Juniper networks JUNOS 10.1 User Manual

Juniper Networks® JUNOS® 10.1 Software
Release Notes

Release 10.1R3
13 July 2010
Revision 4

These release notes accompany Release 10.1R3 of the JUNOS Software. They describe
device documentation and known problems with the software. JUNOS Software runs
on all Juniper Networks M Series, MX Series, and T Series routing platforms, SRX
Series Services Gateways, J Series Services Routers, and EX Series Ethernet Switches.

You can also find these release notes on the Juniper Networks JUNOS Software
Documentation Web page, which is located at

http://www.juniper.net/techpubs/software/junos.

Contents

JUNOS Software Release Notes for Juniper Networks M Series Multiservice

Edge Routers, MX Series Ethernet Service Routers, and T Series Core

Routers .....................................................................................................6

New Features in JUNOS Release 10.1 for M Series, MX Series, and T

Series Routers ....................................................................................6

Class of Service ..................................................................................6

High Availability ...............................................................................12

Interfaces and Chassis ......................................................................12

JUNOS XML API and Scripting ..........................................................18

MPLS Applications ............................................................................21

Multiplay ..........................................................................................22

Routing Policy and Firewall Filters ....................................................23

Routing Protocols .............................................................................24

Services Applications ........................................................................27

Subscriber Access Management .......................................................27

System Logging ................................................................................36

■ 1

JUNOS 10.1 Software Release Notes

User Interface and Configuration ......................................................38

Changes in Default Behavior and Syntax in JUNOS Release 10.1 for M

Series, MX Series, and T Series Routers ............................................42

Class of Service ................................................................................42

Forwarding and Sampling ................................................................42

Interfaces and Chassis ......................................................................42

Layer 2 Ethernet Services .................................................................46

MPLS Applications ............................................................................46

Multiplay ..........................................................................................47

Routing Policy and Firewall Filters ....................................................47

Routing Protocols .............................................................................47

Services Applications ........................................................................48

Subscriber Access Management .......................................................50

User Interface and Configuration ......................................................51

VPNs ................................................................................................52

Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series

Routers .............................................................................................54

Current Software Release .................................................................54

Previous Releases .............................................................................73

Errata and Changes in Documentation for JUNOS Software Release 10.1

for M Series, MX Series, and T Series Routers ..................................94

Changes to the JUNOS Documentation Set .......................................94

Errata ...............................................................................................94

Upgrade and Downgrade Instructions for JUNOS Release 10.1 for M

Series, MX Series, and T Series Routers ............................................98

Basic Procedure for Upgrading to Release 10.1 ................................98

Upgrading a Router with Redundant Routing Engines ....................101

Upgrading Juniper Routers Running Draft-Rosen Multicast VPN to

JUNOS Release 10.1 .................................................................101

Upgrading the Software for a Routing Matrix .................................103

Upgrading Using ISSU .....................................................................104

Upgrading from JUNOS Release 9.2 or Earlier on a Router Enabled

for Both PIM and NSR ..............................................................104

Downgrade from Release 10.1 .......................................................105

JUNOS Software Release Notes for Juniper Networks SRX Series Services

Gateways and J Series Services Routers ................................................107

New Features in JUNOS Release 10.1 for SRX Series Services Gateways

and J Series Services Routers ..........................................................107

Software Features ...........................................................................108

Hardware Features .........................................................................122

Changes In Default Behavior and Syntax in JUNOS Release 10.1 for SRX

Series Services Gateways and J Series Services Routers ..................123

Application Layer Gateways (ALGs) ................................................123

Chassis Cluster ...............................................................................124

Command-Line Interface (CLI) ........................................................125

Configuration .................................................................................127

Flow and Processing .......................................................................128

Interfaces and Routing ...................................................................129

Intrusion Detection and Prevention (IDP) .......................................129

J-Web .............................................................................................130

Management and Administration ...................................................130

2 ■

Security ..........................................................................................131

WLAN .............................................................................................131

Known Limitations in JUNOS Release 10.1 for SRX Series Services

Gateways and J Series Services Routers ..........................................132

[accounting-options] Hierarchy ......................................................132

AX411 Access Point .......................................................................132

Chassis Cluster ...............................................................................132

Command-Line Interface (CLI) ........................................................133

Dynamic VPN .................................................................................134

Flow and Processing .......................................................................134

Hardware .......................................................................................135

Interfaces and Routing ...................................................................136

Intrusion Detection and Prevention (IDP) .......................................138

J-Web .............................................................................................139

NetScreen-Remote ..........................................................................140

Network Address Translation (NAT) ................................................140

Performance ..................................................................................141

SNMP .............................................................................................141

System ...........................................................................................141

Unified Threat Management (UTM) ................................................141

VPNs ..............................................................................................141

WLAN .............................................................................................141

Issues in JUNOS Release 10.1 for SRX Series Services Gateways and J

Series Services Routers ...................................................................142

Outstanding Issues In JUNOS Release 10.1 for SRX Series Services

Gateways and J Series Services Routers ...................................142

Resolved Issues in JUNOS Release 10.1 for SRX Series Services

Gateways and J Series Services Routers ...................................162

Errata and Changes in Documentation for JUNOS Release 10.1 for SRX

Series Services Gateways and J Series Services Routers ..................165

Application Layer Gateways (ALGs) ................................................165

Attack Detection and Prevention ....................................................165

CLI Reference .................................................................................166

Command-Line Interface (CLI) ........................................................166

CompactFlash Card Support ...........................................................166

Flow and Processing .......................................................................166

Hardware Documentation ..............................................................167

Installing Software Packages ..........................................................168

Integrated Convergence Services ....................................................169

Interfaces and Routing ...................................................................169

Intrusion Detection and Prevention (IDP) .......................................170

J-Web .............................................................................................172

Screens ...........................................................................................172

Hardware Requirements for JUNOS Release 10.1 for SRX Series Services

Gateways and J Series Services Routers ..........................................172

Transceiver Compatibility for SRX Series and J Series Devices .......173

Power and Heat Dissipation Requirements for J Series PIMs ..........173

Supported Third-Party Hardware for J Series Services Routers .......173

J Series CompactFlash and Memory Requirements ........................174

■ 3

JUNOS 10.1 Software Release Notes

Dual-Root Partitioning Scheme Documentation for SRX Series Services

Gateways ........................................................................................175

Dual-Root Partitioning Scheme .......................................................175

Maximizing ALG Sessions .....................................................................183

Using Dual Chassis Cluster Control Links: Upgrade Instructions for the

Second Routing Engine ..................................................................184

Upgrade and Downgrade Instructions for JUNOS Release 10.1 for SRX

Series Services Gateways and J Series Services Routers ..................185

JUNOS Software Release Notes for EX Series Switches ................................186

New Features in JUNOS Release 10.1 for EX Series Switches ................186

Hardware .......................................................................................187

Access Control and Port Security ....................................................187

Bridging, VLANs, and Spanning Trees ............................................187

Class of Service (CoS) .....................................................................188

Infrastructure .................................................................................188

Interfaces .......................................................................................188

Layer 2 and Layer 3 Protocols ........................................................188

Management and RMON ................................................................188

MPLS ..............................................................................................189

Packet Filters ..................................................................................189

Changes in Default Behavior and Syntax in JUNOS Release 10.1 for EX

Series Switches ...............................................................................189

Layer 2 and Layer 3 Protocols ........................................................190

Infrastructure .................................................................................190

User Interface and Configuration ....................................................190

Limitations in JUNOS Release 10.1 for EX Series Switches ....................190

Access Control and Security ...........................................................191

Class of Service ..............................................................................191

Firewall Filters ................................................................................191

Infrastructure .................................................................................191

Interfaces .......................................................................................192

Outstanding Issues in JUNOS Release 10.1 for EX Series Switches ........193

Access Control and Port Security ....................................................193

