Known Behavior
This section describes certain SDX software behaviors and related issues to emphasize how the system works.
Aggregate Services
- If you use aggregate services and specify a primary username for a subscriber reference expression, note that the configuration scenarios provided with the NIC do not provide a mapping from a primary username to the managing SAE. Consider using the login name instead. If you want to use the primary username as the subscriber reference expression for a fragment service, contact Juniper Networks Professional Services for assistance with setting up the NIC configuration to resolve the primary username to locate the managing SAE.
Integration with Oracle Internet Directory
- For directory searches in Oracle Internet Directory, each attribute used in the search filter must be indexed. The Oracle Internet Directory add-on package provides indexing for most common attributes used in LDAP search filters for SDX components. You may, however, encounter an LDAP search that does not return information.
Workaround: If an LDAP search does not return information, attributes used in the search need to be indexed. Notify Juniper Networks if you encounter SDX attributes that require indexing. You can also consult your LDAP database administrator to index the additional attributes.
SDX Installation Program
- When you select an item in the list of components, a description for the component appears in the box below the list. If you scroll to another item and select it, a description for an item other than the one selected may appear.
ACP and NIC Installation
- If you use the network information collector (NIC) or Admission Control Plug-In (ACP) in your SDX configuration, make sure that you install these components on a system that is not running a name server. If either or both of these SDX components reside on the same system as the name server and that system becomes inaccessible, a redundant NIC or ACP is also inaccessible because clients cannot use the name server to resolve addresses and hostnames of the redundant NIC or ACP.
JPS
- During startup, the JPS sometimes logs the following stack trace to stderr. This message is harmless and can safely be ignored.
2006-04-24 15:38:48| java.io.InterruptedIOException2006-04-24 15:38:48| at java.io.FileOutputStream.writeBytes (Native Method)2006-04-24 15:38:48| at java.io.FileOutputStream.write (FileOutputStream.java:260)2006-04-24 15:38:48| at org.mortbay.util.RolloverFileOutputStream.write (RolloverFileOutputStream.java:220)2006-04-24 15:38:48| at org.mortbay.util.ByteArrayISO8859Writer.writeTo (ByteArrayISO8859Writer.java:95)2006-04-24 15:38:48| at org.mortbay.util.OutputStreamLogSink.log (OutputStreamLogSink.java:459)2006-04-24 15:38:48| at org.mortbay.util.OutputStreamLogSink.log (OutputStreamLogSink.java:437)2006-04-24 15:38:48| at org.mortbay.util.Log.message(Log.java:304)2006-04-24 15:38:48| at org.mortbay.util.Log.message(Log.java:234)2006-04-24 15:38:48| at org.mortbay.util.Log.event(Log.java:250)2006-04-24 15:38:48| at org.mortbay.util.ThreadedServer$Acceptor.run (ThreadedServer.java:612)NIC
When you run the configuration tool for the NIC with the -l option, the jacorb.properties file is overwritten by the jacorb.properties.in file. If you want to preserve changes to the file, we recommend that you make the changes to the jacorb.properties.in file and then run the configuration tool. Doing so ensures that these changes are preserved even if you run the configuration tool again.
Policy Editor
- If you access Policy Editor from an X Windows session through Hummingbird Exceed Version 8.0, you may encounter a problem with text entry in the Parameters pane. When you create a new parameter and type text for the first field in the pane, the text does not appear in the entry field.
Workaround: To access the first entry field:
The text that you typed appears in the second input field, and the first input field now allows text entry.
SAE
- When running the system under load, the log files might contain the following AssertionError as a result of processing interim accounting updates and a delete request state (DRQ) message for the same interface simultaneously.
2006-06-01 10:05:22| Exception in thread "SessionJobManager-70" java.lang.AssertionError: This should not happen, increase deactivation counter for never activated service DHCPInternet for user session :1149169820651:47349 with PAP LCI=LCI {id=0xAC00E0E3@32779, userIp=10.230.114.124, serviceBundle=, primaryUserName=, radiusClass=, macAddress=c4:18:00:ce:9d:72, userType=ADDRESS}, SAP=JunosESap { routerName = default@cyclops, interfaceName = ip10.230.114.124}2006-06-01 10:05:22| at net.juniper.smgt.sae.service.m.a (ServiceManager.java:374)2006-06-01 10:05:22| at net.juniper.smgt.sae.session.ServiceSession.a (ServiceSession.java:737)2006-06-01 10:05:22| at net.juniper.smgt.sae.session.ServiceSession. deactivate(ServiceSession.java:555)2006-06-01 10:05:22| at net.juniper.smgt.sae.session.ServiceSession. interimUpdate(ServiceSession.java:847)2006-06-01 10:05:22| at net.juniper.smgt.sae.session.at.runJob (InterimServiceJob.java:69)2006-06-01 10:05:22| at net.juniper.smgt.lib.scheduler.Job.run (Job.java:38)2006-06-01 10:05:22| at edu.oswego.cs.dl.util.concurrent.Pooled Executor$Worker.run(PooledExecutor.java:748)2006-06-01 10:05:22| at java.lang.Thread.run(Unknown Source)You can ignore messages similar to the one above.
