JUNOS Software with Enhanced Services Features

Release 9.0R4 of JUNOS software with enhanced services includes the following features. For more information, see the following manuals:

• JUNOS Software with Enhanced Services Migration Guide
• JUNOS Software with Enhanced Services Getting Started Guide
• JUNOS Software with Enhanced Services Quick Start
• JUNOS Software with Enhanced Services Design and Implementation Guide
• JUNOS Software Interfaces and Routing Configuration Guide
• JUNOS Software Administration Guide
• JUNOS Software CLI Reference
• WXC Integrated Services Module Installation and Configuration Guide

Hardware Support

You can install JUNOS software with enhanced services on the following J-series Services Routers. Most models support DS3 (T3), T1, Gigabit Ethernet, Fast Ethernet, E3, E1, serial, ATM-over-ADSL, ATM-over-SHDSL, Channelized T1/E1/ISDN PRI, and ISDN BRI interfaces.

• J2320 and J2350 (DS3 and E3 interfaces not supported)
• J4350
• J6350
• SSG320m and SSG350m (requires conversion kit)
• SSG520m and SSG550m (requires conversion kit)

For more information, see the JUNOS Software with Enhanced Services Getting Started Guide .

Platform and Infrastructure

• Port mirroring and packet capture—Port mirroring sends a copy of all network packets received on one switch port to a network monitoring connection on another switch port for analysis. Port mirroring is used for network applications such as intrusion detection systems that require monitoring of network traffic.

  With packet capture, you can now capture packets with Multilink Point-to-Point Protocol (MLPP) and Multilink Frame Relay (MFR) encapsulation for analysis.

  For information about packet capture, see the JUNOS Software Administration Guide.

Interfaces and Chassis

• Support for chassis clustering—You can now connect the chassis of two J-series Services Routers to provide stateful failover of JUNOS software with enhanced services processes and services. Interchassis clustering removes the single point of failure in the network by allowing Services Routers to be configured in a redundant cluster, with one router acting as the primary and the other as a backup. If the primary fails, the backup takes over traffic processing. Clustered routers, synchronize configuration, kernel, and Packet Forwarding Engine session states across the cluster to facilitate high availability of interfaces and services.

  JUNOS software with enhanced services includes the following chassis cluster features:

  • Resilient system architecture includes a single control plane for the entire cluster to manage multiple Packet Forwarding Engines.
  • Configuration and dynamic runtime states are synchronized between the routers within a cluster.
  • Graceful restart of the routing protocols enables the router to minimize traffic disruption during a failover.
  • Physical interfaces are grouped and monitored to trigger failover to the backup Services Router if the failure parameters cross a configured threshold.

  For more information, see the JUNOS Software Security Configuration Guide

Note: When configuring chassis clusters you are automatically in configure private mode. As a result, you must commit changes from the top of the hierarchy. For information about the configure private mode, see the JUNOS CLI User Guide.

Security Features

• SCEP for IKE and IPSec—JUNOS software with enhanced services now supports the Simple Certificate Enrollment Protocol (SCEP), an advanced public key infrastructure (PKI) feature for Internet Key Exchange (IKE) and IPSec authentication. Currently, PKI supports manual loading of both local end-entity (EE) certificates and certificate authority (CA) certificates to authenticate entities for IKE. SCEP, however, allows the J-series Services Router to do the following:
  • Verify the identity of the CA and load the CA certificate automatically.
  • Obtain a certificate for its own identity.
  • Enroll for multiple EE certificates from multiple CA servers.
  • Re-enroll a certificate automatically before the current certificate expires.

  For more information, see the JUNOS Software Security Configuration Guide.

Routing and Interface Features

• MPLS support—JUNOS software with enhanced services now supports Multiprotocol Label Switching (MPLS) to provide a framework for controlling traffic patterns across a network. The MPLS framework allows Services Routers to pass traffic through transit networks on paths that are independent of the individual routing protocols enabled throughout the network. The MPLS framework supports traffic engineering and the creation of virtual private networks (VPNs). Traffic is engineered (controlled) primarily by the use of signaling protocols to establish label-switched paths (LSPs). VPN support includes Layer 2 and Layer 3 VPNs and Layer 2 circuits.

  For more information, see the JUNOS Software Interfaces and Routing Configuration Guide.

• Support for point-to-multipoint MPLS LSPs—A point-to-multipoint MPLS label-switched path (LSP) is a Resource Reservation Protocol (RSVP)-signaled LSP with a single source and multiple destinations. By taking advantage of the MPLS packet replication capability of the network, point-to-multipoint LSPs avoid unnecessary packet replication at the ingress router. Packet replication takes place only when packets are forwarded to two or more different destinations requiring different network paths.

  Point-to-multipoint LSPs allow you to

  • Use MPLS for point-to-multipoint data distribution. This functionality is similar to that provided by IP multicast.
  • Add and remove branch LSPs from a main point-to-multipoint LSP without disrupting traffic. The unaffected parts of the point-to-multipoint LSP continue to function normally.
  • Configure a Service Router to be both a transit and an egress router for different branch LSPs of the same point-to-multipoint LSP.

