BGP to recognize when an autonomous system
(AS) begins advertising all or part of another company's assigned network. BGP
recognizes the error and responds in a way that avoids service interruptions. To
configure, include the validation statement (and associated child statements) at the
[edit routing-options] hierarchy level. Also configure a policy with the from
validation-database match condition, the then validation-state action, and the extended
community (origin validation state).
[See Example: Configuring Origin Validation for BGP.]
Subscriber Access Management
•
Junos OS subscriber management scaling values (M120, M320, and MX Series
routers)—A spreadsheet is available online that lists scaling values supported for Junos
OS subscriber management beginning with Junos OS Release 10.1. Access the Subscriber
Management Scaling Values (XLS) spreadsheet from the Downloads box at
http://www.juniper.net/techpubs/en_US/junos12.2/information-products
/pathway-pages/subscriber-access/index.html. You can also substitute the number of
the latest Junos OS release for the 12.2 release-number. For example, ...en_us/junos11.1/....
[See Subscriber Management Scaling.]
•
Scaling enhancements—This release enables significant scaling and performance
gains applicable to a broad range of broadband edge deployment models. Absolute
scaling and performance numbers achievable are influenced by a number of factors
including deployment model, software configuration, and hardware configuration.
Applicable subscriber scaling licenses apply.
Maximum scaling and performance for broadband edge configurations require the
RE-S-1800 Routing Engine and MPC2 access-facing modules.
[See Subscriber Management Scaling.]
•
Scaling resource management—The memory resource management feature enables
additional system protection by limiting subscriber logins during times of high memory
utilization. Limiting subscriber logins helps avoid resource exhaustion. As utilization
decreases, the subscriber limits are removed.
[See Subscriber Management Scaling.]
•
Support for configuring dynamic VLAN subscriber interfaces using
agent-circuit-identifier information (MX Series routers with MPCs/MICs)—Enables
you to configure dynamic VLAN subscriber interfaces for DHCP and PPPoE subscribers
based on agent-circuit-identifier information. To use this feature, you must configure
the dynamic VLAN subscriber interfaces on MPC/MIC modules that face the access
side of the network in an MX Series router.
In Ethernet-based subscriber access networks, DHCP and PPPoE subscribers are
uniquely identified either by means of VLAN encapsulation (that is, the S-VLAN ID tag
100
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
and the VLAN ID tag), or by insertion of the agent-circuit-identifier string in DHCP and
PPPoE control messages.
For dynamic VLAN subscriber interfaces with single-tagged, untagged, or double-tagged
VLAN encapsulation, you can configure the router to examine the DHCP and PPPoE
control packets to extract the agent-circuit-identifier information in order to build a
unique VLAN subscriber interface. The agent-circuit-identifier value is a string that
uniquely identifies the subscriber's access node and the DSL line on the access node.
For DHCP traffic, the agent-circuit-identifier string is in the DHCP option 82 field of
DHCP messages. For PPPoE traffic, the agent-circuit-identifier string is in the DSL
Forum Agent-Circuit-ID VSA [26-1] of PPPoE Active Discovery Initiation (PADI) and
PPPoE Active Discovery Request (PADR) control packets.
Configuring dynamic VLAN subscriber interfaces based on agent-circuit-identifier
information is particularly useful in configurations with multiple DHCP and PPPoE
subscriber sessions per household. Because DHCP and PPPoE traffic sent to the router
from the same household has the same agent-circuit-identifier information, the router
groups these DHCP and PPPoE subscribers in the same agent-circuit-identifier interface
set. An agent-circuit-identifier interface set is a logical collection of subscriber interfaces
that orginate at the same household or on the same access-loop port. Grouping
subscribers into agent-circuit-identifier interface sets facilitates application of
subscriber-based services, such as class of service (CoS) and interface-shared filters,
to all of the subscriber’s interfaces.
Configuring a dynamic VLAN subscriber interface based on agent-circuit-identifier
information involves the following basic steps:
1.
Create a dynamic profile that defines the agent-circuit-identifier interface set.
To reference the interface set, include the interface-set statement with the
$junos-interface-set-name predefined variable at the [edit dynamic-profiles
profile-name interfaces] hierarchy level.
2. (Optional) Include attributes for PPPoE, CoS, and interface-shared filters in the
dynamic profile for the agent-circuit-identifier interface set.
For dynamic PPPoE subscriber interfaces, you can include the max-sessions
statement at the [edit dynamic-profiles profile-name interfaces interface-set
“$junos-interface-set-name” pppoe-underlying-options] hierarchy level.
3. Configure the underlying VLAN interface to enable dynamic subscriber interface
creation based on agent-circuit-identifier information.
•
For a statically created underlying VLAN interface, include the auto-configure
stanza at the [edit interfaces interface-name unit logical-unit-number] hierarchy
level.
•
For a dynamically created underlying VLAN interface, include the auto-configure
stanza at the [edit dynamic-profiles profile-name interfaces
“$junos-interface-ifd-name” unit “$junos-interface-unit”] hierarchy level.
4. Associate the dynamic agent-circuit-identifier interface set with the logical subscriber
interface.
Copyright © 2012, Juniper Networks, Inc.
101
Junos OS 12.2 Release Notes
•
In a dynamic profile for a PPPoE logical subscriber interface, include the
interface-set $junos-interface-set-name interface pp0 unit $junos-interface-unit
statement at the [edit dynamic-profiles profile-name interfaces] hierarchy level.
•
In a dynamic profile for an IP demultiplexing (IP demux) logical subscriber interface
for DHCP subscribers, include the interface-set $junos-interface-set-name interface
demux0 unit $junos-interface-unit statement at the [edit dynamic-profiles
profile-name interfaces] hierarchy level.
To verify and manage dynamic VLAN configurations based on agent-circuit-identifier
information, you can use the following new operational commands:
•
clear auto-configuration interfaces interface-set
•
show subscribers aci-interface-set-name
•
show subscribers agent-circuit-identifier
In addition, the output of the following operational commands has been enhanced to
help you verify and manage this feature for DHCP and PPPoE subscribers:
•
show dhcp server binding detail
•
show interfaces
•
show pppoe interfaces
•
show pppoe underlying-interfaces
•
show subscribers detail
[See Configuring Dynamic VLANs Based on Agent Circuit Identifier Information.]
•
102
Support for subscriber services over ATM networks (MX Series routers with MPCs
and ATM MICs with SFP)—By using the ATM MIC with SFP (model number
MIC-3D-80C3-20C12-ATM) and a supported MPC, you can configure an MX Series
router to support the following configurations that enable subscribers to access an
MX Series router over an ATM network:
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
•
PPPoE-over-ATM
PPP-over-Ethernet-over-ATM (PPPoE-over-ATM) configurations support both
statically created and dynamically created PPPoE (pp0) logical subscriber interfaces
over static ATM underlying interfaces. Most PPPoE and subscriber services features
supported on terminated connections and tunneled (L2TP access concentrator, or
LAC) connections are also supported for access to an MX Series router over an ATM
network. You can dynamically apply subscriber services such as class of service
(CoS) and firewall filters to the pp0 logical subscriber interface by configuring the
services in the dynamic profile that creates the static or dynamic pp0 logical interface.
For PPPoE-over-ATM configurations on an MX Series router, you must configure the
ATM underlying interface with PPPoE-over-ATM logical link control (LLC)
encapsulation. To do so, include the encapsulation ppp-over-ether-over-atm-llc
statement at the [edit interfaces interface-name unit logical-unit-number] hierarchy
level.
You must configure the router to act as a PPPoE server (also known as a remote
access concentrator) in PPPoE-over-ATM configurations on MX Series routers.
Configuring the router to act as a PPPoE client in these configurations is not
supported.
•
Routed IP-over-ATM
Routed IP-over-ATM (IPoA) configurations support statically created IPv4 and IPv6
logical subscriber interfaces over static ATM underlying interfaces. (Dynamic creation
of IPv4 or IPv6 interfaces is not supported.) Subscriber services such as CoS and
firewall filters must also be statically configured; you cannot use a dynamic profile
for this purpose.
Routed IPoA configurations on an MX Series router support two types of
encapsulation on the ATM underlying interface:
•
•
To configure routed IPoA encapsulation that uses LLC, you must configure the
ATM underlying interface with ATM subnetwork attachment point (SNAP)
encapsulation. To do so, include the encapsulation atm-snap statement at the
[edit interfaces interface-name unit logical-unit-number] hierarchy level.
•
To configure routed IPoA encapsulation that uses virtual circuit (VC) multiplexing,
you must configure the ATM underlying interface with ATM VC multiplex
encapsulation. To do so, include the encapsulation atm-vc-mux statement at the
[edit interfaces interface-name unit logical-unit-number] hierarchy level.
Bridged IP-over-Ethernet-over-ATM
Bridged IP-over-Ethernet-over-ATM configurations support statically created IPv4
and IPv6 logical subscriber interfaces over static Ethernet interfaces over static ATM
underlying interfaces. (Dynamic creation of IPv4, IPv6, or Ethernet interfaces is not
supported.) Subscriber services such as CoS and firewall filters must also be statically
configured; you cannot use a dynamic profile for this purpose.
For bridged IP-over-Ethernet-over-ATM configurations on an MX Series router, you
must configure the ATM underlying interface with Ethernet-over-ATM LLC
Copyright © 2012, Juniper Networks, Inc.
103
Junos OS 12.2 Release Notes
encapsulation. To do so, include the encapsulation ether-over-atm-llc statement at
the [edit interfaces interface-name unit logical-unit-number] hierarchy level.
•
PPP-over-ATM
PPP-over-ATM (PPPoA) configurations support statically created PPP logical
subscriber interfaces over static ATM underlying interfaces. (Dynamic creation of
the PPP interfaces is not supported.) Most features supported for PPPoE
configurations are also supported for PPP access to an MX Series router over an
ATM network. You can dynamically apply subscriber services such as CoS and firewall
filters to the static PPP logical subscriber interface by configuring the services in the
dynamic profile that creates the PPP logical interface.
PPPoA configurations on an MX Series router support two types of encapsulation
on the ATM underlying interface:
•
To configure PPPoA encapsulation that uses LLC, you must configure the ATM
underlying interface with PPP-over-AAL5 LLC encapsulation. To do so, include
the encapsulation atm-ppp-llc statement at the [edit interfaces interface-name
unit logical-unit-number] hierarchy level.
•
To configure PPPoA encapsulation that uses VC multiplexing, you must configure
the ATM underlying interface with PPP-over-ATM AAL5 multiplex encapsulation.
To do so, include the encapsulation atm-ppp-vc-mux statement at the [edit
interfaces interface-name unit logical-unit-number] hierarchy level.
Using these configurations enables the delivery of subscriber-based services, such as
CoS and firewall filters, for subscribers accessing the router over an ATM network. In
addition, PPPoE-over-ATM support on an MX Series router enables you to configure
the router to dynamically create PPPoE logical subscriber interfaces over static ATM
underlying interfaces only when needed; that is, when a subscriber logs in on the
associated underlying interface. (Dynamic PPPoE over static ATM configurations are
not supported on M Series routers and T Series routers.)
You can use the same basic statements, commands, and procedures to create, verify,
and manage PPPoE-over-ATM, IPoA, IP-over-Ethernet-over-ATM, and PPPoA
configurations as the statements, commands, and procedures you use for static
configurations on M Series routers and T Series routers, and for dynamic PPPoE
configurations on MX Series routers.
[See Junos OS Subscriber Access Configuration Guide, Junos OS ATM Interfaces Configuration
Guide, and Junos OS Circuit Emulation Interfaces Configuration Guide.]
•
104
Sharing schedulers and scheduler maps across dynamic CoS—The system generates
unique identifiers (IDs) in dynamic profiles created for services. The generated unique
IDs enable you to identify and configure separate parameter values with the same
variable name. When applied to CoS, you can configure scheduler and scheduler map
sharing. In client profiles, schedulers and scheduler maps must use the unique ID format.
If the client profile uses the unique ID format and you want to have either scheduler or
scheduler map sharing for service activation, you must configure the service profile in
unique ID format. Generating unique IDs based on schedulers and scheduler maps
eliminates duplication and improves router performance and scalability.
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
To enable this feature, include the variables for CoS in the client or service dynamic
profile. For example, to have scheduler map and scheduler sharing, you need to define
variables for the scheduler maps smap_data and smap_voice and for the schedulers
data_sched and voice_sched in the dynamic profile. You then add the scheduler maps
and schedulers in the variable format such as $smap_data, $smap_voice, $data_sched,
and $voice_sched, respectively to the class-of-service hierarchy.
[See Access Profiles and Service Profiles Overview].]
•
ANCP enhancements for VLAN demux over aggregated Ethernet interfaces and
RADIUS (MX Series routers)—ANCP can perform class-of-service traffic shaping for
a household, for individual PPPoE sessions within a household, or for both. ANCP now
supports VLAN demux over aggregated Ethernet interfaces, with or without interface
sets. This support includes the following:
•
Mapping agent circuit identifiers (ACIs) to interfaces.
•
Dynamically updating the CoS process with the adjusted downstream data rate.
ANCP receives the actual data rate from the access node and then adjusts it
according to its configuration before updating CoS. (The upstream rate is not provided
to CoS because it does not shape upstream traffic.)
•
OAM support for managing PPPoE sessions.
ANCP can now make CoS-related adjustments to the upstream data rate it receives
from the access node. (In earlier releases, only downstream rate adjustment was
possible.) ANCP can report both the adjusted and the unadjusted values to authd for
RADIUS authentication and accounting. Rate adjustment and rate reporting are
supported on the following interfaces, with or without interface sets:
•
VLAN over Ethernet
•
VLAN demux over aggregated Ethernet
By reporting adjusted data rates, ANCP enables RADIUS to allocate the appropriate
services (including class of service) to PPPoE sessions during authentication. The
reports also enable RADIUS accounting to track the actual class of service provided
for PPPoE sessions, which in turn enables accurate billing for subscriber services.
ANCP stores the DSL attributes that it receives from access nodes in the shared
database. The ANCP DSL attributes are mapped by authd to the Juniper Networks
DSL VSAs used by RADIUS. RADIUS uses these attributes during authentication and
accounting for PPPoE sessions on the subscriber access line. The attributes persist
even when the ANCP session to a given node has ended, enabling RADIUS to later
apply these attributes to new sessions on that subscriber access line. To remove the
attributes, you must delete the access line from the ANCP configuration.
The RADIUS profile must be configured to include the juniper-dsl-attributes option, or
authd does not report the attributes to RADIUS. If the ANCP DSL attributes are
unavailable, the session’s advisory upstream and downstream data rates are mapped
to the calculated upstream and downstream data rate VSAs. These VSAs alone are
then provided to RADIUS.
Copyright © 2012, Juniper Networks, Inc.
105
Junos OS 12.2 Release Notes
For successful authentication and accounting by RADIUS, AAA has to correlate PPPoE
sessions with their access lines and their associated DSL attributes. Some access
nodes provide the ACI in PADI/PADR packets for the PPPoE sessions.
When the ACI is not provided in a 1:1 VLAN model with interface sets, you must associate
the underlying interface for the sessions with the ACI and the interface set. If you do
not configure this association, then only the advisory traffic rates are provided to
RADIUS. This configuration has no effect when the ACI is provided by the access node.
For the N:1 VLAN model with interface sets, the access node must provide the ACI. If
you configure the underlying interface for this model when the access node does not
provide the ACI, PPPoE sessions could be incorrectly correlated with access lines.
To map an ACI to a static VLAN demux interface, include the access-identifier identifier
statement, and optionally the neighbor neighbor-ip-address statement, at the [edit
protocols ancp interfaces demux0.logical-unit-number] hierarchy level.
To configure advisory upstream and downstream data rates on a static VLAN demux
interface, include the upstream-rate rate or downstream-rate rate statements at the
[edit interfaces demux0 unit logical-unit-number] hierarchy level.
To configure an underlying interface for the PPPoE sessions in an interface set, include
the underlying-interface interface-name statement at the edit protocols ancp interfaces
interface-set interface-set-name] hierarchy level.
[See ANCP Operations in Different Network Configurations.]
•
PPP options and keepalives supported for L2TP LNS subscribers per interface (MX
Series routers)—You can configure PPP options for LNS subscribers on inline services
(si) interfaces on a per-interface basis. In earlier releases, you applied a configuration
for PPP options only with a user group profile, which specifies the same configuration
for all subscribers processed through a particular LAC client. The new support matches
the existing behavior for terminated PPPoE subscribers on pp0 interfaces and uses
the following existing statements:
ppp-options {
chap;
pap;
}
For dynamically created si interfaces, include the statements at the [edit
dynamic-profiles profile-name interfaces "$junos-interface-ifd-name" unit
“$junos-interface-unit”] hierarchy level.
For statically configured si interfaces, include the statements at the [edit interfaces
si-slot/pic/port unit logical-unit-number] hierarchy level.
BEST PRACTICE: Although all other statements subordinate to
ppp-options—including those subordinate to chap and pap—are supported,
they are typically not used for subscriber management. We recommend
that you leave these other statements at their default values.
106
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
Similarly, you can now configure PPP keepalives on a per-interface basis, whereas in
earlier releases you configured PPP keepalives only with a user group profile.
For dynamic si interfaces, include the keepalives statement at the [edit dynamic-profiles
profile-name interfaces "$junos-interface-ifd-name" unit “$junos-interface-unit”]
hierarchy level.
For static si interfaces, include the keepalives statement at the [edit interfaces
si-slot/pic/port unit logical-unit-number] hierarchy level.
When you change the PPP keepalive configuration in a user group profile, the modified
configuration affects only new sessions logging in. Sessions that exist at the time of
the change are not affected.
When you configure the PPP options or PPP keepalives for L2TP LNS subscribers both
on the si interface and in user group profiles, the inline service interface configuration
takes precedence over the group profile configuration.
[See Applying PPP Attributes to L2TP LNS Subscribers Per Inline Service Interface.]
