Changes in Default Behavior and Syntax in JUNOS Release 10.2 for M Series, MX Series, and T Series Routers
Class of Service
- Output forwarding map not supported on multiservices
link services intelligent queuing—If you configure
an output forwarding class map associating a forwarding class with
a queue number, these maps are not supported on multiservices link
services intelligent queuing (lsq-) interfaces.
[Class of Service]
Ingress shaping overhead (MX Series routers)—For MX Series routers, when ingress queueing is enabled on EQ DPCs, ingress shaping overhead can be made accurate by using the following values for the ingress-shaping-overhead statement:
- For Layer 2, subtract 14 bytes (-14)
- For Layer 3 untagged ports, add 2 bytes
- For Layer 3 dual-tagged ports, add 10 bytes
- A DSCP action or traffic-class action configured
on a DPC in an MX Series router no longer causes the commit to fail—For MX Series routers, if you configure a firewall filter
with a DSCP action or traffic-class action on a DPC, the commit no
longer fails. However, a warning displays and an entry is made in
the syslog.
[Class of Service]
Forwarding and Sampling
- Support for the match condition prefix-list for
firewall filters for the protocol family VPLS (MX Series routers only)—The match condition that is supported for IPv4 and IPv6 protocol
families is now also supported for the VPLS family. Support for VPLS
prefix lists is limited to IPv4 addresses only; any IPv6 addresses
included in the prefix list will be discarded. To enable the prefix-list
firewall filters match condition for VPLS, include the prefix-list prefix-list-name match condition at the [edit
firewall family vpls filter filter-name term term-name from ] hierarchy level.
[Policy Framework]
General Routing
- Framed-Route tag option supported—The MX Series routers now fully support the tag route-tag option in the RADIUS Framed-Route [22] attribute for access routes in dynamic profiles. To use the route tag, include the tag $junos-framed-route-tag statement at the [edit dynamic-profiles profile-name routing-options access route $junos-framed-route-prefix] hierarchy level.
- Access route tag supported—For M120, M320, and MX Series routers, you can optionally assign a tag to a statically configured access route. To use the route tag, include the tag route-tag statement at the [edit routing-options access route ip-prefix/prefix-length] hierarchy level.
Interfaces and Chassis
- Deprecated empty-service statement—For PPPoE service name table configurations on M120, M320,
and MX Series routers, the empty-service statement has been
deprecated at the [edit protocols pppoe service-name-tables table-name] hierarchy level in JUNOS Release 10.2
and later. Instead, use the service empty statement at the [edit protocols pppoe service-name-tables table-name] hierarchy level to configure attributes for the empty service entry in a PPPoE service name table.
[Network Interfaces]
- Enhancement to the show system license command—For scalable license-based features
such as Subscriber Access (scale-subscriber), L2TP (scale-l2tp), Mobile IP (scale-mobile-ip), and so on, the show
system license operational mode command now displays the actual
usage count in the Licenses used column based on the number
of active sessions or connections as reported by the corresponding
feature daemons.
[System Basics and Services Command Reference]
- show system switchover is deprecated on
the master Routing Engine—Beginning JUNOS Release
9.6, the show system switchover command has been deprecated
on the master Routing Engine on all routers other than a TX Matrix
(switch-card chassis) or a TX Matrix Plus (switch-fabric chassis)
router. However, in a routing matrix, if you issue the show system
switchover command on the master Routing Engine of the TX Matrix
router (or switch-card chassis), the CLI displays graceful switchover
information for the master Routing Engine of the T640 routers (or
line-card chassis) in the routing matrix. Likewise, if you issue the show system switchover command on the master Routing Engine
of a TX Matrix Plus router (or switch-fabric chassis), the CLI displays
output for the master Routing Engine of T1600 routers (or line-card
chassis) in the routing matrix.
[System Basics and Services Command Reference]
- Options added to the show arp command—The vpn and logical-system options have
been added to the show arp command.
[System Basics Command Reference]
- Commit-time warning messages at the [edit interfaces] hierarchy level are now system logged—CLI commit-time
warnings displayed for configuration at the [edit interfaces] hierarchy level have been removed and are now logged as system log
messages.
[CLI User Guide]
- Enhancement to the show chassis fabric fpcs command—The show chassis fabric fpcs command issued on T Series routers now displays a list of Packet
Forwarding Engines with destination errors in addition to link errors.
