junos os 13.3 release notes - juniper networks · · 2017-02-032014-03-20 · · support for bmp...

JUNOS OS 13.3RELEASE NOTES

®

· Layer 3 VPN egress protection with RSVP and LDP (M Series, MX Series, and T Series)

· Support for BMP version 3 (M Series, MX Series, and T Series)

· sFlow technology (EX9200)

· MLD snooping (EX9200)

· OpenFlow v1.0 (EX9200, MX80, MX240, MX480, and MX960)

· Nonstop active routing support for BGP addpath

· Software feature support (MX104)

· External BITS timing (MX2020)

· Virtual Chassis support for multichassis link aggregation (MX Series)

· Autoinstallation of satellite devices in a JNU group

· Support for active flow monitoring version 9 (PTX5000)

· Bidirectional PIM support (PTX5000)

· Unified ISSU support for the 100-Gbps DWDM OTN PIC (PTX5000)

· Support for strict-priority scheduling (PTX Series)

· Nonstop active routing support for logical systems (MX Series and PTX Series)

· Support for configuring interface alias names (PTX Series)

· Support for mixed-rate mode (T4000 and TX Matrix Plus with 3D SIBs)

NEW SOFTWARE FEATURES

INSIDE THIS RELEASESupported on EX Series, M Series, MX Series, PTX Series, and T Series

RECENTLY RELEASED DOCUMENTATION

· NCE—Configuring a Dual Stack That Uses DHCPv6 IA_NA and DHCPv6 Prefix Delegation over PPPoE

· NCE—Configuring a Dual Stack That Uses NDRA and DHCPv6 Prefix Delegation over PPPoE

· Getting Started Guide for Routing Devices

NEW DEVICES AND MODULES

· Enhanced 20-port Gigabit Ethernet MIC (MX Series)

· MIC Support on MX104 Router

· MIC Support on MPC3E

· 2-port 100-Gigabit DWDM OTN PIC (PTX3000)

http://juniper.net/documentation

http://www.juniper.net/techpubs/en_US/release-independent/nce/information-products/topic-collections/nce/nce0112-dual-stack-iana-dhcpv6-pd/dual-stack-iana-dhcpv6-pd.pdf

http://www.juniper.net/techpubs/en_US/release-independent/nce/information-products/topic-collections/nce/nce0095-dual-stack-pppoe-ndra-dhcpv6/dual-stack-pppoe-ndra-dhcpv6-pd.pdf

http://www.juniper.net/techpubs/en_US/junos13.2/information-products/pathway-pages/system-basics/system-management-initial-configuration.pdf

Copyright © 2014, Juniper Networks, Inc.ii

Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series

Release Notes: Junos®OS Release 13.3R1

for the EX Series, M Series, MX Series,

PTX Series, and T Series

20March 2014

Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Junos OS Release Notes for EX Series Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

New and Changed Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

OpenFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Changes in Behavior and Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

User Interface and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Known Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

OpenFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Known Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Layer 3 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

OpenFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Software Installation and Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Spanning-Tree Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Documentation Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Migration, Upgrade, and Downgrade Instructions . . . . . . . . . . . . . . . . . . . . . . 10

Upgrade and Downgrade Support Policy for Junos OS Releases . . . . . . . 10

1Copyright © 2014, Juniper Networks, Inc.

Product Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Hardware Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Junos OS Release Notes for M Series Multiservice Edge Routers, MX Series 3D

Universal Edge Routers, and T Series Core Routers . . . . . . . . . . . . . . . . . . . . . 13

New and Changed Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Class of Service (CoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

General Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

High Availability (HA) and Resiliency . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Layer 2 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

MPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

OpenFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Routing Policy and Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Services Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Software Installation an and Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Subscriber Management and Services . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Changes in Behavior and Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35


Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36


Services Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37



User Interface and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Known Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41


Known Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Forwarding and Sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

General Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43


Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Internet Protocol Security (IPsec) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

J-Web . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Layer 2 Ethernet Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

MPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Platform and Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46


Services Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46



Copyright © 2014, Juniper Networks, Inc.2


VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Documentation Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Dynamic Firewall Feature Guide for Subscriber Services . . . . . . . . . . . . 48

Junos Address-Aware Carrier-Grade NAT and IPv6 Feature Guide . . . . . 49

Subscriber Access Configuration Guide . . . . . . . . . . . . . . . . . . . . . . . . . . 49

VPWS Feature Guide for Routing Devices . . . . . . . . . . . . . . . . . . . . . . . . 49


Basic Procedure for Upgrading to Release 13.3 . . . . . . . . . . . . . . . . . . . . 50

Upgrade and Downgrade Support Policy for Junos OS Releases . . . . . . 52

Upgrading a Router with Redundant Routing Engines . . . . . . . . . . . . . . . 52

Upgrading Juniper Network Routers Running Draft-Rosen Multicast

VPN to Junos OS Release 10.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Upgrading the Software for a Routing Matrix . . . . . . . . . . . . . . . . . . . . . . 54

Upgrading Using ISSU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Upgrading from Junos OS Release 9.2 or Earlier on a Router Enabled

for Both PIM and NSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Downgrading from Release 13.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Changes Planned for Future Releases . . . . . . . . . . . . . . . . . . . . . . . . . . . 57


Hardware Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Junos OS Release Notes for PTX Series Packet Transport Routers . . . . . . . . . . . . 59

New and Changed Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Class of Service (CoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

General Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61



Netwok Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 63



Changes in Behavior and Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64



Known Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

General Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

MPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66


VLAN Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Documentation Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

VPWS Feature Guide for Routing Devices . . . . . . . . . . . . . . . . . . . . . . . . 67


Upgrading Using ISSU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Upgrading a Router with Redundant Routing Engines . . . . . . . . . . . . . . 68

Basic Procedure for Upgrading to Release 13.3 . . . . . . . . . . . . . . . . . . . . 68


Hardware Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70


Third-Party Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Finding More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Opening a Case with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Revision History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74



Introduction

Junos OS runs on the following Juniper Networks®hardware: ACX Series, EX Series, J

Series, M Series, MX Series, PTX Series, QFabric, QFX Series, SRX Series, and T Series.

These release notes accompany Junos OS Release 13.3R1 for the EX Series, M Series, MX

Series, PTX Series, and T Series. They describe new and changed features, limitations,

and known and resolved problems in the hardware and software.

Junos OS Release Notes for EX Series Switches

These releasenotes accompany JunosOSRelease 13.3R1 for theEXSeries. Theydescribe

newandchanged features, limitations, andknownand resolvedproblems in thehardware

and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation

webpage, located at http://www.juniper.net/techpubs/software/junos/.

• New and Changed Features on page 5

• Changes in Behavior and Syntax on page 7

• Known Behavior on page 8

• Known Issues on page 8

• Documentation Updates on page 10

• Migration, Upgrade, and Downgrade Instructions on page 10

• Product Compatibility on page 11

New and Changed Features

This section describes the new features and enhancements to existing features in Junos

OS Release 13.3R1 for the EX Series.

• Hardware

• Infrastructure

• Multicast

• NetworkManagement andMonitoring

• OpenFlow


Introduction

http://www.juniper.net/techpubs/software/junos/

Hardware

• Extended cablemanager for EX9214 switches—An extended cable manager is nowavailable for EX9214 switches. The extended cablemanager allows you to route cables

away from the front of the line cards and Switch Fabric modules and provides easier

access to the switch than the standard cable manager. To obtain the extended cable

manager, order the MX960 Enhanced Cable Manager, ECM-MX960. (Note that

installation of the extended cable manager must be done by a Juniper-authorized

technician and that the service cost is in addition to the component cost.) SeeMX960

Cable Manager Description .

Infrastructure

• Support for IPv6 forTACACS+authentication (EX9200)—StartingwithRelease 13.3,Junos OS supports IPv6 along with the existing IPv4 support for user authentication

using TACACS+ servers.

Multicast

• MLD snooping on EX9200 switches—EX9200 switches support MLD snooping.Multicast Listener Discovery (MLD) snooping constrains the flooding of IPv6multicast

traffic on VLANs on a switch. When MLD snooping is enabled on a VLAN, the switch

examinesMLDmessages between hosts andmulticast routers and learnswhich hosts

are interested in receiving traffic for a multicast group. Based on what it learns, the

switch then forwards multicast traffic only to those interfaces in the VLAN that are

connected to interested receivers instead of flooding the traffic to all interfaces. You

configure MLD snooping at either the [edit protocols] hierarchy level or the [edit

routing-instances routing-instance-name protocols] hierarchy level. See Understanding

MLD Snooping.

NetworkManagement andMonitoring

• sFlowtechnologyonEX9200switches—EX9200switchessupportsFlowtechnology,a monitoring technology for high-speed switched or routed networks. The sFlow

monitoring technology randomly samples network packets and sends the samples to

amonitoring station. You can configure sFlow technology on an EX9200 switch to

continuously monitor traffic at wire speed on all interfaces simultaneously. The sFlow

technology is configuredat the[editprotocolssflow]hierarchy level. SeeUnderstanding

How to Use sFlow Technology for Network Monitoring on an EX Series Switch.

OpenFlow

• Support for OpenFlow v1.0—Starting with Junos OS Release 13.3, EX9200 switchessupport OpenFlow v1.0. You use the OpenFlow remote controller to control traffic in

an existing network by adding, deleting, andmodifying flows on switches. You can

configure oneOpenFlow virtual switch and one activeOpenFlow controller at the [edit

protocols openflow] hierarchy level on each device running Junos OS that supports

OpenFlow. See Understanding Support for OpenFlow on Devices Running Junos OS.



http://www.juniper.net/techpubs/en_US/release-independent/junos/topics/concept/cable-management-system-mx960.html

http://www.juniper.net/techpubs/en_US/release-independent/junos/topics/concept/cable-management-system-mx960.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/mld-snooping-overview-l2.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/mld-snooping-overview-l2.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/sflow-ex-series.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/sflow-ex-series.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/junos-sdn-openflow-support-overview.html

RelatedDocumentation

Changes in Behavior and Syntax on page 7•






Changes in Behavior and Syntax

This section lists the changes in behavior of JunosOS features and changes in the syntax

of Junos OS statements and commands from Junos OS Release 13.3R1 for the EX Series.

• User Interface and Configuration on page 7

User Interface and Configuration

• Change in show version command output on EX9200 switches—Beginning in JunosOS Release 13.3, the show version command output includes the new Junos field that

displays the Junos OS version running on the device. This new field is in addition to the

list of installed sub-packages running on the device that also display the Junos OS

version number of those sub-packages. This field provides a consistent means of

identifying the Junos OS version, rather than extracting that information from the list

of installed sub-packages. In the future, the list of sub-packages might not be usable

for identifying the JunosOS version running on the device. This change in outputmight

impact existing scripts that parse information from the show version command.

In Junos OS Release 13.2 and earlier, the show version command does not have the

single Junos field in theoutput thatdisplays the JunosOSversion runningon thedevice.

The only way to determine the Junos OS version running on the device is to review the

list of installed sub-packages.

Junos OS Release 13.3 and Later ReleasesWith the JunosField

Junos OS Release 13.2 and Earlier ReleasesWithout theJunos Field

user@switch> show versionHostname: lab Model: ex9208 Junos: 13.3R1.4JUNOS Base OS boot [13.3R1.4] JUNOS Base OS Software Suite [13.3R1.4] JUNOS Kernel Software Suite [13.3R1.4]JUNOS Crypto Software Suite [13.3R1.4]...

user@switch> show versionHostname: lab Model: ex9208 JUNOS Base OS boot [12.3R2.5]JUNOS Base OS Software Suite [12.3R2.5]JUNOS Kernel Software Suite [12.3R2.5]JUNOS Crypto Software Suite [12.3R2.5]...

• User-defined identifiersusingthereservedprefix junos-nowcorrectlycauseacommiterror in theCLI—JunosOS reserves theprefix junos- for the identifiers of configurationsdefinedwithin the junos-defaults configuration group. User-defined identifiers cannot

startwith the string junos-. If you configureduser-defined identifiers using the reserved

prefix through a NETCONF or Junos XML protocol session, the commit would correctly



fail. Prior to Junos OS Release 13.3, if you configured user-defined identifiers through

the CLI using the reserved prefix, the commit would incorrectly succeed. Junos OS

Release 13.3R1 and later releases now exhibit the correct behavior. Configurations that

currently contain the reserved prefix for user-defined identifiers other than

junos-defaults configuration group identifiers will now correctly result in a commit

error in the CLI.


New and Changed Features on page 5•






Known Behavior

This section lists known behaviors, systemmaximums, and limitations in hardware and

software in Junos OS Release 13.3R1 for the EX Series.

For the most complete and latest information about known Junos OS defects, use the

Juniper Networks online Junos Problem Report Search application.

• OpenFlow

OpenFlow

• OnEX9200switches, configurationofa firewall filteronanOpenFlow-enabled interface

is not supported.