•
Support for CoS on dynamic VLAN subscriber interfaces using agent-circuit-identifier
information (MX Series routers with MPCs/MICs)—Enables you to configure specified
class-of-service (CoS) attributes using a dynamic interface set. Because the interface
sets corresponding to VLANs using agent-circuit-identifier (ACI) information are created
dynamically, you can now apply CoS attributes, such as shaping, at the household
level. You must set and define the CoS policy for the ACI virtual VLAN interface set
using the ACI set profile (not the subscriber profile). CoS on dynamic VLANs includes
support for level 3 or level 2 scheduler nodes for a dynamic interface set. You can also
configure a traffic control profile and a remaining traffic control profile for a dynamic
interface set. CoS on dynamic VLANs enables you to configure a dynamic scheduler
map for a traffic control profile that is used by a dynamic interface set. In this case, the
dynamic scheduler map must use the UID format. This feature ensures that a subscriber
receives a minimum bandwidth (guaranteed rate) and a maximum bandwidth (shaping
rate), which reduces network operational expenses by providing centralized
management of the network.
To enable this feature, include attributes for CoS in the dynamic profile for the
agent-circuit-identifier interface set. For example, for dynamic CoS subscriber interfaces,
you can include the output-traffic-control-profile statement or
output-traffic-control-profile-remaining statement at the [edit dynamic-profiles
profile-name class-of-service interfaces interface-set “$junos-interface-set-name” ]
hierarchy level.
[See CoS for Subscriber Access Overview.]
•
Support for dynamic interface-shared filters (MX Series routers with
MPCs/MICs)—Enables you to configure a new type of dynamic filter attachment.
Interface-shared filters can be defined statically or dynamically, but can only be applied
using dynamic profiles, and are supported for both client and service sessions. The
same interface-shared instance can be attached to multiple interfaces only if these
interfaces reference the same interface-shared filter name and have the same
shared-name. The shared-name can either be populated from
Copyright © 2012, Juniper Networks, Inc.
107
Junos OS 12.2 Release Notes
$junos-interface-set-name, where the value comes from the related client session, or
a service session variable.
With VLAN subscriber interfaces that use the agent-circuit-identifier information, many
subscribers share the same underlying logical interface. Because some of these
subscribers are related to each other as part of the same household, you must apply
an interface-shared filter to the subscriber logical interfaces that make up the household
to be able to filter and police these related subscribers at a household level. All
interfaces that share the same interface-shared filter instance share the same set of
counters and policer actions.
The base filter name of a parameterized filter is assigned depending upon the profile
name and the contents of the filter definition. Therefore, when interface-shared filter
is used with parameterized filters, all service sessions expecting to share the same
instance of an interface-shared filter must have the exact same parameterized filter
and profile. A service session should expect a different instance of the interface-shared
filter if either the parameterized filter or the profile is different.
To use this feature, you must configure the filter by using the interface-shared statement
at the [edit firewall family [inet|inet6] filter filter-name] hierarchy level. To attach this
type of filter to an interface, the shared-name must be defined, and the interface must
be a dynamic interface, which is defined within a dynamic-profiles hierarchy.
[See Interface-Shared Filters Overview.]
•
Option 82 suboptions in authentication usernames for autosense VLANs (MX Series
routers)—You can specify the option 82 suboptions that are concatenated with the
username during the authentication process for autosense VLANs. The option 82 value
used in creating the username is based on the option 82 value that is encoded in the
incoming DHCP discover packet. You can specify either both or neither of the Agent
Circuit ID (suboption 1) and the Agent Remote ID (suboption 2). If you specify both,
the Agent Circuit ID is supplied first, followed by a delimiter, and then the Agent Remote
ID. If you specify that neither suboption is supplied, the raw payload of option 82 from
the PDU is concatenated to the username. The use of option 82 suboptions is supported
for DHCPv4 discover packets only.
Use the option-82 circuit-id remote-id statement at the [edit interfaces interface-name
auto-configure vlan-ranges authentication username-include] hierarchy level to configure
option 82 support for autosense VLANs.
[See Option 82 Suboptions in Authentication Usernames for Autosense VLANs .]
•
S-VLAN-based shaping support for dynamic profiles—This release supports CoS
traffic shaping of service VLAN (S-VLAN) interface sets in dynamic profiles. An interface
set enables you to group interfaces into a logical group and provide the same level of
service for that group of subscribers.
This feature requires the introduction of the following new internal dynamic variables:
•
108
$junos-svlan-interface-set-name—Locally generated interface set name for use by
dual-tagged VLAN interfaces based on the outer tag of the dual-tagged VLAN. The
format of the generated variable is physical_interface_name - outer_VLAN_tag.
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
•
$junos-tagged-vlan-interface-set-name—Locally generated interface set name
used for grouping logical interfaces stacked over logical stacked VLAN demux
interfaces for either a 1:1 (dual-tagged; individual client) VLAN or N:1 (single tagged;
service) VLAN. The format of the generated variable differs with VLAN type. For
dual-tagged (client) VLANs, the format of the generated variable is
physical_interface_name - outer_VLAN_tag - inner_VLAN_tag. For single tagged (service)
VLAN, the format of the generated variable is physical_interface_name - VLAN_tag.
To configure VLAN-based shaping, include the interface-set statement, along with the
desired dynamic variable, at the [edit dynamic-profiles dynamic-profile-name interfaces]
hierarchy level. You must also include the interface statement, along with the demux0
interface, at the [edit dynamic-profiles dynamic-profile-name interfaces interface-set
dynamic-variable] hierarchy level, and the unit statement, along with the
$junos-interface-unit dynamic variable for the dynamically created set units, at the
[edit dynamic-profiles dynamic-profile-name interfaces interface-set dynamic-variable
interface demux0] hierarchy level.
In addition to configuring the interface set for the dynamic profile, you must also include
the expected interface set name for each physical or aggregated interface that you
want to be part of the interface set. For example, to specify the expected interface set
name for aggregated Ethernet interface ae0 and outer VLAN tag 111, include ae0-111
at the [edit class-of-service interfaces demux0] hierarchy level.
[See CoS for Interface Sets of Subscribers Overview and CoS for Interface Sets of Subscribers
Overview.]
Copyright © 2012, Juniper Networks, Inc.
109
Junos OS 12.2 Release Notes
User Interface and Configuration
•
Support for configuring CLI breadcrumbs—The output of the show configuration
operational mode command and the show configuration mode commands can be
configured to display configuration breadcrumbs that indicate the exact location in
the hierarchy of the output being viewed. To enable the feature, configure the
configuration-breadcrumbs statement at the [edit system login class class-name]
hierarchy level.
[See Example: Enabling Configuration Breadcrumbs.]
VPNs
•
VPLS improved convergence time for multihomed sites—You can improve the
convergence time for VPLS multihomed sites by configuring the best-site statement
at the [edit routing-instances routing-instance-name protocols vpls site site-name]
hierarchy level and the mac-flush statement at the [edit routing-instances
routing-instance-name protocols vpls] hierarchy level. The best-site statement is new
for Junos OS Release 12.2 and designates the site as the most preferable site for the
provider edge (PE) router. The mac-flush statement is an existing statement. It enables
media access control (MAC) flush processing for the VPLS routing instance or for the
mesh group under a VPLS routing instance. MAC flush processing removes MAC
addresses from the MAC address database that have been learned dynamically. With
the dynamically learned MAC addresses removed, MAC address convergence requires
less time to complete.
[See Example: VPLS Multihoming, Improved Convergence Time.]
•
Layer 3 VPN localization—Layer 3 VPN localization provides a mechanism for localizing
routes of instance type vrf or virtual-routers to specific Packet Forwarding Engines to
help maximize the number of routes or VRFs that a router can handle.
To accomplish this, the Layer 3 VPN routes are installed only on the CE-facing Packet
Forwarding Engine. By doing this, you can optimize the Packet Forwarding Engine
memory. By Layer 3 VPN localization, the number of VPN IP routes that can be handled
can be increased by using multiple Layer 3 VPN instances that are distributed across
multiple Packet Forwarding Engines.
You can use the following statements at the [edit
routing-instances routing-instance-name routing-options] hierarchy level to configure
route localization for VRF:
•
localize—Include this statement to localize routing-instance routes to a specific
Packet Forwarding Engine hardware. This statement is applicable to inet and inet6
families in the routing instance. It is not applicable for address families such as ISO
and MPLS.
For routing instances of type vrf, the localize statement can be specified along with
the vrf-table-label. You can also configure the statement in a VRF table that includes
a vt- interface. If both localize and vrf-table-label are specified, the localize statement
takes precedence for an L3VPN route label allocation. Similarly, if a vt- interface is
110
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
configured along with the localize statement, the vt- interface takes precedence for
an L3VPN route label allocation.
You can configure the following options for this statement
•
unicast-only—Localizes unicast routes for the route tables associated with the
routing instance. If the localize statement is configured without this option, the
device localizes both unicast and multicast routes for the route tables associated
with the routing instance.
•
source-class-usage—Enables the Packet Forwarding Engine for source-prefix
lookup in the context of a per-Packet Forwarding Engine table next hop at the
egress CE-facing Packet Forwarding Engine. Include this statement for a VRF
routing instance for packets coming from the MPLS core.
To enable flexible label allocation for localization, you can specify a different label
allocation policy when you configure a VRF with localization. Use the per-table-localize
option for the label-allocation statement at the [edit policy-options policy-statement
policy-statement-name term term-name then].
The per-table-localize label allocation policy is only applicable if the VRF is configured
with the localize statement.
Issue the show route instance detail command to view VRF route localization details.
You can also use the show route table mpls protocol vpn command to view details
of the VPN route next hops.
[See Example: Configuring Layer 3 VPN Localization.]
•
Egress protection for Layer 3 VPN edge protection —Typically, Layer 3 VPN
service-restoration for multihomed customer edge (CE) routers depends on the ingress
provider edge (PE) router to detect the egress PE link or node failure and switch traffic
to the backup PE router. To achieve faster restoration, you can use a protector
mechanism for the PE router to perform local restoration of the service immediately
in case of an egress PE node failure. This mechanism is known as egress protection
and requires the router at the point of local repair (PLR) router to redirect VPN traffic
to a protector PE router for fast reroute of traffic. When you configure egress protection,
the PLR detects the protected PE link or node failure and reroutes traffic through the
protector PE router using the backup LDP-signaled LSP. The PLR uses per-prefix LFAs
to program the backup next hop through the protected PE router and traffic is forwarded
to the CE routers using the alternate paths. This restoration is done quickly after the
PLR router detects the PE egress node or link failure.
You can use the following configuration statements to configure egress protection:
•
egress-protection—Configures protector information for the Layer 3 VPN and edge
protection virtual circuit for the MPLS protocol. It also configures the context identifier
at the [edit protocols mpls] hierarchy level.
The egress-protection statement configured as unicast at the
[edit protocols bgp group group-name family inet-vpn],
[edit protocols bgp group group-name inet6- vpn], or
[edit protocols bgp group group-name iso-vpn] hierarchy levels contains a context ID
Copyright © 2012, Juniper Networks, Inc.
111
Junos OS 12.2 Release Notes
for the context identifier. Include this statement to enable egress protection for the
configured BGP VPN network layer reachability information (NRLI). This configuration
is required only on the protected PE and is not on the protector router.
The egress-protection statement configured at the [edit routing-instances] hierarchy
level holds the context identifier of the protected PE. Include this statement in the
configuration only on the primary PE router for outbound BGP updates for the next
hops.
•
context-identifier—Specifies an IPv4 address used to define the pair of PE routers
participating in the egress protection LSP. The context identifier is used to assign an
identifier to the protector PE router. The identifier is propagated to the other PE
routers participating in the network, making it possible for the protected egress PE
router to signal the egress protection LSP to the protector PE router.
[See Example: Configuring MPLS Egress Protection for Layer 3 VPN Services.]
•
Support for configuring more than one million Layer 3 VPN labels—For Layer 3 VPNs
configured on Juniper Networks routers, Junos OS normally allocates one inner VPN
label for each customer edge (CE)-facing virtual routing and forwarding (VRF) interface
of a provider edge (PE) router. However, other vendors allocate one VPN label for each
route learned over the CE-facing interfaces of a PE router. This practice increases the
number of VPN labels exponentially, which leads to slow system processing and slow
convergence time.
For Juniper Networks routers participating in a mixed vendor network with more than
one million Layer 3 VPN labels, include the extended-space statement at the [edit
routing-options forwarding-table chained-composite-next-hop ingress l3vpn] hierarchy
level. The extended-space statement is disabled by default.
We recommend that you configure the extended-space statement in mixed vendor
networks containing more than one million BGP routes to support Layer 3 VPNs.
However, because using this statements can also enhance the Layer 3 VPN performance
of Juniper Networks routers in networks where only Juniper Networks routers are
deployed, we recommend configuring the statement in these networks as well.
[See Accepting BGP Updates with Unique Inner VPN Labels in Layer 3 VPNs.]
•
112
Proxy BGP route target filtering—This feature (also known as proxy route target
constrain, or proxy RTC) permits the generation of route target membership (RT
membership) for devices that do not support route target filtering. This eases the
deployment of route target filtering in networks where it is incompletely deployed or
not fully supported. Proxy BGP route target filtering allows you to distribute proxy RT
membership advertisements created from the received BGP VPN routes to other
devices in the network that need them. These are known as proxy advertisements
because the device creates the RT membership on behalf of its peers without the route
target filtering functionality. Proxy BGP route target filtering uses BGP route target
extended communities that are exported to a specific BGP speaker to generate the
route targets. Generated proxy RTC routes are stored in the bgp.rtarget.0 routing table.
Copyright © 2012, Juniper Networks, Inc.
New Features in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
To configure proxy BGP route target filtering, include the proxy-generate
<route-target-policy route-target-policy-name> statement at the following hierarchy
levels:
•
[edit logical-systems logical-system-name protocols bgp group group-name family
route-target]
•
[edit logical-systems logical-system-name protocols bgp group group-name neighbor
address family route-target]
•
[edit protocols bgp group group-name family route-target]
•
[edit protocols bgp group group-name neighbor address family route-target]
You can also configure a policy to further control route target filtering routes. This
functionality applies to both BGP route target filtering and proxy BGP route target
filtering. You define a list of route target prefixes to use in a routing policy and then
apply those route target prefixes to the routing policy.
To define a list of route target prefixes to use in a routing policy, include the rtf-prefix-list
name route-targets statement at the following hierarchy levels:
•
[edit logical-systems logical-system-name policy-options]
•
[edit logical-systems logical-system-name policy-options policy-statement policy-name
term term-name]
•
[edit policy-options]
•
[edit policy-options policy-statement policy-name term term-name]
The following route target filtering match conditions are available:
NOTE: You define these match conditions in the from statement.
•
family route-target—Specifies matching BGP route target filtering routes.
•
protocol route-target—Specifies the criteria that an incoming route must match. This
is useful for restricting the policy to locally generated route target filtering routes.
•
rtf-prefix-list name—Applies the list of route target prefixes that you already configured
to the policy.
As a result of the proxy BGP route target filtering feature, the show route table
bgp.rtarget.0 command has been updated to show the route target type of Proxy.
[See Understanding Proxy BGP Route Target Filtering.]
•
Static route target filtering—Route target extended communities (see RFC 4360, BGP
Extended Communities Attribute) prevent networks from receiving information about
VPNs that is not relevant. For example, a network that does not include any PE routers
that are a part of a VPN does not need to receive any network updates related to that
VPN. The route target extended community feature has been extended to allow you
Copyright © 2012, Juniper Networks, Inc.
113
Junos OS 12.2 Release Notes
to add static entries to the bgp.rtarget.0 routing table. This can be particularly useful
for VPN hub-and-spoke topologies. Specify the target community for static route target
filtering using the route-target-filter statement at the [edit routing-options rib
bgp.rtarget.0 static] hierarchy level.
[See Configuring Static Route Target Filtering for VPNs.]
Related
Documentation
•
Changes in Default Behavior and Syntax, and for Future Releases in Junos OS Release
12.2 for M Series, MX Series, and T Series Routers on page 114
•
Issues in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers on page 122
•
Errata and Changes in Documentation for Junos OS Release 12.2 for M Series, MX Series,
and T Series Routers on page 145
•
Upgrade and Downgrade Instructions for Junos OS Release 12.2 for M Series, MX Series,
and T Series Routers on page 152
Changes in Default Behavior and Syntax, and for Future Releases in Junos OS Release 12.2 for
M Series, MX Series, and T Series Routers
Changes in Default Behavior and Syntax
The following are changes made to Junos OS default behavior and syntax:
•
BGP on page 114
•
High Availability on page 115
•
Interfaces and Chassis on page 115
•
Layer 2 Ethernet Services on page 116
•
Multicast on page 116
•
Routing Protocols on page 116
•
Subscriber Access Management on page 117
•
System Logging on page 121
•
User Interface and Configuration on page 121
BGP
114
•
Prior to Junos OS Release 12.2, groups of peer bits in the output of the show bgp group
rtf detail command were displayed in reverse order.
•
Starting in Junos OS Release 12.2, the show bgp group output is updated to a new
multiline format in order to display the full name of table bgp.rtarget.0.
Copyright © 2012, Juniper Networks, Inc.
Changes in Default Behavior and Syntax, and for Future Releases in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
High Availability
•
Determining readiness for graceful Routing Engine switchover in an MX Series Virtual
Chassis (MX240, MX480, and MX960 routers with MPC/MIC interfaces)—You can
use the new check option for the request virtual-chassis routing-engine master switch
command to determine whether the member routers in an MX Series Virtual Chassis
configuration are ready for a global graceful Routing Engine switchover (GRES)
operation from a database synchronization perspective. A global GRES changes the
mastership in an MX Series Virtual Chassis by switching the global roles of the master
router and backup router in the Virtual Chassis configuration.
Depending on the router configuration, a variable amount of time is required before a
router is ready to perform a GRES operation. Attempting a GRES operation before the
router is ready can cause system errors and unexpected behavior. Using the request
virtual-chassis routing-engine master switch check command before you initiate the
GRES operation ensures that the subscriber management and kernel databases on
both member routers in an MX Series Virtual Chassis are synchronized and ready for
the GRES operation.
