Changes in Default Behavior and Syntax in JUNOS Software Release 9.3 for M-series, MX-series, and T-series Routing Platforms

Hardware

• Combinations of PICs—On Juniper Networks routing platforms, you can typically install any combination of Physical Interface Cards (PICs) in a single Enhanced Flexible PIC Concentrator (FPC). Newer JUNOS services for some PICs can require significant Internet Processor ASIC memory, and some configuration rules might limit certain combinations of PICs on some platforms. To conserve memory, group PICs in the same family together on the same FPC. Ethernet and SONET/SDH PICs typically do not use large amounts of memory. Adaptive Services, Asynchronous Transfer Mode (ATM) 2, Gigabit Ethernet, and IQ serial PICs use more.

  Configuration rules might apply to PICs installed on standard Enhanced FPCs on the following routing platforms: M5, M10, M20, M40, M40e, M160, M320, J20, T320, and T640.

  Configuration rules do not apply to PICs installed in the following routers or FPCs:

  • J-series, M7i, M10i, or M120 routers
  • Enhanced Plus FPCs on M-series and J20 routers
  • Enhanced Scaling FPCs

  When you upgrade the JUNOS software, a warning appears if any configuration rules affect your PIC combinations. If you continue the installation, the PICs appear to be online (the LEDs are on), but the JUNOS software cannot enable them and they cannot pass traffic. As a workaround, you need to plan which PICs to install on the Enhanced FPCs or PIC slots on your routing platform. For specific information about PIC combination rules, consult Technical Bulletin PSN-2007-01-023. Go to http://www.juniper.net/customers/support and click Technical Bulletins. On the JTAC Technical Bulletins web page, enter PSN-2007-01-023 in the Search field, select the CS Technical Bulletin ID radio button, and click Search.

Platform and Infrastructure

• Configuring TACACS+ accounting—Two new statements have been introduced at the [edit system tacplus-options] hierarchy level to support the logging of accounting records to the correct log file on a TACACS+ server. When you include the no-cmd-attribute-value statement, the cmd attribute value is set to an empty string in the start and stop requests for accounting of login events. When you include the exclude-cmd-attribute statement, the cmd attribute is omitted from the start and stop requests for accounting of login events. [System Basics]
• New range for ARP aging timer—The range for the aging-timer statement at the [edit system arp] hierarchy level is now 5 through 240 minutes, instead of 20 through 240 minutes as in JUNOS Release 9.2 and earlier. [System Basics]

User Interface and Configuration

• Deprecated trace options—For M-series, MX-series, and T-series routing platforms, the no-stamp and replace statements have been deprecated at the [edit any-level traceoptions file] hierarchy level (in other words, at all hierarchy levels at which the traceoptions statement is supported). [All JUNOS documentation for M-series, MX-series, and T-series routing platforms]

Interfaces and Chassis

• New output field explaining reason for Routing Engine reboot—A new field Last reboot reason has been added to the output from the show chassis routing-engine operational mode command. This field displays the reason the Routing Engine last rebooted. [System Basics Command Reference]
• Enhanced output from the ‘show interfaces’ command—The show interfaces (detail | extensive) commands now display multiple input or output filters, including any filters attached to the interface through dynamic service activation. [Interfaces Command Reference]

Services Applications

• Configuring the preshared key for an IKE policy—A local certificate is an alternative to the preshared key for an Internet Key Exchange (IKE) policy. The commit operation fails if neither a preshared key nor a local certificate is configured at the [edit security ike policy peer-address] hierarchy level. [System Basics]
• Support for H.248 inactivity timer package—The packet gateway supports the inactivity timer package defined in International Telecommunication Union Telecommunication Standardization (ITU–T) Recommendation H.248.14, Gateway control protocol: Inactivity timer package (March 2002). The packet gateway can now detect the failure of its active PGC through message inactivity. The inactivity timer is applied to the root terminations of a VPG. To configure, include statements at the [edit services pgcp gateway gateway-name h248-properties inactivity-timer inactivity-timeout] hierarchy level. [Services Interfaces]
• Latch deadlock and media inactivity detection—Enables you to generate data inactivity notifications for PGCP gates without latching events, extending the previous functionality which applied only to gates with latching events. The feature enables you to specify a different delay (before inactivity measurement begins) for gates with latching events and gates without latching events, and to specify an inactivity timer that applies to either type of gate. You can also specify that a gate experiencing an inactivity delay be forced out of service, in which case the gate discards all packets and stops sending inactivity notifications.

