Juniper JUNOSE 10.0.3 - RELEASE NOTES 4-30-2010, JUNOSe 10.0.3 Release Note

Download

Juniper Networks, Inc.

1194 North Mathilda Avenue

Sunnyvale, CA 94089

USA

408-745-2000

www.juniper.net

Published: 2010-04-30

JUNOSe™ Software for E Series

™

Broadband Services Routers

Release Notes

Release 10.0.3

Juniper Networks, the Juniper Networks logo, JUNOS, NetScreen, ScreenOS, and Steel-Belted Radius are registered trademarks of Juniper Networks, Inc. in the United States and other countries. JUNOSe is a trademark of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

Products made or sold by Juniper Networks (including the ERX310, ERX705, ERX710, ERX1410, ERX1440, M5, M7i, M10, M10i, M20, M40, M40e, M160, M320, and T320 routers, T640 routing node, and the JUNOS, JUNOSe, and SDX-300 software) or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.

JUNOSe™ Software for E Series™ Broadband Services Routers Release Notes, Release 10.0.3 Writing: Subash Babu Asokan, Krupa Chandrashekar, Megha Shaseendran, Pallavi Madhusudhan, Namrata Mehta, Diane Florio, Brian Wesley Simmons, Fran Singer, Sairam V Editing: Ben Mann, Krishnaveni Vekatesan Cover Design: Edmonds Design

Revision History April 2010—FRS JUNOSe 10.0.3

The information in this document is current as of the date listed in the revision history.

Software License

The terms and conditions for using this software are described in the software license contained in the acknowledgment to your purchase order or, to the extent applicable, to any reseller agreement or end-user purchase agreement executed between you and Juniper Networks. By using this software, you indicate that you understand and agree to be bound by those terms and conditions.

Generally speaking, the software license restricts the manner in which you are permitted to use the software and may contain prohibitions against certain uses. The software license may state conditions under which the license is automatically terminated. You should consult the license for further details.

For complete product documentation, please see the Juniper Networks Web site at www.juniper.net/techpubs.

END USER LICENSE AGREEMENT

READ THIS END USER LICENSE AGREEMENT (“AGREEMENT”) BEFORE DOWNLOADING, INSTALLING, OR USING THE SOFTWARE. BY DOWNLOADING, INSTALLING, OR USING THE SOFTWARE OR OTHERWISE EXPRESSING YOUR AGREEMENT TO THE TERMS CONTAINED HEREIN, YOU (AS CUSTOMER OR IF YOU ARE NOT THE CUSTOMER, AS A REPRESENTATIVE/AGENT AUTHORIZED TO BIND THE CUSTOMER) CONSENT TO BE BOUND BY THIS AGREEMENT. IF YOU DO NOT OR CANNOT AGREE TO THE TERMS CONTAINED HEREIN, THEN (A) DO NOT DOWNLOAD, INSTALL, OR USE THE SOFTWARE, AND (B) YOU MAY CONTACT JUNIPER NETWORKS REGARDING LICENSE TERMS.

1. The Parties. The parties to this Agreement are (i) Juniper Networks, Inc. (if the Customer’s principal office is located in the Americas) or Juniper Networks (Cayman) Limited (if the Customer’s principal office is located outside the Americas) (such applicable entity being referred to herein as “Juniper”), and (ii) the person or organization that originally purchased from Juniper or an authorized Juniper reseller the applicable license(s) for use of the Software (“Customer”) (collectively, the “Parties”).

2. The Software. In this Agreement, “Software” means the program modules and features of the Juniper or Juniper-supplied software, for which Customer has paid the applicable license or support fees to Juniper or an authorized Juniper reseller, or which was embedded by Juniper in equipment which Customer purchased from Juniper or an authorized Juniper reseller. “Software” also includes updates, upgrades and new releases of such software. “Embedded Software” means Software which Juniper has embedded in or loaded onto the Juniper equipment and any updates, upgrades, additions or replacements which are subsequently embedded in or loaded onto the equipment.

3. License Grant. Subject to payment of the applicable fees and the limitations and restrictions set forth herein, Juniper grants to Customer a non-exclusive and non-transferable license, without right to sublicense, to use the Software, in executable form only, subject to the following use restrictions:

a. Customer shall use Embedded Software solely as embedded in, and for execution on, Juniper equipment originally purchased by Customer

from Juniper or an authorized Juniper reseller.

b. Customer shall use the Software on a single hardware chassis having a single processing unit, or as many chassis or processing units for which

Customer has paid the applicable license fees; provided, however, with respect to the Steel-Belted Radius or Odyssey Access Client software only, Customer shall use such Software on a single computer containing a single physical random access memory space and containing any number of processors. Use of the Steel-Belted Radius or IMS AAA software on multiple computers or virtual machines (e.g., Solaris zones) requires multiple licenses, regardless of whether such computers or virtualizations are physically contained on a single chassis.

c. Product purchase documents, paper or electronic user documentation, and/or the particular licenses purchased by Customer may specify limits

to Customer’s use of the Software. Such limits may restrict use to a maximum number of seats, registered endpoints, concurrent users, sessions, calls, connections, subscribers, clusters, nodes, realms, devices, links, ports or transactions, or require the purchase of separate licenses to use particular features, functionalities, services, applications, operations, or capabilities, or provide throughput, performance, configuration, bandwidth, interface, processing, temporal, or geographical limits. In addition, such limits may restrict the use of the Software to managing certain kinds of networks or require the Software to be used only in conjunction with other specific Software. Customer’s use of the Software shall be subject to all such limitations and purchase of all applicable licenses.

d. For any trial copy of the Software, Customer’s right to use the Software expires 30 days after download, installation or use of the Software.

Customer may operate the Software after the 30-day trial period only if Customer pays for a license to do so. Customer may not extend or create an additional trial period by re-installing the Software after the 30-day trial period.

e. The Global Enterprise Edition of the Steel-Belted Radius software may be used by Customer only to manage access to Customer’s enterprise

network. Specifically, service provider customers are expressly prohibited from using the Global Enterprise Edition of the Steel-Belted Radius software to support any commercial network access services.

The foregoing license is not transferable or assignable by Customer. No license is granted herein to any user who did not originally purchase the applicable license(s) for the Software from Juniper or an authorized Juniper reseller.

4. Use Prohibitions. Notwithstanding the foregoing, the license provided herein does not permit the Customer to, and Customer agrees not to and shall not: (a) modify, unbundle, reverse engineer, or create derivative works based on the Software; (b) make unauthorized copies of the Software (except as necessary for backup purposes); (c) rent, sell, transfer, or grant any rights in and to any copy of the Software, in any form, to any third party; (d) remove any proprietary notices, labels, or marks on or in any copy of the Software or any product in which the Software is embedded; (e) distribute any copy of the Software to any third party, including as may be embedded in Juniper equipment sold in the secondhand market; (f) use any ‘locked’ or key-restricted feature, function, service, application, operation, or capability without first purchasing the applicable license(s) and obtaining a valid key from Juniper, even if such feature, function, service, application, operation, or capability is enabled without a key; (g) distribute any key for the Software provided by Juniper to any third party; (h) use the Software in any manner that extends or is broader than the uses purchased by Customer from Juniper or an authorized Juniper reseller; (i) use Embedded Software on non-Juniper equipment; (j) use Embedded Software (or make it available for use) on Juniper equipment that the Customer did not originally purchase from Juniper or an authorized Juniper reseller; (k) disclose the results of testing or benchmarking of the Software to any third party without the prior written consent of Juniper; or (l) use the Software in any manner other than as expressly provided herein.

5. Audit. Customer shall maintain accurate records as necessary to verify compliance with this Agreement. Upon request by Juniper, Customer shall furnish such records to Juniper and certify its compliance with this Agreement.

6. Confidentiality. The Parties agree that aspects of the Software and associated documentation are the confidential property of Juniper. As such, Customer shall exercise all reasonable commercial efforts to maintain the Software and associated documentation in confidence, which at a minimum includes restricting access to the Software to Customer employees and contractors having a need to use the Software for Customer’s internal business purposes.

7. Ownership. Juniper and Juniper’s licensors, respectively, retain ownership of all right, title, and interest (including copyright) in and to the Software, associated documentation, and all copies of the Software. Nothing in this Agreement constitutes a transfer or conveyance of any right, title, or interest in the Software or associated documentation, or a sale of the Software, associated documentation, or copies of the Software.

8. Warranty, Limitation of Liability, Disclaimer of Warranty. The warranty applicable to the Software shall be as set forth in the warranty statement that accompanies the Software (the “Warranty Statement”). Nothing in this Agreement shall give rise to any obligation to support the Software. Support services may be purchased separately. Any such support shall be governed by a separate, written support services agree

ment. TO THE MAXIMUM EXTENT PERMITTED BY LAW, JUNIPER SHALL NOT BE LIABLE FOR ANY LOST PROFITS, LOSS OF DATA, OR COSTS OR PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, THE SOFTWARE, OR ANY JUNIPER OR JUNIPER-SUPPLIED SOFTWARE. IN NO EVENT SHALL JUNIPER BE LIABLE FOR DAMAGES ARISING FROM UNAUTHORIZED OR IMPROPER USE OF ANY JUNIPER OR JUNIPER-SUPPLIED SOFTWARE. EXCEPT AS EXPRESSLY PROVIDED IN THE WARRANTY STATEMENT TO THE EXTENT PERMITTED BY LAW, JUNIPER DISCLAIMS ANY AND ALL WARRANTIES IN AND TO THE SOFTWARE (WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE), INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT DOES JUNIPER WARRANT THAT THE SOFTWARE, OR ANY EQUIPMENT OR NETWORK RUNNING THE SOFTWARE, WILL OPERATE WITHOUT ERROR OR INTERRUPTION, OR WILL BE FREE OF VULNERABILITY TO INTRUSION OR ATTACK. In no event shall Juniper’s or its suppliers’ or licensors’ liability to Customer, whether in contract, tort (including negligence), breach of warranty, or otherwise, exceed the price paid by Customer for the Software that gave rise to the claim, or if the Software is embedded in another Juniper product, the price paid by Customer for such other product. Customer acknowledges and agrees that Juniper has set its prices and entered into this Agreement in reliance upon the disclaimers of warranty and the limitations of liability set forth herein, that the same reflect an allocation of risk between the Parties (including the risk that a contract remedy may fail of its essential purpose and cause consequential loss), and that the same form an essential basis of the bargain between the Parties.

9. Termi natio n. Any breach of this Agreement or failure by Customer to pay any applicable fees due shall result in automatic termination of the license granted herein. Upon such termination, Customer shall destroy or return to Juniper all copies of the Software and related documentation in Customer’s possession or control.

10. Taxes. All license fees payable under this agreement are exclusive of tax. Customer shall be responsible for paying Taxes arising from the purchase of the license, or importation or use of the Software. If applicable, valid exemption documentation for each taxing jurisdiction shall be provided to Juniper prior to invoicing, and Customer shall promptly notify Juniper if their exemption is revoked or modified. All payments made by Customer shall be net of any applicable withholding tax. Customer will provide reasonable assistance to Juniper in connection with such withholding taxes by promptly: providing Juniper with valid tax receipts and other required documentation showing Customer’s payment of any withholding taxes; completing appropriate applications that would reduce the amount of withholding tax to be paid; and notifying and assisting Juniper in any audit or tax proceeding related to transactions hereunder. Customer shall comply with all applicable tax laws and regulations, and Customer will promptly pay or reimburse Juniper for all costs and damages related to any liability incurred by Juniper as a result of Customer’s non-compliance or delay with its responsibilities herein. Customer’s obligations under this Section shall survive termination or expiration of this Agreement.

11 . Export. Customer agrees to comply with all applicable export laws and restrictions and regulations of any United States and any applicable foreign

agency or authority, and not to export or re-export the Software or any direct product thereof in violation of any such restrictions, laws or regulations, or without all necessary approvals. Customer shall be liable for any such violations. The version of the Software supplied to Customer may contain encryption or other capabilities restricting Customer’s ability to export the Software without an export license.

12. Commercial Computer Software. The Software is “commercial computer software” and is provided with restricted rights. Use, duplication, or disclosure by the United States government is subject to restrictions set forth in this Agreement and as provided in DFARS 227.7201 through

227.7202-4, FAR 12.212, FAR 27.405(b)(2), FAR 52.227-19, or FAR 52.227-14(ALT III) as applicable.

13. Interface Information. To the extent required by applicable law, and at Customer's written request, Juniper shall provide Customer with the interface information needed to achieve interoperability between the Software and another independently created program, on payment of applicable fee, if any. Customer shall observe strict obligations of confidentiality with respect to such information and shall use such information in compliance with any applicable terms and conditions upon which Juniper makes such information available.

14. Third Party Software. Any licensor of Juniper whose software is embedded in the Software and any supplier of Juniper whose products or technology are embedded in (or services are accessed by) the Software shall be a third party beneficiary with respect to this Agreement, and such licensor or vendor shall have the right to enforce this Agreement in its own name as if it were Juniper. In addition, certain third party software may

be provided with the Software and is subject to the accompanying license(s), if any, of its respective owner(s). To the extent portions of the Software are distributed under and subject to open source licenses obligating Juniper to make the source code for such portions publicly available (such as the GNU General Public License (“GPL”) or the GNU Library General Public License (“LGPL”)), Juniper will make such source code portions (including

Juniper modifications, as appropriate) available upon request for a period of up to three years from the date of distribution. Such request can be made in writing to Juniper Networks, Inc., 1194 N. Mathilda Ave., Sunnyvale, CA 94089, ATTN: General Counsel. You may obtain a copy of the GPL

at http://www.gnu.org/licenses/gpl.html, and a copy of the LGPL at http://www.gnu.org/licenses/lgpl.html.

15. Miscellaneous. This Agreement shall be governed by the laws of the State of California without reference to its conflicts of laws principles. The provisions of the U.N. Convention for the International Sale of Goods shall not apply to this Agreement. For any disputes arising under this Agreement, the Parties hereby consent to the personal and exclusive jurisdiction of, and venue in, the state and federal courts within Santa Clara County, California. This Agreement constitutes the entire and sole agreement between Juniper and the Customer with respect to the Software, and supersedes all prior and contemporaneous agreements relating to the Software, whether oral or written (including any inconsistent terms contained in a purchase order), except that the terms of a separate written agreement executed by an authorized Juniper representative and Customer shall govern to the extent such terms are inconsistent or conflict with terms contained herein. No modification to this Agreement nor any waiver of any rights hereunder shall be effective unless expressly assented to in writing by the party to be charged. If any portion of this Agreement is held invalid, the Parties agree that such invalidity shall not affect the validity of the remainder of this Agreement. This Agreement and associated documentation has been written in the English language, and the Parties agree that the English version will govern. (For Canada: Les parties aux présentés confirment leur volonté que cette convention de même que tous les documents y compris tout avis qui s'y rattaché, soient redigés en langue anglaise. (Translation: The parties confirm that this Agreement and all related documentation is and will be in the English language)).

Table of Contents  v

Table of Contents

Release 10.0.3 1

Release Installation ..........................................................................................1

Upgrading to Release 5.3.0 or a Higher-Numbered Release.......................1

Upgrading from Release 5.1.1 or Lower-Numbered Releases to

Release 6.x.x or Higher-Numbered Releases ....................................... 2

Moving Line Modules Between Releases ....................................................2

SRP Module Memory Requirements ..........................................................3

Hardware and Software Compatibility.......................................................3

Requesting Technical Support .........................................................................3

Self-Help Online Tools and Resources........................................................4

Opening a Case with JTAC ......................................................................... 4

Release Overview............................................................................................. 5

Before You Start ........................................................................................ 5

Release Highlights............................................................................................7

Early Field Trial Features.................................................................................. 7

DHCP ........................................................................................................7

Unified ISSU .............................................................................................. 8

Unsupported Features ...................................................................................... 8

E120 Router and E320 Router ................................................................... 8

Multicast....................................................................................................8

Policy Management ...................................................................................9

Stateful SRP Switchover (High Availability) ................................................ 9

Release Software Protocols .............................................................................. 9

Core Routing Stack ....................................................................................9

Network Management Protocols................................................................9

Routing Protocols ...................................................................................... 9

Multiprotocol Label Switching (MPLS) ......................................................10

Layer 2 Protocols..................................................................................... 10

Security Protocols....................................................................................11

SRC Software and SDX Software Compatibility Matrix................................... 11

Known Behavior ............................................................................................11

AAA......................................................................................................... 11

ATM.........................................................................................................12

BGP ......................................................................................................... 12

BGP/MPLS VPNs ......................................................................................12

B-RAS ......................................................................................................12

CLI........................................................................................................... 13

DHCP ......................................................................................................16

DHCP External Server.............................................................................. 17

Dynamic Interfaces .................................................................................18

Ethernet .................................................................................................. 19

Flash........................................................................................................20

Forwarding ..............................................................................................20

GRE ......................................................................................................... 20

vi  Table of Contents

JUNOSe 10.0.3 Release Notes

Hardware ................................................................................................20

HDLC....................................................................................................... 21

IP.............................................................................................................21

IPSec .......................................................................................................23

IS-IS.........................................................................................................24

L2TP........................................................................................................24

Line Module Redundancy ........................................................................25

MLPPP.....................................................................................................25

MPLS ....................................................................................................... 26

Multicast..................................................................................................26

Packet Mirroring...................................................................................... 26

Policy Management .................................................................................27

PPP..........................................................................................................29

PPPoE......................................................................................................29

QoS .........................................................................................................29

RADIUS ...................................................................................................30

SNMP ...................................................................................................... 30

SRC Software and SDX Software ............................................................. 31

SSH ......................................................................................................... 31

Stateful SRP Switchover (High Availability) .............................................. 32

Subscriber Interfaces ...............................................................................33

System ....................................................................................................33

System Logging ....................................................................................... 34

Tunneling ................................................................................................ 34

Known Problems and Limitations ..................................................................35

AAA......................................................................................................... 35

ANCP....................................................................................................... 35

ARP ......................................................................................................... 35

ATM.........................................................................................................35

BFD ......................................................................................................... 37

Bridged Ethernet .....................................................................................37

CLI........................................................................................................... 37

DHCP ......................................................................................................37

DHCP External Server.............................................................................. 38

DHCP Server............................................................................................38

DoS Protection ........................................................................................ 38

Ethernet .................................................................................................. 39

File System..............................................................................................39

Forwarding ..............................................................................................39

IGMP ....................................................................................................... 40

IP.............................................................................................................40

IPSec .......................................................................................................41

IS-IS.........................................................................................................42

L2TP........................................................................................................42

MLD ........................................................................................................ 42

MLPPP.....................................................................................................42

Mobile IP ................................................................................................. 43

MPLS ....................................................................................................... 43

Multicast..................................................................................................44

Netflow.................................................................................................... 44

Policy Management .................................................................................44

PPPoE......................................................................................................46

QoS .........................................................................................................46

Service Manager ......................................................................................47

Table of Contents

 vii

SNMP ...................................................................................................... 48

SONET..................................................................................................... 48

SRC Software and SDX Software ............................................................. 48

Stateful SRP Switchover (High Availability) and IP Tunnels......................49

Subscriber Interfaces ...............................................................................49

Subscriber Management .......................................................................... 49

System ....................................................................................................49

System Logging ....................................................................................... 50

TCP ......................................................................................................... 50

Unified ISSU ............................................................................................ 50

Resolved Known Problems ............................................................................ 51

AAA......................................................................................................... 51

ATM.........................................................................................................51

CLI........................................................................................................... 51

DHCP ......................................................................................................51

DHCP Relay............................................................................................. 52

DHCP Server............................................................................................52

DoS ......................................................................................................... 52

Ethernet .................................................................................................. 52

Forwarding ..............................................................................................52

Hardware ................................................................................................53

HTTP Server ............................................................................................ 53

IGMP ....................................................................................................... 53

IP.............................................................................................................53

IS-IS.........................................................................................................53

L2TP........................................................................................................53

PPPoE......................................................................................................54

QoS .........................................................................................................54

Service Manager ......................................................................................54

SRC Software and SDX Software ............................................................. 54

Unified ISSU ............................................................................................ 54

Errata.............................................................................................................55

Appendix A

System Maximums 67

ERX310, ERX7xx, and ERX14xx System Maximums.....................................68

General System Maximums ..................................................................... 68

Physical and Logical Density Maximums ................................................. 69

Link Layer Maximums ............................................................................. 72

Routing Protocol Maximums ................................................................... 77

Policy and QoS Maximums......................................................................81

Tunneling Maximums.............................................................................. 83

Subscriber Management Maximums........................................................85

E120 and E320 System Maximums ............................................................... 88

General System Maximums ..................................................................... 88

Physical and Logical Density Maximums ................................................. 89

Link Layer Maximums ............................................................................. 91

Routing Protocol Maximums ................................................................... 97

Policy and QoS Maximums....................................................................100

Tunneling Maximums............................................................................ 103

Subscriber Management Maximums......................................................105

viii  Table of Contents

JUNOSe 10.0.3 Release Notes

Appendix B Module Name Cross-Reference Information 107

Module Name Cross-Reference Information.................................................107

Appendix C Transferring DSL Line Rate Information from an Access Node to SRC

Software 109

Configuring the SRC Client to Retrieve DSL Information from

Access Nodes......................................................................................... 109

Monitoring the Status of Transfer of Updated DSL Line Rate

Parameters to the COPS Server .............................................................112

JUNOSe Command Reference Guide Update ................................................113

sscc update-policy-request enable ................................................................ 113

Release Installation  1

Release 10.0.3

Release Installation

Complete procedures for installing the system software are available in JUNOSe System Basics Configuration Guide, Chapter 3, Installing JUNOSe Software.

New software releases are available for download from the Juniper Networks website at http://www.juniper.net/customers/support. You can use the downloaded image bundle to create your own software CDs.

Before upgrading to a new version of software, save your router’s running configuration to a .cnf file or .scr file. If you subsequently need to downgrade for any reason, you can restore the earlier software version.

Upgrading to Release 5.3.0 or a Higher-Numbered Release

When you upgrade from a lower-numbered release to Release 5.3.0 or a higher-numbered release, the higher release might not load if you issue the boot system command from Boot mode while the lower-numbered software is running on the router or if you insert a flash card running a higher-numbered release into a system running a lower numbered release. However, if you issue the boot system command from Global Configuration mode, the new software loads properly.

NOTE: When you upgrade the software on a router that has a large number of

interfaces configured, the router might appear to be unresponsive for several minutes. This condition is normal; allow the process to continue uninterrupted.

JUNOSe 10.0.3 Release Notes

2  Release Installation

Upgrading from Release 5.1.1 or Lower-Numbered Releases to Release 6.x.x or Higher-Numbered Releases

Release 5.1.1 or lower-numbered releases support application images only up to 172 MB. To install larger application images for Release 6.0.0 and higher-numbered releases, you must first install Release 5.1.2 (or a higher-numbered 5.x.x release). This enables the system to support application images greater than 172 MB. For example, you cannot go from Release 5.1.1 to Release 7.2.0 without first upgrading to Release 5.1.2. See the following table for compatibility of releases.

Your software upgrades may be available remotely through Telnet or FTP, or may be delivered on a new NVS card. Depending on how you access the software updates, there are two different procedures to follow. For more detailed information on installing software, and about NVS cards and SRP modules, see the following documents:

 JUNOSe System Basics Configuration Guide, Chapter 6, Managing Modules

 Upgrading NVS Cards on SRP Modules in ERX Hardware Guide, Chapter 8,

Maintaining ERX Routers

 Upgrading NVS Cards on SRP Modules in E120 and E320 Hardware Guide, Chapter

8, Maintaining the Router

Moving Line Modules Between Releases

The Juniper Networks ERX1440 Broadband Services Router employs a 40-Gbps SRP module and a new midplane. Release 3.3.2 was the first software release to support the 40-Gbps SRP module and midplane. Before you can transfer a compatible line module from a Juniper Networks ERX705, ERX710, or ERX1410 Broadband Services Router to an ERX1440 router, you must first load Release 3.3.2 or a higher release onto the current router, and then reboot the router to load the release onto the line modules. If you then move any of those line modules to an ERX1440 router, that router is able to recognize the line module.

If you move a compatible line module from an ERX1440 router to an ERX705, ERX710, or ERX1410 router, the module loads properly in the new router regardless of the release.

JUNOSe Release

Highest Release Able to Load

Cannot Load

Maximum Application Image

5.1.1 or lower-numbered release

5.3.5p0-2 or the highest-numbered 5.x.x release

6.x.x or higher-numbered release

~172 MB

5.1.2 or higher-numbered release

No limitation Not applicable ~234 MB

7.2.0 or higher-numbered release

No limitation Not applicable ~256 MB

Requesting Technical Support  3

Release 10.0.3

SRP Module Memory Requirements

For Release 5.3.0 and higher-numbered software releases on ERX14xx models, ERX7xx models, and the Juniper Networks ERX310 Broadband Services Router, see ERX Module Guide, Table 1, ERX Module Combinations, for detailed information about memory requirements.

