How it Works
Juniper networks
Loading...
JUNOS 10.1
User Manual
205 pgs1.51 Mb0
User Manual
1654 pgs10.66 Mb0
Table of contents
Loading...

Juniper networks JUNOS 10.1 User Manual

Download
Juniper Networks® JUNOS® 10.1 Software Release Notes
Release 10.1R3 13 July 2010 Revision 4
These release notes accompany Release 10.1R3 of the JUNOS Software. They describe device documentation and known problems with the software. JUNOS Software runs on all Juniper Networks M Series, MX Series, and T Series routing platforms, SRX Series Services Gateways, J Series Services Routers, and EX Series Ethernet Switches.
You can also find these release notes on the Juniper Networks JUNOS Software Documentation Web page, which is located at
http://www.juniper.net/techpubs/software/junos.

Contents

JUNOS Software Release Notes for Juniper Networks M Series Multiservice
Edge Routers, MX Series Ethernet Service Routers, and T Series Core
Routers .....................................................................................................6
New Features in JUNOS Release 10.1 for M Series, MX Series, and T
Series Routers ....................................................................................6
Class of Service ..................................................................................6
High Availability ...............................................................................12
Interfaces and Chassis ......................................................................12
JUNOS XML API and Scripting ..........................................................18
MPLS Applications ............................................................................21
Multiplay ..........................................................................................22
Routing Policy and Firewall Filters ....................................................23
Routing Protocols .............................................................................24
Services Applications ........................................................................27
Subscriber Access Management .......................................................27
System Logging ................................................................................36
1
JUNOS 10.1 Software Release Notes
User Interface and Configuration ......................................................38
Changes in Default Behavior and Syntax in JUNOS Release 10.1 for M
Series, MX Series, and T Series Routers ............................................42
Class of Service ................................................................................42
Forwarding and Sampling ................................................................42
Interfaces and Chassis ......................................................................42
Layer 2 Ethernet Services .................................................................46
MPLS Applications ............................................................................46
Multiplay ..........................................................................................47
Routing Policy and Firewall Filters ....................................................47
Routing Protocols .............................................................................47
Services Applications ........................................................................48
Subscriber Access Management .......................................................50
User Interface and Configuration ......................................................51
VPNs ................................................................................................52
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series
Routers .............................................................................................54
Current Software Release .................................................................54
Previous Releases .............................................................................73
Errata and Changes in Documentation for JUNOS Software Release 10.1
for M Series, MX Series, and T Series Routers ..................................94
Changes to the JUNOS Documentation Set .......................................94
Errata ...............................................................................................94
Upgrade and Downgrade Instructions for JUNOS Release 10.1 for M
Series, MX Series, and T Series Routers ............................................98
Basic Procedure for Upgrading to Release 10.1 ................................98
Upgrading a Router with Redundant Routing Engines ....................101
Upgrading Juniper Routers Running Draft-Rosen Multicast VPN to
JUNOS Release 10.1 .................................................................101
Upgrading the Software for a Routing Matrix .................................103
Upgrading Using ISSU .....................................................................104
Upgrading from JUNOS Release 9.2 or Earlier on a Router Enabled
for Both PIM and NSR ..............................................................104
Downgrade from Release 10.1 .......................................................105
JUNOS Software Release Notes for Juniper Networks SRX Series Services
Gateways and J Series Services Routers ................................................107
New Features in JUNOS Release 10.1 for SRX Series Services Gateways
and J Series Services Routers ..........................................................107
Software Features ...........................................................................108
Hardware Features .........................................................................122
Changes In Default Behavior and Syntax in JUNOS Release 10.1 for SRX
Series Services Gateways and J Series Services Routers ..................123
Application Layer Gateways (ALGs) ................................................123
Chassis Cluster ...............................................................................124
Command-Line Interface (CLI) ........................................................125
Configuration .................................................................................127
Flow and Processing .......................................................................128
Interfaces and Routing ...................................................................129
Intrusion Detection and Prevention (IDP) .......................................129
J-Web .............................................................................................130
Management and Administration ...................................................130
2
Security ..........................................................................................131
WLAN .............................................................................................131
Known Limitations in JUNOS Release 10.1 for SRX Series Services
Gateways and J Series Services Routers ..........................................132
[accounting-options] Hierarchy ......................................................132
AX411 Access Point .......................................................................132
Chassis Cluster ...............................................................................132
Command-Line Interface (CLI) ........................................................133
Dynamic VPN .................................................................................134
Flow and Processing .......................................................................134
Hardware .......................................................................................135
Interfaces and Routing ...................................................................136
Intrusion Detection and Prevention (IDP) .......................................138
J-Web .............................................................................................139
NetScreen-Remote ..........................................................................140
Network Address Translation (NAT) ................................................140
Performance ..................................................................................141
SNMP .............................................................................................141
System ...........................................................................................141
Unified Threat Management (UTM) ................................................141
VPNs ..............................................................................................141
WLAN .............................................................................................141
Issues in JUNOS Release 10.1 for SRX Series Services Gateways and J
Series Services Routers ...................................................................142
Outstanding Issues In JUNOS Release 10.1 for SRX Series Services
Gateways and J Series Services Routers ...................................142
Resolved Issues in JUNOS Release 10.1 for SRX Series Services
Gateways and J Series Services Routers ...................................162
Errata and Changes in Documentation for JUNOS Release 10.1 for SRX
Series Services Gateways and J Series Services Routers ..................165
Application Layer Gateways (ALGs) ................................................165
Attack Detection and Prevention ....................................................165
CLI Reference .................................................................................166
Command-Line Interface (CLI) ........................................................166
CompactFlash Card Support ...........................................................166
Flow and Processing .......................................................................166
Hardware Documentation ..............................................................167
Installing Software Packages ..........................................................168
Integrated Convergence Services ....................................................169
Interfaces and Routing ...................................................................169
Intrusion Detection and Prevention (IDP) .......................................170
J-Web .............................................................................................172
Screens ...........................................................................................172
Hardware Requirements for JUNOS Release 10.1 for SRX Series Services
Gateways and J Series Services Routers ..........................................172
Transceiver Compatibility for SRX Series and J Series Devices .......173
Power and Heat Dissipation Requirements for J Series PIMs ..........173
Supported Third-Party Hardware for J Series Services Routers .......173
J Series CompactFlash and Memory Requirements ........................174
3
JUNOS 10.1 Software Release Notes
Dual-Root Partitioning Scheme Documentation for SRX Series Services
Gateways ........................................................................................175
Dual-Root Partitioning Scheme .......................................................175
Maximizing ALG Sessions .....................................................................183
Using Dual Chassis Cluster Control Links: Upgrade Instructions for the
Second Routing Engine ..................................................................184
Upgrade and Downgrade Instructions for JUNOS Release 10.1 for SRX
Series Services Gateways and J Series Services Routers ..................185
JUNOS Software Release Notes for EX Series Switches ................................186
New Features in JUNOS Release 10.1 for EX Series Switches ................186
Hardware .......................................................................................187
Access Control and Port Security ....................................................187
Bridging, VLANs, and Spanning Trees ............................................187
Class of Service (CoS) .....................................................................188
Infrastructure .................................................................................188
Interfaces .......................................................................................188
Layer 2 and Layer 3 Protocols ........................................................188
Management and RMON ................................................................188
MPLS ..............................................................................................189
Packet Filters ..................................................................................189
Changes in Default Behavior and Syntax in JUNOS Release 10.1 for EX
Series Switches ...............................................................................189
Layer 2 and Layer 3 Protocols ........................................................190
Infrastructure .................................................................................190
User Interface and Configuration ....................................................190
Limitations in JUNOS Release 10.1 for EX Series Switches ....................190
Access Control and Security ...........................................................191
Class of Service ..............................................................................191
Firewall Filters ................................................................................191
Infrastructure .................................................................................191
Interfaces .......................................................................................192
Outstanding Issues in JUNOS Release 10.1 for EX Series Switches ........193
Access Control and Port Security ....................................................193
Bridging, VLANs, and Spanning Trees ............................................193
Class of Service ..............................................................................193
Infrastructure .................................................................................194
Interfaces .......................................................................................194
J-Web Interface ...............................................................................194
Resolved Issues in JUNOS Release 10.1 for EX Series Switches .............196
Access Control and Port Security ....................................................196
Bridging, VLANs, and Spanning Trees ............................................196
Class of Service ..............................................................................197
Firewall Filters ................................................................................197
Hardware .......................................................................................197
Infrastructure .................................................................................197
J-Web Interface ...............................................................................198
Errata in Documentation for JUNOS Release 10.1 for EX Series
Switches .........................................................................................199
4
Upgrade and Downgrade Issues for JUNOS Release 10.1 for EX Series
Switches .........................................................................................200
Upgrading or Downgrading from JUNOS Release 9.4R1 for EX Series
Switches ..................................................................................200
Upgrading from JUNOS Release 9.3R1 to Release 10.1 for EX Series
Switches ..................................................................................200
Upgrading from JUNOS Release 9.2 to Release 10.1 for EX Series
Switches ..................................................................................201
Downgrading from JUNOS Release 10.1 to Release 9.2 for EX4200
Switches ..................................................................................202
JUNOS Documentation and Release Notes ..................................................203
Documentation Feedback ............................................................................203
Requesting Technical Support .....................................................................203
Revision History ..........................................................................................205
5
JUNOS 10.1 Software Release Notes

JUNOS Software Release Notes for Juniper Networks M Series Multiservice Edge Routers, MX Series Ethernet Service Routers, and T Series Core Routers

New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series
Routers on page 6
Changes in Default Behavior and Syntax in JUNOS Release 10.1 for M Series,
MX Series, and T Series Routers on page 42
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series
Routers on page 54
Errata and Changes in Documentation for JUNOS Software Release 10.1 for M
Series, MX Series, and T Series Routers on page 94
Upgrade and Downgrade Instructions for JUNOS Release 10.1 for M Series, MX
Series, and T Series Routers on page 98

New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

The following features have been added to JUNOS Release 10.1. Following the description is the title of the manual or manuals to consult for further information.

Class of Service

Intelligent oversubscription service support (MX Series routers with Trio
MPC/MIC interfaces)—Arriving packets are assigned to one of two traffic classes (control and best-effort) based on their header types and destination MAC address. This allows for lower priority packets to be dropped more intelligently when oversubscription occurs. Only packets mapped to queue 3 are marked as control packets. Protocols such as telnet, FTP, and SSH that are mapped to queue 0 are classified as best-effort. No configuration is necessary, but the queue assignments can be altered with a multifield classifier.
[Class of Service]
CoS aspects of the MPC/MIC (MX Series routers with Trio MPC/MIC
interfaces)—Cover all aspects of CoS configuration for this hardware combination. Support includes shaping rates at the queue level, configurable bandwidth profiles with percentages, dynamic bandwidth allocation among different services, scheduler node scaling, and delay buffer allocation. To configure, include the relevant statements at the [edit class-of-service] hierarchy level and apply them if necessary at other hierarchy levels such as the [edit interfaces] hierarchy level.
[Class of Service, Network Interfaces]
Per-priority shaping (MX Series platforms with Trio MPC/MIC
interfaces)—Enables you to configure a separate shaping rate for each of the five priority levels so that higher priority services such as voice and video do not starve lower priority services such as data. To configure, include the
shaping-rate-(excess | priority)-level rate [ burst-size burst ] statement at the [edit class-of-service traffic-control-profiles tcp-name] hierarchy level and apply the traffic
control profile at the [edit interfaces] hierarchy level.
[Class of Service]
6 JUNOS Software Release Notes for Juniper Networks M Series Multiservice Edge Routers, MX Series Ethernet Service Routers,
and T Series Core Routers
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Distribute excess bandwidth among different services for a subscriber (MX
Series routers with Trio MPC/MIC interfaces)—Service providers often use tiered services that must carry excess bandwidth as traffic patterns vary. By default, excess bandwidth between a configured guaranteed rate and shaping rate is shared equally among all queues, which might not be optimal for all subscribers to a service. You can control the distribution of this excess bandwidth with the excess-rate statement. To configure the excess rate for a traffic control profile, include the excess-rate statement at the [edit class-of-service
traffic-control-profiles tcp-name] hierarchy level and apply the traffic control profile
at the [edit interfaces] hierarchy level. To configure the excess rate for a queue, include the excess-rate and excess-priority statements at the [edit class-of-service
scheduler scheduler-name] hierarchy level.
[Class of Service]
Scheduler node scaling (MX Series routers with Trio MPC/MIC interfaces)—The
hardware supports multiple levels of scheduler nodes. In per-unit-scheduling mode, each logical interface (unit) can have four or eight queues and has a dedicated level 3 scheduler node. The logical interfaces share a common level 2 node (one per port). In hierarchical-scheduling mode, a set of logical interfaces, each with four or eight queues, has a level 2 CoS profile and one of its logical interface children has a level 3 CoS profile. To better control system resources in hierarchical-scheduling mode, you can limit the number of hierarchical levels in the scheduling hierarchy to two. In this case, all logical interfaces and interface sets with CoS profiles share a single (dummy) level 2 node, thereby increasing the maximum number of logical interfaces with CoS profiles (the interface sets must be at level 3). To configure scheduler node scaling, include the
maximum-hierarchy-levels statement at the [edit interfaces xe-fpc/pic/port hierarchical-scheduler] hierarchy level. The only supported value is 2.
[Class of Service, Network Interfaces]
Forwarding-class aliases (M320 and T Series routers)—Enable you to configure
up to 16 forwarding classes and 8 queues, with multiple forwarding classes assigned to single queues. To configure, include the class and queue-num statements at the [edit class-of-service forwarding-classes] hierarchy level.
[Class of Service]
VLAN shaping on aggregate devices (MX Series routers with Trio MPC/MIC
interfaces)—VLAN shaping (per-unit scheduling) is supported on aggregated Ethernet interfaces when link protection is enabled on the aggregated Ethernet interface. When VLAN shaping is configured on aggregate Ethernet interfaces with link protection enabled, the shaping is applied to the active child link. To configure link protection on aggregated Ethernet interfaces, include the
link-protection statement at the [edit interfaces aex aggregated-ether-options]
hierarchy level. Traffic passes only through the designated primary link. This includes transit traffic and locally generated traffic on the router. When the primary link fails, traffic is routed through the backup link. You also can reverse traffic, from the designated backup link to the designated primary link. To revert back to sending traffic to the primary designated link when traffic is passing through the designated backup link, use the revert command; for example, request
interfaces revert ae0. To configure a primary and a backup link, include the primary and backup statements at the [edit interfaces ge-fpc/pic/port gigether-options 802.3ad aex] hierarchy level or the [edit interfaces xe-fpc/pic/port fastether-options 802.3ad aex] hierarchy level. To disable link protection, delete
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 7
JUNOS 10.1 Software Release Notes
Re-marking of MVPN GRE encapsulation DCSP at ASBR (MX Series routers
PD-5-10XGE-SFPP, 10-port 10-Gigabit Ethernet (Type 4) PIC (T640, T1600,
the link-protection statement at the [edit interfaces aex aggregated-ether-options
link-protection] hierarchy level. To display the active, primary, and backup link
for an aggregated Ethernet interface, use the operational mode command show
interfaces redundancy aex.
[Class of Service, Network Interfaces]
with Trio MPC/MIC interfaces)—Enables you to configure DSCP marking for GRE encapsulated packets that aligns with the service provider core CoS policy for an MVPN. To configure, include the DSCP rewrite-rule dscp dscp-rule-name with the values at the [edit class-of-service] hierarchy level and then apply the rewrite rule to the core-facing multicast interface at the [edit class-of-service
interfaces] hierarchy level.
[Class of Service]
and TX Matrix routers with G-FPC4, ST-FPC4, and ST-FPC4.1)—Supports a WAN bandwidth of 100 Gbps in addition to the following features:
Intelligent handling of oversubscribed traffic
Line rate operation on up to five 10-Gigabit Ethernet ports
Tap features, such as flexible encapsulation, source address (SA) MAC
learning, MAC accounting, and MAC policing
Stacked virtual LAN (VLAN) tag and VLAN rewrite functionalities
[Network Interfaces, Class of Service, PIC Guide]
Intelligent oversubscription services (MX Series with 16-port 10-Gigabit
Ethernet MPC with SFP+)—The 16-port 10-Gigabit Ethernet Modular Port Concentrator (MPC) is an oversubscribed configuration. Consequently, it is necessary to protect control traffic over best-effort traffic as soon as packets enter the line card. To do this, packets entering the line card are assigned a preclassifier control traffic class according to the header types (such as destination MAC addresses, and Layer 4 ports) in the packet. The preclassifier provides a good way to classify and queue important control traffic in a different high-priority queue from that used for best-effort traffic.
The preclassifier (control or best effort) is assigned prior to packets being accepted into the initial stream and is used by the line card as an early designation (before any class-of-service configuration is applied). When oversubscription occurs, control traffic will be queued separately and should not be subject to any dropped packets.
The Layer 2 protocols supporting the preclassifier are:
802.1ah
802.1g
802.1x
802.3ad
ARP
8 New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
GMRP
GVRP
LACP
PVST
xSTP
The Layer 3 protocols supporting the preclassifier are:
IGMP
IPv4/IPv6 ICMP
IPv4/IPv6 ISIS
IPv4/IPv6 OSPF
IPv4/IPv6 PIM
IPv4 Router Alert
IPv4/IPv6 RSVP
IPv4/IPv6 VRRP
The Layer 4 protocols supporting the preclassifier are:
IIPv4/ IPv6 BGP
IPv4/ IPv6 LDP
IPv4 UDP/L2TP
RIP (UDP port checks)
The preclassifier is also supported on label-switching encapsulation PPP.
[Class of Service]
Feature support on 16-port 10-Gigabit Ethernet MPC with SFP+ (MX Series
routers)—The following features are supported on the 16-port 10-Gigabit Ethernet MPC with SFP+:
Accepts traffic destined for GRE tunnels or DVMRP (IP-in-IP) tunnels (JUNOS
Release 10.0R2)
Bidirectional Forwarding Detection (BFD) protocol (JUNOS Release 10.0R2)
Border Gateway Protocol (BGP) (JUNOS Release 10.0R2)
BGP/Multiprotocol Label Switching (MPLS) virtual private networks (VPNs)
(JUNOS Release 10.0R2)
Distance Vector Multicast Routing Protocol (DVMRP) and generic routing
encapsulation (GRE) support, access side and server side (JUNOS Release
10.0R2)
Firewall filters (JUNOS Release 10.0R2)
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 9
JUNOS 10.1 Software Release Notes
Flexible Ethernet encapsulation (JUNOS Release 10.0R2)
Graceful Routing Engine switchover (GRES) (JUNOS Release 10.0R2)
Ingress differentiated (JUNOS Release 10.0R2)
Differentiated Services code point rewrite (DSCP) (JUNOS Release 10.0R2)
Intelligent oversubscription (JUNOS Release 10.0R2)
Integrated routing and bridging (IRB) (JUNOS Release 10.1R1)
Intermediate System-to-Intermediate System (IS-IS) (JUNOS Release 10.0R2)
Internet Group Management Protocol (IGMP) (excludes snooping) (JUNOS
Release 10.0R2)
IPv4 (JUNOS Release 10.0R2)
IP multicast (JUNOS Release 10.0R2)
Label Distribution Protocol (LDP) (JUNOS Release 10.0R2)
Labeled-switched path (LSP) accounting, policers, and filtering (JUNOS Release
10.0R2)
LAN-PHY mode (JUNOS Release 10.0R2)
Layer 2 frame filtering (JUNOS Release 10.0R2)
IEEE 802.3ad link aggregation (JUNOS Release 10.0R2)
Link Aggregation Control Protocol (LACP) (JUNOS Release 10.0R2)
Local loopback (JUNOS Release 10.0R2)
MAC learning, policing (JUNOS Release 10.0R2)
Multiple tag protocol identifiers (TPIDs), accounting, and filtering (JUNOS
Release 10.0R2)
Multiprotocol Label Switching (MPLS) (JUNOS Release 10.0R2)
Nonstop active routing (NSR) (JUNOS Release 10.0R2)
Multitopology routing (MTR) (JUNOS Release 10.0R2)
Open Shortest Path First (OSPF) (JUNOS Release 10.0R2)
Packet mirroring (JUNOS Release 10.0R2)
Quality of service (QoS) per port: (JUNOS Release 10.0R2)
Eight queues per port
Excess-rate configuration at the traffic-control-profile level
Excess-rate and excess-priority configuration at the queue level
Shaping at the port level
10 New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Shaping at the queue level
Scheduling of queues based on weighted round-robin (WRR) per priority
class
Tricolor marking
Weighted random early detection (WRED)
QoS per virtual LAN (VLAN): (JUNOS Release 10.0R2)
Accounting, filtering, and policing
IEEE 802.1p rewrite
Classification
Excess-rate configuration at the traffic-control-profile level
Tricolor marking
Resource Reservation Protocol (RSVP) (JUNOS Release 10.0R2)
Routing Information Protocol (RIP) (JUNOS Release 10.0R2)
Simple Network Management Protocol (SNMP) (JUNOS Release 10.0R2)
IEEE 802.1Q VLANs: (JUNOS Release 10.0R2)
VLAN stacking and rewriting
Channels defined by two stacked VLAN tags
Flexible VLAN tagging
IP service for nonstandard TPID and stacked VLAN tags
Virtual private LAN service (VPLS) (JUNOS Release 10.0R2)
Virtual private network (VPN) (JUNOS Release 10.0R2)
Virtual Router Redundancy Protocol (VRRP) for IPv4 (JUNOS Release 10.0R2)
To support these features, some modifications have been made to the following configuration statements:
The ability to configure the DSCP as the action of a filter rule is already
present in the JUNOS Software. However, with this line card, the value range permitted is modified from 0, to 0 through 63. To include DSCP as the action of a filter rule, include the dscp value parameter at the [edit firewall filter
filter-name] hierarchy level.
To fully leverage the features offered through the new chipset on the line
card, include the enhanced-hash-key option at the [edit forwarding-options] hierarchy level.
[Class of Service]
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 11
JUNOS 10.1 Software Release Notes
IEEE 802.1ak-2007 MVRP (MX Series routers)The Multiple VLAN Registration
Elevated packet drops during oversubscription (MX Series routers with Trio
Protocol (MVRP) is a standards-based Layer 2 network protocol used among switches to dynamically share and update VLAN information with other bridges. VLAN information exchanged includes:
The set of VLANs that currently have active members
The ports through which the active members can be reached
To operate MVRP, edge ports should have the static VLAN configuration. The edge ports will not be configured for MVRP. MVRP is only enabled on the core-facing trunk ports where no static VLANs are configured.
To configure MVRP, include the mvrp statement and desired options at the [edit
protocols] hierarchy level.
[Class of Service]
MPC/MIC interfaces)—During periods of oversubscription, the WRED process drops more packets than expected from relatively full queues. There is no configuration for this feature, which transparently applies scaling to oversubscribed queues.