The request virtual-chassis routing-engine master switch check command, which you
must issue from the Virtual Chassis master router (VC-Mm), checks various system
and database components to determine whether they are ready for GRES, but does
not initiate the global GRES operation itself. The readiness check includes ensuring
that a system timer, which expires after 300 seconds, has completed before the global
GRES operation can begin.
If the member routers in an MX Series Virtual Chassis are ready for GRES from a
database perspective, the request virtual-chassis routing-engine master switch check
command returns the command prompt and displays no output. If the member routers
are not ready for GRES, the command displays information about the readiness of the
system.
[Junos OS High Availability Configuration Guide]
Interfaces and Chassis
•
New command to monitor PPP recovery after a GRES or restart (MX Series
routers)—The new show ppp statistics recovery command monitors the progress of
PPP recovery after a GRES or restart. When the PPP subscriber sessions have been
recovered, the command output displays Recovery state: recovery done to indicate
that it is safe to force another GRES or restart. When you issue this command during
the recovery process, the command might time out or fail silently rather than display
output. Recovery is not complete until the command displays recovery done.
[Interfaces Command Reference]
•
Enhancement to set date ntp command—You can now specify an authentication-key
number for the NTP server used to synchronize the date and time on the router or
switch. Include the new key number option with the set date ntp command. The key
number you include must match the number you configure for the NTP server at the
[edit system ntp authentcation-key number] hierarchy level.
[System Basics and Services Command Reference]
Copyright © 2012, Juniper Networks, Inc.
115
Junos OS 12.2 Release Notes
•
New fast-failover option for LACP—You can now configure the Link Aggregation Control
Protocol for aggregated Ethernet interfaces to facilitate subsecond failover. To override
the default behavior for the IEEE 802.3ad standard and allow the standby link always
to receive traffic, include the fast-failover statement at the [edit interfaces aex
aggregated-ether-options lacp] hierarchy level.
[Junos OS Ethernet Interfaces Configuration Guide]
Layer 2 Ethernet Services
•
Support for displaying logical system and routing instance for L2TP tunnels (MX
Series routers)—When you issue the show services l2tp tunnel command with the
detail or extensive option on either the LAC or LNS, the output now displays both the
logical system and the routing instance in which the L2TP tunnel is brought up.
[System Basics and Services Command Reference]
Multicast
•
Starting in Junos OS Release 8.0, the TTL value for PIM Graft messages, which are
unicast, is set to 1. Previously, the TTL for PIM Graft messages was set to 64.
Routing Protocols
•
116
Support for processing large PDUs in IS-IS:
•
New option to disable hello padding on IS-IS packets—The hello-padding statement
has a new option, disable, which can be used to disable padding of hello packets on
all types of interfaces for all adjacency states.
•
New statement to limit size of IS-IS hello packets—The max-hello-size size statement
is introduced at the [edit protocols isis] hierarchy level to modify the maximum size
of IS-IS hello packets. The size varies from 512 through 1492 bytes. The default size
is 1492 bytes.
•
New statement to limit the size of IS-IS link-state PDUs—The max-lsp-size size
statement is introduced at the [edit protocols isis] hierarchy level to modify the
maximum size of IS-IS link-state PDUs. The size varies from 512 through 1492 bytes.
The default size is 1492 bytes.
•
New statement to limit the size of IS-IS sequence number packets—The max-snp-size
size statement is introduced at the [edit protocols isis] hierarchy level to modify the
maximum size of partial or complete IS-IS sequence number packets. The size varies
from 512 through 1400 bytes. The default size is 1400 bytes.
Copyright © 2012, Juniper Networks, Inc.
Changes in Default Behavior and Syntax, and for Future Releases in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
[Routing Protocols Configuration Guide]
Subscriber Access Management
•
Additional option for RADIUS NAS-Port attribute (MX Series routers)—You can now
configure the width of the aggregated Ethernet identifier field used in the RADIUS
NAS-Port attribute (attribute 5). To configure the width, include the ae-width option
in the nas-port-extended-format statement at the [edit access profile profile-name
radius options] hierarchy level. The ae-width field can be from 0 through 32 bits. The
total width of the NAS-Port attribute can be a maximum of 32 bits.
[Subscriber Access]
•
Making Ascend-Data-Filter optional for dynamic subscribers (MX Series
routers)—When you configure the $junos-adf-rule-v4 or $junos-adf-rule-v6 variable
for an Ascend-Data-Filter in a dynamic profile, an error is reported when the RADIUS
reply message does not include the variable for subscriber sessions affected by the
dynamic profile. Consequently, system resource utilization is increased when the
dynamic profile is applied to a mix of subscribers where RADIUS does not associate
some of the subscribers with an Ascend-Data-Filter.
In this situation, you can reduce the effect on system resources by including the
not-mandatory option in the Ascend-Data-Filter configuration at the [edit
dynamic-profiles profile-name interfaces interface-name unit logical-unit-number family
family filter adf] hierarchy level. The not-mandatory option suppresses error reporting
when the variable is not present in the RADIUS message and prevents the
Ascend-Data-Filter from being created.
•
Support for controlling the negotiation order of PPP authentication protocols (MX
Series routers)—You can control the order in which the router tries to negotiate PPP
authentication protocols when it verifies that a PPP client can access the network. By
default, the router tries to negotiate Challenge Handshake Authentication Protocol
(CHAP) authentication first, and then tries Password Authentication Protocol (PAP)
if the attempt to negotiate CHAP authentication is unsuccessful. You can now modify
the default negotiation order for CHAP and PAP to suit your subscriber network
requirements.
In earlier Junos OS releases, you could not change the default negotiation order for
CHAP and PAP. The router always tried negotiating CHAP authentication first, followed
by PAP authentication if CHAP negotiation was unsuccessful.
To configure the negotiation order for CHAP and PAP authentication, issue the new
authentication statement at the [edit dynamic-profiles profile-name interfaces pp0 unit
“$junos-interface-unit” ppp-options] hierarchy level (for dynamic PPP subscriber
interfaces) or at the [edit interfaces pp0 unit logical-unit-number ppp-options] hierarchy
level (for static interfaces with PPP encapsulation).
You can issue the authentication statement in any of the following ways:
•
To specify that the router negotiate PAP authentication first, followed by CHAP
authentication if PAP negotiation is unsuccessful, issue the authentication [pap chap]
statement. When you specify both authentication protocols in either order, you must
enclose the set of protocol names in square brackets ([ ]).
Copyright © 2012, Juniper Networks, Inc.
117
Junos OS 12.2 Release Notes
•
To specify that the router negotiate only CHAP authentication, issue the
authentication chap statement.
•
To specify that the router negotiate only PAP authentication, issue the
authentication pap statement.
[Subscriber Access]
•
Support for modifying the CHAP challenge length (MX Series routers)—You can
modify the default minimum length and maximum length of the Challenge Handshake
Authentication Protocol (CHAP) challenge message that the router sends to a PPP
client. By default, the minimum length of the CHAP challenge is 16 bytes, and the
maximum length is 32 bytes. You can override this default to configure the CHAP
challenge minimum length and maximum length in the range 8 bytes through 63 bytes.
BEST PRACTICE: We recommend that you configure both the minimum
length and the maximum length of the CHAP challenge to at least 16 bytes.
In earlier Junos OS releases, you could not change the default length of the CHAP
challenge message.
To configure the minimum and maximum length of the CHAP challenge message,
issue the new challenge-length statement at the [edit dynamic-profiles profile-name
interfaces pp0 unit “$junos-interface-unit” ppp-options chap] hierarchy level (for dynamic
PPP subscriber interfaces) or at the [edit interfaces pp0 unit logical-unit-number
ppp-options chap] hierarchy level (for static interfaces with PPP encapsulation).
For example, the following challenge-length statement in a dynamic profile named
pppoe-client-profile sets the minimum length of the CHAP challenge to 20 bytes, and
the maximum length to 40 bytes.
[edit dynamic-profiles pppoe-client-profile interfaces pp0 unit “$junos-interface-unit”
ppp-options chap]
user@host# set challenge-length minimum 20 maximum 40
[Subscriber Access]
•
118
Support for agent circuit identifier filtering in PPPoE subscriber session lockout
(M120, M320, and MX Series routers)—Extends the PPPoE subscriber session lockout
feature, which is also referred to as PPPoE encapsulation type lockout, to support
identification and filtering of PPPoE subscriber sessions by either the agent circuit
identifier (ACI) value or the unique media access control (MAC) source address on the
PPPoE underlying interface. In earlier Junos OS releases, you used PPPoE subscriber
session lockout to identify and filter subscriber sessions only by their unique MAC source
address.
Copyright © 2012, Juniper Networks, Inc.
Changes in Default Behavior and Syntax, and for Future Releases in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
Configuring and using PPPoE subscriber session lockout increases router efficiency
and protects the router and any external AAA servers from excessive loading by
temporarily deferring failed or short-lived subscriber sessions in favor of those sessions
that can complete successfully. PPPoE subscriber session lockout enables you to
prevent (lock out) a failed or short-lived PPPoE subscriber session from reconnecting
to the router for a default or configurable period of time, based on either of the following
options:
•
The subscriber session’s unique MAC source address on the PPPoE underlying
interface
This option, which is the default, locks out the offending PPPoE subscriber session
identified by its MAC source address on the underlying interface.
•
The ACI string contained in the DSL Forum Agent-Circuit-ID VSA [26-1] (option
0x105) of PPPoE Active Discovery Initiation (PADI) and PPPoE Active Discovery
Request (PADR) control packets
This option locks out all PPPoE subscriber sessions on the underlying interface that
come from the same household and share the same ACI string in their PPPoE PADI
and PADR control packets.
PPPoE subscriber session lockout based on the ACI value is particularly useful for
configurations such as the following in which MAC source addresses are not unique
on the PPPoE underlying interface:
•
PPPoE interworking function sessions in which the MAC addresses of all PPPoE
interworking function sessions contain the MAC address of the DSLAM device
•
Configurations in which the access node (usually a DSLAM device) overwrites the
MAC source address in PPPoE packets received from the customer premises
equipment (CPE) with its own MAC address for security purposes
•
Duplicate MAC source addresses across disparate households in an N:1 (service
VLAN) configuration, which requires the router to use a combination of the MAC
source address and the ACI value to uniquely identify a subscriber
To configure temporary PPPoE subscriber session lockout based on the ACI value,
include the short-cycle-protection statement with the new filter aci option for PPPoE
subscriber sessions on any of the following underlying logical interfaces types:
•
Dynamic or static VLAN interfaces (in the pppoe-underlying-options stanza)
•
Dynamic or static VLAN demultiplexing (demux) interfaces (in the family pppoe
stanza)
For example, the following statement configures temporary lockout based on ACI
information for PPPoE subscriber sessions on a dynamic VLAN underlying interface.
This statement specifies a nondefault lockout time in the range 20 through 120 seconds.
[edit dynamic-profiles my-vlan-profile interfaces “$junos-interface-ifd-name” unit
“$junos-interface-unit” pppoe-underlying options]
user@host# set short-cycle-protection lockout-time-min 20 lockout-time-max 120
filter aci
Copyright © 2012, Juniper Networks, Inc.
119
Junos OS 12.2 Release Notes
The following statement configures temporary lockout based on ACI information for
PPPoE subscriber sessions on a dynamic VLAN demux underlying interface. This
statement uses the default lockout time range 1 through 300 seconds.
[edit dynamic-profiles my-demux-vlan-profile interfaces demux0 unit
“$junos-interface-unit” family pppoe]
user@host# set short-cycle-protection filter aci
The clear pppoe lockout operational command has been enhanced in this release to
clear the lockout condition for PPPoE subscriber sessions associated with a particular
ACI value. For example, the following command clears the lockout condition for all
PPPoE subscriber sessions on underlying VLAN demux interface demux0.214 associated
with an ACI value that matches the regular expression “Relay-identifier atm 3/0:100.*”.
You must enclose the regular expression in quotation marks.
user@host> clear pppoe lockout underlying-interfaces demux0.214 aci “Relay-identifier
atm 3/0:100.*”
To display information about PPPoE subscriber session lockout based on ACI
information, you can also use the enhanced show pppoe lockout and show pppoe
underlying-interfaces operational commands.
[Subscriber Access]
•
The Example: HTTP Service Attached to a Static Interface topic in the Junos OS Subscriber
Access Configuration Guide provides an incorrect example for configuring a service filter
as a walled garden. The correct example is as follows:
The following example uses a service filter as a walled garden by defining a rule named
redirect, referencing the rule in a profile named http-redirect, configuring a service set
named http-redirect that references the http-redirect captive portal content delivery
profile, and attaching the http-redirect service set to static interface ge-1/0/1.0.
[edit services]
captive-portal-content-delivery {
rule redirect {
match-direction input;
term t1 {
from {
destination-address {
100.0.1.1/32;
}
}
then {
redirect http://www.google.com;
}
}
}
profile http-redirect {
cpcd-rules redirect;
}
}
service-set http-redirect {
captive-portal-content-delivery-profile http-redirect;
interface-service {
service-interface ms-1/0/0;
120
Copyright © 2012, Juniper Networks, Inc.
Changes in Default Behavior and Syntax, and for Future Releases in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
}
}
[edit interfaces ge-1/0/1]
unit 0 {
family inet {
service {
input {
service-set http-redirect service-filter walled;
}
output {
service-set http-redirect;
}
}
address 10.1.3.2/24;
}
}
[Subscriber Access]
System Logging
•
Prior to Junos OS Release 12.2, when a downstream non-Juniper Networks router sent
an incorrect RESV message with a bandwidth in FlowSpec that was less than the
bandwidth required by TSpec in the Path message, the following warning message
was logged - RPD_RSVP_INCORRECT_FLOWSPEC. Starting with Junos OS Release 12.2,
the RPD_RSVP_INCORRECT_FLOWSPEC error message is not logged, as a peak rate
mismatch does not affect router functionality.
[System Log]
•
Enhancements to Cannot perform nh operation ADDANDGET system log message—Prior
to Junos OS Release 11.4, the Cannot perform nh operation ADDANDGET system log
message was getting logged many times while bringing up clients in an MX Series
subscriber services deployment, which impacted system performance. To prevent the
Cannot perform nh operation ADDANDGET system log message from being logged
multiple times, starting with Junos OS Release 11.4, the message is rate limited. Besides
rate-limiting the message, additional information, such as, nhindex, ifindex, fwdnhidx,
and the number of suppressed logs is also displayed in the log message.
The following is a sample of the enhanced system log message:
Jun 13 14:00:00 calcium rpd[1332]: Cannot perform nh operation ADDANDGET nhop
0.0.0.0 type unicast nhindex 0x0 ifindex 0x1471 demux0.1073991785 fwdnhidx 0x0
type unicast errno 45 suppressed 412 logs
[System Log]
User Interface and Configuration
•
Enhancement to test configuration operational statement— The option syntax-only
allows a user to check a partial configuration without checking for commit errors.
[System Basics and Services Command Reference]
•
Removal of the sampling action modifier for IPv4 firewall filters—In the J-Web
interface, the Sample check box is not available for configuration from the Other Actions
Copyright © 2012, Juniper Networks, Inc.
121
Junos OS 12.2 Release Notes
section under the Actions tab of the Configure> Security> Filters> IPv4 Firewall Filters
page. This configuration of the sample action modifier is not enabled because the set
firewall filter foo term bar then sample configuration command has been deprecated
in the Junos OS CLI in Release 12.1 and later.
[J-Web Online Help]
Related
Documentation
•
New Features in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
on page 67
•
Issues in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers on page 122
•
Errata and Changes in Documentation for Junos OS Release 12.2 for M Series, MX Series,
and T Series Routers on page 145
•
Upgrade and Downgrade Instructions for Junos OS Release 12.2 for M Series, MX Series,
and T Series Routers on page 152
Issues in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
The current software release is Release 12.2R1. For information about obtaining the
software packages, see “Upgrade and Downgrade Instructions for Junos OS Release 12.2
for M Series, MX Series, and T Series Routers” on page 152.
•
Current Software Release on page 122
•
Previous Releases on page 132
Current Software Release
Outstanding Issues in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
122
•
Application Layer Gateways (ALGs)
•
Class of Service
•
Forwarding and Sampling
•
General Routing
•
Infrastructure
•
Interfaces and Chassis
•
J-Web
•
Layer 2 Ethernet Services
•
Multiprotocol Label Switching (MPLS)
•
Network Management and Monitoring
•
Platform and Infrastructure
•
Routing Protocols
•
Services Applications
•
Subscriber Access Management
•
User Interface and Configuration
•
VPNs
Copyright © 2012, Juniper Networks, Inc.
Issues in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
Application Layer Gateways (ALGs)
•
Multiservices PICs on M Series routers and Multiservices DPCs on MX Series routers
currently have the limitation that after a hot-standby redundant Multiservices PIC
(RMS) switchover, all the existing flows are dropped and it takes a while for new flows
to appear with the state. Because the states are not replicated, all existing traffic is
dropped. The remote procedure call (RPC) ALG is most affected because it has a long
retry timer and takes a long time to recover. [PR/535597]
Class of Service
•
CoS Classification does not work with localization on T Series routers with Aggregate
Sonet interface on core. [PR/790495]
•
L2 shaper on IQ2E is not shared correctly and it reduces the number of iflset being
supported. [PR/804158]
Forwarding and Sampling
•
In a heavily scaled setup when dfwd is busy processing the filter configuration, ppmd
daemon would wait for approximately 2 minutes for the firewall daemon to process
the message it sent. The wait happens for the nth message sent, since there is a limited
buffer between the two daemons. [PR/769452]
•
On T, TX, and TXP router packets marked with the error flag, for example due to DA
(Destination Address) reject, are also counted as L3 incomplete, which is incorrect and
misleading. [PR/782070]
•
On LMNR and Stoli FPCs, when transit packets of size 300 Bytes or more, ingress and
egress interfaces are in the same Packet Forwarding Engine (with scaled egress NHs)
and if a notification is sent to Routing Engine for that packet, FPC might reset. The
following list provides some scenarios where a notification is sent to Routing Engine
•
IP options packet is received.