Known Issues

This section lists the known issues in hardware and software in Junos OS Release 13.3R1

for the EX Series.



http://prsearch.juniper.net



• Interfaces and Chassis

• Layer 3 Features

• Multicast

• NetworkManagement andMonitoring

• OpenFlow

• Software Installation and Upgrade

• Spanning-Tree Protocols

Interfaces and Chassis

• On EX9200 switches, an LLDP neighbor might not be formed for Layer 3-tagged

interfaces even though peer switches are able to form the neighbor. PR848721

Layer 3 Features

• On EX9200 switches, BFD on IRB interfaces flaps if BFD is configured for subsecond

timers. PR844951

• If you rebootanEX9200switchwith the factorydefault settingand roll back the system

configuration, sometimes the IS-IS sync state in the show task replication command

output might be shown as Not Started. PR868623

Multicast

• If you configure a large number of PIM source-specific multicast (SSM) groups on an

EX9200switch, the switchmight experienceperiodic IPv6 traffic loss. Asaworkaround,

configure the pim-join-prune-timeout value on the last-hop router as 250 seconds.

PR853586


• OnEX9200switches, even if youconfigureanegress sampling rate for sFlowmonitoring

technology, the switch uses the ingress sampling rate instead. PR686002

OpenFlow

• OnEX9200switches, aBGPsessionmight flapwhenanOpenFlow interface is receiving

line-rate traffic and the traffic is notmatching any rule, and therefore thedefault action

of packet-in is applied. PR892310

• OnEX9200 switches,minormemory leaksmight occur if you add anddelete the same

multi-VLAN flow on the order of 100,000 such add and delete operations. PR905620


Known Issues


http://prsearch.juniper.net/PR848721







Software Installation and Upgrade

• When you are upgrading the software on an EX9200 switch, the following warning

messagemight be displayed: Could not open requirements file for jroute-ex:

/etc/db/pkg/jroute-ex/+REQUIRE. PR924106

Spanning-Tree Protocols

• OnEX9200switches,BPDUblockingdoesnotworkon40-gigabit interfaces.PR861293








Documentation Updates

There are no errata or changes in Junos OS Release 13.3R1 for the EX Series switches

documentation.








Migration, Upgrade, and Downgrade Instructions

This section contains upgrade and downgrade policies for Junos OS for the EX Series.

Upgrading or downgrading Junos OS can take several hours, depending on the size and

configuration of the network.

• Upgrade and Downgrade Support Policy for Junos OS Releases on page 10

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that spanmore than three Junos OS releases at

a time is not provided, except for releases that are designated as Extended End-of-Life

(EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can

upgrade directly from one EEOL release to the next EEOL release, even though EEOL

releases generally occur in increments beyond three releases.





You can upgrade or downgrade to the EEOL release that occurs directly before or after

the currently installed EEOL release, or to twoEEOL releases before or after. For example,

JunosOSReleases 10.0, 10.4, and 11.4 are EEOL releases. You can upgrade from JunosOS

Release 10.0 toRelease 10.4 or even from JunosOSRelease 10.0 toRelease 11.4. However,

you cannot upgrade directly from a non-EEOL release that is more than three releases

ahead or behind. For example, you cannot directly upgrade from Junos OS Release 10.3

(a non-EEOL release) to Junos OS Release 11.4 or directly downgrade from Junos OS

Release 11.4 to Junos OS Release 10.3.

To upgrade or downgrade fromanon-EEOL release to a releasemore than three releases

before or after, first upgrade to the next EEOL release and then upgrade or downgrade

from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see

http://www.juniper.net/support/eol/junos.html .

For information on software installation and upgrade, see the Installation and Upgrade

Guide.








Product Compatibility

• Hardware Compatibility on page 11

Hardware Compatibility

To obtain information about the components that are supported on the devices, and

special compatibility guidelineswith the release, see theHardwareGuide for theproduct.

Todetermine the features supportedonEXSeries switches in this release, use the Juniper

Networks Feature Explorer, a Web-based application that helps you to explore and

compare Junos OS feature information to find the right software release and hardware

platform for your network. Find Feature Explorer at:

http://pathfinder.juniper.net/feature-explorer/









http://www.juniper.net/support/eol/junos.html

http://www.juniper.net/techpubs/en_US/junos13.3/information-products/pathway-pages/software-installation-and-upgrade/software-installation-and-upgrade.html



JunosOSReleaseNotesforMSeriesMultiserviceEdgeRouters,MXSeries3DUniversalEdge Routers, and T Series Core Routers

These release notes accompany Junos OS Release 13.3R1 for the M Series, MX Series,

and T Series. They describe new and changed features, limitations, and known and

resolved problems in the hardware and software.












OS Release 13.3R1 for the M Series, MX Series, and T Series.

• Hardware on page 14

• Class of Service (CoS) on page 15

• General Routing on page 17

• High Availability (HA) and Resiliency on page 18

• Interfaces and Chassis on page 19

• Layer 2 Features on page 26

• Multicast on page 26

• MPLS on page 26

• Network Management and Monitoring on page 26

• OpenFlow on page 27

• Port Security on page 27

• Routing Policy and Firewall Filters on page 28

• Routing Protocols on page 28

• Services Applications on page 28

• Software Installation an and Upgrade on page 29

• Subscriber Management and Services on page 29

• VPNs on page 34


Junos OS Release Notes for M Series Multiservice Edge Routers, MX Series 3D Universal Edge Routers, and T Series Core Routers


Hardware

• MIC support (MX104)—Junos OS Release 13.3 and later releases extend support tothe following MICs on the MX104:

• 10-Gigabit Ethernet MICs with XFP (Model No: MIC-3D-2XGE-XFP)

• ATMMICwith SFP (Model No: MIC-3D-8OC3-2OC12-ATM)

• SONET/SDHOC3/STM1 (Multi-rate) MICs with SFP (Model No:

MIC-3D-4OC3OC12-10C48)

• SONET/SDHOC3/STM1 (Multi-rate) MICs with SFP (Model No:

MIC-3D-8OC3OC12-4OC48)

• Tri-Rate MIC (MIC-3D-40GE-TX)

[SeeMICs Supported by MX Series Routers.]

• Support forMICs onMPC3E (MX240,MX480, andMX960)—The followingMICs arenow supported on the MPC3E (MX-MPC3E-3D):

• SONET/SDHOC3/STM1 (Multi-Rate) MICs with SFP (MIC-3D-8OC3OC12-4OC48)

• SONET/SDHOC3/STM1 (Multi-Rate) MICs with SFP (MIC-3D-4OC3OC12-1OC48)

• SONET/SDHOC192/STM64MIC with XFP (MIC-3D-1OC192-XFP)

• DS3/E3 MIC (MIC-3D-8DS3-E3)

The following encapsulations are supported on the aforementioned MICs on MPC3E:

• Cisco High-Level Data Link Control (cHDLC)

• Flexible Frame Relay

• Frame Relay

• Frame Relay for circuit cross-connect (CCC)

• Frame Relay for translational cross-connect (TCC)

• MPLS fast reroute

• MPLS CCC

• MPLS TCC

• Point-to-Point Protocol (PPP) (default)

• PPP for CCC

• PPP for TCC

• PPP over Frame Relay

[SeeMPC3E onMX Series Routers Overview.]

• CFP-GEN2-CGE-ER4 (MX Series, T1600, and T4000)—The CFP-GEN2-CGE-ER4transceiver (part number: 740-049763) provides a duplex LC connector and supports

the 100GBASE-ER4 optical interface specification andmonitoring. Starting in Junos



http://www.juniper.net/techpubs/en_US/release-independent/junos/topics/reference/general/mic-mx-series-10-gigabit-ethernet-xfp-description.html

http://www.juniper.net/techpubs/en_US/release-independent/junos/topics/reference/general/mic-mx-series-atm-oc3-oc12.html

http://www.juniper.net/techpubs/en_US/release-independent/junos/topics/reference/general/mic-mx-series-sonet-sdh-oc3-multirate-sfp.html




http://www.juniper.net/techpubs/en_US/release-independent/junos/topics/reference/general/mic-mx-series-tri-rate-description.html

http://www.juniper.net/techpubs/en_US/release-independent/junos/topics/reference/general/mic-mx-series-supported.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/chassis-mpc-100-gigabit-ethernet-mpc-overview.html

OSRelease 13.3, the “GEN2”opticshavebeen redesignedwithnewer versionsof internal

components for reducedpower consumption.The following interfacemodules support

the CFP-GEN2-CGE-ER4 transceiver. For more information about interface modules,

see the Interface Module Reference for your router.

MX Series routers:

• 100-Gigabit Ethernet MIC with CFP (model number:

MIC3-3D-1X100GE-CFP)—Supported in Junos OS Release 12.1R1 and later

• 2x100GE + 8x10GEMPC4E (model number: MPC4E-3D-2CGE-8XGE)—Supported

in Junos OS Release 12.3R2 and later

T1600 and T4000 routers:

• 100-Gigabit Ethernet PIC with CFP (model numbers: PD-1CE-CFP-FPC4 and

PD-1CGE-CFP)—Supported in Junos OS Releases 12.3R5, 13.2R3, 13.3R1, and later

[See 100-Gigabit Ethernet 100GBASE-R Optical Interface Specifications.]

• SFP-GE80KCW1470-ET, SFP-GE80KCW1490-ET, SFP-GE80KCW1510-ET,SFP-GE80KCW1530-ET, SFP-GE80KCW1550-ET, SFP-GE80KCW1570-ET,SFP-GE80KCW1590-ET, and SFP-GE80KCW1610-ET (MX Series)—Beginning withJunos OS Release 13.3, these transceivers provide a duplex LC connector and support

operationandmonitoringwith linksup toadistanceof80km.Each transceiver is tuned

to a different transmit wavelength for use in CWDM applications. These transceivers

are supported on the following interfacemodule. Formore information about interface

modules, see the Interface Module Reference for your router.

• Gigabit Ethernet MIC with SFP (model number: MIC-3D-20GE-SFP) in all versions

of MX-MPC1, MX-MPC2, and MX-MPC3—Supported in Junos OS Release 12.3R5,

13.2R3, 13.3R1, and later.

[See Gigabit Ethernet SFP CWDMOptical Interface Specification]

• CFP-GEN2-100GBASE-LR4 (T1600 and T4000)—The CFP-GEN2-100GBASE-LR4transceiver (part number: 740-047682) provides a duplex LC connector and supports

the 100GBASE-LR4 optical interface specification andmonitoring. Starting in Junos

OSRelease 13.3, the “GEN2”opticshavebeen redesignedwithnewer versionsof internal

components for reducedpower consumption.The following interfacemodules support

the CFP-GEN2-100GBASE-LR4 transceiver. For more information about interface

modules, see the Interface Module Reference for your router.

• 100-Gigabit Ethernet PIC with CFP (model numbers: PD-1CE-CFP-FPC4 and

PD-1CGE-CFP)—Supported in Junos OS Releases 12.3R5, 13.2R3, 13.3R1, and later


Class of Service (CoS)

• CCCandTCCsupportonFRF.15,FRF.16,andMLPPP interfaces(MXSeries)—Startingwith Release 13.3, Junos OS supports Circuit Cross Connect (CCC) and Translational

Cross Connect (TCC) over Multilink Frame Relay (MLFR) UNI NNI (FRF.16) interface

and TCC over Multilink Frame Relay (MLFR) end-to-end (FRF.15) and Multilink



http://www.juniper.net/techpubs/en_US/release-independent/junos/topics/reference/specifications/transceiver-m-mx-t-series-100gebase-optical-specifications.html

http://www.juniper.net/techpubs/en_US/release-independent/junos/topics/reference/specifications/transceiver-mx-series-sfp-cwdm.html


Point-to-Point Protocol (MLPPP) interfaces. You can implement the cross-connect

over anMPLSnetworkor a local-switchednetwork.Whenyouconfigure cross-connect

over these interfaces, thepeer interfacecanbeofanyof the interface types that support

cross-connect.

To configure CCC over FRF.16/MFR interfaces, include the following statements under

the [edit interfaces interface-name unit number] hierarchy level:

family ccc {translate-discard-eligible;translate-fecn-and-becn;translate-plp-control-word-de;no-asynchronous-notification;

}

To configure TCC over FRF.15/MLFR, FRF.16/MFR, or MLPPP interfaces, include the

followingconfigurationunder the [edit interfaces interface-nameunitnumber]hierarchy

level:

family tcc {protocols [inet isompls];no-asynchronous-notification;

}

To complete CCC or TCC configurations over the multilink Frame Relay interfaces, you

must also specify the interface name under one of the following hierarchies:

• [edit protocols l2circuit neighbor ip-address] if the switching is done over a Layer 2

circuit.

• [edit protocols connections remote-interface-switch remote-if-sw] if the switching

is done over a remote interface switch.

• [edit protocols connections interface-switch local-if-switch] if the switching is done

using a local switch.