High Availability

Interfaces and Chassis

[Class of Service]
Enhancements to unified ISSU support on PICs (T Series)—JUNOS Release 10.1
extends unified ISSU support for the following PICs to T Series routers:
PB-1CHOC12-STM4-IQE-SFP, 1-port channelized OC12/STM4 enhanced IQ
PIC
PB-1OC12-STM4-IQE-SFP, 1-port nonchannelized OC12/STM4 enhanced IQ
PIC
PB-4CHDS3-E3-IQE-BNC, 4-port channelized DS3/E3 enhanced IQ PIC
PB-4DS3-E3-IQE-BNC, 4-port non-channelized DS3/E3 enhanced IQ PIC
[High Availability]
New 60-Gigabit Ethernet Queuing MPC (model number
MX-MPC2-3D-Q)—Supported on MX Series routers. For a list of supported MPCs, see the MX Series Line Card Guide.
New 60-Gigabit Ethernet MPC (model number MX-MPC2-3D)—Supported on
MX Series routers. For a list of supported MPCs, see the MX Series Line Card Guide.
New 60-Gigabit Ethernet Enhanced Queuing MPC (model number
MX-MPC2-3D-EQ)—Supported on MX Series routers. For a list of supported MPCs, see the MX Series Line Card Guide.
12 New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
New 20-port Gigabit Ethernet MIC with SFP (model number
MIC-3D-20GE-SFP)—Supported on MX Series routers. For a list of supported MPCs, see the MX Series Line Card Guide.
New Modular Port Concentrators (MPCs) and Modular Interface Cards
(MICs)—Supported on MX Series platforms. Up to two MICs plug into the MPC to provide the physical interface for the MPC line card. The MPCs provide increased capacity on Gigabit Ethernet and 10-Gigabit Ethernet hardware. For a list of supported MPCs and MICs, see the MX Series Line Card Guide.
[Network Interfaces]
New 4-port 10-Gigabit Ethernet MIC with XFP (model number
MIC-3D-4XGE-XFP)—Supported on MX Series routers. For a list of supported MPCs, see the MX Series Line Card Guide.
Layer 2 VPLS, IRB, and mesh group feature parity (MX Series routers with
Trio MPC/MIC interfaces)—Support for Layer 2 feature parity with JUNOS Release
9.1 on MX Series routers that include Trio Modular Port Concentrators (MPCs) and Modular Interface Cards (MICs).
Layer 2 feature parity includes:
Layer 2 bridging
VPLS forwarding
MAC address learning, aging, and MAC address limit
Mesh group support
Implicit VLAN mapping
Integrated routing and bridging (IRB)
Multicast over IRB
MAC statistics
Layer 2 features that are not supported in this release include:
Spanning Tree Protocols (xSTP)
VLAN Spanning Tree Protocol (VSTP)
Multiple Spanning Tree Protocol (MSTP)
Rapid Spanning Tree Protocol (RSTP)
Layer 2 Tunneling Protocol (L2TP)
Upgrading a T1600 router to be the LCC0 of the TX Matrix Plus platformYou
can now upgrade an operational T1600 router to be the lcc0 in a newly configured TX Matrix Plus platform. The procedures require JUNOS Release 10.1 on the TX Matrix Plus router and the T1600 router. Reboot is required to transfer control of the T1600 router to the routing matrix. You can also downgrade the lcc0 to a standalone T1600 router by rolling back to the former configuration. Upgrade and integration of subsequent operational T1600 routers to form lcc1 and lcc2
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 13
JUNOS 10.1 Software Release Notes
Per-unit scheduling for GRE tunnels using IQ2 PICs (M7i, M10i, M120, and
(and so on) is not supported. Use the offline procedures to upgrade and integrate the remaining T1600 routers into the routing matrix.
[TX Matrix Plus Hardware, System Basics and Services Command Reference]
M320 routers with E3FPC)—Supports enhanced IQ2 PIC and IQ2E PIC performance, adding all functionality of tunnel PICs. The QoS for the GRE tunnel traffic will be applied as the traffic is looped through the IQ2/IQ2E PIC.
Shaping is performed on full packets that pass through the GRE tunnel.
IQ2 and IQ2E PICs support all interfaces that are supported on tunnel PICs, as follows:
gr-fpc/pic/port
vt-fpc/pic/port
lt-fpc/pic/port
ip-fpc/pic/port
pe-fpc/pic/port
pd-fpc/pic/port
mt-fpc/pic/port
The port variable is always zero.
The provided tunnel functionality is the same as that of regular tunnel PICs.
When tunnel services are enabled on IQ2 and IQ2E PICs, they work exclusively as tunnel PICs. The physical ports on the PICs cannot be used in tunnel mode. To configure exclusive tunnel mode, use the tunnel-only statement at the [chassis
fpc number pic number] hierarchy level.
You can use the show interfaces queue gr-fpc/pic/port command to display statistics for the specified tunnel.
[Network Interfaces, Class of Service, PIC Guide]
Root System Domain (RSD) configuration of logical interface filters on shared
interfaces (JCS1200 platform)—Enables Root System Domain (RSD) configuration support for logical interface filters on shared interfaces. In previous releases, logical interface filters were configured on each Protected System Domain (PSD). This release supports configuration on the RSD.
To configure a logical interface filter on the RSD, apply the firewall filter to the logical interface on the shared interface by including the filter output filter-name statement at the [edit interfaces interface-name unit logical-unit-number] hierarchy level on the RSD.
Filtering is performed on the PSD, but logical interface filters configured on the RSD are applied automatically by the PSD. Filters configured on the RSD can co-exist with filters configured on the PSD. Counter statistics related to PSD filtering are available on the RSD.
[Protected System Domain]
14 New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Two new AC power supply modules in chassis—The JUNOS Software now
supports two new AC power supply modules on T640 and T1600 routers: AC Power Entry Module 10kW US and AC Power Entry Module 10kW EMEA (for U.S. and EMEA markets, respectively). The two Power Entry Modules (PEMs) cannot interoperate and the JUNOS Software reports an alarm when they do. The show chassis environment pem command output will show AC Input: status instead of DC Input: status and the Temperature will show the actual temperature reading. Two new power supply descriptions, US and EMEA, are added to distinguish the new modules from existing ones in the output of the show chassis
hardware command output.
[System Basics and Service Command Reference]
Next-hop cloning and permutations disabled in T Series enhanced scaling
FPCs (FPC Type 1-ES, FPC Type 2-ES, FPC Type 3-ES, and FPC Type 4-ES)—The next-hop cloning and permutations are now disabled in these FPCs with enhanced load-balancing capability. As a result, the memory utilization is reduced for a highly scaled system with a high number of next hops on ECMP or aggregated interfaces.
[System Basics]
Fragmentation support for GRE-encapsulated packets (Multiservices DPC)
(M120, M7i/M10i with enhanced CFEB, M320 with E3 FPC, and MX Series routers only)Enables the Packet Forwarding Engine to update the IP
identification field in the outer IP header of packets encapsulated with generic routing encapsulation (GRE), so that reassembly of the packets is possible after fragmentation. The previous CLI constraint check that requires you to configure either the clear-dont-fragment-bit statement or a tunnel key with the
allow-fragmentation statement is no longer enforced. There are no associated
changes to the CLI statements or operational mode commands.
NOTE: For other routers, the earlier configuration constraint check still holds.
[Services Interfaces, MPLS Applications, MX Series Layer 2 Configuration Guide]
NAT compliance enhancements—Add modifications to the existing NAT
functionality on the services PICs to achieve compliance with RFCs UDP 4787, TCP 5382, and ICMP 5508. These enhancements apply to IPv4–IPv4, IPv6–IPv6, and IPv4–IPv6 source NAT and are not supported with destination NAT. New CLI configuration settings associated with RFC 4787 include the mapping-timeout statement at the [edit services nat pool pool-name] hierarchy level and the
address-pooling, filtering-type, and mapping-type statements at the [edit services nat rule rule-name term term-name then translated] hierarchy level. There are no
associated changes to the operational mode commands.
[Services Interfaces]
Support for VRF in Routing Engine-based sampling on M Series, M320, MX
Series, M120, and T Series routers—For VRF Routing Engine-based sampling, the kernel queries the correct VRF route table based on the ingress interface index for the received packet. For interfaces configured in VRF, the sampled
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 15
JUNOS 10.1 Software Release Notes
New 4-port Channelized OC12 Enhanced Intelligent Queuing (IQE) type 3
packets contain the correct input and output interface SNMP index, the source and destination AS numbers, and the source and destination mask.
There are two ways to verify the sampled packets. The first is to include the file
sampled statement at the [edit forwarding-options sampling traceoptions] hierarchy
level and the local dump statement at the [edit forwarding-options family inet output
flow-server server] hierarchy level, and check the sampled file using the tail –f /var/tmp/sampled command from the router shell. The second is to export and
verify the sampled packets to the flow-server.
[Services Interfaces, Feature Guide]
PIC (M Series and T Series routers)—Provides increased channelization and an improved QoS model; with channelization capabilities and scaling that make it ideal for edge aggregation.
Improved QoS functionality supports policing based on DSCP/IPPREC/EXP, five priority levels, two shaping rates (CIR and PIR), option to use shared scheduling on set of logical interfaces, DSCP rewrite on ingress, and configurable delay buffers for queueing. The QoS capabilities provide service differentiation for service providers.
The interface configuration syntax of existing IQ PICs is retained, but configuration limits are changed to match the augmented capabilities of IQE PICs.
All functionality available on the 4-port Channelized OC12 IQ Type 2 PIC is supported by this PIC.
[Network Interfaces]
Enhanced Intelligent Queuing (IQE) PICs add support for T3 and T1
channelization under SDH framing (M40e, M120, and M320 with Sahara-FPC, and T Series routers)The following IQE PICs are supported:
1-port COC48 IQE
4-port COC12 IQE
1-port COC12 IQE
2-port COC3 IQE
The JUNOS Software supports T1 and CT1 interface types under CAU4. To configure T1 and CT1 interfaces under CAU4, use the t1 and ct1 statements at the [edit interfaces cau4-fpc/pic/port:unit partition number interface-type] hierarchy level.
With T1 and CT1 interface configurations under CAU4 interfaces, you can configure a maximum of 84 T1 or CT1 inerfaces. However, the partition range under CAU4 interfaces was previously restricted to from 1 to 63. This range has increased to from 1 to 84 for T1 and CT1 interfaces.
The JUNOS Software supports T1, CT1, T3, and CT3 interfaces under Channelized AU4 partitions. To configure T1, CT1, T3, and CT3 interfaces under Channelized AU4, use the ct1 and t1 statements at the [edit interfaces cau4-fpc/pic/port:unit
partition partition-number] hierarchy level or the ct3 and t3 statements at the [edit interfaces cau4-fpc/pic/port:unit partition number interface-type] hierarchy level.
16 New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
The JUNOS Software also supports M13 mapped T1 interfaces under CAU4. To configure a T1 interface under CAU4, use the t1 statement at the [edit interfaces
cau4-fpc/pic/port:unit partition partition-number interface-type t1] or [edit interfaces cau4-fpc/pic/port:unit partition partition-number interface-type ct1] hierarchy level.
The JUNOS Software does not allow combined configurations of E1 and E3 interfaces together under a CAU4 interface.
Similarly, you cannot mix T1, E1, T3, and E3 interfaces directly under CAU4.
NOTE: The TUG-3 partition is not supported.
ITU-T VT-mapping in combination with TUG3 partition is not supported.
[Network Interfaces, PIC Guide]
Stateful firewall chaining for FTP, TFTP, and RTSP data sessions (MX Series
routers with Multiservices DPCs, and M120 or M320 routers with Multiservices 400 PICs)Adds support for stateful firewall rule sets in Dynamic Application
Awareness for JUNOS Software service chains. New application-level gateways (ALGs) are available for FTP (junos-ftp), TFTP (junos-tftp), and RTSP (junos-rtsp); you can include them as values for the applications statement at the [edit services
stateful-firewall rule rule-name term term-name from] hierarchy level. In addition,
you can include new statement options at the [edit interfaces ms-fpc/pic/port
services-options ignore-errors] hierarchy level to enable stateful firewall sessions
to operate in a no-drop mode and ignore various traffic errors that would normally result in dropped packets. There are no CLI changes in the APPID, IDP, AACL, or L-PDF configurations. The associated operational mode commands should report the new applications when identified.
[Services Interfaces]
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 17
JUNOS 10.1 Software Release Notes

JUNOS XML API and Scripting

18 New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
New JUNOS XML API operational request tag elements—Table 1 on page 19
lists the JUNOS Extensible Markup Language (XML) operational request tag elements that are new in JUNOS Release 10.1, along with the corresponding CLI command and response tag element for each one.
Table 1: JUNOS XML Tag Elements and CLI Command Equivalents New in JUNOS 10.1
Response Tag ElementCLI CommandRequest Tag Element
NONEclear dhcpv6 server binding<clear-dhcpv6-server-binding-information>
clear_dhcpv6_server_binding_information
NONEclear dhcpv6 server statistics<clear-dhcpv6-server-statistics-information>
clear_dhcpv6_server_statistics_information
NONEclear mpls static-lsp<clear-mpls-static-lsp-information>
clear_mpls_static_lsp_information
NONEclear mvrp statistics<clear-mvrp-interface-statistics>
clear_mvrp_interface_statistics
clear_idp_appddos_cache
clear_idp_status_information
clear_vrrp_information
clear_vrrp_interface_statistics
request_script_refresh_from
get_dhcpv6_server_binding_information
get_dhcpv6_server_statistics_information
get_mpls_static_lsp_information
get_mvrp_information
get_mvrp_applicant_information
NONEclear security idp application-ddos cache<clear-idp-appddos-cache>
<clear-idp-status-information>clear security idp status<clear-idp-status-information>
<vrrp-message>clear vrrp<clear-vrrp-information>
<vrrp-message>clear vrrp interface<clear-vrrp-interface-statistics>
NONErequest system scripts refresh-from<request-script-refresh-from>
<dhcpv6-server-binding-information>show dhcpv6 server binding<get-dhcpv6-server-binding-information>
<dhcpv6-server-statistics-information>show dhcpv6 server statistics<get-dhcpv6-server-statistics-information>
<mpls-static-lsp-information>show mpls static-lsp<get-mpls-static-lsp-information>
<mvrp-information>show mvrp<get-mvrp-information>
<mvrp-applicant-state>show mvrp applicant-state<get-mvrp-applicant-information>
get_mvrp_dynamic_vlan_memberships
get_mvrp_interface_information
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 19
<mvrp-vlan-information>show mvrp dynamic-vlan-memberships<get-mvrp-dynamic-vlan-memberships>
<mvrp-interface-information>show mvrp interface<get-mvrp-interface-information>
JUNOS 10.1 Software Release Notes
Table 1: JUNOS XML Tag Elements and CLI Command Equivalents New in JUNOS 10.1 (continued)
Response Tag ElementCLI CommandRequest Tag Element
<mvrp-registration-information>show mvrp registration-state<get-mvrp-registration-state>
get_mvrp_registration_state
<mvrp-interface-statistics>show mvrp statistics<get-mvrp-interface-statistics>
get_mvrp_interface_statistics
<idp-subscriber-policy-list>show security idp policies<get-idp-subscriber-policy-list>
get_idp_subscriber_policy_list
<idp-policy-template-information>show security idp policy-templates-list<get-idp-policy-template-information>
get_idp_policy_template_information
<idp-detail-status-information>show security idp status detail<get-idp-detail-status-information>
get_idp_detail_status_information
<service-nat-mapping-information>show services nat mappings<get-service-nat-mapping-information>
get_service_nat_mapping_information
get_task_memory_information
get_vrrp_information
get_vrrp_interface_information
get_vrrp_track_interfaces
<task-memory-information>show task memory<get-task-memory-information>
<vrrp-information>show vrrp<get-vrrp-information>
<vrrp-information>show vrrp interface<get-vrrp-interface-information>
<vrrp-information>show vrrp track<get-vrrp-track-interfaces>
20 New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

MPLS Applications

New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
[JUNOS XML API Operational Reference]
Static LSPs at the ingress router—You can now configure a named static LSP
at the ingress router. This feature allows you to configure multiple static LSPs between two specific routers. It is not necessary to configure unique names for static versus dynamic LSPs (a static LSP could have the same name as a dynamic LSP configured on the same router). This feature also allows you to configure a single-hop static LSP by specifying either an explicit null label or no label.
To configure a static LSP on an ingress router, include the ingress statement at the [edit protocols mpls static-label-switched-path static-lsp-name] hierarchy level. You must also configure the to and next-hop statements at the [edit protocols mpls
static-label-switched-path static-lsp-name] hierarchy level. You can optionally
configure the push statement. If you configure the push statement, you must specify a non-reserved label in the range of 0 through 1,048,575.
To display information about ingress static LSPs, issue the show mpls lsp static
ingress command. To display routing table entries corresponding to ingress static
LSPs, issue the show route table inet.3 command or the show route next-hop
next-hop-ip-address static-label-switched-path static-lsp-name command.
[MPLS, Routing Protocols and Policies Command Reference]
Static LSPs at the transit router—You can now configure a named static LSP
on a transit router. To configure a transit static LSP, include the transit statement at the [edit protocols mpls static-label-switched-path path-name] hierarchy level and include the next-hop statement at the [edit protocols mpls
static-label-switched-path static-lsp-name] hierarchy level. You must also configure
either the pop or the swap statement at the [edit protocols mpls
static-label-switched-path static-lsp-name transit] hierarchy level. If you configure
the swap statement, you must specify a non-reserved label in the range of 0 through 1,048,575.
The transit static LSP is added to the mpls.0 routing table. You should configure each static LSP using a unique name and at least a unique incoming label on the router. Each transit static LSP can have one or more incoming labels configured. If a transit LSP has more than one incoming label, each would effectively operate as an independent LSP, meaning you could configure all of the related LSP attributes for each incoming label. The range of incoming labels available is limited to the standard static LSP range of labels (1,000,000 through 1,048,575). To verify that a static LSP has been added to the routing table, issue the show
route table mpls.0 command.
[MPLS]
Bypass static LSPs—You can now configure a named bypass static LSP for ingress
and transit static LSPs, to be used if the primary LSP fails. To configure a bypass static LSP, include the bypass statement at the [edit protocols mpls
static-label-switched-path path-name] hierarchy level. You must also configure the to and next-hop statements at the [edit protocols mpls static-label-switched-path static-lsp-name bypass] hierarchy level. You can also configure link and node
protection for static LSPs. If you configure both link and node protection for the static LSP and the primary link fails, the node protection feature is preferred.
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 21
JUNOS 10.1 Software Release Notes
Static LSP revert timer—You can now configure a revert timer for ingress and
[MPLS]
transit static LSPs. After traffic has been switched to a bypass static LSP, it is typically switched back to the primary static LSP when it comes back up. There is a configurable delay in the time (called the revert timer) between when the primary static LSP comes up and when traffic is reverted back to it from the bypass static LSP. This delay is needed because when the primary LSP comes back up, it is not certain whether all of the interfaces on the downstream node of the primary path have come up yet. The delay range is from 0 through 65,535 seconds and is configurable at each interface. If you configure a value of 0, traffic is never automatically reverted to the primary LSP, even if it does come back up. The only exception is if the bypass LSP goes down. The default value is 5 seconds. To configure the revert timer for an interface, include the
protection-revert-time statement at the [edit protocols mpls interface interface-name static] hierarchy level. You can display the revert timer value for an interface
using the show mpls interface detail command.
[MPLS]

Multiplay

Static LSP traceoptions—You can now configure the traceoptions statement to trace messages related to ingress and transit static LSPs by including the static flag at the [edit protocols mpls traceoptions flag] hierarchy level.
[MPLS]
Static LSP statistics—You can now display statistics related to MPLS static LSPs
by issuing the show mpls static-lsp statistics command and the monitor static-lsp
lsp-name command. The show mpls static-lsp statistics command includes the
following options: ingress, transit, bypass, and name static-lsp-name. This command displays the packet count and byte count for the static LSP. You can clear the statistics for static LSPs by issuing the clear mpls static-lsp statistics command. You can also log the static LSP statistics to a file by specifying a file for the MPLS statistics statement. You can configure this file using the set protocols mpls
statistics interval interval file filename command.
[MPLS, Routing Protocols and Policies Command Reference]
Border Gateway Function (BGF) RTCP XR reporting—Provides support for the
H.248 RECRTCPXR (Received RTCP Extended Reporting) and RECRTCPXRBM (Received RTCP XR Burst Mode) reporting packages. The RECRTCPXR package defines properties and statistics that provide extended quality-of-service metrics received from the gateway controller. The RECRTCPXRBM package defines properties and statistics that provide burst metrics received from the gateway controller. Report data is available to the BGF when the gateway controller sends the relevant XR reporting packets and RTCP monitoring is active. Not all gateway controllers send the extended reporting packets. When XR packets are not received, all XR fields are displayed as 0s (zeroes).
You can use the following existing command to display the RECRTCPXR and RECRTCPXRBM report fields for a given gate-id: show services pgcp gate
gateway-name statistics gate-id gate-id.
[Multiplay Solutions, System Basics Command Reference]
22 New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Integrated Multi-Services Gateway (IMSG) failed call reporting—Provides more
extensive statistics on failed calls through improved show command output.
You can use the following existing command to display statistics on failed calls:
show services border-signaling-gateway calls-failed gateway gateway-name.
[Multiplay Solutions, System Basics Command Reference]
Integrated Multi-Services Gateway (IMSG) media release—Enables the IMSG
SIP function to release media resources when handling calls between two entities in the same media realm (the virtual interface specified in the PGCP configuration). When the new call usage policies for both entities allow media release, media resources are shared instead of being reserved for both entities. This improves the utilization of media resources and prevents latency.
To configure media release, enter the media-release statement at the [edit services
border-signaling-gateway gateway-name sip new-call-usage-policy policy-name term term-name then media-policy] hierarchy level.
[Multiplay Solutions, Services Interfaces]

Routing Policy and Firewall Filters

New MPLS firewall filter match conditions (T Series routers)The JUNOS
NOTE: New filter match conditions are applicable only for MPLS-tagged IPv4 packets. MPLS-tagged IPv6 packets are not supported by this filter.
Software now supports filtering MPLS-tagged IPv4 packets based on IP parameters for up to five MPLS stacked labels.
To configure the filter match conditions for an MPLS family based on IP parameters, include the from statement at the [edit firewall family family-name
filter filter-name term term-name] hierarchy level:
from {
match-conditions;
}
[Policy Framework, Routing Protocols and Policies Command Reference]
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 23
JUNOS 10.1 Software Release Notes

Routing Protocols

BGP support for MDT-SAFI updates without a route targetBy default, the
Distributed periodic packet management support for aggregate
JUNOS Software requires MDT-SAFI updates to have a route target attached. Some vendors do not support attaching route targets to the MDT-SAFI updates. For interoperability with these vendors, the JUNOS Software allows importing MDT-SAFI updates without a route target being attached. The MDT-SAFI is imported if the MDT default address in the MDT-SAFI prefix matches the MDT default address configured within the routing instance.
To configure the MDT default address, include the group-address group-address statement at the [edit routing-instances routing-instance-name provider-tunnel
pim-ssm] hierarchy level.
[Multicast, Policy Framework]
interfaces—Extends support for the Bidirectional Forwarding Detection (BFD) protocol to use the periodic packet management daemon (PPMD) to distribute IPv4 sessions over aggregate interfaces. PPMD automatically runs on the Routing Engine and the Packet Forwarding Engine. To disable PPMD on the Packet Forwarding Engine only, include the no-delegate-processing statement at the [edit
routing-options ppm] hierarchy level. Only IPv4 BFD sessions over aggregate
interfaces are supported. PPMD does not support IPv6 BFD sessions over an aggregate interface or MPLS BFD sessions over an aggregate interface.
[Routing Protocols]
to an upstream router when identical join messages are sent on the same multiaccess network. This improves scalability and efficiency by reducing the number of identical messages sent to the same router.
This feature is useful when there are a large number of routers on a multiaccess network that will be receiving traffic for a particular multicast group. Suppressing joins at each router saves bandwidth and reduces heavy processing at upstream routers.
PIM join suppression can be implemented per multiaccess interface and per multicast group. It is only needed on downstream routers, and does not need to be implemented on upstream routers in order for it to work.
A tracking bit field on the LAN prune delay hello option is used in the CLI to enable join suppression for downstream routers. By default, the tracking bit is set to 1 and PIM join suppression is disabled. This is the default behavior for JUNOS Release 10.0 and earlier for Juniper Networks routers. With join suppression disabled (T-bit=1), a downstream receiving router will send join messages even if it receives identical joins for the same upstream router, as long as no other router in the network has join suppression enabled. When the tracking bit is set to 0 for at least one neighbor on this interface, join suppression is enabled, and the receiving router will defer sending identical joins. Use reset-tracking-bit in the CLI to enable join suppression.
When an upstream router receives a join message, its behavior is independent of the value of the T-bit in the hello option. When join suppression is triggered, a timer is activated and all sending of joins is deferred for the length of time
24 New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
specified by the timer. This is a random timer with value ranges between 0 to Max Override Interval. The timer is reset each time join suppression is triggered, and the defer period is dependent on other settings in the LAN prune delay, including propagation-delay and override-interval.
Use the show protocols PIM command to see if the reset-tracking-bit is present, indicating that the T-bit has been changed to 0 and PIM join suppression is enabled.
[Multicast, Routing Protocols and Policies Command Reference]
Improve IGMPv3 snooping performance using bulk updates 1a3,14—Whenever
an individual interface joins or leaves a multicast group, a new next-hop entry is installed in the routing table and the forwarding table. This can require a lot of processing time when the frequency and number of IGMP join and leave messages are high.
A new configuration statement can be used to accumulate outgoing interface changes and perform bulk updates to the routing table and forwarding table. This reduces the processing time and memory overhead required when processing join and leave messages, thus improving scalability.This is useful for applications such as Internet Protocol television (IPTV), in which users changing channels can create thousands of interfaces joining or leaving a group in a short period of time.
To enable bulk updates of join and leave messages, include the next-hop-hold-time statement and specify the number of milliseconds to wait before processing the messages. The next-hop-hold-time statement can be configured at the [edit
routing-instances routing-instance-name] hierarchy level. The hold time can be
configured from 1 to 1000 milliseconds. The routing instance must be of type VPLS or virtual-switch.
If the next-hop-hold-time statement is deleted from the router configuration, IGMP bulk updates are disabled. The configuration of the next-hop-hold-time statement can be verified using the show multicast snooping route command.
[Multicast, Routing Protocols and Policies Command Reference]
Hub-and-spoke support for multiprotocol BGP-based multicast VPNs with
PIM-SSM GRE S-PMSI transport—Multiprotocol BGP-based (MBGP) multicast VPNs (also referred to as next-generation Layer 3 VPN multicast) can be configured using protocol-independent multicast source-specific multicast (PIM-SSM) selective provider multicast service interface (S-PMSI) tunnels in a hub-and-spoke topology.
This feature is useful in the following scenarios:
Customer sources and rendezvous points (RPs) are located only in the hub
sites and customer receivers are located in spoke sites or other hub sites.
Customer sources are located only in spoke sites and customer receivers are
located only in hub sites.
To configure MBGP MVPNs to use PIM-SSM S-PMSI tunnels in a hub-and-spoke topology:
Include the group-range statement and specify the group address range at the [edit routing-instances routing-instance-name provider-tunnel selective group
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 25
JUNOS 10.1 Software Release Notes
group-address source source-address pim-ssm] hierarchy level on all PE routers
participating in the MVPN.
Include the threshold-rate statement and specify zero as the threshold value at the [edit routing-instances routing-instance-name provider-tunnel selective
group group-address source source-address] hierarchy level on all PE routers
participating in the MVPN.
Include the family inet-mvpn statement and family inet6-mvpn statement at the [edit routing-instances routing-instance-name vrf-advertise-selective] hierarchy level to selectively advertise routes on PE routers that use one VRF for unicast routing and a separate VRF for MVPN routing.
[VPNs, Routing Protocols, Routing Protocols and Policies Command Reference]
26 New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