•
TTL expired packet is received.
•
Sampling is configured and a packet is sampled.
[PR/785143]
General Routing
•
When dynamic-profile versioning is enabled, if authd restarts, CoA requests are not
processed. [PR/796416]
Infrastructure
•
The top utility with “ores” options does not sort the output based on resident memory
size. [PR/507675]
•
A timing issue in the ttymodem() internal input and output processing routine causes
the Junos OS kernel to crash. The crash is triggered by simple remote access such as
telnet or SSH to the router. [PR/755448]
Copyright © 2012, Juniper Networks, Inc.
123
Junos OS 12.2 Release Notes
•
When L3VPN instances with localization are deleted or added multiple times, IP
addresses are not created properly for interfaces. [PR/769591]
•
Filter Based Forwarding within logical systems fails for IPV6 ICMP traffic [PR/795730]
•
If MPC3 is equipped with 10x10GE MIC or 2x40GE MIC in the MIC slot 0 and 20x1GE
MIC in the MIC slot 1, the links will not come up for MIC in MIC slot 0. [PR/803613]
•
In IPv6 scenario, when "ipv6-duplicate-addr-detection-transmits" is configured with
a value of zero, IPv6 Neighbor Discovery might not function properly. [PR/805837]
Interfaces and Chassis
•
In a SAToP pseudowire on a 4-port COC3/CSTM1 or 12-port T1/E1/J1 CE PIC, when
there is data loss from the pseudowire, or because of an alarm condition (LOS/LOF/AIS)
at the peer end of the SAToP pseudowire, the local PIC does not transmit AIS.
[PR/602563]
•
With the configuration of VPLS interface, the NH topology has a default filter-class
getting associated with the IFL in the VPLS next-hop topology chain. During the PIC
Offline/Interface deactivate event, the first message received from the kernel by PFE
is to delete the VPLS family from the interface. This triggers a topology change wherein
the filter-class gets deleted from the topology tree. During this topology change the
key buffer pointer adjustment fails thereby causing the increment in truncated key
error counters for the PFE. The increment in these error counters triggers a chassis
alarm associated with the R-chip error counters. These error counters stop incrementing
once the interface completely goes down as a part of the PIC Offline/Interface
deactivation event. [PR/718591]
•
Because of an incorrect calculation, memory heap utilization of a service PIC can exceed
100% under the show chassis pic command. There is no service impact. [PR/737676]
•
After the initial configuration of the routers, the first ping packet gets dropped on one
logical interface when there is no MIC restart. This ping packet traverses through the
pseudowire interface configured with encapsulation atm-ccc-vc-mux or
atm-ccc-cell-relay. [PR/752457]
•
There can be a mismatch of ifIndex value on IF-MIB-ifName and ifIndex value on
SONET-APS-MIB-apsMapGroupName and apsMapEntry. [PR/771877]
•
When a large number of subscribers are simultaneously logging in and out in a scaled
configuration, errors might be generated during logical interface creation. The errors
result from rpd being unable to process the ifstate notifications related to logical
interface deletions. [PR/775033]
•
Junos OS 12.2R1 does not support unified in-service software upgrades (unified ISSUs)
for configurations that include interface sets. [PR/779377]
•
Load average values collected via SNMP are not showing the correct values of the
other Routing Engine. This can be verified by using the following commands:
show snmp mib walk jnxOperatingEntry | match LoadAvg.9.1.0.0
show snmp mib walk jnxOperatingEntry | match LoadAvg.9.2.0.0
[PR/782817]
124
Copyright © 2012, Juniper Networks, Inc.
Issues in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
•
The prefer-status-control-active configuration knob at the [edit interfaces aeX
aggregated-ether-options mc-ae events iccp-peer-down] hierarchy level requires
configuration knob to be active at the [edit interfaces aeX aggregated-ether-options
mc-ae status-control] hierarchy level. When this is not present,
prefer-status-control-active has no impact and its presence in the configuration is
misleading that the current node is preferred active. [PR/785930]
•
The monitor ethernet delay-measurement command does not time out when CFM
adjacency is down or all DMM frames are sent. As a result, ethdm binary does not close
normally and results in an increase in resources consumption. [PR/787985]
•
In Junos OS Release 11.4R4, ETH-DM packets greater than 994 bytes fail the DMM test.
The size of default ETH-DM packets is much smaller and bigger ETH-DM packets are
used only with optional data payload size. For packets sizes less than 994 bytes, the
functionality works fine. [PR/790040]
•
T640 frame relay interface status is shown as up/up with mismatched lmi-type.
[PR/791501]
•
show chassis hardware command output for some optics is incorrect sometimes.
[PR/792704]
•
On MX Series routers, a change to the oam lfm pdu holdtime on an interface is not
updated correctly. This results in an incorrect lfm state which should be reported as
Adjacency Lost. As a workaround, issue the clear oam ethernet link-fault-management
state command from the CLI to correctly update the pdu holdtimer. [PR/792763]
•
On an MX Series router, error occurs while deleting protect protocols l2circuit from a
Virtual Chassis configuration. [PR/794782]
•
When upgrading to Junos OS Release 11.4R4.4, links that are use tuneable DWDM XFP
do not work anymore and report a different wavelength than the configured one.
[PR/796330]
•
jpppoed memory utilization spikes after GRES or a jpppoed restart event. [PR/800650]
•
Junos OS doesn't generate vrrpv4 mastership change syslogs while it generates vrrpv6
logs. [PR/807217]
•
In Junos OS Release 12.2R1, the option of 'routing-engine' under "> request system
snapshot" is mistakenly removed. [PR/809321]
•
The KSYNCD core followed by kernel live core is observed very rarely after Routing
Engine switchover. This issue can be detected when ksyncd core is observed along
with the following log message in /var/log/messages:
"Aug 27 01:28:03 indiranagar1 ksyncd[2506]: KSYNCD: resync error, issu_state[0],
type Generic config subtype 8 : File exists"
As a workaround, reboot the backup Routing Engine. [PR/810787]
•
RPD running on the primary Routing Engine might produce core files when a router is
configured with BGP-based L3VPN and MVPNs, and is functioning in the PE role. The
problem is only observed in a highly scaled setup with hundreds of
VPLS/L3VPN/BGP-MVPN routing-instances and when a random sequence of
operations are performed, an example of which is given below:
Copyright © 2012, Juniper Networks, Inc.
125
Junos OS 12.2 Release Notes
•
PIC offline on core routers
•
De-activate routing instance on PE routers
•
Restart routing
[PR/811245]
•
In a business edge multi-dimensional scale profile, VSTP is enabled in a virtual-switch
routing instance with 120+ bridge domains, 640 VLANs, VM Core might get generated
up on GRES. [PR/811719]
•
In Enterprise 3-2-1 testbed, degradation in ARP performance might be experienced
causing a delay in populating the ARP table. For 14K ARP entries, it takes approximately
2 minutes instead of 1 minute with earlier releases. [PR/811790]
J-Web
•
On MX Series switches, when you use the Microsoft Internet Explorer browser to open
reports from the following pages in the J-Web interface, the reports open in the same
browser session:
•
Files page (Maintain > Files)
•
History page (Maintain > Config Management > History)
•
Port Troubleshooting page (Troubleshoot > Troubleshoot > Troubleshoot Port)
•
Static Routing page (Monitor > Routing > Route Information)
•
Support Information page (Maintain > Customer Support > Support Information)
•
View Events page (Monitor > Events and Alarms > View Events)
[PR/433883]
•
In the J-Web interface, the options Access Concentrator, Idle Timeout, and Service
Name for PPPoE logical interfaces are not supported on MX Series routers. [PR/493451]
•
When you use an HTTPS connection in the Microsoft Internet Explorer browser to save
a report from the following pages in the J-Web interface, the error message “Internet
Explorer was not able to open the Internet site” is displayed on the following pages:
•
Files page (Maintain > Files)
•
History page (Maintain > Management > History)
•
Port Troubleshooting page (Troubleshoot > Troubleshoot > Troubleshoot Port)
•
Static Routing page (Monitor > Routing > Route Information)
•
Support Information page (Maintain > Customer Support > Support Information)
•
View Events page (Monitor > Events and Alarms > View Events)
[PR/542887]
126
Copyright © 2012, Juniper Networks, Inc.
Issues in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
•
When you open a J-Web session using HTTPS, and then enter a username and password
and click the Login button, the J-Web interface takes 20 seconds longer to launch and
load the Dashboard page than it does if you use HTTP. [PR/549934]
•
If you access the J-Web interface using the Microsoft Internet Web browser version 7,
on the BGP Configuration page (Configure > Routing > BGP), all flags might be shown
in the Configured Flags list (in the Edit Global Settings window, on the Trace Options
tab) even though the flags are not configured. As a workaround, use the Mozilla Firefox
Web browser. [PR/603669]
•
On the process details page (Monitor > System View > Process Details) of J-Web, for
a few processes there are multiple entries listed, which do not impact any functionality.
[PR/661704]
•
In J-Web Monitor > Routing > Route Information, next hop column displays only the
interface address and the corresponding IP address is missing. The title of the first
column is displayed as “static route address” instead of "Destination Address.”
[PR/684552]
•
The Juniper-specific device model number is present in Header portion of the IBM-OEM
J-Web device, instead of the IBM-specific device model number. [PR/798447]
Layer 2 Ethernet Services
•
There is LACP status disagreement after Routing Engine switchover. [PR/751745]
•
The AFTR information from RADIUS is advertised by MX to the client via DHCPv6.
[PR/779679]
•
In Junos OS Releases, 11.4R2, 12.1R1, and 12.2R1 and then subsequent builds on those
releases, there might be a false alarm for a hardware problem from a DPC, such as:
fpc0 EZ: %PFE-3: ezchip_periodic_check_free_rfd_buffer[4245] XETH(0/3) : Rx RFD
buffers exhausted
This can be ignored, unless traffic impact is seen. [PR/796824]
•
DHCP relay does not forward ACK to client from the backup DHCP server after primary
DHCP server failure. [PR/799090]
Multiprotocol Label Switching (MPLS)
•
In GRES (graceful Routing Engine switchover) mode, due to a quick status change of
MPLS CCC nexthop, a mismatch of index value between master and backup Routing
Engines might happen, causing Backup Routing Engine to panic, generate a core file,
and trigger a live core dump from the master Routing Engine. [PR/755473]
•
Max_Avg display in show mpls lsp ext command resets to 0 and leads to incorrect
operator interpretation. [PR/799155]
Copyright © 2012, Juniper Networks, Inc.
127
Junos OS 12.2 Release Notes
Network Management and Monitoring
•
After a Routing Engine switchover, LACP and MIB process (mib2d) core files might be
created. [PR/790966]
Platform and Infrastructure
•
Commits issued from the CLI create zombie processes with each commit. [PR/692382]
•
PTSP and AACL services do not work with AMS interfaces. [PR/727588]
•
The output of the command file list detail displays a capital S instead of a lower case
s for the file or directory permission. The system shell output however displays the
correct values. [PR/736474]
•
The command request system zeroize deletes the directory /var/db/scripts and all
subdirectories but does not recreate them. They have to be manually recreated through
the root shell and the correct permission set. [PR/736478]
•
In scenario where telnet session is disconnected ungracefully while accessing "load
merge terminal" prompt problem can be exhibited with other CLI users unable to access
configuration mode. [PR/745280]
•
Memory exhaustion on the PFE ukern heap causes an FPC core file. [PR/777609]
•
It is possible that when reconfiguring an interface from native VLAN to another tagged
VLAN, the logical interface mapping on the Packet Forwarding Engine gets corrupted.
In case traffic is being received on this interface, it can lead to LU congestion and wedge.
[PR/792633]
•
Committing QinQ configuration results in FPC crash in these conditions:
•
Core facing interface is configured in the following way:
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
unit xxx {
encapsulation vlan-bridge;
vlan-tags outer xxx inner-range 1-4094;
}
•
Core facing interface is an aggregate interface.
•
Core facing interface is on an MPC card.
[PR/793429]
•
With inline sampling, when there are multiple flow servers being configured or multiple
equal cost paths exist for a single collector, the flow record packet might trigger the
following trap message from the Packet Forwarding Engine which causes a drop for
the flow record packet:
PPE Sync XTXN Err Trap: Count 1659, PC 45f, 0x045f:
balanced_multi_nh_use_cp_index
[PR/805061]
128
Copyright © 2012, Juniper Networks, Inc.
Issues in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
Routing Protocols
•
In some scenarios MVPN-routes with same RD: Prefix might get generated from
multiple-VRFs on a PE-router. When such a PE-router is not a MVPN-RR and has no
MVPN-EBGP peers, it is possible that the core-network might lose the MVPN-route
because of an erroneous MVPN-withdrawal sent by the PE because of the MVPN-route
getting deleted from one of the PE VRFs, even if there are other-VRFs on the PE still
advertising the route. [PR/698493]
•
After deleting or renaming a non-forwarding instance under certain conditions, the
routing protocol process might generate core files. [PR/704699]
•
If the network is configured for PIM nonstop active routing (NSR), a core file might be
triggered in an upstream router due to high churn in unicast routes or a continuous
clearing of PIM join-distribution in the downstream router. To prevent this possibility,
disable PIM-NSR. [PR/707900]
•
If a routing instance is configured to add static routes to its instance specific routing
table using both the routing-options static route stanza and the routing-options rib
<instance specific table name> static route stanza and a configuration event changes
something else in the routing-options rib <instance specific table name> stanza such
as modifying the maximum-paths value, the static routes in the instance table specific
section can be deleted. A commit full can be used to recover or only use one of the 2
mechanisms for defining the static routes for that instance. [PR/755558]
•
BFD flaps with aggregate Ethernet bundle and 10 minutes timer. [PR/773101]
•
Routes not deleted from the routing table when the interface is deleted. SPF calculation
is not triggered in one particular code flow after the LSAs are deleted from database.
However, SPF calculation is triggered when the LSA is deleted due to zero links.
[PR/782029]
•
The routing protocol process crashes when unconfiguring BGP which is configured
with a specific customer configuration. [PR/782816]
•
An MX router which has only some bridge-domains configured for igmp-snooping might
discard traffic in bridge-domains without igmp-snooping enabled. [PR/795781]
•
Setting OSPF overload via the configuration sets both the metric field in router LSAs
as well as te-metric field in opaque LSAs to 65535 or 2^16-1. Since te-metric is a 32-bit
field, it should be set to 2^32-1. [PR/797293]
•
The following log messages are generated when a commit is performed:
task_set_option_internal: task ICMP socket 103 option GroupAdd(23) interface
ae12.0: Address already in use.
[PR/809472]
Services Applications
•
When a TX Matrix router is configured with a manual OSPF ipsec-sa for authentication,
something similar to the following cosmetic messages will be logged:
Feb 16 16:27:40 flame-sfc-re1 lcc0-master kmd[17194]: KMD_RTSOCK_ERROR: Error
adding inbound SA OSPF3_AH_SHA1_96 spi=1024 proto=AH to kernel: No such file
or directory
Copyright © 2012, Juniper Networks, Inc.
129
Junos OS 12.2 Release Notes
Feb 16 16:27:40 flame-sfc-re1 lcc0-master kmd[17194]: KMD_RTSOCK_ERROR: Error
adding outbound SA OSPF3_AH_SHA1_96 spi=1024 proto=AH to kernel: No such file
or directory
If there is a service PIC, these additional cosmetic log entries appear:
Feb 16 16:27:46 flame-sfc-re1 lcc1-master kmd[16853]: KMD_INTERNAL_ERROR:
Failed to connect PIC, ERR: Failed to connect PIC, ERR: F
Feb 16 16:27:46 flame-sfc-re1 lcc1-master kmd[16853]: KMD_INTERNAL_ERROR:
Unable to connect PIC sp-8/3/0;
Feb 16 16:27:46 flame-sfc-re1 lcc1-master kmd[16853]: KMD_INTERNAL_ERROR:
Couldn't request PIC: sp-8/3/0 to send sa state
[PR/738736]
•
The following crash is observed during a mixed traffic test for 7 hours on below traffic
profile:
Traffic profile used
HTTP 0.8m
HTTPS 0.15m
FTP 0.1m
RTSP 0.08m
UDP 8.87m (IMIX traffic)
[PR/769322]
130
•
RTSP streaming does not work in a laptop when moving or when you fast forward the
video. [PR/786085]
•
In L2TP setup with MX series router acting as LAC, if the value used passed from RADIUS
in VSA "Tunnel-Client-Endpoint" does not exist on the router, Junos OS will send
SCCRQ message to LNS with random source addresses. [PR/788081]
•
MX Series LNS does not support the CLI command show services l2tp session user filter
option. [PR/792239]
•
The clear services l2tp session user <> command accepts any arbitrary alphanumeric
characters in place of a user name, and the CLI command will drop all L2TP subscribers.
[PR/792631]
•
IDP daemon might go down temporarily if multiple IDP detectors are installed.
[PR/794335]
•
[Deterministic NAT] ports allocation is overlapped. [PR/797457]
•
MX Series CLI allows you to configure “*” for client name in the L2TP access profile
leading to failure of establishing the L2TP connection. [PR/799232]
•
deNAT:wrong mapping exists between nat-port-block and internal-host. [PR/799947]
•
In a scenario where the MX router is acting as LAC and the RADIUS server is returning
tunnel-server-endpoint attribute but not returning tunnel-client-endpoint, memory
leak in jl2tpd process can occur. Additionally same memory leak can occur if
unnumbered loopback attribute is returned from RADIUS for tunneled subscribers.
[PR/800107]
•
Firewall filter rejects dhcp/PD packets because of DA and SA port corruption.
[PR/803943]
Copyright © 2012, Juniper Networks, Inc.
Issues in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
Subscriber Access Management
•
A Change-of-Authorization request is NAKed on MX80 when a PPP subscriber is
terminated in a non-default routing-instance. It works as expected if the subscriber is
terminated in the default routing instance. [PR/704560]
•
After a large number of concurrent PPP session logouts and GRES operations some
sessions might not complete logout (services activated from SRC). Sessions eventually
will time out and clear. [PR/742900]
•
Authd attempts to remove VLAN when subscribers are idle but connected.