Bridging, VLANs, and Spanning Trees ............................................193

Class of Service ..............................................................................193

Infrastructure .................................................................................194

Interfaces .......................................................................................194

J-Web Interface ...............................................................................194

Resolved Issues in JUNOS Release 10.1 for EX Series Switches .............196

Access Control and Port Security ....................................................196

Bridging, VLANs, and Spanning Trees ............................................196

Class of Service ..............................................................................197

Firewall Filters ................................................................................197

Hardware .......................................................................................197

Infrastructure .................................................................................197

J-Web Interface ...............................................................................198

Errata in Documentation for JUNOS Release 10.1 for EX Series

Switches .........................................................................................199

4 ■

Upgrade and Downgrade Issues for JUNOS Release 10.1 for EX Series

Switches .........................................................................................200

Upgrading or Downgrading from JUNOS Release 9.4R1 for EX Series

Switches ..................................................................................200

Upgrading from JUNOS Release 9.3R1 to Release 10.1 for EX Series

Switches ..................................................................................200

Upgrading from JUNOS Release 9.2 to Release 10.1 for EX Series

Switches ..................................................................................201

Downgrading from JUNOS Release 10.1 to Release 9.2 for EX4200

Switches ..................................................................................202

JUNOS Documentation and Release Notes ..................................................203

Documentation Feedback ............................................................................203

Requesting Technical Support .....................................................................203

Revision History ..........................................................................................205

■ 5

JUNOS 10.1 Software Release Notes

JUNOS Software Release Notes for Juniper Networks M Series Multiservice Edge Routers, MX Series Ethernet Service Routers, and T Series Core Routers

■ New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series

Routers on page 6

■ Changes in Default Behavior and Syntax in JUNOS Release 10.1 for M Series,

MX Series, and T Series Routers on page 42

■ Issues in JUNOS Release 10.1 for M Series, MX Series, and T Series

Routers on page 54

■ Errata and Changes in Documentation for JUNOS Software Release 10.1 for M

Series, MX Series, and T Series Routers on page 94

■ Upgrade and Downgrade Instructions for JUNOS Release 10.1 for M Series, MX

Series, and T Series Routers on page 98

New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

The following features have been added to JUNOS Release 10.1. Following the
description is the title of the manual or manuals to consult for further information.

Class of Service

■ Intelligent oversubscription service support (MX Series routers with Trio

MPC/MIC interfaces)—Arriving packets are assigned to one of two traffic classes
(control and best-effort) based on their header types and destination MAC address.
This allows for lower priority packets to be dropped more intelligently when
oversubscription occurs. Only packets mapped to queue 3 are marked as control
packets. Protocols such as telnet, FTP, and SSH that are mapped to queue 0 are
classified as best-effort. No configuration is necessary, but the queue assignments
can be altered with a multifield classifier.

[Class of Service]

■ CoS aspects of the MPC/MIC (MX Series routers with Trio MPC/MIC

interfaces)—Cover all aspects of CoS configuration for this hardware combination.
Support includes shaping rates at the queue level, configurable bandwidth profiles
with percentages, dynamic bandwidth allocation among different services,
scheduler node scaling, and delay buffer allocation. To configure, include the
relevant statements at the [edit class-of-service] hierarchy level and apply them
if necessary at other hierarchy levels such as the [edit interfaces] hierarchy level.

[Class of Service, Network Interfaces]

■ Per-priority shaping (MX Series platforms with Trio MPC/MIC

interfaces)—Enables you to configure a separate shaping rate for each of the
five priority levels so that higher priority services such as voice and video do not
starve lower priority services such as data. To configure, include the

shaping-rate-(excess | priority)-level rate [ burst-size burst ] statement at the [edit
class-of-service traffic-control-profiles tcp-name] hierarchy level and apply the traffic

control profile at the [edit interfaces] hierarchy level.

[Class of Service]

6 ■ JUNOS Software Release Notes for Juniper Networks M Series Multiservice Edge Routers, MX Series Ethernet Service Routers,

and T Series Core Routers

New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

■ Distribute excess bandwidth among different services for a subscriber (MX

Series routers with Trio MPC/MIC interfaces)—Service providers often use
tiered services that must carry excess bandwidth as traffic patterns vary. By
default, excess bandwidth between a configured guaranteed rate and shaping
rate is shared equally among all queues, which might not be optimal for all
subscribers to a service. You can control the distribution of this excess bandwidth
with the excess-rate statement. To configure the excess rate for a traffic control
profile, include the excess-rate statement at the [edit class-of-service

traffic-control-profiles tcp-name] hierarchy level and apply the traffic control profile

at the [edit interfaces] hierarchy level. To configure the excess rate for a queue,
include the excess-rate and excess-priority statements at the [edit class-of-service

scheduler scheduler-name] hierarchy level.

[Class of Service]

■ Scheduler node scaling (MX Series routers with Trio MPC/MIC interfaces)—The

hardware supports multiple levels of scheduler nodes. In per-unit-scheduling
mode, each logical interface (unit) can have four or eight queues and has a
dedicated level 3 scheduler node. The logical interfaces share a common level
2 node (one per port). In hierarchical-scheduling mode, a set of logical interfaces,
each with four or eight queues, has a level 2 CoS profile and one of its logical
interface children has a level 3 CoS profile. To better control system resources
in hierarchical-scheduling mode, you can limit the number of hierarchical levels
in the scheduling hierarchy to two. In this case, all logical interfaces and interface
sets with CoS profiles share a single (dummy) level 2 node, thereby increasing
the maximum number of logical interfaces with CoS profiles (the interface sets
must be at level 3). To configure scheduler node scaling, include the

maximum-hierarchy-levels statement at the [edit interfaces xe-fpc/pic/port
hierarchical-scheduler] hierarchy level. The only supported value is 2.

[Class of Service, Network Interfaces]

■ Forwarding-class aliases (M320 and T Series routers)—Enable you to configure

up to 16 forwarding classes and 8 queues, with multiple forwarding classes
assigned to single queues. To configure, include the class and queue-num
statements at the [edit class-of-service forwarding-classes] hierarchy level.

[Class of Service]

■ VLAN shaping on aggregate devices (MX Series routers with Trio MPC/MIC

interfaces)—VLAN shaping (per-unit scheduling) is supported on aggregated
Ethernet interfaces when link protection is enabled on the aggregated Ethernet
interface. When VLAN shaping is configured on aggregate Ethernet interfaces
with link protection enabled, the shaping is applied to the active child link. To
configure link protection on aggregated Ethernet interfaces, include the

link-protection statement at the [edit interfaces aex aggregated-ether-options]

hierarchy level. Traffic passes only through the designated primary link. This
includes transit traffic and locally generated traffic on the router. When the
primary link fails, traffic is routed through the backup link. You also can reverse
traffic, from the designated backup link to the designated primary link. To revert
back to sending traffic to the primary designated link when traffic is passing
through the designated backup link, use the revert command; for example, request

interfaces revert ae0. To configure a primary and a backup link, include the
primary and backup statements at the [edit interfaces ge-fpc/pic/port
gigether-options 802.3ad aex] hierarchy level or the [edit interfaces xe-fpc/pic/port
fastether-options 802.3ad aex] hierarchy level. To disable link protection, delete

New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers ■ 7

JUNOS 10.1 Software Release Notes

■ Re-marking of MVPN GRE encapsulation DCSP at ASBR (MX Series routers

■ PD-5-10XGE-SFPP, 10-port 10-Gigabit Ethernet (Type 4) PIC (T640, T1600,

the link-protection statement at the [edit interfaces aex aggregated-ether-options

link-protection] hierarchy level. To display the active, primary, and backup link

for an aggregated Ethernet interface, use the operational mode command show

interfaces redundancy aex.