For Release 8.2.0 and higher-numbered software releases on Juniper Networks E120 and E320 Broadband Services Routers, see E120 and E320 Module Guide, Table 1, Modules and IOAs, for detailed information about memory requirements.

Hardware and Software Compatibility

For important information about hardware and software, see the document set as follows:

 Combinations of line modules to achieve line rate performance are in JUNOSe

System Basics Configuration Guide, Chapter 6, Managing Modules.

 Compatibility of ERX router modules with software releases is in ERX Module

Guide, Table 1, ERX Module Combinations.

 Layer 2 and layer 3 protocols and applications supported by ERX router

modules are in ERX Module Guide, Appendix A, Module Protocol Support.

 Compatibility of E120 router and E320 router modules with software releases is

in E120 and E320 Module Guide, Table 1, Modules and IOAs.

 Layer 2 and layer 3 protocols and applications supported by IOAs on the E120

router and the E320 router are in E120 and E320 Module Guide, Appendix A, IOA Protocol Support.

Requesting Technical Support

Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC). If you are a customer with an active J-Care or JNASC support contract, or are covered under warranty, and need post-sales technical support, you can access our tools and resources online or open a case with JTAC.

 JTAC Policies—For a complete understanding of our JTAC procedures and

policies, review the JTAC User Guide located at http://www.juniper.net/customers/support/downloads/710059.pdf

 Product Warranties—For product warranty information, visit

http://www.juniper.net/support/warranty/

 JTAC Hours of Operation—The JTAC centers have resources available 24 hours

a day, 7 days a week, 365 days a year.

JUNOSe 10.0.3 Release Notes

4  Requesting Technical Support

Self-Help Online Tools and Resources

For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called the Customer Support Center (CSC) that provides you with the following features:

 Find CSC offerings:

http://www.juniper.net/customers/support/

 Search for known bugs:

http://www2.juniper.net/kb/

 Find product documentation:

http://www.juniper.net/techpubs/

 Find solutions and answer questions using our Knowledge Base:

http://kb.juniper.net/

 Download the latest versions of software and review release notes:

http://www.juniper.net/customers/csc/software/

 Search technical bulletins for relevant hardware and software notifications:

https://www.juniper.net/alerts/

 Join and participate in the Juniper Networks Community Forum:

http://www.juniper.net/company/communities/

 Open a case online in the CSC Case Manager:

http://www.juniper.net/cm/

To verify service entitlement by product serial number, use our Serial Number Entitlement (SNE) Tool located at https://tools.juniper.net/SerialNumberEntitlementSearch/

Opening a Case with JTAC

You can open a case with JTAC on the Web or by telephone.

 Use the Case Manager tool in the CSC at

http://www.juniper.net/cm/

 Call 1-888-314-JTAC

(1-888-314-5822 – toll free in the USA, Canada, and Mexico)

For international or direct-dial options in countries without toll-free numbers, visit http://www.juniper.net/support/requesting-support.html

Release Overview  5

Release 10.0.3

Release Overview

These Release Notes cover Release 10.0.3 of the system software for the Juniper Networks E Series Broadband Services Routers and contain the following sections:

 Release Highlights on page 7

 Early Field Trial Features on page 7

 Unsupported Features on page 8

 Release Software Protocols on page 9

 SRC Software and SDX Software Compatibility Matrix on page 11

 Known Behavior on page 11

 Known Problems and Limitations on page 35

 Resolved Known Problems on page 51

 Errata on page 55

 Appendix A, System Maximums, on page 67

 Appendix B, Module Name Cross-Reference Information, on page 107

 Appendix C, Transferring DSL Line Rate Information from an Access Node to SRC

Software, on page 109

If the information in these Release Notes differs from the information found in the published documentation set, follow these Release Notes.

Before You Start

These Release Notes include information about the changes between Releases

10.0.2 and 10.0.3. Before you use your new software, read these Release Notes in their entirety, especially the section Known Problems and Limitations. You need the following documentation to fully understand all the features available in Release

10.0.3:

 These 10.0.3 Release Notes, which describe changes between Release 10.0.2

and Release 10.0.3

 The 10.0.2 Release Notes, which describe features available in Release 10.0.2

 The 10.0.x documentation set, which provides detailed information about

features available in Release 10.0.0

The 10.0.x documentation set consists of several manuals and is available only in electronic format. You can print your own documentation using the PDF and HTML formats available at the Juniper Networks Technical Documentation Web site at www.juniper.net/techpubs. Refer to the following table to help you decide which document to use.

JUNOSe 10.0.3 Release Notes

6  Release Overview

Task Document

Install the router ERX Hardware Guide

E120 and E320 Hardware Guide

Learn about modules ERX Module Guide

ERX End-of-Life Module Guide E120 and E320 Module Guide

Get up and running quickly E Series Installation Quick Start poster or ERX Quick Start

Guide E120 and E320 Quick Start Guide

Configure the router JUNOSe System Basics Configuration Guide

Configure physical layer interfaces JUNOSe Physical Layer Configuration Guide

Configure link layer interfaces JUNOSe Link Layer Configuration Guide

Configure IP, IPv6 and Neighbor Discovery, and interior gateway protocols (RIP, OSPF, and IS-IS)

JUNOSe IP, IPv6, and IGP Configuration Guide

Configure IP routing services, including routing policies, NAT, J-Flow statistics, BFD, IPSec, digital certificates, IP tunnels, and VRRP

JUNOSe IP Services Configuration Guide

Configure IP multicast routing and IPv6 multicast routing

JUNOSe Multicast Routing Configuration Guide

Configure BGP, MPLS, Layer 2 service, and related applications

JUNOSe BGP and MPLS Configuration Guide

Configure policy management JUNOSe Policy Management Configuration Guide

Configure quality of service (QoS) JUNOSe Quality of Service Configuration Guide

Configure remote access JUNOSe Broadband Access Configuration Guide

Get specific information about commands

JUNOSe Command Reference Guide A to M JUNOSe Command Reference Guide N to Z

Monitor system events JUNOSe System Event Logging Reference Guide

Look up definitions of terms used in JUNOSe technical documentation

JUNOSe Glossary

Release Highlights  7

Release 10.0.3

Release Highlights

Release 10.0.3 is a maintenance release.

Early Field Trial Features

The features described in this section are present in the code but have not yet been fully qualified by Juniper Networks. These features are available only for field test purposes in this release. If you use any of these features before they have been fully qualified, it is your responsibility to ensure that the feature operates correctly in your targeted configuration.

DHCP

 Support for DHCP External Server, DHCP Local Server, DHCP Relay, and DHCP

Relay Proxy on POS Access Interfaces The following packet over SONET (POS) module combinations on E Series

routers now support configuration of the DHCP external server, DHCP local server, DHCP relay, and DHCP relay proxy applications, alone or in combination, when the POS module is the access interface:

 POS module combinations on the E120 router and the E320 router:

 ES2 4G LM with ES2-S1 OC12-2 STM4 POS IOA

 ES2 4G LM with ES2-S1 OC48 STM16 POS IOA

 POS module combinations on ERX14xx models, ERX7xx models, and the

ERX310 router:

 OCx/STMx POS line module with OC3-4 I/O module

 OCx/STMx POS line modules with OC12/STM4 I/O module

 OC48 line module with OC48 FRAME APS I/O module

In the current release, this feature is available for early field test purposes only.

You can configure DHCP external server, DHCP local server, DHCP relay, and DHCP relay proxy on these POS modules in either a virtual router (VR) or a VPN routing and forwarding instance (VRF).

As part of this feature, the pos keyword has been added to the existing ip dhcp-local limit command. To specify the maximum number of IP addresses that the DHCP local server application can supply to all POS access interfaces or to a specific POS access interface, in the range 0–96000, use the ip dhcp-local limit command with the new pos keyword. For example:

! Set the IP address limit for all POS access interfaces to 1000 host1(config)#ip dhcp-local limit pos 1000 ! Set the IP address limit for the specified POS access interface to 2000 host1(config)#ip dhcp-local limit interface pos 5/0/0 2000 ! Restore the IP address limit for all POS access interfaces to the default value, ! 48000

JUNOSe 10.0.3 Release Notes

8  Unsupported Features

host1(config)#no ip dhcp-local limit pos

To display the maximum number of IP address leases available for POS access interfaces, use the existing show ip dhcp-local limits command. For example:

host1#show ip dhcp-local limits

***************************************** DHCP Local Server Address Limits ATM Limit - 48000 VLAN Limit - 48000 POS Limit - 1000 Ethernet Limit - 48000

Unified ISSU

 Service Manager Support for Unified ISSU

Service Manager support for unified ISSU is limited in this release to early field trial purposes only.

Unsupported Features

The JUNOSe Release 10.0.x documentation set describes some features that are present in the code but that have not yet been fully qualified by Juniper Networks. If you use any of these features before they have been fully qualified, it is your responsibility to ensure that the feature operates correctly in your targeted configuration.

The following features are present but unsupported in this release.

E120 Router and E320 Router

 The ES2 10G LM and ES2 10G Uplink LM do not support layer 2 statistics for

VLANs.

 Subscriber Interfaces on the ES2 10G Uplink LM

You can configure dynamic subscriber interfaces and static subscriber interfaces on the ES2 10G Uplink LM using the CLI. However, configuring subscriber interfaces on the ES2 10G Uplink LM provides no benefit because access features such as per-subscriber QoS are unavailable on the module.

Multicast

 Unsupported IPv6 Data MDT Commands in CLI

The ipv6 pim data-mdt command and the show ipv6 pim data-mdt command are unsupported in the current release.

The IPv6 PIM Data MDT Configuration mode is unsupported in this release. The following commands appear in IPv6 PIM Data MDT Configuration mode but are unsupported in the current release:

 ipv6 pim join-filter  mdt-data-timeout

Release Software Protocols  9

Release 10.0.3

Policy Management

 Policy Exception Rule and the ES2 10G LM

The ES2 10G LM does not support the HTTP redirect feature. In addition, you cannot attach policy actions with the exception rule to an IP policy classifier group.

 External Parent Groups Unsupported on ES2 10G and ES2 10G Uplink LMs

External parent groups are not supported on the ES2 10G and ES2 10G Uplink LMs. If you create a policy that references an external parent group on these LMs, the system prevents you from attaching it to the LM interface and you receive an error message.

Stateful SRP Switchover (High Availability)

 Stateful SRP Switchover for Certain Applications

The stateful SRP switchover feature has not been qualified for the following applications:

Release Software Protocols

The following list identifies the major software protocols supported in this release. For detailed information about any protocol, see the configuration guides.

Core Routing Stack

 Internet Protocol (IP) version 4 and version 6

 Transmission Control Protocol (TCP) for IPv4

 User Datagram Protocol (UDP) for IPv4 and IPv6

Network Management Protocols

 Simple Network Management Protocol (SNMP) versions 1, 2c, and 3

Routing Protocols

 Border Gateway Protocol (BGP-4)

 Distance Vector Multicast Routing Protocol (DVMRP)

 Internet Group Membership Protocol (IGMP)

 ipv6 pim query-interval  route map

 mdt-data-delay  tunnel group-address-pool

 mdt-data-holdown  tunnel source

Remote Access

 DHCP proxy client

 L2TP dialout

JUNOSe 10.0.3 Release Notes

10  Release Software Protocols

 Intermediate System–to–Intermediate System (IS-IS)

 Layer 2 Virtual Private Networks (L2VPNs)

 Mobile IP

 Open Shortest Path First (OSPF) version 2 and version 3

 Protocol Independent Multicast Protocol (PIM), including PIM dense mode, PIM

sparse mode, PIM dense-sparse mode, and PIM source-specific multicast

 Routing Information Protocol (RIP) version 2

 Virtual Private LAN Service (VPLS)

 Virtual Router Redundancy Protocol (VRRP)

Multiprotocol Label Switching (MPLS)

 Border Gateway Protocol (BGP-4)

 Label Distribution Protocol (LDP)

 Resource ReSerVation Protocol – Traffic Engineering Extensions (RSVP-TE)

Layer 2 Protocols

 Asynchronous Transfer Mode (ATM)

 Bridged Ethernet

 Bridged IP

 Cisco High-Level Data Link Control (Cisco HDLC)

 Ethernet

 Extensible Authentication Protocol (EAP)

 Frame Relay

 Layer 2 Tunneling Protocol (L2TP)

 Multilink Frame Relay (MLFR)

 Multilink Point-to-Point Protocol (MLPPP)

 Packet over SONET (POS)

 Point-to-Point Protocol (PPP)

 PPP over Ethernet (PPPoE)

 Transparent bridging

SRC Software and SDX Software Compatibility Matrix  11

Release 10.0.3

Security Protocols

 Internet Key Exchange (IKE)

 Internet Security Association and Key Management Protocol (ISAKMP)

 IP Authentication Header (AH)

 IP Encapsulating Security Payload (ESP)

 Network Address Translation (NAT)

SRC Software and SDX Software Compatibility Matrix

The SRC software offers the features of the SDX software on the C Series Controllers, a range of hardware platforms that use the Linux operating system. In contrast, the SDX software runs on Solaris workstations. The SRC software contains the features found in the associated SDX release plus additional features described in the SRC Release Notes.

The following table shows which versions of the SRC software and SDX software are compatible with specified versions of the JUNOSe Software.

For more detailed information about SRC software and SDX software compatibility with JUNOSe releases, see the SRC Release Notes.

Known Behavior

This section briefly describes E Series router behavior and related issues. In some cases the behavior differs from non–E Series implementations; in others the behavior is included to emphasize how the router works.

AAA

 Although you can use the max-sessions command to configure a maximum of

32,000 outstanding authentication/authorization requests to a RADIUS server, AAA internal limits prevent the actual number of outstanding authentication/authorization requests from exceeding 9600. These internal AAA limits apply only to authentication/authorization requests and not to accounting requests.

 The JUNOSe Software does not support accounting for ATM 1483 subscribers.

The atm1483 keyword for the aaa accounting default command is present in the CLI, but it is not supported.

SRC Software Release SDX Software Release Tested with JUNOSe Release

2.0.0 7.1.0 8.1.2, 8.2.2

2.1.0 Not applicable 9.1.0p0-1

3.0.0 Not applicable 9.0.0, 9.0.1, 9.1.1

3.1.0 Not applicable 9.2.0, 9.3.0, 10.0.0

JUNOSe 10.0.3 Release Notes

12  Known Behavior

ATM

 You cannot configure connection admission control (CAC) on an ATM interface

on which you have created a bulk-configured virtual circuit (VC) range for use by a dynamic ATM 1483 subinterface. Conversely, you cannot create a bulk-configured VC range on an ATM interface on which you have configured CAC. The router rejects these configurations, which causes them to fail.

Configuring CAC and bulk-configured VCs on the same ATM interface was supported in previous JUNOSe Software releases. As a result, If you are upgrading to the current JUNOSe release from a lower-numbered release, configurations that use CAC and bulk configuration on the same ATM interface continue to work. However, we recommend that you disable CAC on these ATM interfaces to ensure continued compatibility with future JUNOSe releases.

BGP

 The E Series router does not include the link-local IPv6 address in the next-hop

field of an MP-BGP update message carrying IPv6 routing information over IPv4 transport. This behavior is compliant with RFC 2545 but might have interoperability issues with other implementations that depend on a link-local IPv6 address in the next-hop field on a directly connected external BGP peering.

Work-aro u n d: Enable EBGP multihop configuration on the remote (non–Juniper Networks) peer.

 The following message might be displayed under certain conditions:

bgpConnections (default,0.0.0.0): TCP error code xx (...) occurred while accepting inbound TCP connection

The message is generated when an unconfigured peer attempts to establish a TCP session with an E Series router and a valid route to the source address of the peer is absent from the router’s routing table.

If a valid route exists in the routing table, the following message is displayed when an unconfigured peer attempts to establish a TCP session with an E Series router; X.X.X.X is the source address of the unconfigured peer:

NOTICE 08/29/2001 16:50:11 bgpConnections (default,X.X.X.X): Inbound connection refused - no peer X.X.X.X configured in core

BGP/MPLS VPNs

 NAT does not function properly with secondary routing table lookup (fallback

global) or global export mapping on the VRF.

B-RAS

 Pool groups are not supported; although the ip local pool group command

appears in the CLI, it is not supported.

Known Behavior  13

Release 10.0.3

 If the router is under a heavy load, the show profile command might take

longer than usual to execute.

Work-aro u n d: You can either delay examination of profiles until the router is less busy, or save a copy of the profile to a text file off the router.

CLI

 In Interface Configuration mode for a major interface, the CLI displays options

for protocols that are not supported by that interface type.

 When you issue the reload command on an ERX310 router, the command

might display a warning message that erroneously indicates that a synchronizing operation will be performed. Any references to synchronization that appear in command output or system messages do not apply to the ERX310 router, which does not support SRP module redundancy.

 The following commands have been deprecated in the JUNOSe Software and

might be removed completely in a future release. If a command has been deprecated for only a particular command mode, the table specifies any modes for which it is still available.

Deprecated Command Command Mode Preferred Command

aaa accounting interval Global Configuration aaa service accounting

interval and aaa user accounting interval

cablelength short Controller Configuration

clock rate Interface Configuration

channel-group description Controller Configuration

channel-group shutdown Controller Configuration

channel-group snmp trap link-status Controller Configuration

channel-group timeslots Controller Configuration

classifier-list Global Configuration ip classifier-list

color Policy List Configuration color in Classifier Group

Configuration mode

controller e1 Global Configuration

controller t1 Global Configuration

description Interface Configuration

Still available in Controller Configuration and VRF Configuration modes

ip description

fdl Controller Configuration

fdl carrier Controller Configuration

fdl string Controller Configuration

fdl transmit Controller Configuration

filter Policy List Configuration filter in Classifier Group

Configuration mode

JUNOSe 10.0.3 Release Notes

14  Known Behavior

forward next-hop Policy List Configuration forward next-hop in

Classifier Group Configuration mode

forward next-interface Policy List Configuration forward interface in

Classifier Group Configuration mode

hostname Domain Map Tunnel

Configuration

Still available in Global Configuration mode

client-name

hssi description Interface Configuration

hssi force dte acknowledge Interface Configuration

hssi internal-clock Interface Configuration

ignore dcd Interface Configuration

ignore link-state-signals Interface Configuration

[ no ] ike cr

l Global Configuration [ no ] ipsec crl

interface hssi Global Configuration

invert tx clock Global Configuration

ip dhcp-local cable-modem Global Configuration set dhcp-relay with the

strings docsis and pktc in the server-string mapping specification

ip mirror Global Configuration ip policy secure-input and

ip policy secure-output; for E120 and E320 routers, you must use these commands because the ip mirror command has been removed from the CLI for those routers.

ip policy local-input Interface Configuration,

Profile Configuration

None

[ no ] ipsec isakmp-policy rule Global Configuration [ no ] ipsec ike-policy-rule

ipv6 policy local-input Interface Configuration,

Profile Configuration

None

j1 Controller Configuration

license l2tp-session Global Configuration None

lineCoding Controller Configuration

log Policy List Configuration log in Classifier Group

Configuration mode

log severity debug dhcpLocalProtocolDecode

Global Configuration log severity debug

dhcpCapture

loopback Domain Map Configuration

Still available in Controller Configuration and Interface Configuration modes

local-interface

Deprecated Command Command Mode Preferred Command

Known Behavior  15

Release 10.0.3

loopback remote { remote line fdl ansi | remote line fdl bellcore | remote line inband remote payload [ fdl ] [ ansi ] }

Controller Configuration

mark Policy List Configuration mark in Classifier Group

Configuration mode

mark-de Policy List Configuration mark-de in Classifier Group

Configuration mode

mark-exp Policy List Configuration mark-exp in Classifier Group

Configuration mode

mark-user-priority Policy List Configuration mark-user-priority in

Classifier Group Configuration mode

mpls ldp discovery transport-address

Interface Configuration This command has no effect

in Interface Configuration mode. Now available in Global Configuration mode.

mpls topology-driven-lsp ip-interfaces

Global Configuration ldp ip-forwarding

[ no ] next-hop Policy List Configuration forward next-hop in

Classifier Group Configuration mode

[ no ] next-interface Policy List Configuration forward interface in

Classifier Group Configuration mode

nrzi-encoding Interface Configuration

no ospf enable Router Configuration ospf shutdown

policy-list Global Configuration ip policy-list

radius disconnect client Global Configuration

The RADIUS Disconnect Configuration mode has been removed from the CLI.

subscriber disconnect

rate-limit-profile Policy List Configuration rate-limit-profile in Classifier

Group Configuration mode

remote-loopback Controller Configuration

show controllers t1/e1 User Exec, Privileged Exec

show controllers t1 remote User Exec, Privileged Exec

show ike certificates User Exec, Privileged Exec show ipsec certificates

show ike configuration User Exec, Privileged Exec show ipsec ike-configuration

show ike identity User Exec, Privileged Exec show ipsec identity

show ike policy-rule User Exec, Privileged Exec show ipsec ike-policy-rule

show ike sa User Exec, Privileged Exec show ipsec ike-sa

show ip dhcp-external binding Privileged Exec show dhcp binding

show ip dhcp-external binding-id Privileged Exec show dhcp binding

show ip dhcp-local binding Privileged Exec show dhcp binding

Deprecated Command Command Mode Preferred Command

JUNOSe 10.0.3 Release Notes

16  Known Behavior

The router displays a notice when you issue the command manually. If the command is in a script, the router automatically maps the deprecated command to the preferred command. If the deprecated command no longer has a function, then that command has no effect when you run a script containing the command.

 The show configuration command normally takes a long time to finish for

extremely large configurations. If you specify a search string (with the begin, exclude, or include options) with the command for a string that is not present

in the configuration, then the CLI session appears to be busy for a prolonged period. The CLI filtering feature for show commands does not speed up execution of the command.

DHCP

 Configuring authentication on the DHCP local server requires that you first

disable the DHCP local server for standalone mode. Doing so removes your entire DHCP local server configuration. Therefore, if you want to configure authentication, do so before you have otherwise configured the DHCP local server.

 When you upgrade from a release numbered lower than Release 7.1.0, all

DHCP host routes previously stored in NVS are deleted. After the upgrade, DHCP clients must reacquire their IP addresses, which results in the new host routes being correctly stored in NVS.

show ip dynamic-interface-prefix Privileged Exec, User Exec None

show ip mirror interface Privileged Exec show secure policy-list

show license l2tp-session User Exec, Privileged Exec None

t1 lineCoding Controller Configuration None. This command never

had any effect.

traffic-class Policy List Configuration traffic-class in Classifier

Group Configuration mode

tunnel mpls label-dist Interface Configuration,

Tunnel Profile Configuration

None

tunnel mpls autoroute announce bgp

Interface Configuration, Tunnel Profile Configuration

None

unframed Controller Configuration

user-packet-class Policy List Configuration user-packet-class in

Classifier Group Configuration mode

virtual-router Domain Map Configuration

Still available in Privileged Exec and Global Configuration modes

router-name

yellow Controller Configuration

Deprecated Command Command Mode Preferred Command

Known Behavior  17

Release 10.0.3

DHCP External Server

 If you are using DHCP external server and a burst of client releases occurs

during a unified ISSU, some of the client releases might not be processed. [Defect ID 180178]

 When the DHCP relay agent application and the DHCP external server

application are configured in the same virtual router, using the ip dhcp-external server-sync command on an unnumbered IP interface does not

function as expected. When you issue the ip dhcp-external server-sync command in this configuration to create subscriber state information based on lease renewals when the external DHCP server and the router are unsynchronized, the router does not forward the ACK request from the DHCP server to the client because there is no route. [Defect ID 88562]

 When a bound DHCP client on a dynamic subscriber interface extends its IP

address lease by restarting the DHCP discovery process on its primary IP interface instead of by initiating the DHCP renewal process on its dynamic subscriber interface, the default behavior of the DHCP external server application to preserve the client’s dynamic subscriber interface was changed in the following JUNOSe releases to delete and re-create the client’s dynamic subscriber interface:

 Release 7.2.4p0-4 and all higher-numbered 7.2.x releases and patch

releases

 Release 7.3.4 and all higher-numbered 7.3.x releases and patch releases

 Release 8.0.4 and all higher-numbered 8.0.x releases and patch releases

 Release 8.1.2 and all higher-numbered 8.1.x releases and patch releases

 Release 8.2.3 and all 8.2.3 patch releases

 Release 9.0.0 and all 9.0.0 patch releases

 Release 9.0.1 and all 9.0.1 patch releases

 Release 9.1.0 and all 9.1.0 patch releases

If you are upgrading the JUNOSe Software on the router from any of these releases, you must explicitly issue the ip dhcp-external recreate-subscriber-interface command to configure the router to continue to delete and re-create the DHCP client’s dynamic subscriber interface.

