Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
  
[+] Expand All
[-] Collapse All

Documentation Updates

This section lists the errata and changes in Junos OS Release 14.2R8 documentation for the M Series, MX Series, and T Series.

Adaptive Services Interfaces Feature Guide for Routing Devices

  • The following items describe updates for aggregated multiservices (AMS) interfaces information:
    • The description for the rejoin-timeout statement under the hierarchy [edit interfaces interface-name load-balancing-options member-failure-options drop-member-traffic] should be changed to the following:

      Configure the time by when failed members (members in the DISCARD state) should rejoin the aggregated multiservices (AMS) interface automatically. All members that do not rejoin by the configured time are moved to the INACTIVE state, and the traffic meant for each of the members is dropped.

      If multiple members fail around the same time, then they are held in the DISCARD state using a single timer. When the timer expires, all the failed members move to INACTIVE state at the same time.

    • The following information should be added to the “Aggregated Multiservices Interface” section in the “Understanding Aggregated Multiservices Interfaces” topic:

      Member interfaces are identified as mams in the configuration. The chassisd process in routers that support AMS configuration creates a mams entry for every multiservices interface on the router.

      When you configure services-options at the ams interface level, the options apply to all member interfaces (mams) for the ams interface.

      The options also apply to service sets configured on ms- interfaces corresponding to the ams interface’s member interfaces. All settings are per PIC. For example, session-limit applies per member and not at an aggregate level.

      Note: You cannot configure services-options at both the ams (aggregate) and member-interface level. If services-options is configured on ms-x/y/z, it also applies to service sets on mams-x/y/z.

      When you want services-options settings to apply uniformly to all members, configure services-options at the ams interface level. If you need different settings for individual members (for example, because of a syslog configuration), configure services-options at the member-interface level.

    • The show interfaces load-balancing command topic should include the following description for Last change in the table:

      Time elapsed since the last change to the interface. Changes that affect the elapsed time displayed include internal events that might not have changed the state of any member.

  • The “Configuring Secured Port Block Allocation,” “port,” and “secured-port-block-allocation” topics should include the following note:

    If you make any configuration changes to a NAT pool that has secured port block allocation configured, you must delete the existing NAT address pool, wait at least 5 seconds, and then configure a new NAT address pool. We also strongly recommend that you perform this procedure if you make any changes to the NAT pool configuration, even if you do not have secured port block allocation configured.

  • The descriptions in the “Options” section of the IPsec protocol statement at the [edit services ipsec-vpn ipsec proposal proposal-name] and [edit services ipsec-vpn rule rule-name term term-name then manual direction direction] hierarchy levels fail to state that the ah and bundle options are not supported on MS-MPCs and MS-MICs on MX Series routers.

Broadband Subscriber VLANs and Interfaces Feature Guide

  • The table in topic “AAA Access Messages and Supported RADIUS Attributes and Juniper Networks VSAs for Junos OS,” incorrectly indicates that VSA 26-1 (Virtual-Router) supports CoA Request messages. VSA 26-1 does not support CoA Request messages.
  • The show subscribers topic in the Broadband Subscriber VLANs and Interfaces Feature Guide does not fully describe the vlan-id vlan-id option. This option displays information about active subscribers using a VLAN where the VLAN tag matches the specified VLAN ID. The topic fails to mention that these subscriber VLANs can be either single-tagged or double-tagged. The command output includes information about subscribers using double-tagged VLANs when the inner VLAN tag matches the specified VLAN ID. The command output does not distinguish between these two types of subscribers.

    To display only subscribers where the specified value matches only double-tagged VLANs, use the stacked-vlan-id stacked-vlan-id option to match the outer VLAN tag instead of the vlan-id vlan-id option.

Tunnel and Encryption Services Interface

  • The topic “Configuring Tunnel Interfaces on MX Series Routers” incorrectly states that bandwidth rates of 20 gigabits per seconds and 40 gigabits per second require use of a 100-Gigabit Ethernet Modular Port Concentrator and 100-Gigabit CFP MIC. The MPC4E, MPC5E, and MPC6E also support 20 and 40 gigabits per second.