[Class of Service, Network Interfaces]

with Trio MPC/MIC interfaces)—Enables you to configure DSCP marking for
GRE encapsulated packets that aligns with the service provider core CoS policy
for an MVPN. To configure, include the DSCP rewrite-rule dscp dscp-rule-name
with the values at the [edit class-of-service] hierarchy level and then apply the
rewrite rule to the core-facing multicast interface at the [edit class-of-service

interfaces] hierarchy level.

[Class of Service]

and TX Matrix routers with G-FPC4, ST-FPC4, and ST-FPC4.1)—Supports a
WAN bandwidth of 100 Gbps in addition to the following features:

■ Intelligent handling of oversubscribed traffic

■ Line rate operation on up to five 10-Gigabit Ethernet ports

■ Tap features, such as flexible encapsulation, source address (SA) MAC

learning, MAC accounting, and MAC policing

■ Stacked virtual LAN (VLAN) tag and VLAN rewrite functionalities

[Network Interfaces, Class of Service, PIC Guide]

■ Intelligent oversubscription services (MX Series with 16-port 10-Gigabit

Ethernet MPC with SFP+)—The 16-port 10-Gigabit Ethernet Modular Port
Concentrator (MPC) is an oversubscribed configuration. Consequently, it is
necessary to protect control traffic over best-effort traffic as soon as packets
enter the line card. To do this, packets entering the line card are assigned a
preclassifier control traffic class according to the header types (such as destination
MAC addresses, and Layer 4 ports) in the packet. The preclassifier provides a
good way to classify and queue important control traffic in a different high-priority
queue from that used for best-effort traffic.

The preclassifier (control or best effort) is assigned prior to packets being accepted
into the initial stream and is used by the line card as an early designation (before
any class-of-service configuration is applied). When oversubscription occurs,
control traffic will be queued separately and should not be subject to any dropped
packets.

The Layer 2 protocols supporting the preclassifier are:

■ 802.1ah

■ 802.1g

■ 802.1x

■ 802.3ad

■ ARP

8 ■ New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

■ GMRP

■ GVRP

■ LACP

■ PVST

■ xSTP

The Layer 3 protocols supporting the preclassifier are:

■ IGMP

■ IPv4/IPv6 ICMP

■ IPv4/IPv6 ISIS

■ IPv4/IPv6 OSPF

■ IPv4/IPv6 PIM

■ IPv4 Router Alert

■ IPv4/IPv6 RSVP

■ IPv4/IPv6 VRRP

The Layer 4 protocols supporting the preclassifier are:

■ IIPv4/ IPv6 BGP

■ IPv4/ IPv6 LDP

■ IPv4 UDP/L2TP

■ RIP (UDP port checks)

The preclassifier is also supported on label-switching encapsulation PPP.

[Class of Service]

■ Feature support on 16-port 10-Gigabit Ethernet MPC with SFP+ (MX Series

routers)—The following features are supported on the 16-port 10-Gigabit Ethernet
MPC with SFP+:

■ Accepts traffic destined for GRE tunnels or DVMRP (IP-in-IP) tunnels (JUNOS

Release 10.0R2)

■ Bidirectional Forwarding Detection (BFD) protocol (JUNOS Release 10.0R2)

■ Border Gateway Protocol (BGP) (JUNOS Release 10.0R2)

■ BGP/Multiprotocol Label Switching (MPLS) virtual private networks (VPNs)

(JUNOS Release 10.0R2)

■ Distance Vector Multicast Routing Protocol (DVMRP) and generic routing

encapsulation (GRE) support, access side and server side (JUNOS Release

10.0R2)

■ Firewall filters (JUNOS Release 10.0R2)

New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers ■ 9

JUNOS 10.1 Software Release Notes

■ Flexible Ethernet encapsulation (JUNOS Release 10.0R2)

■ Graceful Routing Engine switchover (GRES) (JUNOS Release 10.0R2)

■ Ingress differentiated (JUNOS Release 10.0R2)

■ Differentiated Services code point rewrite (DSCP) (JUNOS Release 10.0R2)

■ Intelligent oversubscription (JUNOS Release 10.0R2)

■ Integrated routing and bridging (IRB) (JUNOS Release 10.1R1)

■ Intermediate System-to-Intermediate System (IS-IS) (JUNOS Release 10.0R2)

■ Internet Group Management Protocol (IGMP) (excludes snooping) (JUNOS

Release 10.0R2)

■ IPv4 (JUNOS Release 10.0R2)

■ IP multicast (JUNOS Release 10.0R2)

■ Label Distribution Protocol (LDP) (JUNOS Release 10.0R2)

■ Labeled-switched path (LSP) accounting, policers, and filtering (JUNOS Release

10.0R2)

■ LAN-PHY mode (JUNOS Release 10.0R2)

■ Layer 2 frame filtering (JUNOS Release 10.0R2)

■ IEEE 802.3ad link aggregation (JUNOS Release 10.0R2)

■ Link Aggregation Control Protocol (LACP) (JUNOS Release 10.0R2)

■ Local loopback (JUNOS Release 10.0R2)

■ MAC learning, policing (JUNOS Release 10.0R2)

■ Multiple tag protocol identifiers (TPIDs), accounting, and filtering (JUNOS

Release 10.0R2)

■ Multiprotocol Label Switching (MPLS) (JUNOS Release 10.0R2)

■ Nonstop active routing (NSR) (JUNOS Release 10.0R2)

■ Multitopology routing (MTR) (JUNOS Release 10.0R2)

■ Open Shortest Path First (OSPF) (JUNOS Release 10.0R2)

■ Packet mirroring (JUNOS Release 10.0R2)

■ Quality of service (QoS) per port: (JUNOS Release 10.0R2)

■ Eight queues per port

■ Excess-rate configuration at the traffic-control-profile level

■ Excess-rate and excess-priority configuration at the queue level

■ Shaping at the port level

10 ■ New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

■ Shaping at the queue level

■ Scheduling of queues based on weighted round-robin (WRR) per priority

class

■ Tricolor marking

■ Weighted random early detection (WRED)

■ QoS per virtual LAN (VLAN): (JUNOS Release 10.0R2)

■ Accounting, filtering, and policing

■ IEEE 802.1p rewrite

■ Classification

■ Excess-rate configuration at the traffic-control-profile level

■ Tricolor marking

■ Resource Reservation Protocol (RSVP) (JUNOS Release 10.0R2)

■ Routing Information Protocol (RIP) (JUNOS Release 10.0R2)

■ Simple Network Management Protocol (SNMP) (JUNOS Release 10.0R2)

■ IEEE 802.1Q VLANs: (JUNOS Release 10.0R2)

■ VLAN stacking and rewriting

■ Channels defined by two stacked VLAN tags

■ Flexible VLAN tagging

■ IP service for nonstandard TPID and stacked VLAN tags

■ Virtual private LAN service (VPLS) (JUNOS Release 10.0R2)

■ Virtual private network (VPN) (JUNOS Release 10.0R2)

■ Virtual Router Redundancy Protocol (VRRP) for IPv4 (JUNOS Release 10.0R2)

To support these features, some modifications have been made to the following
configuration statements:

■ The ability to configure the DSCP as the action of a filter rule is already

present in the JUNOS Software. However, with this line card, the value range
permitted is modified from 0, to 0 through 63. To include DSCP as the action
of a filter rule, include the dscp value parameter at the [edit firewall filter

filter-name] hierarchy level.

■ To fully leverage the features offered through the new chipset on the line

card, include the enhanced-hash-key option at the [edit forwarding-options]
hierarchy level.