[PR/789009]
•
The captive portal content delivery service applied on PPPoE subscriber to rewrite
IPDA is not working. The subscriber traffic is altered but is dropped on MSDPC.
[PR/789368]
•
MX-VC:Authd keeps retrying the attempts to fetch final statistics for an IFL already
removed. [PR/806104]
•
MX-VC:Authd sends duplicate requests to enable interim accounting in PFED for idle
timeout configured on VLAN subscriber [PR/806112]
User Interface and Configuration
•
Selecting the monitor port for any port on the Chassis Viewer page displays the common
Port Monitoring page instead of the corresponding Monitoring page of the selected
port. [PR/446890]
•
The javascript error "Object Expected" occurs when J-Web pages are navigated before
the page loads completely. [PR/567756]
•
The J-Web application allows duplicate term names to be created on the Configure >
Security > Filters > IPV4 Firewall Filters page. However, these duplicate entries are not
displayed in the grid and there is no impact on the functionality. [PR/574525]
•
In the J-Web interface, when a user is deleted on the Configure > System Properties >
User Management > Users page using the Internet Explorer version 7 Web browser, no
warning messages are displayed. However, a warning message appears when the
Firefox Web browser is used. [PR/595932]
•
When the J-Web interface is accessed using the Microsoft Internet Explorer version 7
web browser, all flags on the BGP Configuration page (Configure > Routing> BGP)
might be shown in the Configured Flags list (in the Edit Global Settings window, on the
Trace Options tab) even when the flags are not configured. As a workaround, use the
Mozilla Firefox Web browser. [PR/603669]
•
In J-Web Monitor > Routing > Route Information, next hop column displays only the
interface address and the corresponding IP address is missing. The title of the first
column is displayed as “static route address” instead of “Destination Address.”
[PR/684552]
Copyright © 2012, Juniper Networks, Inc.
131
Junos OS 12.2 Release Notes
VPNs
•
Under certain circumstances a vrf-import policy's term with the "accept" action that
matches the BGP VPN route based on the criteria different than the target community
can reject the matching route. [PR/706064]
•
When you disable protocols in a Layer 2 circuit with egress protection, the routing
protocol process generates a core file if no routes are found in the context routing table.
[PR/735789]
•
UMH selection should select the highest IP address as the Upstream PE. However, in
the code the highest IP address is selected by comparing lowest order byte of the IP
address first. In this case between IP address 10.233.38.34 and IP address 10.233.32.46
- 10.233.32.46 gets chosen as upstream PE because its lowest order byte (46) is more
than the lowest order bye of 10.233.38.34. This is because code does not account for
the endian-ness of the machine it is run on. As a workaround, convert the IP address
to network order before comparing. [PR/754114]
•
The routing protocol process incorrectly sets the PWE3 Control Word flag also for local
switching circuits. PWE3 Control Word is needed for l2vpn OAM packets to get
forwarded to the Routing Engine. On Trio platforms, the traffic payload is examined
and if it matches the first nibble being 0001, it will send traffic to Routing Engine for
further processing. Once L2VPN traffic is IPv4, it would test against the IPv4 ID field.
[PR/793751]
•
When a link failure causes the route to the source and RP via the backup path, the PE
in the backup path fails to forward multicast traffic to the receiver. This issue is
experienced in Junos OS Release 11.4R4 with NG-MVPN RPT-SPT mode. [PR/794222]
•
The CLI knob vrf-advertise-selective does not accept a null list. [PR/795108]
Previous Releases
Release 11.4
The following issues have been resolved since Junos OS Release 11.4R4. The identifier
following the description is the tracking number in our bug database.
132
•
Forwarding and Sampling
•
General Routing
•
High Availability (HA) and Resiliency
•
Infrastructure
•
Interfaces and Chassis
•
Layer 2 Features
•
Layer 2 Ethernet Services
•
Multiprotocol Label Switching (MPLS)
•
Platform and Infrastructure
•
Routing Protocols
•
Services Applications
Copyright © 2012, Juniper Networks, Inc.
Issues in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
•
User Interface and Configuration
•
VPNs
Forwarding and Sampling
•
When the configuration archiving FTP process stalls during file transfer, it can result
in the PFED process stalling as well. Once the master PFED process is restarted, it
results in the inability to commit certain new configuration changes. Ensuring that the
configuration archiving and FTP server are correctly configured and working will avoid
this problem. [PR/528653: This issue has been resolved.]
•
Sampled memory increases when interfaces bounce and BGP is running. [PR/594509:
This issue has been resolved.]
•
On ADPC cards Output Layer-2 policer drops the packets when configured on an
interface with vpls encapsulation. [PR/749141: This issue has been resolved.]
•
Any change to the last member of a service-filter chain can lead to the loss of Layer 3
connectivity over the interface. [PR/750957: This issue has been resolved.]
•
This issue can occur for daemons that connect to pfed for statistics information. If the
daemon starts before pfed, or has problems making a connection to pfed then that
daemon could experience a crash. This can also occur using CLI commands such as
show interface statistics that invoke ifinfo. This problem was introduced by the fix for
PR743135 and only exists in the specific releases that were fixed by that PR. There is
no known workaround to this problem except to use a release of Junos OS with the fix.
[PR/770766: This issue has been resolved.]
•
This PR eliminates an erroneous error message that would appear in syslog while pfed
was checking the syntax of a configuration containing firewall filters that reference
accounting counters. This problem only affected the syntax check prior to the commit.
The actual configuration on the router was correctly committed. [PR/772463: This
issue has been resolved.]
General Routing
•
The routing protocol process might generate core files when a community named in
the policy options configuration is changed and that community-name is used in a
show route command before the changes effectively take place. [PR/740427: This
issue has been resolved.]
•
Once a child interface of an aggregate bundle is in down state (for example: CCC-Down
of the logical member link interfaces), the next-hop of the control channel is not
correctly programmed. LACP packets received are not dropped but processed and
point to invalid NH entries, which might yield to such errors as follows or a combination
of all:
•
fpc5 LUCHIP(0) IDMEM[0x000433ba] Read Uninitialized Memory Error
•
fpc5 LUCHIP(0) PLCT INT_STAT 0x00000001 Illegal PL Uninitialized EDMEM Read
0x6db6db6d6db6db6d @ 0x1cf30001 XTXN 0xa8cd87 BULK 0x005c0094 FN 0
sync PPE 14 CNTX 1
•
fpc5 LUCHIP(0) RMC 2 Uninitialized EDMEM[0x1001c0] Read
(0x6db6db6d6db6db6d)
Copyright © 2012, Juniper Networks, Inc.
133
Junos OS 12.2 Release Notes
•
fpc5 LUCHIP(0) PPE_6 Errors sync xtxn error thread timeout error
•
fpc5 PPE Sync DMEM WP Trap: Count 103, PC 620b, 0x620b: nat46_loop 0x620b:
nat44_loop
•
fpc5 PPE Sync XTXN Err Trap: Count 980053, PC 2f9, 0x02f9: nh_ret_simple_last
•
fpc5 PPE Thread Timeout Trap: Count 2840, PC 4c6, 0x04c6: set_iif_inc_ifl_cnt fpc5
PPE PPE Stack Err Trap: Count 20347, PC 310, 0x0310: add_default_layer1_overhead
•
fpc5 PPE PPE HW Fault Trap: Count 529, PC 373, 0x0373: inner_rewrite
There is no operational impact other than the filling up of error messages in the system
log. [PR/703245: This issue has been resolved.]
•
When there are at least three routers to a specific destination (for example, two
destination routes and one clone route), deleting and re-adding one of the logical
interfaces (for example, board replacement), might trigger a kernel crash due to a
timing issue with route deletion. This is triggered in the specific topologies such as an
OSPF3 next hop, which is connected to a different vendor device:
lab@shark-re0> show route forwarding-table destination
fe80::21f:9eff:fea9:c140
Routing table: default.inet6
Internet6:
Destination
Type RtRef Next hop
Type Index NhRef Netif
fe80::21f:9eff:fea9:c140/128
dest
0 0:1f:9e:a9:c1:40 ucst 966 2 ae2.70
fe80::21f:9eff:fea9:c140/128
dest
0 0:1f:9e:a9:c1:40
ucst 968 2 ae4.90
This type of next-hop topology was not seen when Juniper device established an OSPF3
adjacency to another Juniper device. [PR/753849: This issue has been resolved.]
134
•
When an FPC restart is performed, some of the PICs and IFDs are unable to be created
by chassisd due to an EBUSY error returned by the kernel. The kernel is unable to
process the new requests until the previous states of the same object (PIC, IFD in our
case) are consumed by all peers interested in this. The enhancement addresses the
design that makes sure new state changes which could have been processed by the
faster peers are not blocked due to these slower peers. [PR/769632: This issue has
been resolved.]
•
There is an issue with the interworking of ’chassis route-memory-enhanced' knob and
'protocols rsvp interface x/y/z.l link-protection' or 'protocols mpls label-switched-path
<lsp name> node-link-protection'. This causes failure of the installation of routes that
are destined to go to segment 1 (due to the route-memory-enhanced) configuration.
[PR/695336: This issue has been resolved.]
•
On Systems platforms M320 E3FPC/M120/M7i(10i) CFEB-E with l2vpn or l2circuit,
using a control-word and the mpls payload is corrupted in a certain way: the interface
might stop forwarding traffic. To recover from this condition an FPC reboot is needed.
Only Junos OS Release 10.0 or later is affected with non-cookie based PICs. MX Series
platforms with DPC are not affected. [PR/720523: This issue has been resolved.]
Copyright © 2012, Juniper Networks, Inc.
Issues in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
•
When receiving large bytes of PIM Join/Prune refreshes at a very rapid rate, it might
exhaust ukernel buffer memory on the Packet Forwarding Engine, and the PIM
Join/Prune packets will be lost. [PR/720966: This issue has been resolved.]
•
When "delete", or "deactivate" "interface <unit>:family inet:accounting" configuration;
FPCs that have the configuration removed might be reset unexpectedly. [PR/743442:
This issue has been resolved.]
•
In Junos OS Release 11.2R3 or earlier if IPv6 traffic needs to trigger an ICMPv6 MTU
exceeded message to the source and the source is resolved via next-table next-hop,
it might leak packet memory on the FPC. [PR/745988: This issue has been resolved.]
•
Jtree memory leak occurs on I-chip based platforms when 'route-memory-enhanced'
or 'memory-enhanced' is enabled, after there is route flapping which is using indirect
next hop. [PR/751567: This issue has been resolved.]
•
As soon as the forwarding table starts building up on the FPCs, all the affected FPCs
will start reporting the following JTREE errors which is an indication of this issue:
Apr 29 13:45:54 lab-router fpc5 JTREE(jt_nh_get_reachable_nh32): Not reachable
0x00000000:0x082d1782 for seg 1 (rt_jtree_build_nh)
Apr 29 13:45:54 lab-router fpc5 RT: Failed prefix add IPv4 - 1.0.0/24 (jtree nh build
failed) on FE 0
Apr 29 13:45:54 lab-router fpc5 RT: IPv4:0 - 1.0.0/24 (add rt entry into jtree failed)
These messages will be seen as soon as the forwarding table starts building up, even
if there is no traffic. When traffic starts flowing, the FPCs might crash as a result of this
corrupted JTREE. This issue is not seen if per-packet load balancing is configured on
the router for all prefixes. [PR/756464: This issue has been resolved.]
•
Certain hardware data structures used for replicating packets on a single Packet
Forwarding Engine stream (SSM list) does not get updated when the corresponding
next hops get modified, resulting in use of stale data for multicast replication. All
applications that depend on packet replication (IP multicast, P2MP, VPLS BUM traffic)
are impacted. Packets are either sent out on wrong ifls or are dropped. However, this
happens only if the next hops used for packet replication are modified. This affects
line cards using the I/J Chipset in MX, TX, and M Series chassis. [PR/776149: This issue
has been resolved.]
•
If you have DCU statistics configured in conjunction with the copy-plp class of service
knob and an output firewall filter you might encounter a situation where DCU stats are
no longer working. Check first that both ingress and egress ports for the flows you are
counting are not on different PFEs the same fpc. If this is the case, then removing the
copy-plp knob will restart the DCU statistics collection. [PR/707834: This issue has
been resolved.]
Copyright © 2012, Juniper Networks, Inc.
135
Junos OS 12.2 Release Notes
High Availability (HA) and Resiliency
•
During high routing churn, a flapping interface can in some rare circumstances result
in the replicated (backup) kernel to panic with reason "<interface-name>: bitstring
index 14 not empty for <mac-address>.” [PR/698608: This issue has been resolved.]
•
If one or more Packet Forwarding Engine peers are slow in consuming ifstates, the
secondary Routing Engine does not send CP ACK to the master Routing Engine within
a prescribed time. As a result, the secondary Routing Engine is assumed to be having
a problem, and hence the connection for the secondary Routing Engine peer is reset,
so that ksyncd can clean up the ifstates on the secondary Routing Engine and resync
with master Routing Engine again. With this fix, if the secondary CP ACK does not arrive
in a prescribed time, if there is any Packet Forwarding Engine that is causing this delay,
the same is logged and the CP ACK timer is reset. If no peers are found to be causing
the delay of the secondary CP ACK, the behavior is retained to reset the secondary
Routing Engine connection. [PR/727344: This issue has been resolved.]
•
The MPC can generate a core file during ISSU. This issue is intermittent. [PR/744992:
This issue has been resolved.]
•
When performing ISSU on 10GE DPC, the peer device will see link flap. [PR/777798:
This issue has been resolved.]
•
On MX Series routers with ADPC line cards, performing an ISSU upgrade to Junos OS
Release 11.4R3.7 might cause the ADPC line cards to reset, thus impacting router
operation and defeating the purpose of ISSU. Customers with ADPC line cards on MX
Series routers should upgrade only in a maintenance window during which the resets
can be tolerated. Other platforms are not affected by this bug, and ISSU works as
expected. ADPC line cards might reset, causing a traffic outage of approximately 150
seconds duration. [PR/779348: This issue has been resolved.]
Infrastructure
136
•
Certain system resources might become exhausted during Routing Engine switchover
under heavy load, causing the system to restart. After restart, the router will operate
as expected. [PR/733555: This issue has been resolved.]
•
A socket hole in the received sequence space on the backup Routing Engine and that
backup Routing Engine cannot handle the TCP SACK from the master Routing Engine
properly. When backup Routing Engine becomes the new master Routing Engine by
switchover, this potential sequence mismatch in the previous backup Routing Engine
comes out on the new master Routing Engine. Therefore, this message is generated
on syslog. Once after the new master Routing Engine starts handling TCP SACK properly,
this mismatch will be cleared and sooner or later this message stops. This is just a
cosmetic issue. [PR/743382: This issue has been resolved.]
•
Fetching ppX interface statistics leaks in pfestat_table leads to "pfestat_req_add:
pfestat table out of ids" error logs. When in this state, it is not possible to fetch any
interface statistics. To recover from this issue, reload the Routing Engine. Products
affected by this are non-MX products that offer PPPoE services. [PR/751366: This
issue has been resolved.]
Copyright © 2012, Juniper Networks, Inc.
Issues in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
•
Arp entries are not flushed out after disabling interface with purging,aging-timer
configured on local router. [PR/753268: This issue has been resolved.]
•
In scenarios where "family inet" is configured in the pppoe dynamic profile, if ARP
request is received on the pppoe interface, the kernel crashess. [PR/769646: This issue
has been resolved.]
Interfaces and Chassis
•
Error message seen on MX80 "fru_is_present: out of range slot -1 for CB" continuously.
[PR/540868: This issue has been resolved.]
•
"HS Link FIFO underflow" errors might occur as traffic egresses a PIC when the ingress
interface is on another PIC in the same MX-FPC. The speed of the interface and the
traffic pattern is relevant to this problem. [PR/687905: This issue has been resolved.]
•
"ezchip_xeth_add_pw_bd_table_entry" error message is seen on restarting the ADPC
card and total drop in traffic is observed after that. This issue will be seen if the following
conditions are satisfied:
•
VPLS routing instance is created with configuration "protocol vpls connectivity-type
permanent".
•
LSI interface for the vpls routing-instance has a Primary/secondary MPLS LSP present
on the ADPC IFD which is the DUT. Now on just rebooting the ADPC, these logs are
seen on the DPC console.
[PR/693066: This issue has been resolved.]
•
MPC2 might reboot when swapping MIC cards in the same MPC [PR/728095: This
issue has been resolved.]
•
On T Series ES type of FPC, BFD sessions might get flapped when other PIC on the
same FPC is brought online. This is caused by the fact that the PIC drivers take long
time to do initialization when being brought up which might cause the BFD thread to
lose chances of processing the keepalive packets and hence drop the sessions.
[PR/733657: This issue has been resolved.]
•
The issue is present in MX Series platform MIPs must place their own MAC address in
the Egress Identifier TLV in CFM Linktrace Messages that they process. They are
incorrectly leaving this value unchanged. [PR/735419: This issue has been resolved.]
•
Due to an incorrect calculation, memory heap utilization of a service PIC can go over
100% under the show chassis pic command. There is no service impact. [PR/737676:
This issue has been resolved.]
•
In an Active/Active MC-LAG scenario, traffic might get dropped if:
•
Upstream and downstream interfaces are MC-AE interfaces
•
You have routing protocols running over the IRB
•
Traffic crosses the ICL
[PR/746055: This issue has been resolved.]
Copyright © 2012, Juniper Networks, Inc.
137
Junos OS 12.2 Release Notes
•
On Junos OS Release earlier to 11.2, the BERT test results would report Error Bit/LOS
sec for a newly confirmed E1 link in unframed mode. The issue would be seen on
CHSTM1-IQ and CHE1T1-IQE pic. Due to known hardware limitation on CHSTM1-IQ pic,
this issue persists on this pic type. However for CHE1T1-IQE pic it has been fixed on
Junos OS Releases 11.2R7 and later. [PR/748175: This issue has been resolved.]