  To configure latch deadlock and media inactivity detection, include the following statements at the [edit services pgcp gateway gateway-name data-inactivity-detection] hierarchy level: inactivity-delay, inactivity-duration, latch-deadlock-delay, report-service-change, and stop-detection-on-drop. [Services Interfaces]

• Deprecated PGCP inactivity statements—As a consequence of the new media inactivity detection feature described in the preceding bullet item, the following statements at the [edit services pgcp gateway gateway-name] hierarchy level are deprecated in JUNOS Release 9.3 and later: gate-inactivity-delay, gate-inactivity-duration, and latch-deadlock-duration. [Services Interfaces]
• Specifying information included in packet gateway messages—You can now specify which “method” and “reason” values a VPG includes in ServiceChange commands that it sends to the PGC when the state of a control association, virtual interface, or context changes. To configure, include the statements at the [edit services pgcp gateway gateway-name h248-options service-change] hierarchy level. [Services Interfaces]
• Changes to PGCP virtual interface configuration—If you do not require ingress filtering, you no longer need to configure a physical (media) interface in the PGCP virtual interface configuration. In the following example, ingress filtering is applied:
  virtual-interface 0 {media-service mmm;interface fe-0/3/3.0;}

  In the following example, ingress filtering is not applied:

  virtual-interface 0 {media-service mmm;}

  Also, the no-ingress-interface-filtering statement is deprecated at the [edit services pgcp virtual-interface interface-name] hierarchy level. [Services Interfaces]

• Changes to PGCP statistics reporting—In JUNOS Release 9.3R2 and later, the output of the show services pgcp statistics gateway command is changed to include columns that report the number of commands received and sent, the number of commands that use a wildcard termination ID, the number of commands generating a “success” reply, and the number of commands generating an “error” reply. [System Basics Command Reference]
• Random port allocation for NAT—By default, the JUNOS software allocates NAT ports sequentially. To configure random port allocation, include the random-allocation statement at the [edit services nat pool pool-name port (automatic | range low minimum-value high maximum-value)] hierarchy level. [Services Interfaces]

Subscriber Access Management

• Enforcement of license requirements at runtime—The configuration for some JUNOS features is shared by multiple services. If one service requires a license for the feature and the other does not, the license requirement is enforced when the feature is used, not when the configuration is committed as was previously the case. For example, the AAA and Layer 2 Tunneling Protocol (L2TP) services share the configuration for authentication order, but only AAA requires a license. A warning no longer appears at commit time if one or both AAA and L2TP are configured but the license is not configured; instead, the license requirement is enforced when AAA authenticates a client. [Subscriber Access]

Layer 2 Ethernet Services

• Global configuration of Layer 2 learning properties (MX-series routers)—To configure Layer 2 learning properties that apply system-wide on an MX-series router, include the global-mac-statistics, global-mac-table-aging-time seconds, and global-no-mac-learning statements at the [edit protocols l2-learning] hierarchy level. The mac-statistics, mac-table-aging-time, and no-mac-learning statements have been deprecated at this hierarchy level (but still apply at other levels). The global-mac-limit number statement continues to be supported at the [edit protocols l2-learning] hierarchy level. The mac-statistics and no-mac-learning statements continue to be supported at the [edit bridge-domains domain-name bridge-options] hierarchy level, and (in JUNOS Release 9.2 and later) at the [edit switch-options] hierarchy level. [Layer 2]
• Maximum number of active logical interfaces (MX-series routers)—On MX-series routers, a maximum of 4000 active logical interfaces are now supported on a bridge domain or on each mesh group in a VPLS instance configured for Layer 2 bridging. [Routing]