[Class of Service]

New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers ■ 11

JUNOS 10.1 Software Release Notes

■ IEEE 802.1ak-2007 MVRP (MX Series routers)—The Multiple VLAN Registration

■ Elevated packet drops during oversubscription (MX Series routers with Trio

Protocol (MVRP) is a standards-based Layer 2 network protocol used among
switches to dynamically share and update VLAN information with other bridges.
VLAN information exchanged includes:

■ The set of VLANs that currently have active members

■ The ports through which the active members can be reached

To operate MVRP, edge ports should have the static VLAN configuration. The
edge ports will not be configured for MVRP. MVRP is only enabled on the
core-facing trunk ports where no static VLANs are configured.

To configure MVRP, include the mvrp statement and desired options at the [edit

protocols] hierarchy level.

[Class of Service]

MPC/MIC interfaces)—During periods of oversubscription, the WRED process
drops more packets than expected from relatively full queues. There is no
configuration for this feature, which transparently applies scaling to
oversubscribed queues.

High Availability

Interfaces and Chassis

[Class of Service]

■ Enhancements to unified ISSU support on PICs (T Series)—JUNOS Release 10.1

extends unified ISSU support for the following PICs to T Series routers:

■ PB-1CHOC12-STM4-IQE-SFP, 1-port channelized OC12/STM4 enhanced IQ

PIC

■ PB-1OC12-STM4-IQE-SFP, 1-port nonchannelized OC12/STM4 enhanced IQ

PIC

■ PB-4CHDS3-E3-IQE-BNC, 4-port channelized DS3/E3 enhanced IQ PIC

■ PB-4DS3-E3-IQE-BNC, 4-port non-channelized DS3/E3 enhanced IQ PIC

[High Availability]

■ New 60-Gigabit Ethernet Queuing MPC (model number

MX-MPC2-3D-Q)—Supported on MX Series routers. For a list of supported MPCs,
see the MX Series Line Card Guide.

■ New 60-Gigabit Ethernet MPC (model number MX-MPC2-3D)—Supported on

MX Series routers. For a list of supported MPCs, see the MX Series Line Card
Guide.

■ New 60-Gigabit Ethernet Enhanced Queuing MPC (model number

MX-MPC2-3D-EQ)—Supported on MX Series routers. For a list of supported
MPCs, see the MX Series Line Card Guide.

12 ■ New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

■ New 20-port Gigabit Ethernet MIC with SFP (model number

MIC-3D-20GE-SFP)—Supported on MX Series routers. For a list of supported
MPCs, see the MX Series Line Card Guide.

■ New Modular Port Concentrators (MPCs) and Modular Interface Cards

(MICs)—Supported on MX Series platforms. Up to two MICs plug into the MPC
to provide the physical interface for the MPC line card. The MPCs provide
increased capacity on Gigabit Ethernet and 10-Gigabit Ethernet hardware. For a
list of supported MPCs and MICs, see the MX Series Line Card Guide.

[Network Interfaces]

■ New 4-port 10-Gigabit Ethernet MIC with XFP (model number

MIC-3D-4XGE-XFP)—Supported on MX Series routers. For a list of supported
MPCs, see the MX Series Line Card Guide.

■ Layer 2 VPLS, IRB, and mesh group feature parity (MX Series routers with

Trio MPC/MIC interfaces)—Support for Layer 2 feature parity with JUNOS Release

9.1 on MX Series routers that include Trio Modular Port Concentrators (MPCs)
and Modular Interface Cards (MICs).

Layer 2 feature parity includes:

■ Layer 2 bridging

■ VPLS forwarding

■ MAC address learning, aging, and MAC address limit

■ Mesh group support

■ Implicit VLAN mapping

■ Integrated routing and bridging (IRB)

■ Multicast over IRB

■ MAC statistics

Layer 2 features that are not supported in this release include:

■ Spanning Tree Protocols (xSTP)

■ VLAN Spanning Tree Protocol (VSTP)

■ Multiple Spanning Tree Protocol (MSTP)

■ Rapid Spanning Tree Protocol (RSTP)

■ Layer 2 Tunneling Protocol (L2TP)

■ Upgrading a T1600 router to be the LCC0 of the TX Matrix Plus platform—You

can now upgrade an operational T1600 router to be the lcc0 in a newly configured
TX Matrix Plus platform. The procedures require JUNOS Release 10.1 on the TX
Matrix Plus router and the T1600 router. Reboot is required to transfer control
of the T1600 router to the routing matrix. You can also downgrade the lcc0 to
a standalone T1600 router by rolling back to the former configuration. Upgrade
and integration of subsequent operational T1600 routers to form lcc1 and lcc2

New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers ■ 13

JUNOS 10.1 Software Release Notes

■ Per-unit scheduling for GRE tunnels using IQ2 PICs (M7i, M10i, M120, and

(and so on) is not supported. Use the offline procedures to upgrade and integrate
the remaining T1600 routers into the routing matrix.

[TX Matrix Plus Hardware, System Basics and Services Command Reference]

M320 routers with E3–FPC)—Supports enhanced IQ2 PIC and IQ2E PIC
performance, adding all functionality of tunnel PICs. The QoS for the GRE tunnel
traffic will be applied as the traffic is looped through the IQ2/IQ2E PIC.

Shaping is performed on full packets that pass through the GRE tunnel.

IQ2 and IQ2E PICs support all interfaces that are supported on tunnel PICs, as
follows:

■

gr-fpc/pic/port

■

vt-fpc/pic/port

■

lt-fpc/pic/port

■

ip-fpc/pic/port

■

pe-fpc/pic/port

■

pd-fpc/pic/port

■

mt-fpc/pic/port

The port variable is always zero.

The provided tunnel functionality is the same as that of regular tunnel PICs.

When tunnel services are enabled on IQ2 and IQ2E PICs, they work exclusively
as tunnel PICs. The physical ports on the PICs cannot be used in tunnel mode.
To configure exclusive tunnel mode, use the tunnel-only statement at the [chassis

fpc number pic number] hierarchy level.

You can use the show interfaces queue gr-fpc/pic/port command to display
statistics for the specified tunnel.

[Network Interfaces, Class of Service, PIC Guide]

■ Root System Domain (RSD) configuration of logical interface filters on shared

interfaces (JCS1200 platform)—Enables Root System Domain (RSD) configuration
support for logical interface filters on shared interfaces. In previous releases,
logical interface filters were configured on each Protected System Domain (PSD).
This release supports configuration on the RSD.

To configure a logical interface filter on the RSD, apply the firewall filter to the
logical interface on the shared interface by including the filter output filter-name
statement at the [edit interfaces interface-name unit logical-unit-number] hierarchy
level on the RSD.

Filtering is performed on the PSD, but logical interface filters configured on the
RSD are applied automatically by the PSD. Filters configured on the RSD can
co-exist with filters configured on the PSD. Counter statistics related to PSD
filtering are available on the RSD.

[Protected System Domain]

14 ■ New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

■ Two new AC power supply modules in chassis—The JUNOS Software now

supports two new AC power supply modules on T640 and T1600 routers: AC
Power Entry Module 10kW US and AC Power Entry Module 10kW EMEA (for
U.S. and EMEA markets, respectively). The two Power Entry Modules (PEMs)
cannot interoperate and the JUNOS Software reports an alarm when they do.
The show chassis environment pem command output will show AC Input: status
instead of DC Input: status and the Temperature will show the actual temperature
reading. Two new power supply descriptions, US and EMEA, are added to
distinguish the new modules from existing ones in the output of the show chassis

hardware command output.

[System Basics and Service Command Reference]

■ Next-hop cloning and permutations disabled in T Series enhanced scaling

FPCs (FPC Type 1-ES, FPC Type 2-ES, FPC Type 3-ES, and FPC Type 4-ES)—The
next-hop cloning and permutations are now disabled in these FPCs with enhanced
load-balancing capability. As a result, the memory utilization is reduced for a
highly scaled system with a high number of next hops on ECMP or aggregated
interfaces.