High Availability Feature Guide for Routing Devices

  • The "Nonstop Active Routing System Requirements" topic should include the inet-mvpn and inet6-mvpn protocol families for BGP in the list of supported family types. The topic previously documented that NSR supports next-generation MVPN starting with Junos OS 14.1R1, but didn't include the specific names of the next-generation MVPN protocol families in the list.
  • The topic “Improving the Convergence Time for VRRP” failed to include the following information:
    • Disable duplication address detection for IPv6 interfaces—Duplicate address detection is a feature of the Neighbor Discovery Protocol for IPv6. Duplicate address detection is enabled by default and determines whether an address is already in use by another node. When duplicate address detection is enabled, convergence time is high after an IPv6 interface that has been configured for VRRP tracking comes up. To disable duplicate address detection, include the ipv6-duplicate-addr-translation transmits 0 statement at the [edit system internet-options] hierarchy level. To disable duplicate address detection only for a specific interface, include the dad-disable statement at the [edit interfaces interface-name unit logical-unit-number family inet6] hierarchy level.

Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices

  • The Options section for the flow-export-rate statement under the hierarchy [edit forwarding-options sampling instance instance-name family inet output inline-jlow] did not include the default value. The default value is:

    Default: 1 for each Packet Forwarding Engine on the FPC to which the sampling instance is applied.

  • The default value for the ipv6-flow-table-size statement at the [edit chassis fpc slot-number inline-services ipv6 flow-table-size] hierarchy level should state the following:

    “If the number of units is not specified, 1024 flow entries are allocated for IPv6.”

  • The description for the max-packets-per-second, maximum-packet-length, and run-length statements at the [edit forwarding-options sampling instance instance-name input] hierarchy level failed to include the following:

    Note: This statement is not supported when you configure inline flow monitoring (by including the inline-jflow statement at the [edit forwarding-options sampling instance instance-name family (inet | inet6) output] hierarchy level).

  • The “Configuring RPM Timestamping” topic failed to mention that RPM timestamping is also supported on the MS-MPCs and MS-MICs on MX Series routers.
  • The topics “Real-Time Performance Monitoring Services Overview” and “Configuring RPM Probes” failed to state that RPM is not supported on logical systems.

MPLS Applications Feature Guide for Routing Devices

  • The "Configuring Miscellaneous LDP Properties," "Configuring the Authentication Key Update Mechanism for BGP and LDP Routing Protocols," "authentication-key-chain (LDP)," and "authentication-key-chain (BGP and BMP)” topics should include the following information: You must also configure the authentication algorithm using the authentication-algorithm algorithm statement. This statement must be included at the [edit protocols (bgp | ldp)] hierarchy level when you configure the authentication-key-chain key-chain statement at the [edit protocols (bgp | ldp)] hierarchy level.
  • The "Path Computation for LSPs on an Overloaded Router" topic should state that when you set the overload bit on a router running IS-IS, only new LSPs are prevented from transiting through the router. Any existing Constrained Path Shortest First (CPSF) LSPs remain active and continue to transit through the router. The documentation incorrectly states that any existing LSPs transiting through the router are also rerouted when you configure the overload bit on an IS-IS router.

Overview for Routing Devices

  • The "Configuring Automatic Mirroring of the CompactFlash Card on the Hard Disk Drive" and the "mirror-flash-on-disk" topics should not include support for MX5, MX10, and MX40 3D Universal Edge Routers. On the MX Series, this feature is supported only on the MX104, MX240, MX480, MX960, MX2010, and MX2020 routers.

Release Notes

  • The PR928128 was incorrectly included as a known issue in the release notes for the following Junos OS releases:
    • 14.2R1 Release Notes
    • 14.2R2 Release Notes
    • 14.2R3 Release Notes
    • 14.2R4 Release Notes
    • 14.2R5 Release Notes

    This issue was fixed before the 14.2R1 Release.

Routing Policies, Firewall Filters, and Traffic Policers Feature Guide for Routing Devices

  • The table in the “Firewall Filter Nonterminating Actions” topic failed to mention that Juniper Networks recommends you do not use the nonterminating firewall filter action next-hop-group with the port-mirror-instance or port-mirror action in the same firewall filter.

