Supported Adaptive Services Standards

On Adaptive Services PICs (both standalone and integrated versions) and MultiServices PICs, the JUNOS software supports the following services:

• CoS—Traffic filtering based on class-of-service features.

  The JUNOS software substantially supports the following CoS standards:

  • RFC 2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers (obsoletes RFCs 1349 and 1455)
  • RFC 2475, An Architecture for Differentiated Services
• Flow monitoring and discard accounting—Tools for sampling traffic, gathering detailed information about traffic flows, and performing discard accounting.

  The JUNOS software substantially supports the following standards for Monitoring Services PICs in addition to Adaptive Services and MultiServices PICs:

  • Standards for cflowd version 5 and version 8 formats maintained by CAIDA (http://www.caida.org)
  • RFC 3954, Cisco Systems NetFlow Services Export Version 9
• Intrusion detection services (IDS)—Tools for detecting, redirecting, and preventing certain kinds of network attack and intrusion.
• IPsec—Tools for configuring manual or dynamic security associations (SAs) for encryption of data traffic.

  The Canada and U.S. version of the JUNOS software substantially supports the IPsec architecture, which provides a security suite for the IPv4 and IPv6 network layers for traffic destined to or originating at the Routing Engine. The Canada and U.S. version of the software also substantially supports Internet Key Exchange (IKE), which defines mechanisms for key generation and exchange, and manages security associations (SAs). The JUNOS software supports manual and dynamic SAs.

  The Canada and U.S. version of the JUNOS software substantially supports the following IPsec standards:

  • RFC 2085, HMAC-MD5 IP Authentication with Replay Prevention
  • RFC 2401, Security Architecture for the Internet Protocol
  • RFC 2402, IP Authentication Header (except for the ES PIC)
  • RFC 2403, The Use of HMAC-MD5-96 within ESP and AH
  • RFC 2404, The Use of HMAC-SHA-1-96 within ESP and AH
  • RFC 2405, The ESP DES-CBC Cipher Algorithm With Explicit IV
  • RFC 2406, IP Encapsulating Security Payload (ESP)
  • RFC 2407, The Internet IP Security Domain of Interpretation for ISAKMP
  • RFC 2408, Internet Security Association and Key Management Protocol (ISAKMP)
  • RFC 2409, The Internet Key Exchange (IKE)
  • RFC 2410, The NULL Encryption Algorithm and Its Use With IPsec [sic]
  • RFC 2412, The OAKLEY Key Determination Protocol
  • RFC 3602, The AES-CBC Cipher Algorithm and Its Use with IPsec [sic]
  • RFC 3706, A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers
  • Internet draft draft-eastlake-sha2-02.txt, US Secure Hash Algorithms (SHA and HMAC-SHA) (expires July 2006)
• Layer 2 Tunneling Protocol (L2TP) client services—Services that enable support for tunneling Point-to-Point Protocol (PPP) traffic across a network.

  The JUNOS software substantially supports the following L2TP standards:

  • RFC 2661, Layer Two Tunneling Protocol “L2TP”
  • RFC 2866, RADIUS Accounting
• Link services—A system for providing multiple independent links between two systems.

  The JUNOS software substantially supports the following link-services standards:

  • RFC 1990, The PPP Multilink Protocol (MP) (obsoletes RFC 1717)
  • RFC 2364, PPP Over AAL5
  • RFC 2686, The Multi-Class Extension to Multi-Link PPP

    The following restrictions apply:

    • Prefix elision is not supported.
    • The JUNOS PPP implementation does not support the negotiation of address field compression and protocol field compression PPP Network Control Protocol (NCP) options. A full 4-byte PPP header is always sent.
• Network Address Translation (NAT)—A security-enhancement procedure that hides the IP addresses of hosts on a private network by substituting publicly visible addresses for them.

  The JUNOS software substantially supports the following NAT standards:

  • RFC 1631, The IP Network Address Translator (NAT)
  • RFC 2663, IP Network Address Translator (NAT) Terminology and Considerations
  • RFC 3022, Traditional IP Network Address Translator (Traditional NAT)
• Real-time performance monitoring (RPM)—Tools for configuring active probes to track and monitor traffic. The JUNOS software provides MIB support with extensions in substantial support of RFC 2925, Definitions of Managed Objects for Remote Ping, Traceroute, and Lookup Operations.
• Session Initiation Protocol (SIP) application—The NAT and stateful firewall services support SIP dialogs and UDP IPv4 transport of SIP messages. The JUNOS software substantially supports RFC 3261, SIP: Session Initiation Protocol.
• Stateful firewall—A type of firewall filter that considers state information derived from previous communications and other applications when evaluating traffic.
• Tunnel services—A method for transmitting traffic along a secure path in a public network. The JUNOS software substantially supports the tunneling standards listed in Supported Standards for GRE and IP-IP Interfaces.
• Voice services—A utility to transport packetized voice traffic over an IP network infrastructure.

  The JUNOS software substantially supports the following voice services standards:

  • RFC 2508, Compressing IP/UDP/RTP Headers for Low-Speed Serial Links
  • RFC 2509, IP Header Compression over PPP

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.