This is applicable for SIBs in the Check state. In JUNOS
Release 9.6 and later, the list of Packet Forwarding Engines with
destination errors is displayed in the output. In JUNOS releases before
9.6, the output only indicates that there are destination errors.
However, the list of Packet Forwarding Engines with destination errors
is not displayed.
The following is a sample of the enhanced output for this command:
user@host> show chassis fabric fpcs Fabric management FPC state: FPC #3 PFE #1 SIB #2 Plane enabled SIB #3 Link error Destination error on PFEs 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 SIB #4 Destination error on PFEs 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21[System Basics Command Reference]
- Support for demux and PPPoE static interfaces—The maximum number of static logical interfaces supported
per physical interface for demux (on demux0) and PPPoE (on pp0) has
been increased to 65,536 (logical unit numbers in the range 0 through
65,535). For all other interface types, the maximum number of static
interfaces per physical interface remains at 16,386 (logical unit
numbers in the range 0 through 16,385).
[Network Interfaces]
- Enhancement to the show chassis sibs command—The show chassis sibs command now displays destination
errors for SIBS in the Check state. In JUNOS Release 9.6
and later, the Check state message shows the number of Packet
Forwarding Engines in the plane having destination errors. For example,
Check (10 destination errors) indicates 10 Packet Forwarding Engines
having destination errors. If there are no destination errors, and
if the SIB transitions to the Check state because of link errors only,
the Check state message shows Check (0 destination errors).
In JUNOS Release 9.5 and earlier, the Check state message shows Check (destination errors) if there are Packet Forwarding Engines with destination errors in this plane. However, it does not show the number of Packet Forwarding Engines having destination errors. If there are no destination errors and if the SIB transitions to the Check state because of link errors only, the Check state message shows Check (no destination errors).
user@host> show chassis sibs Slot State Uptime 0 Check (destination errors) 2 hours, 23 minutes, 2 seconds 1 Empty 2 Check (destination errors) 2 hours, 23 minutes, 3 seconds 3 Check (destination errors) 2 hours, 23 minutes, 3 seconds 4 Check (destination errors) 2 hours, 23 minutes, 3 seconds use "show chassis fabric fpcs" and "show chassis fabric sibs" for more details
In addition, the command also displays a message to use the show chassis fabric fpcs and show chassis fabric sibs commands for more information.
If there are no SIBs in the Check state, there is no change in the output of this command.
[System Basics Command Reference]
- Changes to the output of the show chassis power command—The output of the show chassis power command has now been revised to show the maximum and actual power
capacity details for an AC or DC PEM, based on number of feeds, the
number of feeds expected and connected, and other system statistics.
The following is a sample of the revised output for the show chassis
power command:
PEM 0: State: Online DC input: OK (1 feed expected, 1 feed connected) DC input: 48.0 V input (51500 mV) Capacity: 2800 W (maximum 2800 W) DC output: 306 W (zone 0, 6 A at 51 V, 10% of capacity) PEM 1: State: Online DC input: OK (1 feed expected, 1 feed connected) DC input: 48.0 V input (51000 mV) Capacity: 2800 W (maximum 2800 W) DC output: 459 W (zone 1, 9 A at 51 V, 16% of capacity) PEM 2: State: Empty Input: Absent PEM 3: State: Empty Input: Absent System: Zone 0: Capacity: 2800 W (maximum 2800 W) Allocated power: 540 W (2260 W remaining) Actual usage: 306 W Zone 1: Capacity: 2800 W (maximum 2800 W) Allocated power: 905 W (1895 W remaining) Actual usage: 459 W Total system capacity: 5600 W (maximum 5600 W) Total remaining power: 4155 WThe following is a sample of the earlier output for the show chassis power command:
DC PEM 0 Limits: Voltage Current Rating MaxDPC 48 101 4100 600 Input: Zone Feed Switch Code 0 2 1 2-G Output: Voltage Current Power Load(%) RemainingPower 58 16 928 22 3172 State: Online DC PEM 1 Limits: Voltage Current Rating MaxDPC 48 101 4100 600 Input: Zone Feed Switch Code 1 2 1 2-G Output: Voltage Current Power Load(%) RemainingPower 57 7 399 9 3701 State: Online DC PEM 2 Limits: Voltage Current Rating MaxDPC 48 70 2800 352 Input: Zone Feed Switch Code 0 1 0 1-G State: Present DC PEM 3 Limits: Voltage Current Rating MaxDPC 48 70 2800 352 Input: Zone Feed Switch Code 1 1 0 1-G State: Present[System Basics and Services Command Reference]
- Deleting configuration statements using the delete command—Beginning with JUNOS Release
10.2, you cannot delete multiple statements or identifiers within
a hierarchy using a single delete command. You must delete
each statement or identifier individually using multiple delete commands. For example, consider the following configuration at the [edit system] hierarchy level:system {host-name host-211;domain-name domain-122;backup-router 192.168.71.254;arp;authentication-order [ radius password tacplus ];}
To delete the domain-name, host-name, and backup-router from the configuration, you cannot issue a single delete command:
user@host> delete system hostname host-211 domain-name domain-122 backup-router 192.168.71.254You can only delete each statement individually:
user@host delete system host-name host-211user@host delete system domain-name domain-122user@host delete system backup-router 192.168.71.254[CLI User Guide]
- Enhancement to the show system virtual-memory command output—Starting with JUNOS Release 10.2,
the show system virtual-memory command issued with the | display XML pipe option displays XML output for the command
in the parent tags: <vmstat-memstat-malloc>, <vmstat-memstat-zone>, <vmstat-sumstat>, <vmstat-intr>, and <vmstat-kernel-state> with each child element as a separate
XML tag. The following is a sample output for the next XML output:
user@host> show system virtual-memory | display xml<rpc-reply xmlns:junos="http://xml.juniper.net/junos/10.2R1/junos"> <system-virtual-memory-information> <vmstat-memstat-malloc> <memstat-name>CAM dev queue</memstat-name> <inuse>1</inuse> <memuse>1</memuse> <high-use>-</high-use> <memstat-req>1</memstat-req> <memstat-size>64</memstat-size> ... </vmstat-memstat-malloc> <vmstat-memstat-zone> <zone-name>UMA Kegs:</zone-name> <zone-size>136</zone-size> <count-limit>0</count-limit> <used>71</used> <free>1</free> <zone-req>71</zone-req> ... </vmstat-memstat-zone> <vmstat-sumstat> <cpu-context-switch>934906</cpu-context-switch> <dev-intr>1707986</dev-intr> <soft-intr>33819</soft-intr> <traps>203604</traps> <sys-calls>1200636</sys-calls> <kernel-thrds>60</kernel-thrds> <fork-calls>1313</fork-calls> <vfork-calls>21</vfork-calls> <rfork-calls>0</rfork-calls> <swap-pageins>0</swap-pageins> <swap-pagedin>0</swap-pagedin> <swap-pageouts>0</swap-pageouts> <swap-pagedout>0</swap-pagedout> <vnode-pageins>23094</vnode-pageins> <vnode-pagedin>23119</vnode-pagedin> <vnode-pageouts>226</vnode-pageouts> <vnode-pagedout>3143</vnode-pagedout> <page-daemon-wakeup>0</page-daemon-wakeup> <page-daemon-examined-pages>0</page-daemon-examined-pages> <pages-reactivated>8821</pages-reactivated> <copy-on-write-faults>48364</copy-on-write-faults> <copy-on-write-optimized-faults>31</copy-on-write-optimized-faults> <zero-fill-pages-zeroed>74665</zero-fill-pages-zeroed> <zero-fill-pages-prezeroed>70061</zero-fill-pages-prezeroed> <transit-blocking-page-faults>85</transit-blocking-page-faults> <total-vm-faults>191824</total-vm-faults> <pages-affected-by-kernel-thrd-creat>0</pages-affected-by-kernel-thrd-creat> <pages-affected-by-fork>95343</pages-affected-by-fork> <pages-affected-by-vfork>3526</pages-affected-by-vfork> <pages-affected-by-rfork>0</pages-affected-by-rfork> <pages-freed>221502</pages-freed> <pages-freed-by-deamon>0</pages-freed-by-deamon> <pages-freed-by-exiting-proc>75630</pages-freed-by-exiting-proc> <pages-active>45826</pages-active> <pages-inactive>13227</pages-inactive> <pages-in-vm-cache>49278</pages-in-vm-cache> <pages-wired-down>10640</pages-wired-down> <pages-free>70706</pages-free> <bytes-per-page>4096</bytes-per-page> <swap-pages-used>0</swap-pages-used> <peak-swap-pages-used>0</peak-swap-pages-used> <total-name-lookups>214496</total-name-lookups> <positive-cache-hits>92</positive-cache-hits> <negative-cache-hits>5</negative-cache-hits> <pass2>0</pass2> <cache-deletions>0</cache-deletions> <cache-falsehits>0</cache-falsehits> <toolong>0</toolong> </vmstat-sumstat> <vmstat-intr> <intr-name>irq0: clk </intr-name> <intr-cnt>1243455</intr-cnt> <intr-rate>999</intr-rate> <intr-name>irq4: sio0 </intr-name> <intr-cnt>1140</intr-cnt> <intr-rate>0</intr-rate> <intr-name>irq8: rtc </intr-name> <intr-cnt>159164</intr-cnt> <intr-rate>127</intr-rate> <intr-name>irq9: cbb1 fxp0 </intr-name> <intr-cnt>28490</intr-cnt> <intr-rate>22</intr-rate> <intr-name>irq10: fxp1 </intr-name> <intr-cnt>20593</intr-cnt> <intr-rate>16</intr-rate> <intr-name>irq14: ata0 </intr-name> <intr-cnt>5031</intr-cnt> <intr-rate>4</intr-rate> <intr-name>Total</intr-name> <intr-cnt>1457873</intr-cnt> <intr-rate>1171</intr-rate> </vmstat-intr> <vm-kernel-state> <vm-kmem-map-free>248524800</vm-kmem-map-free> </vm-kernel-state> </system-virtual-memory-information> <cli> <banner></banner> </cli> </rpc-reply>In JUNOS Releases 10.1 and earlier, the | display XML option for this command does not have an XML API element and the entire output is displayed in a single <output> tag element.
[System Basics and Services Command Reference]
- PIC combination limitations on M7i, M10i, and M120
routers—In most cases, you can install PICs of
different media types in a router. However, configuration rules might
limit certain combinations of PICs. For M7i and M10i routers, some
PICs of different PIC families cannot be installed in PIC slots 0
and 1, or in slots 2 and 3. For M120 routers, some PICs of different
PIC families cannot be installed in the same FPC. If you have different
PIC families in the router and are running JUNOS Release 10.2 or later,
review the configuration rules to plan which PICs to install in your
router. Consult the most recent technical bulletins about configuration
rules for PIC combinations on the Juniper Networks Support site at http://www.juniper.net/support/. Newer JUNOS services for some
PICs can require significant Internet Processor ASIC memory. Ethernet
and SONET PICs typically do not use large amounts of memory. Gigabit
Ethernet, ATM2, IQ serial PICs, IQE PICs, and MultiServices PICs
use more. To conserve memory, you can group PICs in the same family
together on the same FPC.
As a workaround, you can:
- Install one PIC in a different PIC slot.
- Remove one of the PICs from the router.
- Additional output line in the show system statistics
ip command—The show system statistics
ip command now includes a new output line number incoming raw packets dropped due to no socket space to display
statistics on packets dropped due to the kernel socket buffer being
full.
[System Basics and Services Command Reference]
- Enhancement to the show chassis fabric sibs command—The plane unusable by # pfes string in the show chassis fabric sibs command output in
the plane state: output field has now been modified to the plane has link errors on # pfes. This indicates that the plane
is still usable but has link errors on the number of PFEs indicated. However, it doesn’t indicate destination
errors.
[System Basics and Services Command Reference]
Layer 2 Ethernet Services
- Modification to the output of the show dhcp/dhcpv6
relay/server binding commands—The output
of the show dhcp server binding summary command, the show dhcp relay binding summary command, and the show dhcpv6
server binding command has been modified to include the number
of clients in the init state and the requesting state.
[Subscriber Access]
- Disable IRB packet from being mirrored as a Layer
2 packet—If you associate integrated routing and
bridging (IRB) with the bridge domain (or VPLS routing instance),
and also configure within the bridge domain (or VPLS routing instance)
a forwarding table filter with the port-mirror or port-mirror-instance
action, then the IRB packet is mirrored as a Layer 2 packet. You can
disable this behavior by configuring the no-irb-layer-2-copy statement in the bridge-domain (or VPLS routing instance).
[Layer 2 Configuration]
- Configuring vlan-id all statement in a
VPLS routing instance—If you configure the vlan-id all statement in a VPLS routing instance, we recommend
using the input-vlan-map pop and output-vlan-map push statements on the logical interface to pop the service VLAN ID on
input and push the service VLAN ID on output and in this way limit
the impact of doubly-tagged frames on scaling.