Services Interfaces Configuration Guide

  • The following information regarding the restriction on prefix lengths that can be configured in NAT pools on MS-MPCs and MS-MICs applies to the "Configuring Source and Destination Addresses Network Address Translation Overview " section of the "Network Address Translation Rules Overiew" topic:

    On MX Series routers with MS-MPCs and MS-MICs, if you configure a NAT address pool with a prefix length that is equal to or greater than /16, the PIC does not contain sufficient memory to provision the configured pool. Also, memory utilization problems might occur if you attempt to configure many pools whose combined total IP addresses exceed /16. In such circumstances, a system logging message is generated stating that the NAT pool name has failed to be created and that the service set is not activated. On MS-MPCs and MS-MICs, you must not configure NAT pools with prefix lengths greater than /16.

Standards Reference

  • The Supported Network Management Standards topic incorrectly states that Junos OS supports mplsL3VpnIfConfTable as part of compliance with RFC 4382, MPLS/BGP Layer 3 Virtual Private Network (VPN) MIB. Junos OS does not support this table.

Subscriber Access Protocols Feature Guide

  • The LAC Tunnel Selection Overview, Configuring Weighted Load Balancing for LAC Tunnel Sessions and weighted-load-balancing (L2TP LAC) topics in the Junos OS Broadband Subscriber Management and Services libraries incorrectly describe how weighted load balancing works on an L2TP LAC. The topics state that the tunnel with the highest weight (highest session limit) within a preference level is selected until it has reached its maximum sessions limit, and then the tunnel with the next higher weight is selected, and so on.

    In fact, when weighted load balancing is configured, tunnels are selected randomly within a preference level, but the distribution of selected tunnels is related to their weight. The LAC generates a random number within a range equal to the aggregate total of all session limits for all tunnels in the preference level. Portions of the range—pools of numbers—are associated with the tunnels according to their weight; a higher weight results in a larger pool. The random number is more likely to be in a larger pool, so a tunnel with a higher weight (larger pool) is more likely to be selected than a tunnel with a lower weight (smaller pool).

    For example, consider a level that has only two tunnels, A and B. Tunnel A has a maximum sessions limit of 1000 and tunnel B has a limit of 2000 sessions, resulting in an aggregate total of 3000 sessions. The LAC generates a random number in the range from 0 through 2999. A pool of 1000 numbers, the portion of the range from 0 through 999, is associated with tunnel A. A pool of 2000 numbers, the portion of the range from 1000 through 2999, is associated with tunnel B. If the generated number is less than 1000, then tunnel A is selected, even though it has a lower weight than tunnel B. If the generated number is 1000 or larger, then tunnel B is selected. Because the pool of possible generated numbers for tunnel B (2000) is twice that for tunnel A (1000), tunnel B is, on average, selected twice as often as tunnel A.

Subscriber Management Access Network Guide

  • The LAC Tunnel Selection Overview, Configuring Weighted Load Balancing for LAC Tunnel Sessions and weighted-load-balancing (L2TP LAC) topics in the Junos OS Broadband Subscriber Management and Services libraries incorrectly describe how weighted load balancing works on an L2TP LAC. The topics state that the tunnel with the highest weight (highest session limit) within a preference level is selected until it has reached its maximum sessions limit, and then the tunnel with the next higher weight is selected, and so on.

    In fact, when weighted load balancing is configured, tunnels are selected randomly within a preference level, but the distribution of selected tunnels is related to their weight. The LAC generates a random number within a range equal to the aggregate total of all session limits for all tunnels in the preference level. Portions of the range—pools of numbers—are associated with the tunnels according to their weight; a higher weight results in a larger pool. The random number is more likely to be in a larger pool, so a tunnel with a higher weight (larger pool) is more likely to be selected than a tunnel with a lower weight (smaller pool).