Routing Protocols

• Change to range for link-state PDU interval for IS-IS—For the lsp-interval milliseconds statement at the [edit protocols isis interface-name] hierarchy level, the range of valid values is now 0 through 1000. The default value remains 100 milliseconds. [Routing
• Support for IS-IS traffic engineering shortcuts extended to IPv6 routes—Enables you to configure IS-IS to use interior gateway protocol (IGP) shortcuts for IPv6 routes. Previously, only IPv4 routes were supported. As a result, the hierarchy for configuring IS-IS IGP shortcuts is changed. You can include the new shortcuts statements at the indicated hierarchy levels:
  [edit protocols isis traffic-engineering]family inet {shortcuts {multicast-rpf-routes;}}family inet6 {shortcuts;}

  LSPs to be used for shortcuts continue to be signaled using IPv4. However, by default, shortcut routes calculated through IPv6 routes are added to the inet6.3 routing table. The default behavior is that only BGP uses LSPs in its calculations. If you configure MPLS so that both BGP and IGP use LSPs for forwarding traffic, shortcut routes calculated through IPv6 are added to the inet6.0 routing table.

  You can use the legacy configuration at the [edit protocols isis traffic-engineering shortcuts] hierarchy level to enable IPv4 shortcuts and automatically disable IPv6 shortcuts.

  In addition, the show isis overview command has been enhanced to display shortcuts for both IPv4 and IPv6. [Routing, Routing Command Reference]

• Support for AS-dot notation for 4-byte AS numbers—Enables you to configure and display an AS number using the AS-dot notation of two integer values joined by a period character: high-order-16-bit-value-in-decimal.low-order-16-bit-value-in-decimal. The JUNOS software continues to support the plain-number format for 2-byte and 4-byte AS numbers.

  To configure the AS number for the router, include the autonomous-system as-number statement at the [edit routing-options] hierarchy level. For as-number, specify a value from 0.0 through 65535.65535 (AS-dot notation).

  You can also use the AS-dot notation for other statements that support 4-byte AS numbers. For example, you can also configure a 4-byte AS number using this format for route-target and route-origin BGP extended communities and the route-distinguisher identifier, as well as the BGP peer AS and the BGP local AS.

  By default, operational mode commands display 4-byte AS numbers as plain numbers. To display AS numbers in AS-dot notation, include the asdot-notation statement at the [edit routing-options autonomous-system] hierarchy level. [Routing, Policy, Routing Command Reference]

• Extended BGP support for vendor-specific outbound route filtering capability codes—Extends support to BGP groups and neighbors. The bgp-orf-cisco-mode statement enables interoperability with routers that use the outbound route filtering capability code of 130 and the code-type of 128 for prefix-based outbound route filters, instead of the standard code of 3 and code-type of 64. When included at the [edit routing-options] hierarchy level (previously the only valid location), the statement applies to all BGP peers configured on the router. You can now enable interoperability for a particular BGP group or peer by including the bgp-orf-cisco-mode statement at the following hierarchy levels:
  • [edit protocols bgp outbound-route-filter]
  • [edit protocols bgp group group-name outbound-route-filter]
  • [edit protocols bgp group group-name neighbor address outbound-route-filter]

  The show bgp neighbor command is enhanced to display whether interoperability is enabled with routers that use the nonstandard capability codes. [Routing, Routing Command Reference]

Multicast

• Some PIM clear commands not supported on backup Routing Engine—The clear pim join, clear pim register, and clear pim statistics operational mode commands are not supported on the backup Routing Engine of routers running JUNOS Release 9.3 and later. [Multicast, Routing Command Reference, Policy]
• Changes to IGMP behavior based on version number—In JUNOS Release 9.1 and later, the IGMP version configured for a particular interface (by including the version statement at the [edit protocols igmp interface interface-name hierarchy level) overrides the version configured for all interfaces on a routing platform (by including the version statement at the [edit protocols igmp interface all hierarchy level).

