|
|
Release Highlights
Release 12.2.0 includes the features described in this section.
DHCP
- Support for Configuring DUID Type for DHCPv6 Local Server
Each entity in a DHCP operation, the client and the server, has a DHCP unique identifier (DUID). DHCP clients use DUIDs to identify a server in messages where a server needs to be identified. DHCP servers use DUIDs to determine the configuration parameters to be used for clients and in the association of addresses with clients.
By default, the DHCPv6 application in JunosE Software uses the Type 2 DUID on the server side in the communication between the delegating router and the requesting router, which is the customer premises equipment (CPE) at the edge of the remote client site that acts as the DHCPv6 client.
In scenarios in which the CPE does not support the Type 2 DUID, or if the service provider uses a DUID type other than Type 2, the identity verification of servers and clients by each other using DUIDs does not happen successfully. In such network environments, configuring the DUID type on the DHCPv6 local server to a type other than the default value of Type 3 enables correct identity verification of clients and servers.
You can configure the type of DUID using the ipv6 dhcpv6-local duid-type duidType command in Global Configuration mode to be either Type 2 or Type 3. These two types are currently supported by the DHCPv6 local server. The Type 1 DUID is not supported by the DHCPv6 local server. This command enables you to specify the DUID type that matches with the DUID type that the service providers use in their networks and also provides flexibility to DHCP subscribers to use a DUID type that suits their requirements. The DHCPv6 local server uses the configured DUID type in its communication with the client.
As part of this feature, the dhcpv6LsGeneral system event logging category has been modified to support the configuration of DUID type for DHCPv6 local servers.
Change in existing behavior: Existing feature extended as described here. In lower-numbered releases, Type 2 DUID was used by default in identity-verification during the communication between DHCPv6 clients and servers. You could not modify the DUID type to any other value to suit the DUID type used by service providers or subscribers.
Documentation
- Enhanced E Series End-of-Life Module Guide
The E Series End-of-Life Module Guide has been updated to include end-of-life modules that are no longer orderable for ERX routers.
The following modules have been moved to the E Series End-of-Life Module Guide from the ERX Module Guide:
Change in existing behavior: New feature added as described here.
E120 Router and E320 Router
- ES2 10G LM and ES2 10G Uplink LM Support for Layer 2 Statistics for VLANS
You can now collect VLAN traffic statistics on ES2 10G LMs and ES2 10G Uplink LMs and provide detailed SLA statistics for your customers. In earlier releases, this feature was supported only on ES2 4G LMs. However, the existing feature has been extended to support a statistics counter at the VLAN subinterface levels for any typical B-RAS network.
Change in existing behavior: Existing feature extended as described here.
Ethernet
- Limiting the Number of ACI-based VLAN Subinterface Sessions per S-VLAN
JunosE Software supports Agent Circuit Identifier-based (ACI) bulk configuration to build VLAN subinterface sessions per S-VLAN. To meet the increased per subscriber bandwidth usage, it is required to limit the number of ACI-based VLAN subinterface sessions per S-VLAN.
You can now configure the number of ACI-based VLAN subinterface sessions per S-VLAN at the interface level. You can use the max aci-svs per-pvs command to limit the number of ACI-based VLAN subinterfaces. For example:
host1(config-if)#max aci-svs per-pvs limitvalueThe following command has been enhanced to support limiting the number of ACI-based VLAN subinterface sessions per S-VLAN
:Change in existing behavior: Existing behavior extended as described here.
HTTP
- Support for IPv4 and IPv6 HTTP Redirect URLs With Lengths Greater than 64 Characters
You can now configure the length of the URL to which a subscriber's initial Web browser session is redirected to be up to 230 characters using the ip http redirectUrl and ipv6 http redirectUrl commands. This functionality enables the redirection of a subscriber's initial Web browser session to websites that have a longer URL.