    For example, consider a level that has only two tunnels, A and B. Tunnel A has a maximum sessions limit of 1000 and tunnel B has a limit of 2000 sessions, resulting in an aggregate total of 3000 sessions. The LAC generates a random number in the range from 0 through 2999. A pool of 1000 numbers, the portion of the range from 0 through 999, is associated with tunnel A. A pool of 2000 numbers, the portion of the range from 1000 through 2999, is associated with tunnel B. If the generated number is less than 1000, then tunnel A is selected, even though it has a lower weight than tunnel B. If the generated number is 1000 or larger, then tunnel B is selected. Because the pool of possible generated numbers for tunnel B (2000) is twice that for tunnel A (1000), tunnel B is, on average, selected twice as often as tunnel A.

  • The Pseudowire Subscriber Logical Interfaces Overview and Configuring a Pseudowire Subscriber Logical Interface topics have been updated in Junos OS Release 14.2R6 to state that VLAN demux interfaces are not supported over pseudowire subscriber logical interfaces. Earlier versions of these topics omitted this information.

Subscriber Management Provisioning Guide

  • The following topics erroneously include information about the Ignore-DF-Bit VSA (26-70): “RADIUS Attributes and Juniper Networks VSAs Supported by the AAA Service Framework,” “Juniper Networks VSAs Supported by the AAA Service Framework”, and “AAA Access Messages and Supported RADIUS Attributes and Juniper Networks VSAs for Junos OS.” Junos OS does not support VSA 26-70.

    Some versions of the RADIUS dictionary file also erroneously list 26-70 as supported by the Junos OS.

  • In the Broadband Subscriber Sessions Feature Guide, the show network-access aaa radius servers command topic includes a table that describes the output fields for the command. The table entry for the Status field does not clearly explain when a request starts and ends.

    The following information has been added to the NOTE in that table entry:

    For the purpose of marking a server as Down (DEAD), the request includes the original request and any retries that are configured. The 10-second timeout period starts after the initial request and all retries have expired without receiving a response from the server.

    The amount of the timeout period that elapses before the server is marked Down is not always exactly 10 seconds, and can vary depending on how frequently subscribers are logging in. When subscribers are continually and rapidly logging in, the server is marked as Down at 10 seconds. However, if subscribers are logging in less frequently and at a slower pace, then the server is not marked Down until a subsequent subscriber attempts to log in. For example, if the subsequent subscriber logs in a minute after the request and all retries lapse, and the 10-second timeout starts, the actual time until the server is marked Down is 50 seconds after the timeout starts (the one minute between subscriber login minus the 10-second timeout).

Traffic Sampling, Forwarding, and Monitoring Feature Guide for Routing Devices

  • The enhanced-hash-key configuration statement topic fails to mention that the src-prefix-len option is available for configuration at the [edit forwarding-options enhanced-hash-key family inet6 layer-3-services src-prefix-len] hierarchy level. You can use the src-prefix-len option to include the source prefix length in the hash key for enhanced IP forwarding engines.

Tunnel and Encryption Services Interfaces Feature Guide for Routing Devices

  • The “Configuring Unicast Tunnels” topic incorrectly shows the backup-destination statement. This statement does not apply to unicast tunnels.

User Access and Authorization Feature Guide for Routing Devices

  • The “Configuring the SSH Protocol Version” topic incorrectly states that both version 1 and version 2 of the SSH protocol are enabled by default. The topic should state that version 2 of the SSH protocol is enabled by default, and you must explicitly configure version 1 if you want to enable it.
  • The "Example: DHCP Complete Configuration" and "dchp" topics should not include support for the MX Series Universal Edge 3D Routers. This feature is supported only on the M Series and the T Series.

VPNs Library for Routing Devices

  • The “Routing Instances Overview” topic should include the following instance types: Ethernet VPN (EVPN) and Internet Multicast over MPLS. Use the Ehternet VPN instance type, which is supported on the MX Series only, to connect a group of dispersed customer sites using a Layer 2 virtual bridge. Use the Internet Multicast over MPLS instance type to provide support for ingress replication provider tunnels to carry IP multicast data between routers through an MPLS cloud, using MBGP or next-generation MVPN.

    To configure an EVPN instance type, include the evpn statement at the [edit routing-instances routing-instance-name instance-type] hierarchy level. To configure an Internet Multicast over MPLS instance type, include the mpls-internet-multicast statement at the [edit routing-instances routing-instance-name instance-type] hierarchy level.

Modified: 2017-12-12