•
If rlsq interfaces are part of a routing instance, upon deactivation and activation of
routing instance, all rlsq interfaces were not brought up. This issue is fixed as part of
this PR. [PR/749760: This issue has been resolved.]
•
On a GE port with optic SFP-FX which has auto-negotiation disabled, it might show
up even though no cable is connected and have an issue with traffic forwarding on the
interface. [PR/751536: This issue has been resolved.]
•
This issue is specific to a i-chip-based DPCs/FPCs and impacts all type of multicast
traffic such as IP multicast packets, or L2 multicast/broadcast packets going through
L2VPN/VPLS. An i-chip-based DPC/FPC will only forward multicast traffic to the first
1024 receivers of a multicast group if the total number of receivers on a particular PIC
of the DPCE, for that group, is between 1025 and 1088 (1024+64). [PR/752662: This
issue has been resolved.]
Layer 2 Features
•
In a router running a VPLS configuration, an administrator configuration change or a
network event that causes the removal of an IFF from a VPLS instance could lead to
a panic on the backup Routing Engine. [PR/750036: This issue has been resolved.]
•
Routing Engine kernel crash was caused by a suspicious packet in the wrong system
queue. Packet was classified as a TNP packet (ethertype: 0x8850). TNP is a L3 protocol
used for inter process communication between the Routing Engine and the packet
forwarding engine (PFE). [PR/779079: This issue has been resolved.]
Layer 2 Ethernet Services
•
With the configuration of STP/AE under IRB interface, you might see kernel panic on
both master/backup REs after a multiple GRES switchover is done. [PR/742940: This
issue has been resolved.]
•
There is a limitation in the support of IRB interfaces used with DHCP such that:
•
If an LT interface is configured as the underlying interface for an IRB interface and a
DHCP client requests a unicast response, then instead of rejecting the send operation
a corrupt packet is sent.
•
If the underlying interface of an IRB interface has a different number of tags configured
than the bridge domain of the IRB interface and a DHCP client requests a unicast
response a malformed packet is sent.
•
Regardless of tag configuration on the bridge domain, if the packet needs to be
relayed out a VPLS tunnel (an LSI or VT interface as underlying) a malformed packet
is sent.
[PR/751398: This issue has been resolved.]
138
Copyright © 2012, Juniper Networks, Inc.
Issues in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
Multiprotocol Label Switching (MPLS)
•
By design, family MPLS under virtual-router type routing-instance does not get created
without a corresponding "protocols:ldp". Hence, without MPLS family, MPLS filter is
not working on an interface configured under virtual-router type routing-instance. As
a workaround, configure ldp in the instance, and disable it on all interfaces if not used.
[PR/601989: This issue has been resolved.]
•
The Routing protocol process might redundantly try to save the RSVP ERO object in
the graceful restart database. This is applicable only for non-traffic engineered LSPs
when graceful restart is configured. [PR/741694: This issue has been resolved.]
•
l3vpn-composite-nexthop with MPC and MSDPC doing stateful-firewall with interface
service-set will drop packets on service input direction. The interface where service
input/output is configured has to be inside a VRF, and the destination for which service
input should intercept the traffic and send it to service PIC in MSDPC should be
reachable through MPLS backbone, so resolved through composite next-hop, in order
to see this issue. [PR/747914: This issue has been resolved.]
•
Traffic fails to go through service output when it comes from MPLS core and is routed
inside VRF without vrf-table-label configured. This should NOT work on all types of
FPCs except MPCs on MX Series routers. This PR fixes the problem on MPCs.
[PR/749661: This issue has been resolved.]
•
When LSP is configured with auto-bandwidth switches from the primary path to
secondary path, bandwidth estimation on the secondary path might be
under-estimated. Due to under-estimation, overflow sample count might get reset.
[PR/752777: This issue has been resolved.]
•
The kernel might crash at tag_mtu_calc when the Routing Engine attempts to send a
packet larger than the configured MPLS MTU, warranting fragmentation (over a LSP)
using a l3vpn-composite-nexthop. For the issue to occur both must be true: 1)
l3-composite-nexthop knob must be turned on. 2) MPLS MTU must be manually
configured by the user. [PR/755950: This issue has been resolved.]
•
On Trio platforms, when switch L2 MPLS packets on egress PE routers, the inner MPLS
label TTL value is checked and if valid decreased by 1. During the egress process, the
TTL value is rechecked. If the value is 1 at this point, the packet is sent to the Routing
Engine instead of being forwarded out the interface. [PR/776203: This issue has been
resolved.]
Platform and Infrastructure
•
Packets exchanged between logical routers within the same physical router over logical
tunnel (LT) interfaces will not have their TTL decremented. [PR/685639: This issue
has been resolved.]
•
Under very special race conditions, the MPC CPU might stop processing and will be
reset due to Level3/Level 2 watchdog expiration timer. Potential exposure causes high
load of traffic sent to the Host. The following syslog message will be reported in the
syslog once MPC reboots. “fpc[x] MPC: Reset reason (0xc): Level3 watchdog, Level2
watchdog.“ [PR/717899: This issue has been resolved.]
Copyright © 2012, Juniper Networks, Inc.
139
Junos OS 12.2 Release Notes
140
•
Enabling of Dynamic Profile versioning is not supported if dynamic profiles have been
already configured on the router. If you deactivate existing dynamic profiles in order to
enable and commit dynamic profile versioning, profile version numbers are not
subsequently incremented. As a workaround, you must delete all existing dynamic
profiles before you enable profile versioning, and then reconfigure the dynamic profiles.
[PR/741001: This issue has been resolved.]
•
This is an issue during the passing of timestamp message from kernel to rmopd for 64
bit Junos OS. [PR/746428: This issue has been resolved.]
•
If a filter contains multiple prefix actions and the filter is applied, changing one prefix
action referenced by this filter might crash NPCs. The change on a prefix action could
be direct or indirect (e.g., changing the policer reference by this prefix action). The
workaround is detaching all such filters before changing a prefix action and then
applying the filters back after the change. [PR/750370: This issue has been resolved.]
•
When CoS rewrite is configured for an IRB interface, and the IRB interface participates
in L2 multicast, the copies sent over the physical interface will not have the CoS rewrite
applied. This issue is applicable only when the chassis is configured in the "enhanced-ip"
mode. [PR/754720: This issue has been resolved.]
•
A MPC-* FPC installed in a MX240/480/960 router or the integrated TFEB of a
MX5/10/40/80 router might crash and reboot when the unsupported command "show
route hw nhs" is executed from the FPC cli. This command is unsupported and should
not be used without the explicit instructions of JTAC. It is not needed for the normal
operation of a Juniper Networks router. [PR/772413: This issue has been resolved.]
•
If "source-filtering" is turned on under an interface, packets with multicast destination
mac address will get dropped. Such packets are used by applications like CFM. The
multicast mac addresses cannot be explicitly added to be accepted using the CLI.
[PR/772611: This issue has been resolved.]
•
Traffic-control-profile applied on LT ifl used to terminate a vpls instance has no effect
and the IFL is not shaped. [PR/773764: This issue has been resolved.]
•
Customers using Junos OS Release 11.4R3.6 code on MX Series routers with MPC 3D
16x 10GE (Agent Smith) line cards might experience issues with interfaces on these
line cards. Some interfaces on the MPC 3D 16x 10GE (Agent Smith) line cards might
be reported as UP ("Enabled" and "Physical Link UP")in the "show interfaces
<interface>" command. However, "show interfaces <interface> terse” command for
the same interface reports that interface as DOWN (Admin - UP and Link Protocol DOWN). The link lights at both ends of the link will be GREEN ? thereby indicating
connectivity. However, no traffic passes through the affected interfaces. This issue
was seen on interfaces that were part of Aggregated Ethernet (AE) bundle as well as
on interfaces that were NOT part of the AE bundle. In addition, "Wedge Detected"
messages might be seen in the syslogs and in the telnet/ssh session to the router. This
behavior was NOT seen with DPC hardware. [PR/776727: This issue has been resolved.]
Copyright © 2012, Juniper Networks, Inc.
Issues in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
Routing Protocols
•
The show bgp group output is updated to new multiline format in order to display the
full name of table bgp.rtarget.0. [PR/696476: This issue has been resolved.]
•
ISO/CLNS prefixes with more than /152 VPN prefix length when advertised by BGP
across VPN core causes BGP adjacent flap since the remote BGP rejects the same
prefix as an invalid address. This is because the ISOVPN draft allows only up to /152
prefixes. [PR/742491: This issue has been resolved.]
•
Pruned multicast traffic continues to flow from the source even when receiver leaves
the multicast group for Junos OS Releases 10.4R8.5 ,10.4R9, and 10.4R9.2. [PR/746474:
This issue has been resolved.]
•
Route advertisement stops for RT family enabled BGP peers after VRF is deactivated
and activated. This issue is only seen with RT enabled peers and non-stop routing
enabled. [PR/749288: This issue has been resolved.]
•
If there are some link micro flapping, it might bring the BFD into a problematic state.
As a result, for next event of BFD state down, it will not bring down the client sessions
like OSPF, ISIS, BGP, etc. [PR/749388: This issue has been resolved.]
•
The routing protocol process crashes and dump a core file after executing 'show ospf
context-identifier area <area>' command which is given for an area that has not been
configured. The issue is caused by insufficient check code. [PR/750914: This issue has
been resolved.]
•
The multipath flash mechanism runs unnecessarily when BGP multipath is configured
for inet-vpn routes. When large amounts of inet-vpn routes change, there is a noticeable
delay in convergence for the inet-vpn routes. [PR/751469: This issue has been resolved.]
•
If BGP receives an ISO-VPN prefix of length 248, i.e. ISO part of prefix contains
NSEL-byte, BGP session will be reset. This is according to standards, but it would be
good if BGP can handle this gracefully without resetting BGP-session. This PR makes
BGP handle it gracefully, by ignoring the NSEL byte received in the ISO-VPN prefix.
[PR/771835: This issue has been resolved.]
•
Customer needs these debug logs to be changed to severity LOG_DEBUG. "mcsn[91713]:
krt_decode_nexthop: Try freeing: nh-handle: 0x0 nh-index: 1049040 fwdtype: 2" This
was introduced as part of Release 11.4 with severity set to "LOG_INFO" (will not be
seen with earlier releases). This is used as a debug log and is harmless. "mcsn[91713]:
Received MC_AE_OPTIONS TLV for intf device ae1; mc_ae_id 0, status 2" This was
introduced as part of RLI 8857 in Release 10.0 (reference from PR-411614). This also
has a severity of "LOG_INFO" and is part of the rpd-infra that is used by mcsnoopd.
[PR/772063: This issue has been resolved.]
•
The routing protocol process might dump a core file while processing malformed RIP
or RIPng message from neighbor during adjacency establishment. [PR/772601: This
issue has been resolved.]
•
Limited Support for multiple area TLVs in a single ISIS Hello message: When many
area TLVs are found in a single IS-IS Hello packet, L1 adjacencies might not be formed
correctly and can be stuck in the initializing state. Currently, there are no identified
Copyright © 2012, Juniper Networks, Inc.
141
Junos OS 12.2 Release Notes
workarounds; however, this does not impact L2 adjacencies. [PR/775852: This issue
has been resolved.]
Services Applications
•
When you pump in more than 2.1 Million passive monitoring flows into Monitor-II PIC,
the router might not send memory overload SNMP trap. [PR/677162: This issue has
been resolved.]
•
When sending traffic through IPSec tunnels for above 2.5Gbps on an MS-400 PIC, the
Service-PIC might bounce due to prolonged flow control. [PR/705201: This issue has
been resolved.]
•
If the Service PIC processing DS-Lite packets receives packets from overlapping IPv4
addresses present behind different B4s at the same time then there is a possibility that
the PIC will crash with a similar coredump. [PR/711307: This issue has been resolved.]
•
"linerate-mode" might not be applied correctly to interfaces when first configured on
a PIC which does not support "linerate-mode" and later on replace the first PIC with
a second PIC which supports "linerate-mode" [PR/734887: This issue has been
resolved.]
•
In Junos OS Releases 10.4 and later, the number of outstanding IPSec tunnels has
changed to be 50 tunnels instead of 200 outstanding tunnels in previous releases.
[PR/739683: This issue has been resolved.]
•
DCD_CONFIG_WRITE_FAILED with "Device not configured" error is observed when
system is rebooted with rlsq configuration. As a workaround, deactivate interfaces,
request a system reboot and activate interfaces, instead of only requesting a system
reboot. [PR/741121: This issue has been resolved.]
•
This PR enables visibility of Address Pool Paired out of port errors using the cli command
show services nat pool detail.
user@router-re0> show services nat pool detail
Interface: sp-7/0/0, Service set: nat44
NAT pool: public-pool, Translation type: dynamic
Address range: 100.100.0.1-100.100.0.254
Port range: 512-65535, Ports in use: 64512, Out of port errors: 0, Max ports
used: 64512
AP-P out of port errors: 440601
<<-- errors are now shown here
PR/746752: This issue has been resolved.]
•
This is a memory leak in the IDPD daemon on the routing engine. It occurs when SNMP
queries are done on the Routing Engine. This leak is relatively slow and occurs over
several days. When the size of the daemon reaches 512M, it dumps a core. [PR/748414:
This issue has been resolved.]
•
There is no logical binding of <flow-analysis-statistics-entry> to
<flow-analysis-statistics-pic-info> in the output of show services stateful-firewall
flow-analysis | display xml. At the moment pairs of these tags are just put sequentially
on the same level of hierarchy under <service-flow-analysis-information> as it can be
seen in the following output:
user@router> show services stateful-firewall flow-analysis | display xml
<rpc-reply xmlns:junos="http://xml.juniper.net/junos/10.4S8/junos">
142
Copyright © 2012, Juniper Networks, Inc.
Issues in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
<service-flow-analysis-information>
<flow-analysis-statistics-pic-info>
<pic-name>sp-0/0/0</pic-name>
</flow-analysis-statistics-pic-info>
<flow-analysis-statistics-entry>
.... output omitted ....
</flow-analysis-statistics-entry>
<flow-analysis-statistics-pic-info>
<pic-name>sp-0/1/0</pic-name>
</flow-analysis-statistics-pic-info>
<flow-analysis-statistics-entry>
.... output omitted ....
</flow-analysis-statistics-entry>
... output omitted ....
The Junos OS software has been modified to include a new tag
<service-flow-analysis-entry>, which is the parent of both the
<flow-analysis-statistics-entry> tag and the <flow-analysis-statistics-pic-info> tag,
thus tying the pic name with existing flow analysis details:
user@router> show services stateful-firewall flow-analysis | display xml
<rpc-reply xmlns:junos="http://xml.juniper.net/junos/12.1I0/junos">
<service-flow-analysis-information>
<service-flow-analysis-entry>
<<<<<<<<<<<<<<<<<<<< Start New
tag
<flow-analysis-statistics-pic-info>
<pic-name>sp-2/0/0</pic-name>
</flow-analysis-statistics-pic-info>
<flow-analysis-statistics-entry>
.... output omitted ....
</flow-analysis-statistics-entry>
<flow-analysis-num-flows-sec-samples-entry>
.... output omitted ....
</flow-analysis-num-flows-sec-samples-entry>
<flow-analysis-num-flows-sec-entry>
.... output omitted ....
</flow-analysis-num-flows-sec-entry>
<flow-analysis-num-flows-sec-entry>
.... output omitted ....
</flow-analysis-num-flows-sec-entry>
<flow-analysis-protocol-lifetime-entry>
.... output omitted ....
</flow-analysis-protocol-lifetime-entry>
</service-flow-analysis-entry>
<<<<<<<<<<<<<<<<<<<< End
<service-flow-analysis-entry>
<<<<<<<<<<<<<<<<<<<< Start New tag
<flow-analysis-statistics-pic-info>
<pic-name>sp-2/1/0</pic-name>
</flow-analysis-statistics-pic-info>
<flow-analysis-statistics-entry>
.... output omitted ....
</flow-analysis-statistics-entry>
<flow-analysis-num-flows-sec-samples-entry>
.... output omitted ....
</flow-analysis-num-flows-sec-samples-entry>
<flow-analysis-num-flows-sec-entry>
.... output omitted ....
</flow-analysis-num-flows-sec-entry>
<flow-analysis-num-flows-sec-entry>
.... output omitted ....
Copyright © 2012, Juniper Networks, Inc.
143
Junos OS 12.2 Release Notes
</flow-analysis-num-flows-sec-entry>
<flow-analysis-protocol-lifetime-entry>
.... output omitted ....
</flow-analysis-protocol-lifetime-entry>
</service-flow-analysis-entry>
<<<<<<<<<<<<<<<<<<<<<< End
</service-flow-analysis-information>
<cli>
<banner>[edit]</banner>
</cli>
</rpc-reply>
[PR/749675: This issue has been resolved.]
•
While trying to Allocate NAT ports for SIP headers, MS-PIC crashes. [PR/769605: This
issue has been resolved.]
User Interface and Configuration
•
In edit private mode, when a node is disabled and then annotate is used on disable, it
throws error on commit. [PR/58358: This issue has been resolved.]
•
Using the "# load" command to replace policy configuration could lead to a
configuration corruption which causes RPD to crash upon commit. [PR/704294: This
issue has been resolved.]
VPNs
144
•
An optimization has been implemented with BGP-MVPN nexthop infrastructure which
will improve scalability in some multi-dimensional scaling scenarios with aggregate
interfaces. [PR/690690: This issue has been resolved.]
•
Under certain circumstances a vrf-import policy's term with the "accept" action that
matches the BGP VPN route based on the criteria different than the target community
can reject the matching route. [PR/706064: This issue has been resolved.]
•
Currently, MVPN Leaf-AD routes with IR provider tunnels are sent without the PMSI
attributes. These routes should be sent with the PMSI attributes. The label will be the
same label as advertised in the Type 1 route. [PR/717451: This issue has been resolved.]