You can provide initial provisioning and service selection for the subscriber by using the IPv4 and IPv6 HTTP redirect URL feature. The HTTP local server on the router listens to and processes IPv4 and IPv6 exception packets on the default TCP port (80) by using the HTTP redirect feature for the Service Manager application. The exception rule enables HTTP redirect to perform application-dependent action on the content of the packet.
Change in existing behavior: Existing behavior extended as described here. In lower-numbered releases, you could configure the redirect URL for IPv4 and IPv6 packets to be up to a length of only 64 characters.
IPv6
- Support for Authentication and Accounting of IPv6 Subscribers
DHCPv6 local server now supports authentication and accounting of the IPv6 subscribers that come directly over the Ethernet.
The following commands have been added or modified to support this feature:
Change in existing behavior: Existing feature extended as described here. In lower-numbered releases, DHCPv6 local server only supported delegation of IPv6 prefixes to IPv6 subscribers coming directly over Ethernet (VLAN) without prior authentication.
- Increased Number of IPv6 Prefixes Delegated to Clients Using DHCPv6 Local Server
The maximum number of subscribers that are allocated IPv6 prefixes using the Prefix Delegation mechanism of the DHCPv6 local server running on the router has increased from 32,000 to 48,000. In a scenario in which the customer premises equipment (CPE) uses only the Prefix Delegation feature and not the Neighbor Discovery method to obtain IPv6 prefixes from the DHCPv6 local server, the maximum number of subscribers to which IPv6 prefixes are delegated from the DHCPv6 local server is 48,000.
When both IPv6 Neighbor Discovery router advertisements and DHCPv6 Prefix Delegation methods are used to assign IPv6 prefixes to clients, either two or three host routes for IPv6 might be consumed from the routing table. If the same prefix with a length of /64 for ICMPv6 Neighbor Discovery router advertisements is assigned to all subscribers, the DHCPv6 local server can handle a maximum of up to 48,000 subscribers for delegation of IPv6 prefixes. If the RADIUS server assigns a unique router advertisement prefix route for each subscriber, a maximum of only 33,333 subscribers can be handled for delegation of prefixes.
The increased scaling limit of support for delegation of IPv6 prefixes using the DHCPv6 local server Prefix Delegation mechanism for 48,000 subscribers applies only to E120 and E320 routers and not to ERX14xx models, ERX7xx models, and the ERX310 router because the binding information is stored in the SRP modules of E120 and E320 routers.
Also, a limitation exists on the number of IPv6 interfaces and the IPv6 routing table size supported by ERX routers that prevents the support for 48,000 subscribers for Prefix Delegation on DHCPv6 local servers running on those routers.
Change in existing behavior: Existing feature extended as described here. In lower-numbered releases, the maximum number of subscribers to which the DHCPv6 local server could allocate IPv6 addresses using the Prefix Delegation method was 32,000.
- Enhanced Support for Detection of Duplicate IPv6 Prefixes
You can now configure AAA to detect duplicates of IP and IPv6 Neighbor Discovery router advertisement prefixes, Framed IPv6 prefixes, DHCPv6 delegated prefixes, and Framed-IP-Address by validating the prefix against the AAA database. If AAA detects a non-unique IP address or IPv6 prefix, the corresponding subscriber session is terminated. Use the aaa duplicate-prefix-check-extension command to enable the detection of duplicate IPv6 prefixes by checking for any DHCPv6-Delegated-IPv6-Prefix, IPv6-NdRa-Prefix, or Framed-IPv6-Prefix attribute in the AAA database. For example:
host1(config)# aaa duplicate-prefix-check-extension enable
The enhanced duplicate IPv6 prefix detection capability is disabled by default. You can use the show aaa duplicate-prefix-check-extension command to check whether the enhanced duplicate IPv6 prefix detection capability is enabled.
AAA does not detect duplicates of overlapping IPv6 prefixes. Also, the aaa duplicate-prefix-check-extension command detects duplicate prefixes for the default VR and is not limited to detecting duplicates on a per-VR basis.