[System Basics]

■ Fragmentation support for GRE-encapsulated packets (Multiservices DPC)

(M120, M7i/M10i with enhanced CFEB, M320 with E3 FPC, and MX Series
routers only)—Enables the Packet Forwarding Engine to update the IP

identification field in the outer IP header of packets encapsulated with generic
routing encapsulation (GRE), so that reassembly of the packets is possible after
fragmentation. The previous CLI constraint check that requires you to configure
either the clear-dont-fragment-bit statement or a tunnel key with the

allow-fragmentation statement is no longer enforced. There are no associated

changes to the CLI statements or operational mode commands.

NOTE: For other routers, the earlier configuration constraint check still holds.

[Services Interfaces, MPLS Applications, MX Series Layer 2 Configuration Guide]

■ NAT compliance enhancements—Add modifications to the existing NAT

functionality on the services PICs to achieve compliance with RFCs UDP 4787,
TCP 5382, and ICMP 5508. These enhancements apply to IPv4–IPv4, IPv6–IPv6,
and IPv4–IPv6 source NAT and are not supported with destination NAT. New
CLI configuration settings associated with RFC 4787 include the mapping-timeout
statement at the [edit services nat pool pool-name] hierarchy level and the

address-pooling, filtering-type, and mapping-type statements at the [edit services
nat rule rule-name term term-name then translated] hierarchy level. There are no

associated changes to the operational mode commands.

[Services Interfaces]

■ Support for VRF in Routing Engine-based sampling on M Series, M320, MX

Series, M120, and T Series routers—For VRF Routing Engine-based sampling,
the kernel queries the correct VRF route table based on the ingress interface
index for the received packet. For interfaces configured in VRF, the sampled

New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers ■ 15

JUNOS 10.1 Software Release Notes

■ New 4-port Channelized OC12 Enhanced Intelligent Queuing (IQE) type 3

packets contain the correct input and output interface SNMP index, the source
and destination AS numbers, and the source and destination mask.

There are two ways to verify the sampled packets. The first is to include the file

sampled statement at the [edit forwarding-options sampling traceoptions] hierarchy

level and the local dump statement at the [edit forwarding-options family inet output

flow-server server] hierarchy level, and check the sampled file using the tail –f
/var/tmp/sampled command from the router shell. The second is to export and

verify the sampled packets to the flow-server.

[Services Interfaces, Feature Guide]

PIC (M Series and T Series routers)—Provides increased channelization and an
improved QoS model; with channelization capabilities and scaling that make it
ideal for edge aggregation.

Improved QoS functionality supports policing based on DSCP/IPPREC/EXP, five
priority levels, two shaping rates (CIR and PIR), option to use shared scheduling
on set of logical interfaces, DSCP rewrite on ingress, and configurable delay
buffers for queueing. The QoS capabilities provide service differentiation for
service providers.

The interface configuration syntax of existing IQ PICs is retained, but
configuration limits are changed to match the augmented capabilities of IQE
PICs.

All functionality available on the 4-port Channelized OC12 IQ Type 2 PIC is
supported by this PIC.

[Network Interfaces]

■ Enhanced Intelligent Queuing (IQE) PICs add support for T3 and T1

channelization under SDH framing (M40e, M120, and M320 with Sahara-FPC,
and T Series routers)—The following IQE PICs are supported:

■ 1-port COC48 IQE

■ 4-port COC12 IQE

■ 1-port COC12 IQE

■ 2-port COC3 IQE

The JUNOS Software supports T1 and CT1 interface types under CAU4. To
configure T1 and CT1 interfaces under CAU4, use the t1 and ct1 statements at
the [edit interfaces cau4-fpc/pic/port:unit partition number interface-type] hierarchy
level.

With T1 and CT1 interface configurations under CAU4 interfaces, you can
configure a maximum of 84 T1 or CT1 inerfaces. However, the partition range
under CAU4 interfaces was previously restricted to from 1 to 63. This range has
increased to from 1 to 84 for T1 and CT1 interfaces.

The JUNOS Software supports T1, CT1, T3, and CT3 interfaces under Channelized
AU4 partitions. To configure T1, CT1, T3, and CT3 interfaces under Channelized
AU4, use the ct1 and t1 statements at the [edit interfaces cau4-fpc/pic/port:unit

partition partition-number] hierarchy level or the ct3 and t3 statements at the [edit
interfaces cau4-fpc/pic/port:unit partition number interface-type] hierarchy level.

16 ■ New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

The JUNOS Software also supports M13 mapped T1 interfaces under CAU4. To
configure a T1 interface under CAU4, use the t1 statement at the [edit interfaces

cau4-fpc/pic/port:unit partition partition-number interface-type t1] or [edit interfaces
cau4-fpc/pic/port:unit partition partition-number interface-type ct1] hierarchy level.

The JUNOS Software does not allow combined configurations of E1 and E3
interfaces together under a CAU4 interface.

Similarly, you cannot mix T1, E1, T3, and E3 interfaces directly under CAU4.

NOTE: The TUG-3 partition is not supported.

ITU-T VT-mapping in combination with TUG3 partition is not supported.

[Network Interfaces, PIC Guide]

■ Stateful firewall chaining for FTP, TFTP, and RTSP data sessions (MX Series

routers with Multiservices DPCs, and M120 or M320 routers with Multiservices
400 PICs)—Adds support for stateful firewall rule sets in Dynamic Application

Awareness for JUNOS Software service chains. New application-level gateways
(ALGs) are available for FTP (junos-ftp), TFTP (junos-tftp), and RTSP (junos-rtsp);
you can include them as values for the applications statement at the [edit services

stateful-firewall rule rule-name term term-name from] hierarchy level. In addition,

you can include new statement options at the [edit interfaces ms-fpc/pic/port

services-options ignore-errors] hierarchy level to enable stateful firewall sessions

to operate in a no-drop mode and ignore various traffic errors that would normally
result in dropped packets. There are no CLI changes in the APPID, IDP, AACL,
or L-PDF configurations. The associated operational mode commands should
report the new applications when identified.

[Services Interfaces]

New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers ■ 17

JUNOS 10.1 Software Release Notes

JUNOS XML API and Scripting

18 ■ New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

■ New JUNOS XML API operational request tag elements—Table 1 on page 19

lists the JUNOS Extensible Markup Language (XML) operational request tag
elements that are new in JUNOS Release 10.1, along with the corresponding CLI
command and response tag element for each one.

Table 1: JUNOS XML Tag Elements and CLI Command Equivalents New in JUNOS 10.1

Response Tag ElementCLI CommandRequest Tag Element

NONEclear dhcpv6 server binding<clear-dhcpv6-server-binding-information>

clear_dhcpv6_server_binding_information

NONEclear dhcpv6 server statistics<clear-dhcpv6-server-statistics-information>

clear_dhcpv6_server_statistics_information

NONEclear mpls static-lsp<clear-mpls-static-lsp-information>

clear_mpls_static_lsp_information

NONEclear mvrp statistics<clear-mvrp-interface-statistics>

clear_mvrp_interface_statistics

clear_idp_appddos_cache

clear_idp_status_information

clear_vrrp_information

clear_vrrp_interface_statistics

request_script_refresh_from

get_dhcpv6_server_binding_information

get_dhcpv6_server_statistics_information

get_mpls_static_lsp_information

get_mvrp_information

get_mvrp_applicant_information

NONEclear security idp application-ddos cache<clear-idp-appddos-cache>

<clear-idp-status-information>clear security idp status<clear-idp-status-information>

<vrrp-message>clear vrrp<clear-vrrp-information>

<vrrp-message>clear vrrp interface<clear-vrrp-interface-statistics>

NONErequest system scripts refresh-from<request-script-refresh-from>

<dhcpv6-server-binding-information>show dhcpv6 server binding<get-dhcpv6-server-binding-information>

