Release Highlights
Release 11.0.0 includes the features described in this section.
DHCP
DHCPv6 local server now supports stateful SRP switchover (high availability). The router can now restore client bindings instead of re-creating them after receiving a renew/rebind request from DHCPv6 clients.
 |
NOTE: The lease times are retained after a stateful SRP switchover. However, DHCPv6 packet statistics are not retained across a stateful SRP switchover and are reset after a warm restart. |
After SRP warm switchover, the router restores the client bindings for all DHCPv6 clients from the mirrored DHCPv6 information. The router also re-installs the IPv6 interfaces and access routes.
You can now delete DHCPv6 client bindings from the CLI instead of waiting for the lease timer of an existing client binding to expire. Use the dhcpv6 delete-bindings command to delete all client bindings, a specific client bindings, or a specific group of client bindings.
|
NOTE: DHCPv6 does not support unified ISSU. If DHCPv6 is configured, you cannot perform a unified ISSU process. |
Change in existing behavior: Existing feature extended as described here. In lower-numbered releases, after SRP warm switchover, the router waited for a renew or rebind request from the clients before re-creating the bindings from the mirrored AAA information. You were also not able to delete DHCPv6 client bindings. This is no longer the case.
L2TP
You can configure up to 31 tunnel definitions for an L2TP subscriber using either AAA domain maps or RADIUS returned values. Each tunnel definition contains both fixed-length and variable-length tunnel attributes. All tunnel definitions and their attributes that are stored in AAA are mirrored in a single transaction. When the size of the mirrored storage transaction exceeds 9866 bytes, the router disables stateful SRP switchover (high availability).
The size of the transaction can exceed 9866 bytes when you configure all the variable length tunnel attributes of more than 17 tagged tunnel definitions, using either RADIUS or domain maps, to their maximum values.
When the size of a transaction exceeds 9866 bytes, the router now mirrors the tunnel definitions in a different transaction. As a result, stateful SRP switchover is not disabled when you configure all the variable length tunnel attributes of all 31 tunnel definitions to their maximum values or when the RADIUS server sends tunnel attributes whose length exceeds the maximum length.
Change in existing behavior: Feature extended as described here. In lower-numbered releases, the router disabled stateful SRP switchover when the size of the mirrored storage transaction exceeded 9866 bytes. This is no longer the case.
L2TP policy is now supported on the ES2 10G ADV LM.
Change in existing behavior: Existing feature extended as described here.
MPLS
- Support for S-VLAN Tag Addition and Removal During Transmission of Ethernet Frames Through Martini Circuits on ES2 10G ADV LMs
Support has been added to ES2 10G ADV line modules for the addition and removal of S-VLAN tags during the transmission of Ethernet frames through Martini circuits. In this release, you can configure an S-VLAN subinterface on ES2 10G ADV LMs to enable the provider edge (PE) device to strip the S-VLAN tags from all packets that enter the MPLS pseudowires or Martini circuits. This functionality is also referred to as operation of Martini circuits or MPLS shim interfaces in raw mode. The raw mode operation comprises the following tasks:
- Identifying the outermost VLAN tag of the layer 2 frame received from the attachment circuit as a service-delimiting tag, stripping this tag, and then inserting the resulting frame into the pseudowire connection.
- Inserting the specified service-delimiting tag on the layer 2 frame received from the pseudowire connection and then transmitting the resulting frame to the attachment circuit.
Change in existing behavior: Existing feature extended as described here. In lower-numbered releases, the ES2 10G ADV LM did not support Ethernet raw mode operation for Martini circuits, which was supported only on GE-2, GE/FE, ES2 4G, ES2 10G, and ES2 10G Uplink LMs.
You can now configure an untagged V-LAN identifier for the customer VLAN (C-VLAN) that is configured inside an S-VLAN as part of a pseudowire on ES2 10G ADV line modules. As a result, both single-tagged and untagged frames can be transported inside a prescribed S-VLAN tag over a single pseudowire. The anyUntagged option can be configured only if the following two conditions are satisfied:
- A C-VLAN ID vlanIdValue is not configured on the major interface.
- The Ethertype that the packet must use to create a dynamic S-VLAN subinterface is 8100.
By default, the anyUntagged option is not configured on an S-VLAN subinterface.
Change in existing behavior: Existing feature extended as described here. In lower-numbered releases, the capability to configure an S-VLAN subinterface with an untagged C-VLAN ID was supported only on GE-2, GE/FE, ES2 4G, ES2 10G, and ES2 10G Uplink LMs. In this release, this functionality is also available on ES2 10G ADV LMs.