The following commands have been added to support the enhanced detection of duplicate IPv6 prefixes:
As a part of this feature, the aaaServerGeneral log has been modified to capture the debug messages generated when the duplicate prefix is detected, when there is no duplicate prefix detected, or when the IPv6 prefix is not allocated.
Change in existing behavior: Existing feature extended as described here. In lower-numbered releases, validation of the prefix was done only against the IP route table. This is no longer the case.
L2TP
- Configuring Groups for LNS Sessions
You can now define and configure session limit groups under the L2TP destination profile. You can also limit the maximum sessions for each session limit group.
This feature gives an option to place each L2TP host profile into a particular session limit group, defined under the L2TP destination profile.
The following commands have been added or enhanced to support this feature:
Change in existing behavior: Existing feature extended as described here.
Packet Mirroring
- Packet Mirroring Support for Secure IPv6 Policies on ES2 10G LMs
JunosE Software now supports the packet mirroring functionality for secure IPv6 policies on ES2 10G LMs. You can use this functionality to enable the parameters of a secure IPv6 policy list created for a user to be mirrored to an external host for analysis. Packet mirroring for secure IPv6 policies works with the following IOAs that support ES2 10G LMs:
If you use the router's CLI commands to configure and manage packet mirroring, by default, attaching a secure IPv6 policy list to an interface results in no packet mirroring because the router creates the policy list with a mirror disable rule. You must use the mirror enable command to enable the secure ipv6 policy-list command to be made visible and used for packet mirroring in the current CLI session.
You can configure the analyzer interface, which is an IPv4 interface, as a tunnel source from which the mirrored packet is sent to an analyzer (the mediation device) or connect the analyzer port to an analyzer device that receives the mirrored traffic related to a user from the E Series router.
Change in existing behavior: Existing behavior extended as described here. In lower-numbered releases, packet mirroring capability was available only for IPv4.
SDX Software and SRC Software
- Inclusion of NAS-Port and NAS-IP Address Values in the COPS REQ Message
JunosE Software now supports sending the LAC side NAS-Port, LAC side NAS-IP, and LNS side NAS-IP of the user to the SRC in the COPS REQ message. This information helps the SRC to identify the user based on these attributes.
To enable this feature, use the sscc option send-lac-nas-ip command and the sscc option send-lac-nas-port command in Global Configuration mode.
The following command has been modified in this release:
The output of the following command has been modified in this release:
Change in existing behavior: Existing feature extended as described here.
Stateful Line Module Switchover (High Availability)
- Support for Stateful Line Module Switchover on ES2 4G LMs with ES2-ES1 Service IOA on E120 and E320 Routers
JunosE Software now supports high availability for ES2 4G line modules configured with Service IOAs on E120 and E320 routers. These line modules function in a 1:1 redundancy mode with the active module as the primary line module and the spare or standby module as the secondary line module. This functionality of high availability for line modules is also referred to as stateful line module switchover.
During a stateful switchover from the active line module to the standby line module, the existing subscriber sessions remain active with a brief disconnection in traffic of less than 120 seconds. Stateful line module switchover maintains the user sessions and reduces the data forwarding outage through the router to a brief duration during the switchover, thereby improving the overall availability of the router.
The following commands have been added or modified to support configuration and monitoring of stateful line module switchover:
As part of this feature, the following SNMP MIB objects have been added to the Juniper Networks Redundancy MIB to support the stateful line module switchover functionality:
- juniLcRedundancyActiveSlot
- juniLcCardRedundancyStandbySlot
- juniLcRedundancyLastResetReason
- juniLcRedundancyActivationType
- juniLcRedundancyHaActiveTime
- juniLcRedundancySwitchoverTime
- juniLcRedundancySwitchoverNotification
- juniLcRedundancyStateEnabledNotification
- juniLcRedundancyStateDisabledNotification
In addition, the ha event log category has been modified to record information when the system transitions from one high availability state to another, when a stateful line module switchover is performed.
Change in existing behavior: New feature added as described here. In lower-numbered releases, only line module redundancy (stateless line module switchover) was supported. In this release, stateful line module switchover is supported.