 DHCP external server may not be able to bind all DHCP clients when all of the

following conditions exist:

 DHCP external server and either DHCP relay or relay proxy are configured

in separate virtual routers on an E320 router.

NOTE: The DHCP external server application is unsupported in JUNOSe Release

8.2.1 and JUNOSe Release 8.2.2.

JUNOSe 10.0.3 Release Notes

18  Known Behavior

 The client-facing and server-facing interfaces for DHCP external server and

either DHCP relay or relay proxy are configured on the same ES2 4G LM.

 DHCP external server is configured to create dynamic subscriber

interfaces.

When these three conditions exist simultaneously, the ES2 4G LM may not be able to successfully process all DHCP packets. Although all clients may get bounded in DHCP relay or relay proxy, some clients may not get bounded in DHCP external server. (In a production environment it is highly unlikely for conditions 1 and 2 to exist because stand-alone DHCP external server is normally configured for a DHCP relay in a different chassis.)

Work-aro u n d: You can eliminate this issue by modifying any one of these conditions. For example, this issue does not exist with any of the following configuration modifications:

 Configure DHCP external server and either DHCP relay or relay proxy in

the same virtual router.

 Configure the client-facing and server-facing interfaces for DHCP external

server and either DHCP relay or relay proxy on the same ES2 10G LM instead of the same ES2 4G LM.

 Configure the client-facing and server-facing interfaces for DHCP external

server and either DHCP relay or relay proxy on separate ES2 4G LMs.

Dynamic Interfaces

 The ip inactivity-timer command enables you to specify that dynamic

interfaces are deleted after a certain period of inactivity. IP polls the dynamic interface at the configured interval to determine whether the interface was active during the interval. Inactive interfaces are deleted only when the period of inactivity is equal to or greater than the configured value.

For example, if you configure an inactivity timer of 15 minutes, IP polls the interface every 15 minutes. If a poll determines that the interface was last active 14 minutes earlier, the inactive time is less than the configured value so nothing happens. IP polls again 15 minutes later. If the interface is still inactive then the total period of inactivity is now 29 minutes. This is greater than the configured value and the interface is deleted.

 Dynamic IPv6 interfaces over static PPP interfaces are not supported.

Known Behavior  19

Release 10.0.3

Ethernet

 The hashing algorithm that selects the LAG member link is associated with the

IP address of the subscriber client to support QoS. Consequently, a particular flow is always hashed to the same link. When a member link is removed from a LAG bundle, traffic rate is disrupted and traffic flow is reduced. When the link goes down and then comes back up, the traffic flow is automatically redistributed.

 When counting bits per second on a Fast Ethernet or Gigabit Ethernet interface,

an E Series router includes 12 bytes for interpacket gap, 7 bytes for preamble, and 1 byte for start frame delimiter, for a total of 20 bytes (160 bits) per packet more than some non–E Series routers. This value therefore shows the total bandwidth utilization on the interface, including both data and overhead.

 To bridge unicast known-DA packets at line rate on both 2-Gbps ports of the

GE-2 line module or the GE-HDE module when paired with the GE-2 SFP I/O module, the minimum packet size must be at least 144 bytes.

When installed in the ERX1440 router, the GE-2 module delivers full bandwidth of 4 GB per line module (2 GB at the ingress and 2 GB at the egress) only when installed in slot 2 or slot 4, and when the SRP-40G+ module is used in the router. When installed in any other ERX1440 slot, the GE-2 module delivers a maximum bandwidth of 2 GB per line module (1 GB maximum at the ingress and 1 GB maximum at the egress). Therefore, of the maximum 24 possible ports for the module in an ERX1440 chassis (that is, two ports in each of 12 slots), full bandwidth is delivered only on a maximum of four ports (those in slots 2 and 4).

When installed in the ERX1440 router, the GE-HDE line module delivers full bandwidth of 4 GB per line module (2 GB at the ingress and 2 GB at the egress) only when installed in slot 2 or slot 4, and when the SRP-40G+ module is used in the router. When installed in any other ERX1440 slot, the GE-HDE module delivers a maximum bandwidth of 2 GB per line module (1 GB maximum at the ingress and 1 GB maximum at the egress). Therefore, of the maximum 96 possible ports for the module in an ERX1440 chassis (that is, 8 ports in each of 12 slots), full bandwidth is delivered only on a maximum of 16 ports (those in slots 2 and 4).

When the GE-2 line module or the GE-HDE line module is installed in either the ERX1440 router or the ERX310 router and both ports are active, line rate performance is achieved only with packets that are 174 bytes or larger. The line module might not achieve line rate with packets that are smaller than 174 bytes.

 Support for the 0x9200 S-VLAN Ethertype has been removed. You can no

longer specify the 9200 option with the svlan ethertype command.

When you upgrade to Release 7.1.0 or higher-numbered release, the software automatically transfers existing configurations that use the 0x9200 Ethertype to the 0x88a8 Ethertype.

JUNOSe 10.0.3 Release Notes

20  Known Behavior

 The show interface gigabitEthernet command output does not display the

following line of output for Gigabit Ethernet modules that do not support SFPs, such as the GE Single Mode I/O module and GE I/O Multi Mode I/O modules:

Primary/Secondary link signal detected Primary/Secondary link signal not detected

Flash

 Flash cards manufactured by Wintec are present on some currently deployed

routers. When you upgrade the JUNOSe Software on such routers, the firmware on the flash card controller is automatically updated during diagnostics. During this reboot, the software runs an integrity check on the file system to verify that the firmware update did not corrupt the contents of the flash card. This integrity check is an expected side effect of the enhanced firmware available in this release. The integrity check does not indicate a problem with the flash card or its contents.

Forwarding

 The hashing algorithm that selects the LAG member link is associated with the

GRE

 When you shut down the only outgoing IP interface to the IP destinations of

GRE/IP tunnels, the tunnels remain in the up state rather than transitioning to down. As a consequence, all IP routes that use these tunnels as next hops also remain in the routing table.

Hardware

 SRP modules with only 1 GB of memory do not work reliably in ERX7xx and

ERX14xx routers running JUNOSe Release 8.1.0 or higher, and may experience system resets due to an out of memory condition. However, the ERX310 router still supports 1 GB of memory in the SRP-SE10 module.

Work-aro u n d: Upgrade your SRP module memory to 2 GB for all ERX7xx and ERX14xx routers running JUNOSe Release 8.1.0 or higher.

 Do not include a not protocol clause in any classifier control list for policies

attached to an interface on an ES2 10G Uplink LM. The not protocol functionality is not available for this module.

 The ES2 10G LM and the ES2 10G Uplink LM do not support VLAN statistics in

the current release.

Known Behavior  21

Release 10.0.3

 PCMCIA NVS Card Caution

 The 4XOC3 APS MULTIMODE and 4XOC3 APS SINGLE MODE I/O modules are

incompatible with the following versions of the OCx/STMx ATM and OCx/STMx POS line modules:

 OCx/STMx ATM line modules with assembly numbers 350-00039-xx,

350-80039-xx, and 350-90039-xx

 OCx/STMx POS line modules with assembly number 350-10039-xx

 When you configure 1:5 line module redundancy by using either the 4XOC3

APS MULTIMODE or 4XOC3 APS SINGLE MODE I/O module, the spare R-Mid OCX I/O module you install must have assembly number 350-00094-01 Rev. A01 or later. Spare R-Mid OCX I/O modules with an earlier assembly number are not supported for 1:5 redundancy configurations that use either the 4XOC3 APS MULTIMODE or 4XOC3 APS SINGLE MODE I/O module.

 There is a very small chance that some line modules can have an improperly

modified keying block that prevents the module from proper seating in the top slot of an older ERX7xx chassis or a preproduction ERX310 chassis. For example, this problem has been observed for an OCx/STMx module in slot 2 of an early-test ERX310 chassis.

Work-aro u n d: Remove the keying block to insert the module into the top slot, or insert the module into a different slot.

HDLC

 By design, on the cOC12/STM4 module you cannot delete a serial interface

while data for the interface is still enqueued. The enqueued data can drain only when the interface is operationally up. Therefore you must ensure that the interface is operationally up before you delete it. For example, if you have issued the shutdown command for the interface before you try to delete the interface, issue the no shutdown command, then delete the interface.

 When you upgrade from certain releases to JUNOSe Release 9.2.0p1-0 or

higher-numbered releases, descriptions configured for IP interfaces or IP subinterfaces are not retained across the upgrade when the descriptions are shorter than 9 characters in length. Additionally, VRF descriptions are not retained across the upgrade when the combined length of the VRF description and the VRF name is shorter than 9 characters. This behavior is seen during upgrades using a reload, stateful SRP switchover, or unified ISSU. Upgrades from the following releases are affected by this behavior:

 7.x.x

 8.0.x

CAUTION: Before you insert or remove PCMCIA NVS (flash) cards from a running

router, we strongly recommend that you halt the SRP module or shut down the router. Failure to do this can result in file corruption in one or both cards.

JUNOSe 10.0.3 Release Notes

22  Known Behavior

 8.1.x, 8.2.x, and 9.x.x builds created before July 23, 2008

Examples of descriptions that are not retained across the upgrade:

host1(config-if)#ip description 12345678

host1(config)#ip vrf 123 host1(config-vrf)#description 45678

Examples of descriptions that are retained across the upgrade:

host1(config-if)#ip description longdescription

host1(config)#ip vrf longername host1(config-vrf)#description 45678

host1(config)#ip vrf 123 host1(config-vrf)#description longdescription

Work-aro u n d: Before you upgrade from an affected release to JUNOSe Release

9.2.0p1-0 or higher-numbered releases, ensure that you do the following:

 Change IP interface and subinterface descriptions to 9 or more characters.

 Change VRF descriptions, VRF names, or both so that the combination of

associated VRF names and descriptions consists of 9 or more characters.

 The ip tcp adjust-mss command, which modifies the maximum segment size

for TCP SYN packets traveling through the interface, is not supported on the ES2 10G LM or ES2 10G Uplink LM.

 If you have enabled ipInterface logging at a priority of debug, the

acknowledgment that an interface has been deleted from the line modules can return to the SRP module after the layers beneath IP have deleted their interfaces. Consequently, the original name of the interface cannot be resolved or displayed in the log, and the system instead displays the ifIndex of the IP interface. This behavior has no functional effect other than that the log is misleading. However, previous log events indicate that the interface deletion was beginning.

 When you want to use a configuration script to configure IP shared interfaces

that reference a physical interface, you must issue the service show configuration format 2 command before you generate the script. If the default show configuration format (format 1) is enabled instead, the generated script

cannot properly configure the IP shared interfaces because they are created before the physical interfaces. To properly configure the shared interfaces in this event, run the generated format 1 script twice.

Known Behavior  23

Release 10.0.3

 When you issue the show ip forwarding-table command for a particular slot, it

is normal and appropriate behavior when the Status field indicates Valid while the Load Errors field is increasing daily for that VR. The Load Errors field records any failed routing table distribution attempt as an error. Attempts can fail for many reasons during normal operation; a failed attempt does not necessarily indicate a problem. It is normal to see many load errors per day. If the Status field indicates Invalid, then the routing table distribution has failed constantly for that VR and a real problem exists. You might occasionally see a status of Updating. However, if the Status field always indicates Updating, then again the routing table distribution has failed constantly for that VR, and a real problem exists.

 The enhancement to the CLI to support unnumbered reference to any kind of

interface rather than just loopback interfaces has consequences such as the following: [Defect ID 47743]

 If the references to shared interfaces appear in the show configuration

output before the configuration for the interfaces they refer to, trying to restore such a configuration with a script generated from show configuration generates errors like the following:

% Error, line 3929: host1(config-if)#ip share-interface FastEthernet 3/0.2 % No such interface

 Unnumbered interfaces that refer to nonloopback interfaces (for example,

ip unnumbered fastEthernet 3/0.2) and that appear in the show configuration output before the interface referred to might generate

similar no such interface errors.

Work-aro u n d: Run the script twice.

IPSec

 When you shut down the only outgoing IP interface to the IP destinations of

IPSec tunnels, the tunnels remain in the up state rather than transitioning to down. As a consequence, all IP routes that use these tunnels as next hops also remain in the routing table. You can use dead keepalive detection (DPD) to avoid this situation. DPD must be active, which requires both IPSec tunnel endpoints to support DPD.

 During a warm restart after a system failover, the SRP module can take several

minutes to resume the normal exchange of UDP/IP packets to applications. During this restart time, the E Series router does not send or receive dead peer detection (DPD) keepalives, which are used to verify connectivity between the router and its peers. The length of the restart time depends on the number of interfaces—if the restart time is too long, remote peers might determine that the connection from them to the E Series router is broken and then shut down an IPSec tunnel that has DPD enabled. In the worst case, all IPSec tunnels might be shut down. [Defect ID 65132]

JUNOSe 10.0.3 Release Notes

24  Known Behavior

IS-IS

 When IS-IS is configured on a static PPP interface, the IS-IS neighbor does not

come up if you remove the IP address from the interface and then add the IP address back to the interface.

Work-aro u n d: When you remove and add back the IP address, you must also remove the IS-IS configuration from the interface and then add the configuration back to the interface by issuing the no router isis and router isis commands.

 When you run IS-IS on back-to-back virtual routers (VRs) in an

IS-IS-over-bridged-Ethernet configuration and do not configure different IS-IS priority levels on each VR, a situation can occur in which both VRs elect themselves as the designated intermediate system (DIS) for the same network segment.

This situation occurs because the router uses the same MAC address on all bridged Ethernet interfaces by default. When both VRs have the same (that is, the default) IS-IS priority level, the router must use the MAC address assigned to each interface to determine which router becomes the DIS. Because each interface in an IS-IS-over-bridged-Ethernet configuration uses the same MAC address, however, the router cannot properly designate the DIS for the network segment. As a result, both VRs elect themselves as the DIS for the same network segment, and the configuration fails. [Defect ID 72367]

Work-aro u n d: To ensure proper election of the DIS when you configure IS-IS over bridged Ethernet for back-to-back VRs, we recommend that you use the isis network point-to-point command in Interface Configuration mode to configure IS-IS to operate using point-to-point (P2P) connections on a broadcast circuit when only two routers (or, in this case, two VRs) are on the circuit. Issuing this command tears down the current existing IS-IS adjacency in that link and reestablishes a new adjacency.

L2TP

 L2TP peer resynchronization enables an L2TP failed endpoint to resynchronize

with its peer non-failed endpoint. The JUNOSe Software supports failover protocol and silent failover peer resynchronization methods. If you configure the silent failover method, you must keep the following considerations in mind:

 PPP keepalives—To ensure resynchronization of the session database, PPP

keepalives must be enabled on the L2TP data path. Without PPP keepalives, silent failover might disconnect an established session if there is no user traffic during failover recovery.

 Asymmetric routes on different line modules—Asymmetric routes whose

receive and transmit paths use I/O paths on different line modules can result in improperly handled line module control packets. If your network does include this type of asymmetric route, tunnels using these routes might fail to recover properly.

Known Behavior  25

Release 10.0.3

 NAT dynamic translation generation affects the LNS session creation time.

When NAT dynamic translations and LNS sessions are created simultaneously, NAT dominates the CPU cycles of the tunnel-service module, resulting in a delay in the LNS session creation rate. The LNS session creation rate returns to its normal rate when NAT dynamic translations are no longer being generated. [Defect ID 53191]

Work-aro u n d: When signaling performance must be optimal, avoid the simultaneous configuration of NAT and LNS.

 If you create an L2TP destination profile profileName, establish tunnels with the

profile, and then remove the profile, you cannot subsequently create another destination profile using that same profileName until all the tunnels drain from the previous instance of this destination profile. If you do not wait, the E Series router displays a message similar to the following:

l2tp: Discarding incoming sccrq from vr default, remote address 192.168.100.1 no destination profile.

If you do not want to wait for the tunnels to drain, use a different name for the destination profile. [Defect ID 32973]

Line Module Redundancy

 On E120 routers and E320 routers, redundant IOAs have a temperature sensor,

and the show environment all command lists the temperature of IOAs in their associated slots.

On ERX routers, redundant I/O modules do not have a temperature sensor. Therefore, the show environment all command output lists the primary I/O module temperature in the slot of the line module that is responsible for the I/O module.

 When you install an ES2-S1 Redundancy IOA with a hardware revision number

of -02 or less in slot 0 or slot 11 of the E320 router or in slot 0 or the E120 router, do not install an OCx/STMx ATM IOA or an OCx/STMx POS IOA in the lower (E320) or left (E120) adapter bay of slot 1 or slot 12. When the spare line module is controlling another slot and you revert back to the primary line module, the ATM or POS IOAs can become unusable or cause the line module to reset. [Defect ID 69760]

Work-aro u n d: This problem is not present for ES2-S1 Redundancy IOAs with a hardware revision number of -03 or higher.

MLPPP

 Do not configure both MLPPP fragmentation (with the ppp fragmentation

command) and IP fragmentation of L2TP packets (with the ip mtu command) on the same interface. Instead, you must choose only one of the fragmentation configurations by setting it to the necessary value and set the other fragmentation configuration to the maximum allowable value.

JUNOSe 10.0.3 Release Notes

26  Known Behavior

MPLS

 Martini circuits configured on the ES2 10G LM act as true layer 2 tunnels,

without modifying the layer 2 headers. For this reason, Martini VLAN retagging is not currently supported.

 If you are upgrading to Release 7.1.0 or a higher-numbered release from a

release numbered lower than Release 7.1.0, and have inter-AS option B or C configurations, you must explicitly configure MPLS on all inter-AS links, as in the following example:

host1#configure terminal host1(config)#interface fastEthernet 2/0 host1(config-if)#ip address ... host1(config-if)#mpls

If you do not explicitly configure MPLS on the links, the inter-AS feature will not work properly.

Multicast

 The ip dipe sg-cache-miss and ipv6 dipe commands are not intended or

supported for customer use, although they are visible in the User Exec and Privileged Exec modes respectively. These commands are intended to be used in a Juniper Networks internal lab environment for testing without a traffic generator.

 Do not configure a multicast group with more than 10,219 outgoing interfaces

(OIFS) on the same ES2 10G LM. [Defect ID 81768]

Packet Mirroring

 The ES2 10G LM supports the packet mirroring feature when the module is

paired with the ES2-S2 10GE PR IOA, the ES2-S1 GE-8 IOA, or the ES2-S3 GE-20 IOA. When you use the ES2 10G LM with these IOAs, CLI-based interface-specific mirroring is not supported.

 When both interface-specific mirroring and user-specific mirroring are

configured on the same interface, the interface-specific secure policies take precedence. The interface-specific secure policies, which you manually attach using the CLI, override and remove any existing secure polices that were attached by a trigger action. If the interface-specific secure polices are subsequently deleted, the original trigger-based secure policies are not restored.

Known Behavior  27

Release 10.0.3

 Typically, when configuring packet mirroring, you configure a static route to

reach the analyzer device through the analyzer port. If the analyzer port is an IP-over-Ethernet interface, you must also configure a static Address Resolution Protocol (ARP) entry to reach the analyzer device. However, because only a single static ARP entry can be installed for a given address at any given time, when you are using equal-cost multipath (ECMP) links to connect to the analyzer device, the static ARP configuration does not provide failover if the link being selected fails or is disconnected. Therefore, to provide continued connectivity if the link fails when using ECMP, enable the ip proxy-arp unrestricted command on the next-hop router for each ECMP interface. As a result, when the link fails, the router sends an ARP request to identify the MAC address of the analyzer device and gets a response over the new link.

Policy Management

 The ES2 10G LM does not support the deprecated next-hop command.

 You cannot configure classifier lists that reference multiple fields for a VLAN

policy list on the ES2 10G Uplink LM or the ES2 10G LM, with the exception of traffic-class and color. The system incorrectly classifies VLAN policies that classify using multiple fields. For example, an invalid policy list that references multiple fields uses both color and user-packet-class, or one classifier list using color and another using user-packet-class.

 In rare cases, some policy configurations that use CAM hardware classifiers

from releases earlier than Release 7.1.0 can fail because they exceed the total hardware classifier entry size of 128 bits that was introduced in Release 7.1.0. For more information and examples of previous configurations, see JUNOSe

Policy Management Configuration Guide, Chapter 8, Policy Resources.

 Multiple Forwarding Solution Rules for a Single Classifier List in a Policy

Before Release 5.2.0, it was possible to configure a policy with multiple rules that specified forwarding solutions where all of these rules were associated with a single classifier list. This typically was a configuration error, but the CLI accepted it. Beginning with Release 5.2.0, the CLI no longer accepts this configuration.

 Multiple forwarding rules behavior for releases numbered lower than

Release 5.2.0:

 If multiple forward or filter rules were configured to reference the

same classifier list in a single policy, then all rules except the first rule

configured were marked as eclipsed in the show policy command

display. Next-interface and next-hop rules were treated in the same

manner. The eclipsed rules were not applied.

 If a policy were configured with one rule from the [forward, filter] pair

and one rule from the [next-hop, next-interface] pair, and if both rules

referenced the same classifier list, then no visible eclipsed marking

occurred. However, these two rules were mutually exclusive, and only

one of them defined the forwarding behavior. The rule action that was

applied was in the order (from highest to lowest preference): next

interface, filter, next hop, forward. The applied rule was the rule whose

behavior was seen by forwarded packets.

JUNOSe 10.0.3 Release Notes

28  Known Behavior

For example, if a policy had both a next-interface and a filter rule, then

the next interface was applied. If a policy had a next-hop and a filter

rule, then the filter rule was applied.

 Multiple forwarding rules behavior for Release 5.2.0 and higher-numbered

releases:

Beginning with Release 5.2.0, the multiple rules behavior is designed so that when a forwarding solution conflict occurs within a policy, such as those described earlier, the second forwarding solution overwrites the preceding solution. That is, the last forwarding rule configured for the given classifier list within a policy is the forwarding behavior that is used. Also, a warning message is now displayed when this type of conflict occurs.

Example 1—In this example, the filter rule action overwrites the forward rule, and is therefore applied.

host1(config)#policy-list wstPolicyList host1(config-policy-list)#forward classifier-group svaleClacl1 host1(config-policy-list)#filter classifier-group svaleClacl1 WARNING: This rule has replaced a previously configured rule. host1(config-policy-list)#exit host1(config)#

Example 2—In this example, three forwarding solution conflicts result in rules being overwritten. The filter rule is the last rule configured, and is therefore applied.

host1(config)#policy-list bostTwo host1(config-policy-list)#forward classifier-group clacl5 host1(config-policy-list)#next-hop 1.1.1.1 classifier-group clacl5 WARNING: This rule has replaced a previously configured rule. host1(config-policy-list)#next-interface atm 1/0.0 classifier-group clacl5 WARNING: This rule has replaced a previously configured rule. host1(config-policy-list)#filter classifier-group clacl5 WARNING: This rule has replaced a previously configured rule. host1(config-policy-list)#exit host1(config)#

NOTE: When you upgrade the nonvolatile memory to Release 5.2.0 or later, the

upgrade removes eclipsed rules and rules whose behavior was not applied in the previous release. This removal ensures that the postupgrade forwarding behavior is the same as the preupgrade behavior.

NOTE: If you upgrade to Release 5.2.0 or later and then configure your router

using a script generated before Release 5.2.0, the postupgrade and preupgrade forwarding behaviors might not be the same. The new Release 5.2.0 configuration behavior is applied—the last policy rule configured for a given classifier list that specifies a forwarding behavior is the only rule remaining.

Known Behavior  29

Release 10.0.3

PPP

 The GE-2 line module does not support dynamic IP interfaces over static PPP

interfaces when the PPPoE subinterface is also static. The OC3/STM1 GE/FE line module does not support dynamic IP interfaces over static PPP interfaces when the ATM interface column is also static.

PPPoE

 On the ES2 4G LM, ES2 10G LM, and ES2 10G Uplink LM, data packets for

PPPoE are not counted at the PPPoE interface. Instead, PPPoE data packets are counted at the PPP interface that sits on the PPPoE interface. Use the show ppp interface command to display the data packets. Control packets for PPPoE are counted at the PPPoE interface; use the show pppoe interface command to display the control packets.