• Support for IPv6 traffic over IPsec tunnels onMS-MICs andMS-MPCs (MXSeries)—Starting with Release 13.3, Junos OS extends IPsec support on MS-MICs andMS-MPCs to IPv6 traffic. IPsec support on MS-MICs and MS-MPCs is limited to the

ESP protocol, and now enables you to configure IPv4 and IPv6 tunnels that can carry

IPv6 as well as IPv4 traffic. To enable IPv6 traffic over an IPsec tunnel, configure an

IPv6 address for the local-gateway statement under the [edit services service-set

service-set-name ipsec-vpn-options] hierarchy level.

• CoS show command enhancements (MX Series)—Starting in Release 13.3, Junos OSextendssupport forCoS showcommandswith theadditionof the showclass-of-service

scheduler-hierarchy interfaceand showclass-of-servicescheduler-hierarchy interface-set

commands. These commands display subscriber class-of-service interface and

interface-set information.

[See show class-of-service scheduler-hierarchy interface and show class-of-service

scheduler-hierarchy interface-set.]

• Traffic schedulingandshaping support forGRE tunnel interfaceoutputqueues (MXSeries)—Beginning with Junos OS Release 13.3, you canmanage output queuing oftraffic entering GRE tunnel interfaces hosted on MIC or MPC line cards in MX Series



http://www.juniper.net/techpubs/en_US/junos13.3/topics/reference/command-summary/show-class-of-service-scheduler-hierarchy-interface.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/reference/command-summary/show-class-of-service-scheduler-hierarchy-interface-set.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/reference/command-summary/show-class-of-service-scheduler-hierarchy-interface-set.html

routers. Support for the output-traffic-control-profile configuration statement, which

applies an output traffic scheduling and shaping profile to the interface, is extended

to GRE tunnel physical and logical interfaces. Support for the

output-traffic-control-profile-remaining configuration statement, which applies an

output traffic scheduling and shaping profile for remaining traffic to the interface, is

extended to GRE tunnel physical interfaces.

NOTE: Interface sets (sets of interfaces used to configure hierarchical CoSschedulers on supported Ethernet interfaces) are not supported on GREtunnel interfaces.

[See Configuring Traffic Control Profiles for Shared Scheduling and Shaping.]

General Routing

• Nonstop active routing support for logical systems (MX Series)—Starting in Junos

OSRelease 13.3, this featureenablesnonstopactive routing support for logical systems

using the nonstop-routing option under the [edit logical-systems logical-system-name

routing-options] hierarchy. As a result of extending nonstop active routing support for

logical systems, the logical-systems argument has been appended in some show

operational commands to allow display of status, process, and event details.

• Nonstopactive routing formultipoint labeldistributionprotocol (MSeries,MXSeries,and T Series)—Starting in Junos OS Release 13.3, this feature enables nonstop active

routing for the multipoint label distribution protocol, using the nonstop-routing option

at the [edit routing-options] hierarchy level. Themultipoint label distribution protocol

state, event, and process details can be viewed using the p2mp-nsr-synchronization

flag under trace-options.

[See p2mp-ldp-next-hop.]

The showldpdatabasecommanddisplays theentries in theLabelDistributionProtocol

(LDP) database for master and standby Routing Engines.

[See show ldp database.]

Theshowldpp2mptunnelcommanddisplays theLDPpoint-to-multipoint tunnel table

information.

[See show ldp p2mp tunnel.]



http://www.juniper.net/techpubs/en_US/junos13.3/topics/usage-guidelines/cos-configuring-traffic-control-profiles-for-shared-scheduling-and-shaping.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/reference/configuration-statement/p2mp-ldp-next-hop.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/reference/command-summary/show-ldp-database.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/reference/command-summary/show-ldp-p2mp.html

High Availability (HA) and Resiliency

• MXSeries Virtual Chassis support for multichassis link aggregation (MX Seriesrouters with MPCs)—Starting in Junos OS Release 13.3, an MX Series Virtual Chassissupports configuration of multichassis link aggregation (MC-LAG). MC-LAG enables

a device to form a logical link aggregation group interface with two or more other

devices. The MC-LAG devices use the Inter-Chassis Communication Protocol (ICCP)

to exchange control information between twoMC-LAG network devices.

When you configure MC-LAGwith an MX Series Virtual Chassis, the link aggregation

group spans links to two Virtual Chassis configurations. Each Virtual Chassis consists

of two MX Series member routers that form a logical systemmanaged as a single

network element. ICCP exchanges control information between the global master

router (VC-M) of the first Virtual Chassis and the VC-M of the second Virtual Chassis.

NOTE: Internet GroupManagement Protocol (IGMP) snooping is notsupported onMC-LAG interfaces in an MX Series Virtual Chassis.

[See Configuring Multichassis Link Aggregation.]

• Software feature support (MX104)—Junos OS Release 13.3 or later extends supportfor the following software features on the MX104 3D Universal Edge Routers:

• IP features—IPv6ProviderEdge(6PE),AccessNodeControlProtocol (ANCP),DHCP

snooping, DHCPOption-82, Multicast Listener Discovery (MLD), and Domain Name

System (DNS).

• MPLS features—MPLS Transport Profile (MPLS-TP), ATM Single Cell Relay over

MPLS (CRoMPLS) VCMode, Generalized MPLS (GMPLS), and VPNv6.

• Multicast features—Distance VectorMulticast Routing Protocol (DVMRP), Multicast

Listener Discovery (MLD), Multicast Listener Discovery (MLD) Snooping, draft

rosen-multicast VPNs, Multicast version 6, and DHCPv6.

• Layer 2 features—Virtual Chassis, 802.1ag threshold negotiation, 802.1X, and Media

Access Control Security (MACsec).

• Resiliency features—Lawful intercept, Inline J-Flow, dynamic ARP inspection (DAI),

reception of dying-gasp protocol data units (PDU), DHCP snooping for port security,

and nonstop active routing (NSR).

[See Protocols and Applications Supported by MX104 Routers.]

• TCPauto-merge support in nonstop active routing for short duration hold timers forprotocols (BGP, LDP) (kernel) (M Series, MX Series, and T Series)—Beginning withJunosOSRelease 13.3, TCPauto-merge support in nonstopactive routing for protocols

(BGP, LDP) (kernel) is enabledon theMSeries,MXSeries, andTSeries.Nonstopactive

routing automerge is one of the kernel components of the socket replication. On

switchover, this componentmerges the socket pairs automatically from the secondary

to the primary Routing Engine. Currently, nonstop active routing switchover from

secondary to primary happenswhen rpd issues amerge call for each secondary socket

pair tomerge them to a single socket, which could result in a delay. To avoid this delay,



http://www.juniper.net/techpubs/en_US/junos13.3/topics/usage-guidelines/interfaces-configuring-multi-chassis-link-aggregation.html

www.juniper.net/techpubs/en_US/release-independent/junos/topics/reference/general/mx-104-features.html

this feature introducesanautomergemodule in thekernel thatdecouples thesecondary

socket merge from rpd and automatically merges secondary sockets on switchover

so that the rpd high priority thread takes advantage of this and generates faster

keep-alive to sustain TCP connections on switchover.

• Nonstop active routing support for BGP addpath (M Series, MX Series, and TSeries)—Beginning in Junos OS Release 13.3, nonstop active routing support for BGPaddpath is available on the M Series, MX Series, and T Series. Nonstop active routing

support is enabled for the BGP addpath feature. After the nonstop active routing

switchover, addpath-enabled BGP sessions do not bounce. The secondary Routing

Engine maintains the addpath advertisement state before the nonstop active routing

switchover.

• Inter-chassis high availability provides stateful redundancy (MS-MPC andMS-MICinterface cards onMXSeries routers)—Startingwith Release 13.3, JunosOS supports

stateful high availability (HA) to replicate flow states on an activeMS-MPCorMS-MIC

service card to a standby MS-MPC or MS-MIC service card on a different chassis. This

enables the preservation of the state of the existing flows in case of a planned or

unplanned switchover.

Services to be synchronized statefully include:

• Stateful firewall

• NAT (NAPT44 and APP only)

Both IPv4 and IPv6 sessions are synchronized.

Synchronizationoccurs for long-lived flowsasdefinedbyaconfigurable synchronization

threshold.

[See Inter-Chassis High Availability for MS-MIC andMS-MPC.]

• Support for unified-in-service software upgrade onMX Series routers with MPC3andMPC4E (MX240, MX480, andMX960)—Supports unified-in-service softwareupgrade (unified ISSU) on MX Series routers with MPC3 and MPC4E. Unified ISSU is

a process to upgrade the system software with minimal disruption of transit traffic

andnodisruptionof the control plane. In this process, thenewsystemsoftware version

must be later than the version of the previous system software. When unified ISSU

completes, the new system software state is identical to that of the system software

when the system upgrade is performed through a cold boot.


• Transmit ESMC SSMquality level from synchronous Ethernetmode (MXSeries)—Starting in Junos OS Release 13.3, when an MX Series Router is configured insynchronous Ethernet mode, the ESMC SSM quality level can be transmitted. The setchassis synchronizationmax-transmit-quality-level command sets a thresholdquality level for the entire system.

• Ethernet frame padding with VLAN (DPCs andMPCs running onMX Seriesrouters)—Starting in JunosOSRelease 13.3, DPCs andMPCs onMXSeries routers padthe Ethernet frame with 68 bytes if the packet is VLAN tagged and the frame length

is less than68bytesandgreater thanor equal to64bytesat theegressof the interface.



http://www.juniper.net/techpubs/en_US/junos13.3/topics/topic-map/nat-interchassis-high-availability-msmic-msmpc.html

• PTP redundancy support for line cards (MX Series andMSeries)—Beginning withJunos OS Release 13.3, line cards on MX Series and M Series routers support slave

redundancy. If multiple slave streams are configured across line cards and the active

slave line card crashes or all of the streams on that line card lose their timing packets,

another slave line card will take over if it has been primed to do so.

• Increased Layer 3 forwarding capabilities forMPCs andMultiservicesDPCs throughFIB localization(MXSeries)—Starting in JunosOSRelease 13.3, forwarding informationbase (FIB) localization characterizes the Packet Forwarding Engines in a router into

two types: FIB-Remote and FIB-Local. FIB-Local Packet Forwarding Engines install all

of the routes from the default route tables into Packet Forwarding Engine forwarding

hardware. FIB-Remote Packet Forwarding Engines create a default (0.0) route that

referencesanexthoporaunilist ofnexthops to indicate theFIB-Local that canperform

full IP table looks-ups for received packets. FIB-Remote Packet Forwarding Engines

forward received packets to the set of FIB-Local Packet Forwarding Engines.

The capacity of MPCs is much higher than that of Multiservices DPCs, so an MPC is

designatedas the localPacketForwardingEngine, andaMultiservicesDPC isdesignated

as the remote Packet Forwarding Engine. The remote Packet Forwarding Engine

forwards all network-bound traffic to the local Packet Forwarding Engine. If multiple

MPCs are designated as local Packet Forwarding Engines, then the Multiservices DPC

load balances the traffic using the unilist of next hops as the default route.

• Support for centralized clocking (MX2020)—Before Junos OS Release 13.3, theMX2020 supported SyncE (Synchronous Ethernet) in distributedmode, where the

clock module on a line card would lock to the SyncE source and distribute frequency

references to the entire chassis. Starting in Junos OS Release 13.3, the MX2020 uses

the centralized Stratum 3 clock module on the control board to lock onto SyncE and

distribute the frequency to the entire chassis. Supported features include:

• Clock monitoring, filtering, and holdover

• Hitless transition from a distributed to centralized clocking mode

• Distribution of the selected chassis clock source to downstream network elements

through supported line interfaces

You can view the centralized clock module information with the show chassis

synchronization clock-module command.

NOTE: PrecisionTimeProtocol/IEEE1588continuetooperate indistributedmode.

• Enhancements to commit check processing (M Series andMX Series)—Starting inJunos OS Release 13.3, the processing performance when you issue the commit check

command has been optimized for the following static and dynamic interface types:

• Logical demultiplexing (demux) interfaces (demux0)

• PPPoE logical interfaces (pp0)

• Inline services interfaces (si)



The improved performance for commit check enables the overall commit operation to

complete fasterwhennewdemux0,pp0, or si interfacesareadded to theconfiguration.

• Support for ATM virtual connectionmultiplexing and LLC encapsulation (MXSeries)—Starting in Junos OS Release 13.3, ATM virtual connection (VC) multiplexing

and logical link control (LLC) encapsulation are supported on the Channelized

OC3/STM1 (Multi-Rate) Circuit Emulation MIC with SFP. ATM virtual connection

multiplexing and LLC are the twomethods for identifying the protocol carried in ATM

AdaptationLayer5 (AAL5) frames.Themethodsaredefined inRFC2684,Multiprotocol

Encapsulation over ATM Adaptation Layer 5.

In theATMvirtual connectionmultiplexingmethod, eachATMvirtual connectioncarries

protocol dataunits (PDUs)of exactly oneprotocol type.Whenmultipleprotocols need

to be transported, there is a separate virtual connection for each protocol.

