Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

VPNs

  • Antispoofing protection for next-hop-based dynamic tunnels (MX240, MX480, MX960, MX2010, and MX2020 with MPC10E or MX2K-MPC11E line cards)

    In Junos OS Release 21.4R1, we've added antispoofing capabilities IPv4 tunnels and IPv4 data traffic. Antispoofing for next-hop-based dynamic tunnels can detect and prevent a compromised virtual machine (inner source reverse path forwarding check) but does not apply to a compromised server that is label-spoofing. The antispoofing protection is effective when the VRF routing instance has label-switched interfaces (LSIs) using vrf-table-label or virtual tunnel (VT) interfaces. We do not support antispoofing protection for per-next-hop labels on VRF routing instances.

    [See Anti-Spoofing Protection for Next-Hop-Based Dynamic Tunnels Overview.https://www.juniper.net/documentation/us/en/software/junos/vpn-l3/topics/topic-map/l3-vpns-nh-tunnels.html#id-antispoofing-protection-for-nexthopbased-dynamic-tunnels-overview .]

  • Support for AMS in IPsec MX-SPC3 (MX240, MX480, and MX960 with MX-SPC3) —Starting in Junos OS Release 21.4R1, the MPC10E (MPC10E-15C-MRATE and MPC10E-10C-MRATE) line card interoperates with the MX-SPC3 service card to support an aggregated multiservices interface (AMS).

    [See Aggregated Multiservices Interface.]

  • Support for AMS warm standby (MX240, MX480, and MX960 with MX-SPC3)—Starting in Junos OS Release 21.4R1, the MPC10E (MPC10E-15C-MRATE and MPC10E-10C-MRATE) line card interoperates with the MX-SPC3 service card to support warm standby on an aggregated multiservices interface (AMS). In AMS warm standby mode, you can use a single service interface as a backup for multiple service interfaces.

    [See Aggregated Multiservices Interface.]

  • Support for headend termination of pseudowire services in a VPLS-enabled virtual switch (MX Series)—Starting in Junos OS Release 21.4R1, you can configure a pseudowire service transport logical interface in Layer 2 circuit. You can also configure a trunk service logical interface in a VPLS-enabled virtual switch to terminate a Layer 2 circuit instance in the virtual switch. You can terminate the same Layer 2 circuit in the VPLS instance-type routing instance with different service logical interfaces and Layer 3 VPN VRF instance-type routing instance using another service logical interface as well.

    [See Pseudowire Service Interfaces.]