<dhcpv6-server-statistics-information>show dhcpv6 server statistics<get-dhcpv6-server-statistics-information>

<mpls-static-lsp-information>show mpls static-lsp<get-mpls-static-lsp-information>

<mvrp-information>show mvrp<get-mvrp-information>

<mvrp-applicant-state>show mvrp applicant-state<get-mvrp-applicant-information>

get_mvrp_dynamic_vlan_memberships

get_mvrp_interface_information

New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers ■ 19

<mvrp-vlan-information>show mvrp dynamic-vlan-memberships<get-mvrp-dynamic-vlan-memberships>

<mvrp-interface-information>show mvrp interface<get-mvrp-interface-information>

JUNOS 10.1 Software Release Notes

Table 1: JUNOS XML Tag Elements and CLI Command Equivalents New in JUNOS 10.1 (continued)

Response Tag ElementCLI CommandRequest Tag Element

<mvrp-registration-information>show mvrp registration-state<get-mvrp-registration-state>

get_mvrp_registration_state

<mvrp-interface-statistics>show mvrp statistics<get-mvrp-interface-statistics>

get_mvrp_interface_statistics

<idp-subscriber-policy-list>show security idp policies<get-idp-subscriber-policy-list>

get_idp_subscriber_policy_list

<idp-policy-template-information>show security idp policy-templates-list<get-idp-policy-template-information>

get_idp_policy_template_information

<idp-detail-status-information>show security idp status detail<get-idp-detail-status-information>

get_idp_detail_status_information

<service-nat-mapping-information>show services nat mappings<get-service-nat-mapping-information>

get_service_nat_mapping_information

get_task_memory_information

get_vrrp_information

get_vrrp_interface_information

get_vrrp_track_interfaces

<task-memory-information>show task memory<get-task-memory-information>

<vrrp-information>show vrrp<get-vrrp-information>

<vrrp-information>show vrrp interface<get-vrrp-interface-information>

<vrrp-information>show vrrp track<get-vrrp-track-interfaces>

20 ■ New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

MPLS Applications

New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

[JUNOS XML API Operational Reference]

■ Static LSPs at the ingress router—You can now configure a named static LSP

at the ingress router. This feature allows you to configure multiple static LSPs
between two specific routers. It is not necessary to configure unique names for
static versus dynamic LSPs (a static LSP could have the same name as a dynamic
LSP configured on the same router). This feature also allows you to configure a
single-hop static LSP by specifying either an explicit null label or no label.

To configure a static LSP on an ingress router, include the ingress statement at
the [edit protocols mpls static-label-switched-path static-lsp-name] hierarchy level.
You must also configure the to and next-hop statements at the [edit protocols mpls

static-label-switched-path static-lsp-name] hierarchy level. You can optionally

configure the push statement. If you configure the push statement, you must
specify a non-reserved label in the range of 0 through 1,048,575.

To display information about ingress static LSPs, issue the show mpls lsp static

ingress command. To display routing table entries corresponding to ingress static

LSPs, issue the show route table inet.3 command or the show route next-hop

next-hop-ip-address static-label-switched-path static-lsp-name command.

[MPLS, Routing Protocols and Policies Command Reference]

■ Static LSPs at the transit router—You can now configure a named static LSP

on a transit router. To configure a transit static LSP, include the transit statement
at the [edit protocols mpls static-label-switched-path path-name] hierarchy level
and include the next-hop statement at the [edit protocols mpls

static-label-switched-path static-lsp-name] hierarchy level. You must also configure

either the pop or the swap statement at the [edit protocols mpls

static-label-switched-path static-lsp-name transit] hierarchy level. If you configure

the swap statement, you must specify a non-reserved label in the range of 0
through 1,048,575.

The transit static LSP is added to the mpls.0 routing table. You should configure
each static LSP using a unique name and at least a unique incoming label on the
router. Each transit static LSP can have one or more incoming labels configured.
If a transit LSP has more than one incoming label, each would effectively operate
as an independent LSP, meaning you could configure all of the related LSP
attributes for each incoming label. The range of incoming labels available is
limited to the standard static LSP range of labels (1,000,000 through 1,048,575).
To verify that a static LSP has been added to the routing table, issue the show

route table mpls.0 command.

[MPLS]

■ Bypass static LSPs—You can now configure a named bypass static LSP for ingress

and transit static LSPs, to be used if the primary LSP fails. To configure a bypass
static LSP, include the bypass statement at the [edit protocols mpls

static-label-switched-path path-name] hierarchy level. You must also configure the
to and next-hop statements at the [edit protocols mpls static-label-switched-path
static-lsp-name bypass] hierarchy level. You can also configure link and node

protection for static LSPs. If you configure both link and node protection for the
static LSP and the primary link fails, the node protection feature is preferred.

New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers ■ 21

JUNOS 10.1 Software Release Notes

■ Static LSP revert timer—You can now configure a revert timer for ingress and

[MPLS]

transit static LSPs. After traffic has been switched to a bypass static LSP, it is
typically switched back to the primary static LSP when it comes back up. There
is a configurable delay in the time (called the revert timer) between when the
primary static LSP comes up and when traffic is reverted back to it from the
bypass static LSP. This delay is needed because when the primary LSP comes
back up, it is not certain whether all of the interfaces on the downstream node
of the primary path have come up yet. The delay range is from 0 through 65,535
seconds and is configurable at each interface. If you configure a value of 0, traffic
is never automatically reverted to the primary LSP, even if it does come back
up. The only exception is if the bypass LSP goes down. The default value is 5
seconds. To configure the revert timer for an interface, include the

protection-revert-time statement at the [edit protocols mpls interface interface-name
static] hierarchy level. You can display the revert timer value for an interface

using the show mpls interface detail command.

[MPLS]

Multiplay

■

Static LSP traceoptions—You can now configure the traceoptions statement to
trace messages related to ingress and transit static LSPs by including the static
flag at the [edit protocols mpls traceoptions flag] hierarchy level.

[MPLS]

■ Static LSP statistics—You can now display statistics related to MPLS static LSPs

by issuing the show mpls static-lsp statistics command and the monitor static-lsp

lsp-name command. The show mpls static-lsp statistics command includes the

following options: ingress, transit, bypass, and name static-lsp-name. This command
displays the packet count and byte count for the static LSP. You can clear the
statistics for static LSPs by issuing the clear mpls static-lsp statistics command.
You can also log the static LSP statistics to a file by specifying a file for the MPLS
statistics statement. You can configure this file using the set protocols mpls

statistics interval interval file filename command.

[MPLS, Routing Protocols and Policies Command Reference]

■ Border Gateway Function (BGF) RTCP XR reporting—Provides support for the

H.248 RECRTCPXR (Received RTCP Extended Reporting) and RECRTCPXRBM
(Received RTCP XR Burst Mode) reporting packages. The RECRTCPXR package
defines properties and statistics that provide extended quality-of-service metrics
received from the gateway controller. The RECRTCPXRBM package defines
properties and statistics that provide burst metrics received from the gateway
controller. Report data is available to the BGF when the gateway controller sends
the relevant XR reporting packets and RTCP monitoring is active. Not all gateway
controllers send the extended reporting packets. When XR packets are not
received, all XR fields are displayed as 0s (zeroes).

You can use the following existing command to display the RECRTCPXR and
RECRTCPXRBM report fields for a given gate-id: show services pgcp gate

gateway-name statistics gate-id gate-id.

[Multiplay Solutions, System Basics Command Reference]

22 ■ New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

■ Integrated Multi-Services Gateway (IMSG) failed call reporting—Provides more

extensive statistics on failed calls through improved show command output.