Services Applications

New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
FlowTapLite enhancements—Extend support for interception of IPv6 packets
on MX Series, M120, and M320 routers. For IPv6, the global filter taps packets from the default IPv6 routing table and does not tap packets from other VRFs. To tap packets from other VRFs, you can install separate VRF filters. For IPv4, the global filter intercepts all IPv4 packets irrespective of the VRF. The limit for filters remains 3000, which is now shared between IPv4 and IPv6. For example, you can install 3000 IPv4 filters or 3000 IPv6 filters, or a combination of both that totals 3000. You cannot install 3000 IPv4 filters and 3000 IPv6 filters.
No new statements are required to configure these enhancements. However, whether you use IPv6 flow tapping or not, you must include the family inet6 statement at the [edit interfaces vt-fpc/pic/port unit logical-unit-number] hierarchy level.
[Services Interfaces]

Subscriber Access Management

New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 27
JUNOS 10.1 Software Release Notes
JUNOS subscriber access scaling values (M120, M320, and MX Series
routers)—Table 2 on page 28 lists the DHCP, PPP, and PPPoE scaling values supported for subscriber access in this release of M120, M320, and MX Series routers. In this table, DPC means only MX Series Enhanced Queuing IP Services DPCs (DPCE-R-Q-40GE-SFP and DPCE-R-Q-4XGE-XFP). These DPCs support only DHCP subscribers; they do not support PPP subscribers.
Table 2: Subscriber Access Scaling Values for M120, M320, and MX Series Routers
MX480/960MX240M120/M320Subscriber Access Feature
DHCP client bindings per chassis
DHCP subscriber VLANs
PPP logical interfaces
PPPoE subscriber VLANs
120,000120,000
16,00016,000Per DPC
64,00032,000Per chassis with DPCs
64,00064,000Per Trio MPC/MIC
64,00064,000Per chassis with Trio MPC/MIC
63,99963,99915,999Dynamic PPPoE interfaces per chassis
4000Dynamic PPPoE interfaces per IQ2/IQ2E PIC
32,00032,000Dynamic PPPoE interfaces per Trio MPC/MIC
15,99915,99915,999Static interfaces per chassis
2000Per IQ2/IQ2E PIC
PPP connections (logical interfaces) are supported in a range of configurations. For example, 63,999 PPP connections per chassis are supported when all subscribers are configured on the same VLAN. In this case, 63,999 pp0 interfaces are configured under the same VLAN logical interface and the one remaining logical interface is consumed for the single VLAN.
At the other extreme, when you configure each subscriber on a separate VLAN (using stacked VLANs), up to 32,000 PPP connections per chassis are supported.
28 New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
8000Per chassis with IQ2/IQ2E PIC
32,00032,000Per Trio MPC/MIC
32,00032,000Per chassis with Trio MPC/MIC
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
In this case, each subscriber connection consumes two logical interfaces: one for the VLAN logical interface and one for the pp0 logical interface.
The M120, M320, and MX Series routers support a maximum of 2000 different dynamic profiles per chassis. [Subscriber Access]
Support for dynamic CoS for subscriber interfaces on Trio MPC/MIC interfaces
(MX Series routers)—Enables you to configure dynamic CoS for subscriber interfaces on Trio MPC/MIC interfaces that are now available on MX Series routers. In earlier releases, dynamic CoS was supported on EQ DPCs only.
To configure dynamic CoS on Trio MPC/MIC interfaces, you must enable the hierarchical scheduler for an interface at the [edit interfaces] hierarchy level. You can then configure dynamic CoS parameters at the [edit dynamic-profiles
profile-name class-of-service] hierarchy level. The CoS parameters are dynamically
applied to subscribers services when they log in or change services.
Trio MPC/MIC interfaces support CoS for the following interface types: static VLAN, demux, static and dynamic PPPoE, and aggregated Ethernet subscriber interfaces.
In this release, hierarchical CoS for aggregated Ethernet interfaces is supported on the Trio MPC/MIC product when a static VLAN configured over the aggregated Ethernet interface. It is not supported for static or dynamic demux subscriber interfaces configured over aggregated Ethernet.
[Subscriber Access]
Support for CoS on dynamic PPPoE subscriber interfaces (MX Series
routers)—Enables you to configure CoS for dynamic PPPoE subscriber interfaces on Trio MPC/MIC interfaces available on MX Series routers and the Intelligent Queuing 2 (IQ2) PIC on M120 and M320 Series routers.
In earlier releases, only static CoS was supported for static PPPoE subscriber interfaces configured on IQ2 PICs on M120 and M320 Series routers.
To configure CoS for a dynamic PPPoE interface, configure the shaping and scheduling parameters at the [edit dynamic-profiles profile-name class-of-service] hierarchy level. You then attach the traffic control profile to the dynamic PPPoE interface by including the output-traffic-control-profile profile-name statement at the [edit dynamic-profiles profile-name class-of-service interfaces
$junos-interface-ifd-name unit $junos-underlying-interface-unit] hierarchy level.
When the subscriber logs in, PPP supplies pp0 as the $junos-interface-ifd-name variable, and supplies the PPPoE logical interface number for the
$junos-underlying-interface-unit variable.
[Subscriber Access]
Support for IPv6 for dynamic subscriber services (MX Series routers)—Enables
you to configure IPv6 addressing and prefixes for dynamic subscriber services. In earlier releases, dynamic subscriber services supported IPv4 addressing only. You can now configure both IPv4 and IPv6 addressing in the same dynamic profile to grant access and services to IPv4 and IPv6 subscribers.
In this release, IPv6 addressing is supported for static and dynamic VLAN subscriber interfaces and dynamic demux subscriber interfaces.
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 29
JUNOS 10.1 Software Release Notes
To enable IPv6 addressing for a static VLAN subscriber interface, include the
family inet6 statement at the [edit dynamic profiles profile-name interfaces interface-name unit logical-unit-number] hierarchy level.
To enable IPv6 addressing for a demux subscriber interface, include the family
inet6 statement at the [edit dynamic profiles profile-name interfaces demux0]
hierarchy level. To enable an IPv6 source address for the interface, specify the new $junos-subscriber-ipv6–address predefined variable with the demux-source statement at the [edit dynamic profiles profile-name interfaces demux0 unit
$junos-interface-unit family inet6] hierarchy level. The values for this variable are
supplied to the interface by DHCP when the subscriber logs in.
This feature enables you to configure dynamic, classic, and fast update firewall filters for IPv6 families. In addition, you can configure aggregate CoS when IPv4 and IPv6 families share a logical interface, and per-family CoS when IPv4 and IPv6 families do not share a logical interface (such as a demux interface).
The following new predefined variables have been added to implement IPv6 addressing for subscriber services:
$junos-input-ipv6-filter
$junos-ipv6-ndra-prefix
$junos-output-ipv6-filter
$junos-preferred-source-ipv6-address
RADIUS supports activation, deactivation, and change of authorization (CoA) for IPv6 services. The following new RADIUS attributes and VSAs have been added to implement IPv6 addressing for subscriber services:
DefinitionDynamic Profile Variable
Route prefix of an IPv6 access route.$junos-framed-route-ipv6-address-prefix
Next-hop address of an IPv6 access route.$junos-framed-route-ipv6-nexthop
Attaches a filter based on RADIUS VSA 26-106 (IPv6-Ingress-Policy-Name) to the interface.
IPv6 prefix value used when configuring the Router Advertisement protocol.
Attaches a filter based on RADIUS VSA 26-107 (IPv6-Egress-Policy-Name) to the interface.
Selects the preferred IPv6 source address associated with the loopback address used for the subscriber.
IPv6 address of the subscriber.$junos-subscriber-ipv6-address
Attribute NameAttribute Number
Framed-IPv6-Prefix97
Framed-IPv6-Route99
IPv6-Ingress-Policy-Name26-106
IPv6-Egress-Policy-Name26-107
30 New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Attribute NameAttribute Number
IPv6-NdRa-Prefix26-129
IPv6-Acct-Input-Octets26-151
IPv6-Acct-Output-Octets26-152
IPv6-Acct-Input-Packets26-153
IPv6-Acct-Output-Packets26-154
IPv6-Acct-Input-Gigawords26-155
IPv6-Acct-Output-Gigawords26-156
IPv6-NdRa-Pool-Name26-157
You can monitor IPv6 statistics by issuing the show subscribers and show
network-access aaa subscriber commands.
[Subscriber Access]
Support for dynamic PPPoE interfaces (M120, M320, and MX Series
routers)—Enables you to configure dynamically created PPPoE logical interfaces over statically created underlying interfaces. For subscriber access purposes, the dynamic PPPoE logical interface represents a dynamic PPPoE subscriber interface. The router automatically and transparently creates the dynamic interface in response to an external event, such as the receipt of traffic on an underlying interface. For example, the router creates a dynamic PPPoE logical interface when it receives a PPPoE Active Discovery Request (PADR) control packet from the client on an underlying interface to which a PPPoE dynamic profile is assigned. The router uses the information configured in the dynamic profile to determine the properties of the dynamic PPPoE logical interface.
The use of dynamically created PPPoE interfaces gives you the flexibility of having the router create the dynamic PPPoE logical interface only when the subscriber logs in on the associated underlying interface. By contrast, statically created interfaces always allocate and consume system resources upon interface creation, even when no traffic is flowing on the interface. Configuring and using dynamically created interfaces helps you effectively and conveniently manage subscriber access networks that provide services to large numbers of subscribers.
Configuration of dynamic PPPoE logical interfaces is supported on Intelligent Queuing 2 (IQ2) PICs on M120 and M320 Series routers, and on Trio MPC/MIC interfaces on MX Series routers.
To configure a dynamic PPPoE logical interface:
1. Configure a dynamic profile to define the attributes of the dynamic PPPoE
logical interface. To do so, include the following statements at the [edit
dynamic-profiles profile-name] hierarchy level:
dynamic-profiles {
profile-name {
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 31
JUNOS 10.1 Software Release Notes
interfaces pp0 {
unit $junos-interface-unit {
keepalives interval seconds; no-keepalives; pppoe-options {
underlying-interface "$junos-underlying-interface";
server; } ppp-options {
chap;
pap; } family inet {
unnumbered-address interface-name;
address address;
service {
input {
service-set service-set-name <service-filter filter-name>; } output {
service-set service-set-name <service-filter filter-name>; }
} filter {
input filter-name; output filter-name;
}
}
}
}
}
}
You can use most of these same statements to configure statically created PPPoE interfaces, with the following important differences. When you configure a profile to dynamically create a PPPoE interface, you must specify the $junos-interface-unit predefined dynamic variable instead of the actual logical unit number for the unit statement, and the $junos-underlying-interface predefined dynamic variable instead of the actual name of the underlying interface for the underlying-interface statement.
2. Assign the dynamic profile to the underlying interface on which the router
creates the dynamic PPPoE interface. To do so, include the
pppoe-underlying-options statement at the [edit interfaces interface-name unit logical-unit-number] hierarchy level, as follows:
interfaces {
interface-name {
unit logical-unit-number {
encapsulation ppp-over-ethernet; pppoe-underlying-options {
access-concentrator name; dynamic-profile profile-name; duplicate-protection; max-sessions number;
}
32 New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
}
}
}
The statements at the [edit interfaces interface-name unit logical-unit-number
pppoe-underlying-options] hierarchy level define the following PPPoE-specific
attributes for the underlying interface:
To provide an alternative access concentrator (AC) name in the AC-NAME
tag in a PPPoE control packet, include the access-concentrator statement.
To assign a previously configured dynamic profile to the underlying
interface, include the dynamic-profile statement. This is the only required statement for configuring dynamic PPPoE interfaces at the [edit interfaces
interface-name unit logical-unit-number pppoe-underlying-options] hierarchy
level.
To prevent the activation of another dynamic PPPoE logical interface
on the same underlying interface on which a dynamic PPPoE logical interface is already active for the same client, include the
duplicate-protection statement.
To configure the maximum number of dynamic PPPoE logical interfaces
(sessions) that the router can activate on the underlying interface, include the max-sessions statement.
To display information about the dynamic PPPoE interface configuration, use the show pppoe underlying-interfaces, show pppoe statistics, and show pppoe
interfaces operational commands. You can also use the clear pppoe statistics
command to clear packet statistics on the underlying interface.
[Subscriber Access]
Support for PPPoE Layer 3 wholesale configuration in a subscriber access
network—Enables you to configure PPPoE Layer 3 wholesaling within a subscriber access network. Wholesale access is the process by which an access network provider partitions the access network into separately manageable and accountable subscriber segments for resale to other network providers. An access network provider may elect to wholesale all or part of its network to one or more service providers (retailers).
In a Juniper Networks subscriber access network, you accomplish Layer 3 partitioning through the use of logical systems (LSs) and routing instances. Logical systems enable you to divide a physical router into separate, distinct, logical administrative domains. This method of division enables multiple providers to administer the router simultaneously and each have access to only the portions of the configuration that are relevant to their specific logical system. The JUNOS Software supports up to 15 named logical systems in addition to the default logical system (inet.0).
Routing instances are typically used in Layer 3 VPN scenarios. A routing instance does not have the same level of administrative separation as does a logical system. The routing instance defines a distinct routing table, set of routing policies, and set of interfaces, but it does not provide administrative isolation.
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 33
JUNOS 10.1 Software Release Notes
When configuring PPPoE Layer 3 wholesale for a subscriber access network, keep the following in mind:
PPPoE Layer 3 wholesaling supports the use of only the default logical system
using multiple routing instances.
Each routing instance must contain a loopback with one or more addresses
to be used for the unnumbered interface. However, unlike configuring Layer 3 wholesale for DHCP, the loopback interface address does not have to be within the same subnetwork as the client IP address.
The system ignores the preferred-source-address option for the
unnumbered-address statement when it is configured. To avoid confusion,
we recommend that you do not configure the preferred-source-address option for the unnumbered-address statement when configuring an unnumbered interface. However, the system will function appropriately, regardless of whether or not you have configured the preferred-source-address option.
To configure PPPoE Layer 3 wholesale for a subscriber access network:
Include the routing-instances statement along with the $junos-routing-instance dynamic variable at the [edit dynamic-profiles profile-name] hierarchy level.
Include the interface statement along with the $junos-interface-name dynamic variable at the [edit dynamic-profiles profile-name routing-instances
$junos-routing-instance] hierarchy level.
Include the unnumbered-address statement along with $junos-loopback-interface dynamic variable at the [edit dynamic-profiles profile-name interfaces pp0 unit
$junos-interface-unit family inet] hierarchy level.
To view the logical system and routing instance for each subscriber, use the show
subscriber operational command.
[Subscriber Access, Broadband Subscriber Management]
PPP PAP and CHAP enhancements for subscriber management (M120 and
M320 routers)—Subscriber management supports both bidirectional and unidirectional PPP PAP and CHAP authentication.
In subscriber management, the router's PPP interface typically authenticates the remote client (the subscriber). Bidirectional authentication is not usually used in a subscriber management environment, even though it is supported for static interfaces. Also, subscriber management uses AAA to authenticate subscribers, which removes the need to specify an access profile or a default password for PAP or CHAP authentication.
For static interfaces, the router supports bidirectional authentication. If you
do not include the passive statement in the configuration, the router functions as the authenticator for remote clients. If you include the passive statement, the router is authenticated by the remote client. Also, when you specify the
passive statement for static interfaces, you must specify other attributes, as
described in the JUNOS Network Interfaces Guide.
For dynamic interfaces, the router supports unidirectional authentication
onlythe router always functions as the authenticator. When you configure PPP authentication in a dynamic profile (at the [edit dynamic-profiles] hierarchy
34 New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
level), the pap and chap statements do not support any additional configuration options, including the passive statement. PPP dynamic interfaces are supported only on PPPoE interfaces (interface pp0) for this release.
To configure CHAP or PAP authentication for static interfaces, use the following stanza:
[edit interfaces interface-name unit logical-unit-number] ppp-options {
chap {
access-profile name; default-chap-secret name; local-name name;
passive; } pap {
access-profile name
default-pap-password password;
local-name name;
local-password password;
passive; }
}
To configure CHAP or PAP authentication for dynamic interfaces, use the following stanza:
[edit dynamic-profiles profile-name interfaces pp0 unit $junos-interface-unit] ppp-options {
chap; pap;
}
[Subscriber Access, Network Interfaces]
Support for input and output filters on the Trio MPC/MIC interfaces on MX
Series routers—Enables you to apply input and output filters to logical interfaces that are running over the Trio MPC/MIC interfaces on MX Series routers.
To apply input and output filters for logical interfaces, include the input
input-filter-name and output output-filter-name statements. To apply these filters
statically, include the statements at the [edit interfaces interface-name unit
logical-unit-number filter] hierarchy level. To apply these filters dynamically, include
the statements at the [edit dynamic-profiles profile-name interfaces interface-name
unit $junos-interface-unit filter] hierarchy level. For information about how to
create filters, see the Policy Framework Configuration Guide.
[Subscriber Access, Network Interfaces, Policy Framework]
MPC/MIC interfaces on MX Series routers—Enables you to configure subscriber secure policy traffic mirroring to provide RADIUS-initiated mirroring for subscribers on PPPoE interfaces that are running over Trio MPC/MIC interfaces on MX Series routers.
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 35
JUNOS 10.1 Software Release Notes
Support for PPP/PPPoE subscriber interfaces on the Trio MPC/MIC family of
Support for demux VLAN interface configuration on Ethernet and aggregate
For information about how to configure subscriber secure policy traffic mirroring, see the Subscriber Access Configuration Guide.
[Subscriber Access]
products (MX Series routers)—Enables you to configure PPP/PPPoE subscriber interfaces that are running over the Trio MPC/MIC family of products when used on MX Series routers. To configure PPP/PPPoE subscriber interfaces, you use the statements and procedures that are described in the JUNOS Network Interfaces Guide.
[Subscriber Access, Network Interfaces]
Ethernet Trio MPC/MIC interfaces—Enables the static or dynamic creation of demux VLAN interfaces with an underlying interface of aggregate Ethernet or Gigabit/10–Gigabit Ethernet.
When configuring static VLAN demux interfaces, specify a VLAN ID for the vlan-id statement at the [edit dynamic-profiles profile-name interfaces demux0 unit
unit-number] hierarchy level. You must also specify the underlying device name
for the underlying-interface statement at the [edit dynamic-profiles profile-name
interfaces demux0 unit unit-number demux-options] hierarchy level.

System Logging

When configuring dynamic VLAN demux interfaces, specify the VLAN ID variable ($junos-vlan-id) for the vlan-id statement at the [edit dynamic-profiles profile-name
interfaces demux0 unit unit-number] hierarchy level. You must also specify the
underlying device name variable ($junos-interface-ifd-name) for the
underlying-interface statement at the [edit dynamic-profiles profile-name interfaces demux0 unit unit-number demux-options] hierarchy level.
In addition, keep the following in mind while configuring dynamic VLANs over IP demux interfaces:
Only single VLAN and stacked VLAN tag options are supported as VLAN
selectors.
IP demux over IP demux stacking is not supported.
This support is limited to Trio MPC/MIC interfaces on MX Series routers.
[Subscriber Access]
New and deprecated system log families and tags—The following system log
families are new in this release:
ALARMDDescribes messages with the ALARMD prefix. They are generated
by the alarm process (alarmd).
CONNECTIONDescribes messages with the CONNECTION prefix. They
are generated whenever the alarm process is unable to connect to another process.
36 New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
FCDDescribes messages with the FCD prefix. They are generated by the
Fibre Channel process (fcd) which connects servers to disks and tape devices in a storage area network.
GPRSDDescribes messages with the GPRSD prefix. They are generated by
the general packet radio service process (gprsd) that integrates with existing GSM networks and offers mobile subscribers with packet-switched data services access to corporate networks and the Internet.
LIBJSNMPDescribes messages with the LIBJSNMP prefix. They are generated
by the libjsnmp process.
UTMDDescribes messages with the UTMD prefix. They are generated by
the unified threat management process (utmd), which protects the network from all types of attack.
WEBFILTERDescribes messages with the WEBFILTER prefix. They are
generated by the Web filtering process (webfilter), which allows you to manage Internet usage by preventing access to inappropriate Web content.
The following system log messages are new in this release:
COSD_NULL_INPUT_ARGUMENT
DCD_GRE_CONFIG_INVALID
DCD_PARSE_ERROR_MAX_HIER_LEVELS
DCD_PARSE_ERR_INCOMPATIBLE_CFG
EVENTD_ALARM_CLEAR
EVENTD_TEST_ALARM
PFE_ANALYZER_CFG_FAILED
PFE_ANALYZER_SHIM_CFG_FAILED
PFE_ANALYZER_TABLE_WRITE_FAILED
PFE_ANALYZER_TASK_FAILED
PFE_COS_B2_ONE_CLASS
PFE_COS_B2_UNSUPPORTED
RPD_RA_CFG_CREATE_ENTRY_FAILED
RPD_RA_CFG_INVALID_VALUE
RPD_RA_DYN_CFG_ALREADY_BOUND
RPD_RA_DYN_CFG_INVALID_STMT
RPD_RA_DYN_CFG_SES_ID_ADD_FAIL
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 37
JUNOS 10.1 Software Release Notes
RPD_RA_DYN_CFG_SES_ID_MISMATCH
RPD_RT_CFG_BR_CONFLICT
The following system log messages are no longer documented:
DFWD_CONFIG_FW_UNSUPPORTED
LLDPD_PARSE_ARGS
LLDPD_PARSE_BAD_SWITCH
LLDPD_PARSE_CMD_ARG
LLDPD_PARSE_CMD_EXTRA
LLDPD_PARSE_USAGE
LPDFD_DYN_SDB_OPEN_FAILED

User Interface and Configuration

Enhanced support for up to 64 ECMP next hops for load balancing on M10i
routers with Enhanced CFEB, M320, M120, MX Series, and T Series Core routersThe JUNOS Software supports configurations of 16, 32, or 64 equal-cost
multipath (ECMP) next hops for RSVP and LDP LSPs on M10i routers with an Enhanced CFEB, and M320, M120, MX Series, and T Series routers. For networks with high-volume traffic, this provides more flexibility to load-balance the traffic over as many as 64 LSPs.
To configure the maximum limit for ECMP next hops, include the maximum-ecmp
next-hops statement at the [edit chassis] hierarchy level:
[edit chassis] maximum-ecmp next-hops;
You can configure a maximum ECMP next-hop limit of 16, 32, or 64 using this statement. The default limit is 16.
The following types of routes support the ECMP maximum next-hop configuration for as many as 64 ECMP gateways:
Static IPv4 and IPv6 routes with direct and indirect next-hop ECMPs
LDP ingress and transit routes learned through associated IGP routes
RSVP ECMP next hops created for LSPs
OSPF IPv4 and IPv6 route ECMPs
ISIS IPv4 and IPv6 route ECMPs
EBGP IPv4 and IPv6 route ECMPs
IBGP (resolving over IGP routes) IPv4 and IPv6 route ECMPs
38 New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
The enhanced ECMP limit of up to 64 ECMP next hops is also applicable for Layer 3 VPNs, Layer 2 VPNs, Layer 2 circuits, and VPLS services that resolve over an MPLS route, because the available ECMP paths in the MPLS route can also be used by such traffic.
NOTE:
The following FPCs on M320, T640, and T1600 routers only support 16 ECMP next hops:
(M320, T640, and T1600 routers only) Enhanced II FPC1
(M320, T640, and T1600 routers only) Enhanced II FPC2
(M320 and T640 routers only) Enhanced II FPC3
(T640 and T1600 routers only) FPC2
(T640 and T1600 routers only) FPC3
If a maximum ECMP next-hop limit of 32 or 64 is configured on an M320, T640, or T1600 router with any of these FPCs installed, the Packet Forwarding Engines on these FPCs use only the first 16 ECMP next hops. For Packet Forwarding Engines on FPCs that support only 16 ECMP next hops, the JUNOS Software generates a system log message if a maximum ECMP next-hop limit of 32 or 64 is configured. However, for Packet Forwarding Engines on other FPCs installed on the router, a maximum configured ECMP limit of 32 or 64 ECMP next hops is applicable.
To view the details of the ECMP next hops, issue the show route command. The
show route summary command also shows the current configuration for the
maximum ECMP limit. To view details of the ECMP LDP paths, issue the traceroute
mpls ldp command.
[System Basics, Policy Framework, Routing Protocols Command Reference]
you to configure time-based restrictions for user access to log in to a device. This is useful for restricting the time and duration of user logins for all users belonging to a login class. You can specify the days of the week when users can log in, the access start time, and the access end time.
To configure user access on specific days of the week, without any restrictions
on the duration of login, include the allowed-days statement only.
[edit system] login {
class class-name {
allowed-days days-of-the-week;
}
To configure user access on all the days of the week for a specific duration,
include the access-start and access-end statements only.
[edit system]
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 39
JUNOS 10.1 Software Release Notes
login {
class class-name {
access-start HHMM; access-end HHMM;
}
}
To configure user access on specific days of the week for a specified duration,
include the allowed-days, access-start, and access-end statements.
[edit system] login {
class class-name {
allowed-days days-of-the-week;
access-start HHMM;
access-end HHMM; }
}
[System Basics]
Dynamic IPv6 filters (MX Series routers)—Subscriber management now supports
dynamic IPv6 filters. The dynamic filter feature supports both classic and fast update filters, and both IPv4 and IPv6.
You specify the filters in a dynamic profile, which associates the filter to an interface. When the dynamic profile is triggered, the profile applies the filter to an interface.
You use the filter statement at the [edit dynamic-profiles profile-name interfaces
interface-name unit logical-unit-number family (inet | inet6)] hierarchy level to
associate a dynamic profile to an interface.
[Subscriber Access, Policy Framework]
Support for classifiers and rewrite rules in dynamic subscriber-based CoS
(MX Series routers)—You can now associate classifiers and rewrite rules with a subscriber interface in a dynamic profile. You must statically configure the classifiers and rewrite rules at the static [edit class-of-service] hierarchy level.
To associate a classifier configuration with a subscriber interface in a dynamic profile, include the classifiers statement at the [edit dynamic profiles profile-name
class-of-service interfaces interface-name unit logical-unit-number] hierarchy level.
The supported classifier types for subscriber interfaces are dscp, dscp-ipv6,
ieee-802.1, and inet-precedence.
To associate a rewrite-rule configuration with a subscriber interface in a dynamic profile, include the rewrite-rules statement at the [edit dynamic profiles profile-name
class-of-service interfaces interface-name unit logical-unit-number] hierarchy level.
The supported rewrite rules for subscriber interfaces are dscp, dscp-ipv6,
ieee-802.1, and inet-precedence.
[Subscriber Access]
Dynamic configuration of the router advertisement protocol—In a network
deployment where router interfaces are configured statically, you might need to configure the router advertisement protocol on only a small number of
40 New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
interfaces on which it might run. However, in a subscriber access network, static configuration of the router advertisement protocol becomes impractical because the number of interfaces that potentially need the router advertisement protocol increases substantially. In addition, deploying services in a dynamic environment requires dynamic modifications to interfaces as they are created. To ensure that dynamic interfaces are created with the ability to use the router advertisement protocol, this release supports their configuration dynamically at the [edit
dynamic-profiles profile-name protocols] hierarchy level. The dynamic profile applies
router advertisement protocol configuration to dynamic interfaces as they are created.
To minimally configure the router advertisement protocol, include the
router-advertisement statement at the [edit dynamic-profiles profile-name protocols]
hierarchy level, and the interface statement along with the $junos-interface-name dynamic variable. All other statements are optional.
Optional router advertisement protocol statements include current-hop-limit,
default-lifetime, managed-configuration, max-advertisement-interval, min-advertisement-interval, no-managed-configuration, no-other-stateful-configuration, other-stateful-configuration, prefix, reachable-time, and retransmit-timer. All of these
statements appear at the [edit dynamic-profiles profile-name protocols
router-advertisement] hierarchy level.
NOTE: Statements used for router advertisement protocol configuration at the [edit
dynamic-profiles profile-name protocols] hierarchy level are identical in function to the
same statements used for static router advertisement protocol configuration, with the exception of the interface and prefix statements which use dynamic variables.
[Subscriber Access]
Related Topics Changes in Default Behavior and Syntax in JUNOS Release 10.1 for M Series,
MX Series, and T Series Routers on page 42
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers on
page 54
Errata and Changes in Documentation for JUNOS Software Release 10.1 for M
Series, MX Series, and T Series Routers on page 94
Upgrade and Downgrade Instructions for JUNOS Release 10.1 for M Series, MX
Series, and T Series Routers on page 98
New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 41
JUNOS 10.1 Software Release Notes

Changes in Default Behavior and Syntax in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

Class of Service

services intelligent queuing (LSQ) interfaces—If you configure a forwarding class map associating a forwarding class with a queue number, these maps are not supported on Multiservices link services intelligent queuing (lsq-) interfaces.
[Class of Service]

Forwarding and Sampling

Enhancement to the show firewall command—The show firewall command now supports a terse option that enables you to display only the names of firewall filters. This option displays no other information about the firewall filters configured on your system. Use the show firewall terse command to verify that all the correct filters are installed.