PPP
You can now configure the router to terminate invalid IPv4 subscribers and return the unused IPv4 addresses to the local address pool. When Internet Protocol version 6 Control Protocol (IPv6CP) is negotiated, the router waits for 10 seconds for Internet Protocol Control Protocol (IPCP) negotiation. If IPCP is not negotiated in 10 seconds, the interface blocks IPv4 over Network Control Protocol (NCP) packets and the IP address is returned to the local address pool. The subscribers must then reconnect to negotiate IPCP again.
The router assigns IPv4 and IPv6 addresses for a PPP subscriber after authentication in the following ways:
- RADIUS returns a valid IP address or a IPv6 prefix.
- The configured local address pool returns a valid IP address.
The subscriber can negotiate IPv4 addresses, IPv6 addresses, or both. After an IPv6 service is negotiated, the PPP application waits for the negotiation of the IPv4 service and then returns the assigned unused addresses to the local pool.
By default, this feature is disabled. To enable the feature, issue the ppp ipcp lockout command from Interface Configuration, Subinterface Configuration, or Profile Configuration modes. The output of the show ppp interface, show ppp interface mlppp, and show profile name commands is updated for this feature.
As part of this feature, the following SNMP MIB objects have been added to the Juniper Networks PPP MIB:
The following commands have been added or enhanced to support this feature:
Change in existing behavior: Existing feature extended as described here. In lower-numbered releases, if an IP address was assigned from the local address pool, the unused IP address remained assigned and the router did not return the unused IP addresses to the pool. As a result, the local address pools were consumed with invalid IPv4 subscribers, and the router displayed an incorrect number of IPv4 subscribers. This is no longer the case.
During a PPP configuration request, if any of the primary or secondary DNS options are rejected, or if they are unacceptable, you can now prompt the CPE (Customer Premises Equipment) to negotiate the IPCP primary and secondary DNS options that are locally available with B-RAS (Broadband Remote Access Server). This feature is controlled by CLI and SNMP configuration options. A new command, ppp ipcp prompt-option dns, has been added to support this feature.
The following commands have been enhanced to support this feature:
In addition, the following MIB objects have been added to support this feature:
Change in existing behavior: New feature extended as described here.
SDX Software and SRC Software
In this release, you can configure the SRC client on an E Series router, which functions as the Common Open Policy Service (COPS) client, to support policy and QoS configuration for L2TP access concentrator (LAC) interfaces. This functionality is supported only in environments in which the E Series router is configured as an LAC in an L2TP tunnel. In addition to enabling LAC interfaces to be managed by the COPS client, you can enable policies specific to LAC interfaces to be installed and removed from such interfaces using COPS messages.
You can now use the sscc protocol lac command in Global Configuration mode to enable policy and QoS configuration to be managed by the SRC client for L2TP LAC interfaces. When you configure LAC interfaces to be managed by the SRC client, the router generates COPS messages for every LAC interface created and removed from the router and sends them to the COPS server.
|
NOTE: You must enable the SRC client on the virtual router to be able to configure policy and QoS support for L2TP LAC interfaces by the COPS messages. |
Classification of packet flow on LAC interfaces is supported for the following criteria:
The following policy rules are managed by the COPS client, when L2TP LAC interfaces are enabled for policy management by the COPS client:
By default, LAC interfaces on a virtual router configured as an LAC are not enabled for policy and QoS settings to be applied on them by the COPS client.
Also, the output of the show sscc info command has been updated to display information about L2TP LAC interfaces being managed by the SRC client for policy and QoS settings, if the SRC client enabled on the virtual router that functions as an LAC.
As part of this feature, the ssccLacGeneral log event category has been added to support the SRC software to manage policy and QoS settings on L2TP interfaces configured on a router that operates as an LAC, which is configured as a COPS client.
The following commands have been added or updated to support this feature:
Change in existing behavior: New feature added as described here.
You can now force an E Series router to restart a COPS connection to, and resynchronize with, a Policy Decision Point (PDP), without removing the SRC client. The no sscc enable cops command removes the SRC client. The SRC software functions as the COPS server, or PDP.
The SRC software and the SRC client maintain common state information in the Policy Information Base (PIB) structures that both the SRC software and the SRC client use. If the state of the SRC software is not synchronized with the router, the SRC software may be required to initiate resynchronization from the router. To enable the router to restart the synchronization, issue the sscc restart command from Privileged Exec mode.