•
In an MVPN scenario, performing GRES might result in some traffic loss for MVPN
flows. [PR/733893]
•
With BGP MVPNs when there are many interfaces in the vrf, it is possible that RPD
might core. If a forwarding entry has a large number of outgoing interfaces, this memory
error will occur. The exact number of oifs needed to trigger this issue is not known.
[PR/749379: This issue has been resolved.]
•
In NG-MVPN with a multihomed source attached to ingress PE, when original-DR goes
down and then comes back to claim its role as DR, the other node will lose its
intermediate DR-role and withdraw its type 5 AD-route. However the new DR which
comes back will not advertise a type 5 AD route. As result of this misbehaviour, neither
the non-DR nor the DR will advertise a type 5 AD route in the re-convergence case and
hence no egress-PE could join the source. [PR/754222: This issue has been resolved.]
•
The issue happens when the ingress PE receives the type-4 leaf AD route before
discovering the egress PE as a neighbor using a type-1 route. PE ignores the type-4 leaf
AD route as there is no nbr. When the ingress PE receives the type-1 route, it only
Copyright © 2012, Juniper Networks, Inc.
Errata and Changes in Documentation for Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
processes inclusive p-tnl and since it did not add the unicast IR tunnel as a leaf to the
spmsi tunnel, the egress PE doesn't receive the traffic. [PR/755209: This issue has
been resolved.]
Related
Documentation
•
When the label for intra-AS AD route changes, it is not reflected in the intra-as AD route
generated to the MVPN PE peers as a result the peers still use the old label information
and results traffic drop. [PR/771059: This issue has been resolved.]
•
New Features in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
on page 67
•
Changes in Default Behavior and Syntax, and for Future Releases in Junos OS Release
12.2 for M Series, MX Series, and T Series Routers on page 114
•
Errata and Changes in Documentation for Junos OS Release 12.2 for M Series, MX Series,
and T Series Routers on page 145
•
Upgrade and Downgrade Instructions for Junos OS Release 12.2 for M Series, MX Series,
and T Series Routers on page 152
Errata and Changes in Documentation for Junos OS Release 12.2 for M Series, MX Series, and
T Series Routers
Errata
•
High Availability
•
Interfaces and Chassis
•
J-Web Interface
•
Layer 2 Ethernet Services
•
Multicast
•
Services Applications
•
Subscriber Access Management
•
User Interface and Configuration
•
VPNs
High Availability
•
TX Matrix Plus routers and T1600 routers that are configured as part of a routing matrix
do not currently support nonstop active routing.
[High Availability]
Interfaces and Chassis
•
SONET/SDH support on Channelized OC3/STM1 (Multi-Rate) Circuit Emulation
MIC with SFP (MIC-3D-4COC3-1COC12-CE)—This feature is supported in Junos OS
Release 12.2R1. However, the documentation for this feature is not available in this
release. Documentation for this feature is planned for an upcoming release.
Copyright © 2012, Juniper Networks, Inc.
145
Junos OS 12.2 Release Notes
•
With Junos OS Release 10.1 and later, you need not include the tunnel option or the
clear-dont-fragment-bit statement when configuring allow-fragmentation on a tunnel.
[Services Interfaces]
•
Hybrid mode is currently not supported in Junos OS Release 12.2R1. All references to
hybrid mode (combined operation of Precision Time Protocol and Synchronous
Ethernet) in the System Basics Configuration Guide and Junos System Basics and Services
Command Reference Guide should be disregarded.
J-Web Interface
•
To access the J-Web interface, your management device requires the following
software:
•
Supported browsers—Microsoft Internet Explorer version 7.0 or Mozilla Firefox version
3.0
•
Language support—English-version browsers
•
Supported OS—Microsoft Windows XP Service Pack 3
Layer 2 Ethernet Services
•
In the Layer 2 Configuration Guide, the examples provided in the sections, “Configuring
Layer 2 Protocol Tunneling”, “Configuring BPDU Protection on Individual Interfaces”,
and “Configuring BPDU Protection on All Edge Ports” are incorrect for configuring Layer
2 tunneling with routing instances.
Multicast
•
The listings for the following RFCs incorrectly state that Junos OS supports only SSM
include mode. Both include mode and exclude mode are supported in Junos OS Release
9.3 and later.
•
RFC 3376, Internet Group Management Protocol, Version 3
•
RFC 3590, Source Address Selection for the Multicast Listener Discovery (MLD) Protocol
[Hierarchy and Standards Reference]
Services Applications
•
The rate statement for packet sampling is now configured at the [edit forwarding
options sampling input family family] hierarchy level.
[Services Interfaces]
•
146
IPFIX sampling documentation did not reference the correct flow template. The
documentation for “Configuring Inline Sampling” and “Configuring Inline Sampling for
MX80 Routers” referred to the topic “Configuring Flow Aggregation to Use Version 9
Flow Templates” for information about sampling output, leading customers to believe
that the IPv4 BGP_NEXT_HOP was supported for inline sampling. Inline sampling does
not use Version 9 templates; they are used only for sampling done on a services PIC.
Copyright © 2012, Juniper Networks, Inc.
Errata and Changes in Documentation for Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
To view the correct flow template topic, “Configuring Flow Aggregation to Use IPFIIX
Flow Templates”, see PR/788037.
Subscriber Access Management
•
The show subscribers topic in the Junos OS System Basics and Services Command
Reference omits the following information about using the address option for the show
subscribers command.
When you issue the show subscribers address command, you must specify the IPv4 or
IPv6 address prefix without a netmask, as shown in the following example:
user@host> show subscribers address 192.168.17.1 detail
If you specify the IP address as a prefix with a netmask, as shown in the following
example, the router displays a message that the IP address is invalid, and rejects the
command:
user@host> show subscribers address 192.168.17.1/32 detail
Invalid argument: invalid ip_address 192.168.17.1/32
[Junos OS System Basics and Services Command Reference]
•
The “Configuring Per-Subscriber Session Accounting” topic in the Subscriber Access
Configuration Guide incorrectly states that the update-interval statement rounds up
an interval of 10 through 15 minutes to 15. The actual behavior is that all configured
values are rounded up to the next higher multiple of 10. For example, the values 811
through 819 are all accepted by the CLI, but are all rounded up to 820.
[Subscriber Access]
•
The “DHCP in Broadband Networks” topic erroneously states that the Junos OS
subscriber management solution currently supports only DHCP as a multiple-client
configuration protocol. However, subscriber management solutions support DHCP
and PPPoE as multiple-client configuration protocols.
[Broadband Subscriber Management Solutions]
•
The “Configuring Service Packet Counting” topic in the Junos OS Subscriber Access
Configuration Guide does not include the following configuration guideline. When you
specify the service-accounting action for the term, you cannot additionally configure
the count action in the same term.
[Subscriber Access]
•
The table titled “Supported Juniper Networks VSAs” in the “Juniper Networks VSAs
Supported by the AAA Service Framework” topic lists RADIUS VSA 26-157
(IPv6-NdRa-Pool-Name). This VSA is not supported and should not appear in the
table.
[Subscriber Access]
•
The “Configuring a Dynamic Profile for Client Access” topic erroneously uses the
$junos-underlying-interface variable when an IGMP interface is configured in the client
access dynamic profile. The following example provides the appropriate use of the
$junos-interface-name variable:
[edit dynamic-profiles access-profile]
Copyright © 2012, Juniper Networks, Inc.
147
Junos OS 12.2 Release Notes
user@host# set protocols igmp interface $junos-interface-name
•
Table 25 in the “Dynamic Variables Overview” topic does not define the
$junos-igmp-version predefined dynamic variable. This variable is defined as follows:
$junos-igmp-version—IGMP version configured in a client access profile. Junos OS
obtains this information from the RADIUS server when a subscriber accesses the router.
The version is applied to the accessing subscriber when the profile is instantiated. You
specify this variable at the [dynamic-profiles profile-name protocols igmp] hierarchy
level for the interface statement.
In addition, the Subscriber Access Configuration Guide erroneously specifies the use of
a colon (:) when you configure the dynamic profile to define the IGMP version for client
interfaces. The following example provides the appropriate syntax for setting the IGMP
interface to obtain the IGMP version from RADIUS:
[edit dynamic-profiles access-profile protocols igmp interface $junos-interface-name]
user@host# set version $junos-igmp-version
•
The Subscriber Access Configuration Guide and the System Basics Configuration Guide
contain information about the override-nas-information statement. This statement
does not appear in the CLI and is not supported.
[Subscriber Access, System Basics]
•
When you modify dynamic CoS parameters with a RADIUS change of authorization
(CoA) message, Junos OS accepts invalid configurations. For example, if you specify
a transmit rate that exceeds the allowed 100 percent, the system does not reject the
configuration and returns unexpected shaping behavior.
[Subscriber Access]
•
Juniper Networks does not support multicast RIF mapping and ANCP when configured
simultaneously on the same logical interface. For example, configuring a multicast
VLAN and ANCP on the same logical interface is not supported, and the subscriber
VLANs are the same for both ANCP and multicast.
[Subscriber Access]
•
The Subscriber Access Configuration Guide incorrectly describes the authentication-order
statement as it is used for subscriber access management. When configuring the
authentication-order statement for subscriber access management, you must always
specify the radius method. Subscriber access management does not support the
password keyword (the default), and authentication fails when you do not specify an
authentication method.
[Subscriber Access]
•
In the Subscriber Access Configuration Guide, the “Juniper Networks VSAs Supported
by the AAA Service Framework” table and the “RADIUS-Based Mirroring Attributes “
table incorrectly describe VSA 26-59. The correct description is as follows:
Attribute Number
Attribute Name
Description
26-59
Med-Dev-Handle
Identifier that associates mirrored traffic to a specific
subscriber.
148
Copyright © 2012, Juniper Networks, Inc.
Errata and Changes in Documentation for Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
[Subscriber Access]
•
In the Subscriber Access Configuration Guide, the table titled "Supported Juniper
Networks VSAs" in the "Juniper Networks VSAs Supported by the AAA Service
Framework" topic lists RADIUS VSA 26-42 (Input-Gigapackets) and VSA 26-43
(Output-Gigapackets). These two VSAs are not supported.
[Subscriber Access]
•
In the Junos OS Subscriber Access Configuration Guide, the "Qualifications for Change of
Authorization" section in the topic titled “RADIUS-initiated Change of Authorization
(CoA) Overview”, has been rewritten as follows to clarify how CoA uses the RADIUS
attributes and VSAs.
Copyright © 2012, Juniper Networks, Inc.
149
Junos OS 12.2 Release Notes
Qualifications for Change of Authorization
To complete the change of authorization for a user, you specify identification
attributes and session attributes. The identification attributes identify the subscriber.
Session attributes specify the operation (activation or deactivation) to perform on
the subscriber’s session and also include any client attributes for the session (for
example, QoS attributes). The AAA Service Framework handles the actual request.
Table 3 on page 150 shows the identification attributes for CoA operations.
NOTE: Using the Acct-Session-ID attribute to identify the subscriber
session is more explicit than using the User-Name attribute. When you
use the Acct-Session-ID, the attribute identifies the specific subscriber
and session. When you use the User-Name as the identifier, the CoA
operation is applied to the first session that was logged in with the
specified username. However, because a subscriber might have multiple
sessions associated with the same username, the first session might
not be the correct session for the CoA operation.
Table 3: Identification Attributes
Attribute
Description
User-Name [RADIUS attribute 1]
Subscriber username.
Acct-Session-ID [RADIUS attribute 44]
Specific subscriber and session.
Table 4 on page 150 shows the session attributes for CoA operations. Any additional
client attributes that you include depend on your particular session requirements.
Table 4: Session Attributes
Attribute
Description
Activate-Service [Juniper Networks VSA 26–65]
Service to activate for the subscriber.
Deactivate-Service [Juniper Networks VSA
26–66]
Service to deactivate for the subscriber.
[Subscriber Access]
150
Copyright © 2012, Juniper Networks, Inc.
Errata and Changes in Documentation for Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
User Interface and Configuration
•
The show system statistics bridge command displays system statistics on MX Series
routers.
[System Basics Command Reference]
VPNs
•
In “Chapter 19, Configuring VPLS” of the VPNs Configuration Guide, an incorrect
statement that caused contradictory information about which platforms support LDP
BGP interworking has been removed. The M7i router was also omitted from the list of
supported platforms. The M7i router does support LDP BGP interworking.
[VPNs]
•
The l3vpn statement documentation states that this statement is not supported on
MX Series routers with both MS-DPCs and MPCs installed. However, it should state
that the l3vpn statement is not supported on MX Series routers with both DPCs and
MPCs installed.
[VPNs]
Changes to the Junos OS Documentation Set
The following are the changes made to the Junos OS documentation set:
•
Carrier-grade NAT and softwire documentation is no longer included in the Junos OS
Services Configuration Guide. The documentation is now available at the following
subject-based web page: Next-Generation Network Addressing Carrier-Grade NAT
and IPv6
Solutions—http://www.juniper.net/techpubs/en_US/junos12.1/information-products/pathway-pages/
ngna-solutions/next-generation-network-addressing-solutions.html
•
The documentation for ukernel and JSF supported Application Layer Gateways (ALGs)
has been substantially re-written, and is available at the following web pages:
•
ALG Descriptions
(ukernel)—http://www.juniper.net/techpubs/en_US/junos12.1/topics/concept/alg-descriptions.html
•
ALG Descriptions
(JSF)—http://www.juniper.net/techpubs/en_US/junos12.1/topics/concept/alg-descriptions-jsf.html
•
Stateless firewall filter and traffic policer documentation is no longer included in the
Junos OS Policy Framework Configuration Guide. This material is now available in the
Junos OS Firewall Filter and Policer Configuration Guide only.
•
Routing policy, traffic sampling, forwarding, and monitoring documentation is no longer
included in the Junos OS Policy Framework Configuration Guide. This material is now
available in the Junos OS Policy Framework Configuration Guide.
•
In addition, individual HTML pages have a Print link in the upper left corner of the text
area on the page.
Copyright © 2012, Juniper Networks, Inc.
151
Junos OS 12.2 Release Notes
Related
Documentation
•
New Features in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
on page 67
•
Changes in Default Behavior and Syntax, and for Future Releases in Junos OS Release
12.2 for M Series, MX Series, and T Series Routers on page 114
•
Issues in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers on page 122
•
Upgrade and Downgrade Instructions for Junos OS Release 12.2 for M Series, MX Series,
and T Series Routers on page 152
Upgrade and Downgrade Instructions for Junos OS Release 12.2 for M Series, MX Series, and T
Series Routers
This section discusses the following topics:
•
Basic Procedure for Upgrading to Release 12.2 on page 152
•
Upgrade and Downgrade Support Policy for Junos OS Releases on page 155
•
Upgrading a Router with Redundant Routing Engines on page 156
•
Upgrading Juniper Network Routers Running Draft-Rosen Multicast VPN to Junos OS
Release 10.1 on page 156
•
Upgrading the Software for a Routing Matrix on page 158
•
Upgrading Using ISSU on page 159
•
Upgrading from Junos OS Release 9.2 or Earlier on a Router Enabled for Both PIM and
NSR on page 159
•
Downgrading from Release 12.2 on page 160
Basic Procedure for Upgrading to Release 12.2
In order to upgrade to Junos OS 10.0 or later, you must be running Junos OS 9.0S2, 9.1S1,
9.2R4, 9.3R3, 9.4R3, 9.5R1, or later minor versions, or you must specify the no-validate
option on the request system software install command.
When upgrading or downgrading Junos OS, always use the jinstall package. Use other
packages (such as the jbundle package) only when so instructed by a Juniper Networks
support representative. For information about the contents of the jinstall package and
details of the installation process, see the Junos OS Installation and Upgrade Guide.
NOTE: With Junos OS Release 9.0 and later, the compact flash disk memory
requirement for Junos OS is 1 GB. For M7i and M10i routers with only 256 MB
memory, see the Customer Support Center JTAC Technical Bulletin
PSN-2007-10-001 at
https://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2007-10-001
&actionBtn=Search.
152
Copyright © 2012, Juniper Networks, Inc.
Upgrade and Downgrade Instructions for Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
NOTE: Before upgrading, back up the file system and the currently active
Junos OS configuration so that you can recover to a known, stable
environment in case the upgrade is unsuccessful. Issue the following
command:
user@host> request system snapshot
The installation process rebuilds the file system and completely reinstalls
Junos OS. Configuration information from the previous software installation
is retained, but the contents of log files might be erased. Stored files on the
routing platform, such as configuration templates and shell scripts (the only
exceptions are the juniper.conf and ssh files), might be removed. To preserve
the stored files, copy them to another system before upgrading or
downgrading the routing platform. For more information, see the Junos OS
System Basics Configuration Guide.
Copyright © 2012, Juniper Networks, Inc.
153
Junos OS 12.2 Release Notes
The download and installation process for Junos OS Release 12.2 is different from previous
Junos OS releases. Follow these steps:
1.
Using a Web browser, navigate to the All Junos Platforms software download URL on
the Juniper Networks Web page:
http://www.juniper.net/support/downloads/
2. Select the name of the Junos OS platform for the software that you want to download.
3. Select the release number (the number of the software version that you want to
download) from the Release drop-down list to the right of the Download Software
page.
4. Select the Software tab.
5. In the Install Package section of the Software tab, select the software package for the
release.
6. Log in to the Juniper Networks authentication system using the username (generally
your e-mail address) and password supplied by a Juniper Networks representative.
7. Review and accept the End User License Agreement.
8. Download the software to a local host.
9. Copy the software to the routing platform or to your internal software distribution
site.
10. Install the new jinstall package on the routing platform.
NOTE: We recommend that you upgrade all software packages out of
band using the console because in-band connections are lost during the
upgrade process.
Customers in the United States and Canada, use the following command:
user@host> request system software add validate reboot
source/jinstall-12.2R18-domestic-signed.tgz
All other customers, use the following command:
user@host> request system software add validate reboot
source/jinstall-12.2R18-export-signed.tgz
Replace source with one of the following values:
•
/pathname—For a software package that is installed from a local directory on the
router.