Interfaces and Chassis

[Routing Protocols and Policies Command Reference]
Disabling MAC address learning of neighbors through ARP or neighbor
discovery for IPv4 and IPv6 traffic for logical interfaces—The JUNOS Software provides the no-neighbor-learn configuration statement at the [edit interfaces
interface-name unit interface-unit-number family inet] and [edit interfaces interface-name unit interface-unit-number family inet6] hierarchy levels.
To disable ARP address learning for IPv4 traffic for a logical interface, include the no-neighbor-learn statement at the [edit interfaces interface-name unit
interface-unit-number family inet] hierarchy level:
[edit interfaces interface-name unit interface-unit-number family inet] no-neighbor-learn;
To disable neighbor discovery for IPv6 traffic for a logical interface, include the
no-neighbor-learn statement at the [edit interface interface-name unit logical-unit-number family inet6] hierarchy level:
[edit interfaces interface-name unit interface-unit-number family inet6] no-neighbor-learn;
[System Basics]
Logical and physical Ethernet interface bandwidth—If you configure a
bandwidth on a logical Ethernet interface greater than the bandwidth configured for the corresponding physical Ethernet interface, the commit fails. The bandwidth of the logical interface should always be less than the bandwidth of the physical
42 Changes in Default Behavior and Syntax in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Changes in Default Behavior and Syntax in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
interface. If you do not configure a bandwidth for the logical interface, it is automatically set to the bandwidth configured for the physical interface.
[Network Interfaces]
Support for line-rate mode on 10-port 10-Gigabit Oversubscribed Ethernet
(OSE) PIC (T640, T1600, TX Matrix Plus platforms)— Enables you to configure the T640, T1600, and TX Matrix Plus routers to operate the 10-port 10-Gigabit OSE PIC in line-rate mode, in which the OSE PIC disables oversubscription and operates in line-rate mode. By default, the 10-port 10-Gigabit OSE PIC operates in 2:1 oversubscription mode.
[System Basics]
New CoS information field added to the show interfaces extensive command outputThe output of the show interfaces extensive command now displays the
class-of-service queue allocation information of the physical interfaces (intelligent queueing PICs such as IQ2 and so on) under the new class-of-service information category. In the previous releases, the class-of-service queue allocation information for physical interfaces was listed within the Packet Forwarding Engine
configuration category:
host@user# show interfaces extensive ge-7/1/3
Packet Forwarding Engine configuration: Destination slot: 7 CoS information: Direction : Output CoS transmit queue Bandwidth Buffer Priority Limit
% bps % usec 0 best-effort 95 950000000 95 0 low none 3 network-control 5 50000000 5 0 low none Direction : Input CoS transmit queue Bandwidth Buffer Priority Limit
% bps % usec 0 best-effort 95 950000000 95 0 low none 3 network-control 5 50000000 5 0 low none
[Interfaces Command Reference]
Restriction on compatibility-mode adtran and verilink—On 2-port and 4-port
channelized DS3 (T3) IQ interfaces, you cannot configure compatibility-mode
adtran, or verilink at the [edit interfaces interface-name t3-options] hierarchy level.
If configured, the default mode is applied on both the interfaces, that is, no subrating.
[Network Interfaces]
Support for internal clocking mode on OSE PICs—The 10-port 10-Gigabit
Oversubscribed Ethernet (OSE) PIC supports only internal clocking mode on its ports.
Changes in Default Behavior and Syntax in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 43
JUNOS 10.1 Software Release Notes
Invalid count of queuesThe PD-5-10XGE-SFPP PICs in T Series routers do not
[Network Interfaces]
Commit-time warning messages at the [edit interfaces] hierarchy level are now system loggedCLI commit-time warnings displayed for configuration at
the [edit interfaces] hierarchy level have been removed and are now logged as system log messages. This change is applicable to JUNOS Release 10.1R1 and later, 10.0R2, and 9.3R4. [CLI User Guide]
display ingress control queue statistics as output from the show interfaces queue
xe-fpc/pic/port forwarding-class command. However, you can use the following
commands to display the ingress control queue statistics:
show interfaces queue both-ingress-egress xe-fpc/pic/port
show interfaces queue xe-fpc/pic/port
show interfaces queue xe-fpc/pic/port ingress
[Network Interfaces]
Support for configuration of a range of interfaces through the interface-range statementEnables you to group a range of identical interfaces and apply a
common configuration for the interfaces using a reduced number of configuration statements. To configure an interface-range group, include the interface-range statement and substatements at the [edit interfaces] hierarchy level. To view an interface range group in expanded configuration, use the show | display inheritance command.
[Network Interfaces, Interfaces Command Reference]
Enhancement to the show chassis fabric fpcs command—In JUNOS Release
10.1 and later, the show chassis fabric fpcs command issued on a T640 or T1600 router displays destination errors in addition to link errors. The command output displays a list of Packet Forwarding Engines that have destination errors, for those SIBs that are in the Check state. This enhancement is also applicable to JUNOS Release 9.6 and 10.0. The following sample shows the enhanced output for this command:
user@host> show chassis fabric fpcs
Fabric management FPC state:
FPC #3 PFE #1 SIB #2 Plane enabled SIB #3 Link error Destination error on PFEs 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 SIB #4 Destination error on PFEs 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
44 Changes in Default Behavior and Syntax in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Changes in Default Behavior and Syntax in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
20 21
[System Basics Command Reference]
Modification to the output of the show interfaces extensive command outputFor IQ2E interfaces, the show interfaces extensive command output no
longer displays the schedulers field, because there is no static scheduler partitioning of schedulers among different ports in IQ2E.
[Interfaces Command Reference]
Enhancement to the show chassis sibs command—The show chassis sibs command now displays destination errors for SIBS in the Check state. In JUNOS Release 10.1 and later and JUNOS Release 9.6 and 10.0, the command displays the number of destination errors for SIBS in the Check state:
user@host> show chassis sibs
Slot State Uptime 0 Empty 1 Empty 2 Check (21 destination errors) 1 day, 1 hour, 32 minutes, 55 seconds 3 Check (0 destination errors) 1 day, 1 hour, 32 minutes, 45 seconds 4 Empty
use "show chassis fabric fpcs" to determine which PFEs have destination errors
However, for JUNOS Release 9.3 and 9.5, the command only displays the message
destination errors or no destination errors for a SIB that is in the Check state, but
does not display the number of destination errors:
user@host> show chassis sibs
Slot State Uptime 0 Empty 1 Empty 2 Check (destination errors) 1 day, 1 hour, 32 minutes, 55 seconds 3 Check (no destination errors) 1 day, 1 hour, 32 minutes, 45 seconds 4 Empty
use "show chassis fabric fpcs" for more details
In addition, the command also displays a message to use the show chassis fabric
fpcs command for more information about the destination errors.
If there are no SIBs in the Check state, there is no change in the output of this command.
Changes in Default Behavior and Syntax in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 45
JUNOS 10.1 Software Release Notes

Layer 2 Ethernet Services

Modification to the output of the show dhcp (relay or server) binding

MPLS Applications

[System Basics Command Reference]
commands—The output of the show dhcp server binding summary command, the show dhcp relay binding summary command, and the show dhcpv6 server
binding command has been modified to include the number of clients in the init
state and the requesting state.
[Subscriber Access]
MPLS statistics file now optional—The file statement configured at the [edit
protocols mpls statistics] hierarchy level is now optional. You still must configure
the MPLS statistics statement to collect LSP statistics for the MPLS MIBs. Rather than accessing the LSP statistics in the MPLS statistics file, you can view the statistics using SNMP instead. This change helps to reduce disk space usage on the routing engine, especially on routers on which numerous LSPs have been configured.
[MPLS]
NSR tracing flags for MPLS—You can now configure MPLS tracing flags for
nonstop active routing (NSR) synchronization events. This enables you to track the progress of NSR synchronization between Routing Engines and record these operations to a log file. To configure, include the flag nsr-synchronization or flag
nsr-synchronization-detail statement at the [edit protocols mpls traceoptions]
hierarchy level. The two statements are not mutually exclusive; you can track the events at a high level and in detail.
[High Availability, MPLS, Routing Protocols]
46 Changes in Default Behavior and Syntax in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Changes in Default Behavior and Syntax in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

Multiplay

Border gateway function (BGF) improved efficiency and scalability through

Routing Policy and Firewall Filters

use of service interface pools—You can now use service interface pools to improve the maintainability and scalability of your service set configurations. When your service sets handle VPN traffic, you must specify a service interface pool for the next next-hop-service for the service sets. The interfaces that are members of the pool can serve as either inside or outside interfaces.
You should also specify service interface pools as the next-hop service for service sets that do not currently handle VPN traffic. You gain the immediate benefit of more efficient resource utilization and you can add VPNs to the service set in the future without reconfiguring your service sets.
[Multiplay Solutions]

Routing Protocols

The ipsec-sa sa-name firewall filter action is no longer supported on the MX Series routers. To configure one or more actions for a firewall filter, include the actions statement at the [edit firewall family family-name filter filter-name term term-name
then] hierarchy level.
[Policy]
Enhanced match-conditions support for VPLS and bridge firewall filters (MX
Series routers and routers with Enhanced IQ2 [IQ2E] PICs only)—The protocol families vpls and bridge now support the interface-set match condition for firewall filters. To configure, include the interface-set interface-set-name statement at the
[edit firewall family bridge filter filter-name term term-name from] or the [edit firewall family vpls filter filter-name term term-name from] hierarchy level. The protocol
family bridge is supported only on MX Series routers.
An interface set is a set of logical interfaces used to configure hierarchical class-of­service schedulers. Previously only the following protocol families supported the
interface-set match condition: ipv4, ipv6, any, and mpls.
[Policy]
OSPF sham link—An OSPF sham link is now installed in the routing table as a
hidden route. Previously, an OSPF sham link was not installed in the routing table. In addition, a BGP route is no longer exported to OSPF if a corresponding OSPF sham link is available. To configure a sham link, include the sham-link local
ip-address statement at the [edit routing-instances routing-instance-name protocols ospf] hierarchy level.
[Routing Protocols]
Removal of BGP warning message—If a BGP group is created without any
defined peers, the warning message no longer appears when the configuration is committed.
[Routing Protocols]
Changes in Default Behavior and Syntax in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 47
JUNOS 10.1 Software Release Notes
Increase in limit to external paths accepted for BGP route target filteringYou
Support for having the algorithm that determines the single best path evaluate
can now specify for BGP to accept up to 256 external paths for route target filtering. Previously, the maximum number that you could configure was 16. The default value remains one (1). To specify the maximum number of external paths for BGP to accept for route target filtering, include the external-paths number statement at the [edit protocols bgp family route-target] hierarchy level. This statement is also supported for BGP groups and neighbors.
[Routing Protocols]
AS numbers in AS paths for VPN routes—By default, the third step of the algorithm that determines the active route evaluates the length of the AS path but not the contents of the AS path. In some VPN scenarios with BGP multiple path routes, it can also be useful to compare the AS numbers of the AS paths and to have the algorithm select the route whose AS numbers match. Include the as-path-compare statement at the [edit routing-instances routing-instance-name
routing-options multipath] hierarchy level.
[Routing Protocols]

Services Applications

Option to view APPID countersUse the option under show services
application-identification counter to view the APPID counters for the specified
interface.
[System Basics and Services Command Reference]
Session offloading on Multiservices PICs—To enable session offloading on a
per-PIC basis for Multiservices PICs, include the session-offload statement at the
[edit chassis fpc] hierarchy level.
[System Basics]
Option to clear the do not fragment bit—To clear the do not fragment bit
for IPsec with dynamic endpoints, include the clear-dont-fragment-bit statement at the [edit services ipsec-vpn rule rule-name term term-name then] hierarchy level.
[Services Interfaces]
Option to clear tunnel MTU—To clear the tunnel MTU, include the tunnel-mtu statement at the [edit services ipsec-vpn rule rule-name term term-name then] hierarchy level.
[Services Interfaces]
M120 router performance with IDP—For M120 routers, the performance number
is 4500 connections per second when IDP is enabled.
[Services Interfaces]
Enhancement to the output of the show services accounting commands—The output for the show services accounting usage, show services accounting status,
show services accounting memory, and show services accounting errors operational
mode commands has been updated to include new fields for use in querying service PICs.
[System Basics and Services Command Reference]
48 Changes in Default Behavior and Syntax in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Changes in Default Behavior and Syntax in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Default idle timeout value for UDP- and TCP-based applications—Upon
identification by AppID, the default idle timeout value is set to 30 seconds for UDP-based applications and 1 hour for TCP-based applications. These settings can be overridden by including the idle timeout statement at the [edit services
application-identification application application] hierarchy level.
[Services Interfaces]
New statement to bypass traffic on exceeding flow limit—If the flow in the
service-set crosses the maximum limit set by the max-flow statement, the bypass-traffic-on-exceeding-flow-limits allows the packets to bypass without creating a new session. Following are the required privilege levels:
interfaceTo view the statement in the configuration
interface-controlTo add the statement to the configuration
[Services Interfaces]
Diffie-Hellman group5 added to group1 and group2—The group5 designation
specifies that IKE should use the 1536-bit Diffie-Hellman prime modulus group when performing the new Diffie-Hellman exchange. To configure the Diffie-Hellman group for an IKE proposal, include the dh-group statement at the
[edit services ipsec-vpn ike proposal proposal-name] hierarchy level:
[edit services ipsec-vpn ike proposal proposal-name] dh-group (group1 | group2| group5);
[Services Interfaces]
Permanent limitation for session-timeout on APPID—If session-timeout is
configured for an APPID application, a session for that application will be cleared once the session-timeout expires. Once the same session is re-created as a new session, it will not be identified by APPID.
[Services Interfaces]
Integrated Multi-Services Gateway (IMSG)The clear services
border-signaling-gateway gateway-name statistics command no longer clears the
active calls counter.
[System Basics and Services Command Reference]
New configuration statements for assigning policies—The following
configuration statements at the [edit services border-signaling-gateway gateway-name
service-point service-point-name service-policies] hierarchy level have been
deprecated and replaced by new statements:
new-call-usage-policies [policy-and-policy-set-names]
new-transaction-policies [policy-and-policy-set-names]
Each statement applied policies to calls or transactions entering at the service point. Each is replaced by statements that explicitly apply policies to transactions or policies entering the service point or exiting from the service point. The new statements are:
new-call-usage-input-policies [policy-and-policy-set-names]
new-call-usage-output-policies [policy-and-policy-set-names]
Changes in Default Behavior and Syntax in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 49
JUNOS 10.1 Software Release Notes
Requirement for client-to-servicer and server-to-client signaturesFor certain
Integrated Multi-Services Gateway (IMSG) maximum number of policies and
new-transaction-input-policies [policy-and-policy-set-names]
new-transaction-output-policies [policy-and-policy-set-names]
[Services Interfaces, System Basics and Services Command Reference]
applications that have signatures for both client-to-server and server-to-client directions, APPID (DAA) needs to see the data packets in both directions on the same session to finish the identification process. For example, for SIP proxy calls, the server may not send the response on the same session (different destination port) and that session will not be identified as application junos:sip.
[Services Interfaces]
policy-related entities per Border Signaling Gateway (BSG)—The following table shows the maximum number of policies and related entities.

Subscriber Access Management

Enabling and disabling DHCP snooping supportYou can now explicitly enable
MaximumEntity
750Policies (total of new call usage and new transaction policies) per BSG
500New call usage policies per BSG
500New transaction policies per BSG
10Policies per service point
100Service points per BSG
20Terms per policy
10,000Terms per BSG
4Total of AND and OR operators in a policy term
[Session Border Control Solutions]
or disable DHCP snooping support on the router. If you disable DHCP snooping support, the router drops snooped DHCP discover and request messages.
To enable DHCP snooping support, include the allow-snooped-clients statement at the [edit forwarding-options dhcp-relay overrides] hierarchy level. To disable DHCP snooping support, include the no-allow-snooped-clients statement at the
[edit forwarding-options dhcp-relay overrides] hierarchy level. Both statements are
also supported at the named group level and per-interface level.
In JUNOS Release 10.0 and earlier, DHCP snooping is enabled by default. In release 10.1 and later, DHCP snooping is disabled by default.
[Subscriber Access]
50 Changes in Default Behavior and Syntax in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Changes in Default Behavior and Syntax in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
RADIUS interim accounting—When subscriber management receives the
RADIUS Acct-Interim-Interval attribute (attribute 85), RADIUS interim accounting is performed based on the value in the attribute. The router uses the following guidelines:
Attribute value is within the acceptable range (10 to 1440
minutes)Accounting is updated at the specified interval.
Attribute value of 0No RADIUS accounting is performed.
Attribute value is less than the minimum acceptable value (10
minutes)Accounting is updated at the minimum interval.
Attribute value is greater than the maximum acceptable value (1440
minutes)Accounting is updated at the maximum interval.
In previous releases, a RADIUS attribute set to zero (0) prevented subscribers from connecting.
[Subscriber Access]

User Interface and Configuration

Support for accounting is restricted to events and operations on a master
Restriction on the usage of the annotate command in the configuration hierarchyThe JUNOS Software supports annotation of the configuration using
the annotate command up to the last level in the configuration hierarchy. However, annotation of the configuration options or statements within the last level in the hierarchy is not supported. For example, in the following sample configuration hierarchy, annotation is supported up to the level 1 parent hierarchy, but is not supported for the metric child statement:
[edit protocols]
isis {
interface ge-0/0/0.0 {
level 1 metric 10;
} }
}
[CLI User Guide]
Routing Engine—Starting with JUNOS Release 9.3, accounting for backup Routing Engine events or operations is not supported on accounting servers such as TACACS+ or RADIUS. Accounting is only supported for events or operations on a master Routing Engine.
[CLI User Guide]
Options added to the show arp command—The vpn and logical-system options have been added to the show arp command.
[System Basics Command Reference]
Change in range of the saved-core-files configuration statement—The range of the saved-core-files configuration statement at the [edit system] hierarchy level has been revised from 1 through 64, to 1 through 10.
Changes in Default Behavior and Syntax in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 51
JUNOS 10.1 Software Release Notes

VPNs

Mirroring IRB packets as Layer 2 packets (MX Series router)If you associate
Layer 2 circuits, call admission control (CAC), and bypass LSPsYou can now
[System Basics]
an IRB with the bridge domain (or VPLS routing instance), and also configure within the bridge domain (or VPLS routing instance) a forwarding table filter with the port-mirror or port-mirror-instance action, then the IRB packet is mirrored as a Layer 2 packet. You can disable this behavior by configuring the
no-irb-layer-2-copy statement in the bridge domain (or VPLS routing instance).
[MX Series Layer 2 Configuration]
configure CAC on Layer 2 circuit-based LSPs with bandwidth constraints and also enable link and node protection. However, if the primary LSP fails, CAC might not be applied to the bypass LSP, meaning that the bypass LSP might not meet the bandwidth constraint for the Layer 2 circuit. To minimize the risk of losing traffic, the Layer 2 circuit continues to use the non-CAC bypass LSP while an attempt is made to establish a new Layer 2 circuit route over an LSP that does support CAC. Previously, the Layer 2 circuit route was deleted if the bypass LSP did not have sufficient bandwidth.
[VPNs]
Service VLANs and the use of vlan-id all statement in a VPLS routing instanceIf you configure the vlan-id all statement in a VPLS routing instance,
we recommend using the input-vlan-map pop and output-vlan-map push statements on the logical interface to pop the service VLAN ID on input and push the service VLAN ID on output and in this way limit the impact of doubly-tagged frames on scaling.
[MX Series Layer 2 Configuration]
Layer 2.5 VPNs support ISO family and MPLS family over TCC (MX Series
routers)—JUNOS Release 8.3 introduced support for M320 and T Series routers. JUNOS Release 10.1 extends support to MX Series routers.
Interfaces supporting TCC (Ethernet, extended VLANs, PPP, HDLC, ATM, and Frame Relay) support ISO traffic and MPLS traffic on Layer 2.5 VPNs. Previously, Layer 2.5 VPNs configured on MX Series routers supported only inet traffic. For a protocol to be supported on a Layer 2.5 VPN, you must configure both ends of the VPN with the protocol configuration. IPv6 is not supported.
To enable ISO or MPLS traffic over TCC, include the mpls or iso statement at the
[edit interfaces interface-name unit logical-unit-number family tcc protocol] hierarchy
level. To display which protocol is supported for an interface, issue the show
interfaces interface-name extensive operational mode command. The protocol is
displayed in the Flags field.
To enable ISO over TCC in cases in which the Ethernet interface is on a customer-edge (CE) router, include the point-to-point statement at the [edit
protocols isis interface interface-name] hierarchy level on the CE router. When
you include this statement, the IS-IS protocol treats the Ethernet interface as point to point, even though the actual interface is a LAN interface.
52 Changes in Default Behavior and Syntax in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Changes in Default Behavior and Syntax in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
The M Series routing platforms continue to support only inet traffic for Layer 2.5 VPNs.
[Network Interfaces, Translational Cross-Connect and Layer 2.5 VPNs Feature Guide, VPNs]
New configuration statement for removing dynamically learned MAC
addresses from the MAC address database—Media access control (MAC) flush processing removes MAC addresses from the MAC address database that have been learned dynamically. With the dynamically learned MAC addresses removed, MAC address convergence requires less time to complete.
In this release, you enable MAC flush processing for the virtual private LAN service (VPLS) routing instance or for the mesh group under a VPLS routing instance by using the mac-flush statement instead of the mac-tlv-receive and
mac-tlv-send statements.
mac-flush [ explicit-mac-flush-message-options ];
To clear dynamically learned MAC addresses globally across all devices participating in the routing instance, you can include the statement at the following hierarchy levels:
[edit logical-systems logical-system-name routing-instances routing-instance-name protocols vpls]
[edit routing-instances routing-instance-name protocols vpls]
To clear the MAC addresses on the routers in a specific mesh group, you can include the statement at the following hierarchy levels:
[edit logical-systems logical-system-name routing-instances routing-instance-name protocols vpls mesh-group mesh-group-name]
[edit routing-instances routing-instance-name protocols vpls mesh-group mesh-group-name]
NOTE: The mac-tlv-receive and mac-tlv-send statements were removed from Release 10.0 of the JUNOS Software and are no longer visible in the [edit
logical-systems logical-system-name routing-instances routing-instance-name protocols vpls]
and [edit routing-instances routing-instance-name protocols vpls] hierarchy levels. Although the mac-tlv-receive and mac-tlv-send statements are recognized in the current release, they will be removed in a future release. We recommend that you update your configurations and use the mac-flush statement.
To also configure the router to send explicit MAC flush messages, you can include
explicit-mac-flush-message-options with the statement:
any-interface—(Optional) Send a MAC flush message when any
customer-facing attachment circuit interface goes down.
any-spoke—(Optional) Send a MAC FLUSH-FROM-ME flush message to all
provider edge (PE) routers in the core when one of the spoke pseudowires between the multitenant unit switch and the other network-facing provider
Changes in Default Behavior and Syntax in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 53
JUNOS 10.1 Software Release Notes
NOTE: This option has a similar effect in a VPLS multihoming environment with multiple multitenant unit switches connected to NPE routers, where both multitenant unit switches have pseudowires that terminate in a mesh group with local-switching configured. If the any-spoke option is enabled, then both PE routers send MAC FLUSH-FROM-ME flush messages to all PEs in the core.
Related Topics New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
edge (NPE) router goes down, causing the multitenant unit switch to switch to the this NPE router.
propagate—(Optional) Propagate MAC flush to the core.
[VPNs]
on page 6
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers on
page 54
Errata and Changes in Documentation for JUNOS Software Release 10.1 for M
Series, MX Series, and T Series Routers on page 94
Upgrade and Downgrade Instructions for JUNOS Release 10.1 for M Series, MX
Series, and T Series Routers on page 98

Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

The current software release is Release 10.1R3. For information about obtaining the software packages, see Upgrade and Downgrade Instructions for JUNOS Release
10.1 for M Series, MX Series, and T Series Routers on page 98.
Current Software Release on page 54
Previous Releases on page 73

Current Software Release

Outstanding Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Class of Service
On MX Series routers with Enhanced DPCs, bandwidth sharing between two
schedulers, one with high and the other with strict-high priority, might not be as expected when the schedulers are oversubscribed. That is, only one queue can use all of the excess bandwidth. This issue occurs when the schedulers are configured on logical interfaces. [PR/265603]
54 Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Forwarding and Sampling
High Availability
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
When a logical interface set has a shaping-rate less than the sum of the
transmit-rates of its queues and when the configuration is corrected so that the logical interface set gets the right shaping-rate, ADPC might crash. [PR/523507]
The numerical values configured for the ip-options match criteria on a firewall
filter matches any ip-options no matter what is specified. [PR/516778]
The SSH keys are not in sync between the master and backup Routing Engine
when SSH is enabled after a graceful Routing Engine switchover (GRES). [PR/455062]
When an ISSU upgrade is performed to or from JUNOS Releases 9.6R3 or 10.0R2,
the logical interface and logical interface sets that have traffic control profiles configured on them will be affected. [PR/491834]
Interfaces and Chassis
For Automatic Protection Switching (APS) on SONET/SDH interfaces, there are
no operational mode commands that display the presence of APS mode mismatches. An APS mode mismatch occurs when one side is configured to use bidirectional mode, and the other side is configured to use unidirectional mode. [PR/65800]
The output of the show interfaces diagnostics optics command includes the "Laser rx power low alarm" field even if the transceiver is a type (such as XENPAK) that does not support this alarm. [PR/103444]
On the M120 router, hot swapping the fan tray might cause the Check CB alarm to activate. [PR/268735]
On the JCS1200 platform, when you issue the clear -config -T switch[1] command using the management module, the switch module returns to its factory default setting instead of the Juniper Networks default setting. As a workaround, do not issue the command. [PR/274399]
On the Juniper Control System (JCS) platform, the control and management
traffic for all Routing Engines shares the same physical link on the same switch module. In rare cases, the physical link might become oversubscribed, causing the management connection to Protected System Domains (PSDs) to be dropped. [PR/293126]
On a Protected System Domain (PSD) configured with a large number of BGP
peers and routes (for example, 5000 peers and 1,000,000 routes), FPCs might restart during a graceful Routing Engine switchover (GRES). [PR/295464]
as container interfaces and the Routing Engine on one router reboots, the container interfaces on the other router might go down and come up again. [PR/302757]
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 55
JUNOS 10.1 Software Release Notes
The MX DPC might reboot with the error message: "EZ:
The bridge-domain MAC learn limit on the Packet Forwarding Engine can
Due to a larger number of components on the Neo board, it takes more time to
When lockout is configured and the router is rebooted, the working router is
On restart with a large-scale configuration (16K IFLs per MPC), the
ezchip_get_srh_msg_from_srhq". [PR/310223]
sometimes become negative if the bridge domain is deleted and added immediately as part of a configuration change. If that happens, the MAC learning on that bridge domain can be affected. As a workaround, deactivate and activate the bridge domain or VPLS routing instance configuration. [PR/467549]
boot up than a comparable MX Series boards. [PR/468665]
stuck in the wait-to-restore state while the protect router still shows channel state working and no requests, but no longer shows the lockout flag. [PR/474482]
MPC-3D-16XGE-SFPP card may take up to 15 minutes to come up. [PR/478548]
If a firewall show command is followed by the clear command in a very quick succession, there is a possibility that the show command will time out. If the
show command is issued after a few seconds (5 seconds ideally), this issue will
not be seen. [PR/479497]
When an IQ2 PIC is brought online with a class-of-service configuration that
includes a scheduler using the rate-limit options, the system incorrectly reports that rate limiting is not supported on the PIC. [PR/482199]
With JUNOS Releases 10.0 and 10.1, Trio DPCs do not support more than 31
remote PEs in a VPLS instance. Also, they do not support more than 31 AE bridging logical interfaces in a bridge domain. [PR/488139]
If a T640-FPC4-ES is installed in a T1600 router and an SIB statistics collection
is performed, the message log might report "JBUS: U32 read error, client .." only if one of the SIBs is faulted or in the offline state. This system log message will also appear if the T640-FPC4-ES FPC is removed from the chassis. There is no operational impact. [PR/504363]
On an M20 router with AC PEMS, the alarm message Power Supply x not
providing power is generated when the power cord is removed. The alarm is not cleared when the power cord is reconnected. [PR/506413]
When trigger hold timer UP/DOWN values for a defect condition is configured
or changed from the CLI, the up or down timer for the defect is started, based on the current defect condition in the hardware. If the timer value is large enough and the defect condition is changed in the hardware when the timer is still running, a new defect will be reflected in the alarms only after the timer has expired. [PR/509890]
When the 1x10GE PIC is brought online, related error messages are seen in the
logs but without any functional impact. [PR/512094]
Under certain conditions, some Packet Forwarding Engines may fail to install
VPN multicast routes when downstream interfaces are RLSQ bundles. [PR/515878]
56 Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Layer 2 Ethernet Services
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
The output of the show chassis environment pem command displays the voltage used in FPC slots 0 through 3, even after the FPC is taken offline. [PR/528821]
If no dot1p classifier is explicitly configured for the logical interface of vid=0,
to accept priority tagged packets, packets without an IP header such as STP will determine the forwarding class based on the priority tag value. [PR/529207]
DHCP packets may not be processed on an auto-sensed VLAN interface if the
DHCP configuration for the interface is performed after the auto-sensed VLAN interface is instantiated. As a workaround, clear the auto-sensed VLAN interface(s) after the DHCP configuration is made for the interface(s). [PR/417958]
On a TX Matrix router, an aggregate bundle composed of member links from
different LCCs has the same slot/PIC/port, and results in duplication of Link Aggregation Control Protocol (LACP) port numbers. For example, a bundle with actor and partner shown below will result in a duplicate LACP port number since ge-0/3/0 and ge-8/3/0 (and similarly ge-1/3/0 and ge-9/3/0) are the same slot/PIC/port but from different LCCs.
Actor Partner ge-0/3/0 ge-1/3/0 ge-8/3/0 ge-9/3/0
On MX960 routers, duplicate LACP port numbers will result in aggregate bundles composed of member links for the same PIC and port on slots (0, 8), (1,9), (2,10), and (3,11). Also, the following sets of ports on any slot will have duplicate LACP port numbers:
PIC 0 port 8 and PIC 1 port (0,8)
PIC 0 port 9 and PIC 1 port (1,9)
PIC 2 port 8 and PIC 3 port (0,8)
PIC 2 port 9 and PIC 3 port (1,9)
NOTE: The duplicate LACP port number described above does not affect the aggregation, but affects the SNMP extracting port information and shows an identical pair of SNMP dot3adAggPortPartnerOperPort and dot3adAggPortActorPort for the above mentioned links of the aggregate bundle.
[PR/526749]
A Spanning Tree Protocol triggered MAC flush might fail if there are frequent
topology changes with a significant number of MAC addresses learned. For multiple Spanning Tree Protocols, restart l2cpd-services to come out of the state, and for the Rapid Spanning Tree Protocol, reboot the corresponding DPC. [PR/529130]
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 57
JUNOS 10.1 Software Release Notes
Network Management
SNMP may stop working after a router reboot, DPC/FPC/MPC restart, or a graceful
MPLS Applications
The routing protocol process may sometimes crash at rsvp_find_lp_tag_route.
Routing Engine switchover. [PR/525002]
The rt column in the output of the show mpls lsp command and the active route counter in the output of the show mpls lsp extensive command are incorrect when the per-packet load balancing is configured. [PR/22376]
[PR/55748]
For point-to-multipoint label-switched paths configured for VPLS, the ping mpls command reports a 100 percent packet loss even though the VPLS connection is active. [PR/287990]
Platform and Infrastructure
while a graceful Routing Engine restart is performed when P2MP LSPs are present. [PR/512890]
During an RSVP local repair process, when a link flaps or the IGP metric changes
along the LSP path, the routing protocol process scheduler slips. [PR/513312]
On T Series routers, a Layer 2 maximum transmission unit (MTU) check is not
supported for MPLS packets exiting the routing platform. [PR/46238]
When you configure a source class usage (SCU) name with an integer (for
example, 100) and use this source class as a firewall filter match condition, the class identifier might be misinterpreted as an integer, which might cause the filter to disregard the match. [PR/50247]
If you configure 11 or more logical interfaces in a single VPLS instance, VPLS
statistics might not be reported correctly. [PR/65496]
When a large number of kernel system log messages are generated, the log
information might become garbled and the severity level could change. This behavior has no operational impact. [PR/71427]
In the situation where a Link Services (LS) interface to a CE router appears in
the VPN routing and forwarding table (VRF table) and a fragmentation is required, Internet Control Message Protocol (ICMP) cannot be forwarded out of the LS interface from a remote PE router that is in the VRF table. As a workaround, include the vrf-table-label statement at the [edit routing-instances
routing-instance-name] hierarchy level. [PR/75361]
Traceroute does not work when ICMP tunneling is configured. [PR/94310]
If you ping a nonexistent IPv6 address that belongs to the same subnet as an
existing point-to-point link, the packet loops between the two point-to-point interfaces until the time-to-live expires. [PR/94954]
58 Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
On T Series and M320 routers, multicast traffic with the "do not fragment" bit
is being dropped due to configuring a low MTU value. The router might stop forwarding all traffic transiting this interface if the clear pim join command is executed. [PR/95272]
A firewall filter that matches the forwarding class of incoming packets (that is,
includes the forwarding-class statement at the [edit firewall filter filter-name term
term-name from] hierarchy level) might incorrectly discard traffic destined for the
Routing Engine. Transit traffic is handled correctly. [PR/97722]
The JUNOS Software does not support dynamic ARP resolution on Ethernet
interfaces that are designated for port mirroring. This causes the Packet Forwarding Engine to drop mirrored packets. As a workaround, configure the next-hop address as a static ARP entry by including the arp ip-address statement at the [edit interfaces interface-name] hierarchy level. [PR/237107]
When you perform an in-service software upgrade (ISSU) on a routing platform
with an FPC3 or an Enhanced FPC3 with 256 MB of memory and the number of routes in the routing table exceeds 750,000, route loss might occur. If route loss occurs, as a workaround, perform either of the following tasks:
Replace the FPC3 or Enhanced FPC3 with another FPC that has more
memory, or
After the ISSU is complete, reboot only the FPC3 or Enhanced FPC3.
[PR/282146]
For Routing Engines rated at 850 MHz (which appear as RE-850 in the output of the show chassis hardware command), messages like the following might be written to the system log when you insert a PC Card: bad Vcc request and Device does not support APM. Despite the messages, operations that involve the PC card work properly. [PR/293301]
On a Protected System Domain, an FPC might generate a core file and stop
operating under the following conditions:
A firewall policer with a large number of counters (for example, 20,000) is
applied to a shared uplink interface, and
The FPC that houses the interface does not have a sufficiently powerful CPU.
As a workaround, reduce the number of counters or install a more powerful FPC. [PR/311906]
When a CFEB failover occurs on an M10i or M7i router that has had 4000 or
more IFLs, the following message appears:
IFRT: 'IFD ioctl' (opcode 10) failed ifd 153; does not exist IFRT: 'IFD Ether autonegotiation config' (opcode 163) failed
The message has no operational impact. When the backup CFEB becomes the active CFEB, the message will not display. [PR/400774]
In some cases, the alarms displayed in FPM and the alarms shown using the
show chassis alarms sfc 0 command mismatch. [PR/445895]
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 59
JUNOS 10.1 Software Release Notes
The VPN label does not get pushed on the label stack for Routing
On restarting with a large-scale configuration (16,000 logical interfaces per MPC),
Swapping out eight FPC cards and replacing them with a different FPC type
The tty sessions to a router can cause a null pointer de-reference. [PR/502816]
The TTL for a GRE-encapsulated IPv6 packet malfunctions as the TTL on the wire
In a setup with two VPN routing and forwarding tables (VRFs) of a provider edge
The SFC management interface em0 is often displayed as fxp0 in several warning messages. [PR/454074]
Engine–generated traffic with l3vpn-composite-next-hop activated. As a workaround, configure per-packet load balancing to push the VPN/tunnel labels correctly. [PR/472707]
the MPC-3D-16XGE-SFPP card may take up to 15 minutes to come up. [PR/478548]
causes the kernel to crash when the last FPC is powered on. [PR/502075]
is one less than the CLI-configured tunnel TTL. [PR/506454]
connected to different customer edges and auto-export configured, when a ping is executed from a customer edge to a provider edge interface in the other VRF , the Internet Control Message Protocol reply returns the source interface IP of the provider edge that is connected directly instead of the interface IP of the other VRF provider edge. [PR/510834]
Under certain conditions, traffic flow through an RLSQ bundle can be dropped
Asp_ifl_update messages may be seen on routers running Junos OS Release 10.0
Routing Policy and Firewall Filters
If a routing protocol running an MSDP receives an SA that is filtered via the MSDP
The following features are not supported in a 12-16x10G DPC:
after it is removed and added back to a VPN routing and forwarding table (VRF). [PR/518170]
and above. Ignore these messages as they do not impact functionality. [PR/532648]
import policy, it will still create a forwarding entry if it subsequently receives a (*,G) join for that group. [PR/63053]
Known unicast and unknown unicast types in the input match condition
'Traffic-type' in a family bridge/VPLS
The following match conditions do not work:
learn-vlan-1p-priority
learn-vlan-1p-priority-except
learn-vlan-id
learn-vlan-id-except
user-vlan-1p-priority
user-vlan-1p-priority-except
60 Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
user-vlan-id
user-vlan-id-except
VPLS flood FTF and input FTF
Simple filters
Filter action 'then ipsec-sa'
Filter action 'then next-hop-group'
Mac-filter output accounting and output policing
[PR/466990]
When a firewall loopback filter exists and the default term is discard, the multicast
forwarding cache entries will be created since the resolve request is dropped at the Packet Forwarding Engine level. As a workaround, add an additional term to accept the multicast destination address 224/4. [PR/531787]
Routing Protocols
When you configure damping globally and use the import policy to prevent
damping for specific routes, and a new route is received from a peer with the local interface address as the next hop, the route is added to the routing table with default damping parameters, even though the import policy has a non-default setting. As a result, damping settings do not change appropriately when the route attributes change. [PR/51975]
When you issue the show ldp traffic-statistics command, the following system log message might be generated for all forwarding equivalence classes (FECs) with an ingress counter set to zero: "send rnhstats GET: error: ENOENT Item not found." [PR/67647]
If ICMP tunneling is enabled on the router and you configure a new logical system
that does not have ICMP tunneling enabled, the feature is globally disabled. [PR/81884]
The keepalive timeout counter for multicast sessions may not display after you deactivate and activate the pim protocol. This is a cosmetic issue and there is no interruption to the multicast traffic flow. [PR/419509]
Setting the advertise-high-metric option while using IS-IS overload also suppresses route leaking. [PR/419624]
On JUNOS OSPF, all locally generated Type 5 LSAs are purged and regenerated
while deleting an NSSA area from the area border router (ABR). [PR/457579]
When aggregate interfaces are used for VPN applications, load balancing may
not occur with a Layer 2 circuit configuration. [PR/471935]
During transient periods where both a secondary and primary LSP exist in a
routing table, and the number of LSP NHs is greater than 16 in a multigateway scenario, IS-IS may remove the preferred LSP NH. For example, IS-IS could remove an HIPRI LSP. [PR/485748]
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 61
JUNOS 10.1 Software Release Notes
The Juniper Networks rendezvous point (RP) does not process PIM Register
When a PPMD delegation of BFD sessions is configured over AE interfaces,
The BGP BMP message for IPv6 withdraw encoding does not follow the BMP-draft.
When an interface comes up after a down event, and LDP-IGP sync is configured
When an IGMP snooping host interface goes down, mcsnoopd does not update
messages from a first-hop router in an IPv6 embedded RP group when the Register message does not have the null-bit set. [PR/486902]
graceful Routing Engine switchover and NSR do not work. [PR/505058]
[PR/512780]
for that interface, OSPF does not include the interface in its LFA calculations while the interface is in LDP Sync hold-down state. [PR/515482]
to which the route is readvertised, the next hop is errorneously set to the peer's address instead of the next hop to self. [PR/533647]
the affected nexthops for the statically configured groups. When the interface comes back up, the affected nexthops remain in the inconsistent state leading to traffic outage. As a workaround, restart the mcsnoopd process. [PR/536109]
Services Applications
The show services accounting flow-detail extensive command sometimes displays incorrect information about input and output interfaces. [PR/40446]
When a routing platform is configured for graceful Routing Engine switchover
(GRES) and Adaptive Services (AS) PIC redundancy, and a switchover to the backup Routing Engine occurs, the redundant services interface (rsp-) always activates the primary services interface (sp-), even if the secondary interface was active before the switchover. [PR/59070]
will take longer due to an increase in the number of echo request retries. [PR/250640]
When the Border Signaling Gateway (BSG) configuration contains a policy that
has a term with regular expressions, configuration changes might not take effect immediately after the commit process is complete. In most cases, the new policy takes effect immediately. However, complex policies may take longer to take effect depending on how many regular expressions they contain.
For example, if you have a term with four regular expressions, configuration changes do not take effect until 50 seconds after you receive the message that the commit process is complete. This behavior occurs whether you have a list or regular expressions (for example, regular-expression [sip:88824.* sip:88821.* sip:88822.sip:88823.*]), or you group regular expressions using the | symbol (for example, "sip:88821.*|sip:88822.*|sip:88823.*|sip:88824.*").
The time taken for the software to apply the configuration changes increases exponentially with the number of regular expressions in your configuration. [PR/448474]
When a standard application is specified under the [edit security idp idp-policy
policy-name rulebase-ips rule rule-name match application] hierarchy level, the IDP
62 Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
In the export version of the JUNOS Software, the signature download does not
L2tpd asserts when short length frames are sent. This causes the l2tpd to crash.
Subscriber Access Management
For a dynamic PPPoE interface in which the subscriber is assigned to a
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
does not detect the attack on the non-standard port (for example, junos:ftp on port 85). [PR/477748]
work for AppID and IDP features in the Dynamic Application Awareness (DAA) suite. In order to resolve this, install the Crypto software suite. [PR/499395]
As per RFC 1661 and 1662, such packets should be treated as invalid and discarded. [PR/533057]
The revert-interval value configured in the [edit access profile] hierarchy level is ignored. [PR/454040]
attribute (type 49). [PR/458034]
non-default routing-instance (via the LSRI-Name or redirect-LSRI-Name RADIUS VSAs), the IP address assigned to the subscriber must be specified via the framed-ip-address RADIUS attribute. An IP address can not be allocated from a local pool defined in the assigned routing-instance, either when RADIUS returns no address attributes or when the RADIUS framed-pool attribute is returned. [PR/471677]
User Interface and Configuration
Deletion of configuration groups cannot be prevented with the allow-configuration
On M20 routers, after a Routing Engine mastership switchover, it might not be
The JUNOScript perl module for NETCONF does not support configuration-text.
"Local Password:" is prompted even though the authentication order has the
The destination and destination-profile options for address and unnumbered-address within the family inet and inet6 are allowed to be specified within a dynamic profile, but are not supported. [PR/493279]
When the allow-command show interfaces $ is set in the class definition (specified inside a user configuration), the user is unable to access any commands that begin with show. [PR/55413]
and deny-configuration statements. [PR/59187]
possible to enter CLI configuration mode on the new master Routing Engine. Also, the request system reboot and request system halt commands do not clearly fail but do not return the CLI prompt either. [PR/64899]
[PR/82004]
password configured. [PR/94671]
When the CLI screen length is set to zero and the show log command is used, the more prompt ignores the CLI screen length of zero, and only a fraction of the number of lines is displayed. [PR/103595]
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 63
JUNOS 10.1 Software Release Notes
The logical system administrator can modify and delete master administrator-only
The user can still commit an invalid configuration successfully, even when DDL
After AI scripts are added, the existing management sessions (including the one
configurations by performing local operations such as issuing the load override,
load replace, and load update commands. [PR/238991]
The replace: tag is missing from the output of the save terminal command from inside a configuration object.
Example:
edit system save terminal system { host-name blue; }
[PR/269736]
checks exist. [PR/282896]
used to add the AI scripts) must exit the edit mode and reenter it for any subsequent configuration changes to take effect. Changes made in these existing
edit sessions are not written to the candidate configuration. [PR/297475]
A user class configuration with a deny command ".*" returns a .noop error when
the Return key is pressed on the routers CLI. As a workaround, replace "^$" with "^.noop-command$" in allow regex, i.e., allow-commands "(show interfaces)|(show route)|(exit)|(^.noop-command$)";. [PR/311426]
On M Series, MX Series, and T Series routers, the user cannot differentiate
between active and inactive configurations for system identity, management access, user management, and date and time pages. [PR/433353]
Selecting the monitor port for any port in the Chassis Viewer page displays the
common Port Monitoring page instead of the corresponding Monitoring page of the selected port. [PR/446890]
J-Web does not display the USB option under Maintain>Reboot>Reboot from
the media. [PR/464774]
On MX Series routers, J-Web does not display the USB related information under
Monitor>SystemView>System Information>Storage. [PR/465147]
On M7i and M10i routers with Enhanced CFEB installed, the chassis viewer
plug-in does not display the Routing Engine in the front view and the E-CFEB in the rear view. However, the chassis contents from the system (left side tab) display the list of components correctly. [PR/483375]
Using the new-line character \n within op script argument descriptions will cause
the help output to be displayed incorrectly and could result in extra output being displayed when the op script runs. [PR/485253]
In the J-Web interface, the options Access Concentrator, Idle Timeout, and Service
Name for PPPoE logical interfaces are not supported on MX Series routers.
[PR/493451]
On J-Web, the error message: Fatal error: Allowed memory size..." displays
when the Interfaces tab is selected. This message also displays when the Interfaces tab under Class-of-Service is selected. [PR/495825]
64 Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
VPNs
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
The licenses are not synced between the master and backup Routing Engine
unless the system license traceoptions file file-name statement is configured. [PR/501443]
loaded into the router. As a result, the XML parsers break as the characters are not XML compliant. [PR/502994]
The xnm service currently does not support logging of remote-host addresses in
system accounting. [PR/535534]
When you modify the frame-relay-tcc statement at the [edit interfaces
interface-name unit logical-unit-number] hierarchy level of a Layer 2 VPN, the
connection for the second logical interface might not come up. As a workaround, restart the chassis process (chassisd) or reboot the router. [PR/32763]
When you configure inter-AS VPLS with MAC processing at the autonomous
system (AS) boundary router along with multihoming, and if a designated forwarding AS boundary router fails and then comes back up again, traffic flowing to the local AS from the other ASs boundary router might be lost. The loss occurs in the time period (tenths of a second) during which the old designated forwarding AS boundary router is taking back the role of designated forwarder. [PR/312730]
On a router configured for nonstop active routing (NSR) (the nonstop-routing statement is included at the [edit routing-options] hierarchy level), if a nonstop active routing switchover occurs after the configuration for routing instances changes in certain ways, the BGP sessions between PE and CE routers might not be established after the switchover. [PR/399275]
On MX Series, M120, and new EIII FPCs on M320 routers, the ISO/Connectionless
Network Service (CLNS) packets over the translational cross-connect (TCC) are dropped in the case of Frame Relay, even though the family TCC has been configured to switch family iso on the Frame Relay interface. [PR/462052]
In vlan-tagging, stacked-vlan-tagging, and flexible-vlan-tagging modes, untagged packets or mismatching Tag Protocol ID (TPID) packets may be dropped. These dropped packets are not accounted for and are not visible in the CLI. This issue is specific to the 10-port 10-Gigabit Oversubscribed Ethernet (OSE) PICs. [PR/496190]
Under certain topologies, using NG-MVPN with the RPT-SPT mode can cause
traffic to be discarded from the RPT before the traffic starts flowing from the SPT when the RPT is switched to SPT. [PR/529518]
If a VRF routing instance contains a static route that is resolved via a route that
was auto-exported from another routing instance, the static route may not be removed when the physical interface goes down. [PR/531540]
When a CE-facing interface in a VPLS instance is deactivated, the routing protocol
process may get into a loop leading to a high CPU utilization. [PR/531987]
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 65
JUNOS 10.1 Software Release Notes
Resolved Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Class of Service
When you set the port speed of a multirate SONET Type 2 PIC to OC3, the
If a logical interface is configured or added to an interface set for which an
On an Ichip-based platform for strict high priority queue (SHQ), the buffer size
class-of-service (CoS) speed value is not changed correctly within the Packet Forwarding Engine. The speed value remains OC12, which results in unexpected CoS behavior. There is no workaround. [PR/279617: This issue has been resolved.]
existing traffic control profile is applied, any rate-limit functionality will not be applied to the new logical interface. To resolve this problem, deactivate and activate the interface portion of the class-of-service configuration. [PR/485872: This issue has been resolved.]
allocated by the Packet Forwarding Engine is capped by the tx-rate. If the tx-rate is configured to a very small value or is not configured, and is automatically allotted a zero or a very small remaining value; the queue is also allotted a proportionately small delay buffer. This can sometimes lead to Red and Tail drops on the SHQ when there is a burst of traffic (with a certain traffic pattern) on it. As a workaround, configure a nominal tx-rate value (5 percent) for the SHQ. [PR/509513: This issue has been resolved.]
Forwarding and Sampling
On M Series and T Series routers, the forwarding class information is lost when
the packet enters the GRE tunnel with clear-dont-fragment-bit enabled. Additionally, on an Enhanced FPC or M120 FEB, the packet is also likely to be dropped if it is classified to a packet loss priority (PLP) other than low. [PR/514162: This issue has been resolved.]
In a scaled configuration, the class-of-service classifier does not work properly.
[PR/522840: This issue has been resolved.]
Policers cannot be modified after a system upgrade due to a flaw in the parser
routine. This error occurs when the current item is deleted and the parser cannot proceed to the next item. With the fix, the routine in the forwarding process (dwfd) has been modified so that the next item in the object tree is fetched before the current object is parsed. [PR/433418: This issue has been resolved.]
When an unified ISSU is performed for JUNOS Release 10.0 through 10.2, the
T640-FPC4-ES crashes continuously. [PR/518301: This issue has been resolved.]
When a filter with an ip-options "any" firewall match is applied on an interface
on the MX-MPC, the filter is not applied. If the hardware is present at the time of the configuration commit, a commit warning is issued. However, the commit does not fail and the rest of the configuration is applied. [PR/524519: This issue has been resolved.]
On T640 and T1600 routers with ST chipset FPCs, in some cases when the IPv6
firewall filters with match conditions configured on address prefixes is longer than 64 bits, the filter may not be evaluated correctly. This might lead to loss of packets. [PR/524809: This issue has been resolved.]
66 Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Interfaces and Chassis
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
When forwarding-options is configured without route-accounting, commit goes
through with the message, "Could not retrieve the route-accounting." However, no functionality is affected. [PR/312933: This issue has been resolved.]
The backup Routing Engine can fail to obtain mastership in the following cases:
re0 gets stuck and doesn't reboot.
Due to a hardware problem, re0 looses its connectivity with both the Control
Board and the Packet Forwarding Engine.
[PR/405412: This issue has been resolved.]
On MX Series routers, traffic is forwarded over the backup link even after the
primary link is disabled and enabled again. [PR/493861: This issue has been resolved.]
When link trace entries are added in the path database, there is no check to
determine if the current number of entries have reached the path database size. Because of this, the entries may grow to be greater than the path database size (configured or default). [PR/494584: This issue has been resolved.]
Under certain circumstances a backup Routing Engine reboot followed by a
Routing Engine failover can cause the LACP to flap, which causes AE bundles to flap. [PR/502937: This issue has been resolved.]
On MX Series routers with JUNOS Release 10.0R2 or higher, the backup Routing
Engine might report the following warning message upon commit once network service is configured under the chassis stanza: "WARNING: network services flag has been changed, please reboot system." [PR/505690: This issue has been resolved.]
The Routing Engine on slot 1 takes mastership regardless of the user-configured Routing Engine mastership priority. [PR/507724: This issue has been resolved.]
When the show chassis hardware models command or the show chassis hardware
| display xml command is used, the FRU part-number 710-013035 displays the
model number T1600-FPC3-ES instead of T640-FPC3-ES. [PR/514072: This issue has been resolved.]
When the show chassis hardware models or show chassis hardware | display xml command is issued for M320-FPC*-E3 with part-numbers 710-025464, 710-025853, and 710-025855, the model number does not display correctly. [PR/514074: This issue has been resolved.]
traffic rate values with smaller packet sizes occur when the show interface command is issued. [PR/514330: This issue has been resolved.]
The output of the show chassis hardware command may not display the SIB details when the SIB is inserted in the slot. [PR/515789: This issue has been resolved.]
On some XENPAK modules, the output of the show chassis hardware command shows the message "NON-JNPR UNKNOWN" when the FPC is booted. There is
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 67
JUNOS 10.1 Software Release Notes
On an M120, M7i, or M10i router with Enhanced CFEB running JUNOS Release
When a Frame Relay interface goes down, the interface statistics might still
When the configuration of shaping and scheduling is added or removed from
On IQ2 and IQ2E 10GE PICs operating in WAN-PHY mode, the path trace
When the centralized configuration management (CCM) interval is set to 1m or
no impact on the traffic. To solve this issue, take the PIC offline and bring it back online. [PR/516411: This issue has been resolved.]
10.0 and a VRF routing instance configured with vrf-table-label, the VPN traffic might not flow when an ATM II IQ PIC is used for a core-facing link. [PR/516485: This issue has been resolved.]
indicate that the data-link connection identifier (DLCI) is active. [PR/516497: This issue has been resolved.]
the CLI, the traffic from the other PE routers is lost. [PR/517320: This issue has been resolved.]
information does not get transmitted to the remote end. [PR/518331: This issue has been resolved.]
above, the CCM flaps for an incorrect hold_time adjacency entry. [PR/520064: This issue has been resolved.]
Layer 2 Ethernet Services
Network Management
The CE_SUPPORT-DCD crashes when a commit is performed. [PR/521380: This issue has been resolved.]
When one of two Ethernet connections to another Routing Engine is not present,
the mastership is not switched. [PR/521833: This issue has been resolved.]
When multiple routed IPsec tunnels are configured, and the tunnel with the
inside-service-interface defined in the service-set goes down, the other tunnels with the ipsec-inside-interface configured only in the IPsec rules can stop forwarding traffic until the main tunnel comes back up. [PR/524935: This issue has been resolved.]
When M120 Type 1 FPCs are configured for 2:1 FPC:FEB mapping, and one of
the FPCs restarts, the restarting FPC might not initialize properly and result in a small percentage of packet loss for all interfaces on that FPC. As a workaround, restart the FPC until the problem stops. [PR/529994: This issue has been resolved.]
The bpdu-block-on-edge configuration may not work properly when the interface is configured as 'edge' under the [edit protocols vstp vlan vlan-id interface
interface-name] hierarchy level. [PR/522198: This issue has been resolved.]
After an LCC switchover, the SNMP process fails to send traps with resource
temporarily unavailable errors. [PR/493385: This issue has been resolved.]
Memory leaks might occur on the mib2d. [PR/517565: This issue has been
resolved.]
68 Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
MPLS Applications
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
The SNMP MIB OID tree under dot3adAggPort fails. This issue may occur when
virtual LAN tagging is not configured on the AE interface, and if the mib2d process is restarted using the restart mibprocess command. [PR/528555: This issue has been resolved.]
A targeted LDP neighbor may remain up with an old IP address that was
previously in use with the loopback address on the remote neighbor. This may happen when either of the following is performed on the remote neighbor:
A secondary loopback (lower than the current primary) address is added
and no primary keyword is associated with either of these addresses.
A second loopback address is added with the primary keyword.
This results in the targeted LDP neighbor being up with both IP addresses. The neighbor with the old address may continue to remain up even after the old loopback address is deleted on the remote neighbor. This neighborship with the old address eventually times out when the router-id is changed to reflect the new loopback address on the remote neighbor. [PR/518102: This issue has been resolved.]
Platform and Infrastructure
At adjust intervals, the maximum average bandwidth utilization for the LSP
should be reset to zero. MPLS sometimes fails to reset the maximum average bandwidth utilization for the LSP to zero while performing a periodic auto-bandwidth adjustment at the adjust interval. This prevents periodic auto-bandwidth adjustment from adjusting to a lower bandwidth when the traffic rate drops. [PR/528619: This issue has been resolved.]
On M7i routers, kernel panic may occur during route changes. [PR/439420: This
issue has been resolved.]
The configured static NDP entry is cleared automatically after a certain interval.
[PR/453710: This issue has been resolved.]
An invalid IP protocol version is served as a valid version. The JUNOS router
forwards IP packets with version field set to values other than 4 and 6, for example, 11 or any (unassigned). [PR/481071: This issue has been resolved.]
resolved.]
The VPN PIM neighborship over the mt- interfaces may not recover after a
graceful Routing Engine switchover. [PR/511366: This issue has been resolved.]
on the traffic that is on another link in the ECMP path. [PR/513102: This issue has been resolved.]
Under rare conditions, the compressed system-generated routing protocol process
core files might be corrupted. As a workaround, disable the compression using sysctl kern.compress_user_cores. [PR/513193: This issue has been resolved.]
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 69
JUNOS 10.1 Software Release Notes
Setting the TCP maximum segment size (MSS) may not change the actual MSS
On M120 and MX Series routers, when an AE interface (with LACP enabled) is
When IGMP snooping is enabled, a multicast traffic drop might occur if an IGMP
On some M, MX, and T Series routers, when a firewall filter is applied on the
value. [PR/514196: This issue has been resolved.]
used as a core-facing interface for L3VPN, non-MPLS traffic received on the AE interface can sometimes get black-holed. To recover from this state, deactivate and activate the AE interface in the configuration. [PR/514278: This issue has been resolved.]
join or leave occurs on other interfaces. [PR/515420: This issue has been resolved.]
When the primary link flaps with the route-memory-enhanced statement enabled, jtree might get corrupted and traffic forwarding is affected. As a workaround, deactivate the route-memory-enhanced statement under the chassis stanza. Changes to the route-memory-enhanced statement take effect only when Packet Forwarding Engine is rebooted. [PR/517919: This issue has been resolved.]
egress of an aggregate interface, packet loss may occur after adding, removing, or changing the service configuration on the egress side of the aggregate interface. As a workaround, deactivate and activate the output firewall filter on the aggregate interface. [PR/517992: This issue has been resolved.]
When container AE interfaces are enabled on JUNOS Release 10.0 or 10.1, the
following message displays when one of the member links flap: CHPJAR1-re0 fpc3 SCHED: %PFE-0: Thread 40 (PFE Manager) ran for 2015 ms without yielding. [PR/518714: This issue has been resolved.]
When the destination class usage (DCU) is configured with unicast reverse path
filter (uRPF) and egress forwarding-table filter within the VRF, a VPN route flap might trigger a jtree memory leak. [PR/521609: This issue has been resolved.]
No NA packets are returned for NS requests with a static NDP, due to an issue
with the neighbor advertisement implementation for statically configured neighbors. [PR/527779: This issue has been resolved.]
On some routers, enabling IP-payload-based load balancing for MPLS packets
can cause some pseudowire packets to be reordered. [PR/528657: This issue has been resolved.]
70 Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Routing Policy and Firewall Filters
On some M, MX, and T Series routers, when a family CCC filter is applied on
Routing Protocols
The backup Routing Engine may generate routing protocol process and kernel
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
multiple interfaces that belong to different L2VPN routing instances, packet loss may occur after the routing instances are deactivated and activated. As a workaround, deactivate and activate the CCC filter on the interfaces. [PR/521357: This issue has been resolved.]
cores if the BGP damping is configured along with nonstop active routing (NSR). [PR/452217: This issue has been resolved.]
routes. However, non-L3VPN routes are also able to use it. [PR/496028: This issue has been resolved.]
Upon a graceful Routing Engine switchover with NSR, the routing protocol process
will crash due to a wrong process for the PIM instance. [PR/503921: This issue has been resolved.]
Nonstop routing (NSR) does not work correctly if an automatic route distinguisher
is used with an L2VPN routing-instance. [PR/513949: This issue has been resolved.]
The output of the show igmp snooping interface command does not display "-snooping," erroneously stating that IGMP itself is not running instead of IGMP-snooping not running. [PR/516355: This issue has been resolved.]
The configured robust count value is not applied on the non-querier router when
it receives a robust count value of 0. It uses the default value (2) instead of the configured value. [PR/520252: This issue has been resolved.]
a switchover. [PR/522036: This issue has been resolved.]
After a graceful restart, the forwarding state of both provider edge routers might
get stuck at the pruned state. However, traffic flow is not affected. [PR/522179: This issue has been resolved.]
When an l2circuit ID greater than 2,147,483,647 is configured, and l2circuit
tracing is enabled using the set protocols l2circuit traceoptions command, some of the trace messages provide the wrong value (a negative number) for the virtual circuit ID. [PR/523492: This issue has been resolved.]
The tag_encoder is unable to handle attempts to stack EXPLICIT_V6_ NULL (label
2) over an existing stack with label 2 on top. Additionally, the BGP module does not send label 2 when readvertising a prefix from an inet6 unicast session to a inet6 labeled-unicast session. [PR/523824: This issue has been resolved.]
On TX Matrix routers, the router can drop the PIM hello messages before a join
is triggered by the neighbor. This can cause multicast traffic to be dropped before the next periodic join. [PR/529408: This issue has been resolved.]
When the labeled-unicast inet6 route is reflected by route reflectors, the label
might be set to explicit-null. [PR/534150: This issue has been resolved.]
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 71
JUNOS 10.1 Software Release Notes
Services Applications
A performance-related issue may occur when the IDP plug-in is enabled. The
The IPv6 gateway may have a NULL value when the destination address points
NAT over FTP fails when it receives a SERVER 227 code string "Entering passive
Subscriber Access Management
BFD sessions and other protocol adjacencies configured with low hello or dead
connection per second for HTTP (64 bytes) with AACL, AI, and IDP (with Recommended Attacks group) plug-ins has been downgraded to 7.6K through
7.9K per second. [PR/476162: This issue has been resolved.]
to an aggregated next hop. [PR/516058: This issue has been resolved.]
mode" in lowercase. [PR/522029: This issue has been resolved.]
timers over an aggregate or IRB interfaces might flap upon configuration commit when the dhcp-local-server or dhcp-relay is used. [PR/507428: This issue has been resolved.]
User Interface and Configuration
If the time zone is set to Europe/Berlin, the command commit at "time-string"
Navigation from Monitor RIP Information page to the Route Information page
VPNs
While upgrading JUNOS Software with l2circuit configuration underthe logical
The routing protocol process crashes repeatedly on the new master, a few minutes
to view permission only when they log in through TACACS. [PR/388053: This issue has been resolved.]
will fail. [PR/483273: This issue has been resolved.]
The group inherited configuration under the interface-range hierarchy level does not take effect. [PR/522872: This issue has been resolved.]
fails with errors. [PR/536255: This issue has been resolved.]
systems, the validation might fail with an "interface version mismatch" error. You can ignore this error and upgrade the JUNOS Software using the no-validate option. [PR/497190: This issue has been resolved.]
after a graceful Routing Engine switchover (GRES). [PR/527465: This issue has been resolved.]
72 Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Class of Service
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

