Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Additional Features

We've extended support for the following features to these platforms.

  • Dynamic routing protocols (SRX5000 line of devices, and vSRX 3.0 running the iked process). We've extended our support to the exchange of dynamic routing information through IPsec VPN tunnels on SRX Series devices running the iked process. You can now enable dynamic routing protocols, such as OSPF, BGP, BFD, PIM, and RIP, on a st0 interface of an IPsec VPN tunnel.

    This feature is supported on the unified iked process using junos-ike package. The SRX5K-SPC3 card with RE3 comes with junos-ike package installed by default. You must run the command request system software add optional://junos-ike.tgz to load thejunos-ike package explicitly on SRX5K-SPC3 with RE2 and vSRX Virtual Firewall.

    [See Routing Protocols Support on IPsec VPN Tunnels.]

  • Juniper Secure Connect application supports IPv6 addresses (SRX5000 line of devices, and vSRX 3.0 running the iked process). While connecting to the Juniper Secure Connect application, you can provide an IPv6 address or IPv4 address as the gateway address and assign an IPv6 address or IPv4 address to a remote-access user.

    Earlier Junos OS releases support only IPv4 addresses.

    Note that IPv6 address-assignment is only supported when using certificate or EAP-based authentication

    This feature is supported on the unified iked process using junos-ike package. The SRX5K-SPC3 card with RE3 comes with junos-ike package installed by default. You must run the command request system software add optional://junos-ike.tgz to load thejunos-ike package explicitly on SRX5K-SPC3 with RE2 and vSRX Virtual Firewall.

  • OpenConfig LACP and LLDP configuration support (ACX5448 router, EX4650, and EX4650-48Y-VC switches, MX480, MX960, MX10003, and PTX10008 routers, , QFX10002-60C, QFX5110, QFX5110-VC, QFX5110-VCF, QFX5120-32C, QFX5120-48T, QFX5120-48T-VC, QFX5120-48Y, QFX5120-48Y-VC, QFX5120-48YM, QFX5200, QFX5210, , QFX10002, QFX10003, QFX10008, and QFX10016 switches). OpenConfig configuration support based on the OpenConfig data models openconfig-lacp.yang and openconfig-lldp.yang.

    [See Mapping OpenConfig LLDP Commands to Junos Configuration and OpenConfig User Guide.]

  • PFE Restart Support (MX240, MX480, and MX960 with MPC7, MPC8, and MPC9 and MX10008, MX10016 with LC2101)
  • PFE Reset Support (MX10008, MX10016 with LC2101) using command set chassis error severity threshold count action reset-pfe, for errors including ASIC errors. [See error and show chassis fpc errors.]

  • Support for inline 6rd, Mapping of Address and Port with Encapsulation (MAP-E), NAT44, and NPTv6 (MX10008 with MX10K-LC2101 line card). The line card supports:

    • Inline 6rd
    • Mapping of Address and Port with Encapsulation (MAP-E)
    • Network Address Translator IPv4/IPv4 (NAT44)
    • Stateless Source Network Prefix Translation for IPv6 (NPTv6)

    [See Configuring Inline 6rd, Stateless Source Network Prefix Translation for IPv6 Configuring Mapping of Address and Port with Encapsulation (MAP-E).]

  • Support for inline services (MX10008). MX10K-LC9600 line card supports inline services. The line card supports 4 inline services interfaces per PIC.

    [See bandwidth (Inline Services) .]

  • Support for IEEE 802.1ag CFM on service provider (SP) interfaces and Q-in-Q (point-to-point) interfaces (EX2300, EX4300-MP, EX4400-48F, EX4400-48MP, and EX4400-48P)

    [See Introduction to OAM Connectivity Fault Management (CFM).]

  • Support for an enhanced hash key (SRX5400, SRX5600, and SRX5800). SRX5000 devices support an enhanced hash key. You implement a control path for the configured setting to reach the services processing cards SPC2 and SPC3. You can configure the session-id option under the [edit forwarding-options enhanced-hash-key] hierarchy.