QoS

 In JUNOSe Releases 7.1.x, 7.2.x, and 7.3.x, you can attach a QoS profile to

Ethernet interfaces that are configured in a link aggregation group (LAG) interface. However, beginning with JUNOSe Release 8.0.1, you can attach a QoS profile directly to the LAG interface. As of JUNOSe Release 8.0.1, the software restricts you from attaching a QoS profile to any Ethernet interfaces that are members of a LAG. [Defect ID 84632]

Work-aro u n d: Prior to upgrading from JUNOSe Releases 7.1.x, 7.2.x, or 7.3.x to JUNOSe Release 8.0.x or higher-numbered releases, remove the QoS profile from the Ethernet interface. When you have successfully upgraded to JUNOSe Release 8.0.x or higher-numbered releases, reattach the QoS profile to the LAG interface.

 In Release 7.2.0 and higher-numbered releases, you can configure the simple

shared shaper to select scheduler nodes in a named traffic-class group as active constituents.

By default, simple implicit shared shapers activate scheduler nodes in named traffic-class groups. The implicit constituent selection process is now the same for both simple and compound shared shapers.

This is a change in default behavior. For releases before Release 7.2.0, you could not configure scheduler nodes as active constituents of the simple shared shaper, except for the best-effort node.

To recover the default behavior available before Release 7.2.0, or to select active constituents that are different, use simple explicit shared shapers to select best-effort nodes only.

 When you are configuring compound shared shaping using explicit

constituents and you explicitly specify both a scheduler node and a queue stacked above the node as constituents of the shared shaper, the system selects the scheduler node (but not the queue) as the constituent.

JUNOSe 10.0.3 Release Notes

30  Known Behavior

RADIUS

 JUNOSe Software provides extended commands for configuring the formats of

the RADIUS NAS-Port attribute (attribute 5) and the RADIUS Calling-Station-ID attribute (attribute 31) when the physical port value is greater than 7.

When the physical port value is greater than 7:

 An incorrectly configured NAS-Port attribute format results if you use either

the radius nas-port-format 0ssssppp or radius nas-port-format ssss0ppp command.

 An incorrectly configured Calling-Station-ID attribute results if you use

either the radius calling-station-format fixed-format command or the radius calling-station-format fixed-format-adapter-embedded

command.

Work-aro u n d: Use the following commands on routers that have line modules with more than 7 physical ports:

 To configure the NAS-Port attribute format, use the radius nas-port-format

extended [ atm | ethernet ] command.

 To configure the Calling-Station-ID attribute format, use the radius

calling-station-format fixed-format-adapter-new-field command.

SNMP

 SNMP MIBs

Information about all the SNMP MIBs (both standard and proprietary) that the router supports in this release is available in the MIB directory in the SW_Image_CD-2 folder of the JUNOSe Software image bundle, which you downloaded from the Juniper Networks website, that contains the release file for E120 and E320 routers. .

 Some Juniper Networks SNMPv1-formatted traps contain an incorrect object

identifier (OID) in the SNMPv1-Trap-PDU enterprise field. An SNMPv2 trap is typically identified by an OID that ends in the form ...x.y.z.0.n. This OID appears, in full, as the value of the snmpTrapOID.0 object in the varbind list of an SNMPv2-formatted trap. In the corresponding SNMPv1-formatted trap, this OID is broken down into subcomponents that fill the SNMPv1-Trap-PDU enterprise field (...x.y.z) and specific trap number field (n); the zero is unused.

The SNMPv1-formatted versions of the following Juniper Networks traps incorrectly contain ...x.y.z.0 in the SNMPv1-Trap-PDU enterprise field. That is, a zero is mistakenly appended to the correct enterprise OID value.

Trap Name Expected Enterprise OID Enterprise OID Sent by SNMP Agent

junidApsEventSwitchover .1.3.6.1.4.1.4874.3.2.2.1.2 .1.3.6.1.4.1.4874.3.2.2.1.2.0

junidApsEventModeMismatch .1.3.6.1.4.1.4874.3.2.2.1.2 .1.3.6.1.4.1.4874.3.2.2.1.2.0

junidApsEventChannelMismatch .1.3.6.1.4.1.4874.3.2.2.1.2 .1.3.6.1.4.1.4874.3.2.2.1.2.0

junidApsEventPSBF .1.3.6.1.4.1.4874.3.2.2.1.2 .1.3.6.1.4.1.4874.3.2.2.1.2.0

junidApsEventFEPLF .1.3.6.1.4.1.4874.3.2.2.1.2 .1.3.6.1.4.1.4874.3.2.2.1.2.0

Known Behavior  31

Release 10.0.3

Work-aro u n d: Use the OIDs that the SNMP agent sends.

SRC Software and SDX Software

 When applying policies to interfaces that are managed by SRC, give careful

consideration to using other policy management tools, such as CLI, RADIUS, CoA, or Service Manager. Policies that are applied to the interface before SRC management begins, such as at access-accept time, are properly replaced. However, if other policy managers change existing policies while SRC management is active, problems can occur.

The precedence of each source when modifying configurations is:

 If you have a pre-configured policy through CLI or RADIUS as part of

subscriber PVC/VLAN provisioning, the existing policy becomes inactive and SRC manages the subscriber interface. When SRC stops managing the interface, the preconfigured policy becomes active. However, if you change the policy on the interface using CLI or CoA, problems can occur.

 If you have a policy in the Access-Accept, the existing policy becomes

inactive and SRC manages the interface.

SSH

 If the SRP module restarts when SSH is configured in a VR other than default,

SSH can sometimes become disabled. This happens if SSH attempts to bind with a VR before the VR comes back up after the restart. In this event, a warning message is generated to alert you to the fact that SSH is disabled in that VR. You must manually re-enable SSH either by accessing the console VTY or creating a Telnet session to the router.

juniAddressPoolHighAddrUtil .1.3.6.1.4.1.4874.2.2.21.3 .1.3.6.1.4.1.4874.2.2.21.3.0

juniAddressPoolAbatedAddrUtil .1.3.6.1.4.1.4874.2.2.21.3 .1.3.6.1.4.1.4874.2.2.21.3.0

juniAddressPoolNoAddresses .1.3.6.1.4.1.4874.2.2.21.3 .1.3.6.1.4.1.4874.2.2.21.3.0

juniDhcpLocalServerPoolHighAddrUtil .1.3.6.1.4.1.4874.2.2.22.3 .1.3.6.1.4.1.4874.2.2.22.3.0

juniDhcpLocalServerPoolAbatedAddrUtil .1.3.6.1.4.1.4874.2.2.22.3 .1.3.6.1.4.1.4874.2.2.22.3.0

juniDhcpLocalServerPoolNoAddresses .1.3.6.1.4.1.4874.2.2.22.3 .1.3.6.1.4.1.4874.2.2.22.3.0

pimNeighborLoss .1.3.6.1.3.61.1 .1.3.6.1.3.61.1.0

Trap Name Expected Enterprise OID Enterprise OID Sent by SNMP Agent

JUNOSe 10.0.3 Release Notes

32  Known Behavior

Stateful SRP Switchover (High Availability)

 Additional processing is required to maintain and mirror the necessary state

information that enables subscriber sessions to stay up across an SRP failover. As a result, the performance of other control plane functions is reduced. Specifically, call setup rates are lower than in previous releases.

We have ongoing development activities to characterize and improve call setup rates in future releases.

 Stateful SRP switchover remains inactive for 20 minutes after an initial

cold-start or cold-restart of the router. This delay enables the system to reach a stable configuration before starting stateful SRP switchover.

If you want to override the 20-minute timer, turn high availability off by using the mode file-system-synchronization command, and then on again by using the mode high-availability command.

 When IP tunnels are configured on a router enabled for stateful SRP

switchover, and the Service Module (SM) carrying these tunnels is reloaded, stateful SRP switchover transitions to the pending state. Stateful SRP switchover remains in the pending state for 10 minutes following the successful reloading of the SM. This amount of time allows for IP tunnel relocation and for the tunnels to become operational again on the SM. If an SRP switchover occurs while in the pending state, the router performs a cold restart.

Work-aro u n d: None.

 After a stateful SRP switchover, each layer of the interface columns must

reconstruct its interfaces from the mirrored information. While the interfaces are being reconstructed the SRP module cannot send or receive frames, including the protocol frames that signal graceful restart behavior with OSPF and IS-IS peers. If the configured hold time is too short, peers might mistakenly declare the adjacency down during the time in which the graceful restart is taking place. [Defect ID 65132]

Work-aro u n d: Increase the hold time to provide sufficient time for interface synchronization before the peers declare the adjacency down.

 For OSPF, use the ip ospf dead-interval command to set the hold time.

We recommend that you use Bidirectional Forwarding Detection (BFD) with a longer OSPF dead interval to achieve fast failure detection.

 For IS-IS, use the isis hello-interval and isis hello-multiplier commands

to set the hold time.

NOTE: Rapid call setup rates are most important following an outage that causes all

subscribers to drop, because many of the dropped subscribers will immediately attempt to reconnect. This type of outage occurs far less frequently with stateful SRP switchover.

Known Behavior  33

Release 10.0.3

We recommend the following hold times for each protocol, based on the number of interfaces.

Subscriber Interfaces

 MAC address validation is not supported on either of the following:

 Packet-triggered subscriber interfaces that are created dynamically

 Packet-triggered subscriber interfaces that are managed on the primary IP

interface

A packet-triggered subscriber interface is created when the router receives a packet with an IP source address that does not match any entries in the demultiplexer table. When the router detects an unmatched packet, it generates a trigger event that determines whether to create a dynamic subscriber interface or configure an existing interface. To configure packet detection on the router, use the ip auto-detect ip-subscriber command.

System

 ERX routers display different behavior from E120 routers and E320 routers

when reporting modules as inactive.

ERX routers report a module as inactive when either:

 The I/O module is not present

 The primary line module is fully booted and ready to resume operation. In

this case, the standby is currently providing services.

E120 routers and E320 routers report a module as inactive when either:

 The primary line module has no IOAs.

 The primary line module has IOAs, but they have failed diagnostics.

 The standby line module has taken over for the primary line module, and

has control of the IOAs.

Because E120 and E320 routers can accommodate up to two IOAs per slot, at least one IOA must be online. If the second IOA fails, the line module is still online, but does not use both IOAs. You can ensure that every module is up and active in the system and not in a failed state by issuing the show version all command.

Interface Count

Recommended Hold Time for OSPF

Recommended Hold Time for IS-IS

16000 or less 80 seconds 50 seconds

16001 to 32000 87 seconds 55 seconds

32001 to 48000 90 seconds 70 seconds

JUNOSe 10.0.3 Release Notes

34  Known Behavior

 In a router with a redundancy group that does not span quadrants (for

example, a three-slot redundancy group that spans slots 0, 1, and 2 in an ERX1410 chassis), the potential bandwidth of the redundant module is erroneously included in the quadrant bandwidth calculation. The show utilization command might indicate that the bandwidth is exceeded for modules in that group. [Defect ID 31034]

 When you copy the running configuration to NVS, the E Series router verifies

whether it has available space equal to at least twice the size of the .cnf file. If the space is insufficient, you cannot complete the copy. [Defect ID 40655]

Work-aro u n d: Make sufficient space on the NVS by deleting .rel or .cnf files.

 You cannot delete the ipInterface log after you delete the corresponding IP

interface. This does not prevent you from adding filters to other interfaces, nor does it prevent you from adding a filter to the same interface if you re-create it after deletion. [Defect ID 34842/45063]

Work-aro u n d: Remove the filter before you remove the interface. Alternatively, if you remove the interface first, then you must remove all filters associated with all IP interfaces.

System Logging

 If you enable engineering logs and set the control network logs to a level of

notice or lower (down from the default of error), you might see erroneous controlNetwork log messages like the following that are generated because SNMP polling on line modules (correctly) detects no fabric: [Defect ID 43168]

NOTICE 09/01/2002 18:47:52 CEST controlNetwork (slot 11): Control Bus Master slave error 0x5 while accessing slot

Tunneling

 When you configure the GE-2 line module, the GE-HDE line module, or the

ES2-S1 GE-4 IOA to operate as a shared tunnel-server module, the available bandwidth for tunnel services is limited to 0.5 Gbps per module.

 In releases numbered lower than Release 7.3.0, a dynamic tunnel-server port

was located on port 8 of the GE-HDE line module and GE-8 I/O module.

In Release 7.3.0 and higher-numbered releases, the dynamic tunnel-server port is located on port 9. When you upgrade to Release 7.3.0, any existing tunnel-server port configurations move from port 8 to port 9.

Known Problems and Limitations  35

Release 10.0.3

Known Problems and Limitations

AAA

 When a mirror rule that triggers on username is employed for packet mirroring

of dynamic IP subscribers over ATM, removal of the rule does not disable packet mirroring. [Defect ID 175356]

Work-aro u n d: Use a mirror rule that triggers on account session ID rather than on username.

ANCP

 On an E320 router that has established 3000 ANCP adjacencies with a client

and traffic is initiated, the following behavior occurs sporadically: All existing Telnet sessions are disconnected and no new Telnet sessions can be established for several minutes. [Defect ID 83872]

ARP

 The ES2 4G LM can reset during a unified in-service software upgrade after you

issue the issu start command on a router configured with 8000 dynamic VCs and 8000 packet-triggered dynamic subscriber interfaces. [Defect ID 86761]

ATM

 When one or more ATM1483 attributes appears in a profile, the show

configuration include-defaults command fails to display the default values for

all possible ATM1483 attributes. [Defect ID 67157]

 When 16,000 PPPoA interfaces are configured on an OCx/STMx ATM line

module paired with an OC3-4 I/O module in an ERX-14xx model, ERX-7xx model, or ERX-310 router, PING traffic passing through the line module on the restarting router experiences an outage of 103 seconds, which is beyond the maximum limit, after a unified ISSU from JUNOSe Release 9.2.0p1-0 to

9.3.0b0-12. This outage does not occur when the same configuration is applied on a Gigabit Ethernet interface. [Defect ID 179794]

 ATM line modules reset after unified ISSU completes at the LAC when an

MLPPP bundle with three links are tunneled to the LNS. [Defect ID 178821]

 Unified ISSU is not supported when ILMI is configured on ATM interfaces.

[Defect ID 176007/177122 ]

 The line module resets when you issue the show nbma arp command after you

have configured NBMA interfaces on an ATM line module. [Defect ID 88491]

 When you perform an snmpWalk on the juniAtmSubIfVccTable, a response is

received for only a few of the total configured ATM subinterfaces when both of the following are true: the router has a line module that has some ATM-related configuration and the line module is in the disabled state. [Defect ID 80020]

JUNOSe 10.0.3 Release Notes

36  Known Problems and Limitations

 When you use the no-authenticate keyword with the subscriber command to

prevent subscriber authentication so that the subscriber information can be used for DHCP option 82, suboption 2, the SRP module can reset. This issue does not occur when you use the no-authenticate keyword with the subscriber command as a way to perform a RADIUS configuration. [Defect ID 69865]

 When you issue the no atm atm1483 auto-configure upperInterfaceType

lockout-time command in Profile configuration mode, the lockout time range

does not revert to the default values. [Defect ID 66544]

 The ATM peak cell rate (PCR) does not appear in the L2TP Calling Number AVP

for the first PPP session when the ATM shaping parameters were configured by RADIUS return attributes. [Defect ID 60933]

 When you configure an ATM PVC where PCR = SCR and maximum burst size

is zero, the CLI returns an error indicating the burst size is invalid and it does not create the VC. [Defect ID 58357]

Work-aro u n d: Configure a CBR or a UBR plus PCR to create the circuit with the same parameters, depending on the desired priority for the traffic. CBR has a high priority and UBR plus PCR has a medium priority.

 The inPacketOctetDiscards counter in the output of the show atm vc atm

interface vcd command includes both inBytesDropped and inBytesUnknownProtocol statistics. The inBytesUnknownProtocol statistics should be displayed by a separate counter.

At the major interface level, the inPacketDiscards counter includes both inPacketsDropped and inPacketUnknownProtocol statistics. The inPacketUnknownProtocol statistics should be displayed by a separate counter. [Defect ID 44286]

 The baseline interface atm command fails for a VCD assigned by the router to

F4 OAM circuits. [Defect ID 174482]

 For PPPoE, the AAL5 inPacket Discards counter might increment erroneously

during call setup when a packet is passed directly to PPPoE for negotiation rather than being discarded. [Defect ID 51757]

Work-aro u n d: Incremental InPacketDiscards during call setup do not necessarily indicate a problem. However, we recommend you investigate an excessive count because that might indicate a connection that cannot be successfully brought up for some reason, such as RADIUS denials or improper configuration.

 When you reload an ATM line module that is configured with NBMA circuits as

passive OSPF interfaces and that has established OSPF adjacencies and IBGP peers (configured on Gigabit Ethernet interfaces), the transmission of OSPF hello packets might be affected until all the NBMA interfaces have initialized. [Defect ID 46157]

Work-aro u n d: Either remove the passive OSPF interface statements on the NBMA interfaces, or statically configure the OSPF cost on the NBMA interfaces.

Known Problems and Limitations  37

Release 10.0.3

 The output of the show atm arp command displays only 4096 entries when

the line module is configured with more than 4096 NBMA ARP entries. [Defect ID 68849]

BFD

 After you have shut down the interface to the next hop (for the route that is

used to establish the BFD session), output for the show bfd session command erroneously indicates the shutdown interface as Management Interface (FastEthernet 6/0). [Defect ID 174271]

Bridged Ethernet

 The CLI erroneously permits you to configure bridge1483 encapsulation over

AAL5MUX IP even though that configuration is not supported. [Defect ID 35013]

CLI

 When you issue a run show ppp command, the CLI changes the configuration

level of the command line to Global Configuration mode rather than remaining at the level from which you issued the command. [Defect ID 52165]

Work-aro u n d: Reissue the commands necessary to reenter the desired mode.

 The logout subscribers all command may not log out all of the DHCP

subscribers. Although the bindings and DHCP addresses are cleared, the show subscribers summary command may display some of the DHCP subscribers.

[Defect ID 180176]

Work-aro u n d: Try using the dhcp delete-binding all command. If this does not clear the subscribers, you may want to reload the line module to avoid further issues.

 You cannot paste a load-rebalance command string that uses the percent

option into a console or Telnet session from show configuration output because the output displays the % sign rather than the percent keyword that was submitted with the command and the percent sign is not recognized by the CLI. [Defect ID 81705]

DHCP

 DHCP NAK packets are sent from a different VLAN than the one on which the

renew request is received on a router that is configured with dynamic VLANs, DHCP local server, and automatically created dynamic subscriber interfaces. This behavior occurs only after a link flap has taken place. [Defect ID 87062]

 DHCP packets are not forwarded to the DHCP server over dynamically created

interfaces when all of the following are true: [Defect ID 180343]

 DHCP relay or DHCP relay proxy is configured on the router.

 The client-facing interfaces are created dynamically using bridged Ethernet

over static ATM PVCs.

JUNOSe 10.0.3 Release Notes

38  Known Problems and Limitations

 The ip auto-detect ip-subscriber command is configured to enable packet

detection (packet triggering) and to trigger creation of dynamic subscriber interfaces.

Work-aro u n d: To avoid this defect, do all of the following:

 Do not use the ip auto-detect ip-subscriber command to enable packet

triggering and to create dynamic subscriber interfaces.

 Ensure that DHCP external server is configured in the virtual router.

 Ensure that the set dhcp relay inhibit-access-route-creation command is

configured in the virtual router to prevent DHCP relay from installing host routes by default.

DHCP External Server

 The DHCP renew counter and release counter (displayed with the show ip

dhcp-external statistics command) are doubled rather than incremented for

each renew and release sent. [Defect ID 78802]

 When DHCP clients on an S-VLAN over bridged Ethernet stack send a decline

message to a router that has DHCP relay and DHCP external server configured in the same VR, the clients bindings are not removed from the DHCP external server. [Defect ID 87086]

 When DHCP relay and DHCP external server are configured in the same VR

with server-sync enabled, bindings are not created in the DHCP external server when DHCP clients on an ATM bulk configuration interface stack and dynamic VLAN over Ethernet stack sends a renew message. [Defect ID 87087]

DHCP Server

 With the unique client ID option enabled, when two clients with the same MAC

address or client ID are on an interface (where one client is connected over a router and relay and the other client is connected directly). sending a release request from one of the clients might terminate another client. [Defect ID 179759]

DoS Protection

 ES2 10G LM traffic does not flow across all 16K back-back interfaces when

policies are attached on all interfaces. [Defect ID 86925]

 A Telnet session closes when sending ipLocalBGP protocol traffic at a rate in

the range 4096–4200 packets per second (pps) with suspicious control flow detection enabled. [Defect ID 81974]

Work-aro u n d: When the traffic drops below 4096 pps, open a new Telnet session.

Known Problems and Limitations  39

Release 10.0.3

Ethernet

 When autonegotiation is enabled on GE interfaces with the speed

automatically negotiate command, issuing the link selection command logs

out subscribers. [Defect ID 87185]

Work-aro u n d: Use the following commands to enable auto link selection (GE port redundancy) and to switch from one port to the other port:

(config-if)#no link selection (config-if)#link failover force

File System

 When the primary SRP module is running JUNOSe Release 7.2.0 or higher and

the standby SRP module is running a release lower than Release 7.2.0 (as in a downgrade situation), you cannot display the files for the standby SRP module. [Defect ID 74104]

Forwarding

 When performing MAC validation to match subscriber demux entries with ARP

host entries, the ES2 10G LM does an exact match, rather than a longest prefix match. The subscriber demux entry source address must be a /32 value matching the IP address of an ARP entry in order to validate the MAC address against that ARP entry. [Defect ID 79641]

 VPLS forwarding does not function properly when any of the following

conditions occur: [Defect ID 79856]

 MLPPP interfaces are used

 L2TP is used with sequence numbers enabled

 GRE is used with sequence numbers enabled

 Specifying S-VLAN ranges that partially overlap does not work. [Defect ID

81918]

For example, the following configuration fails because S-VLAN 22 falls within the previously specified S-VLAN range of 21–23.

host1(config-if)#vlan bulk-config BulkDHCPCnfg1 svlan-range 21 23 401 426 host1(config-if)#vlan bulk-config BulkDHCPCnfg1 svlan-range 21 23 427 712 host1(config-if)#vlan bulk-config BulkCezarCnfg2 svlan-range 22 22 101 110

Work-aro u n d: You can do either of the following to avoid this problem.

 Specify each S-VLAN within the partially overlapping range as individual

S-VLANs, as in the following example:

host1(config-if)#vlan bulk-config BulkDHCPCnfg1 svlan-range 21 21 401 426 host1(config-if)#vlan bulk-config BulkDHCPCnfg1 svlan-range 22 22 401 426 host1(config-if)#vlan bulk-config BulkDHCPCnfg1 svlan-range 23 23 401 426 host1(config-if)#vlan bulk-config BulkDHCPCnfg1 svlan-range 21 21 427 712 host1(config-if)#vlan bulk-config BulkDHCPCnfg1 svlan-range 22 22 427 712

JUNOSe 10.0.3 Release Notes

40  Known Problems and Limitations

host1(config-if)#vlan bulk-config BulkDHCPCnfg1 svlan-range 23 23 427 712 host1(config-if)#vlan bulk-config BulkCezarCnfg2 svlan-range 22 22 101 110

 Use fully overlapping ranges rather than partially overlapping ranges, as in

the following example:

 Ethernet statistics are incorrectly displayed for virtual port 8 of the ES2-S1 GE-8

IOA when that module is paired with the ES2 10G LM or the ES2 10G Uplink LM. [Defect ID 174784]

 On the ES2 10G LM, a VLAN ID of 0 assigned to an interface can prevent

packets from being properly forwarded. [Defect ID 176125]

 When PPPoE over LAG is configured on an interface, and you re-execute the

PPPoE-over-LAG configuration before you delete the previous configuration, the ES2 10G LM line module resets. [Defect ID 179639]

Work-aro u n d: Before you can re-execute the PPPoe-over-LAG configuration, delete the existing PPPoE-over-LAG configuration.

IGMP

 IGMPv3 proxy is not supported. [Defect ID 46038]

 The E-series router IGMPv3 proxy does not operate correctly in the presence of

IGMPv2 queriers. [Defect ID 46039/46045]

Work-aro u n d: If an IGMPv2 router is present on the network, do not configure version 3 with the ip igmp-proxy version command on that network interface. (Version 2 is the default.)