TheLLCencapsulationmethodenablesmultiplexingofmultipleprotocolsoverasingle

ATM virtual connection. The protocol type of each PDU is identified by a prefixed IEEE

802.2 LLC header.

[See ATM Support on Circuit Emulation PICs Overview.]

• Support for MPLS-signaled LSPs to use GRE tunnels (MXSeries)—Starting in JunosOS Release 13.3, MPLS label-switched paths (LSPs) can use generic routing

encapsulation(GRE) tunnels to traverse routingareas, autonomoussystems,and ISPs.

Bridging MPLS LSPs over an intervening IP domain is possible without disrupting the

outlying MPLS domain. This feature is supported on the Channelized OC3/STM1

(Multi-Rate) Circuit Emulation MIC with SFP and is defined in the RFC 4023,

Encapsulating MPLS in IP or Generic Routing Encapsulation (GRE).

[See Configuring MPLS-Signaled LSPs to Use GRE Tunnels.]

• Support for SCBE2 (MX240, MX480, andMX960)—The EnhancedSCB—SCBE2—supports the following features:

• Increased fabric bandwidth per slot

• Improved external clock redundancy

• Dynamic multicast replication only

• GRES

The following scenarios are to be noted when you are using an MX Series router with

an SCBE2:

• Youmust configure the set chassis network-services (enhanced-ip |

enhanced-ethernet) configuration command and reboot the router to bring up the

FPCs on the router. However, after the router reboots, the MS DPC, the MX FPC, and

the ADPC are powered off.

• All the FPCs and DPCs in the router are powered off when you reboot the router

without configuring either the enhanced-ip option or the enhanced-ethernet option

at the [edit chassis network-services] hierarchy level.

• Youmust reboot the router when you configure or delete the enhanced-ip option or

the enhanced-ethernet option at the [edit chassis network-services] hierarchy level.



http://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/interfaces-atm-support-on-circuit-emulation-pics-overview.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/usage-guidelines/mpls-configuring-mpls-signaled-lsps-to-use-gre-tunnels.html

[See Centralized Clocking Overview and Network Services Mode Overview.]

• Support for GPS external clock interface on the SCBE (MX240, MX480, andMX960)—Starting with Junos OS Release 13.3, you can configure the EnhancedSCB—SCBE—external clock interface to a GPS timing source, which enables you to

select a GPS external source as the chassis clock source. You can also configure the

external clock interface tooutput either the selectedchassis clock sourceor a recovered

line clock source with GPS timing signals of 1 MHz, 5 MHz, or 10 MHz with 1 pulse per

second (PPS).

[See Centralized Clocking Overview and Understanding Clock Synchronization onMX

Series Routers.]

• Support for mixed-ratemode (T4000 and TXMatrix Plus with 3D SIBs)—Startingwith Junos OS Release 13.3, dual-rate mode or mixed-rate mode for PF-24XGE-SFPP

allows you to configure a mix of port speeds of 1 Gigabit and 10 Gigabit. However, on

PF-12XGE-SFPP, note that youcanconfigureport speedsof either 1Gigabit or 10Gigabit

when the PIC is in line rate mode.

You can enable mixed-rate-mode and set port speeds with themixed-rate-mode

statement and the speed 1G |10G statement, respectively, at the [edit chassis fpc x pic

y] hierarchy level. You can disable themixed-ratemode by using the delete chassis fpc

x pic ymixed-rate-mode statement.

[See Configuring Mixed-Rate Mode Operation.]

• ExtendedMPC support for per-unit schedulers (MX Series)—Junos OS Release 13.3or later enables you toconfigureper-unit schedulerson thenon-queuing 16x10GEMPC,

MPC3E, andMPC4E,meaning you can include the per-unit-scheduler statement at the

[edit interfaces interface name] hierarchy level. When per-unit schedulers are enabled,

you can define dedicated schedulers for the logical interfaces.

Enablingper-unit schedulerson the 16x10GEMPC,MPC3E, andMPC4Eaddsadditional

output to the show interfaces interface name [detail | extensive] command. This

additional output lists themaximumresourcesavailableand thenumberof configured

resources for schedulers.

[See Scheduler Maps and Shaping Rate to DLCIs and VLANs.]

• Provider edge link protection for BGP labeled unicast paths (M Series, MX Series,and T Series)—Starting in Junos OS Release 13.3, a precomputed protection path canbe configured in a Layer 3 VPN such that if a BGP labeled-unicast path between an

edge router in oneASand an edge router in another AS goes down, the protection path

(also known as the backup path) between alternate edge routers in the two ASs can

be used. This is useful in carrier-of-carriers deployments, where a carrier can have

multiple labeled-unicast paths to another carrier. In this case, the protection path

avoids disruption of service if one of the labeled-unicast paths goes down.

[See Understanding Provider Edge Link Protection for BGP Labeled Unicast Paths.]

• Redundant logical tunnels (MXSeries)—Beginningwith JunosOSRelease 13.3, whenyouconnect twodevices through logical tunnels, you cancreateandconfiguremultiple

physical logical tunnels and add them to a virtual redundant logical tunnel to provide

redundancy.



http://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/chassis_centralized_clocking_overview.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/network-services-mode-overview.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/chassis_centralized_clocking_overview.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/chassis-external-clock-synchronization-interface-understanding-mx.html


http://www.juniper.net/techpubs/en_US/junos13.3/topics/task/configuration/configure-mixed-mode-operation-10ge-pic.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/usage-guidelines/cos-applying-scheduler-maps-and-shaping-rate-to-dlcis-and-vlans.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/labeled-unicast-provider-edge-link-protection-overview.html

• License support to activate ports (MX104)—Junos OS Release 13.3 or later extendslicense support for activating the ports on MX104 3D Universal Edge Routers. MX104

routers have four built-in ports. By default, in the absence of any valid licenses, all four

built-in ports are deactivated. The upgrade license model with the feature IDs is

described in Table 1 on page 23.

Table 1: Port LicenseModel for theMX104

FunctionalityFeature NameFeature ID

Ability to activate the first two built-in ports (xe-2/0/0 andxe-2/0/1)

MX104 2X10G Port Activate (0 and 1)F1

Ability to activate the next two built-in ports (xe-2/0/2 andxe-2/0/3)

MX104 2X10G Port Activate (2 and 3)F2

Both features are also provided in a single license key for ease of use. MX104 routers

do not support the graceful license expiry policy.

• Enhanced load-balancing for MIC andMPC interfaces (MX Series)—Starting with

Junos OS Release 13.3, the following load-balancing solutions are supported on

aggregate Ethernet bundles to correct genuine traffic imbalance among themember

links:

• Adaptive—Uses real-time feedbackandcontrolmechanismtomonitor andmanage

traffic imbalances.

• Per-packet random spray — Randomly sprays the packets to the aggregate next

hops to ensure that the next hops are equally loaded, resulting in packet reordering.

TheaggregatedEthernet load-balancing solutionsaremutually exclusive. Toconfigure,

use the adaptive or per-packet statement at the [edit interfaces aex

aggregated-ether-options load-balance] hierarchy level.

[See Example: Configuring Aggregated Ethernet Load Balancing.]

• Support forconfiguring interfacealiasnames—Youcanconfigurea textual descriptionof a logical unit on a physical interface to be the alias of an interface name. Interface

aliasing is supported only at the unit level. If you configure an alias name, the alias

name is displayed instead of the interface name in the output of all show, show

interfaces, and other operational mode commands.Configuring an alias for a logical

unit of an interface has no effect on how the interface on the router or switch operates.

To specify an interface alias, you can use the alias statement at the [edit interfaces

interface-nameunit logical-unit-number], and [edit logical-systems logical-system-name

interfaces interface-name unit logical-unit-number] hierarchy levels.

[See Interface Alias Name Overview.]

• The request support informationcommand(MXSeries)—Starting in JunosOSRelease13.3, when you enter the request support information command with or without the

brief statement, the output includes the showsystemcommit commandoutput,which

displays the commit history and pending commits.



http://www.juniper.net/techpubs/en_US/junos13.3/topics/topic-map/aggregated-ethernet-load-balanicng.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/interfaces-alias-name-overview.html

• Pseudowire logical interfacedeviceMACaddressconfiguration(MXSeries)—Startingin Junos OS Release 13.3, you can configure a MAC address for a pseudowire logical

interface device that is used for subscriber interfaces over point-to-point MPLS

pseudowires. This feature enables you to specify the MAC address of your choice in

situations in which network constraints require the use of an explicit MAC address.

[See Configuring a Pseudowire Subscriber Logical Interface Device.]

• Support for enhanced 20-port Gigabit Ethernet MIC (MX5, MX10, MX40, MX80,MX240,MX480,andMX960)—Starting in JunosOSRelease 13.3, anenhanced20-portGigabit EthernetMIC(modelnumberMIC-3D-20GE-SFP-E) is supportedonMXSeries

routers. This enhancedMIC supports up to 20 SFP optical transceiver modules, which

include the following:

• Fiber-optic small form-factor pluggable (SFP) transceivers:

• 1000BASE-LH (model number: SFP-1GE-LH)

• 1000BASE-LX (model number: SFP-1GE-LX)

• 1000BASE-SX (model number: SFP-1GE-SX)

• Copper SFP transceiver:

• 1000BASE-T (model number: SFP-1GE-T)

• Bidirectional SFP transceivers:

• 1000BASE-BX (model number pairs: SFP-GE10KT13R14 with SFP-GE10KT14R13,

SFP-GE10KT13R15 with SFP-GE10KT15R13, SFP-GE40KT13R15 with

SFP-GE40KT15R13)

These optical transceiver modules can be hot-swapped. You can view the enhanced

20-portGigabitEthernetMIC informationbyusing theshowchassishardwarecommand.

• Support for synchronizing the CB of anMX2020 router with external BITS timingsources (MX2020)—This feature provides building-integrated timing supply (BITS)input and output support to the two external clock interfaces (ECI) on the Control

Board. You can configure the ECIs for both input and output BITS. In the absence of

any configuration, the ECI is inactive.

You can configure the BITS ECI by using the synchronization statement at the [edit

chassis] hierarchy level. You can view the BITS ECI information by using the show

chassis synchronization extensive command.

[See Understanding Clock Synchronization on MX Series Routers.]

• Distribution of Ethernet connectivity fault management sessions (MXSeries)—Starting with Junos OS Release 13.3, connectivity fault management (CFM)sessions operate in distributedmode and can be processed on the Flexible PIC

Concentrator (FPC) on aggregated Ethernet interfaces. As a result, graceful Routing

Engine switchover (GRES) is supported on aggregated Ethernet interfaces. In releases

before Junos OS Release 13.3, CFM sessions operate in centralizedmode and are

processed on the Routing Engine. However, CFM sessions are not supported on

aggregated Ethernet interfaces if the interfaces that form the aggregated Ethernet

bundle are in mixedmode.



http://www.juniper.net/techpubs/en_US/junos13.3/topics/task/configuration/pseudowire-interfaces-configuring.html


CFM sessions are distributed by default. To disable the distribution of CFM sessions

andtooperate incentralizedmode, include theppmno-delegate-processingstatement

at the [edit routing-options ppm] hierarchy level. However, all CFM sessions should

operate in either only distributed or only centralizedmode. Amixed operation of

distributed and centralizedmodes for CFM sessions is not supported.

[See IEEE 802.1ag OAM Connectivity Fault Management Overview.]

• Redundant logical tunnels (MXSeries)—Beginningwith JunosOSRelease 13.3, whenyouconnect twodevices through logical tunnels, you cancreateandconfiguremultiple

physical logical tunnels and add them to a virtual redundant logical tunnel to provide

redundancy.

[See Example: Configuring Redundant Logical Tunnels.]



http://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/interfaces-ieee-802-1ag-oam-connectivity-fault-management-overview.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/example/redundant-logical-tunnel.html

Layer 2 Features

• Computation of the Layer 2 overhead attribute in interface statistics (TSeries)—Starting in Junos OS Release 13.3, on T Series routers, you can configure anattribute at the PIC level to include the Layer 2 overhead (header and trailer bytes) in

the physical interface and logical interface statistics for both ingress and egress

directions. Both the transit and total statistical information includes the Layer 2

overhead in theoutputof theshowinterfaces interface-namecommandforeachphysical

or logical interface on that PIC.

The ifInOctets and ifOutOctets MIB objects display statistics that include Layer 2

overhead bytes.

Multicast

• IGMP and PIM snooping support (MPC3E andMPC4E onMX240, MX480, andMX960)—Starting with Junos OS Release 13.3, IGMP snooping and PIM snooping are

supportedon theMX240,MX480,andMX960withModularPortConcentrators (MPC)

MPC3E and MPC4E.

