New Features in Junos OS Release 10.3 for SRX Series Services Gateways and J Series Services Routers

The following features have been added to Junos OS Release 10.3. Following the description is the title of the manual or manuals to consult for further information.

Software Features

Point-to-Point Protocol over Ethernet (PPPoE)

R2CP Radio-to-Router Protocol Support— This feature is supported on all SRX Series and J Series devices.
Junos OS Release 10.3 supports the Network Centric Waveform (NCW) radio-specific radio-to-router control protocol (R2CP), which is similar to the PPPoE radio-to-router protocol. Both of these protocols exchange dynamic metric changes in the network that the routers use to update the OSPF topologies.
In radio-router topologies, the router connects to the radio over a Gigabit Ethernet link and the radio transmits packets over the radio frequency (RF) link. The radio periodically sends metrics to the router, which uses RF link characteristics and other data to inform the router on the shaping and OSPF link capacity. The router uses this information to shape the data traffic and provide the OSPF link cost for its SPF calculations. The radio functions like a Layer 2 switch and can only identify remote radio-router pairs using Layer 2 MAC addresses. With R2CP the router receives metrics for each neighboring router, identified by the MAC address of the remote router. The R2CP daemon translates the MAC addresses to link the local IPv6 addresses and sends the metrics for each neighbor to OSPF. Processing these metrics is similar to the handling of PPPoE PADQ metrics. Unlike PPPoE, which is a point-to-point link, these R2CP neighbors are treated as nodes in a broadcast LAN.
You must configure each neighbor node with a per-unit scheduler for CoS. The scheduler context defines the attributes of Junos class-of-service (CoS). To define CoS for each radio, you can configure virtual channels to limit traffic. You need to configure virtual channels for as many remote radio-router pairs as there are in the network. You configure virtual channels on a logical interface. You can configure each virtual channel to have a set of eight queues with a scheduler and an optional shaper. When the radio initiates the session with a peer radio-router pair, a new session is created with the remote MAC address of the router and the VLAN over which the traffic flows. Junos OS chooses from the list of free virtual channels and assigns the remote MAC and the eight CoS queues and the scheduler to this remote MAC address. All traffic destined to this remote MAC address is subjected to the CoS that is defined in the virtual channel.
A virtual channel group is a collection of virtual channels. Each radio can have only one virtual channel group assigned uniquely. If you have more than one radio connected to the router, you must have one virtual channel group for each local radio-to-router pair.
Although a virtual channel group is assigned to a logical interface, a virtual channel is not the same as a logical interface. The only features supported on a virtual channel are queuing, packet scheduling, and accounting. Rewrite rules and routing protocols apply to the entire logical interface.
[LN1000 Mobile Secure Router User Guide]

Security

Policy usability—This feature is supported on all SRX Series and J Series devices.
In a Junos OS stateful firewall, security policies enforce rules for transit traffic, in terms of what traffic can pass through the firewall, and the actions that need to take place on the traffic as it passes through the firewall. Periodically, traffic does not pass for a number of reasons. For example, traffic does not match a correct policy configuration or the source of the traffic is incorrect. The source of the problem can sometimes be difficult to identify. The show security match-policies command allows you to troubleshoot traffic problems in the five tuples: source port, destination port, source IP address, destination IP address, and protocol. The command works offline to identify where the exact problem in the transit traffic exists. It uses the actual search engine to identify the problem and thus enables you to use the appropriate match policy for the traffic.

VPNs

VPN scalability—The VPN feature on the SRX3400, SRX3600, SRX5600, and SRX5800 devices now supports 15,000 site-to-site tunnels.

Hardware Features—SRX220 Services Gateways

Overview

The Juniper Networks SRX220 Services Gateway offers complete functionality and flexibility for delivering secure, reliable data services over IP, along with multiple interfaces that support WAN and LAN connectivity.

The device provides Internet Protocol Security (IPsec), virtual private network (VPN), and firewall services for small-sized and medium-sized companies and enterprise branch and remote offices.

Accessing the SRX220 Services Gateway

Two user interfaces are available for monitoring, configuring, troubleshooting, and managing the SRX220 Services Gateway:

J-Web interface—Web-based graphical interface that allows you to operate a services gateway without commands. The J-Web interface provides access to all Junos OS functionality and features.
Junos OS command-line interface (CLI)—Juniper Networks command shell that runs on top of a UNIX-based operating system kernel. The CLI is a straightforward command interface. On a single line, you type commands that are executed when you press the Enter key. The CLI provides command Help and command completion.

Hardware Features

Table 3 lists the hardware features supported on the SRX220 Services Gateway.

Table 3: SRX220 Services Gateway Hardware Features

Feature	Description
DDR memory	1 GB
PoE support	No
Power supply adapter	60 W
AC input voltage	100 to 240 VAC
Average power consumption	28 W (no MPIMs)
Gigabit Ethernet ports	8
Console port	1
USB ports	2
Mini-PIM slots	2
LEDs	Status, Alarm, HA, Power, Mini-PIMs, Port (TX/RX and PoE)
CompactFlash	1 externally accessible

For more details on the SRX220 Services Gateway software features and licenses, see the Junos OS Administration Guide for Security Devices.

Hardware Interfaces

Table 4 summarizes the built-in hardware interfaces supported on the SRX220 Services Gateway.

Table 4: SRX220 Services Gateway Built-In Hardware Interfaces

Interface Type	Specifications	Description
Gigabit Ethernet	Eight fixed ports that: Are labeled ge–0/0/0 through ge–0/0/7 on the front panel Use RJ-45 connectors Provide link speeds of 10/100/1000 Mbps Operate in full-duplex and half-duplex modes Support flow control Support autonegotiation and autosensing	The Gigabit Ethernet ports can be used as follows: To function as front-end network ports To provide LAN and WAN connectivity to hubs, switches, local servers, and workstations To forward incoming data packets to the device To receive outgoing data packets from the device To connect devices to receive network connectivity
Universal Serial Bus (USB)	Two fixed ports that: Function in full speed and high speed Comply with USB revision 2.0	The USB ports can be used as follows: To support a USB storage device that functions as a secondary boot device in case of CompactFlash failure on startup (if the USB storage device is installed and configured) Note: You must install and configure the USB storage device on the USB port to use it as secondary boot device. Additionally, the USB device must have Junos OS installed. To provide the USB interfaces that are used to communicate with many types of USB storage devices supported by Juniper Networks. Contact your Juniper Networks customer service representative for more information.
Console	One fixed port that: Uses an RJ-45 serial cable connector Supports the RS-232 (EIA-232) standard	The console port can be used as follows: To provide the console interface To function as a management port to log into a device directly To configure the device using the CLI
Mini-Physical Interface Module (Mini-PIM)	Two fixed slots for Mini-PIMs	The Mini-PIM slots can be used to provide LAN and WAN functionality along with connectivity to various media types. For more information about the supported Mini-PIMs, see the SRX Series Services Gateways for the Branch Physical Interface Modules Hardware Guide.

Note: We strongly recommend that only transceivers provided by Juniper Networks be used on an SRX220 Services Gateway. We cannot guarantee that the interface module will operate correctly if third-party transceivers are used. Contact Juniper Networks for the correct transceiver part number for your device.