Stateful SRP Switchover (High Availability)
- Stateful SRP Switchover Support for DHCP Proxy Client Bindings
DHCP proxy client now supports stateful SRP switchover. When the DHCP proxy client is configured on a virtual router, the proxy client requests an IP address from the DHCP server on behalf of the PPP subscriber. The obtained IP is transmitted to the PPP subscriber. The AAA server coordinates the interaction between the PPP subscriber and the DHCP proxy client. The DHCP proxy client maintains a state machine for each PPP subscriber for which it has obtained an IP address from the DHCP server.
The state machine handles the protocol message exchanges between the PPP subscriber and the DHCP proxy client and maintains the DHCP lease for the allocated IP addresses. To enable DHCP proxy client bindings to be preserved across a warm restart of the router, the following state information for clients is mirrored from the primary SRP module to the standby SRP module. Such a mirroring of the state information enables the standby SRP module that takes over as the primary module after a stateful SRP switchover procedure to handle requests from subscribers seamlessly and without disruption.
The following is a list of client bindings along with their states:
- IP addresses of the DHCP proxy client and PPP subscriber.
- Last transaction ID.
- Lease time of IP addresses allocated to subscribers.
- Lease time that is remaining for each client binding so that the standby SRP module, when it takes over as the primary, can continue with the DHCP lease without renewing the lease.
When the standby SRP module takes over as the primary after a stateful SRP switchover operation, it continues to handle DHCP lease renewal requests from existing clients based on their states and processes state transitions without any disruption. Lease times on existing client bindings are preserved across a stateful SRP switchover operation.
Change in existing behavior: Existing feature extended as described here. In lower-numbered releases, DHCP proxy client bindings were not retained across a warm restart of the router because the client binding details were stored in volatile memory, which was erased after a stateful SRP switchover process.
System
- Support for Monitoring the Real-Time Clock Chip Time
You can use the show calendar command in User EXEC mode and Privileged EXEC mode to view the hardware or real-time clock chip time in the traditional 24-hour format, hours:minutes:seconds, for a real-time clock that is working properly. The show calendar command displays appropriate error messages for an RTC that is malfunctioning. Setting the software clock using the clock set command also causes the hardware or RTC chip to be updated to the same time as the software system clock.
Change in existing behavior: New feature added as described here. In lower-numbered releases, you could not test the state of the real-time clock battery and view its working condition using a show command.
System Management
- Support for Cyclic Redundancy Check in Configuration Files
Cyclic Redundancy Check (CRC) validation is now supported for configuration files to provide protection against files that have been corrupted due to various reasons. With this feature, the CRC value can be stored as part of the configuration file header and can be verified using the service check-config command, before the configuration file is used.
In older configuration files, CRC was not computed and the system did not store the real CRC value in the file header. Instead, it stored a dummy value (0x00000000) in the configuration file header.
With this new feature, the CRC value is calculated for the configuration file using the copy running-configuration command. This command also calculates the CRC values for all the configuration files embedded within the configuration file.
The service check-config command then checks the CRC stored in the configuration file and ensures that there are no data errors in the configuration file. If the command does detect any errors, the error is stored in a system log.
Change in existing behavior: New feature added as described here.
System Maximums
- Increased Number of DHCP Proxy Client Bindings
The maximum number of DHCP proxy client bindings that are stored on the router chassis has increased from 32,000 to 48,000. The DHCP proxy client running on the router maintains the lease information of the allocated IP address on behalf of the PPP subscriber to ensure that the lease does not expire. When the PPP subscriber terminates, the proxy client returns the IP address to the DHCP server.
You can use the show dhcp proxy-client bindings command to view information about the client bindings, such as the binding ID, the IP addresses of the server and the client that are associated in the binding, lease times, time until the lease time of the allocated IP address is active, and the status of the binding.
The following show command has been added to support this feature:
Change in existing behavior: New system maximums as described here.
|
Copyright © 2011, Juniper Networks, Inc. Report An Error |
|
|