You can use the following existing command to display statistics on failed calls:

show services border-signaling-gateway calls-failed gateway gateway-name.

[Multiplay Solutions, System Basics Command Reference]

■ Integrated Multi-Services Gateway (IMSG) media release—Enables the IMSG

SIP function to release media resources when handling calls between two entities
in the same media realm (the virtual interface specified in the PGCP
configuration). When the new call usage policies for both entities allow media
release, media resources are shared instead of being reserved for both entities.
This improves the utilization of media resources and prevents latency.

To configure media release, enter the media-release statement at the [edit services

border-signaling-gateway gateway-name sip new-call-usage-policy policy-name term
term-name then media-policy] hierarchy level.

[Multiplay Solutions, Services Interfaces]

Routing Policy and Firewall Filters

■ New MPLS firewall filter match conditions (T Series routers)—The JUNOS

NOTE: New filter match conditions are applicable only for MPLS-tagged IPv4 packets.
MPLS-tagged IPv6 packets are not supported by this filter.

Software now supports filtering MPLS-tagged IPv4 packets based on IP parameters
for up to five MPLS stacked labels.

To configure the filter match conditions for an MPLS family based on IP
parameters, include the from statement at the [edit firewall family family-name

filter filter-name term term-name] hierarchy level:

from {

match-conditions;

}

[Policy Framework, Routing Protocols and Policies Command Reference]

New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers ■ 23

JUNOS 10.1 Software Release Notes

Routing Protocols

■ BGP support for MDT-SAFI updates without a route target—By default, the

■ Distributed periodic packet management support for aggregate

JUNOS Software requires MDT-SAFI updates to have a route target attached.
Some vendors do not support attaching route targets to the MDT-SAFI updates.
For interoperability with these vendors, the JUNOS Software allows importing
MDT-SAFI updates without a route target being attached. The MDT-SAFI is
imported if the MDT default address in the MDT-SAFI prefix matches the MDT
default address configured within the routing instance.

To configure the MDT default address, include the group-address group-address
statement at the [edit routing-instances routing-instance-name provider-tunnel

pim-ssm] hierarchy level.

[Multicast, Policy Framework]

interfaces—Extends support for the Bidirectional Forwarding Detection (BFD)
protocol to use the periodic packet management daemon (PPMD) to distribute
IPv4 sessions over aggregate interfaces. PPMD automatically runs on the Routing
Engine and the Packet Forwarding Engine. To disable PPMD on the Packet
Forwarding Engine only, include the no-delegate-processing statement at the [edit

routing-options ppm] hierarchy level. Only IPv4 BFD sessions over aggregate

interfaces are supported. PPMD does not support IPv6 BFD sessions over an
aggregate interface or MPLS BFD sessions over an aggregate interface.

[Routing Protocols]

■ PIM join suppression support—Enables a router to defer sending join messages

to an upstream router when identical join messages are sent on the same
multiaccess network. This improves scalability and efficiency by reducing the
number of identical messages sent to the same router.

This feature is useful when there are a large number of routers on a multiaccess
network that will be receiving traffic for a particular multicast group. Suppressing
joins at each router saves bandwidth and reduces heavy processing at upstream
routers.

PIM join suppression can be implemented per multiaccess interface and per
multicast group. It is only needed on downstream routers, and does not need to
be implemented on upstream routers in order for it to work.

A tracking bit field on the LAN prune delay hello option is used in the CLI to
enable join suppression for downstream routers. By default, the tracking bit is
set to 1 and PIM join suppression is disabled. This is the default behavior for
JUNOS Release 10.0 and earlier for Juniper Networks routers. With join
suppression disabled (T-bit=1), a downstream receiving router will send join
messages even if it receives identical joins for the same upstream router, as long
as no other router in the network has join suppression enabled. When the tracking
bit is set to 0 for at least one neighbor on this interface, join suppression is
enabled, and the receiving router will defer sending identical joins. Use
reset-tracking-bit in the CLI to enable join suppression.

When an upstream router receives a join message, its behavior is independent
of the value of the T-bit in the hello option. When join suppression is triggered,
a timer is activated and all sending of joins is deferred for the length of time

24 ■ New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

specified by the timer. This is a random timer with value ranges between 0 to
Max Override Interval. The timer is reset each time join suppression is triggered,
and the defer period is dependent on other settings in the LAN prune delay,
including propagation-delay and override-interval.

Use the show protocols PIM command to see if the reset-tracking-bit is present,
indicating that the T-bit has been changed to 0 and PIM join suppression is
enabled.

[Multicast, Routing Protocols and Policies Command Reference]

■ Improve IGMPv3 snooping performance using bulk updates 1a3,14—Whenever

an individual interface joins or leaves a multicast group, a new next-hop entry
is installed in the routing table and the forwarding table. This can require a lot
of processing time when the frequency and number of IGMP join and leave
messages are high.

A new configuration statement can be used to accumulate outgoing interface
changes and perform bulk updates to the routing table and forwarding table.
This reduces the processing time and memory overhead required when processing
join and leave messages, thus improving scalability.This is useful for applications
such as Internet Protocol television (IPTV), in which users changing channels
can create thousands of interfaces joining or leaving a group in a short period
of time.

To enable bulk updates of join and leave messages, include the next-hop-hold-time
statement and specify the number of milliseconds to wait before processing the
messages. The next-hop-hold-time statement can be configured at the [edit

routing-instances routing-instance-name] hierarchy level. The hold time can be

configured from 1 to 1000 milliseconds. The routing instance must be of type
VPLS or virtual-switch.

If the next-hop-hold-time statement is deleted from the router configuration, IGMP
bulk updates are disabled. The configuration of the next-hop-hold-time statement
can be verified using the show multicast snooping route command.

[Multicast, Routing Protocols and Policies Command Reference]

■ Hub-and-spoke support for multiprotocol BGP-based multicast VPNs with

PIM-SSM GRE S-PMSI transport—Multiprotocol BGP-based (MBGP) multicast
VPNs (also referred to as next-generation Layer 3 VPN multicast) can be
configured using protocol-independent multicast source-specific multicast
(PIM-SSM) selective provider multicast service interface (S-PMSI) tunnels in a
hub-and-spoke topology.

This feature is useful in the following scenarios:

■ Customer sources and rendezvous points (RPs) are located only in the hub

sites and customer receivers are located in spoke sites or other hub sites.

■ Customer sources are located only in spoke sites and customer receivers are

located only in hub sites.

To configure MBGP MVPNs to use PIM-SSM S-PMSI tunnels in a hub-and-spoke
topology:

■

Include the group-range statement and specify the group address range at
the [edit routing-instances routing-instance-name provider-tunnel selective group

New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers ■ 25

JUNOS 10.1 Software Release Notes

group-address source source-address pim-ssm] hierarchy level on all PE routers

participating in the MVPN.

■

Include the threshold-rate statement and specify zero as the threshold value
at the [edit routing-instances routing-instance-name provider-tunnel selective

group group-address source source-address] hierarchy level on all PE routers

participating in the MVPN.

■

Include the family inet-mvpn statement and family inet6-mvpn statement at
the [edit routing-instances routing-instance-name vrf-advertise-selective] hierarchy
level to selectively advertise routes on PE routers that use one VRF for unicast
routing and a separate VRF for MVPN routing.

[VPNs, Routing Protocols, Routing Protocols and Policies Command Reference]

26 ■ New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

Services Applications

New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

■ FlowTapLite enhancements—Extend support for interception of IPv6 packets

on MX Series, M120, and M320 routers. For IPv6, the global filter taps packets
from the default IPv6 routing table and does not tap packets from other VRFs.
To tap packets from other VRFs, you can install separate VRF filters. For IPv4,
the global filter intercepts all IPv4 packets irrespective of the VRF. The limit for
filters remains 3000, which is now shared between IPv4 and IPv6. For example,
you can install 3000 IPv4 filters or 3000 IPv6 filters, or a combination of both
that totals 3000. You cannot install 3000 IPv4 filters and 3000 IPv6 filters.