  Note: In JUNOS software with enhanced services, MPLS is disabled by default. You must explicitly configure your router to allow MPLS traffic to pass through. When you enable MPLS, all flow-based security features are deactivated and the router performs packet-based processing. For a list of packet-based services available on the router, see the JUNOS Software Security Configuration Guide. To enable MPLS on your router, see the JUNOS Software Interfaces and Routing Configuration Guide.

• Support for basic RPC ALG services—Remote Procedure Call (RPC) is a protocol that allows an application running in one address space to access the resources of applications running on another address space as if the resources were local to the first address space. The RPC Application Layer Gateway (ALG) is responsible for RPC packet processing.

  The RPC ALG in JUNOS software with enhanced services supports the following services and features:

  • Sun Microsystems RPC Open Network Computing (ONC)
  • Microsoft RPC Distributed Computing Environment (DCE)
  • Dynamic port negotiation
  • Ability to allow and deny specific RPC services
  • Static NAT and source NAT (with no port translation)
  • RPC applications in security policies

  The RPC ALG is enabled by default. For more information, see the JUNOS Software Security Configuration Guide.

Management, Monitoring, and Configuration Features

• J-Web Quick Configuration pages for chassis clusters—The J-Web interface adds Quick Configuration pages for the new chassis cluster feature that provides redundant, high availability routing support. You can configure a redundancy group (cluster), the connecting redundant Ethernet interfaces, and flow forwarding for security.

  For more information, see the JUNOS Software Security Configuration Guide.

• J-Web Quick Configuration and Monitor pages for DNS—The J-Web interface now provides Quick Configuration and Monitor pages for Domain Name System (DNS) proxy and dynamic DNS (DDNS). Quick Configuration pages allow you to enable DNS on configured interfaces, add interfaces, select name servers for the DNS proxy feature, and add and configure a DNS proxy cache. You can also add or edit dynamic DNS table entries. New Monitor pages provide a DNS proxy summary and allow you to monitor the DNS proxy cache and dynamic DNS table.

  For more information, see the JUNOS Software Administration Guide.

• J-Web Quick Configuration and Monitor pages for DHCP—The J-Web interface now provides Quick Configuration and monitor pages for Dynamic Host Configuration Protocol (DHCP) server, client, and relay features. The Quick Configuration pages enable you to configure:
  • DHCP service global settings, DHCP pool address ranges, and static bindings
  • Interface-based DHCP clients
  • Forwarding of incoming BOOTP/DHCP relay requests

  New Monitor pages enable you to monitor:

  • Global scope and DHCP service statistics
  • DHCP client bindings
  • DHCP address conflicts
  • DHCP clients
  • DHCP relay statistics

  For more information, see the JUNOS Software Security Configuration Guide.

WXC Integrated Service Module

• WXC Integrated Services Module 200 for J-series routers—The WXC Integrated Services Module (ISM 200) can be added to J2320, J2350, J4350, and J6350 Services Routers running JUNOS software with enhanced services. The module occupies two slots, and provides WAN traffic optimization and acceleration. For more information, see the WXC Integrated Services Module Installation and Configuration Guide.

Network Management

• CoS queuing, scheduling, and traffic shaping on GRE and IP tunnels—Generic routing encapsulation (GRE) and IP over IP (IP-IP) tunnels are used in services such as IPSec and Network Address Translation (NAT) to set up point-to-point virtual private networks (VPNs). Class-of-service (CoS) queuing enabled for outbound (egress) tunnel interfaces allows you to:
  • Configure tunnel-specific shaping rates by selecting CoS parameters for each tunnel, so that traffic to some sites gets better bandwidth than traffic to other sites.
  • Enhance user control over the traffic. Each tunnel can have different scheduler maps, queue depths, and so on.
  • Prioritize high-priority packets over low-priority packets. Each tunnel can be shaped, so that a tunnel with low-priority traffic cannot swamp other tunnels that carry high-priority traffic.

  For more information, see the JUNOS Software Interfaces and Routing Configuration Guide.

• CoS improvements—Class-of-service (CoS) operation on J-series Services Routers has been improved to reduce latency for high-priority packets and to protect control packets from delays on both outbound (egress) and inbound (ingress) traffic, especially on serial, ADSL, and SHDSL interfaces.
• Hardware timestamp and MIB support for RPM jitter measurement—Real-time performance monitoring (RPM) on J-series Services Routers running JUNOS software with enhanced services now includes the following features:
  • SNMP MIB support for additional timestamps to measure jitter for round-trip probes and probes in both the egress (source-to-destination) and ingress (destination-to-source) directions
  • SNMP MIB support for separate sets of statistics (minimum, maximum, average, peak to peak, standard deviation, and number of samples) for positive and negative measures of jitter for probes in the round-trip, ingress, and egress directions
  • SNMP MIB support for hardware timestamp probes

  For more information, see the JUNOS Software Administration Guide.