Previous Releases

Release 10.1R2
The following operations may result in large incorrect queue statistics on IQ2
interfaces:
When the IQ2 PIC is restarted, or the interface is deactivated and reactivated,
while traffic is on and the configuration defines a high priority queue on the interface.
When the high priority queue number is changed under the class-of-service
configuration while traffic is on.
[PR/489049: This issue has been resolved.]
Forwarding and Sampling
The type-of-service (ToS) bits get truncated for IPv6 packets on a service PIC.
[PR/510193: This issue has been resolved.]
While the JUNOS Software adopts random as its sampling algorithm, the
SAMPLING_ALGORITHM in the jflowv9 template shows 0x01 (deterministic) instead of 0x02 (random). [PR/438621: This issue has been resolved.]
A JUNOS Software compiler bug in the match combination optimization could
cause an incorrect firewall filter evaluation. [PR/493356: This issue has been resolved.]
When the MS PIC used for an RLSQ interface resides on an E3 FPC (M320), traffic
might stop flowing across the RLSQ interface after the policer on the interface is deactivated. [PR/498069: This issue has been resolved.]
When a Layer 2 policer is configured under a logical interface having multiple
families configured under it, and the policer is changed to another, the newly configured policer might not take effect unless the policer configuration is deactivated and reactivated. [PR/501726]
When a filter group is configured on an interface residing on an ES FPC, the
rpf-check configured on that interface will not function correctly. As a workaround, deactivate the configured filter group. [PR/503609: This issue has been resolved.]
On configuring a three-color-policer, a dfwc core file is generated. [PR/509742:
This issue has been resolved.]
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 73
JUNOS 10.1 Software Release Notes
Interfaces and Chassis
The following messages are displayed on both the primary and secondary RLSQ
CFMD might crash when the following are configured and commited at once on
If virtual tunnel PICs and ingress traffic manager is enabled on the same Packet
MS 500 PICs: SCHED: %PFE-0: Thread 7 ran for x ms without yielding," "Scheduler Oinker." [PR/286357: This issue has been resolved.]
a VPLS setup:
Encapsulation VLAN-VPLS on a physical and logical interface
Family VPLS on a logical unit
Interface is added in the VPLS routing instance
As a workaround, add the above configurations one at a time and commit. [PR/440108: This issue has been resolved.]
Forwarding Engine/PIC on an EQ DPC, then the SNMP walk of the interface may time out. [PR/458565: This issue has been resolved.]
In some cases during the periodic error status monitoring, error messages such
as Wi seg ucode discards in fabric stream may be displayed on adjacent streams. These messages are cosmetic and can be ignored. [PR/481344: This issue has been resolved.]
When loopback is configured on t3 under ct3, t1 under ct1, or e1 under ce1, no
error syslog message is logged. Additionally, the show interface extensive command on the t3/t1/e1 displays "loopback" even though it is not actually applied. [PR/486424: This issue has been resolved.]
The DPC remains in the ready state and the demux0 interface remains in a down
state after a chassisd restart without graceful Routing Engine switchover (GRES) enabled. [PR/492961: This issue has been resolved.]
The AE logical interface flaps when the PIC that has the active link-protection
member link is taken offline. [PR/493492: This issue has been resolved.]
The No Redundant Config alarm that occurs in JUNOS Release 10.0 and above
after a PEM is shut down is invalid and is a non-impacting alarm message. [PR/498089: This issue has been resolved.]
The one port OC12-3 PIC cannot support eight queues when the no-concatenate option is configured. [PR/499452: This issue has been resolved.]
On a 4–port ChOC3/STM1 and 12–port T1/E1 circuit emulation PICs, the ATM
logical interface packets counter does not increment if the PIC is configured in the ATM IMA mode. [PR/500153: This issue has been resolved.]
When t1-options are configured at the [edit interfaces ct1-x/y/z] hierarchy level, some ct1 interfaces of a 10xCHT1 IQ PIC might flap when the configuration changes are committed. As a workaround, remove the t1-options. [PR/500820: This issue has been resolved.]
Polling ifInOctets on Gigabit Ethernet IQ PIC VLANs might momentarily return a higher value. [PR/500852: This issue has been resolved.]
74 Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
On 40x1 Gigabit Ethernet PICs, very short fragments of fragmented TCP, UDP,
and ICMP packets may be incorrectly dropped with the diagnostic L4 length too short. [501526: This issue has been resolved.]
The configured TTL set for GRE traffic is set properly for locally generated Routing
Engine packets, but is not set properly for transit packets. There is no workaround. [PR/502087: This issue has been resolved.]
During a link UP/DOWN transition, jsscd may crash as a result of a NULL message
dereferencing by jsscd. [PR/502745: This issue has been resolved.]
In JUNOS Release 10.1, if the Neo MPCs power up while the A-DPCs are offline,
and if ISSU is performed, the MPCs will crash. [PR/502837: This issue has been resolved.]
When an ATM AIS cell is received from the virtual channel under vlan-vci-ccc
encapsulation, the logical interface will be incorrectly marked down. There is no workaround. [PR/503653: This issue has been resolved.]
When the show lacp interface aex command is used for a nonexistent AE interface, no error is returned. [PR/503806: This issue has been resolved.]
The yellow marking for the three-color-policers is incorrect. Even after the excess
burst buffer is full, the yellow counters continue to increment at the same rate as the green buffers. [PR/504192: This issue has been resolved.]
As a result of an incorrect configuration for the DDR memory controller, errors
might be reported when a Trio-based MPC or MX80 boots. There is no workaround. [PR/505490: This issue has been resolved.]
Under certain circumstances, the E3 IQ PIC might report bogus CCV, CES, and
CSES alarms. [PR/505921: This issue has been resolved.]
The JUNOS Software may accept duplicate data-link connection identifiers (DLCIs)
configured on the same physical interface. [PR/506908: This issue has been resolved.]
When native-vlan-id is configured for aggregated interface with the child links on an IQ2 PIC, the LACP are dropped and the links go down. [PR/507040: This issue has been resolved.]
The show interfaces diagnostics optics interface command does not display the unit of measurement when the received power is in a very low range (power < 5e-10). It shows the value of 0.00 without any unit of measurement. [PR/507653: This issue has been resolved.]
On MX Series routers, the chassisd crashes when the SCB is taken offline and
removed. [PR/510950: This issue has been resolved.]
On M7i and M10i routers, the syncer process writes to the file
/var/rundb/chassisd.dynamic.db every 30 seconds. [PR/511901: This issue has
been resolved.]
Under certain circumstances, the chassisd process might crash on a backup
Routing Engine while a configuration is commited. [PR/512044: This issue has been resolved.]
Due to a flaw in implementation, the execution of the show interfaces
mac-database command causes the IQ2 PIC to reboot with the core. [PR/513407:
This issue has been resolved.]
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 75
JUNOS 10.1 Software Release Notes
The local protocol MTU on an interface with PPP encapsulation might become
The monitor traffic interface (tcpdump) does not produce an outbound output
Layer 2 Ethernet Services
The DHCPv6 clients do not bind when routing-options access-internal is
On MX960 routers, i2c messages related to the fan such as the following are
higher than the configured media MTU after the PPP negotiation when the remote end has a higher media MTU configured. [PR/514079: This issue has been resolved.]
with matching option when used with the encapsulation flexibile-ethernet-services. [PR/514247: This issue has been resolved.]
configured. [PR/495358: This issue has been resolved.]
displayed:
Jan 26 13:32:22 rocky-re0 /kernel: PCF8584(WR): target ack failure on byte 0 Jan 26 13:32:22 rocky-re0 /kernel: PCF8584(WR): (i2c_s1=0x08, group=0xe,
device=0x54)
MPLS Applications
This is a cosmetic issue and has no impact on the router. [PR/500824: This issue has been resolved.]
The SIP domain names encoded in the DHCPv6 attributes do not conform to
RFC 3319. [PR/512073: This issue has been resolved.]
The JUNOS Software drops SOLICIT messages, including the rapid commit option,
instead of ignoring that option and processing the remainder of the message. [PR/512092: This issue has been resolved.]
When an RSVP LSP is configured with the no-install-to-address option and is not
associated with CCC connection flaps, the routing protocol process will crash when the LSP comes up again. To avoid the problem, make sure that the LSP is either a transmit LSP for a CCC connection or that the install option is also configured on the LSP. [PR/471339: This issue has been resolved.]
A rare condition between the MVPN and RSVP P2MP signaling leads to the
creation of stale flood next hops. [PR/491586: This issue has been resolved.]
An incorrectly changed LDP session authentication key causes the LDP session
to fail, which results in the LDP/IGP syncronization feature not working. The IGP continues to advertise the link at normal metric values. [PR/499226: This issue has been resolved.]
In cases where the secondary Routing Engines contain no label-switched paths
in the up state due to the lack of NSR support, such label-switched paths might not come up even after a switchover. [PR/501969: This issue has been resolved.]
LDP might not handle certain error conditions gracefully when NSR is enabled.
This might cause the LDP replication state to be stuck in the "In Progress" state forever. [PR/505043: This issue has been resolved.]
The name of the bypass label-switched path supports only 32 characters instead
of 64. [PR/515244: This issue has been resolved.]
76 Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Network Management
Platform and Infrastructure
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Under certain SNMP conditions, the following log message is displayed:
M10i-RE0 pfed: PFED_NOTIF_GLOBAL_STAT_UNKNOWN: Unknown global
notification stat: transit options/ttl-exceeded (re-injected)
M10i-RE0 pfed: PFED_NOTIF_STAT_UNKNOWN: Unknown notification type stat:
Unknown
This log message might also be displayed during the installation of AI Scripts (version 2.1R2 or above) on the router. AI Scripts versions prior to 2.1R2 do not cause these messages. This is a cosmetic message, and does not have any impact. [PR/427590: This issue has been resolved.]
Under certain conditions, the SNMPD crashes due to a BAD_PAGE_FAULT.
[PR/496351: This issue has been resolved.]
When certain FPCs (T1600-FPC4-ES, T640-FPC4-1P-ES, T640-FPC1-ES,
T640-FPC2-ES, and T640-FPC3-ES) receive corrupted cells via high-speed links, they might unnecessarily reboot and report the following system log error message: "Unrecoverable Error: Flist gtop bit toggled !." No reset is needed to recover from this condition. [PR/441844: This issue has been resolved.]
The configured static NDP entry is cleared automatically after a certain interval.
[PR/453710: This issue has been resolved.]
When the flow monitoring version 9 feature is enabled on an MS PIC (or service
PIC that supports flow monitoring version 9), the MS PIC might crash upon receiving certain corrupted IPv6 packets. [PR/458361: This issue has been resolved.]
When an aggregated SONET with a Cisco High-Level Data Link Control (HDLC)
encapsulation is configured, a member link might not be marked as link-down in the Packet Forwarding Engine if the remote end of the link is disabled. [PR/472677: This issue has been resolved.]
The output of the show arp command does not display the entire demux interface identifier, making it impossible to determine which specific demux sub-interface a given ARP entry is associated with. [PR/482008: This issue has been resolved.]
A problem occurs on an M120 router with an FEB redundancy configuration
when the backup FEB is protecting a non-primary FEB. In this case, the Routing Engine will prompt the incorrect Packet Forwarding Engine for status, causing delays in the SNMP responses. [PR/490172: This issue has been resolved.]
If you configure an IP address with a larger subnet, for example, /19, on a
different interface first, the router begins to negotiate for the ARP of a specific host on that interface and gets stuck in a hold state. If you later configure a more specific subnet of /29 on another interface from where the host can be reached, the forwarding table will still prefer the route with the hold entry via /19 instead of the route with the ucst entry via /29. [PR/491468: This issue has been resolved.]
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 77
JUNOS 10.1 Software Release Notes
The Source Class Usage (SCU) statistics counter value may drop occasionally
The AE VLAN session classifier instantiation in a dynamic profile fails as the L2
In certain cases, a configuration change can cause the backup Routing Engine
However, the syslog starts logging even though the counter value was not increasing. [PR/493384: This issue has been resolved.]
when it is used with the accounting profile. [PR/493662: This issue has been resolved.]
classifier fails to install in the Packet Forwarding Engine. [PR/494488: This issue has been resolved.]
to reboot. [PR/497290: This issue has been resolved.]
indirect next-hop, aggregate next-hop, and multiple unicast next-hops, during an aggregate link flap (down/up), a certain sequence of events from the kernel is expected by the Packet Forwarding Engine for the next-hop change and delete updates. However, during a quick link flap (down/up), in an extreme corner case, the Packet Forwarding Engine does not receive the expected sequence, and the FPC will crash. [PR/499315: This issue has been resolved.]
On IQ2 PICs, when copy-plp is enabled under class of service, the DCU provides
the wrong statistics. [PR/499378: This issue has been resolved.]
The MAC address of a configured static NDP entry is overwritten upon receiving
NA from a connected device. [PR/499418: This issue has been resolved.]
The static NDP entry remains permanent if the refcount is more than 1, even
after deleting the static configuration. [PR/499441: This issue has been resolved.]
The L2RW does not report an error when the required L2_pgm length is longer
than what the hardware can support. [PR/501318: This issue has been resolved.]
On an ichip platform, when the downstream multicast member link flaps, the
Packet Forwarding Engine rarely has a chance to fail multicast next-hop handling. This can cause multicast traffic drops. [PR/501852: This issue has been resolved.]
On an MX Series router configured for PPP subscriber access, subscribers will
experience slow login times as the number of subscriber sessions increases. [PR/502756: This issue has been resolved.]
RED drops occur in the SMQCHIP when the 10x10GE OSE and 4x10GE PICs are
swapped multiple times. [PR/506174: This issue has been resolved.]
On a TX Matrix Plus router, if one of the two external RJ45 links between a
TXP-CIP and an LCC Control Board is broken, the router does not generate an alarm. [PR/508219: This issue has been resolved.]
On tcpdump or when the monitor traffic interface command is used for an lo0 interface with the IP address having its last octet is greater than or equal to 224 (x.x.x.224 or higher), following message is received: "inet class for 0xe1e11955 unknown." [PR/511911: This issue has been resolved.]
78 Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Routing Protocols
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
router attempts to collect the multicast statistic data. [PR/434298: This issue has been resolved.]
Deleting a logical system causes the routing protocol process to be stuck in an
infinite loop. [PR/439000: This issue has been resolved.]
The routing protocol process dumps core due to a soft assertion failed:
"rt_notbest_sanity: Path selection failure" in rt_table.c. As a workaround, use the bgp path-selection external-router-id statement or the bgp path-selection
always-compare-med statement. [PR/451021: This issue has been resolved.]
When a PIC with a PIM-enabled interface is brought online, the router may send
the first PIM hello slightly before the interface comes up. This causes the router to drop the first PIM hello message towards its neighbor. [PR/482903: This issue has been resolved.]
After a graceful Routing Engine switchover (GRES) event with NSR enabled and
a scaled L3VPN eBGP test, some BGP sessions fail due to an expired hold down timer if the hold-down timer is lower than the default 30 seconds. To avoid this issue, set the hold-down timer to the default value of 30 seconds. [PR/501796: This issue has been resolved.]
In an NSR configuration, the backup Routing Engine can lose the connection to
the active Routing Engine during a configuration commit. The problem occurs more often when the configuration includes a large number of routing instances. This is caused by the routing protocol process on the backup Routing Engine leaking file descriptors during commit synchronization. To recover, restart the routing protocol process on the backup Routing Engine. [PR/506883: This issue has been resolved.]
When the routing-instances routing-instances-name routing-options multipath
vpn-unequal-cost equal-external-internal statement is configured, some VPN routes
learned from different route reflectors can be shown as multipath. [PR/507236: This issue has been resolved.]
The routing protocol process might crash if the router receives a flow route with
a rate-limit bandwidth less than 1000 bps. [PR/508715: This issue has been resolved.]
When more than 200 IGMP/MLD source-specific multicast groups (232.0.0.0/8)
are configured statically on an interface, and when an unrelated configuration is committed, some groups are removed and added immediately after. This causes packet drops on those groups. [PR/509013: This issue has been resolved.]
Nonstop routing (NSR) does not work correctly if an automatic route distinguisher
is used with a L2VPN routing-instance. [PR/513949: This issue has been resolved.]
In route reflector and ASBR VPN scenarios, the routing protocol process might
crash as changes occur to a prefix in the primary table at the same time as BGP tries to send out updates via the secondary table. [PR/515626: This issue has been resolved.]
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 79
JUNOS 10.1 Software Release Notes
Services Applications
If the Juniper-Firewall-Attribute attribute in a RADIUS server configuration file
On M Series routers (M120 and M320) with many service sets configured with
A static route pointing to a destination is incorrectly added for a source NAT
Flow monitoring records are not generated as fragmented IPv6 packets are not
names a policer that sets a bandwidth limit for Layer 2 Tunneling Protocol (L2TP) sessions but not an exclude-bandwidth limit, the bandwidth limit might not be set correctly. [PR/254503: This issue has been resolved.]
IDP policies, kernel messages are seen in the messages file once traffic passes through these service sets. These messages stop when the traffic is stopped. [PR/462580: This issue has been resolved.]
when a next-hop type service set is used. [PR/476165: This issue has been resolved.]
getting sampled. [PR/478571: This issue has been resolved.]
MSDPC might crash while running a combination of SIP and other ALGs due to
The SIP ALG on the services PIC might cause NAT port leaks in some call
The l2tp on an M7i LNS crashes following an upgrade from JUNOS Release 9.3R1
When using a NAT DCE RPC ALG on a services PIC, the PIC might crash while
Route changes might not be updated in the PIC meta-db in cases where the route
User Interface and Configuration
The wildcard apply groups do not work properly in JUNOS Release 9.1 and above.
If a user in the Backup Routing Engine on a config-private mode activates graceful
Commit fails when the commit scripts are used and the configuration contains
a possible double freeing of memory. [PR/491218: This issue has been resolved.]
scenarios. [PR/491220: This issue has been resolved.]
to 9.6R2. [PR/498423: This issue has been resolved.]
processing the binding request. [PR/510997: This issue has been resolved.]
messages that the PIC receives signify a change in the next-hop index. [PR/512229]
[PR/425355: This issue has been resolved.]
Routing Engine switchover (GRES) and performs a commit synchronize, a synchronization error might occur during the switchover. [PR/486637: This issue has been resolved.]
a policy which uses an apply-group with a then action of 'then community + export.' [PR/501876: This issue has been resolved.]
The load replace command does not consider the allow-configuration configuration. [PR/501992: This issue has been resolved.]
In configure private mode, activating and deactivating two consecutive nested
objects can cause a syntax error during commit. [PR/506677: This issue has been resolved.]
On M10i, M120, M320, and MX Series routers with dual Routing Engines running
JUNOS Release 9.4 or later, the dfwd process running on the backup Routing
80 Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
VPNs
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Engine might access the /var/pdb/rdm.taf file every 30 seconds, causing excessive writes to the hard disk drive. This problem does not occur when GRES is enabled. [PR/506691: This issue has been resolved.]
When different prefixes are advertised to the same source by different PE routers,
an egress PE router is prevented from picking the lower prefix route for RPF when the PR advertising the higher prefix loses its route to the source. [PR/493835: This issue has been resolved.]
When multipath is enabled in a routing instance with NG MVPN, the traffic might
get dropped on the receiver PE. [PR/508090: This issue has been resolved.]
Release 10.1R1
The following issues have been resolved since JUNOS Release 10.0R3. The identifier following the description is the tracking number in our bug database.
Class of Service
On the Qchip, the shaping accuracy is affected by the configured logical interface
shaping rate. [PR/79319: This issue has been resolved.]
The DHCP traffic may stop being processed for some subscribers under heavy
login and logout conditions when the 802.1 classifiers are in use. [PR/470513: This issue has been resolved.]
On a shared scheduler configuration with CoS configured, the rate-limit feature
may stop functioning on changing the scheduler transmit rate. [PR/483536: This issue has been resolved.]
The following operations may result in large incorrect queue statistics on IQ2
interfaces:
When the IQ2 PIC is restarted, or the interface is deactivated and reactivated,
while traffic is on and the configuration defines a high priority queue on the interface.
When the high priority queue number is changed under the class-of-service
configuration while traffic is on.
[PR/489049: This issue has been resolved.]
On M Series (except M120 and M320) routers, packet classification will not work
on aggregated Ethernet bundles that have LACP enabled. [PR/492057: This issue has been resolved.]
The class-of-service process crashes on commit if a scheduler-map definition
does not have any forwarding-class statement. [PR/499755: This issue has been resolved.]
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 81
JUNOS 10.1 Software Release Notes
Forwarding and Sampling
The output firewall filter counter does not work when the firewall is configured
Policers cannot be modified after a system upgrade due to a flaw in the parser
Under certain conditions for prefix optimization, the firewall compiler may
When the MS PIC used for an RLSQ interface resides on an E3 FPC (M320), traffic
for discard next hop. [PR/404645: This issue has been resolved.]
routine. This error occurs when the current item is deleted and the parser cannot proceed to the next item. With the fix, the routine in the forwarding process (dwfd) has been modified so that the next item in the object tree is fetched before the current object is parsed. [PR/433418: This issue has been resolved.]
discard a prefix configured for accept. This issue depends on the set of prefixes configured to match across the various terms. [PR/486633: This issue has been resolved.]
might stop flowing across the RLSQ interface after the policer on the interface is deactivated. [PR/498069: This issue has been resolved.]
High Availability
Interfaces and Chassis
When a filter group is configured on an interface residing on an ES FPC, the
rpf-check configured on that interface will not function correctly. As a workaround, deactivate the configured filter group. [PR/503609: This issue has been resolved.]
After configuring a three-color-policer, a dfwc core file is generated. [PR/509742:
This issue has been resolved.]
On an ISSU upgrade from JUNOS Release 9.3 to any of the current higher releases,
the ATM logical interfaces will flap. [PR/491511: This issue has been resolved.]
When the ATM scheduler map is programmed, the code does not check if the
early packet discard (EPD) configured on the forwarding class exceeds the max_epd that the hardware supports. [PR/70336: This issue has been resolved.]
The following messages are displayed on both the primary and secondary RLSQ
MS 500 PICs: SCHED: %PFE-0: Thread 7 ran for x ms without yielding", "Scheduler Oinker." [PR/286357: This issue has been resolved.]
On M Series and MX Series routers, the ifHCInOctets retrieved by SNMP may
report an incorrect value. [PR/420985: This issue has been resolved.]
The show interfaces diagnostics optics command displays wrong diagnostic information for the SumitomoElectric SFP with vendor part number SCP6F44-J3-ANE. [PR/463837: This issue has been resolved.]
For AnnexB, the force command may not work as expected when loss of signal is present. This is because the previous command did not complete for both the protect and the working circuit, and priority comparison does not consider the signal fail condition. [PR/465906: This issue has been resolved.]
82 Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Both the working and protect circuit are stuck in the disabled state when the
TX cable is unplugged and the RX cable is plugged for protect circuit after an Automatic Protection Switching (APS) switchover. [PR/466649: This issue has been resolved.]
On an M320 router, the 4x STM-1 1x STM-4 SFP PIC (PB-4OC3-1OC12-SON-SFP)
currently supports only two ports (0 and 2) when configured for eight queues per port on an E3 FPC. [PR/475008: This issue has been resolved.]
SFPs are absent in the output of the show chassis hardware command following TOXIC SFP messages. [PR/480828: This issue has been resolved.]
When a DPC restarts, a large amount of route (about 700,000 simple IPv4 routes)
remains in the forwarding table learned through another DPC. The sync process between the Routing Engine and the Packet Forwarding Engine will take too long, and the Routing Engine will restart the FPC. This repeats endlessly.
To restore the service and get the DPC out of the boot loop, restart the chassis process or the routing process. [PR/481164: This issue has been resolved.]
In some cases during the periodic error status monitoring, error messages such
as Wi seg ucode discards in fabric stream might be displayed on adjacent streams. These messages are cosmetic and can be ignored. [PR/481344: This issue has been resolved.]
Under certain conditions, when aggregate interfaces are used and the member
links are located on more that one FPC, multicast traffic will not use one or more of the aggregate child links. This can happen after an FPC reboot.
If the aggregate member links are located on the same FPC, this problem is not triggered. To recover from this condition, deactivate and activate the aggregate interface. [PR/484007: This issue has been resolved.]
The logical unit of a Gigabit Ethernet interface may show less than 1000 Mbps
of bandwidth even if there is no speed configuration under the physical interface. As a workaround, manually set the bandwidth on the logical interface. [PR/485840: This issue has been resolved.]
When loopback is configured on t3 under ct3, t1 under ct1, or e1 under ce1, no