 The default value for the IGMPv3 proxy unsolicited report interval timer should

be 1 second rather than 10 seconds (the value for v2). [Defect ID 46040]

 The E-series router does not log a warning when it receives an IGMPv2 query

but is not configured to use IGMPv2 on the interface. [Defect ID 46046]

 When more than about 100,000 mapped OIF entries are configured on a

virtual router, issuing the no virtual router command for this and other virtual routers does not delete all the virtual routers within the deletion timeout interval (3 minutes). The virtual routers do eventually delete after this timeout. [Defect ID 63882]

 After an SRP stateful switchover completes on an ERX-1410 router configured

with a single VPN routing and forwarding instance (VRF) and Network Address Translation (NAT), the SRP module that becomes active after the switchover resets. [Defect ID 180058]

Known Problems and Limitations  41

Release 10.0.3

 IP interface statistics become inconsistent when a slot is reset, because some

traffic (such as control traffic) might be destined for the SRP module and is therefore counted elsewhere. [Defect ID 26697]

 When a router configured with PIM on a virtual router undergoes multiple

warm restarts, the router subsequently hangs when an IP profile is configured. [Defect ID 176470]

 The ip route permanent command does not work properly. [Defect ID 34303]

Work-aro u n d: Issue the ip alwaysup command to prevent the route from being

removed from the IP routing table after the interface is shut down.

 Logical port 20 on the ES2-S3 GE-20 IOA is reserved for the hardware multicast

packet replication feature. Logical port 20 and the hardware multicast replication feature are not supported on the ES2-S3 GE-20 IOA in this release. [Defect ID 84727]

 If you have a large configuration on a hybrid module combination (OC3/STM-1

GE/FE line module with the OC3-2 GE APS I/O module), boot from NVS, and issue the slot erase command before booting has completed, the line module resets. [Defect ID 64104]

Work-aro u n d: To recover from the error, issue the slot reload command anytime after the module begins to reset.

 When MPLS and IS-IS are configured on Ethernet interfaces, you cannot delete

the interface after the IP address is removed. This issue is not a problem on Ethernet VLAN interfaces. [Defect ID 66813]

 Deleting a VRF with 32,000 static subscriber interfaces fails to complete.

[Defect ID 82670]

Work-aro u n d: Use a macro to delete all static subscriber interfaces before you delete a VRF.

IPSec

 In a network where you use the tunnel signalling command to specify that the

security parameters and keys are configured manually for IPSec tunnels between VRs, the line modules reset when you delete and then re-create the IPSec tunnels. If you attempt to configure the tunnels again after the modules come back up, the line modules reset again.

Work-aro u n d: Configure the IPSec tunnels to use ISASKMP/IKE to negotiate SA and establish keys. [Defect ID 178304]

 IPSec tunnels created over Fast Ethernet interfaces fail to come up. [Defect ID

179256]

Work-aro u n d: After you create the tunnel, bounce the tunnel interface by issuing the shutdown/no shutdown command sequence. The tunnel comes up successfully.

JUNOSe 10.0.3 Release Notes

42  Known Problems and Limitations

IS-IS

 IS-IS graceful restart (nonstop forwarding) does not work on the broadcast

interface when the restarting router is the designated intermediate system (DIS). Graceful restart works properly when the restarting router is not the DIS. [Defect ID 61496]

 On a router configured with IS-IS and BFD, using the redundancy force srp

command to force an SRP switchover sometimes brings down IS-IS and BFD. [Defect ID 179287]

L2TP

 After a unified ISSU completes on a router functioning as an L2TP access

concentrator (LAC), traffic outages occur on the L2TP network server (LNS)-facing interface at the LAC in a configuration with 16,000 or 32,000 L2TP sessions over 500 tunnels. [Defect ID 180147]

 When the LAC–to–LNS data path runs over an MPLS tunnel and the MPLS

tunnel originates or terminates at the LAC on an ES2 10G LM or an ES2 10G Uplink LM, the L2TP data traffic that originated or terminated at the LAC is discarded. [Defect ID 87260]

MLD

 MLDv2 proxy is not supported. [Defect ID 46038]

 The default value for the MLDv2 proxy unsolicited report interval timer should

be 1 second rather than 10 seconds (the value for v1). [Defect ID 46040]

 The E-series router MLDv2 proxy does not operate correctly in the presence of

MLDv1 queriers. [Defect ID 46039/46045]

Work-aro u n d: If an MLDv1 router is present on the network, configure version 1 with the ipv6 mld-proxy version command on that network interface. (Version 2 is the default.)

 The E-series router does not log a warning when it receives an MLDv1 query

but is not configured to use MLDv1 on the interface. [Defect ID 46046]

MLPPP

 Failure to meet all of the following conditions for fragmented packets can result

in an incorrect operation during packet classification of the resulting reassembled packet: [Defect ID 50111]

 The initial fragment of a packet must either contain the entire MLPPP

packet or be greater than 128 bytes.

 The fragment size of the peer must not be lower than 128 bytes.

 The initial fragment of a packet must be larger than subsequent fragments

of that packet.

Known Problems and Limitations  43

Release 10.0.3

Mobile IP

 Traffic statistics for dynamic subscriber interfaces associated with mobile IP

subscribers are not maintained as the subscribers move between mobile IP nodes. Consequently the reported interface statistics are only the values accumulated since the last time a mobile node moved. [Defect ID 174509]

 The clear ip mobile binding nai @realm command does not work. [Defect ID

178652]

Work-aro u n d: Use the following version of the command instead:

clear ip mobile binding nai user@realm

 The @realm variable and the @ keyword alone do not work for the show ip

mobile binding command. [Defect ID 178653]

Work-aro u n d: You can use the user@realm syntax instead to display the binding for a specific user, as in this example: host1#show ip mobile binding nai xyz@example.com. Alternatively, you can display the entire Mobile IP

binding table by issuing the show ip mobile binding command without additional options.

 The setup rate for Mobile IP client sessions decreases when you repeatedly

bring a large number of sessions down and back up. [Defect ID 178760]

 When mobility bindings are present and you delete the mobile IP home agent

with the no virtual router command, Mobile IP sends a RADIUS Acct-Stop message with no accounting statistics for the subscribers. [Defect ID 179081]

Work-aro u n d: Issue the clear ip mobile binding all command before you issue the no virtual router command. The clear command clears all the MIP subscribers and sends a RADIUS Acct-Stop message with the appropriate accounting statistics for the subscribers.

MPLS

 When you issue a traceroute or trace mpls command to trace the paths of

router packets over MPLS interfaces on an ES2 10G LM or ES2 10G Uplink LM, the results include an extra unknown host. [Defect ID 174537]

 When the IPv4 explicit null label appears anywhere other than at the bottom of

the label stack, TTL expiration for this label is not handled correctly. As a result, traceroute does not work correctly for LSPs that have the IPv4 explicit null label anywhere other than at the bottom of the label stack. [Defect ID 76037]

 If LSPs are announced into IS-IS, then the IS-IS routes cannot be used for

multicast RPF checks, because LSPs are unidirectional. [Defect ID 28526]

Work-aro u n d: Configure static RPF routes with native hops when LSPs are autoroute announced to IGPs.

 You cannot use an underscore character (_) in an MPLS tunnel name. [Defect

ID 31291]

JUNOSe 10.0.3 Release Notes

44  Known Problems and Limitations

 When you upgrade the router to JUNOSe Release 7.1.0 or a higher-numbered

release from a release numbered lower than Release 7.1.0, remote ATM layer 2 over MPLS circuits (also known as MPLS shim interfaces) that use Martini encapsulation are erroneously signaled with the control word attribute setting “Control word is not preferred by default”. Because control words are required for these MPLS shim interfaces, these circuits should instead be signaled with the setting “Control word is preferred by default”. [Defect ID 87048]

Work-aro u n d: To reinstate the proper setting (“Control word is preferred by default”), remove the MPLS shim interface from the ATM subinterface and then reconfigure it.

Multicast

 When you configure more than 10,219 outgoing interfaces (OIFs) on the same

ES2 10G LM in a single multicast group, the configuration of the multicast group’s OIF membership from the SRP module to the line module exceeds the size of a single message and is sent in fragments. Because of this fragmentation, the ES2 10G LM generates the following error message: [Defect ID 81768]

pc: 0x9e5c88: -> fatalPanic(void) offset: 0x8

Netflow

 Flow sampling stops after a cold switchover on a router that is configured with

16 VRs and 32 interfaces per VR, when all flows are passing through the configuration (32 flows per VR). [Defect ID 74477]

Work-aro u n d: After the cold switchover is completed, reissue the ip flow-sampling-mode packet-interval 10 command on each VR, even though

the command is present in the configuration.

 The OC3/STM1 GE/FE line module might reset after sending Ethernet traffic

into a VPLS network in a test environment when Ethernet packets are flooded to remote VPLS bridges. [Defect ID 74540]

Policy Management

 On the E320 router, redirecting a large configuration with thousands of

interfaces to a script file can take a long time, perhaps exceeding a half-hour depending on the configuration. [Defect ID 80429]

 No logs are created if you use the policy-list option when logging

policyMgrPacketLog events. [Defect ID 87203]

 When you attach a policy to an interface and the policy contains a classifier

rule that is unsupported for that interface, the CLI generates a message and the policy is applied. However, if an existing policy is already attached to that interface, then support for the new policy is not checked and the invalid policy is applied to the interface without warning. The results of this attachment are not predictable. [Defect ID 83562]

Known Problems and Limitations  45

Release 10.0.3

 If you have removed the last rule in a policy list, the router generates a warning

only after you exit Policy List Configuration mode. If you have removed the last policy rule and then added a classifier group before you exit Policy List Configuration mode, the router does not generate a warning about removing the last rule. [Defect ID 83834]

 When an MD-Port-Number value greater than 65,535 is sent to an E120 or

E320 router by means of a COA request, the value that is displayed in the UDP header of mirrored packets is the actual value minus 65,536. For example, an MD-Port-Number of 65,540 is displayed in the mirrored packet as 4. [Defect ID 84712]

 On the E120 and E320 routers, when a mirror rule is deleted after a CoA

request is sent with Juniper-LI-Action set to No-Action, the existing mirroring session is not disabled. [Defect ID 84826]

 When you attach certain hierarchical policies to subinterfaces as input policies,

secondary input policies, and output policies, incoming traffic loss can occur when the number of subinterfaces to which the policies are attached exceeds

4600. [Defect ID 86741]

 On E320 line modules that support secure policies, the SRP module enables

you to configure more than 1022 secure policies per module.

Work-aro u n d: To avoid potential performance issues, we recommend that you do not configure more than 1022 secure policies per module. [Defect ID 175756]

 Unified in-service software upgrade (unified ISSU) is not supported on an E120

or E320 router if a hierarchical policy is attached to an external parent group. [Defect ID 177478]

 When you reload the slot holding a GE-2 or GE-HDE line module and you have

configured more than about 2,000 policies with rate limiting on that module, the drop count becomes more than expected. This unexpected drop count does not occur when you create the same configuration after you reload the router to the factory-default configuration. [Defect ID 175696]

Work-aro u n d: If you must reload the slot, issue the slot erase command after you do so and then reconfigure the policies on the line module.

 When you modify a rate-limit profile in Global Configuration mode after the

system is in a scaled state, changes to the rate-limit profile fail owing to lack of adequate policy resources. However, the changed value of the rate-limit profile is displayed in the output of the show rate-limit profile command. [Defect ID 79342]

Work-aro u n d: To avoid this problem, do not update the rate-limit profile in Global Configuration mode in a scaled environment.

JUNOSe 10.0.3 Release Notes

46  Known Problems and Limitations

 When you enter the no ip policy-parameter hierarchical parameterName

command or no ipv6 policy-parameter hierarchical parameterName command for a hierarchical policy-parameter type in Interface Configuration mode, the explicit reference of the parameter is removed successfully from the interface. However, the Referenced by interfaces field in the output of the show policy-parameter command does not change from the previously configured value to implicit. [Defect ID 183957]

Work-aro u n d: To correct this problem, remove the entire interface configuration.

PPPoE

 The E-series router erroneously accepts a PADI with a payload length of 0

instead of rejecting it and incrementing the PPPoE Invalid PAD packet length counter. [Defect ID 48356]

QoS

 On the E120 and E320 routers, you cannot attach QoS profiles to L2TP tunnels

by means of the CLI because the CLI does not pass the router ID to QoS. [Defect ID 81516]

 Incorrect output is sent to the CLI the first time you enter Global Configuration

mode or issue the show subscribers command after viewing the VLAN subinterface over which a subscriber is connected. [Defect ID 84507]

 When QoS resources such as failure nodes and statistics bins are exhausted

because of insufficient memory available on the line module, the failures are properly logged, but additional log messages are generated every 10 minutes that report zero failures. [Defect ID 85105]

 Egress traffic may be dropped on OC12/STM4 ATM interfaces if you have

shaped the port rate to more than 542 Mbps. [Defect ID 83785]

Work-aro u n d: Do not exceed a shaped port rate of 542 Mbps.

 Egress strict-priority packets may experience high latency on OC3/STM1 ATM

interfaces associated with the ES2 4G LM if you have shaped the port rate to more than 148.5 Mbps. [Defect ID 80378]

Work-aro u n d: To ensure low strict-priority latency, shape the port rate to no more than 148.5 Mbps.

 An error message regarding the qos-parameter instance

QosParameterDefinition is erroneously generated on an ERX-1440 router when it is configured for L2C and QoS RAM and receives TLV 144 (DSL Type). The parameter instantiation actually functions properly. [Defect ID 80620]

 PPP sessions may be dropped if you change the shaping rate in a QoS profile

that affects thousands of circuits while QoS traffic affected by the profile is being forwarded. [Defect ID 82950]

Work-aro u n d: Do not change the shaping rate in a QoS profile that affects thousands of circuits while QoS traffic is using the profile.

Known Problems and Limitations  47

Release 10.0.3

 The no qos-parameter-define definition command does not delete the

specified QoS parameter definition. [Defect ID 176844]

Work-aro u n d: Remove the interface and add the desired QoS parameters when you re-create the interface instead of deleting the definition.

 When you perform an SNMP walk of the juniQosQueueStatistics MIB, a timeout

of up to 5 minutes ensues, during which the SRP module CPU utilization goes to 100 percent. [Defect ID 62252]

 The router cannot resolve inconsistent requests caused by two QoS profiles

that modify the same scheduler property inconsistently. [Defect ID 61485]

Work-aro u n d: Avoid using two QoS profiles that modify the same scheduler property inconsistently, such as setting different values for the shaping rate for the same S-VLAN node.

 The CLI erroneously enables you to configure a QoS profile with the ethernet

node group command. [Defect ID 80861]

 On a router that has both an ES2 10G LM and an ES2 4G LM installed, the byte

count reported by the show fabric-queue egress-slot command is incorrect. The reported packet count is correct. [Defect ID 80965]

 The compound shared shaping feature does not work properly on egress

forwarding ASIC 2 (EFA2)-based ATM line modules when the shared shaper is queue-controlled as opposed to node-controlled. In a node-controlled configuration, in which you configure the shared-shaping rate on the best-effort scheduler node for the logical interface, integration of the EFA2 and ATM segmentation and reassembly (SAR) schedulers functions properly. However, in a queue-controlled configuration, in which you configure the shared-shaping rate on the best-effort queue for the logical interface, integration of the EFA2 and ATM SAR schedulers does not function properly. [Defect ID 69167]

Work-aro u n d: Use node-controlled compound shared shaping configured on the best-effort scheduler node with EFA2-based ATM line modules.

 The dynamic shaping rate calculated by the simple shared shaper can vary

because of the variation in the enqueue rate of the constituent queues. Even when the offered load is constant, the mechanism that calculates the enqueue rate introduces a slight variation, introducing a slight variation in the calculated dynamic shaping rate. [Defect ID 80938]

Service Manager

 When a subscriber has subscribed for a service, service session accounting

records always contains a default Acct-Terminate-Cause value of 10. This value remains unchanged even after you use the terminate-code command to configure a custom mapping between application terminate reasons and RADIUS Acct-Terminate-Cause attributes. [Defect ID 181043]

 After you activate an independent IPv6 service and issue either of the following

commands on the default virtual router or any other virtual router, except the one on which the subscriber session is active, no output is displayed in the CLI interface: [Defect ID 181929]

JUNOSe 10.0.3 Release Notes

48  Known Problems and Limitations

 show service-management subscriber-session subscriberName interface

interfaceType interfaceSpecifier

 show service-management subscriber-session subscriberName interface

interfaceType interfaceSpecifier service-session serviceName

This problem also occurs when a subscriber is authenticated using a RADIUS server for a combined IPv4 and IPv6 service in a dual stack.

Work-aro u n d: To avoid this problem, use the show service-management owner-session ownerName ownerId command to display subscriber session information based on the session owner, instead of the show service-management subscriber-session subscriberName interface

interfaceType command to display details on subscriber sessions.

SNMP

 When you configure the router with an address pool that has two IP address

ranges, only the range that you configured first is available via the MIB. [Defect ID 61232]

SONET

 You cannot use the highest sensitivity bit-error rate setting (a value of 9)

associated with APS/MSP alarm when you issue the threshold sd-ber command to configure a cOCx/STMx line module with cOC12-APS-capable IOAs. [Defect ID 72861]

Work-aro u n d: Use only a value in the range 5–8 when you issue the threshold sd-ber command for this module combination, as in the following example:

host1(config)#controller sonet 2/1 host1(config-controll)#aps group boston host1(config-controll)#aps protect host1(config-controller)#threshold sd-ber 6

SRC Software and SDX Software

 The SRC client does not prevent you from changing the name of the router

while the client is connected to the SAE, resulting in SAE issues such as lost IP addresses and stale users. [Defect ID 77102]

Work-aro u n d: To change the router name while the SRC client is connected to the SAE, shut down the SRC client, change the name, then re-enable the SRC client.

 When multiple IPv6 interfaces are configured with policies attached from SRC,

only some of the IPv6 interfaces have the policies attached. [Defect ID 179498]

 Changing the SSCC status (enable/disable) while IPv6 interfaces are configured,

might cause the SRP to reset. [Defect ID 179537]

Known Problems and Limitations  49

Release 10.0.3

Stateful SRP Switchover (High Availability) and IP Tunnels

 A memory leak of about two percent can occur on the ES2 10G LM and result in

a module reset when a large number of successive SRP switchovers take place with active DHCP clients. [Defect ID 86245]

 When you issue show commands as soon as the CLI is available after a stateful

SRP switchover, the commands can hang until the warm restart is completed. [Defect ID 85306]

 After a stateful SRP switchover, forwarding of VPN traffic might not resume if

the core interface that carries an MPLS base tunnel with LDP over RSVP-TE flaps (constantly goes up and down). [Defect ID 182019]

Subscriber Interfaces

 When you change the demultiplexer type on a primary interface that has 1024

demultiplexer table entries, the ICC ping threshold times out due to the removal of the old entries and the addition of the new ones. [Defect ID 175029/ 182218]

 The ES2 10G LM does not support framed routes configured for dynamic

subscriber interfaces. [Defect ID 83154]

Subscriber Management

 When a dynamic GRE tunnel interface for Mobile IP relocates between SM

modules because the original SM reloads, Mobile IP deletes the relocated tunnel interface. [Defect ID 178399]

 When the major Ethernet interface is bounced, the dynamic VLAN interfaces

are removed but the dynamic subscriber interfaces remain in the down/not present state even after the DHCP client renegotiates the same IP address from the DHCP server. [Defect ID 81269]

Work-aro u n d: Use the no interface ip ipAddress command to remove the dynamic subscriber interfaces. Although you can use the dhcp delete-binding command to remove the DHCP binding and the dynamic subscriber interfaces, the DHCP client does not detect the binding removal and retains the lease.

System

 You cannot use a configuration script to boot the E320 router. [Defect ID

80304]

 If you hot swap an IOA and then remove it again before that IOA’s OK or FAIL

LED is illuminated, the associated line module can reset. [Defect ID 177313/177267]

Work-aro u n d: Ensure that you firmly insert the IOA into the chassis when you hot swap IOAs. Do not attempt a second hot swap of an IOA that has not indicated that it completed the first hot swap cycle. You can remove the IOA when either its OK or FAIL LED is illuminated.

JUNOSe 10.0.3 Release Notes

50  Known Problems and Limitations

 If your router is in Manual Commit mode, then you must issue the write

memory command before you perform an SRP module switch or a manual

reload. You must do this even when you have made no changes to the system configuration and the file systems are synchronized. [Defect ID 44469]

System Logging

 The show configuration category management syslog virtual-router default

command incorrectly displays logs for multiple syslog destinations when you add a log to only one syslog destination. The show log configuration command shows the correct configuration. [Defect ID 84082]

TCP

 The SRP module resets in any of the following circumstances on an E320

router that has a line module configured with 5000 ANCP adjacencies: [Defect ID 176916]

 When you issue the issu initialization command from the console and

then reload the line module from a Telnet session.

 When the client that has the 5000 ANCP clients resets or an intermediate

switch resets.

 When you reload the line module.

Unified ISSU

 ATM line modules might reset after a unified ISSU when you attempt to add

memory to a VLAN subinterface in a large bridged Ethernet configuration. [Defect ID 178798]

 Unified ISSU is not supported with 8000 bridged Ethernet interfaces on an

OC3/STM1 GE/FE ATM line module. [Defect ID 179547]

 When any of the subsystems is excluded for a JUNOSe release, a unified ISSU

to that release fails to apply conversion code to all of the line modules. As a result, the line modules reset when they come up with that release. [Defect ID 179595]

Work-aro u n d: To prevent the exclusion of a subsystem file from the release, do the following before you upgrade to a new JUNOSe release that supports unified ISSU:

1. Issue the show subsystems file fileName.rel command, where fileName is the name of the software release file, to determine whether any of the subsystem files are excluded from the release.

2. For each subsystem file that is excluded, issue the no exclude-subsystem subsystemName command to remove the exclusion for the specified subsystem file.

If you copied the software release to the router before removing the subsystem file from the exclusion list, you must copy the release to the router again to ensure that all subsystem files are included in the release.

Resolved Known Problems  51

Release 10.0.3

Under certain conditions, a unified ISSU from JUNOSe Release 9.2.0p1-0 to the current release fails, and causes the SRP module and the ES2 4G LM to reset. [Defect ID 179975]

Resolved Known Problems

Release 10.0.3 is based on the 10.0.2p0-1 patch release and incorporates all problem resolutions found in that release. For information about resolved problems in a patch release, customers with valid service agreements may log in to the JUNOSe Download Software page on the Customer Support Center Web site at https://www.juniper.net/support/csc/swdist-erx/. Select the Patch Release History for the JUNOSe release you are interested in.

The following problems were reported open in Release 10.0.2 and have been resolved in this release, or have been resolved since the 10.0.2p0-1 patch release. For more information about particular resolved problems, you can log in to the JUNOSe Knowledge Base at https://www2.juniper.net/kb/, enter the defect ID number in the Search by Keyword field, and click Search.

AAA

 AAA subscriber limit per virtual router cannot be set beyond 32000. [Defect ID

90243]

ATM

 After upgrading port showing “cannot get operational” status on aal5 interface

(hardware not present) [Defect ID 90068]

 SRP reset type: panic; file: apterLocation.cc; line: 179; task: snmp_Data_1.