- During synchronization in COPS-PR mode, the JUNOSe router can send delete request state (DRQ) messages for interfaces for which a request (REQ) message has not been received. In this case, the SAE logs an error message similar to the following:
11:30:33.140 EDT 26.08.2005 [CopsHandler-15/0xAC001FCE][UnsolicitedMessage] [50] Unable to handle message forunknown context: {Message type: 3,ClientType: 24754, Handle: Handle(C-Num=1,C-Type=1,handle=0xAC001FCE)You can ignore messages similar to the one above.
- The SAE sometimes prints a stack trace when a Blocks Extensible Exchange Protocol (BEEP) session is being taken down during an administrative change of address of the interface that the JUNOS routing platform uses to connect to the SAE. No data is lost in this procedure. You can safely ignore this exception.
- During shutdown the SAE sometimes logs the following stack trace to stderr. This message is harmless and can safely be ignored.
2004-12-24 11:35:25| java.io.InterruptedIOException2004-12-24 11:35:29| at java.io.FileOutputStream.write(Native Method)2004-12-24 11:35:29| at java.io.FilterOutputStream.write (FilterOutputStream.java:60)2004-12-24 11:35:29| at java.io.FilterOutputStream.write (FilterOutputStream.java:108)2004-12-24 11:35:29| at org.mortbay.util.ByteArrayISO8859Writer.writeTo (ByteArrayISO8859Writer.java:95)2004-12-24 11:35:29| at org.mortbay.util.OutputStreamLogSink.log (OutputStreamLogSink.java:467)2004-12-24 11:35:29| at org.mortbay.util.OutputStreamLogSink.log (OutputStreamLogSink.java:445)2004-12-24 11:35:29| at org.mortbay.util.Log.message(Log.java:297)2004-12-24 11:35:29| at org.mortbay.util.Log.message(Log.java:232)2004-12-24 11:35:29| at org.mortbay.util.Log.event(Log.java:248)2004-12-24 11:35:29| at org.mortbay.util.ThreadedServer$Acceptor.run (ThreadedServer.java:543)
- The format of the AuthCache entries has changed. Before Release 4.1.0, the loginName was constructed with the userName and domainName fields. Releases 4.1.0 and later use only the name stored in the loginName field. Existing AuthCache entries are automatically converted when you migrate the directory data. If you create AuthCache entries manually, do not use the domainName field.
SAE Web Admin
- In SAE Web Admin, if you select the session ID of a subscriber session for a service that is being deactivated—for example, from the Enterprise Manager Portal—SAE Web Admin can become inoperative.
Workaround: In SAE Web Admin, do not select a session ID associated with a service that is being deactivated.
SSP Services
- Valued-added services (SSP services) of the type ISP are no longer supported as of Release 5.0. If your configuration includes an ISP value-added service, replace it with an application that uses the grantPublicIp and revokePublicIp methods of the SAE API.
Updated Documentation for Integrating Sun ONE Directory Server
This section provides updated information for SDX Integration Guide, Chapter 5, Integrating Sun ONE Directory Server.
SDX Release 6.4.0 supports integration of Sun ONE Directory Server 5.1 or 5.2 service pack 4 (P4). You can obtain the software for Sun ONE Directory Server from the Sun Microsystems Web site at:
http://www.sun.com/downloadThe SDX software provides an sdx.inf file and a load script specific to each release.
For Sun ONE Directory Server 5.2:
- The sdx.inf file for Sun ONE Directory Server 5.2 is located in the /opt/UMC/conf/iDS/SUNOne_5.2 directory.
- The load command is located in the /opt/UMC/conf/iDS directory.
For Sun ONE Directory Server 5.1:
- The sdx.inf file for Sun ONE Directory Server 5.1 is located in the /opt/UMC/conf/iDS/SUNOne_5.1 directory.
- The load command is located in the /opt/UMC/conf/iDS directory. Use the load command with the 5.1 option.
Use the instructions in the following procedure to replace the procedure in the section Configuring an Instance of Sun ONE Directory Server in SDX Integration Guide, Chapter 5, Integrating Sun ONE Directory Server.
To create an instance of Sun ONE Directory and integrate it with the SDX software:
- Uncompress the archive file that you downloaded from the Sun Microsystems Web site by executing the command:
gzip -dc <filename> .tar.gz | tr -xvof-where <filename> is the name of the TAR file.
For example, if you saved the downloaded file into the directory /tmp/DS, enter:
cd /tmp/DS
- Enter the command appropriate to the version of Sun ONE Directory Server to install an instance of the directory by using a sdx.inf file.
./setup -s -f /opt/UMC/conf/iDS/SUNOne_5.1/sdx.infFor Sun ONE Directory Server 5.2: ./setup -nodisplay -noconsole -state /opt/UMC/conf/iDS/SUNOne_5.2/sdx.inf
- Move to the following directory:
/opt/UMC/conf/iDS- Enter the command appropriate to the version of Sun ONE Directory Server to run a load script.
./load 5.1For Sun ONE Directory Server 5.2: ./load