MPLS

• Multisegment pseudowire for FEC 129 (M Series, MX Series, and T Series)—JunosOS Release 13.3 and later releases provide support for establishing a dynamic

multisegmentpseudowire (MS-PW)withFEC129 inanMPLSpacket-switchednetwork

(PSN). The stitching provider edge (S-PE) devices in anMS-PWare automatically and

dynamically discovered by BGP, and the pseudowire is signaled by LDP using FEC 129.

This arrangement requires minimum provisioning on the S-PEs, thereby reducing the

configuration burden that is associatedwith statically configured Layer 2 circuits while

still using LDP as the underlying signaling protocol.

TheMS-PW feature also provides operation, administration, andmanagement (OAM)

capabilities, such as ping, traceroute, and Bidirectional Forwarding Detection (BFD),

from the terminating PE (T-PE) devices of an MS-PW.

[See Example: Configuring a Multisegment Pseudowire.]


• BFD session enhancements (MX Series routers with MPCs or MICs)—Starting inJunosOSRelease 13.3, the followingBFDsessionenhancementshavebeen introduced:

• enhanced-ip option—For BFD over aggregated Ethernet (ae) interfaces, configuringtheenhanced-ipoptionat the [editchassisnetwork-services]hierarchy level increases

the number of BFD sessions. When you activate or deactivate this option, the router

must be rebooted.

• Inlinemode—This enables the router to transmit and receive BFD packets from the

FPChardware. Currently, for BFDover aggregated Ethernet (ae) interfaces, the inline

mode is supported only on MX Series routers with MPCs/MICs that have configured

theenhanced-ipoption. ForBFDoverGigabit Ethernet interfacesandVLAN interfaces,

the inlinemode is supportedbydefault onall theMXSeries routerswithMPCs/MICs.



http://www.juniper.net/techpubs/en_US/junos13.3/topics/example/example-configuring-multisegment-pseudowire.html

• ISSUtimernegotiation—During unified ISSU, the timer for BFDsessions is increasedfrom the configured value to 60 seconds.

• Support for BFD over child links of AE or LAG bundle (cross-functional PacketForwarding Engine/kernel/rpd) (M Series, MX Series, and T Series)—Beginning inJunos OS Release 13.3, BFD over child links of an AE or LAG bundle is supported. This

feature provides a Layer 3 BFD liveness detection mechanism for child links of the

Ethernet LAG interface. You can enable BFD to run on individual member links of the

LAG tomonitor the Layer 3 or Layer 2 forwarding capabilities of individual member

links. Thesemicro BFD sessions are independent of each other despite having a single

client that manages the LAG interface. To enable failure detection for aggregated

Ethernet interfaces, include thebfd-liveness-detection statementat the [edit interfaces

aex aggregated-ether-options bfd-liveness-detection] hierarchy level.

[See Understanding Independent Micro BFD Sessions for LAG.]

OpenFlow

• Support for OpenFlow v1.0 (MX80, MX240, MX480, andMX960)—Starting withJunos OS Release 13.3, the MX80, MX240, MX480, and MX960 routers support

OpenFlow v1.0. OpenFlow enables you to control traffic in an existing network using

a remote controller by adding, deleting, andmodifying flows on a switch. You can

configure oneOpenFlow virtual switch and one activeOpenFlow controller at the [edit

protocols openflow] hierarchy level on each device running Junos OS that supports

OpenFlow. On MX Series routers that support OpenFlow, you can also direct traffic

fromOpenFlow networks over MPLS networks by using logical tunnel interfaces and

MPLS LSP tunnel cross-connects.

[SeeOpenFlow Feature Guide.]

Port Security

• Static ARPwithmulticast MAC address for an IRB interface—Starting in Junos OSRelease 13.3, you can configure a static ARP entry with a multicast MAC address for

an IRB interface that acts as the gateway to the network load balancing (NLB) servers.

Earlier, the NLB servers dropped packets with a unicast IP address and amulticast

MACaddress. JunosOS 13.3 supports the configurationof a staticARPwith amulticast

MAC address.

To configure a static ARP entry with a multicast MAC address for an IRB interface,

configure the ARP entry at the [edit interfaces irb unit logical-unit-number family inet

address address] hierarchy level.

irb {unit logical-unit-number{family inet {address address{arp addressmulticast-macmac-add;

}}

}}



http://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/bfd-for-lag-overview.html

http://www.juniper.net/techpubs/en_US/junos13.3/information-products/pathway-pages/junos-sdn/junos-sdn-openflow.html

Routing Policy and Firewall Filters

• Using a firewall filter to prevent or allow datagram fragmentation (MXSeries)—Starting in Junos OS Release 13.3, you can define a firewall filter term to

prevent or allow datagram fragmentation by setting or clearing the Don’t Fragment

flag in the IPv4 header of packets that are matched by the filter. Specify the desired

action at the [edit firewall family inet filter filter-name term term-name then action]

hierarchy level.

• To prevent fragmentation of the IP datagram, include the dont-fragment set action

in a term to set the dont-fragment bit to one.

• To allow fragmentation of the IP datagram, include the dont-fragment clear action

in a term to clear the dont-fragment bit to zero.

[See Configuring a Firewall Filter to Prevent or Allow IPv4 Packet Fragmentation and

Firewall Filter Nonterminating Actions.]

Routing Protocols

• Support forBMPversion3—Starting in JunosOSRelease 13.3, BGPmonitoringprotocol(BMP)version3 is supported.BMPallowsa remotedevice (theBMPstation) tomonitor

BGP as it is running on a router or group of routers. BMP version 3 includes substantial

additional functionality versusversion 1. TheBMPversion3configuration is incompatible

with the old version. If you are running BMP version 1 on your Juniper Networks devices,

be sure to update your BMP configurationwhen you upgrade to JunosOSRelease 13.3.

[See Configuring BGPMonitoring Protocol Version 3.]

Services Applications

• EnablingLayer2ProtocolTunneling(L2PT)support forVLANSpanningTreeProtocol(VSTP) and per-VSTP (MX Series routers with MPC/MICs)—Starting in Junos OS

Release 13.3, this feature enables L2PT support for VSTP/PVSTP. [See layer2-control.]

You can also enable rewriting of the MAC address for an interface using the

enable-all-ifl option. [Seemac-rewrite.]

• Chained composite next hops (MX Series and T Series)

NOTE: Although present in the code, the chained composite next hopsfeature is not supported in Junos OS Release 13.3R1. Documentation forthis feature is included in the Junos OS Release 13.3 documentation set.

The support of chained composite next hops for directly connectedprovider edge (PE)

routers varies fromoneplatform to another. OnMXSeries routers containing bothDPC

andMPCFPCs, chainedcompositenexthopsaredisabledbydefault. Toenablechained

composite next hops on the MX240, MX480, and MX960, the chassis must be

configured touse the enhanced-ip option in network servicesmode.OnT4000 routers

containing MPC and FPCs, chained composite next hops are disabled by default. To



http://www.juniper.net/techpubs/en_US/junos13.3/topics/task/configuration/firewall-filter-dont-fragment-set-clear.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/reference/general/firewall-filter-actions-nonterminating.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/task/configuration/bgp-monitoring-protocol-v3.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/reference/configuration-statement/layer2-control-edit-protocols.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/reference/configuration-statement/mac-rewrite-edit-protocols-layer2-control.html

enablechainedcompositenexthopsonaT4000router, thechassismustbeconfigured

to use the enhanced-mode option in network services mode.

Software Installation an and Upgrade

• Support for autoinstallation of satellite devices in a JNU group—In a Junos NodeUnifier (JNU) topology that contains anMX Series router as a controller that manages

satellite devices, such as EX Series Ethernet Switches, QFX Series devices, and ACX

Series Universal Access Routers, the autoinstallation functionality is supported for the

satellite devices. Starting in Junos OS Release 13.3, JNU has an autoinstallation

mechanism that enables a satellite device to configure itself out-of-the-box with no

manual intervention, using the configuration available either on the network or locally

through a removable media, or using a combination of both. This autoinstallation

method is also called the zero-touch facility.

A JNU factory default file, jnu-factory.conf, is present in the /etc/config/ directory and

contains the configuration to perform autoinstallation on satellite devices. The

zero-touch configuration can be disabled by including the delete-after-commit

statement at the [edit system autoinstallation] hierarchy level and committing the

configuration.

[See Autoinstallation of Satellite Devices in a Junos Node Unifier Group and Configuring

Autoinstallation on JNU Satellite Devices.]

Subscriber Management and Services

NOTE: Although present in the code, the subscriber management featuresare not supported in JunosOSRelease 13.3R1. Documentation for subscribermanagement features is included in the JunosOSRelease 13.3documentationset.

• Pseudowire subscriber logical interfacesMPCsupport—Starting in JunosOSRelease13.3, pseudowire subscriber logical interfaces are supported on MPCs with Ethernet

MICs only.

• Service packet counting (MX Series)—Starting in Junos OS Release 13.3, you canconfigure the counters that subscriber management uses when capturing volume

statistics for subscribers on a per-service session basis.

• Inline countersare capturedwhen theeventoccurs, anddonot includeanyadditional

packet processing events that occur after the event.

• Deferred counters are not incremented until the packet is queued for transmission,

and therefore include theentirepacketprocessing.Deferredcountersprovideamore

accurate packet count than inline counters, and are more useful for subscriber

accounting and billing.

NOTE: Fast update filters do not support deferred counters.



http://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/autoinstallation-jnu-satellites-overviw.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/task/configuration/autoinstallation-jnu-satellites-configuring.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/task/configuration/autoinstallation-jnu-satellites-configuring.html

[See Configuring Service Packet Counting.]

• RADIUSLogical Line Identifier (MXSeries)—Starting in JunosOSRelease 13.3, serviceproviders can use a virtual port feature, known as the logical line ID (LLID), tomaintain

a reliable and up-to-date customer database for those subscribers whomove from

one physical line to another. The LLID, which is based on the subscriber's user name

and circuit ID, is mapped to the subscriber's physical line. When the subscriber moves

to a different physical line, the service provider database is updated to map the LLID

to the new physical line. Subscriber management supports the LLID feature for PPP

subscribers over PPPoE, PPPoA, and LAC.

[See RADIUS Logical Line Identifier (LLID) Overview.]

• Configurable timers for DHCPv6 address-assignment pools (MX Series)—Startingin Junos OS Release 13.3, subscriber management on MX Series routers supports

configurable timers for address-assignment pools that are used by a DHCPv6 local

server. In addition to the previously supportedmaximum-lease-time timer, you can

configure the valid-lifetime and preferred-lifetime timers to manage address leases

provided by address-assignment pools. You can also configure the renew (T1) and

rebind(T2) times thatsubscribermanagementuses toextendthe lifetimesofaddresses

obtained from an address-assignment pool.

[See DHCPv6 Lease Timers.]

• DHCP statements and options (MX Series)—Starting in Junos OS Release 13.3, youcan use the following statements and options for DHCP subscriber management

support:

• incoming-interface—Newoption thatprovides secondary identificationmatchcriteria

for the DHCP auto logout feature when there are duplicate clients.

• delay-authentication—New statement that conserves managed resources on the

router by delaying subscriber authentication until the DHCP request processing

phase.

• server-response-time—New statement that configures the timeframe during which

the router monitors DHCP server responsiveness. The router generates a system log

message when the DHCP server does not respond to relayed packets during the

specified time.

• option hex-string—New option that enables the use of the hex-string option type for

user-defined DHCP attribute options that are added to client packets.

• duplicate-clients-in-subnet—New statement that configures how the router

distinguishes between duplicate clients in the same subnet. This replaces the

duplicate-clients-on-interface statement, which is now obsolete.

[See client-discover-match, delay-authentication, server-response-time, option, and

duplicate-clients-in-subnet.]

• Support for agent circuit identifier filtering in PPPoE subscriber session lockout(M120,M320,andMXSeries)—JunosOSRelease 13.3and later releasesextendPPPoEsubscriber session lockout to support identification and filtering of PPPoE subscriber

sessions by either the agent circuit identifier (ACI) value or the unique MAC source



http://www.juniper.net/techpubs/en_US/junos13.3/topics/task/configuration/firewall-filter-service-accounting.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/subscriber-management-llid-overview.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/dhcpv6-lease-timers.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/reference/configuration-statement/client-discover-match-edit-system-services.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/reference/configuration-statement/delay-authentication-edit-forwarding-options.html

www.juniper.net/techpubs/en_US/junos13.3/topics/reference/configuration-statement/server-response-time-edit-forwarding-options.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/reference/configuration-statement/option-edit-access.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/reference/configuration-statement/duplicate-clients-in-subnet-edit-forwarding-options.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/reference/configuration-statement/duplicate-clients-in-subnet-edit-forwarding-options.html

address on static or dynamic VLAN and static or dynamic VLAN demux underlying

interfaces. In earlier Junos OS releases, PPPoE subscriber session lockout identified

and filtered subscriber sessions only by their unique MAC source address.