  In JUNOS Release 9.3 and later, if you specify a source address for a static multicast group (by including the source address statement at the [edit protocols igmp interface interface-name group group-name] hierarchy level), you must also set the IGMP version to version 3 by including the version 3 statement at the [edit protocols igmp interface (interface-name | all)] hierarchy level. If the IGMP version is not IGMPv3, the specified source is ignored and only the group added. The join is treated as an IGMPv2 group join. [Multicast]

VPNs

• MTU mismatch between PE routers is allowed—To configure the JUNOS software to allow a Layer 2 circuit to be established even though the maximum transmission unit (MTU) configured on the PE router does not match the MTU configured on the remote PE router, include the ignore-mtu-mismatch statement at the [edit protocols l2circuit neighbor address interface interface-name] hierarchy level. [VPNs]

High Availability

• VRRP enhancements for ARP requests—When a router responds to an ARP request, the Virtual Router Redundancy Protocol (VRRP) virtual MAC address is sent as the Ethernet source address in the Ethernet frame. When VRRP and proxy ARP are both configured, only the VRRP master on that subnet responds to proxy ARP requests. In previous software releases, when a router responded to an ARP request, the hardware MAC address was sent as the Ethernet source address. When VRRP and proxy ARP were both configured, the router responded as proxy for an ARP request if the address was reachable, irrespective of the VRRP state (backup or master) on the subnet. [High Availability]
• Corrected interface status information from ‘show vrrp’ command—When the VRRP virtual interface is down, the Master router: field of the output from the show vrrp (detail | extensive) commands now reports the value N/A, instead of the IP address of the last known master router as was reported previously. [Interfaces Command Reference]
• Profile information in ‘show vrrp’ command output—The delay threshold and computed-send-rate fields in the output of the show vrrp profile statistics command are now also included in the output of the show vrrp (detail | extensive) commands. [Interfaces Command Reference]
• Shorter minimum interval between successive Routing Engine switchover events—The minimum interval between successive Routing Engine switchover events is 4 minutes (240 seconds) instead of the previous requirement of 5 minutes (300 seconds). [High Availability]

Class of Service

• Not all filter match conditions are supported by the Enhanced IQ DPC—On MX-series routers with the EQ DPC, forwarding class is not supported as a match condition in a firewall filter. [CoS]

Forwarding and Sampling

• Firewall filter based on forwarding class for logical systems—A firewall filter configured for a logical system can now match or set a packet’s forwarding class. To configure, include the forwarding-class class statement at the following hierarchy levels:
  • [edit logical-systems logical-system-name firewall family family-name filter filter-name term term-name from] (to match on forwarding class)
  • [edit logical-systems logical-system-name firewall family family-name filter filter-name term term-name then] (to set the forwarding class)

  The specified class must be configured at the [edit class-of-service] hierarchy level. As a general rule, firewall configurations defined under logical systems must be self-contained and cannot reference configurations outside the logical system hierarchy. However, this statement is allowed. It facilitates global, router-wide configurations for forwarding classes. [Policy]

• Configurable hash seed for load balancing—On routing platforms with the Internet Processor II application-specific integrated circuit (ASIC), all Packet Forwarding Engine slots are assigned the same hash seed by default. You can now configure a unique load-balance hash seed for each slot, enabling better utilization of available links. To configure, include the per-flow hash-seed number statement at the [edit forwarding-options load-balance] hierarchy level. [Policy]

Related Documentation

• Features in JUNOS Software Release 9.3 for M-series, MX-series, and T-series Routing Platforms
• Issues in JUNOS Software Release 9.3 for M-series, MX-series, and T-series Routing Platforms
• Errata and Changes in Documentation for JUNOS Software Release 9.3 for M-series, MX-series, and T-series Routing Platforms
• Upgrade and Downgrade Instructions for JUNOS Software Release 9.3 for M-series, MX-series, and T-series Routing Platforms