[Layer 2 Configuration]
MPLS Applications
Optimal path for bypass LSPs—To ensure that bypass LSPs take the most optimal path to reach their destination, they are now rerouted automatically when you configure or change the configuration of any of the following:
- Administrative group for a bypass LSP—admin-group statement at the [edit protocols rsvp interface interface-name link-protection] hierarchy level
- Fate sharing group—group statement at the [edit routing-options fate-sharing] hierarchy level
- IS-IS overload—overload statement at the [edit protocols isis] hierarchy level
- LSP metric—metric statement at the [edit protocols mpls label-switched-path lsp-name] hierarchy level
[MPLS]
- 64 character support for bypass LSP name—You can now configure the name of a bypass LSP using up to
64 characters. You configure a bypass LSP name using the bypass statement at the [edit protocols rsvp interface interface-name link-protection] hierarchy level.
[MPLS]
Routing Policy and Firewall Filters
- Option to enable enhanced jtree memory allocation
for Layer 3 VPNs (T640 and T1600 routers with Enhanced Scaling FPC3
and Enhanced Scaling FPC4)—For T Series routers
only. With JUNOS Release 10.2, enhanced jtree memory allocation is
turned OFF by default. To enable jtree memory allocation, use the route-memory-enhanced statement at the [edit chassis] hierarchy level, and reboot all the affected FPCs to activate the
configuration. For JUNOS Release 9.3 to 10.1, the default routing
tables (inet.0 and inet6.0) use both memory segments
by default.
[System Basics]
- Three-color policers (M120 and MX Series routers)—On MX Series and M120 routers, you can apply three-color policers
to aggregated interfaces.
[Class of Service]
Services Applications
- New configuration
to avoid IDP traffic loss (MX Series routers)—When
the MultiServices DPC configured for a service set is either administratively
taken offline or undergoes a failure, all the traffic entering the
configured interface with an IDP service set would be dropped without
notification. To avoid this traffic loss, include the bypass-traffic-on-pic-failure statement at the [edit services service-set service-set-name service-set-options] hierarchy level and (for TCP traffic only)
the ignore-errors tcp statement at the [edit interfaces interface-name services-options] hierarchy level.
When you configure these statements, the affected packets are forwarded,
in the event of a MultiServices DPC failure or offlining, as though
interface-style services were not configured. This issue applies only
to MultiServices DPCs on MX Series routers and does not affect MS-400
PICs on M120 or M320 routers.
[Services Interfaces]
- Border Gateway Function (BGF)—Emergency
calls will be accepted even while the BGF is in the draining state
due to a graceful shutdown if you enter the set accept-emergency-calls-while-graceful configuration statement at the [edit services pgcp gateway gateway-name h248–options] hierarchy level.
[Session Border Control Solutions, Services Interfaces]
Enhancement to APPID, AACL, and L-PDF processing for APPID “best-effort” application identification—On MX Series routers equipped with Multiservices DPCs and M120 or M320 routers equipped with Multiservices 400 PICs, APPID application identification of TCP, UDP, and ICMP flows supports a “best-effort” application determination as follows:
- When a best-effort application determination is made, AACL does not apply any AACL term actions configured for that flow. Instead, AACL or L-PDF tracks the flow and accepts all packets for that flow until a final determination is made, at which time the normal AACL or L-PDFL actions are fully applied to the flow.
- During the time that APPID has not yet made a final determination of the application associated with a given flow, the flow does not contribute to any per-subscriber or per-application statistics collection.
During the time that APPID has not yet made a final determination of the application associated with a given flow, the flow is included in the output of the following operational mode commands:
- show services local-policy-decision-function flows (interface interface-name | subscriber subscriber-name)
- show services application-aware-access-list flows (interface interface-name | subscriber subscriber-name)
- If a flow ends before APPID has made either a final or a best-effort application identification, AACL or L-PDF uses the "unknown" application ID as a final determination and performs any necessary collection, aggregation, and reporting of statistics based on that Layer 7 application. In particular, if the count AACL term action is configured for the "application-group-any" application, then the statistics for that flow will be collected and aggregated against the count bucket type, and reported as such.