ACI-based or MAC-based PPPoE subscriber session lockout prevents a failed or

short-lived PPPoE subscriber session from reconnecting to the router for a default or

configurable time period. ACI-based PPPoE subscriber session lockout is useful for

configurations such as PPPoE interworking in which MAC source addresses are not

unique on the PPPoE underlying interface.

ToconfigureACI-basedPPPoEsubscriber session lockout, use theshort-cycle-protection

statement with the filter aci option. To clear an ACI-based lockout condition, issue the

clear pppoe lockout command with the aci option.

[See PPPoE Subscriber Session Lockout Overview.]

• Subscriber management and services feature parity (MX80)—Starting in Junos OSRelease 13.3, the MX80 supports all subscriber management and services features

that are supported by the MX240, MX480, and MX960 routers. Previously, the MX80

router matched feature support for these routers as of Junos OS Release 11.4.

[See Protocols and Applications Supported by MX5, MX10, MX40, andMX80 Routers.]

• Subscriber management and services feature and scaling parity (MX2010 andMX2020)—Starting in Junos OS Release 13.3, the MX2010 and the MX2020 supportall subscriber management and services features that are supported by the MX240,

MX480, and MX960 routers. In addition, the scaling and performance values for the

MX2010 and the MX2020match those of MX960 routers.

[See Protocols and Applications Supported by MX240, MX480, MX960, MX2010, and

MX2020MPCs,ProtocolsandApplicationsSupportedbyMX240,MX480,MX960,MX2010,

andMX2020 EnhancedMPCs (MPCEs), Protocols and Applications Supported by the

MX240, MX480, MX960, MX2010, andMX2020MPC3E, and Protocols and Applications

Supported by the MX240, MX480, MX960, MX2010, andMX2020MPC4Es.]

• Per-subscriber support for multiple instances of the same service with differentparameters (MX Series routers with MPCs or MICs)—Starting In Junos OS Release13.3, a subscriber can havemultiple instances of the same service, provided that each

service instance has a different set of parameters. In earlier Junos OS releases, each

subscriber was limited to only a single instance of each service.

You can configure a specific service instance for a particular subscriber by specifying

a service name and unique service parameters for that instance. Each service instance

is uniquely identified by the combination of its service name and service parameters.

Use the request network-access aaa subscriber delete command to deactivate all

instances of a subscriber service by specifying only the service name, or to deactivate

a specific instance of a service by specifying both the service nameand its parameters.

In earlier Junos OS releases, you deactivated a service by specifying only its service

name, but not its service parameters.

[See Subscriber Services with Multiple Instances Overview.]

• RADIUS accountingmessages for dual-stack subscribers (MX Series)—Starting inJunos OS Release 13.3, when an IPv6 address is assigned using DHCPv6, the RADIUS



http://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/subscriber-management-pppoe-lockout.html

http://www.juniper.net/techpubs/en_US/release-independent/junos/topics/reference/general/mx80-features.html

http://www.juniper.net/techpubs/en_US/release-independent/junos/topics/reference/general/mpc-mx-series-features.html

http://www.juniper.net/techpubs/en_US/release-independent/junos/topics/reference/general/mpc-mx-series-features.html

http://www.juniper.net/techpubs/en_US/release-independent/junos/topics/reference/general/mpce-mx-series-features.html

http://www.juniper.net/techpubs/en_US/release-independent/junos/topics/reference/general/mpce-mx-series-features.html

http://www.juniper.net/techpubs/en_US/release-independent/junos/topics/reference/general/mpc-mx-series-mpc3e-features.html




http://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/subscriber-management-multi-instance-services-oview.html

interimaccountingmessage includes theassigned IPv6address. If thedelegatedprefix

is provided to the client using DHCPv6-PD, the RADIUS interim accounting message

includes the delegated prefix (IA_PD, such as /56). The

address-change-immediate-updatestatement isnoweffective foranyaddressallocation

changeafteranAcct-Startmessage is issued(for IPv6NCPandDHCPv6).An immediate

Interim-Acctmessage is sentuponanysubsequentDHCPv6negotiationandallocation

whennewallocatedaddressesareadded.After IPv6NCPnegotiation,DHCPv6address

allocation and negotiation occurs.

[See RADIUS Accounting Messages for Dual-Stack Subscribers.]

• Support for IPv6 for TACACS+ authentication (MSeries, MX Series, and T Series)—StartingwithRelease 13.3, JunosOSsupports IPv6alongwith theexisting IPv4 support

for user authentication using TACACS+ servers.

• Configurable L2TP receive window size (MX Series)—The new rx-window-size

statement at the [edit services l2tp tunnel] hierarchy level enables you to specify the

size of the receive window in the range 4 through 128 on an L2TP LAC or LNS. The

default value is 4. The ReceiveWindow Size AVP (Attribute Type 10) is not sent in the

SCCRQmessage when the default value is configured on a LAC or in the SCCRP

message when configured on an LNS.

[See Setting the L2TP ReceiveWindow Size.]

• Clearing ANCP statistics (MX Series)—Starting in Junos OS Release 13.3, you canclear all ANCPstatisticswith the clearancpstatistics command.Youcanclear statistics

for a particular neighbor identified by the neighbor’s IP address with the clear ancp

statistics ip-address ip-address command. You can clear statistics for a particular

neighbor identified by the neighbor’s IP address with the clear ancp statistics

system-namemac-address command.

[See Clearing and Verifying ANCP Statistics.]

• ANCP agent support for nonzero partition IDs (MX Series)—Starting in Junos OSRelease 13.3, the ANCP agent on the router can form adjacencies with multiple logical

partitions on a neighbor when you enable the agent to learn partition IDs during

adjacency negotiation with the neighbor. If the agent receives a SYNmessage from

the neighbor within a configurable period, the agent learns the partition IDs and can

form adjacencies with the partitions. The agent can form an adjacency only with the

neighbor if the SYN is not receivedwithin the period, the partition ID is zero, or learning

is not enabled.

[See Configuring the ANCP Agent to Learn ANCP Partition IDs.]

• Dynamic protocol version detection for ANCP (MX Series)—Starting in Junos OSRelease 13.3, when an ANCP neighbor opens adjacency negotiations, it indicates the

highest version of ANCP that it supports. ANCP neighborsmust be able to identify the

supported versions because ANCP Version 1, defined in RFC 6320, Protocol for Access

Node Control Mechanism in Broadband Networks, is not interoperable with the earlier

version based on GSMPv3.

During negotiation, the receiving neighbor returns the value sent by the other neighbor

if it supports that version, or drops the message if it does not. You can still configure



http://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/subscriber-management-dual-stack-accounting-messages.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/task/configuration/subscriber-management-l2tp-lac-receive-window-size.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/task/verification/ancp-subscriber-access-statistics-clearing-verifying.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/task/configuration/ancp-partition-id-learning.html

the router to operate in pre-ietf mode for interoperability with neighbors that support

only GMSPv2.

[See ANCP Topology Discovery and Traffic Reporting Overview.]

• Support forANCPgeneric responsemessagesandresultcodes(MXSeries)—Startingin Junos OS Release 13.3, the ANCP agent supports receipt of generic response

messages. Upon receipt, the router generates a system log, increments the generic

messagecounters,and increments the resultcodecounters.Generic responsemessages

(GRMs) are typically sent instead of specific responsemessageswhen no information

needs to be sent other than a result of success or failure. When themessage reports

a failure, it must include one of eight result codes to indicate the cause. A GRM can

also be sent independent of a request when the failure causes the adjacency to be

shut down.


• Support for sending and receiving the ANCP Status-Info TLV (MX Series)—Startingin Junos OS Release 13.3, the Status-Info TLV supplements the generic response

message result codes and provides information about a warning or error condition.

Although usually included in generic responsemessages, the TLV can also be included

inotherANCPmessage types.TheStatus-InfoTLVmustbe included ingeneric response

messages when the result code indicates a port is down, a port does not exist, a

mandatory TLV is missing, or a TLV is invalid.


• DNS address assignment in DHCPv6 IA_NA and IA_PD environments (MXSeries)—Starting in Junos OS Release 12.3R3 and Release 13.3 (but not in Releases13.1 and 13.2), the DHCPv6 local server returns the DNS server address (DHCPv6

attribute 23) as a global DHCPv6 option, rather than as an IA_NA or IA_PD suboption.

DHCPv6 returns theDNSserveraddress that is specified in the IA_PDor IA_NApools—if

both address pools are requested, DHCPv6 returns the address specified in the IA_PD

pool only, and ignores any DNS address in the IA_NA pool.

In releases earlier than 12.3R3, and in Releases 13.1 and 13.2, DHCPv6 returns the DNS

server address as a suboption inside the respective DHCPv6 IA_NA or IA_PD header.

You can use themulti-address-embedded-option-response statement at the [edit

systemservicesdhcp-local-serverdhcpv6overrides]hierarchy level to revert to theprior

behavior. However, returning the DNS server address as a suboption can create

interoperability issues for some CPE equipment that cannot recognize the suboption

information.

[See DHCPv6 Options in a DHCPv6Multiple Address Environment.]

• Support for filtering trace results by subscribers for AAA, L2TP, and PPP (MXSeries)—Starting in Junos OS Release 13.3, you can filter trace results for someprocesses by subscriber. The reduced set of results simplifies troubleshooting in a

scaled environment. Specify the useruser@domain option at the appropriate hierarchy

level:

• AAA (authd)—[edit system processes general-authentication-service traceoptions

filter]



http://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/ancp-overview.html



http://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/dhcpv6-dns-server-address.html

• L2TP (jl2tpd)—[edit services l2tp traceoptions filter]

• PPP (jpppd)—[edit protocols ppp-service traceoptions filter]

You can filter on the user, the domain, or both. You can use a wildcard (*) at the

beginningor endof each term, as in the following examples: [email protected], tom*,

*tom, *ample.com, tom@ex*, tom*@*example.com.

You cannot filter results using a wildcard in the middle of the user or domain, as in the

following examples: tom*[email protected], tom125@ex*.com.

Traces that have insufficient information to determine the subscriber username are

automatically excluded from the results.

• Overriding the preferred source address as the source address of NeighborSolicitation/Neighbor Advertisement (NS/NA) on unnumbered interfaces (MXSeries)—By default, if a preferred source address is configured on an unnumberedinterface, thatpreferredaddress is usedas the sourceaddressofNS/NA. If nopreferred

sourceaddress is configured, the routerusesasuitableaddressbasedon thedestination

address scope. Starting in Junos OS Release 13.3, you can configure the router to

override the default configuration of using the preferred source address for NS/NA.

The router ignores thepreferred sourceaddressandusesanappropriateaddressbased

on the destination address scope.

VPNs

• Enhancedmulticast VPNs traceoptions statement (M Series, MX Series, and TSeries)—Themulticast VPNs traceoptions statement has been enhanced starting inJunos OS Release 13.3. This statement can now be configured at the [edit protocols

mpvn] hierarchy level. In addition, the following traceoption flags have been added:

cmcast-join, inter-as-ad, intra-as-ad, leaf-ad,mdt-safi-ad, source-active, spmsi-ad,

tunnel, and umh.

[See Tracing MBGPMVPN Traffic and Operations.]

• Enhanced egress protection in Layer 3 VPNs (M Series, MX Series, and TSeries)—Starting in Junos OS Release 13.3, enhanced point-of-local-repair (PLR)functionality is available, in which the PLR reroutes service traffic during an egress

failure. As part of this enhancement, the PLR router no longer needs to be directly

connected to the protector router. Previously, if the PLR was not directly connected

to the protector router, the loop-free alternate route could not find the backup path

to the protector. A new configuration statement, advertise-mode, enables you to set

the method for the interior gateway protocol (IGP) to advertise egress protection

availability.

[See Example: Configuring Layer 3 VPN Egress Protection with RSVP and LDP.]








http://www.juniper.net/techpubs/en_US/junos13.3/topics/task/troubleshooting/mvpn-traceoptions-configuring.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/example/l3vpn-service-mirroring-rsvp.html





of Junos OS statements and commands from Junos OS Release 13.3R1 for the M Series,

MX Series, and T Series.

• IPv6 on page 35


• Management on page 35

• Multicast on page 36


• Services Applications on page 37

• Software Installation and Upgrade on page 38



IPv6

• Staring with Junos OS release 11.4R11, interim-logging is supported with NAT64 on

microkernel (MS-DPC) platforms. The configuration statement

pba-interim-logging-interval under the interfaces services-options hierarchy level

enables the feature for NAT64.


• Validation of deactivated inline services MLPPP bundle interfaces—Starting withJunos OS Release 13.3, if you attempt to delete or deactivate a static inline service (si)

MLPPPbundle interface that is still referencedby amember link interface,which could

be PPPoE (pp0) or si logical interfaces, and commit the configuration, the commit

operation fails. Youmust reactivate such MLPPP bundle interface before committing

the settings. Alternatively, youmust ensure that member links do not refer a static

MLPPPbundlebefore youdeleteordeactivate thebundle. Thismethodofdeactivation

and reactivation of an MLPPP bundle is not applicable for interfaces other than si-

interfaces, such as link services IQ (lsq-) and virtual LSQ redundancy (rlsq-) interfaces.