[Defect ID 90202]

CLI

 SIT_11.0.0b0-6: SRP Crash: reset type: panic arg (0x6) file: osPool.cc line: 1290

task: IpSubscriberMana [Defect ID 184506]

 SRP crash: reset type: exception 0x300 (data access: protection violation (write

attempt))task: telC42083 [Defect ID 73380]

 When you attempt to access the router through telnet or the CLI, the router is

unavailable. However, the router responds to SNMP messages. [Defect ID 82970]

 After creating a secure classifier list, the CLI session stops operating when

executing a show classifier-list command. [Defect ID 86165]

 SRP reset type: panic arg (0x30000004); file: 2tpEngineSlot.cc; task: l2tp

[Defect ID 90034]

DHCP

 DHCP server deletes binding when the release is received with different IP

addresses. [Defect ID 184484]

JUNOSe 10.0.3 Release Notes

52  Resolved Known Problems

 DhcpBasePlugIn::receivePacket() debugs displayed on line module for every

DHCP packet received. [Defect ID 89934]

 SRP reset type: processor exception 0x300 task: dhcpRelay_dhcpRe

doMacAddressChange [Defect ID 90059]

 SRP reset type: panic file: dhcpRelay.cc task: dhcpRelay_dhcpRe

deleteMsnvRoutesWorker [Defect ID 90095]

DHCP Relay

 SRP crash - reset type: panic task: dhcpRelay_dhcpRe file: dhcpRelay.cc line:

11249 [Defect ID 90123]

DHCP Server

 IP DHCP-LOCAL limit for LAG interfaces is not preserved through a reboot

[Defect ID 90146]

DoS

 DoS-protection-group configuration for IpLocalLspPing is not working as

expected. [Defect ID 88877]

 eset type: exception 0x68616c74 (halt);halter PC:

0x1cb5928;Lm10DosAdaptationLayer::DosEngine::sendEngineRequest [Defect ID 90200]

Ethernet

 Few COA-ACK packets sent from the ERX router are missing under

control-plane load. [Defect ID 89788]

 Dynamic VLAN subinterfaces get stuck in down state after a link flap on a

Tengig port. [Defect ID 184983]

 In the Gigabit Ethernet line modules, the CPU usage increase after upgrade to

9.1.2 due to unified ISSU changes. [Defect ID 89846]

Forwarding

 LM10A or LM10+ crashes when removing merge policies;

file:aptationLayer.cc; line: 7515; task: scheduler. [Defect ID 185102]

 Memory Leak observed in NWT LAB when flapping DHCP and PPPoE

subscribers on LM10. [Defect ID 185871]

 Multicast admission bandwidth in adaptive mode blocking multicast streams

[Defect ID 87822]

 Unable to send message type X to address (15a15 0) because ICC returned

error code Y log message not clear. [Defect ID 89524]

 Few COA-ACK packets sent from the ERX router are missing under

control-plane load. [Defect ID 89788]

Resolved Known Problems  53

Release 10.0.3

 ES2 10G LM experiencing memory leak in KTREE on LM10. [Defect ID 90088]

 LM10 leak in 24Byte STL pool object caused by rate-limits

(Hw2LuTokenBucketNhDescriptorArrayFtii) [Defect ID 90155]

 Recovery for single-bit and double-bit ECC errors. [Defect ID 90242]

 EMEA:LM10 Reset: type: exception 0x700 (program); lr:

Ktree::TwoWayBlockBase::adoptNextNode(bool, Ktree::Node * [Defect ID 90285]

Hardware

 show configuration commands disappear when removing hardware. [Defect

ID 89679]

 After a unified ISSU, the Gigabit Ethernet interface dropped a few egress

packets on some ports and sometimes dropped all egress packets on one port. [Defect ID 89756]

 Gigabit Ethernet interface in failed state where link is down but interface is up.

[Defect ID 89942]

 SN for fan in show hard not updated when fan is swapped. [Defect ID 90008]

 LM10A experiencing memory leak in memory pool LuCodeBranch on LM10.

[Defect ID 90249]Edited

 ERX-310 is not generating core dump on pressing NMI button. [Defect ID

89081]

HTTP Server

 HTTP Server doesn't SYN+ACK any TCP SYN from clients when having high

number of requests. [Defect ID 90152]

IGMP

 Stale IGMP entries [Defect ID 89662]

 The output of the show ip traffic command erroneously displays IGMP packets

on ES2 10G LM, as multicast packets. [Defect ID 90041]

 High CPU utilization. [Defect ID 90081]

IS-IS

 'ldpGeneral:rsLdpTopologyDriven.cc:519:addRoute:a.b.c.d not found' severity

level is incorrectly set to NOTICE [Defect ID 89882]

L2TP

 SRP reset type: panic; file: l2tpTunnel.cc; task: l2tp [Defect ID 89967]

JUNOSe 10.0.3 Release Notes

54  Resolved Known Problems

PPPoE

 When many PPPoE subscribers were attempting to reconnect on a line

module, the RADIUS server experienced an outage. Some of the subscribers were unable to reconnect. Some subscribers recieved PADRs but no PADS could be sent. [Defect ID 90216]

QoS

 ES2 10G LM in slot 0 crashed - reset type: panic arg (0xda) file: templateRam.cc

line: 305 [Defect ID 90093]

Service Manager

 When you activate independent IPv4 and IPv6 services for a subscriber session

on an IPv4 interface, although the IPv6 service is activated, it is not deleted and stops responding when the subscriber logs out of the session. Similarly, when you activate independent IPv4 and IPv6 services for a subscriber session on an IPv6 interface, although the IPv6 service is activated, it is not deleted and stops responding when the subscriber logs out of the session.

This problem might occur if there is a mismatch between the configured service and the interface associated with the subscriber. For example, this problem might occur when you try to provision an IPv4 service on an IPv6 interface. This problem is also observed only when Service Manager support for combined or independent IPv4 and IPv6 services is available in JUNOSe Software. [Defect ID 181626]

 Partial activation of subscriber service sessions occurs in a dual stack of

combined or independent IPv4 and IPv6 services, even when an invalid Ascend-Data-Filter attribute is returned from the RADIUS server. This problem occurs only when both the following conditions are satisfied: [Defect ID 181500]

 Service Manager supports combined, or independent, IPv4 and IPv6

services in a dual stack

 Both the Activate-Service and Ascend-Data-Filter VSAs are passed from the

RADIUS server.

SRC Software and SDX Software

 Problem with re-attaching policies on SDX managed DSI interfaces after a line

module reload. [Defect ID 87326]

 Slot-7 SRP reset type: processor exception 0x700 (program); task:

sssClient_Data_1 [Defect ID 89863]

Unified ISSU

 When L2TP is configured to use the silent failover method for peer

resynchronization and the tunnel endpoints are reachable using an IGP distributed route, unified ISSU fails if the IGP reconvergence time exceeds the maximum retransmission retry time for L2TP. [Defect ID 180769]

Errata  55

Release 10.0.3

Errata

This section identifies errors found in the JUNOSe documentation. These errors are corrected in subsequent releases of the affected documentation.

 The Policy and QoS Maximums (for E120 and E320 routers) table in JUNOSe

Release Notes, Appendix A, System Maximums for Releases 9.x, 10.x, and 11.0.x

incorrectly states that the maximum number of policy classification (CLACL) entries for the ES2 10G Uplink LM is 131,171.

The correct limit for CLACL entries for the ES2 10G Uplink LM in these releases is 65,535.

 The SRC Software and SDC Software section in the Subscriber Management

Maximums table (for the ERX310, ERX7xx, and ERX14xx routers) in Appendix A, System Maximums, of the JUNOSe Release Notes, for the following releases incorrectly mentioned that the maximum number of SRC interfaces supported on all the ERX routers was 48,000.

 Release 9.0.3

 Release 9.1.3

 Releases 9.2.2 and 9.2.3

 Releases 9.3.1 and 9.3.2

 Releases 10.0.1 and 10.0.2

 Releases 10.1.0, 10.1.1, and 10.1.2

 Releases 10.2.0 and 10.2.1

 Release 10.3.0

The correct maximum number of SRC interfaces supported on the different ERX routers is as follows:

 16,000 interfaces on the ERX310 router

 32,000 interfaces on the ERX705 and ERX710 router

 32,000 interfaces on the ERX1410 router

 48,000 interfaces on the ERX1440 router

 The General System Maximums table (for the ERX310, ERX7xx, and ERX14xx

routers) in Appendix A, System Maximums, of the JUNOSe Release Notes, for the following releases incorrectly mentioned that the maximum number of SRC interfaces supported on all the ERX routers was 48,000.

 Releases 9.0.0, 9.0.1, and 9.0.2

 Releases 9.1.0, 9.1.1, and 9.1.2

JUNOSe 10.0.3 Release Notes

56  Errata

 Releases 9.2.0 and 9.2.1

 Release 9.3.0

 Release 10.0.0

The correct maximum number of SRC interfaces supported on the different ERX routers is as follows:

 16,000 interfaces on the ERX310 router

 32,000 interfaces on the ERX705 and ERX710 router

 32,000 interfaces on the ERX1410 router

 48,000 interfaces on the ERX1440 router

 The ERX Hardware Guide and E120 and E320 Hardware Guide fail to state the

following:

 In all the instances where the step on tightening screws for modules was

mentioned, the following caution is omitted.

 Also, in the installation steps and in the set of tools required for performing

a task, the model of the Phillips screwdriver to be used for tightening and loosening screws is not precisely mentioned as No. 2.

 In instances where thumbscrews had to be tightened, these guides fail to

mention that you can hand-tighten the screws to secure the module.

 The ERX Module Guide fails to include a Module Name Cross-Reference

Information appendix. See Appendix B, Module Name Cross-Reference Information, in these Release Notes for a single table that lists the module label

name, software display name, and the model number for each module for ERX routers.

 The description concerning use of ferrite beads for the following IOAs in the

E320 and E120 Module Guide is incorrect. Ferrite beads are no longer required to be used with the following copper SFPs:

 ES2-S1 GE-4 IOA

 ES2-S1 GE-8 IOA

 ES2-S3 GE-20 IOA (with Finnisar FCLF8522P2BTL–J1SFP only); for all other

ES2-S3 GE-20 IOAs, a ferrite bead is still required.

 In the E120 and E320 Module Guide, the Cables and connectors (multimode

[SX]) row in the tables for the GE-4 IOA, GE-8 IOA, and GE-20 IOA erroneously states that the maximum transmit power is -4dBm. In fact, the maximum transmit power for these IOAs with multimode cable is -3dBm.

CAUTION: Do not overtighten the screws.

Errata  57

Release 10.0.3

 The Command-Line Editing Keys table in JUNOSe System Basics Configuration

Guide, Chapter 2, Command-Line Interface fails to include the following key

combinations:

 Ctrl+q—Resumes a Telnet or console session; use if the Telnet or console

session appears frozen or unresponsive

 Ctrl+s—Suspends a Telnet or console session

 Esc+f—Moves the cursor forward one word

 In JUNOSe System Basics Configuration Guide, Chapter 4, Configuring SNMP, the

Monitoring Interface Tables section contains a topic whose heading is incorrect. Although the title of that section is show snmp group, the information described in it relates to the show snmp interfaces command.

The correct heading for that section is show snmp interfaces. The field descriptions and usage guidelines for the show snmp group command are available in a separate section under the Viewing SNMP Status main section of the same chapter.

 JUNOSe System Basics Configuration Guide, Chapter 7, Managing High

Availability, fails to mention that during a stateful SRP switchover, the BFD transmit interval is set to 1000 ms with a detection multiplier of 3. These values result in a liveness detection interval of 3000 ms. This longer interval helps prevent a BFD timeout during the switchover. BFD negotiates the interval with the remote peer before applying the temporary change. The BFD timers revert back to the configured values after 15 minutes (the maximum duration for graceful restart completion).

 In JUNOSe System Basics Configuration Guide, Chapter 8, Configuring a Unified

In-Service Software Upgrade, the DHCP Relay Server row in the Application

Support for Unified In-Service Software Upgrades table is incorrectly marked as unsupported for the unified ISSU operation. DHCP relay has supported unified ISSU since JUNOSe Release 9.2.0.

 The DHCP Affected Behaviors section in JUNOSe System Basics Configuration

Guide, Chapter 8, Configuring a Unified In-Service Software Upgrade, incorrectly

contains the DHCP Relay and DHCP Relay Proxy Prevent Unified ISSU section, which indicates that the DHCP relay and DHCP relay proxy applications do not support unified ISSU.

Both the DHCP relay and relay proxy applications began supporting unified ISSU in JUNOSe Release 9.2.0. Therefore, you need not unconfigure these applications from all virtual routers to perform a unified ISSU operation for JUNOSe Release 9.2.0 and higher-numbered releases. DHCP relay proxy continues processing of DHCP release requests during the unified ISSU to maintain server-client synchronization.

 The DHCP Affected Behaviors section in JUNOSe System Basics Configuration

Guide, Chapter 8, Configuring a Unified In-Service Software Upgrade, incorrectly

contains the DHCP External Server Prevents Unified ISSU Operation section, which indicates that the DHCP external server application does not support unified ISSU.

JUNOSe 10.0.3 Release Notes

58  Errata

DHCP external server began supporting unified ISSU in JUNOSe Release 10.0.0. Therefore, you can perform unified ISSU even when the DHCP external server is configured on the virtual router for JUNOSe Release 10.0.0 and higher-numbered releases.

 The Monitoring Suspicious Control Flow section in JUNOSe System Basics

Configuration Guide, Chapter 9, Passwords and Security, incorrectly contains a

section titled show snmp interfaces. The discussion in this section is only about commands to monitor suspicious control flows, while the show snmp interfaces command is used to view SNMP status.

The show snmp interfaces command is described in detail in the Monitoring Interface Tables section in Chapter 4, Configuring SNMP. However, the heading of the subtopic in that section incorrectly reads show snmp group, while the description is about the usage of the show snmp interfaces command.

 JUNOSe System Basics Configuration Guide, Appendix B References, and JUNOSe

IP Services Configuration Guide, Chapter 7, Configuring ANCP, fails to state the

correct version of the GSMPv3 Base Specification.

The correct version of the IETF draft is draft-ietf-gsmp-v3-base-spec-06.txt and not draft-ietf-gsmp-v3-base-spec-07.txt.

 In the Monitoring the Current Configuration section of JUNOSe System Basics

Configuration Guide, Chapter 5, Managing the System, the example for the

service check-config command is incorrect. The correct example is host1(config)#service check-config auto and not host1(config)#service

config-check auto.

 The ES2 10G Uplink LM Combination and ES2 10G LM Combination, sections in

JUNOSe Physical Layer Configuration Guide, Chapter 5, Configuring Ethernet Interfaces incorrectly indicates that the IOAs on these LMs can also support 9.6

Kbps jumbo packets at both the ingress and egress.

The correct unit specification for the maximum receive unit (MRU), which is referenced in this line, is bytes and not Kbps. Therefore, the correct size of jumbo packets that these IOAs can support at both the ingress and egress is 9600 bytes. This value refers to the maximum allowable size in bytes of the MRU for the jumbo Ethernet frames and not the maximum allowable size in bytes of the MTU (frames transmitted from the egress interface).

 In the JUNOSe documentation for Release 8.0.0 and higher-numbered releases,

the auto-revert keyword, which is used with the redundant-port command to configure Ethernet link redundancy for an IEEE 802.3ad link aggregation group (LAG), was incorrectly documented as requiring the keywords auto-revert on to enable auto-reversion and auto-revert off to disable auto-reversion. In fact, the keywords on and off are not valid for auto-revert. An example of the correct command for enabling auto-reversion is as follows, where gigabitEthernet 1/1 is the redundant link for an 802.3ad LAG interface:

host1(config-if)#redundant-port gigabitEthernet 1/1 auto-revert

Errata  59

Release 10.0.3

The erroneous information appears in the following guides in the JUNOSe documentation set:

 JUNOSe Release 8.0.0—Reverting After a Failover section in JUNOSe

Physical Layer Configuration Guide, Chapter 6, Configuring Ethernet Interfaces

 JUNOSe Releases 8.1.0, 8.2.0, and 9.0.0—Reverting After a Failover section

in JUNOSe Physical Layer Configuration Guide, Chapter 5, Configuring

Ethernet Interfaces

 JUNOSe Releases 9.1.0, 9.2.0, 9.3.0, and 10.0.0—Reverting After a Failover

section in JUNOSe Link Layer Configuration Guide, Chapter 6, Configuring

802.3ad Link Aggregation and Link Redundancy

The redundant-port auto-revert command was also erroneously omitted from the procedure in the Configuring Ethernet Link Redundancy section of these chapters.

 In the Configuring PIM SSM section of Chapter 3, Configuring PIM for IPv4

Multicast of the JUNOSe Multicast Routing Configuration Guide, the SSM group

multicast address limit is incorrect. For JUNOSe Release 8.2 and higher-numbered releases, the correct SSM group multicast address limit is IPv4 address range 232.0.0.0/8 and not 232.0.0.0/6.

 In the Configuring Data MDTs section in Chapter 3, Configuring PIM for IPv4

Multicast of the JUNOSe Multicast Routing Configuration Guide, the procedures for configuring the pe13DataMdtSend access-list are incorrect. For correct procedures to configure the default Multicast Distribution Trees (MDT) and the data MDTs for configuring the access list, see Appendix C, Configuring the Default and Data MDTs in the JUNOSe 10.0.2 Release Notes.

 In the Configuring Group Outgoing Interface Mapping section in Chapter 2,

Configuring IGMP of the JUNOSe Multicast Routing Configuration Guide, the term "multicast-date-forwarding" in the first paragraph is misspelled. The correct spelling is "multicast-data-forwarding”.

 In the Graceful Restarts section in JUNOSe BGP and MPLS Configuration Guide,

Chapter 1, Configuring BGP Routing, the following corrections and additions

apply to the working of the BGP graceful restart feature:

 The bgp graceful-restart and neighbor graceful-restart command

sections incorrectly state that advertisement of the graceful restart capability is enabled by default. The correct default behavior of these commands is that BGP graceful restart is disabled, and advertisement of the graceful restart capability is also disabled, both globally and for specified peers or peer groups.

 The bgp graceful-restart command section incorrectly mentions that you

can use the default keyword to restore the default condition, which causes the sending of advertisements of the graceful restart capability to be sent. However, the correct command behavior is that if you use the default keyword with the bgp graceful-restart command, advertisements of the graceful restart capability are not sent.

JUNOSe 10.0.3 Release Notes

60  Errata

 The neighbor graceful-restart command section fails to state that using

the no version of this command disables advertisement of the graceful restart capability for specified peers or peer groups only. The no form of this command does not affect global advertisement of the graceful restart capability.

 The Note in the timeout command section in JUNOSe Broadband Access

Configuration Guide, Chapter 1, Configuring Remote Access fails to mention that

the router uses the backoff algorithm only for subscriber AAA accounting messages except Acct-On messages.

 In the JUNOSe documentation for Release 9.3.x, 10.x.x, and 11.0.x, the

descriptions about support for DSL line rate information retrieval from access nodes for transmission to the SRC software, and the sscc update-policy-request enable command introduced by this feature are erroneously omitted. This feature was introduced in JUNOSe Release 9.3.0.

The information on this functionality and associated command is missing from the following guides in the JUNOSe documentation set:

 JUNOSe Broadband Access Configuration Guide—Configuring the SRC Client

section in Chapter 1, Configuring Remote Access, and Monitoring SRC Client Conection Status section in Chapter 2, Monitoring and Troubleshooting Remote Access

 JUNOSe Command Reference Guide N to Z

See Appendix C, Transferring DSL Line Rate Information from an Access Node to SRC Software, in these Release Notes for detailed information.

 The section Qualifications for Change of Authorization in JUNOSe Broadband

Access Configuration Guide, Chapter 4, Configuring RADIUS Dynamic-Request Server, fails to mention that the Calling-station-id attribute is valid only for the

tunneled subscribers and on the LNS. Also, the Calling-station-id and NAS-Port-Id attributes are valid only if there is no RADIUS override setting.

 The following row was not added to the Local Pool Selection in Equal-Access

Mode table in JUNOSe Broadband Access Configuration Guide, Chapter 18, DHCP Local Server Overview.

Received interface IP address

The router uses the IP address of the interface on which the DHCP packet is being processed and attempts to match it with the network address of a DHCP local pool. If the interface address matches with the IP address configured in the DHCP local address pool on the router, that pool is used to delegate the address to the client.

Errata  61

Release 10.0.3

 The following tables replace the bulleted and numbered lists, which explain the

process used for selection of address pools, in the Local Pool Selection and Address Allocation section under the Standalone Mode Overview main topic in JUNOSe Broadband Access Configuration Guide, Chapter 18, DHCP Local Server Overview.

 The following is additional information to the procedure used to find the IP

address to be allocated to a client after a DHCP local pool is selected in the

Local Pool Selection and Address Allocation section in JUNOSe Broadband Access Configuration Guide, Chapter 18, DHCP Local Server Overview.

If no addresses are available in a pool, the DHCP local server attempts to allocate an address from the linked pool, if such a pool is configured.

Local Pool Selection in Standalone Mode Without AAA Authentication

Field How the DHCP Local Server Uses the Field

Giaddr A giaddr, which indicates a client’s subnetwork, can be presented to the DHCP local server in the client

DHCP REQUEST message. The giaddr field in the DHCP request message usually contains the IP address of a DHCP relay agent. The router attempts to match the giaddr address in the DHCP request message with the network address of a DHCP local pool. If it finds a match, the router uses the matching DHCP local pool.

Received interface IP address

The router uses the IP address of the interface on which the DHCP packet is being processed and attempts to match it with the network address of a DHCP local pool.

Local Pool Selection in Standalone Mode with AAA Authentication

Field How the DHCP Local Server Uses the Field

Framed IP address The client’s RADIUS entry can be configured with a framed IP address, which the DHCP local server can

get from the AAA server when the client is authenticated.

If the AAA server specifies a framed IP address, the DHCP local server attempts to allocate the address pool that contains the framed IP address and allocates that address from the pool. If the framed IP address is not available, then the server allocates the next available address in the pool to the client.

Pool name Each DHCP local pool has a pool name. The client’s RADIUS entry can also be configured with a pool

name, which the DHCP local server can get from the AAA server when the client is authenticated

. The

AAA server must be configured to send RADIUS attributes to DHCP.

If AAA specifies an address pool name, the local server finds the pool with the matching name and allocates an address from that pool.

Domain name You can use a domain name as the name of a DHCP local pool. If RADIUS authenticates the client using a

domain name, the DHCP local server receives the domain name from the AAA server.

If the client’s domain name does not match the name of the DHCP local pool, the router attempts to match the client’s domain name to the domain name field within the pool.

Giaddr A DHCP local pool is configured with a network address. A gateway IP address (giaddr), which indicates a

client’s subnetwork, can be presented to the DHCP local server in the client’s DHCP request message. The giaddr field in the DHCP request message usually contains the IP address of a DHCP relay server. The router attempts to match the giaddr address in the DHCP request message with the network address of a DHCP local pool.

Received interface IP address

JUNOSe 10.0.3 Release Notes

62  Errata

 JUNOSe Broadband Access Configuration Guide, Chapter 19, Configuring DHCP

Local Server fails to state the following additional information for the DHCP local server:

Before you configure a DHCP local server, you must identify which mode to use (standalone DHCP mode or equal-access). If the virtual router does not have the SRC (Session and Resource Control) software, which contributes to the address pool selection, you can use standalone mode using the service dhcp-local standalone command. When the DHCP server operates in standalone mode, SRC software is not used for address allocation.

If you do not specify a mode, equal-access mode is used, by default. When equal-access mode is used, COPS-PR (Common Open Policy Service usage for policy provisioning) is automatically started on the virtual router.

The ip dhcp-local excluded-address command can be specified multiple times. The excluded address must fall within a network that has been specified in the DHCP local pool.

 The command in the section Removing Access Routes from Routing Tables and

NVS in JUNOSe Broadband Access Configuration Guide, Chapter 20, Configuring DHCP Relay, is incorrect.

The correct command is set dhcp relay discard-access-routes and not set dhcp relay discard-access-routers.

 JUNOSe Broadband Access Configuration Guide, Chapter 25, Configuring

Subscriber Interfaces fails to state the differences between dynamic subscriber interfaces (DSIs) and dynamic interfaces (DIs) for remote access to the E Series router. See Appendix D, Subscriber Interfaces Overview, in the JUNOSe 10.0.2 Release Notes for updated information.

 JUNOSe Broadband Access Configuration Guide, Chapter 27, Configuring Service

Manager fails to state that, before you reference a policy in the service definition macro to enable Service Manager to collect statistics, you must enable statistics collection for that policy using the statistics enabled keyword in the command used for policy attachment in the profile.

 JUNOSe Broadband Access Configuration Guide, Chapter 27, Configuring Service

Manager, incorrectly states that the groupIndex variable, which identifies the mutex group for a service, can be a number in the range -1 to -2147483648 or 1 to 2147483648. The correct range for the groupIndex variable is -1 to

-2147483647 or 1 to 2147483646.

 JUNOSe Broadband Access Configuration Guide, Chapter 27, Configuring Service

Manager, incorrectly states that the upper limit for the value that can be specified for Service-Timeout and Service-Volume VSAs as 16777251. The correct upper limit for these VSAs is 16777215. Values greater than 16777215 are recycled, starting from the initial value of 0. For example, if you specify the value for Service-Timeout and Service-Volume VSAs as 16777216 and 16777217, these values are equivalent to 0 and 1 respectively for these VSAs.

Errata  63

Release 10.0.3

 JUNOSe Broadband Access Configuration Guide, Chapter 2, Monitoring and

Troubleshooting Remote Access, fails to include the following information for the

output of the show radius servers command:

If a RADIUS server was never configured on the virtual router, the command displays the following message:

host1#show radius servers no radius servers configured

If a RADIUS server was configured previously and then removed on the virtual router, the command displays the following information:

host1#show radius servers RADIUS Authentication Configuration

-----------------------------------

Monitoring RADIUS Server Information ¦ 1 Udp Retry Maximum Dead IP Address Port Count Timeout Sessions Time Secret Status

------------- ---- ----- ------- -------- ---- ------ ------

RADIUS Accounting Configuration

-------------------------------

Udp Retry Maximum Dead IP Address Port Count Timeout Sessions Time Secret Status

------------- ---- ----- ------- -------- ---- ------ ------

RADIUS Pre-Authentication Configuration

---------------------------------------

Udp Retry Maximum Dead IP Address Port Count Timeout Sessions Time Secret Status

------------- ---- ----- ------- -------- ---- ------ ------

RADIUS Route-Download Configuration

-----------------------------------

Udp Retry Maximum Dead IP Address Port Count Timeout Sessions Time Secret Status

------------- ---- ----- ------- -------- ---- ------ ------

 The description of the bgp graceful-restart command in the JUNOSe Command

Reference A to M incorrectly states that graceful restart is enabled by default. It

also erroneously states that using the default keyword with the bgp graceful-restart command restores the default condition, wherein graceful

restart is enabled. The correct default behavior of BGP graceful restart is that it is disabled, which prevents the advertisement of all BGP graceful restart capabilities. This default behavior has been applicable since the time this command was introduced.