- If a flow ends while the application identification is on a best-effort basis, AACL or L-PDF uses that best-effort determination as a final determination. AACL or L-PDF performs any necessary collection, aggregation, and reporting of statistics based on that Layer 7 application. In particular, if the count AACL term action is configured for that Layer 7 application, then the statistics for the flow will be collected and aggregated against the AACL or L-PDF statistics.
- The control source component of the dynamic flow
capture architecture supports multiple content destinations for DTCP/0.7
implementations of DTCP ADD requests—The JUNOS
Software substantially supports DTCP: Dynamic Tasking Control
Protocol, specified in
draft-cavuto-dtcp-03.txtat http://www.ietf.org/internet-drafts. In particular, the JUNOS Software supports the current version string for this release of the DTCP protocol: DTCP/0.7. The JUNOS Software dynamic flow capture architecture now enables control sources (clients that monitor electronic data or voice transfer over the network) to process version 0.7 implementations of DTCP ADD request messages that specify multiple content destinations.
Note: For implementations of the DTCP protocol earlier than version 0.7, dynamic flow capture does not support DTCP ADD request messages that specify multiple content destinations. If a control source receives a DTCP-ADD request that specifies multiple content destinations but also contains a DTCP protocol version string earlier than DTCP/0.7, the control source rejects the request by sending a response message with the response code 432: Improper Filter Specification.
Differences between the DTCP/0.7 protocol specification and the DTCP/0.5 and DTCP/0.6 protocol specifications are described in APPENDIX A: Prior Implementation of the current Internet draft.
[Services Interfaces, Hierarchy and Standards]
- Border Gateway Function (BGF) media-service entity
removed from the CLI—The media-service entity has been deprecated from the CLI. The media-service configuration statement pointed to a NAT pool to be used by a pgcp
rule or virtual interface. Now, you should specify the NAT pools directly
in the configuration statements for the pgcp rule or virtual interface.
[Session Border Control Solutions, Services Interfaces]
- Integrated Multi-Service Gateway (IMSG)—The following statements have been replaced with new versions
that provide filtering by server or service point:
- The show services border-signaling-gateway calls statement is replaced by the show services border-signaling-gateway calls by-server and show services border-signaling-gateway calls by-service-point statements.
- The show services border-signaling-gateway calls-failed statement is replaced by the show services border-signaling-gateway calls-failed by-server and show services border-signaling-gateway calls-failed by-service-point statements.
- The show services border-signaling-gateway calls-duration statement is replaced by the show services border-signaling-gateway calls-duration by-server and show services border-signaling-gateway calls-duration by-service-point statements.
[Session Border Control Solutions, Systems Basics and Services CR]
- Integrated Multi-Service Gateway (IMSG)—You can now use the JUNOS Software CLI to restart a specific
border signaling gateway (BSG) by using the restart services border-signaling-gateway
gateway gateway-name command.
[Session Border Control Solutions ]
- Border Gateway Function (BGF) BTLB requirements—The BGF pgcpd process running on a control service PIC now
runs as a block translation look-aside buffer (BTLB) process. In order
to correctly activate the process, you must include the following
CLI configuration statements:
- set chassis fpc fpc # pic pic # adaptive-services service-package extension-provider wired-process-mem-size 512
- set chassis fpc fpc # pic pic # adaptive-services service-package extension-provider wired-max-processes 8
[Session Border Control Solutions]
- IPsec policy for dynamic endpoints—With JUNOS Release 10.2 you can now specify the IPsec policy
for dynamic endpoints. To specify an IPsec policy for dynamic endpoints,
define the policy and its proposals under the [edit services ipsec-vpn
ipsec] hierarchy level. Specify the policy name by including
the ipsec-policy policy-name statement
at the [edit access profile profile-name client*
ike] hierarchy level. If no policy is set, any policy proposed
by the dynamic peer will be accepted.
[Services Interfaces]
- Integrated Multiservice Gateway (IMSG) maximum
number of policies and policy-related entities per Border Signaling
Gateway (BSG)—The following table shows the maximum
number of policies and related entities:
Entity
Maximum
Policies (total of new call usage and new transaction policies) per BSG
750
New call usage policies per BSG
500
New transaction policies per BSG
500
Policies per service point
10
Service points per BSG
100
Terms per policy
20
Terms per BSG
10,000
Total of AND and OR operators in a policy term
4
[Session Border Control Solutions]
Subscriber Access Management
- Address assignment for dynamic PPPoE subscriber
interfaces (M120, M320, and MX Series routers)—If
the subscriber address for a dynamic PPPoE interface is not specified
by means of the Framed-IP-Address (8) or Framed-Pool (88) RADIUS IETF
attributes during authentication, the router allocates an IP address
from the first IPv4 local address-assignment pool defined in the routing
instance. For this reason, make sure that the local address assigned
for the inet (IPv4) address family is in the same subnet
as the addresses obtained from the first IPv4 local address-assignment
pool.