•
154
For software packages that are downloaded and installed from a remote location:
•
ftp://hostname/pathname
•
http://hostname/pathname
•
scp://hostname/pathname (available only for Canada and U.S. version)
Copyright © 2012, Juniper Networks, Inc.
Upgrade and Downgrade Instructions for Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
The validate option validates the software package against the current configuration
as a prerequisite to adding the software package, to ensure that the router reboots
successfully. This is the default behavior when the software package being added is
a different release.
Including the reboot command reboots the router after the upgrade is validated and
installed. When the reboot is complete, the router displays the login prompt. The
loading process can take 5 to 10 minutes.
Rebooting occurs only if the upgrade is successful.
NOTE: After you install a Junos OS Release 12.2 jinstall package, you cannot
issue the request system software rollback command to return to the previously
installed software. Instead, you must issue the request system software add
validate command and specify the jinstall package that corresponds to the
previously installed software.
NOTE: Before you upgrade a router that you are using for voice traffic, you
should monitor call traffic on each virtual BGF. Confirm that no emergency
calls are active. When you have determined that no emergency calls are
active, you can wait for non-emergency call traffic to drain as a result of
graceful shutdown, or you can force a shutdown. For detailed information
about how to monitor call traffic before upgrading, see the Junos OS Multiplay
Solutions Guide.
Upgrade and Downgrade Support Policy for Junos OS Releases
Support for upgrades and downgrades that span more than three Junos OS releases at
a time is not provided, except for releases that are designated as Extended End-of-Life
(EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can
upgrade directly from one EEOL release to the next EEOL release even though EEOL
releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after
the currently installed EEOL release, or to two EEOL releases before or after. For example,
Junos OS Releases 10.0, 10.4, and 11.4 are EEOL releases. You can upgrade from Junos
OS Release 10.0 to Release 10.4 or even from Junos OS Release 10.0 to Release 11.4.
However, you cannot upgrade directly from a non-EEOL release that is more than three
releases ahead or behind. For example, you cannot directly upgrade from Junos OS
Release 10.3 (a non-EEOL release) to Junos OS Release 11.4 or directly downgrade from
Junos OS Release 11.4 to Junos OS Release 10.3.
To upgrade or downgrade from a non-EEOL release to a release more than three releases
before or after, first upgrade to the next EEOL release and then upgrade or downgrade
from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see
http://www.juniper.net/support/eol/junos.html.
Copyright © 2012, Juniper Networks, Inc.
155
Junos OS 12.2 Release Notes
Upgrading a Router with Redundant Routing Engines
If the router has two Routing Engines, perform a Junos OS installation on each Routing
Engine separately to avoid disrupting network operation as follows:
1.
Disable graceful Routing Engine switchover (GRES) on the master Routing Engine
and save the configuration change to both Routing Engines.
2. Install the new Junos OS release on the backup Routing Engine while keeping the
currently running software version on the master Routing Engine.
3. After making sure that the new software version is running correctly on the backup
Routing Engine, switch over to the backup Routing Engine to activate the new software.
4. Install the new software on the original master Routing Engine that is now active as
the backup Routing Engine.
For the detailed procedure, see the Junos OS Installation and Upgrade Guide.
Upgrading Juniper Network Routers Running Draft-Rosen Multicast VPN to Junos
OS Release 10.1
In releases prior to Junos OS Release 10.1, the draft-rosen multicast VPN feature
implements the unicast lo0.x address configured within that instance as the source
address used to establish PIM neighbors and create the multicast tunnel. In this mode,
the multicast VPN loopback address is used for reverse path forwarding (RPF) route
resolution to create the reverse path tree (RPT), or multicast tunnel. The multicast VPN
loopback address is also used as the source address in outgoing PIM control messages.
In Junos OS Release 10.1 and later, you can use the router’s main instance loopback
(lo0.0) address (rather than the multicast VPN loopback address) to establish the PIM
state for the multicast VPN. We strongly recommend that you perform the following
procedure when upgrading to Junos OS Release 10.1 if your draft-rosen multicast VPN
network includes both Juniper Network routers and other vendors’ routers functioning
as provider edge (PE) routers. Doing so preserves multicast VPN connectivity throughout
the upgrade process.
156
Copyright © 2012, Juniper Networks, Inc.
Upgrade and Downgrade Instructions for Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
Because Junos OS Release 10.1 supports using the router’s main instance loopback (lo0.0)
address, it is no longer necessary for the multicast VPN loopback address to match the
main instance loopback address lo0.0 to maintain interoperability.
NOTE: You might want to maintain a multicast VPN instance lo0.x address
to use for protocol peering (such as IBGP sessions), or as a stable router
identifier, or to support the PIM bootstrap server function within the VPN
instance.
Complete the following steps when upgrading routers in your draft-rosen multicast VPN
network to Junos OS Release 10.1 if you want to configure the routers’s main instance
loopback address for draft-rosen multicast VPN:
1.
Upgrade all M7i and M10i routers to Junos OS Release 10.1 before you configure the
loopback address for draft-rosen Multicast VPN.
NOTE: Do not configure the new feature until all the M7i and M10i routers
in the network have been upgraded to Junos OS Release 10.1.
2. After you have upgraded all routers, configure each router’s main instance loopback
address as the source address for multicast interfaces.
Include the default-vpn-source interface-name loopback-interface-name statement
at the [edit protocols pim] hierarchy level.
3. After you have configured the router’s main loopback address on each PE router,
delete the multicast VPN loopback address (lo0.x) from all routers.
We recommend that you remove the multicast VPN loopback address from all PE
routers from other vendors. In Junos OS releases prior to 10.1, to ensure interoperability
with other vendors’ routers in a draft-rosen multicast VPN network, you had to perform
additional configuration. Remove that configuration from both the Juniper Networks
routers and the other vendors’ routers. This configuration should be on Juniper Networks
routers and on the other vendors’ routers where you configured the lo0.mvpn address
in each VRF instance as the same address as the main loopback (lo0.0) address.
This configuration is not required when you upgrade to Junos OS Release 10.1 and use
the main loopback address as the source address for multicast interfaces.
NOTE: To maintain a loopback address for a specific instance, configure
a loopback address value that does not match the main instance address
(lo0.0).
For more information about configuring the draft-rosen Multicast VPN feature, see the
Junos OS Multicast Configuration Guide.
Copyright © 2012, Juniper Networks, Inc.
157
Junos OS 12.2 Release Notes
Upgrading the Software for a Routing Matrix
A routing matrix can use either a TX Matrix router as the switch-card chassis (SCC) or a
TX Matrix Plus router as the switch-fabric chassis (SFC). By default, when you upgrade
software for a TX Matrix router or a TX Matrix Plus router, the new image is loaded onto
the TX Matrix or TX Matrix Plus router (specified in the Junos OS CLI by using the scc or
sfc option) and distributed to all T640 routers or T1600 routers in the routing matrix
(specified in the Junos OS CLI by using the lcc option). To avoid network disruption during
the upgrade, ensure that the following conditions are met before beginning the upgrade
process:
•
A minimum of free disk space and DRAM on each Routing Engine. The software upgrade
will fail on any Routing Engine without the required amount of free disk space and
DRAM. To determine the amount of disk space currently available on all Routing Engines
in the routing matrix, use the CLI show system storage command. To determine the
amount of DRAM currently available on all Routing Engines in the routing matrix, use
the CLI show chassis routing-engine command.
•
The master Routing Engines of the TX Matrix or TX Matrix Plus router (SCC or SFC)
and T640 routers or T1600 routers (LCC) are all re0 or are all re1.
•
The backup Routing Engines of the TX Matrix or TX Matrix Plus router (SCC or SFC)
and T640 routers or T1600 routers (LCC) are all re1 or are all re0.
•
All master Routing Engines in all routers run the same version of software. This is
necessary for the routing matrix to operate.
•
All master and backup Routing Engines run the same version of software before
beginning the upgrade procedure. Different versions of Junos OS can have incompatible
message formats especially if you turn on GRES. Because the steps in the process
include changing mastership, running the same version of software is recommended.
•
For a routing matrix with a TX Matrix router, the same Routing Engine model is used
within a TX Matrix router (SCC) and within a T640 router (LCC) of a routing matrix.
For example, a routing matrix with an SCC using two RE-A-2000s and an LCC using
two RE-1600s is supported. However, an SCC or an LCC with two different Routing
Engine models is not supported. We suggest that all Routing Engines be the same
model throughout all routers in the routing matrix. To determine the Routing Engine
type, use the CLI show chassis hardware | match routing command.
•
For a routing matrix with a TX Matrix Plus router, the SFC contains two model
RE-DUO-C2600-16G Routing Engines, and each LCC contains two model
RE-DUO-C1800-8G Routing Engines.
NOTE: It is considered best practice to make sure that all master Routing
Engines are re0 and all backup Routing Engines are re1 (or vice versa). For
the purposes of this document, the master Routing Engine is re0 and the
backup Routing Engine is re1.
158
Copyright © 2012, Juniper Networks, Inc.
Upgrade and Downgrade Instructions for Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
To upgrade the software for a routing matrix, perform the following steps:
1.
Disable graceful Routing Engine switchover (GRES) on the master Routing Engine
(re0) and save the configuration change to both Routing Engines.
2. Install the new Junos OS release on the backup Routing Engine (re1) while keeping
the currently running software version on the master Routing Engine (re0).
3. Load the new Junos OS on the backup Routing Engine.
4. After making sure that the new software version is running correctly on the backup
Routing Engine (re1), switch mastership back to the original master Routing Engine
(re0) to activate the new software.
5. Install the new software on the new backup Routing Engine (re0).
For the detailed procedure, see the Routing Matrix with a TX Matrix Router Feature Guide or
the Routing Matrix with a TX Matrix Plus Router Feature Guide.
Upgrading Using ISSU
Unified in-service software upgrade (ISSU) enables you to upgrade between two different
Junos OS releases with no disruption on the control plane and with minimal disruption
of traffic. Unified in-service software upgrade is only supported by dual Routing Engine
platforms. In addition, graceful Routing Engine switchover (GRES) and nonstop active
routing (NSR) must be enabled. For additional information about using unified in-service
software upgrade, see the Junos OS High Availability Configuration Guide.
Upgrading from Junos OS Release 9.2 or Earlier on a Router Enabled for Both PIM
and NSR
Junos OS Release 9.3 introduced NSR support for PIM for IPv4 traffic. However, the
following PIM features are not currently supported with NSR. The commit operation fails
if the configuration includes both NSR and one or more of these features:
•
Anycast RP
•
Draft-Rosen multicast VPNs (MVPNs)
•
Local RP
•
Next-generation MVPNs with PIM provider tunnels
•
PIM join load balancing
Junos OS 9.3 Release introduced a new configuration statement that disables NSR for
PIM only, so that you can activate incompatible PIM features and continue to use NSR
for the other protocols on the router: the nonstop-routing disable statement at the [edit
protocols pim] hierarchy level. (Note that this statement disables NSR for all PIM features,
not only incompatible features.)
If neither NSR nor PIM is enabled on the router to be upgraded or if one of the unsupported
PIM features is enabled but NSR is not enabled, no additional steps are necessary and
you can use the standard upgrade procedure described in other sections of these
instructions. If NSR is enabled and no NSR-incompatible PIM features are enabled, use
Copyright © 2012, Juniper Networks, Inc.
159
Junos OS 12.2 Release Notes
the standard reboot or ISSU procedures described in the other sections of these
instructions.
Because the nonstop-routing disable statement was not available in Junos OS Release
9.2 and earlier, if both NSR and an incompatible PIM feature are enabled on a router to
be upgraded from Junos OS Release 9.2 or earlier to a later release, you must disable
PIM before the upgrade and reenable it after the router is running the upgraded Junos
OS and you have entered the nonstop-routing disable statement. If your router is running
Junos OS Release 9.3 or later, you can upgrade to a later release without disabling NSR
or PIM–simply use the standard reboot or ISSU procedures described in the other sections
of these instructions.
To disable and reenable PIM:
1.
On the router running Junos OS Release 9.2 or earlier, enter configuration mode and
disable PIM.
[edit]
user@host# deactivate protocols pim
user@host# commit
2. Upgrade to Junos OS Release 9.3 or later software using the instructions appropriate
for the router type. You can either use the standard procedure with reboot or use ISSU.
3. After the router reboots and is running the upgraded Junos OS, enter configuration
mode, disable PIM NSR with the nonstop-routing disable statement, and then reenable
PIM.
[edit]
user@host# set protocols pim nonstop-routing disable
user@host# activate protocols pim
user@host# commit
Downgrading from Release 12.2
To downgrade from Release 12.2 to another supported release, follow the procedure for
upgrading, but replace the 12.2 jinstall package with one that corresponds to the
appropriate release.
NOTE: You cannot downgrade more than three releases. For example, if your
routing platform is running Junos OS Release 11.4, you can downgrade the
software to Release 10.4 directly, but not to Release 10.3 or earlier. As a
workaround, you can first downgrade to Release 10.4 and then downgrade
to Release 10.3.
For more information, see the Junos OS Installation and Upgrade Guide.
Related
Documentation
160
•
New Features in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
on page 67
•
Changes in Default Behavior and Syntax, and for Future Releases in Junos OS Release
12.2 for M Series, MX Series, and T Series Routers on page 114
Copyright © 2012, Juniper Networks, Inc.
Upgrade and Downgrade Instructions for Junos OS Release 12.2 for M Series, MX Series, and T Series Routers
•
Issues in Junos OS Release 12.2 for M Series, MX Series, and T Series Routers on page 122
•
Errata and Changes in Documentation for Junos OS Release 12.2 for M Series, MX Series,
and T Series Routers on page 145
Copyright © 2012, Juniper Networks, Inc.
161
Junos OS 12.2 Release Notes
Junos OS Documentation and Release Notes
For a list of related Junos OS documentation, see
http://www.juniper.net/techpubs/software/junos/ .
If the information in the latest release notes differs from the information in the
documentation, follow the Junos OS Release Notes.
®
To obtain the most current version of all Juniper Networks technical documentation,
see the product documentation page on the Juniper Networks website at
http://www.juniper.net/techpubs/ .
Juniper Networks supports a technical book program to publish books by Juniper Networks
engineers and subject matter experts with book publishers around the world. These
books go beyond the technical documentation to explore the nuances of network
architecture, deployment, and administration using the Junos operating system (Junos
OS) and Juniper Networks devices. In addition, the Juniper Networks Technical Library,
published in conjunction with O'Reilly Media, explores improving network security,
reliability, and availability using Junos OS configuration techniques. All the books are for
sale at technical bookstores and book outlets around the world. The current list can be
viewed at http://www.juniper.net/books .
Documentation Feedback
We encourage you to provide feedback, comments, and suggestions so that we can
improve the documentation. You can send your comments to
techpubs-comments@juniper.net, or fill out the documentation feedback form at
https://www.juniper.net/cgi-bin/docbugreport/. If you are using e-mail, be sure to include
the following information with your comments:
•
Document name
•
Document part number
•
Page number
•
Software release version
Requesting Technical Support
Technical product support is available through the Juniper Networks Technical Assistance
Center (JTAC). If you are a customer with an active J-Care or JNASC support contract,
or are covered under warranty, and need postsales technical support, you can access
our tools and resources online or open a case with JTAC.
162
•
JTAC policies—For a complete understanding of our JTAC procedures and policies,
review the JTAC User Guide located at
http://www.juniper.net/customers/support/downloads/710059.pdf.
•
Product warranties—For product warranty information, visit
http://www.juniper.net/support/warranty/.
Copyright © 2012, Juniper Networks, Inc.
Requesting Technical Support
•
JTAC Hours of Operation —The JTAC centers have resources available 24 hours a day,
7 days a week, 365 days a year.
Self-Help Online Tools and Resources
For quick and easy problem resolution, Juniper Networks has designed an online
self-service portal called the Customer Support Center (CSC) that provides you with the
following features:
•
Find CSC offerings: http://www.juniper.net/customers/support/
•
Search for known bugs: http://www2.juniper.net/kb/
•
Find product documentation: http://www.juniper.net/techpubs/
•
Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/
•
Download the latest versions of software and review release notes:
http://www.juniper.net/customers/csc/software/
•
Search technical bulletins for relevant hardware and software notifications:
https://www.juniper.net/alerts/
•
Join and participate in the Juniper Networks Community Forum:
http://www.juniper.net/company/communities/
•
Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/
To verify service entitlement by product serial number, use our Serial Number Entitlement
(SNE) Tool located at https://tools.juniper.net/SerialNumberEntitlementSearch/.
Opening a Case with JTAC
You can open a case with JTAC on the Web or by telephone.
•
Use the Case Management tool in the CSC at http://www.juniper.net/cm/ .
•
Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).
For international or direct-dial options in countries without toll-free numbers, visit us at
http://www.juniper.net/support/requesting-support.html.
If you are reporting a hardware or software problem, issue the following command from
the CLI before contacting support:
user@host> request support information | save filename
To provide a core file to Juniper Networks for analysis, compress the file with the gzip
utility, rename the file to include your company name, and copy it to
ftp.juniper.net:pub/incoming. Then send the filename, along with software version
information (the output of the show version command) and the configuration, to
support@juniper.net. For documentation issues, fill out the bug report form located at
https://www.juniper.net/cgi-bin/docbugreport/.
Copyright © 2012, Juniper Networks, Inc.
163
Junos OS 12.2 Release Notes
Revision History
02 October 2012—Revision 3, Junos OS 12.2R1 – ACX Series, EX Series, and the M Series,
MX Series, and T Series.
24 September 2012—Revision 2, Junos OS 12.2R1 – ACX Series, EX Series, and the M
Series, MX Series, and T Series.
05 September 2012—Revision 1, Junos OS 12.2R1 – ACX Series, EX Series, and the M Series,
MX Series, and T Series.
Copyright © 2012, Juniper Networks, Inc. All rights reserved.
Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United
States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other
trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,
transfer, or otherwise revise this publication without notice.
Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are
owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312,
6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.
164
Copyright © 2012, Juniper Networks, Inc.