In addition, the Note in this command section inaccurately states that the E Series router supports graceful restart only as a receiving peer and not as a restarting peer. However, E Series routers have supported graceful restart as restarting peers, in addition to functioning as receiving peers, since JUNOSe Release 5.1.0.

JUNOSe 10.0.3 Release Notes

64  Errata

 The JUNOSe Command Reference Guide A to M omits the following information

for the interface loopback command:

You cannot shut down a loopback interface.

 The description of the mpls ldp ip-forwarding command in the JUNOSe

Command Reference Guide A to M fails to state that, although the carriage return,

<cr>, option is displayed when you type a question mark (?) after entering the mpls ldp ip-forwarding command, this command takes effect only if the access-list, host-only, or prefix-list keyword, or a combination of them is

specified. Otherwise, although the command is configured successfully and no error is displayed, labels are not used in the IP routing table for forwarding plain IP traffic. This behavior for this command began in JUNOSe Release

7.1.0, in which the command was introduced.

 The JUNOSe Command Reference Guide A to M and the JUNOSe Command

Reference Guide N to Z fail to state the following additional information for the

relay-format keyword that is available in the mpls-relay and route interface commands:

The relay-format keyword determines the pseudowire PW Type value that is used in LDP protocol messages. For a complete list of pseudowire Type values, see http://www.iana.org/assignments/pwe3-parameters.

If you do not specify the relay-format keyword in the mpls-relay or route interface command, the pseudowire Type value is chosen based on the type of the interface. For Ethernet interfaces, the pseudowire Type value is chosen as Ethernet (0x0005). For VLAN interfaces, the pseudowire Type value is chosen as Ethernet Tagged Mode (0x0004).

 The description of the neighbor graceful-restart command in the JUNOSe

Command Reference N to Z incorrectly states that graceful restart is enabled by

default. The correct default behavior is that graceful restart is disabled. This default behavior has been applicable since the time this command was introduced in JUNOSe Release 7.1.0.

 The description of the neighbor password command in the JUNOSe Command

Reference Guide N to Z incorrectly states that the string variable that specifies

the MD5 password is an alphanumeric text string of up to 80 characters. In fact, the string variable for the MD5 password is an alphanumeric text string of up to 16 characters.

NOTE: We recommend that you configure a 32-bit subnet mask for the loopback

interface. For example, if you configure a loopback interface with the IP address and mask as 1.1.1.1/16, the 1.1.0.0/16 route entry is entered on the line module and if no specific or longer route entry is found, all traffic destined to the

1.1.0.0/16 subnet is forwarded to the SRP module by the line module. Although the SRP module responds only to traffic destined to the 1.1.1.1 subnet and discards traffic to all other host IP addresses within that subnet (1.1.1.1/16), if the SRP module receives too much traffic from subnets other than 1.1.1.1, the CPU utilization on the SRP module reaches the saturation level.

Errata  65

Release 10.0.3

 The JUNOSe Command Reference Guide N to Z omits the following information

for the qos-interface-parent command, beginning with JUNOSe Release 9.2.0 in which it was introduced:

The qos-interface-parent command is available in Interface Configuration mode, as well as in QoS Interface Set Configuration and QoS Interface Superset Configuration modes. The syntax for this command in Interface Configuration mode is:

[ no ] qos-interface-parent interfaceSetName

where:

interfaceSetName—Name of the QoS interface set that is the parent of the interface

This command assigns a QoS interface set as the parent for the member interface. The no version deletes the parent from the interface.

 The description of the redundant-port command in the JUNOSe Command

Reference Guide N to Z and JUNOSe Link Layer Configuration Guide, Chapter 6, Configuring 802.3ad Link Aggregation and Link Redundancy, Configuring Ethernet Link Redundancy section, inadvertently omits the default values of the following

keywords:

 failover timeout: 1000 milliseconds

 packet-sampling: disabled

 delay: 0 milliseconds

 auto-revert: disabled

 The description of the shaping-rate command in the JUNOSe Command

Reference Guide N to Z incorrectly states the range and units for the shapingRate argument. The correct range for the shapingRate argument is 1–1000000000 bps/kbps. You can set the shaping rate to vary from 1 bps to 1000 gbps (which is denoted by entering 1000000000 kbps in the CLI for this command).

 In the JUNOSe Command Reference Guide N to Z for JUNOSe Release 9.3.x,

Release 10.0.x, and Release 10.1.x, the description of the fileName variable in the service check-config command incorrectly stated that it represented an action for an empty service name tag. The fileName variable available with this command refers to the name of an existing configuration file (.cnf) that needs to be validated for corruption.

 The tables in the Interface Types and Specifiers section of Chapter 1, Command

Reference Topics, in the JUNOSe Command Reference Guide erroneously state

that the maximum number of PPPoE subinterfaces per Ethernet (GE/FE) line module is 4094. The correct number for an ERX router is 8000 and for an E120 or E320 router, it is 16,000.

JUNOSe 10.0.3 Release Notes

66  Errata

 67

Appendix A

System Maximums

This appendix presents current system maximums for various E Series hardware configurations. An E Series router does not simultaneously support all maximum configurations.

For some entries, early field trial (EFT) values are presented in addition to supported values. These values have not been fully qualified by Juniper Networks and are mentioned only for field test purposes in this release. EFT values are enclosed within parentheses with an EFT designation; for example, (96,000 EFT).

Modules referred to in the tables are identified by their physical label. For module specifications, including their identifying labels, see ERX Module Guide, Table 1, Module Combinations and E120 and E320 Module Guide, Table 1, Modules and IOAs.

System Maximums for ERX310, ERX7xx, and ERX14xx Section

General router values General System Maximums on page 68

Physical layer values Physical and Logical Density Maximums on page 69

Link layer values Link Layer Maximums on page 72

Routing protocol and performance values Routing Protocol Maximums on page 77

Policy and QoS values Policy and QoS Maximums on page 81

Tunneling values Tunneling Maximums on page 83

Subscriber management values Subscriber Management Maximums on page 85

System Maximums for E120 and E320 Routers

Section

General router values General System Maximums on page 88

Physical layer values Physical and Logical Density Maximums on page 89

Link layer values Link Layer Maximums on page 91

Routing protocol and performance values Routing Protocol Maximums on page 97

Policy and QoS values Policy and QoS Maximums on page 100

Tunneling values Tunneling Maximums on page 103

Subscriber management values Subscriber Management Maximums on page 105

JUNOSe 10.0.3 Release Notes

68  ERX310, ERX7xx, and ERX14xx System Maximums

ERX310, ERX7xx, and ERX14xx System Maximums

The following tables provide system maximums for the ERX310, ERX7xx, and ERX14xx routers.

General System Maximums

Table 1 lists some general system maximums for the ERX routers.

Table 1: General System Maximums

Feature ERX310

ERX705 and ERX710 ERX1410 ERX1440

Fabric size 10 Gbps 5 or 10 Gbps 10 Gbps 40 Gbps

Chassis per 7-foot rack 14 6 3 3

NTP clients 1000 1000 1000 1000

NTP servers 300 300 300 300

Sessions per chassis (simultaneous Telnet + FTP + SSH, in any combination)

30 30 30 30

Virtual routers per chassis 1000 1000 1000 1000

Virtual routers per line module ASIC 1000 1000 1000 1000

ERX310, ERX7xx, and ERX14xx System Maximums  69

Appendix A: System Maximums

Physical and Logical Density Maximums

Table 2 lists physical and logical density maximums for the ERX routers. The following notes are referred to in Table 2:

1. Wire rate indicates the port density that supports maximum (wire-rate) performance. Oversubscribed indicates the port density possible when you are willing to accept less than wire-rate performance by oversubscribing the available fabric bandwidth. The ERX310 and ERX1440 routers do not support oversubscription; port densities for these models indicate wire-rate performance.

2. When you pair the GE-2 or GE-HDE line module with the GE-2 SFP I/O module on the ERX1440 router, you can terminate up to 24 Gigabit Ethernet interfaces. Slots 2 and 4 on the ERX1440 router support two Gigabit Ethernet interfaces at wire rate; the remaining 10 slots support one Gigabit Ethernet interface at wire rate. On the ERX310 router, all four ports (active and redundant) are at wire rate.

For more information about bandwidth and line-rate considerations for the GE-2 line module or the GE-HDE line module and their corresponding I/O modules on E Series routers, see JUNOSe Physical Layer Configuration Guide, Chapter 5, Configuring Ethernet Interfaces.

3. When you pair the GE-HDE line module with the GE-8 I/O module on the ERX1440 router, you can terminate up to 96 Gigabit Ethernet interfaces. Slots 2 and 4 on the ERX1440 router support two Gigabit Ethernet interfaces at wire rate; the remaining 10 slots support one Gigabit Ethernet interface at wire rate. On the ERX310 router, only two Gigabit Ethernet interfaces per slot are at wire rate; therefore, only four Gigabit Ethernet interfaces are at wire rate for the entire router.

For more information about bandwidth and line-rate considerations for the GE-HDE line module and the GE-8 I/O module on E Series routers, see JUNOSe Physical Layer Configuration Guide, Chapter 5, Configuring Ethernet Interfaces.

4. The OC3/STM-1 GE/FE line module and OC3-2 GE APS I/O module combination does not support line rate for Gigabit Ethernet interfaces.

Table 2: Physical and Logical Density Maximums

Feature ERX310

ERX705 and ERX710

ERX1410 ERX1440

Physical density wire rate/oversubscribed

(See Note 1 on page 69.)

Channelized OC3 ports per chassis (cOC3 STM1 FO I/O modules)

8 16/20 32/48 48

Channelized OC12 ports per chassis (cOC12 STM4 FO I/O modules)

2 4/5 4/12 12

Channelized T3 ports per chassis (CT3/T3 12 I/O modules)

24 48/60 96/144 144

E3 (unchannelized) ports per chassis (CT3/T3 12 I/O modules)

24 48/60 96/144 144

JUNOSe 10.0.3 Release Notes

70  ERX310, ERX7xx, and ERX14xx System Maximums

Fast Ethernet (10/100) ports per chassis (FE-8 I/O and FE-8 SFP I/O modules)

16 32/40 32/96 96

Gigabit Ethernet ports per chassis (GE I/O modules)

2 4/5 4/12 12

Gigabit Ethernet ports per chassis (GE-2 SFP I/O modules)

(See Note 2 on page 69.)

4 – – 14/24

Gigabit Ethernet ports per chassis (GE-8 I/O modules)

(See Note 3 on page 69.)

4/16 – – 14/96

Gigabit Ethernet ports per chassis (OC3-2 GE APS I/O module)

(See Note 4 on page 69.)

2 4/5 4/12 12

OC3/STM-1 ATM ports per chassis (OC3-4 I/O modules)

8 16/20 32/48 48

OC3/STM-1 ATM ports per chassis (OC3-2 GE APS I/O module)

4 10 24 24

OC3/STM-1 POS ports per chassis (OC3-4 I/O modules)

8 16/20 16/48 48

OC12/STM-4 ATM ports per chassis (OC12 STM4 I/O modules)

2 4/5 8/12 12

OC12/STM-4 POS ports per chassis (OC12 STM4 I/O modules)

2 4/5 4/12 12

OC48/STM16 POS ports per chassis (OC48 FRAME I/O modules); ERX1440 router only

–––2

T3 (unchannelized) ports per chassis (4xDS3 ATM I/O modules)

8 16/20 32/48 48

T3 (unchannelized) ports per chassis (CT3/T3 12 I/O modules)

24 48/60 96/144 144

Logical density per chassis

Logical E1s per chassis 504 1260 3024 3024

Logical E3s per chassis 24 60 144 144

Logical fractional E1s (DS0) per chassis 4000 10,000 24,000 24,000

Logical fractional T1s (DS0) per chassis 4000 10,000 24,000 24,000

Logical OC3/STM1 per chassis 8 20 48 48

Logical OC12/STM4 per chassis 2 5 12 12

Logical OC48/STM16 per chassis (ERX1440 router only)

–––2

Logical T1s per chassis 672 1680 4032 4032

Logical T3s per chassis 24 60 144 144

Table 2: Physical and Logical Density Maximums (continued)

Feature ERX310

ERX705 and ERX710

ERX1410 ERX1440

ERX310, ERX7xx, and ERX14xx System Maximums  71

Appendix A: System Maximums

Logical density per module combination (specified line module and all supported I/O modules)

Logical E1s per cOCx/STMx F0 line module 252

63 per OC3/STM1

252

63 per OC3/STM1

252

63 per OC3/STM1

252

63 per OC3/STM1

Logical E3s per COCX-F3 line module 12 12 12 12

Logical fractional E1s (DS0) per cOCx/STMx F0 line module

2000

500 per OC3/STM1

2000

500 per OC3/STM1

2000

500 per OC3/STM1

2000

500 per OC3/STM1

Logical fractional T1s (DS0) per cOCx/STMx F0 line module

2000

500 per OC3/STM1

2000

500 per OC3/STM1

2000

500 per OC3/STM1

2000

500 per OC3/STM1

Logical fractional T1s (DS0) per CT3/T3-F0 line module 1992

166 per T3

1992

166 per T3

1992

166 per T3

1992

166 per T3

Logical fractional T3s (DS3) per COCX-F3 line module 12 12 12 12

Logical T1s per cOCx/STMx F0 line module 336

84 per OC3/STM1

336

84 per OC3/STM1

336

84 per OC3/STM1

336

84 per OC3/STM1

Logical T1s per CT3/T3-F0 line module 336

28 per T3

336

28 per T3

336

28 per T3

336

28 per T3

Logical T3s per COCX-F3 line module 12 12 12 12

Logical T3s per cOCx/STMx F0 line module 12

3 per OC3/STM1

Logical T3s per CT3/T3-F0 12 12 12 12

Logical T3s per OCx/STMx/DS3-ATM line module with 4xDS3 ATM I/O module

4444

Table 2: Physical and Logical Density Maximums (continued)

Feature ERX310

ERX705 and ERX710

ERX1410 ERX1440

JUNOSe 10.0.3 Release Notes

72  ERX310, ERX7xx, and ERX14xx System Maximums

Link Layer Maximums

Table 3 lists link layer maximums for the ERX routers. The following notes are referred to in Table 3:

1. The ERX1440 router supports a maximum of 48,000 interface columns of all types combined. You can use either all dynamic interfaces or a combination of dynamic and static interfaces to achieve this maximum. For bridged Ethernet, IP network, and PPP interfaces, the ERX1440 router supports a maximum of 32,000 static major interfaces. Although the ERX1440 router supports a maximum of 48,000 static major interfaces for PPPoE, the PPPoE static limit is enforced at the subinterface level, which has a limit of 32,000.

The ERX705, ERX710, and ERX1410 routers support a maximum of 32,000 interfaces of all types combined; the ERX310 router supports a maximum of 16,000 interfaces of all types combined. For these routers, the interfaces can be any combination of dynamic or static.

The JUNOSe Software supports up to 10,000 PPP interfaces with EAP authentication negotiation configured. Performance and scalability is unchanged when EAP is not configured.

2. The total maximum number of Ethernet subinterfaces that can be active at any one time on an ERX310 router, an ERX7xx router, or an ERX14xx router is limited by the number of slots per chassis. Of this total, you can configure all single-tagged VLAN subinterfaces, all double-tagged S-VLAN subinterfaces, or a combination of both VLAN subinterfaces and S-VLAN subinterfaces to achieve this maximum.

Table 3: Link Layer Maximums

Feature ERX310

ERX705 and ERX710

ERX1410 ERX1440

ARP entries per line module

Dynamic ARP entries 32,768 32,768 32,768 32,768

Static ARP entries 32,768 32,768 32,768 32,768

Total ARP entries 32,768 32,768 32,768 32,768

ATM bulk configuration VC ranges per chassis 300 300 300 300

ATM bulk configuration VC ranges per line module 300 300 300 300

ATM bulk configuration total VCs per chassis 64,000 160,000 384,000 384,000

ATM bulk configuration total VCs per line module

OCx/STMx/DS3-ATM 32,000 32,000 32,000 32,000

OC3/STM1 GE/FE 32,000 32,000 32,000 32,000

ERX310, ERX7xx, and ERX14xx System Maximums  73

Appendix A: System Maximums

ATM bulk configuration overriding profile assignments per chassis

100 100 100 100

ATM VCs per chassis (active/configured) 16,000/32,000 32,000/64,000 32,000/64,000 48,000/96,000

ATM VCs per line module

OCx/STMx/DS3-ATM (active/configured) 8000/16,000 8000/16,000 8000/16,000 8000/16,000

OC3/STM1 GE/FE (active/configured) 8000/16,000 8000/16,000 8000/16,000 8000/16,000

ATM V Cs pe r por t

OCx/STMx/DS3-ATM (active/configured) 8000/16,000 8000/16,000 8000/16,000 8000/16,000

OC3/STM1 GE/FE (active/configured) 8000/16,000 8000/16,000 8000/16,000 8000/16,000

ATM VC classes per chassis 100 100 100 100

ATM VP/VC addresses per line module

OCx/STMx/DS3-ATM 20-bit 20-bit 20-bit 20-bit

OC3/STM1 GE/FE 20-bit 20-bit 20-bit 20-bit

ATM VP tunnels per port, all supported modules 256 256 256 256

Bridged Ethernet interfaces per chassis

(See Note 1 on page 72.)

16,000 32,000 32,000 48,000

Bridged Ethernet interfaces per line module

OCx/STMx/DS3-ATM 8192 8192 8192 8192

OC3/STM-1 GE/FE 8192 8192 8192 8192

Dynamic interfaces

Active autosensed dynamic interface columns per chassis over static or dynamic (bulk) ATM1483 subinterfaces

16,000 32,000 32,000 48,000

Ethernet 802.3ad Link Aggregation

Links per LAG (bundle) 8888

LAGs (bundles) per chassis 64 64 64 64

Ethernet S-VLANs per chassis

(See Note 2 on page 72.)

32,768 81,920 96,000 96,000

Table 3: Link Layer Maximums (continued)

Feature ERX310

ERX705 and ERX710

ERX1410 ERX1440

JUNOSe 10.0.3 Release Notes

74  ERX310, ERX7xx, and ERX14xx System Maximums

Ethernet S-VLANs per I/O module

FE-8 I/O and FE-8 SFP I/O 16,384 16,384 16,384 16,384

GE I/O 16,384 16,384 16,384 16,384

GE-2 SFP I/O 16,384 – – 16,384

GE-8 I/O 16,384 – – 16,384

OC3-2 GE APS I/O 16,384 16,384 16,384 16,384

Ethernet VLANs per chassis

(See Note 2 on page 72.)

32,768 81,920 96,000 96,000

Ethernet VLANs per I/O module (no more than 4096 VLANs per por t)

FE-8 I/O and FE-8 SFP I/O 8192 8192 8192 8192

GE I/O 4096 4096 4096 4096

GE-2 SFP I/O 8192 – – 8192

GE-8 I/O 16,384 – – 16,384

OC3-2 GE APS I/O 4096 4096 4096 4096

Ethernet VLAN bulk configuration VLAN ranges per chassis

300 300 300 300

Ethernet VLAN bulk configuration VLAN ranges per line module

300 300 300 300

Ethernet VLAN overriding profile assignments per chassis

200 200 200 200

Ethernet VRRP VRIDs per line module ASIC 800 800 800 800

Frame Relay virtual circuits per chassis 2000 5000 12,000 12,000

Frame Relay virtual circuits per line module

COCX-F3 1000 1000 1000 1000

cOCx/STMx F0 1000 1000 1000 1000

OC48 (ERX1440 router only) –––1000

Frame Relay virtual circuits per port

COCX-F3 1000 1000 1000 1000

cOCx/STMx F0 1000 1000 1000 1000

OC48 (ERX1440 router only) –––1000

Table 3: Link Layer Maximums (continued)

Feature ERX310

ERX705 and ERX710

ERX1410 ERX1440

ERX310, ERX7xx, and ERX14xx System Maximums  75

Appendix A: System Maximums

HDLC interfaces per chassis 4000 10,000 24,000 24,000

HDLC interfaces per line module

COCX-F3 12121212

cOCx/STMx F0 2000 2000 2000 2000

CT3/T3 F0 1992 1992 1992 1992

OCx/STMx/DS-3 ATM 8000 8000 8000 8000

OCx/STMx POS 4444

OC48 (ERX1440 router only) –––1

MLFR bundles per chassis 5000 5000 5000 5000

MLFR bundles per line module Bundles per line module are limited only by the

availability of interface columns on the module. Because a bundle requires at least one interface column, the number of bundles cannot exceed the number of interface columns.

MLPPP bundles per chassis 12,000 12,000 12,000 12,000

MLPPP bundles per line module The maximum number of MLPPP bundles supported per line

module is the lesser of the maximum number of MLPPP bundles supported per chassis or of the maximum number of interfaces supported on the line module. For more information, see the JUNOSe Link Layer Configuration Guide.

PPP interfaces per chassis

(See Note 1 on page 72.)

16,000 32,000 32,000 48,000

PPP interfaces per line module

COCX-F3 12121212

cOCx/STMx FO 2000 2000 2000 2000

GE/FE 8000 8000 8000 8000

GE-2 8000 – – 8000

GE-HDE 8000 – – 8000

OCx/STMx/DS-3 ATM 8000 8000 8000 8000

OC3/STM-1 GE/FE 8000 8000 8000 8000

OCx/STMx POS 4444

OC48 (ERX1440 router only) –––1

Table 3: Link Layer Maximums (continued)

Feature ERX310

ERX705 and ERX710

ERX1410 ERX1440

JUNOSe 10.0.3 Release Notes

76  ERX310, ERX7xx, and ERX14xx System Maximums

PPP packet logging

Aggregate dynamic and static PPP interfaces for which you can log PPP packets per chassis

32 32 32 32

PPPoE service name tables

PPPoE service name tables per chassis 16161616

Service name tags per PPPoE service name table (including one empty service name tag)

17 17 17 17

PPPoE subinterfaces

Subinterfaces per chassis

(See Note 1 on page 72.)

16,000 32,000 32,000 48,000

Subinterfaces per GE/FE line module 8000 8000 8000 8000

Subinterfaces per GE-2 line module 8000 – – 8000

Subinterfaces per GE-HDE line module 8000 – – 8000

Subinterfaces per OCx/STMx/DS-3 ATM line module 8000 8000 8000 8000

Subinterfaces per OC3/STM-1 GE/FE line module 8000 8000 8000 8000

Transparent bridging and VPLS

Bridge groups or VPLS instances per chassis 1024 1024 1024 1024

Bridge interfaces per line module in bridge groups or VPLS instances

8000 8000 8000 8000

Bridge interfaces per chassis in bridge groups or VPLS instances

16,000 32,000 32,000 32,000

Learned MAC address entries combined for all bridge groups and VPLS instances on a chassis

64,000 64,000 64,000 64,000

Table 3: Link Layer Maximums (continued)

Feature ERX310

ERX705 and ERX710

ERX1410 ERX1440

ERX310, ERX7xx, and ERX14xx System Maximums  77

Appendix A: System Maximums

Routing Protocol Maximums

Table 4 lists routing protocol maximums for the ERX routers. The following notes are referred to in Table 4:

1. The total set of FTEs can be shared by interfaces, next hops, ECMP sets, VRs, and VRFs. Next-hop FTEs identify the next hop on multiaccess media, such as ATM multipoint, Ethernet, or bridged Ethernet. Each VR or VRF consumes three entries. Each interface, next hop, and ECMP set consumes a single entry. One FTE is reserved for internal use, and the system software limits the number of FTEs used by interfaces to a maximum of 32,000. The remaining FTEs can be shared across the other types.

2. The ERX1440 router supports a maximum of 48,000 interfaces of all types combined. You can use either all dynamic interfaces or a combination of dynamic and static interfaces to achieve this maximum. The ERX1440 router supports a maximum of 32,000 static PPP/PPPoE interfaces and a maximum of 36,500 static IP network interfaces. Bridged Ethernet does not enforce a limit so IP interfaces created on Bridged Ethernet can scale to the IP maximum of 36,500.