The router allocates the IP address from the first IPv4 local address-assignment pool under either of the following conditions:
- RADIUS returns no address attributes.
- RADIUS authentication does not take place because only address allocation is requested.
If the first IPv4 local address-assignment pool has no available addresses, or if no IPv4 local address-assignment pools are configured, the router does not allocate an IP address to the dynamic PPPoE subscriber interface and denies access to the associated subscriber. To avoid depletion of IP addresses, you can configure linked address-assignment pools on the first IPv4 address-assignment local pool to create one or more backup pools.
[Subscriber Access]
- Enabling and disabling DHCP snooping support—You can now explicitly enable or disable DHCP snooping support
on the router. If you disable DHCP snooping support, the router drops
snooped DHCP discover and request messages.
To enable DHCP snooping support, include the allow-snooped-clients statement at the [edit forwarding-options dhcp-relay overrides] hierarchy level. To disable DHCP snooping support, include the no-allow-snooped-clients statement at the [edit forwarding-options dhcp-relay overrides] hierarchy level. Both statements are also supported at the named group level and per-interface level.
In JUNOS Release 10.0 and earlier, DHCP snooping is enabled by default. In JUNOS Release 10.1 and later, DHCP snooping is disabled by default.
[Subscriber Access]
- Configuring default values for predefined variables—You can now configure default values for certain JUNOS predefined
variables. If the external RADIUS server is not available or the VSA
does not contain a value for the predefined variable, the JUNOS Software
uses the default values.
To configure default values, include the predefined-variable-defaults predefined-variable variable-option default-value statement at the [edit dynamic-profiles profile-name] hierarchy level.
[Subscriber Access]
- Modifications to the RADIUS revert-interval statement—The default setting and range have
changed for the revert-interval statement at the [edit
access profile profile-name radius options] hierarchy level. You can now set a revert interval in the range
from 0 (off) through 4,294,967,295 seconds. The default setting is
now 60 seconds.
[Subscriber Access]
VPNs
- New configuration statement for removing dynamically
learned MAC addresses from the MAC address database—Media access control (MAC) flush processing removes MAC addresses
from the MAC address database that have been learned dynamically.
With the dynamically learned MAC addresses removed, MAC address convergence
requires less time to complete.
In this release, you enable MAC flush processing for the virtual private LAN service (VPLS) routing instance or for the mesh group under a VPLS routing instance by using the mac-flush statement instead of the mac-tlv-receive and mac-tlv-send statements.
mac-flush [ explicit-mac-flush-message-options ];You can include the statement at the following hierarchy levels:
- [edit logical-systems logical-system-name routing-instances routing-instance-name protocols vpls]
- [edit logical-systems logical-system-name routing-instances routing-instance-name protocols vpls mesh-group mesh-group-name]
- [edit routing-instances routing-instance-name protocols vpls]
- [edit routing-instances routing-instance-name protocols vpls mesh-group mesh-group-name]
Note: The mac-tlv-receive and mac-tlv-send statements were removed from Release 10.0 of the JUNOS Software and are no longer visible in the [edit logical-systems logical-system-name routing-instances routing-instance-name protocols vpls] and [edit routing-instances routing-instance-name protocols vpls] hierarchy levels. Although the mac-tlv-receive and mac-tlv-send statements are recognized in the current release, they will be removed in a future release. We recommend that you update your configurations and use the mac-flush statement.
To also configure the router to send explicit MAC flush messages, you can include explicit-mac-flush-message-options with the statement.
[VPNs]
Related Topics
- New Features in JUNOS Release 10.2 for M Series, MX Series, and T Series Routers
- Issues in JUNOS Release 10.2 for M Series, MX Series, and T Series Routers
- Errata and Changes in Documentation for JUNOS Software Release 10.2 for M Series, MX Series, and T Series Routers
- Upgrade and Downgrade Instructions for JUNOS Release 10.2 for M Series, MX Series, and T Series Routers