error syslog message is logged. Additionally, the show interface extensive command on the t3/t1/e1 displays "loopback" even though it is not actually applied. [PR/486424: This issue has been resolved.]
On an M20 router with an LS PIC, the backup Routing Engine kernel may core
at rnh_index_alloc. [PR/486646: This issue has been resolved.]
Traffic may be sent out on a child link of an aggregated Ethernet (AE) bundle
even when it is not in the Collecting-Distributing Link Aggregation Control Protocol (LACP) state if and only if the following conditions are met:
The remote end configured one link to be primary and another to be backup.
On the System Under Test (SUT), a unit of the AE bundle is disabled, then
enabled.
As a workaround, deactivate and activate the child link that is not in the Collecting-Distributing LACP state. [PR/487786: This issue has been resolved.]
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 83
JUNOS 10.1 Software Release Notes
With GRES configured, a container interface (CI) configuration can trigger a
Container interfaces with ATM children with OAM may not initiate sending of
Commit fails with IEEE 802.1p config when applied to container interfaces.
Kernel panic may occur if the child ATM interfaces are removed or disabled
The system may not learn all MACs in the hardware within a second across the
When filter-based forwarding is applied to the output interface and the egress
kernel core on the backup Routing Engine. [PR/488679: This issue has been resolved.]
OAM cells after Automatic Protection Switching (APS) switchovers. [PR/489250: This issue has been resolved.]
[PR/489400: This issue has been resolved.]
under container. [PR/490196: This issue has been resolved.]
fabric when trying to learn all new MACs at a 10–Gigabit line rate. A small fraction will be learned via the software path, in the order of hundreds of seconds. However, all MACs are learned eventually. [PR/489705: This issue has been resolved.]
Packet Forwarding Engine (PFE) is different from the ingress PFE, the traffic gets regular discards. [PR/490214: This issue has been resolved.]
During graceful Routing Engine switchover (GRES), if the peer's discovery state
is passive, the LFM state machine should be kickstarted even if the kernel state is SEND_ANY, otherwise the peer will be stuck in PASSIVE_WAIT state. As a workaround, configure both sides in the link-discovery mode as active. [PR/490886: This issue has been resolved.]
On the IEEE 802.1ag CFM, when the loss threshold is configured to 256, it
displays a '0.' [PR/491422: This issue has been resolved.]
Whenever the system gets busy, the master Routing Engine might relinquish
mastership and take the line cards offline soon after. [PR/491583: This issue has been resolved.]
The CI logical interface state may go out of sync when OAM is configured and
the logical interface flaps due to OAM. [PR/491866: This issue has been resolved.]
The chassis cell relay mode might not be set properly for CI interfaces. [PR/492197: This issue has been resolved.]
The DPC remains in the ready state and the demux0 interface remains in a down
state after a chassisd restart without graceful Routing Engine switchover enabled. [PR/492961: This issue has been resolved.]
When an SCB with an active plane is powered down, an HSL link error occurs
on unrelated SCBs. [PR/493151: This issue has been resolved.]
The CLI does not respond when Control+c is entered at the "more separator.
[PR/493881: This issue has been resolved.]
The system may generate a core file when the DPC is removed before it is taken
offline. [PR/494625: This issue has been resolved.]
An outer virtual LAN tag is not added in a provider edge-customer edge link when
VPLS traffic arrives with an MPLS value of 2, 3, 4, or 5. However, VPLS traffic with a value of 0, 1, 6, or 7 does not have this issue. [PR/495555: This issue has been resolved.]
84 Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
When ilmid uses a large amount of memory, the following error message displays:
/kernel: Process (1702,ilmid) has exceeded 85% of RLIMIT_DATA: used 129084 KB Max 131072 KB. [PR/495645: This issue has been resolved.]
The one-port OC12-3 PIC cannot support eight queues when the no-concatenate option is configured. [PR/499452: This issue has been resolved.]
When an F4 OAM is enabled for a VPI and the encaps for a unit are changed
using that VPI and VCI to ATM-CCC cell rrelay, followed by the deletion of the logical interface, the VPI list might be corrupted . Any subsequent change can cause the system to crash. [PR/499479: This issue has been resolved.]
On a 4–port ChOC3/STM1 and 12–port T1/E1 circuit emulation PICs, the ATM
logical interface packets counter does not increment if the PIC is configured in the ATM IMA mode. [PR/500153: This issue has been resolved.]
When t1-options are configured at the [edit interfaces ct1-x/y/z] hierarchy level, some ct1 interfaces of a 10xCHT1 IQ PIC might flap when the configuration changes are committed. As a workaround, remove the t1-options. [PR/500820: This issue has been resolved.]
Polling ifInOctets on Gigabit Ethernet IQ PIC VLANs might momentarily return a higher value. [PR/500852: This issue has been resolved.]
On 40x1 Gigabit Ethernet PICs, very short fragments of fragmented TCP, UDP,
and ICMP packets may be incorrectly dropped with the diagnostic L4 length too short. [501526: This issue has been resolved.]
The configured TTL set for GRE traffic is set properly for locally generated Routing
Engine packets, but is not set properly for transit packets. [PR/502087: This issue has been resolved.]
In JUNOS Release 10.0, if the MX-MPCs power up while the A-DPCs are offline,
and if ISSU is performed, the MPCs will crash. [PR/502837: This issue has been resolved.]
When an ATM AIS cell is received from the virtual channel under vlan-vci-ccc
encapsulation, the logical interface will be incorrectly marked down. There is no workaround. [PR/503653: This issue has been resolved.]
The yellow marking for the three-color-policers is incorrect. Even after the excess
burst buffer is full, the yellow counters continue to increment at the same rate as the green buffers. [PR/504192: This issue has been resolved.]
Under certain circumstances, the E3 IQ PIC might report bogus CCV, CES, and
CSES alarms. [PR/505921: This issue has been resolved.]
The show interfaces diagnostics optics interface command does not display the unit of measurement when the received power is in a very low range (power < 5e-10). It shows the value of 0.00 without any unit of measurement. [PR/507653: This issue has been resolved.]
On MX Series routers, the chassisd crashes when the SCB is taken offline and
removed. [PR/510950: This issue has been resolved.]
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 85
JUNOS 10.1 Software Release Notes
On M7i and M10i routers, the syncer process writes to the file
Under certain circumstances, the chassisd process might crash on a backup
Layer 2 Ethernet Services
On an MX Series router, the DHCP ACK messages are dropped when a client
The family ISO MTU configured explicitly under the IRB interface logical unit will
/var/rundb/chassisd.dynamic.db every 30 seconds. [PR/511901: This issue has
been resolved.]
Routing Engine while a configuration is commited. [PR/512044: This issue has been resolved.]
Rebind request is processed by a different DHCP server. This issue may occur in an environment where the provider has multiple DHCP servers for redundancy purposes. [PR/487138: This issue has been resolved.]
decrement by three if you change the interface MTU on the interface that belongs to the same bridge domain. [PR/493209: This issue has been resolved.]
Network Management
In JUNOS Release 10.0, the MX 960 router displays the following i2c messages
related to the fan:
rocky-re0 /kernel: PCF8584(WR): target ack failure on byte 0 rocky-re0 /kernel: PCF8584(WR): (i2c_s1=0x08, group=0xe, device=0x54)
This is a cosmetic issue and has no impact on the router. [PR/500824: This issue has been resolved.]
Under certain SNMP conditions, the following log message is displayed:
M10i-RE0 pfed: PFED_NOTIF_GLOBAL_STAT_UNKNOWN: Unknown global
notification stat: transit options/ttl-exceeded (re-injected)
M10i-RE0 pfed: PFED_NOTIF_STAT_UNKNOWN: Unknown notification type stat:
Unknown
This log message might also be displayed during the installation of AI Scripts (version 2.1R2 or above) on the router. AI Scripts versions prior to 2.1R2 do not cause these messages. This is a cosmetic message, and does not have any impact. [PR/427590: This issue has been resolved.]
When monitor traffic matching x is used on RLSQ bundles, no outbound packets are displayed. [PR/468959: This issue has been resolved.]
The SNMP MIB walk on jnxFWCounterDisplayName may miss certain policer
counters of firewall filters applied with respect to logical interfaces (subinterfaces). [PR/485477: This issue has been resolved.]
Under certain conditions, the SNMPD crashes due to a BAD_PAGE_FAULT.
[PR/496351: This issue has been resolved.]
86 Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
MPLS Applications
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
No point-to-multipoint LSPs are reported when the show mpls lsp p2mp command is issued. As a workaround, execute the show mpls lsp command before you execute the show mpls lsp p2mp command. [PR/266343: This issue has been resolved.]
Constrained Shortest Path First (CSPF) fails to calculate a P2MP LSP reroute path
merging upon a user configuration change. [PR/454692: This issue has been resolved.]
When an RSVP LSP is configured with the no-install-to-address option and is not
associated with CCC connection flaps, the routing protocol process will crash when the LSP comes up again. To avoid the problem, make sure that the LSP is either a transmit LSP for a CCC connection or that the install option is also configured on the LSP. [PR/471339: This issue has been resolved.]
A traffic engineered label-switched path that is down might not get re-signaled.
[PR/478375: This issue has been resolved.]
While performing an MPLS LDP traceroute in a tunneled MPLS LDP environment,
all hops except the second hop show 127.0.0.1 as the router hop. [PR/486999: This issue has been resolved.]
The NGEN-MVPN multicast traffic might be dropped at the ingress router if a
point-to-multipoint LSP reoptimization is performed. [PR/491533: This issue has been resolved.]
A rare condition between the MVPN and RSVP P2MP signaling leads to the
creation of stale flood next hops. [PR/491586: This issue has been resolved.]
Under some circumstances where LDP is enabled, a memory leak might occur
where the routing protocol process does not free up memory. [PR/493885: This issue has been resolved.]
An incorrectly changed LDP session authentication key causes the LDP session
to fail, and the LDP/IGP syncronization feature stops working. The IGP continues to advertise the link at normal metric values. [PR/499226: This issue has been resolved.]
LDP might not handle certain error conditions gracefully when NSR is enabled.
This might cause the LDP replication state to be stuck in the "In Progress" state forever. [PR/505043: This issue has been resolved.]
The show route table mpls.0 label-switched-path lspname command may cause the routing protocol process to core if no route is found. [PR/507239: This issue has been resolved.]
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 87
JUNOS 10.1 Software Release Notes
Platform and Infrastructure
When certain FPCs (T1600-FPC4-ES, T640-FPC4-1P-ES, T640-FPC1-ES,
When the strict-high priority queue is overloaded, the high priority queue may
The output of the show route forwarding-table family vpls multicast command may display an unexpected output such as rtinfo with the multicast statement because this statement is supported only with inet and inet6 families and is not supported for the ISO, NTP, MPLS, UNIX, and VPLS families. The output of this command will be fixed in JUNOS 10.1R1 to display the message: Multicasting is not supported by UNIX, ISO, NTP, MPLS, and VPLS protocols. [PR/235712: This issue has been resolved.]
T640-FPC2-ES, and T640-FPC3-ES) receive corrupted cells via high-speed links, they might unnecessarily reboot and report the following system log error message: "Unrecoverable Error: Flist gtop bit toggled !." No reset is needed to recover from this condition. [PR/441844: This issue has been resolved.]
starve, resulting in the loss of high priority traffic. [PR/455152: This issue has been resolved.]
When the flow monitoring version 9 feature is enabled on an MS PIC (or service
PIC which supports flow monitoring version 9), the MS PIC may crash upon receiving certain corrupted IPv6 packets. [PR/458361: This issue has been resolved.]
Reading the list of boot devices from the BIOS may fail once in hundreds or
thousands of times due to an improper locking mechanism. [PR/461320: This issue has been resolved.]
After upgrading from JUNOS Release 9.3 to Release 9.5, the timestamps in the
log files show the UTC time instead of the local time corresponding to the specified time zone. [PR/469175: This issue has been resolved.]
On T640 and TX Series routers which have outgoing interface on a GFPC , the
interface might report LSIF errors or cell mismatched errors after it receives an IPv6 packet with an invalid payload. The interface still accepts traffic, but discards all outgoing packets. To recover, reboot the FPC on T640 and TX Series routers. But if the IPv6 packets of the invalid payload are still transmitted, the problem will occur again. [PR/470219: This issue has been resolved.]
When an aggregated SONET with a Cisco High-Level Data Link Control (HDLC)
encapsulation is configured, a member link may not be marked as linkdown in the Packet Forwarding Engine if the remote end of the link is disabled. [PR/472677: This issue has been resolved.]
The output of the show arp command does not show the entire demux interface identifier, making it difficult to determine with which specific demux subinterface a given ARP entry is associated. [PR/482008: This issue has been resolved.]
If a duplicate IPv6 address is configured, every ICMP6 packet received (icmp
request, icmp neighbor solicitation, or icmp neighbor advertisement) will trigger an mbuf leak. Such a duplicate address configuration might not get noticed at the VRRP backup router which is not used for data forwarding. Correcting the configuration and deactivating or activating the interface will stop the mbuf leak. [PR/482202: This issue has been resolved.]
88 Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
The fxp0 packet counter statistics are inconsistent between the physical interface
and the logical interface as the statistics are updated twice. [PR/486200: This issue has been resolved.]
Jtree corruption may be observed when the DCU is configured on ES-FPCs.
[PR/486782: This issue has been resolved.]
A problem occurs on an M120 router with an FEB redundancy configuration
when the backup FEB is protecting a non-primary FEB. In this case, the Routing Engine will prompt the incorrect Packet Forwarding Engine for status, causing delays in the SNMP responses. [PR/490172: This issue has been resolved.]
An issue occurs when one or more multicast routes (i.e., one or more <S,G>
s) have received joins over an AE interface represented by two (or more) AE legs on separate Packet Forwarding Engines. In a Packet Forwarding Engine ASIC forwarding, the next hop shared by these multicast routes contains a list representing the two (or more) Packet Forwarding Engines. When this next hop list is no longer referenced by any active multicast route, it is not correctly freed and remains stranded in the Packet Forwarding Engine ASIC memory. This issue does not occur when the AE legs are all on the same Packet Forwarding Engine. [PR/494246: This issue has been resolved.]
Due to excessive logging at the FPC, the E3 FPC Type 3 core dumps multiple
times. [PR/494534: This issue has been resolved.]
In certain cases, a configuration change can cause the backup Routing Engine
to reboot. [PR/497290: This issue has been resolved.]
On T Series routers with ES-FPCs, removing or adding flow-tap filters may trigger
an FPC reboot. However, the other FPC types in the same system are not affected. [PR/499233: This issue has been resolved.]
indirect next-hop, aggregate next-hop, and multiple unicast next-hops, during an aggregate link flap (down/up), a certain sequence of events from the kernel is expected by the Packet Forwarding Engine for the next-hop change and delete updates. However, during a quick link flap (down/up), in an extreme corner case, the Packet Forwarding Engine does not receive the expected sequence, and the FPC will crash. [PR/499315: This issue has been resolved.]
On IQ2 PICs, when copy-plp is enabled under class of service, the DCU provides
the wrong statistics. [PR/499378: This issue has been resolved.]
The L2RW does not report an error when the required L2_pgm length is longer
than what the hardware can support. [PR/501318: This issue has been resolved.]
On an ichip platform, when the downstream multicast member link flaps, the
Packet Forwarding Engine rarely has a chance to fail multicast next-hop handling. This can cause multicast traffic drops. [PR/501852: This issue has been resolved.]
On a TX Matrix Plus router, if one of the two external RJ–45 links between a
TXP-CIP and an LCC Control Board is broken, the router does not generate an alarm. [PR/508219: This issue has been resolved.]
On M120 and MX Series routers when AE interface (with LACP enabled) is used
as a core facing interface for L3VPN, the non-mpls traffic received on the AE interface can sometimes get black holed. To recover from this state, deactivate and activate the AE interface in configuration. [PR/514278: This issue has been resolved.]
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 89
JUNOS 10.1 Software Release Notes
Routing Protocols
If a static route is pointing to a discard configuration, a failure might occur when
Deleting a logical system causes the routing protocol process to be stuck in an
The routing protocol process periodically dumps core due to a failed soft assertion:
If the routing protocol process (rpd) experiences a restart, it may not receive the
When the last CE interface in a VPLS instance goes down, pseudowires in the
the router attempts to collect the multicast statistic data. [PR/434298: This issue has been resolved.]
infinite loop. [PR/439000: This issue has been resolved.]
"rt_notbest_sanity: Path selection failure" in rt_table.c. [PR/451021: This issue has been resolved.]
first PIM hello packet from a PIM neighbor after the restart. This may delay the establishment of PIM neighbors, and therefore multicast traffic convergence, for up to twice the PIM hello interval. [PR/452751: This issue has been resolved.]
VPLS instance are also removed. However, multicast snooping process does not remove the logical interface indices corresponding to these pseudowires from the OIF list of the default bd, mg, vlan routes. This leaves the multicast snooping routes in an inconsistent state.
When a CE interface comes up again, new pseudowire comes up and OIF list for the default bd, mg, vlan route is updated by the multicast snooping process. The kernel finds a stale iflindex for the old pseudowire in the OIF list and rejects the next-hop add. This problem persists until the multicast snooping process is restarted. [PR/467347: This issue has been resolved.]
If a router modifies the next-hop protocol to self (for example, using an export
policy with next-hop-self) on a peer group containing "internal" peers, and nonstop routing is configured on the router, the routing protocol process may send duplicate updates to the peers in this peer group during a Routing Engine switchover. [PR/468505: This issue has been resolved.]
When running PIM and a link flap occurs, the routing protocol process might
crash. [PR/480422: This issue has been resolved.]
When a PIC with a PIM-enabled interface is brought online, the router might
send the first PIM hello slightly before the interface comes up. This causes the router to drop the first PIM hello message to its neighbor. [PR/482903: This issue has been resolved.]
Whenever a graceful Routing Engine switchover (GRES) is performed, the BMP
header for the consequent updates may become corrupted until the BMP session is deactivated and activated. [PR/486068: This issue has been resolved.]
The output of the show igmp interfaces command might display the configured IGMP query-interval value incorrectly in the output. [PR/488146: This issue has been resolved.]
In some conditions where the next-hop information must be merged for a new
configuration, some next-hop information does not merge correctly, causing the routing protocol process to crash. [PR/489220: This issue has been resolved.]
90 Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
The routing protocol process may core frequently because of malformed BGP
updates generated by the JUNOS Software. This might be because of the total length and the path attribute length. [PR/489891: This issue has been resolved.]
When multicast RPF routes are configured, the show route rib-groups command causes the routing protocol process (RPD) to go into an infinite loop. [PR/490390: This issue has been resolved.]
The MPLS LSPs are not advertised as links into the non-backbone OSPF areas,
even though they are configured to be advertised. [PR/491692: This issue has been resolved.]
The PIM running in the main instance might stop working if the PIM is configured
in a no-forwarding routing instance. [PR/492017: This issue has been resolved.]
If there are enough routing instances with PIM configured, and there is enough
IGMP/MLD join state present and a configuration change is made, a routing protocol process scheduler slip might occur. [PR/493062: This issue has been resolved.]
On an unnumbered Ethernet interface in P2P mode, OSPF does not skip
validation of the network mask received in the hello packets. This could result in a failure to bring up an adjacency on such interfaces while interoperating with other vendors. As a workaround, convert the interface to a regular numbered interface on both sides. [PR/493206: This issue has been resolved.]
In a NSR configuration, the backup Routing Engine can lose the connection to
the active Routing Engine during configuration commit. The problem occurs more often when the configuration includes a large number of routing instances. This is caused by the routing protocol process on the backup Routing Engine leaking file descriptors during commit synchronization. To recover, restart the routing protocol process on the backup Routing Engine. [PR/506883: This issue has been resolved.]
When the routing-instances routing-instances-name routing-options multipath
vpn-unequal-cost equal-external-internal statement is configured, some VPN routes
learned from different route reflectors can be shown as multipath. [PR/507236: This issue has been resolved.]
The routing protocol process might crash if the router receives a flow route with
a rate-limit bandwidth is less than 1000 bps. [PR/508715: This issue has been resolved.]
In route reflector and ASBR VPN scenarios, the routing protocol process might
crash when changes occur to a prefix in the primary table at the same time as BGP tries to send out updates via the secondary table. [PR/515626: This issue has been resolved.]
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 91
JUNOS 10.1 Software Release Notes
Services Applications
If the Juniper-Firewall-Attribute attribute in a RADIUS server configuration file
A static route pointing to a destination is incorrectly added for a source NAT
When an SIP ALG is enabled on ASPIC, MSPIC, or MSDPC, the PIC could crash
MSDPC might crash while running a combination of SIP and other ALGs due to
names a policer that sets a bandwidth limit for Layer 2 Tunneling Protocol (L2TP) sessions but not an exclude-bandwidth limit, the bandwidth limit might not be set correctly. [PR/254503: This issue has been resolved.]
when a next-hop type service set is used. [PR/476165: This issue has been resolved.]
while freeing the Via header NAT port. [PR/490329: This issue has been resolved.]
a possible double freeing of memory. [PR/491218: This issue has been resolved.]
[PR/491220: This issue has been resolved.]
Under certain conditions, the replication socket between two Routing Engines
Following a JUNOS Software upgrade, the L2TP on an M7i router dumps core.
When the router reboots after an upgrade, the following commit error occurs:
When a backup gateway is configured in any term under IPsec stanza, for any
When using a NAT DCE RPC ALG on a services PIC, the PIC might crash while
User Interface and Configuration
The show services nat pool name CLI filter does not have any effect. [PR/493820: This issue has been resolved.]
for the local policy decision function process (LPDFD) does not close properly. This results in high CPU consumption by the LPDFD. As a workaround, restart the local policy decision function process (LPDFD) on the master Routing Engines restart local-policy-decision-function. [PR/495363: This issue has been resolved.]
servers does not work and origin is taken as the autonomous system type for both flow servers. [PR/496954: This issue has been resolved.]
[PR/498423: This issue has been resolved.]
Cannot configure local-dump without configuring file name in neither traceoptions nor output. [PR/500365: This issue has been resolved.]
subsequent terms where this backup gateway is now configured as the primary, IPsec tunnel establishment will fail. [PR/510608: This issue has been resolved.]
processing the binding request. [PR/510997: This issue has been resolved.]
The wildcard apply groups do not work properly in JUNOS Release 9.1 and above.
[PR/425355: This issue has been resolved.]
When jcs:syslog() is used in an event script, messages do not appear until another
system application sends a syslog message. [PR/449778: This issue has been resolved.]
92 Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
The core files cannot be removed using the file delete command unless the Routing Engine name is included in the path. [PR/469168: This issue has been resolved.]
The deactivate configuration statement cannot be blocked through the
deny-configuration statement. [PR/488352: This issue has been resolved.]
When commit scripts are used and the configuration contains a policy which
uses an apply-group with a then action of then community + EXPORT, the commit fails. [PR/501876: This issue has been resolved.]
The load replace command does not consider the allow-configuration configuration. [PR/501992: This issue has been resolved.]
On M10i, M120, M320, and MX Series routers with dual Routing Engines running
JUNOS Release 9.4 or later, the dfwd process running on the backup Routing Engine might access the /var/pdb/rdm.taf file every 30 seconds, causing excessive writes to the hard disk drive. This problem does not occur when GRES is enabled. [PR/506691: This issue has been resolved.]
VPNs
Configuring a forwarding-cache threshold under a routing instance for NG-MVPN
might not produce the expected behavior and might not limit the number of forwarding cache entries. [PR/438164: This issue has been resolved.]
In an MLAN scenario where two PEs are connected to the multicast receiver,
when the PE acting as the designated router (DR) has a link failure on the MLAN, the backup PE that becomes the DR is unable to forward traffic. [PR/490153: This issue has been resolved.]
When different prefixes are advertised to the same source by different PE routers,
an egress PE router is prevented from picking the lower prefix route for RPF when the PR advertising the higher prefix loses its route to the source. [PR/493835: This issue has been resolved.]
When multipath is enabled in a routing instance with NG MVPN, the traffic might
get dropped on the receiver PE. [PR/508090: This issue has been resolved.]
Related Topics New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
on page 6
Changes in Default Behavior and Syntax in JUNOS Release 10.1 for M Series,
MX Series, and T Series Routers on page 42
Errata and Changes in Documentation for JUNOS Software Release 10.1 for M
Series, MX Series, and T Series Routers on page 94
Upgrade and Downgrade Instructions for JUNOS Release 10.1 for M Series, MX
Series, and T Series Routers on page 98
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 93
JUNOS 10.1 Software Release Notes