[SeeUnderstandingMLPPPBundlesandLinkFragmentationand Interleaving (LFI)onSerial

Links.]

Management

• Restrictions forcryptoalgorithmsforFIPS inOpenSSH—Starting in JunosOSRelease13.3, the following options are not allowed on systems operating in FIPSmode:

[edit system services ssh]set macs <algorithm>



http://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/mlppp-link-services-understanding-mx.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/mlppp-link-services-understanding-mx.html

Not allowed: hmac-md5, hmac-md5-96, [email protected],

[email protected], hmac-ripemd160,

[email protected], [email protected],

[email protected], [email protected], and

[email protected].

[edit system services ssh]set key-exchange <algorithm>

Not allowed: group-exchange-sha1, dh-group14-sha1, and dh-group1-sha1.

[edit system services]set hostkey-algorithm <algorithm | no-algorithm>

Not allowed: ssh-dss and ssh-rsa.

Prior to Junos OS Release 13.3, the options were available but should have been

disallowed.

Multicast

• PIM snooping support using relaymode (M Series andMX Series)—Starting withJunos OS Release 13.3, PIM snooping on PE routers is supported using relay mode

insteadofproxymode.This enablesCE routerswithPIMsnooping to sendHellopackets

without setting the tracking bit (T-bit) to the PE routers. In relay mode, you need not

configurevalues for the join-prune-timeoutstatementandsave theFiniteStateMachine.

To check the status of relay mode on the CLI, use the show pim snooping neighbors

command or the show pim snooping interfaces command.

• When configured in enhanced-ip mode, traffic arriving via IRB (Multicast source

connected over L3)will not be forwarded to remote PEs in VPLSwhen igmp-snooping

is configured along with use-p2mp-lsp knob.

Routing Protocols

• Hidden clear commands—Starting in Junos OS Release 13.3, the purge option of theclear ospf database and clear ospf3 database commands is hidden and unsupported.

• BGP attribute flag bits—In Junos OS Release 13.2 and earlier, unused attribute flagbits were propagated unchanged. Starting in JunosOSRelease 13.3, BGP attribute flag

bits are reset to zerobydefault andnotpropagated. This behavior is being standardized,

as specified in Internet draft draft-hares-idr-update-attrib-low-bits-fix-01, Update

Attribute Flag Low Bits Clarification.

• Change inconfiguringkeepnoneandkeepallstatements—Starting in JunosOSRelease13.3, configuring keep none or keep all no longer causes all BGP sessions to restart. For

peers that do not support route refresh, when you configure keep none or keep all, the

associated BGP sessions are restarted (flapped). For peers that do support route

refresh, the local speaker sends a route refresh and performs an import evaluation. For

these peers, the sessions do not restart when you configure keep none or keep all. To

determine if a peer supports refresh, check for Peer supports Refresh capability in the



output of the showbgpneighbor command. In previous releases, configuring keepnone

or keep all caused all BGP sessions to restart.

• Starting in Junos OS 14.1, Junos OSwill modify the default BGP extended community

value used for MVPN IPv4 VRF route import (RT-import) to the IANA-standardized

value. Thus, the default behavior will change such that the behavior of the

mvpn-iana-rt-import statement will become the default. Themvpn-iana-rt-import

statement will be depricated and should be removed from configurations.


• Restriction forRPMprobetestdata-size—In JunosOSRelease 13.2andearlier releases,the data-size statement at the [edit services rpmprobeowner test test-name] hierarchy

level did not enforce any additional restrictions when the hardware-timestampwas

included. Starting in Junos OS Release 13.3, the data-size value must be at least 100

bytes smaller than the default MTU of the interface of the RPM client interface when

the hardware-timestamp statement is used.

[edit services rpm probe owner test test-name]hardware-time-stamp;data-size size;

• New ranges for TWAMP server connections—In Junos OS Release 13.2 and earlierreleases, themaximum-connections statement at the [edit services rpmtwampserver]

hierarchy level had a range of 1 through 2048. Starting in Junos OS Release 13.3, the

maximum-connections statement has a range of 1 through 1000. In Junos OS Release

13.2 and earlier releases, themaximum-connections-per-client statement at the [edit

services rpm twamp server] hierarchy level had a range of 1 through 1024. Starting in

Junos OS Release 13.3, the maximum-connections-per-client statement has a range

of 1 through 500.

• New range for data-size statement—In Junos OS Release 13.2 and earlier releases,the data-size statement at the [edit services rpmprobeowner test test-name] hierarchy

level had a range of 0 through65507. Starting in JunosOSRelease 13.3R1, thedata-size

statement has a range of 0 through 65400.

• Restriction for NAT ruleswith translation type stateful-nat-64—In JunosOSRelease13.2 and earlier releases, the following restriction was not enforced by the CLI: if the

translation-type statement in the then statement of a NAT rule was set to

stateful-nat-64, the range specified by the destination-address-range or thedestination-prefix-list in the from statement needed to be within the range specified

by thedestination-prefix statement in the then statement. Starting in JunosOSRelease

13.3, this restriction is enforced.

[edit services nat]rule rule-name {term term-name {from {destination-address-range lowminimum-value highmaximum-value <except>;destination-prefix-list list-name <except>;

}then {destination-prefix destination-prefix;

}



}}


• Upgrading Junos OS in one step (MX Series)—Starting in Junos OS Release 13.3, youcan specifymultiple configuration files in one stepwhen youupgrade JunosOSon your

device.Whenyouenter the requestsystemsoftwareaddor the requestsystemsoftware

validate command, you can use the upgrade-with-config option. You can also use the

upgrade-with-config-format option when the configuration file is in the text format.


• Subscriber loginwhen lawful intercept fails—Starting in JunosOSRelease 13.3, whenlawful intercept activation fails during a subscriber login, the subscriber login will not

be denied. An SNMPmessagewill still be generated that indicates the lawful intercept

activation failed. In Junos OS releases prior to 13.2R2, the subscriber login was denied

if lawful intercept activation failed.

• Change to test aaa ppp user and test aaa dhcp user commands—Starting in Junos OSRelease 13.3, the test aaapppuser and test aaadhcp user commands no longer display

serviceactivation statusbecause serviceactivation is not required in these commands.

Inearlier releases, thecommandsdisplayedserviceactivationstatus to indicatewhether

service activation failed or succeeded. Service-related RADIUS attribute values are

still displayed.

• Configuring domainmaps to use the default routing instance (MXSeries)—Startingin Junos OS Release 13.3, on MX Series routers you can explicitly configure a domain

map to use the default (master) routing instance for the AAA or subscriber contexts.

This enhancement enables you to configure a domain map to use the default routing

instance in cases where a nondefault routing instance is currently referenced, or in

other scenarios in which you need to explicitly reference the default routing instance.

• Configuration support to prevent the LACPMC-LAG system ID from reverting to thedefault LACP system ID on ICCP failure—Beginning in Junos OS Release 13.3, you canconfigure the prefer-status-control-active statement with the status-control

standbyconfiguration at the [edit interfaces aeX aggregated-ether-optionsmc-ae]

hierarchy level to prevent the LACPMC-LAG system ID from reverting to the default

LACP system ID on ICCP failure. Use this configuration only if you can ensure that ICCP

does not go down unless the router is down. Youmust also configure the hold-time

down value (at the [edit interfaces interface-name] hierarchy level) for the interchassis

link with the status-control standby configuration to be higher than the ICCP BFD

timeout. This configuration prevents traffic loss by ensuring that when the router with

the status-control active configuration goes down, the router with the status-control

standby configuration does not go into standbymode.

• Support for rejecting IPv6CP negotiation in the absence of an authorized address(MX Series)—Starting in Junos OS Release 13.3, you can control the behavior of therouter in a situationwhere IPv6CP negotiation is initiated for subscriber sessionswhen

no authorized addresses are available. By default, IPv6CP negotiation is enabled to

proceed for an IPv6-only session when AAA has not provided an appropriate IPv6

address or prefix. In the absence of the address, the negotiation cannot successfully



complete. To prevent endless client negotiation of IPv6CP, include the

reject-unauthorized-ipv6cp statement at the [edit protocols ppp-service] hierarchy

level, which enables the jpppd process to reject the negotiation attempt.

• Support for ignoring DSL ForumVSAs from directly connected devices (MXSeries)—WhenCPEdevicesaredirectly connected toaBNG, youmightwant the router

to ignore any DSL Forum VSAs that it receives in PPPoE control packets because the

VSAs can be spoofed bymalicious subscribers. Spoofing is particularly serious when

the targeted VSAs are used to authenticate the subscriber, such as Agent-Circuit-Id

[26-1] and Agent-Remote-ID [26-2].

To ignore the DSL Forum VSAs, starting in Junos OS Release 13.3, include the

direct-connect statement for PPPoE interfaces or PPPoE underlying interfaces at the

following hierarchy levels:

• [editdynamic-profilesprofile-name interfacesdemux0unit logical-unit-number family

pppoe]

• [editdynamic-profilesprofile-name interfaces interface-nameunit logical-unit-number

family pppoe]

• [editdynamic-profilesprofile-name interfaces interface-nameunit logical-unit-number

pppoe-underlying-options]

• [edit interfaces interface-name unit logical-unit-number family pppoe]

• [edit interfaces interface-name unit logical-unit-number pppoe-underlying-options]

• [edit logical-systems logical-system-name interfaces interface-name unit

logical-unit-number family pppoe]

• [edit logical-systems logical-system-name interfaces interface-name unit

logical-unit-number pppoe-underlying-options]

You can determine whether direct-connect is configured for particular interfaces by

issuing the show interfaces or show pppoe underlying-interfaces command.

• ANCP agent behavior for invalid generic responsemessages (MX Series)—Startingin Junos OS Release 13.3, when the ANCP agent receives an incorrect or unexpected

generic responsemessage from an ANCP neighbor, it immediately drops the packet,

generates a system log notice message, and takes no further action.

• Changes toANCPshowcommandoutput (MXSeries)—Starting in JunosOSRelease13.3, the show ancp neighbor command displays information for all configured ANCP

neighbors regardless of operational state. In earlier releases, it displayed information

only for neighbors in the Established state. The Time field, which displays the elapsed

time since the neighbor entered its current state, has replaced the Up TIme field. An

asterisk (*) prefixed to the neighbor entry indicates that the adjacency information

might be stale.

In Junos OS Release 13.3 and later, the show ancp subscriber command displays

information for all subscribers regardless of operational state. In earlier releases, it

displayed information only for active subscribers in the Established state. An asterisk

(*) prefixed to the subscriber entry indicates that the information might be stale. Two



asterisks (**) indicate that the neighbor associated with the subscriber has lost its

adjacency.

• Enhancedaccountingstatistics (MSeries,MXSeries,andTSeries)—Starting in JunosOSRelease 13.3, the shownetwork-accessaaastatisticsaccounting command includes

the optional detail keyword, which provides additional information about the RADIUS

accounting statistics. You can use the enhanced details for troubleshooting

investigations.

[See Verifying andManaging Subscriber AAA Information.]


• User-defined identifiersusingthereservedprefix junos-nowcorrectlycauseacommiterror in the CLI (M Series, MX Series, and T Series)—Junos OS reserves the prefixjunos- for the identifiersofconfigurationsdefinedwithin the junos-defaultsconfiguration

group. User-defined identifiers cannot start with the string junos-. If you configured

user-defined identifiers using the reserved prefix through a NETCONF or Junos XML

protocol session, the commit would correctly fail. Prior to Junos OS Release 13.3, if you

configureduser-defined identifiers through theCLI using the reservedprefix, thecommit

would incorrectly succeed. Junos OS Release 13.3 and later releases exhibit the correct

behavior. Configurations that currently contain the reserved prefix for user-defined

identifiers other than junos-defaults configuration group identifiers will now correctly

result in a commit error in the CLI.

• Change in show version command output (M Series, MX Series, and TSeries)—Beginning in JunosOSRelease 13.3, theshowversioncommandoutput includesthe new Junos field that displays the Junos OS version running on the device. This new

field is in addition to the list of installed sub-packages running on the device that also

display the Junos OS version number of those sub-packages. This field provides a

consistent means of identifying the Junos OS version, rather than extracting that

information from the list of installed sub-packages. In the future, the list of

sub-packagesmight not be usable for identifying the Junos OS version running on the

device. This change inoutputmight impact existing scripts thatparse information from

the show version command.







user@host> show versionHostname: lab Model: mx960 Junos: 13.3R1.4JUNOS Base OS boot [13.3R1.4] JUNOS Base OS Software Suite [13.3R1.4] JUNOS Kernel Software Suite [13.3R1.4]JUNOS Crypto Software Suite [13.3R1.4]...

user@host> show versionHostname: lab Model: mx960 JUNOS Base OS boot [12.2R2.4]JUNOS Base OS Software Suite [12.2R2.4]JUNOS Kernel Software Suite [12.2R2.4]JUNOS Crypto Software Suite [12.2R2.4]...



http://www.juniper.net/techpubs/en_US/junos13.3/topics/reference/command-summary/show-network-access-aaa-statistics.html

[See show version.]