This feature is applicable for any SRC software that supports COPS-PR. For more information about COPS-PR and PIBs, see the JUNOSe Broadband Access Configuration Guide.
The following command has been added as part of this feature:
Change in existing behavior: New feature as described here. In lower-numbered releases, you disabled the SRC client and reenabled it to start synchronization. The complete removal of the SRC clients was undesirable for the applications that required resynchronization in addition to maintaining the SRC client. This is no longer the case.
Stateful SRP Switchover (High Availability)
IPv6 Local Address Pools are now enabled for stateful SRP switchover.
When the IPv6 local pools are configured, you can perform a stateful SRP switchover without cold booting the router because the configuration is now stateful SRP switchover safe. After a warm restart, the IPv6 local pools retain only the In use prefix count, whereas the DHCPv6 local server preserves the other binding parameters, such as the DHCP unique ID of the subscriber's computer (DUID) and prefix lifetime values.
|
NOTE: IPv6 local address pools do not support unified ISSU. If IPv6 local address pools are configured on your virtual router, you cannot perform unified ISSU. |
Beginning with JUNOSe Release 11.0.0, DHCPv6 local servers also support stateful SRP switchover. For more information about this feature, see Stateful SRP Switchover Support for DHCPv6 Local Server.
Change in existing behavior: Existing feature extended as described here.
Subscriber Interfaces
The RADIUS application can now send the link aggregation group (LAG) interface ID to the RADIUS server when the subscriber is connected over LAG in DHCP standalone authenticate mode. The RADIUS applications use the LAG interface ID to create the Acct-Session-Id, Nas-Port-Type, Nas-Port-Id, Nas-Port, and Calling-Station-Id attributes and send them to the RADIUS server in Access-Request, Acct-Start, and Acct-Stop messages.
The RADIUS client uses the following LAG interface ID format:
lag lag-name[.subinterface[:vlan]]
lag lag-name[.subinterface[:svlan-vlan]]
- lag-name—Name of the LAG bundle
- subinterface—Number of the LAG subinterface, in the range 1-2147483647
- vlan—VLAN ID number
- svaln-vlan—S-VLAN ID number in the range 0-4095
This feature is applicable only when the subscribers in DHCP standalone authenticate mode are initialized. When other subscribers such as PPP subscribers and DHCP equal-access mode subscribers initialize over a LAG interface, the RADIUS server receives only the name of the first Ethernet interface of the LAG bundle, and not the LAG interface ID. In this case, the Ethernet interface ID is displayed in the output of the show subscribers interface command.
The following commands have been enhanced to support the AAA application to check for the LAG interface ID:
Change in existing behavior: Existing feature extended as described here. In lower-numbered releases, the AAA application did not check for the LAG interface ID and so did not send the information to RADIUS. As a result, the RADIUS client did not send the Nas-Port-Type, Nas-Port, and Calling-Station-Id attributes in Access-Request, Acct-Start, and Acct-Stop messages. This release enables the RADIUS client application to create Acct-Session-Id, Nas-Port-Type, Nas-Port-Id, Nas-Port, and Calling-Station-Id attributes based on the LAG interface ID, and send them in Access-Request, Acct-Start, and Acct-Stop messages to the RADIUS server.
System
With JUNOSe Release 11.0.0 and higher-numbered releases, we are no longer providing a set of software CD-ROMs nor can you order JUNOSe Software CD-ROMs. To download complete sets of the image, compressed in a zip bundle, to create your own software discs, see the Download Software page on the Juniper Networks website at https://www.juniper.net/customers/csc/software. You must have a valid Juniper Networks Customer Support Center user ID and password to access the software image bundle at this location.
Change in existing behavior: In lower-numbered releases, we shipped new software releases on a set of CDs. We also offered the option to download software releases from the Juniper Networks website. In this release, the only mechanism to access the software image is by using the download facility on the Juniper Networks website. You can create our own discs from the downloaded bundle.
System Management
JUNOSe Software now provides an option for faster boot time on the SRP-100, SRP-120, and SRP-320 modules. You can now use the CLI diag-level command, which is available only in the operational image, to specify a normal boot (with full diagnostics) or bypass (where diagnostics are skipped). Normal boot is the default.
Change in existing behavior: Existing feature extended as described here.
VRRP
VRRP is now supported on the ES2 10G LM, ES2 10G UPLINK LM, and ES2 10G ADV LM.
Change in existing behavior: Existing feature extended as described here.