The ERX705, ERX710, and ERX1410 routers support a maximum of 32,000 IP network interfaces; the ERX310 router supports a maximum of 16,000 IP network interfaces. For all these models, the interfaces can be any combination of dynamic or static.

3. These values are subject to limitations on available SRP module memory, which varies according to your router configuration.

4. Depending on your configuration, the router may support more routing table entries or fewer routing table entries than this value. In any case, you can choose to limit the number of routes that can be added to the routing table on a per-VR or per-VRF basis by means of the maximum routes command.

5. The maximum number of ANCP adjacencies can be scaled over a maximum of 100 virtual routers. Fewer ANCP adjacencies can be scaled in configurations with more than 100 virtual routers.

6. This maximum is not valid for Frame Relay. The Frame Relay maximum is 1000 circuits over MPLS per line module, because only 1000 Frame Relay DLCIs are permitted per line module.

7. On the ERX1440 router, you can achieve 32,767 total Martini circuits over ATM or Ethernet interfaces. For all routers, the total Martini can be any combination of external inter-router circuits and internal circuits (local cross-connects).

8. There is no per-VR limit; all multicast routes can be on a single VR or present across multiple VRs.

9. The maximum number of interfaces can be achieved by any combination; for example, two streams each being replicated to 32,768 interfaces; 16,384 streams each being replicated four times; or any other combination.

JUNOSe 10.0.3 Release Notes

78  ERX310, ERX7xx, and ERX14xx System Maximums

10. Dynamic values represent typical limits that vary depending on configuration details and actual dynamic behavior. For dynamic values only, multiple server modules (SMs) in a chassis can improve the values as long as the multiple server modules are online and the number of virtual routers configured with NAT is greater than or equal to the number of server modules. If a server module fails, the load is redistributed to the remaining server modules, with a consequent reduction in aggregate capacity.

11. Static and dynamic translations occupy the same table; therefore, the number of static translation entries present in the table reduces the room for dynamic entries.

Table 4: Routing Protocol Maximums

Feature ERX310

ERX705 and ERX710 ERX1410 ERX1440

BFD

Sessions per line module 50 50 50 50

ECMP maximum paths to a destination

BGP, IS-IS, MPLS, OSPF, RIP 16 16 16 16

IPv4 forwarding table entries

(See Note 1 on page 77.)

Chassis with only ASIC modules 1,048,576 1,048,576 1,048,576 1,048,576

IP network interfaces (IPv4 and IPv6)

Per chassis

(See Note 2 on page 77.)

16,000 32,000 32,000 48,000

Per line module ASIC 8000 8000 8000 8000

IPv4 routing protocol scaling and peering densities

(See Note 3 on page 77.)

Routing table entries

(See Note 4 on page 77.)

500,000 500,000 500,000 500,000

ANCP Adjacency Scaling

(See Note 5 on page 77.)

5000 5000 5000 5000

BGP-4 peering sessions 1000 1000 1000 1000

BGP-4 routes (NLRI) 1,500,000 1,500,000 1,500,000 1,500,000

IP next hops (egress FECs) on router with ASIC modules (used to represent the IP addresses of next-hop routers on Ethernet interfaces)

1,000,000 1,000,000 1,000,000 1,000,000

MPLS next hops (egress FECs) on router with ASIC modules only

500,000 500,000 500,000 500,000

MPLS forwarding entries 64,000 64,000 64,000 64,000

ERX310, ERX7xx, and ERX14xx System Maximums  79

Appendix A: System Maximums

IS-IS adjacencies 150 150 150 150

IS-IS routes 20,000 20,000 20,000 20,000

MPLS LDP LSPs 10,000 10,000 10,000 10,000

MPLS RSVP-TE LSPs 10,000 10,000 10,000 10,000

OSPF adjacencies 1000 1000 1000 1000

OSPF routes 25,000 25,000 25,000 25,000

IPv6 routing table entries

(See Note 3 on page 77.)

50,000 50,000 50,000 50,000

J-Flow statistics

J-Flow–enabled VRs and VRFs, in any combination 16 16 16 16

Sampled interfaces per VR or VRF 32323232

Total sampled Interfaces per chassis 512 512 512 512

Martini circuits for layer 2 services over MPLS

Total Martini circuits per line module

(See Note 6 on page 77.)

8000 8000 8000 8000

Total Martini circuits per chassis

(See Note 7 on page 77.)

16,000 16,000 16,000 32,767

External Martini circuits per chassis 16,000 16,000 16,000 32,767

Internal Martini circuits (local cross-connects) per chassis 16,000 16,000 16,000 32,767

Mobile IP bindings per chassis – – – 48,000

Multicast routes (IPv4 and IPv6)

Forwarding entries [(S,G) pairs] per chassis

(See Note 8 on page 77.)

16,384 16,384 16,384 16,384

Outgoing interfaces per chassis

(See Note 9 on page 77.)

65,536 65,536 65,536 65,536

Network Address Translation (NAT)

Static translations (simple or extended) per chassis 96,000 96,000 96,000 96,000

Dynamic simple translations (NAT) per SM

(See Notes 10 and 11 on page 78.)

400,000 400,000 400,000 400,000

Dynamic extended translations (NAPT) per SM

(See Notes 10 and 11 on page 78.)

200,000 200,000 200,000 200,000

Table 4: Routing Protocol Maximums (continued)

Feature ERX310

ERX705 and ERX710

ERX1410 ERX1440

JUNOSe 10.0.3 Release Notes

80  ERX310, ERX7xx, and ERX14xx System Maximums

Response Time Reporter simultaneous operations per VR

500 500 500 500

VRRP VRIDs per line module ASIC See Ethernet VRRP VRIDs per line module ASIC on page 74.

Table 4: Routing Protocol Maximums (continued)

Feature ERX310

ERX705 and ERX710

ERX1410 ERX1440

ERX310, ERX7xx, and ERX14xx System Maximums  81

Appendix A: System Maximums

Policy and QoS Maximums

Table 5 lists policy and QoS maximums for the ERX routers. The following notes are referred to in Table 5:

1. The OC48 line module supports only 131,071 entries. The GE-2 and GE-HDE line modules support only 65,535 entries.

2. For line modules other than the GE-2, GE-HDE, and OC48/STM16 line modules, the router supports two sizes of policies: 8127 policies, each with a maximum of 32 classifiers, and 16,255 policies, each with a maximum of 16 classifiers. A combination of the two sizes of policies is also supported, in which case the total number of policies is between 8127 and 16,255, depending on the actual configuration.

3. The GE-2, GE-HDE, and OC48/STM16 line modules support CAM classifiers instead of hardware policy assignments. For most configurations, each classifier entry in a policy consumes one CAM entry. However, a policy that has only the default classifier consumes no CAM resources. Policies that use CAM hardware classifiers consume one interface attachment resource, regardless of the number of classifier entries in a policy.

Table 5: Policy and QoS Maximums

Feature ERX310

ERX705 and ERX710 ERX1410 ERX1440

QoS queues per ASIC line module 49,000 49,000 49,000 49,000

QoS profiles configurable per chassis 1000 1000 1000 1000

QoS profile attachments per chassis 96,000 96,000 96,000 96,000

QoS profile attachments per ASIC line module 16,000 16,000 16,000 16,000

QoS shapers per line module 64,000 64,000 64,000 64,000

Classification rules per policy 512 512 512 512

Policy classification (CLACL) entries per line module

(See Note 1 on page 81.)

256,000 256,000 256,000 256,000

Unique hardware policy assignments per line module for modules other than the GE-2, GE-HDE, and OC48/STM16

(See Note 2 on page 81.)

8127/16,255 8127/16,255 8127/16,255 8127/16,255

JUNOSe 10.0.3 Release Notes

82  ERX310, ERX7xx, and ERX14xx System Maximums

CAM entries

(See Note 3 on page 81.)

GE-2 64,000 – – 64,000

GE-HDE 64,000 – – 64,000

OC48/STM16 – – – 128,000

Policy egress interface attachments per ASIC line module

Combined IP and IPv6 interface attachments 8191 8191 8191 8191

Combined ATM, Frame Relay, GRE, L2TP (LNS only), MPLS, and VLAN interface attachments

8191 8191 8191 8191

Policy ingress interface attachments per ASIC line module

Combined IP and IPv6 interface attachments on GE-2, GE-HDE, and OC-48/STM16 line modules

16,383 – – 16,383

Combined IP and IPv6 interface attachments on all other line modules

16,000 16,000 16,000 16,000

Combined ATM, Frame Relay, GRE, L2TP (LNS only), MPLS, and VLAN interface attachments

8191 8191 8191 8191

Rate limiters

Egress per ASIC line module 24,575 24,575 24,575 24,575

Ingress per ASIC line module 24,575 24,575 24,575 24,575

Policy statistics blocks

Egress per ASIC line module 256,000 256,000 256,000 256,000

Ingress per ASIC line module 256,000 256,000 256,000 256,000

Parent groups per ASIC line module

Egress and Ingress 8191 8191 8191 8191

Software lookup blocks

Per ASIC line module 16,383 16,383 16,383 16,383

Secure policies (for packet mirroring)

Per ASIC line module 1022 1022 1022 1022

Per chassis 2400 2400 2400 2400

Table 5: Policy and QoS Maximums (continued)

Feature ERX310

ERX705 and ERX710

ERX1410 ERX1440

ERX310, ERX7xx, and ERX14xx System Maximums  83

Appendix A: System Maximums

Tunneling Maximums

Table 6 lists tunneling maximums for the ERX routers. The following notes are referred to in Table 6:

1. The SM supports any combination of DVMRP, GRE, and L2TP tunnels up to a maximum of 8000 tunnels; however, no more than 4000 tunnels can be DVMRP or GRE tunnels in any combination. The ISM supports any combination of DVMRP, GRE, and L2TP tunnels over IPSec, up to a maximum of 5000 tunnels; however, no more than 4000 tunnels can be DVMRP or GRE tunnels.

2. You can have no more than 8000 L2TP/IPSec sessions per chassis.

3. For more information about supported L2TP sessions and tunnels, see JUNOSe Broadband Access Configuration Guide, Chapter 11, L2TP Overview.

Table 6: Tunneling Maximums

Feature ERX310

ERX705 and ERX710 ERX1410 ERX1440

DVMRP (IP-in-IP) tunnels per chassis 4000 4000 4000 4000

DVMRP (IP-in-IP) tunnels per line module

(See Note 1 on page 83.)

GE-2 with shared tunnel-server ports provisioned 4000 – – 4000

GE-HDE with shared tunnel-server ports provisioned 4000 – – 4000

IPSec Service Module (DVMRP/IPSec tunnels) 4000 4000 4000 4000

Service Module (SM) 4000 4000 4000 4000

GRE tunnels per chassis 4000 4000 4000 4000

GRE tunnels per line module

(See Note 1 on page 83.)

GE-2 with shared tunnel-server ports provisioned 4000 – – 4000

GE-HDE with shared tunnel-server ports provisioned 4000 – – 4000

IPSec Service Module (GRE/IPSec tunnels) 4000 4000 4000 4000

Service Module (SM) 4000 4000 4000 4000

IPSec manual secure tunnels per chassis 256 256 256 256

IPSec transform sets per chassis 1000 1000 1000 1000

IPSec transforms per transform set 6666

IPSec tunnels per chassis 10,000 10,000 10,000 20,000

JUNOSe 10.0.3 Release Notes

84  ERX310, ERX7xx, and ERX14xx System Maximums

IPSec tunnels per IPSec Ser vice Module 5000 5000 5000 5000

L2TP sessions per chassis

(See Notes 2 and 3 on page 83.)

16,000 16,000 16,000 32,000

L2TP sessions per line module

(See Notes 1 and 3 on page 83.)

GE-2 with shared tunnel-server ports provisioned 8000 – – 8000

GE-HDE with shared tunnel-server ports provisioned 8000 – – 8000

IPSec Service Module (ISM; L2TP/IPSec sessions) 5000 5000 5000 5000

Service Module (SM) 16,000 16,000 16,000 16,000

L2TP tunnels per chassis 8000 8000 8000 8000

L2TP tunnels per line module

(See Notes 1 and 3 on page 83.)

GE-2 with shared tunnel-server ports provisioned 8000 – – 8000

GE-HDE with shared tunnel-server ports provisioned 8000 – – 8000

IPSec Service Module (L2TP/IPSec tunnels) 5000 5000 5000 5000

Service Module 8000 8000 8000 8000

Table 6: Tunneling Maximums (continued)

Feature ERX310

ERX705 and ERX710

ERX1410 ERX1440

ERX310, ERX7xx, and ERX14xx System Maximums  85

Appendix A: System Maximums

Subscriber Management Maximums

Table 7 lists subscriber management maximums for the ERX routers. The following notes are referred to in Table 7:

1. DHCP relay proxy maintains a list of active DHCP clients up to a maximum of 100,000 clients per chassis for all virtual routers. DHCP relay does not maintain a list of DHCP clients.

DHCP relay proxy is notified of DHCP client deletions and subsequently deletes the client’s host routes. In contrast, DHCP relay is not notified of DHCP client deletions, so the host routes for deleted clients remain in DHCP relay until you permanently delete them with the set dhcp relay discard-access-routes command. A maximum of 100,000 host routes for DHCP clients can be stored for all DHCP relay and DHCP relay proxy instances (that is, for all virtual routers).

2. The ERX1440 router supports a maximum of 48,000 interface columns of all types combined. You can use either all dynamic interfaces or a combination of dynamic and static interfaces to achieve this maximum. For bridged Ethernet, IP network, and PPP interfaces, the ERX1440 router supports a maximum of 32,000 static major interfaces. Although the ERX1440 router supports a maximum of 48,000 static major interfaces for PPPoE, the PPPoE static limit is enforced at the subinterface level, which has a limit of 32,000.

The JUNOSe Software supports up to 10,000 PPP interfaces with EAP authentication negotiation configured. Performance and scalability is unchanged when EAP is not configured.

3. For DHCPv6 local server, up to 32,000 subscribers and clients are supported on PPP/ATM and PPPoE/ATM with dynamic interfaces. Interface flapping tests have been qualified for 8000 subscribers and interfaces.

Table 7: Subscriber Management Maximums

Feature ERX310

ERX705 and ERX710

ERX1410 ERX1440

DHCP external ser ver clients (per chassis for all virtual routers; and per virtual router)

(See Note 1 on page 85.)

100,000 100,000 100,000 100,000

DHCP local server

(See Note 2 on page 85.)

Client bindings per chassis 96,000 96,000 96,000 96,000

Client interfaces per chassis 16,000 32,000 32,000 48,000

Local address pools per virtual router 500 500 500 500

IP addresses per local address pool 32,000 32,000 32,000 32,000

JUNOSe 10.0.3 Release Notes

86  ERX310, ERX7xx, and ERX14xx System Maximums

DHCPv6 local server

Clients

(See Note 3 on page 85.)

32,000 32,000 32,000 32,000

DHCP relay and relay proxy client

(See Notes 1 and 2 on page 85.)

DHCP client host routes for DHCP relay and DHCP relay proxy combined (per chassis for all virtual routers; and per virtual router)

100,000 100,000 100,000 100,000

DHCP relay proxy clients (per chassis for all virtual routers; and per virtual router)

100,000 100,000 100,000 100,000

Interfaces (per chassis for all virtual routers; and per virtual router)

16,000 32,000 32,000 48,000

Local authentication server

Local user databases per chassis 100 100 100 100

Users per local user database 100 100 100 100

Users for all local user databases 100 100 100 100

RADIUS requests

Concurrent RADIUS authentication requests 4000 4000 4000 32,000

Concurrent RADIUS accounting requests 4000 4000 4000 96,000

RADIUS route-download server downloaded routes per chassis

32,000 32,000 32,000 32,000

Service Manager

Service definitions 2048 2048 2048 2048

Service sessions (active) 131,072 131,072 131,072 131,072

Active subscriber sessions 16,000 32,000 32,000 48,000

SRC Software and SDX Software

COPS client instances 200 200 200 200

SRC clients 200 200 200 200

SRC interfaces 16,000 32,000 32,000 48,000

Table 7: Subscriber Management Maximums (continued)

Feature ERX310

ERX705 and ERX710

ERX1410 ERX1440

ERX310, ERX7xx, and ERX14xx System Maximums  87

Appendix A: System Maximums

Subscriber interfaces

(See Note 2 on page 85.)

Dynamic subscriber interfaces per chassis 16,000 32,000 32,000 48,000

Dynamic subscriber interfaces per line module 8000 8000 8000 8000

Static subscriber interfaces per chassis 16,000 32,000 32,000 48,000

Static subscriber interfaces per line module 8000 8000 8000 8000

Table 7: Subscriber Management Maximums (continued)

Feature ERX310

ERX705 and ERX710

ERX1410 ERX1440

JUNOSe 10.0.3 Release Notes

88  E120 and E320 System Maximums

E120 and E320 System Maximums

The following tables provide system maximums for the E120 router and the E320 router.

General System Maximums

Table 8 lists some general system maximums for the E120 router and the E320 router. The following notes are referred to in Table 8:

1. The maximum number applies to any combination of VRs and VRFs. The number of VRs and VRFs that you can configure depends on your configuration. You cannot achieve the maximum number if each VR and VRF instance is running a routing protocol.

2. The maximum of 3000 VRs and VRFs can be achieved only with the SRP-120 and SRP-320 modules, which have 4 GB of memory. The limits cannot be achieved with the SRP-100 module, which has 2 GB of memory.

Table 8: General System Maximums

Feature E120 E320

Fabric size 120 Gbps 100 Gbps/320 Gbps

Chassis per 7-foot rack 6 3

NTP clients 1000 1000

NTP servers 300 300

Sessions per chassis (simultaneous Telnet + FTP + SSH, in any combination)

30 30

Virtual routers and VRFs per chassis, combined

(See Notes 1 and 2 on page 88.)

3000 3000

Virtual routers and VRFs per line module, combined

(See Notes 1 and 2 on page 88.)

3000 3000

E120 and E320 System Maximums  89

Appendix A: System Maximums

Physical and Logical Density Maximums

Table 9 lists physical and logical density maximums for the E120 router and the E320 router. The following notes are referred to in Table 9:

1. Wire rate indicates the port density that supports maximum (wire-rate) performance. Oversubscribed indicates the port density possible if you are willing to accept less than wire-rate performance by oversubscribing the available fabric bandwidth.

2. With a 120 Gbps configuration on the E120 router, you can install up to 6 combinations of ES2 10G Uplink LMs or ES2 10G LMs in slots numbered 0-5. You can install a maximum of 6 active ports and 6 redundant ports at any time.

With a 100 Gbps fabric configuration on the E320 router, you must install the ES2 10G Uplink LM or the ES2 10G LM in either of the E320 router turbo slots (2 and 4). When the ES2 10G Uplink LM or the ES2 10G LM is installed in slot 2 or slot 4, you cannot install another line module in slot 3 or slot 5. In this case, you can only install the ES2 4G LM in slots 0–1 and 6–11; therefore, the maximum number of ports and the forwarding performance per chassis is reduced for the IOAs that pair with the ES2 4G LM.

With a 320 Gbps fabric configuration on the E320 router, you can install up to 12 combinations of ES2 10G Uplink LMs or ES2 10G LMs in slots numbered 0-5 and 11-16. You can install a maximum of 12 active ports and 12 redundant ports at any time.

Table 9: Physical and Logical Density Maximums

Feature E120 E320

Physical density wire rate/oversubscribed

(See Note 1 on page 89.)

10-Gigabit Ethernet ports per chassis (ES2-S1 10GE IOA)

612

10-Gigabit Ethernet ports per chassis (ES2-S2 10GE PR IOA)

(See Note 2 on page 89.)

6 + 6 12 + 12

Gigabit Ethernet ports per chassis (ES2-S1 GE-4 IOAs)

24 48

Gigabit Ethernet ports per chassis (ES2-S1 GE-8 IOAs)

(See Note 2 on page 89.)

96 192

Gigabit Ethernet ports per chassis (ES2-S3 GE-20 IOA)

(See Note 2 on page 89.)

120 240

OC3/STM-1 ATM ports per chassis (ES2-S1 OC3-8 STM1 ATM IOAs)

96 192

OC12/STM-4 ATM ports per chassis (ES2-S1 OC12-2 STM4 ATM IOAs)

24 48

OC12/STM-4 POS ports per chassis (ES2-S1 OC12-2 STM4 POS IOAs)

24 48

JUNOSe 10.0.3 Release Notes

90  E120 and E320 System Maximums

OC48/STM16 ports per chassis (ES2-S1 OC48 STM16 POS IOAs)

6 12

Logical density per chassis

Logical OC3/STM1 per chassis 96 192

Logical OC12/STM4 per chassis 24 48

Logical OC48/STM16 per chassis 6 12

Table 9: Physical and Logical Density Maximums (continued)

Feature E120 E320

E120 and E320 System Maximums  91

Appendix A: System Maximums

Link Layer Maximums

Table 10 lists link layer maximums for the E120 router and the E320 router. The following notes are referred to in Table 10:

1. On the ES2 10G LM or ES2 10 G Uplink LM, you can have configurations with up to 100,000 static entries that support 100,000 DHCP relay proxy clients. You can have an additional 28,000 static or dynamic entries for network resources, such as RADIUS and DHCP servers. However, the total number of dynamic entries in the ARP table is still restricted to a maximum of 32,768 per line module.

2. On the E120 router, the SRP-120 and the SRP-320 support a maximum of 64,000 interfaces.

On the E320 router, the SRP-320 supports a maximum of 96,000 interfaces. The SRP-100 supports a maximum of 64,000 interfaces.

3. The E120 router supports a maximum of 64,000 interface columns of all types combined. The E320 router supports a maximum of 96,000 interface columns of all types combined. You can use all dynamic interfaces, or all static interfaces, or a combination of dynamic and static interfaces to achieve this maximum.

The JUNOSe Software supports up to 10,000 PPP interfaces with EAP authentication negotiation configured. Performance and scalability is unchanged when EAP is not configured.

4. The E120 router supports a maximum of 64,000 Ethernet subinterfaces that can be active at any one time. The E320 router supports a maximum of 96,000 Ethernet subinterfaces that can be active at any one time. Of this total, you can configure all single-tagged VLAN subinterfaces, all double-tagged S-VLAN subinterfaces, or a combination of both VLAN subinterfaces and S-VLAN subinterfaces to achieve this maximum.

5. The E120 router and the E320 router support 16,384 VLAN subinterfaces per slot on the ES2 4G LM and the ES2 10G LM. On the E120 router, a maximum of 64,000 VLAN subinterfaces is supported per chassis. On the E320 router, a maximum of 96,000 VLAN subinterfaces is supported per chassis. You can use all dynamic interfaces, or all static interfaces, or a combination of dynamic and static interfaces to achieve this maximum.

6. For all LMs, no more than 16,384 S-VLANs are supported per port and no more than 16,384 S-VLANs are supported per module.

7. For all LMs, no more than 4096 VLANs are supported per port and no more than 16,384 VLANs are supported per module.

8. No more than 8192 VLAN major interfaces are supported per line module.

JUNOSe 10.0.3 Release Notes

92  E120 and E320 System Maximums

Table 10: Link Layer Maximums

Feature E120 E320

ARP entries per line module

Dynamic entries per LM 32,768 32,768

Static entries per ES2 4G LM 32,768 32,768

Static entries per ES2 10G LM or ES2 10G Uplink LM

(See Note 1 on page 91.)

128,000 128,000

Total entries per ES2 4G LM 32,768 32,768

Total entries per ES2 10G LM or ES2 10G Uplink LM

(See Note 1 on page 91.)

128,000 128,000

ATM bulk configuration VC ranges per chassis 300 300

ATM bulk configuration VC ranges per line module 300 300

ATM bulk configuration total VCs per chassis 192,000 384,000

ATM bulk configuration total VCs per line module

ES2 4G LM and OCx/STMx ATM IOA 32,000 32,000

ATM bulk configuration overriding profile assignments per chassis

100 100

ATM VCs per chassis

(See Note 2 on page 91.)

64,000 96,000

ATM VCs per line module

ES2 4G LM and OCx/STMx ATM IOA 16,000 16,000

ATM V Cs pe r por t

ES2 4G LM and OCx/STMx ATM IOA 16,000 16,000

ATM VC classes per chassis 100 100

ATM VP/VC addresses per line module

ES2 4G LM and OCx/STMx ATM IOA 24-bit 24-bit

ATM VP tunnels per port, all supported modules

256 256

Juniper JUNOSE 10.0.3 - RELEASE NOTES 4-30-2010, JUNOSe 10.0.3 Release Note

Specifications and Main Features

Frequently Asked Questions

User Manual