Errata and Changes in Documentation for JUNOS Software Release 10.1 for M Series, MX Series, and T Series Routers

Changes to the JUNOS Documentation Set

The title of the JUNOS Hierarchy and RFC Reference is now JUNOS Hierarchy and Standards Reference.
Documentation for the extended DHCP relay agent feature is no longer included in the Policy Framework Configuration Guide. For DHCP relay agent documentation, see the Subscriber Access Configuration Guide or the documentation for subscriber access management.
The new JUNOS Technical Documentation index page (http://www.juniper.net/techpubs/software/junos/index.html ) consolidates documentation for JUNOS Software features that are common to all platforms that run JUNOS Software. The new index page provides direct access to core JUNOS information and links to information for JUNOS features that run on particular platforms.

Errata

This section lists outstanding issues with the documentation.
High Availability
TX Matrix Plus routers and T1600 routers that are configured as part of a routing
matrix do not currently support nonstop active routing. [High Availability]
Integrated Multi-Services Gateway (IMSG)
Chapter 15, Maintenance and Failover in the IMSG, describes the IMSG high
availability feature. This feature is not supported in this release of the software.
[Multiplay Solutions]
The new-transaction-output-policies configuration statement was introduced in JUNOS Release 10.1R1. The document did not mention the following restriction. New transaction policies that include route or message-manipulation options cannot be configured as new-transaction-output-policies.
[Integrated Multi-Service Gateway (IMSG), Multiplay Solutions, Services Interfaces Configuration]
Interfaces and Chassis
The Configuring ECMP Next Hops for RSVP and LDP LSPs for Load Balancing topic
in the System Basics Configuration Guide does not mention the following caveat for configuring ECMP next hops for RSVP LSPs:
94 Errata and Changes in Documentation for JUNOS Software Release 10.1 for M Series, MX Series, and T Series Routers
Errata and Changes in Documentation for JUNOS Software Release 10.1 for M Series, MX Series, and T Series Routers
If RSVP LSPs are configured with bandwidth allocation, for ECMP next hops with more than 16 LSPs, traffic is not distributed optimally based on bandwidths configured. Some LSPs with smaller allocated bandwidths receive more traffic than the ones configured with higher bandwidths. Traffic distribution does not strictly comply with the configured bandwidth allocation. This caveat is applicable to the following routers:
T1600 and T640 routers with Enhanced Scaling FPC1, Enhanced Scaling
FPC2, Enhanced Scaling FPC3, Enhanced Scaling FPC 4, and all Type 4 FPCs
M320 routers with Enhanced III FPC1, Enhanced III FPC2, and Enhanced III
FPC3
MX Series routers with all types of FPCs and DPCs, excluding MPCs
NOTE: This caveat is not applicable to MX Series routers with line cards based on the Junos Trio chipset.
Subscriber Access Management
The Subscriber Access Configuration Guide contains the following dynamic variable errors:
The Configuring a Dynamic Profile for Client Access topic erroneously uses the
Table 25 in the Dynamic Variables Overview topic neglects to define the
M120 routers with Type 1, Type 2, and Type 3 FPCs
M10i routers with Enhanced CFEB
[System Basics]
On M Series, MX Series, and T Series routing platforms, the targeted-broadcast statement that is used to forward direct broadcast packets to the targeted subnet in a network is available in the CLI , but it is not functional for the above three platforms in JUNOS Release 9.5 through 10.1.
$junos-underlying-interface variable when a IGMP interface is configured in the
client access dynamic profile. The following example provides the appropriate use of the $junos-interface-name variable:
[edit dynamic-profiles access-profile] user@host# set protocols igmp interface $junos-interface-name
$junos-igmp-version predefined dynamic variable. This variable is defined as
follows:
$junos-igmp-version—IGMP version configured in a client access profile. The
JUNOS Software obtains this information from the RADIUS server when a subscriber accesses the router. The version is applied to the accessing subscriber when the profile is instantiated. You specify this variable at the [dynamic-profiles
profile-name protocols igmp] hierarchy level for the interface statement.
In addition, the Subscriber Access Configuration Guide erroneously specifies the use of a colon (:) when you configure the dynamic profile to define the IGMP
Errata and Changes in Documentation for JUNOS Software Release 10.1 for M Series, MX Series, and T Series Routers 95
JUNOS 10.1 Software Release Notes
The Subscriber Access Configuration Guide and the System Basics Configuration
When you modify dynamic CoS parameters with a RADIUS change of
We do not support multicast RIF mapping and ANCP when configured
version for client interfaces. The following example provides the appropriate syntax for setting the IGMP interface to obtain the IGMP version from RADIUS:
[edit dynamic-profiles access-profile protocols igmp interface $junos-interface-name] user@host# set version $junos-igmp-version
Guide contain information about the override-nas-information statement. This statement does not appear in the CLI and is not supported.
[Subscriber Access, System Basics]
authorization (CoA) message, the JUNOS Software accepts invalid configurations. For example, if you specify that a transmit rate that exceeds the allowed 100 percent, the system does not reject the configuration and returns unexpected shaping behavior.
[Subscriber Access]
simultaneously on the same logical interface. For example, we do not support when a multicast VLAN and ANCP are configured on the same logical interface, and the subscriber VLANs are the same for both ANCP and multicast.
[Subscriber Access]
The Guidelines for Configuring Dynamic CoS for Subscriber Access topic in the
Subscriber Access Configuration Guide erroneously states that dynamic CoS is
supported for dynamic VLANs on the Trio MPC/MIC family of products. In the current release, dynamic CoS is supported only on static VLANs on Trio MPC/MIC interfaces.
[Subscriber Access]
The Subscriber Access Configuration Guide incorrectly describes the
authentication-order statement as it is used for subscriber access management.
When configuring the authentication-order statement for subscriber access management, you must always specify the radius method. Subscriber access management does not support the password keyword (the default), and authentication fails when you do not specify an authentication method.
[Subscriber Access]
In the JUNOS Subscriber Access Configuration Guide, Table 26, RADIUS-Based
Mirroring Attributes incorrectly indicates that RADIUS VSA 26-10, Juniper-User-Permissions, is required for subscriber secure policy mirroring. In fact, this VSA is not used.
[Subscriber Access]
96 Errata and Changes in Documentation for JUNOS Software Release 10.1 for M Series, MX Series, and T Series Routers
Errata and Changes in Documentation for JUNOS Software Release 10.1 for M Series, MX Series, and T Series Routers
User Interface and Configuration
VPNs
The show system statistics bridge command displays system statistics on MX Series routers. [System Basics Command Reference]
The mac-tlv-receive and mac-tlv-send statements were removed from Release 10.0 of the JUNOS Software and are no longer visible in the [edit logical-systems
logical-system-name routing-instances routing-instance-name protocols vpls] and [edit routing-instances routing-instance-name protocols vpls] hierarchy levels.
Although the mac-tlv-receive and mac-tlv-send statements are recognized in the current release, they will be removed in a future release. We recommend that you update your configurations and use the mac-flush statement described in the Changes in Default Behavior and Syntax in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers section of the release notes.
[VPNs]
The JUNOS Software substantially supports the following RFCs for Layer 2 circuits,
as well as the Internet drafts listed in the published documentation:
RFC 4447, Pseudowire Setup and Maintenance Using the Label Distribution
Protocol (LDP)
The JUNOS Software does not support Section 5.3, The Generalized PWid FEC Element.
RFC 4448, Encapsulation Methods for Transport of Ethernet over MPLS
Networks
[Hierarchy and Standards Reference]
In Chapter 19 Configuring VPLS of the VPNs Configuration Guide, an incorrect
statement that caused contradictory information about which platforms support LDP BGP interworking has been removed. The M7i router was also omitted from the list of supported platforms. The M7i router does support LDP BGP interworking.
[VPNs]
Related Topics New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
on page 6
Changes in Default Behavior and Syntax in JUNOS Release 10.1 for M Series,
MX Series, and T Series Routers on page 42
Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers on
page 54
Upgrade and Downgrade Instructions for JUNOS Release 10.1 for M Series, MX
Series, and T Series Routers on page 98
Errata and Changes in Documentation for JUNOS Software Release 10.1 for M Series, MX Series, and T Series Routers 97
JUNOS 10.1 Software Release Notes

Upgrade and Downgrade Instructions for JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

This section discusses the following topics:
Basic Procedure for Upgrading to Release 10.1 on page 98
Upgrading a Router with Redundant Routing Engines on page 101
Upgrading Juniper Routers Running Draft-Rosen Multicast VPN to JUNOS Release
10.1 on page 101
Upgrading the Software for a Routing Matrix on page 103
Upgrading Using ISSU on page 104
Upgrading from JUNOS Release 9.2 or Earlier on a Router Enabled for Both PIM
and NSR on page 104
Downgrade from Release 10.1 on page 105

Basic Procedure for Upgrading to Release 10.1

In order to upgrade to JUNOS 10.0 or later, you must be running JUNOS 9.0S2, 9.1S1,
9.2R4, 9.3R3, 9.4R3, 9.5R1, or later minor versions, or you must specify the no-validate option on the request system software install command.
When upgrading or downgrading the JUNOS Software, always use the jinstall package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the jinstall package and details of the installation process, see the Junos OS Installation and Upgrade Guide.
NOTE: You cannot upgrade by more than three releases at a time. For example, if your routing platform is running JUNOS Release 9.4 you can upgrade to JUNOS Release 10.0 but not to JUNOS Release 10.1 As a workaround, first upgrade to JUNOS Release 10.0 and then upgrade to JUNOS Release 10.1.
NOTE: With JUNOS Release 9.0 and later, the compact flash disk memory requirement for JUNOS Software is 1 GB. For M7i and M10i routers with only 256 MB memory, see the Customer Support Center JTAC Technical Bulletin PSN-2007-10-001 at
https://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2007-10-001&actionBtn=Search.
98 Upgrade and Downgrade Instructions for JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Upgrade and Downgrade Instructions for JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
NOTE: Before upgrading, back up the file system and the currently active JUNOS configuration so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:
user@host> request system snapshot
The installation process rebuilds the file system and completely reinstalls the JUNOS Software. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the routing platform, such as configuration templates and shell scripts (the only exceptions are the
juniper.conf and ssh files) may be removed. To preserve the stored files, copy them
to another system before upgrading or downgrading the routing platform. For more information, see the Junos System Basics Configuration Guide.
Upgrade and Downgrade Instructions for JUNOS Release 10.1 for M Series, MX Series, and T Series Routers 99
JUNOS 10.1 Software Release Notes
The download and installation process for JUNOS Release 10.1 is the same as for previous JUNOS releases.
If you are not familiar with the download and installation process, follow these steps:
1. Using a Web browser, follow the links to the download URL on the Juniper
2. Log in to the Juniper Networks authentication system using the username
3. Download the software to a local host.
4. Copy the software to the routing platform or to your internal software distribution
Networks Web page. Choose either Canada and U.S. Version or Worldwide Version:
https://www.juniper.net/support/csc/swdist-domestic/ (customers in the United
States and Canada)
https://www.juniper.net/support/csc/swdist-ww/ (all other customers)
(generally your e-mail address) and password supplied by Juniper Networks representatives.
site.
5.
Install the new jinstall package on the routing platform.
NOTE: We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.
Customers in the United States and Canada use the following command:
user@host> request system software add validate reboot
source/jinstall-10.1R3.7-domestic-signed.tgz
All other customers use the following command:
user@host> request system software add validate reboot
source/jinstall-10.1R3.7-export-signed.tgz
Replace source with one of the following values:
/pathname—For a software package that is installed from a local directory
on the router.
For software packages that are downloaded and installed from a remote
location:
ftp://hostname/pathname
http://hostname/pathname
scp://hostname/pathname (available only for Canada and U.S. version)
The validate option validates the software package against the current configuration as a prerequisite to adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is a different release.
100 Upgrade and Downgrade Instructions for JUNOS Release 10.1 for M Series, MX Series, and T Series Routers
Loading...
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use