    [See enhanced-hash-key.]

  • Support for 40GbE QSFPP optics (EX4400-24MP, EX4400-24P, EX4400-24T, EX4400-48F, EX4400-48MP, EX4400-48P, and EX4400-48T). You can use QSFPP optics to channelize 40-Gbps speed on EX4400 switches.

    [See Hardware Compatibility Tool.]

  • Supported transceivers, optical interfaces, and DAC cables (EX Series, MX Series, and QFX Series). Select your product in the Hardware Compatibility Tool to view supported transceivers, optical interfaces, and DAC cables for your platform or interface module. We update the HCT and provide the first supported release information when the optic becomes available.

  • Support for Synchronous Ethernet (MX10008 with MX10K-LC9600)

    [See Synchronous Ethernet Overview.]

  • Support for Synchronous Ethernet over a link aggregation group (LAG) with ESMC (MX10008 with MX10K-LC9600)

    [See Synchronous Ethernet, and Ethernet Synchronization Message Channel (ESMC).]

  • Support for the Juniper Resiliency Interface (MX10008 with MX10K-LC9600)

    [See Inline Monitoring Services Configuration.]

  • Support for monitoring link degradation (MX10008 and MX10016 with MX10K-LC2101)

    [See Link Degrade Monitoring Overview.]

  • Support for PTP boundary clock over IRB for media and enterprise profiles (QFX5120-48YM)

    [See PTP Media Profile, PTP Enterprise Profile, and PTP over IRB for Broadcast Profiles.]

  • Support for endpoint de-encapsulation and specific IP table lookup (PTX Series) In enhanced mode, we support the endpoint de-encapsulation of outer IPV6 header and lookup of the inner IPV4 or IPv6 packets in specific route table defined by the end dt46 SID route’s nexthop. This enables configuration of BGP-based Layer 3 services over the SRv6 core network with BGP as the control pane and SRv6 as the dataplane,

    [ See Understanding SRv6 Network Programming and Layer 3 Services over SRv6 in BGP]

  • System OpenConfig configuration support and gNMI mixed-mode support (ACX5448, MX240, MX480, MX960, MX10003, MX10008, MX10016, MX2008, MX2010, MX2020, and PTX10002)

    [See OpenConfig User Guide].

  • Traffic selector configuration changes impacts only partial tunnels (SRX5000 line of devices, and vSRX 3.0 running the iked process). When you modify a traffic selector configuration within a VPN object, only the modified and below configured traffic selectors will go down, and any traffic selector above the modified one is unaffected. In earlier Junos OS releases, when you modify a traffic selector in a VPN object, all the traffic selectors that are part of the VPN object go down and then the tunnel renegotiation occurs.

    Only partial tunnels are impacted when you modify a traffic selector configuration as follows:
    • Add a new configuration.
    • Delete an existing configuration.
    • Update an existing parameter in the configuration.
    • Update the sequence of the configuration by moving it above or below another configuration.

    This feature is supported on the unified iked process using junos-ike package. The SRX5K-SPC3 card with RE3 comes with junos-ike package installed by default. You must run the command request system software add optional://junos-ike.tgz to load thejunos-ike package explicitly on SRX5K-SPC3 with RE2 and vSRX Virtual Firewall.

    [See traffic-selector.]

  • Virtual gateway address and virtual gateway MAC address support in EVPN-MPLS CRB overlay fabrics (MX960, MX10008, and MX2020)

    [See Anycast Gateways, Understanding the MAC Addresses for a Default Virtual Gateway in an EVPN-VXLAN or EVPN-MPLS Overlay Network, virtual-gateway-address, virtual-gateway-v4-mac, and virtual-gateway-v6-mac.]

  • VLAN-level MACsec on logical interfaces (EX9253 and QFX5120-48YM)

    [See Media Access Control Security (MACsec) over WAN.]