No new statements are required to configure these enhancements. However,
whether you use IPv6 flow tapping or not, you must include the family inet6
statement at the [edit interfaces vt-fpc/pic/port unit logical-unit-number] hierarchy
level.

[Services Interfaces]

Subscriber Access Management

New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers ■ 27

JUNOS 10.1 Software Release Notes

■ JUNOS subscriber access scaling values (M120, M320, and MX Series

routers)—Table 2 on page 28 lists the DHCP, PPP, and PPPoE scaling values
supported for subscriber access in this release of M120, M320, and MX Series
routers. In this table, DPC means only MX Series Enhanced Queuing IP Services
DPCs (DPCE-R-Q-40GE-SFP and DPCE-R-Q-4XGE-XFP). These DPCs support only
DHCP subscribers; they do not support PPP subscribers.

Table 2: Subscriber Access Scaling Values for M120, M320, and MX Series Routers

MX480/960MX240M120/M320Subscriber Access Feature

DHCP client bindings per chassis

DHCP subscriber VLANs

PPP logical interfaces

PPPoE subscriber VLANs

120,000120,000–

16,00016,000–Per DPC

64,00032,000–Per chassis with DPCs

64,00064,000–Per Trio MPC/MIC

64,00064,000–Per chassis with Trio MPC/MIC

63,99963,99915,999Dynamic PPPoE interfaces per chassis

––4000Dynamic PPPoE interfaces per IQ2/IQ2E PIC

32,00032,000–Dynamic PPPoE interfaces per Trio MPC/MIC

15,99915,99915,999Static interfaces per chassis

––2000Per IQ2/IQ2E PIC

PPP connections (logical interfaces) are supported in a range of configurations.
For example, 63,999 PPP connections per chassis are supported when all
subscribers are configured on the same VLAN. In this case, 63,999 pp0 interfaces
are configured under the same VLAN logical interface and the one remaining
logical interface is consumed for the single VLAN.

At the other extreme, when you configure each subscriber on a separate VLAN
(using stacked VLANs), up to 32,000 PPP connections per chassis are supported.

28 ■ New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

––8000Per chassis with IQ2/IQ2E PIC

32,00032,000–Per Trio MPC/MIC

32,00032,000–Per chassis with Trio MPC/MIC

New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers

In this case, each subscriber connection consumes two logical interfaces: one
for the VLAN logical interface and one for the pp0 logical interface.

The M120, M320, and MX Series routers support a maximum of 2000 different
dynamic profiles per chassis. [Subscriber Access]

■ Support for dynamic CoS for subscriber interfaces on Trio MPC/MIC interfaces

(MX Series routers)—Enables you to configure dynamic CoS for subscriber
interfaces on Trio MPC/MIC interfaces that are now available on MX Series routers.
In earlier releases, dynamic CoS was supported on EQ DPCs only.

To configure dynamic CoS on Trio MPC/MIC interfaces, you must enable the
hierarchical scheduler for an interface at the [edit interfaces] hierarchy level. You
can then configure dynamic CoS parameters at the [edit dynamic-profiles

profile-name class-of-service] hierarchy level. The CoS parameters are dynamically

applied to subscriber’s services when they log in or change services.

Trio MPC/MIC interfaces support CoS for the following interface types: static
VLAN, demux, static and dynamic PPPoE, and aggregated Ethernet subscriber
interfaces.

In this release, hierarchical CoS for aggregated Ethernet interfaces is supported
on the Trio MPC/MIC product when a static VLAN configured over the aggregated
Ethernet interface. It is not supported for static or dynamic demux subscriber
interfaces configured over aggregated Ethernet.

[Subscriber Access]

■ Support for CoS on dynamic PPPoE subscriber interfaces (MX Series

routers)—Enables you to configure CoS for dynamic PPPoE subscriber interfaces
on Trio MPC/MIC interfaces available on MX Series routers and the Intelligent
Queuing 2 (IQ2) PIC on M120 and M320 Series routers.

In earlier releases, only static CoS was supported for static PPPoE subscriber
interfaces configured on IQ2 PICs on M120 and M320 Series routers.

To configure CoS for a dynamic PPPoE interface, configure the shaping and
scheduling parameters at the [edit dynamic-profiles profile-name class-of-service]
hierarchy level. You then attach the traffic control profile to the dynamic PPPoE
interface by including the output-traffic-control-profile profile-name statement at
the [edit dynamic-profiles profile-name class-of-service interfaces

$junos-interface-ifd-name unit $junos-underlying-interface-unit] hierarchy level.

When the subscriber logs in, PPP supplies pp0 as the $junos-interface-ifd-name
variable, and supplies the PPPoE logical interface number for the

$junos-underlying-interface-unit variable.

[Subscriber Access]

■ Support for IPv6 for dynamic subscriber services (MX Series routers)—Enables

you to configure IPv6 addressing and prefixes for dynamic subscriber services.
In earlier releases, dynamic subscriber services supported IPv4 addressing only.
You can now configure both IPv4 and IPv6 addressing in the same dynamic
profile to grant access and services to IPv4 and IPv6 subscribers.

In this release, IPv6 addressing is supported for static and dynamic VLAN
subscriber interfaces and dynamic demux subscriber interfaces.

New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers ■ 29

JUNOS 10.1 Software Release Notes

To enable IPv6 addressing for a static VLAN subscriber interface, include the

family inet6 statement at the [edit dynamic profiles profile-name interfaces
interface-name unit logical-unit-number] hierarchy level.

To enable IPv6 addressing for a demux subscriber interface, include the family

inet6 statement at the [edit dynamic profiles profile-name interfaces demux0]

hierarchy level. To enable an IPv6 source address for the interface, specify the
new $junos-subscriber-ipv6–address predefined variable with the demux-source
statement at the [edit dynamic profiles profile-name interfaces demux0 unit

$junos-interface-unit family inet6] hierarchy level. The values for this variable are

supplied to the interface by DHCP when the subscriber logs in.

This feature enables you to configure dynamic, classic, and fast update firewall
filters for IPv6 families. In addition, you can configure aggregate CoS when IPv4
and IPv6 families share a logical interface, and per-family CoS when IPv4 and
IPv6 families do not share a logical interface (such as a demux interface).

The following new predefined variables have been added to implement IPv6
addressing for subscriber services:

$junos-input-ipv6-filter

$junos-ipv6-ndra-prefix

$junos-output-ipv6-filter

$junos-preferred-source-ipv6-address

RADIUS supports activation, deactivation, and change of authorization (CoA) for
IPv6 services. The following new RADIUS attributes and VSAs have been added
to implement IPv6 addressing for subscriber services:

DefinitionDynamic Profile Variable

Route prefix of an IPv6 access route.$junos-framed-route-ipv6-address-prefix

Next-hop address of an IPv6 access route.$junos-framed-route-ipv6-nexthop

Attaches a filter based on RADIUS VSA 26-106 (IPv6-Ingress-Policy-Name)
to the interface.

IPv6 prefix value used when configuring the Router Advertisement
protocol.

Attaches a filter based on RADIUS VSA 26-107 (IPv6-Egress-Policy-Name)
to the interface.

Selects the preferred IPv6 source address associated with the loopback
address used for the subscriber.

IPv6 address of the subscriber.$junos-subscriber-ipv6-address

Attribute NameAttribute Number

Framed-IPv6-Prefix97

Framed-IPv6-Route99

IPv6-Ingress-Policy-Name26-106

IPv6-Egress-Policy-Name26-107

30 ■ New Features in JUNOS Release 10.1 for M Series, MX Series, and T Series Routers