• In all supported Junos OS releases, regular expressions can no longer be configured if

they require more than 64MB of memory or more than 256 recursions for parsing.

This change in the behavior of Junos OS is in line with the Free BSD limit. The change

wasmade in response to a known consumption vulnerability that allows an attacker

to cause a denial of service (resource exhaustion) attack by using regular expressions

containing adjacent repetition operators or adjacent bounded repetitions. Junos OS

uses regular expressions in several placeswithin theCLI. Exploitationof this vulnerability

can cause the Routing Engine to crash, leading to a partial denial of service. Repeated

exploitation can result in an extendedpartial outageof services providedby the routing

process (rpd).








Known Behavior

This sectioncontains theknownbehavior, systemmaximums, and limitations inhardware

and software in Junos OS Release 13.3R1 for the M Series, MX Series, and T Series.





• The clear pppoe sessions command does not have an all option and consequently

clears all current PPPoE subscriber sessions when you enter the command. The CLI

does not prompt you to confirm that you want to clear all sessions. When you want to

gracefully terminateasubscriber session, always include the interfacenameassociated

with the session. For some network configurations, if your subscribers have unique

usernames, youcanalternatively issue theclearnetwork-accessaaasubscriberusername

command.

• On the MX Series, subscriber management uses firewall filters to capture and report

the volume-based service accounting counters that are used for subscriber billing. You

must always consider the relationship between firewall filters and service accounting

counters, especially when clearing firewall statistics. When you use the clear firewall

command (to clear the statistics displayed by the show firewall command), the

commandalso clears the service accounting counters that are reported to theRADIUS

accounting server. For this reason, youmust be cautious in specifying which firewall


Known Behavior

http://www.juniper.net/techpubs/en_US/junos13.3/topics/reference/command-summary/show-version.html


statistics you want to clear. When you reset firewall statistics to zero, you also zero

the counters reported to RADIUS.

• On the MX Series, subscriber management provides a route suppression feature that

enables you to override the DHCP default behavior that adds access-internal and

destination routes for DHCPv4 sessions, and to access-internal and access routes for

DHCPv6 sessions. However, you cannot suppress access-internal routes when the

subscriber is configuredwithboth IA_NAand IA_PDaddressesover IPdemux interfaces,

because the IA_PD route relies on the IA_NA route for next-hop connectivity.

• The Configuring Tunnel Interfaces on MX Series Routers topic in the Services Interfaces

Configuration Guide fails to state that Ingress queueing and tunnel services cannot be

configured on the sameMPC as it causes PFE forwarding to stop. Each feature can,

however, be configured and used separately.








Known Issues

This section lists the known issues in hardware and software in Junos OS Release 13.3R1

for the M Series, MX Series, and T Series.



• Forwarding and Sampling

• General Routing

• High Availability (HA) and Resiliency


• Internet Protocol Security (IPsec)

• J-Web

• Layer 2 Ethernet Services

• MPLS

• Multicast

• Platform and Infrastructure

• Routing Protocols

• Services Applications

• Subscriber Management and Services




• User Interface and Configuration

• VPNs

Forwarding and Sampling

• When both SCU and DCU are configured, the traffic with a nonzero 802.1p value is not

accounted for. PR926169

General Routing

• MPLS-IPv4 performance is 10 percent less than the expected 2.5mpps. PR855865

• When transit packets with TTL expired are received, FPC is responsible for sending an

ICMPTTLExpiredmessageback to thesender.There isa500ppsperPacketForwarding

Engine rate limit so that FPC is not overwhelmedwhen a large volume of transit traffic

with TTL expired is received. Prior to Release 13.2R4, the rate limit was applied too

aggressively so that only about 40pps can be sent by the Packet Forwarding Engine

under stress,while itwas raisedback to 500ppsper Packet Forwarding Engine starting

at Release 13.2R4. PR893598

• Minor memory leaks might occur if you add and delete the samemulti-VLAN flow on

the order of 100,000 such add and delete operations. PR905620

• On theMX80,MS-MIC-16Gcould reboot andproducemspmand corewithwhile doing

add/deleteof6kNHservice-setsatmspman_fdb_msg_handler (conn=<valueoptimized

out>, ipc_msg=0x1006ae018, cookie=<value optimized out>). PR915784

• MX80 routers now support CLI command "show system resource-monitor summary".

PR925794

• Added AI-Scripts workaround for Junos OS bug sw-ui-misc/920478 (FIPS crash).

PR932644

• When configuring a logical system for a given interface, a warning may appear: ##

invalid path element 'encapsulation'. The intended commit will not fail however, and

themessage can be safely ignored.

Thewarningalsoappearswith the followingcommand:user@host>showconfiguration

logical-systems | display detail. PR945427

• PIC level "account-layer2-overhead" knob with ethernet-bridge doesn't add

"Adjustment Bytes". As a workaround, configure it under the interface level. PR946131

• CLI command "show interfaces queue" does not account for interface queue drops

due to Head-drops. This resulted in the "Queued" packets/bytes counter to be less

than what was actually received and dropped on that interface queue. This PR fixes

this issue. Head-drops, being a type of RED-drop, is now accounted under the

"RED-dropped" section of the CLI command "show interfaces queue". PR951235


Known Issues












• Whenperformingaunified in-service softwareupgrade (ISSU)validateagainst a router

equippedwith ISSU unsupported hardware, the unsupported hardware is being taken

offline, as if anactual ISSUwasbeingperformed. Inaddition, theunsupportedhardware

is still offline after the ISSU validate is completed. The workaround is rebooting or

executing CLI commands to bring the offline hardware back online. PR949882


• For Automatic Protection Switching (APS) on SONET/SDH interfaces, there are no

operational mode commands that display the presence of APSmodemismatches.

AnAPSmodemismatch occurswhen one side is configured to use bidirectionalmode,

and the other side is configured to use unidirectional mode. PR65800

• CHASSISD_SNMP_TRAP is not raised if someCLI commands are issued before PEM#1

is removed. PR709293

• To troubleshoot a particular subscriber, one can use 'monitor traffic interface <ifd>

write-file xy.pcap'. Using this command on aggregated or demux interfaces can lead

to corrupted ingress packets in the PCAP file. Customer traffic is not affected though.

PR771447

• When collecting subscriber management control traffic via 'monitor traffic interface

demux0 write-file xy.pcap', the logical unit number is incorrect whenmultiple demux

IFL's are present. This problem is fixed and the correct interface logical unit number is

reported in the juniper header of the captured PCAP file. PR771453

• Packet Forwarding Engine continues to forward traffic to DHCP client on a demux

interface when ae0 interface is down. In this scenario the AE interface bundle has five

members and is configured with aminimum link value of 4. When twomembers are

down, the ae0 interface also goes down, but the Packet Forwarding Engine continues

to forward traffic on other members for the demux interface. PR836846

• MPC 3D 16x 10GE has different"asynchronous-notification" behavior from other cards

in specific vlan-ccc environment.PR929010

• When a port mirroring destination interface is a next-hop group and anymember

interface of the next-hop-group goes up or down, the information update about this

change in datapath is not atomic, meaning that during the small windowwhen the

next-hop update occurs, there is a transient mirror traffic drop including the next-hop

groupmember interfaces that have not gone down. PR937865











Internet Protocol Security (IPsec)

• When both Routing Engines in a dual-Routing Engine system reboot too quickly with

GRES enabled, 'ipsec-key-management' process would require a manual restart.

PR854794

J-Web

• In the J-Web interface, you cannot configure OSPFv3 by using the point and click

function (Configure > Point&Click > Protocols > Configure >Ospf3). As aworkaround,

configure OSPFv3 options by using the CLI. You can then view and edit the OSPFv3

parameters by using the point and click function in the J-Web interface. PR857540

• Onconfigure->clitools->point and click->system->advanced->deletion of saved core

context on "No" option is not happening at J-Web. PR888714

Layer 2 Ethernet Services

• JDHCPD-DHCP local server sends incorrectoption-54used inACKduring lease renewal.

PR915936

• Service accounting interim updates not being sent. PR940179

MPLS

• For point-to-multipoint LSPs configured for VPLS, the "ping mpls" command reports

100 percent packet loss even though the VPLS connection is active. PR287990

• In a certain circumstance, the Junos OS RPD route flash job and LDP connection job

are always running starving other work such as stale route deletion. These jobs are

running as LDP is continuously sending label map and label withdrawmessages for

someof the prefixes under ldp egress policy. This is due to LDPprocessing a BGP route

from inet.3 for which it has a ingress tunnel (the same prefix is also learned via IGP)

creating a circular dependency as BGP routes can themselves be resolved over a LDP

route. PR945234

• In a highly scaled configuration the reroute of transit RSVP LSPs can result in BGP flap

due to lack of keepalive messages being generated by the Routing Engine. PR946030


Known Issues









Multicast

• Router directly connected to multicast source fails to send all the source traffic sent

at line rate towards downstream interface whenmore than 60MLDmembers are

connected and MLD sessions flap. PR944001

Platform and Infrastructure

• In scaled scenario, with large number of probes (around 500 or so), some intermittent

spikes around 500 to 1500usec ( the normal range should be 100-300usec) in Round

Trip Time (RTT) are being seen. The overall average RTTmeasurement isn't deviated

by much as these are not seen regularly. There is no workaround. PR892973

• On a router which does a MPLS label POP operation (penultimate hop router for

example), if the resulting packet (IPv4 or IPv6) is corrupted, then it will be dropped.

PR943382

• Bridge domain flooding over vcp interface(s)will fail if the vcp interface(s) are on fpc's

>=8, and the BD has interfaces configured on both fpc's <= 7 and >= 8 on ingress

MX-VC node. PR945316

• PPPoEsubscribers churnonanMXSeriesbox runningaBRASandCGNATconfiguration

can cause a heapmemory leak on an MS-DPC card. PR948031

Routing Protocols

• When you configure damping globally and use the import policy to prevent damping

for specific routes, and a peer sends a new route that has the local interface address

as the next hop, the route is added to the routing table with default damping

parameters, even though the importpolicyhasanondefault setting.Asa result, damping

settings do not change appropriately when the route attributes change. PR51975

• Continuous soft core-dumpmay be observed due to bgp-path-selection code. RPD

forks a child and the child asserts to produce a core-dump. The problem is with

route-ordering. And it is auto-corrected after collecting this soft-assert-coredump,

without any impact to traffic/service. PR815146

• On the first hop router if the traffic is received from a remote source and the

accept-remote-source knob is configured, the RPF information for the remote source

is not created. PR932405


• When you specify a standard application at the [edit security idp idp-policy

<policy-name> rulebase-ips rule <rule-name>match application] hierarchy level, IDP

does not detect the attack on the nonstandard port (for example, junos:ftp on port

85). Whether it is a custom or predefined application, the application name does not

matter. IDP simply looks at the protocol and port from the application definition. Only

when traffic matches the protocol and port does IDP try to match or detect against

the associated attack. PR477748












• Whenpeers ina security association (SA)becameunsynchronized, packetswith invalid

security parameter index (SPI) values can be sent out, and the receiving peer drops

those packets. The only way to recover is to manually clear the SAs or wait for them

to time out. PR874456


• LNS-Service accounting updates are not sent. PR944807

• The show ppp interface interface-name extensive and show interfaces pp0 commands

display different values for the LCP state of a tunneled subscriber on the LAC. The

show ppp interface interface-name extensive command displays STOPPEDwhereas

the show interfaces pp0 command displays OPENED (which reflects the LCP state

before tunneling).Asaworkaround, use the showppp interface interface-nameextensive

command to determine the correct LCP state for the subscriber. PR888478


• The logical router administrator canmodify and delete master administrator-only

configurations by performing local operations such as issuing the “load override”, “load

replace”, and “load update” commands. PR238991

• Selecting the Monitor port for any port in the Chassis Viewer page takes the user to

the common Port Monitoring page instead of the corresponding Monitoring page of

the selected port. PR446890

• User needs to wait until the page is completely loaded before navigating away from

the current page. PR567756

• The J-Web interface allows the creation of duplicate term names in the Configure >

Security > Filters > IPV4 Firewall Filters page, but the duplicate entry is not shown in

the grid. There is no functionality impact on the J-Web interface. PR574525

• Using the Internet Explorer 7browser,while deletingauser fromtheConfigure>System

Properties >UserManagement >Users page on the J-Web interface, the system is not

showingawarningmessage,whereas in theFirefoxbrowser errormessagesare shown.

PR595932

• If you access the J-Web interface using the Microsoft InternetWeb browser version 7,

on the BGP Configuration page (Configure > Routing > BGP), all flagsmight be shown

in the Configured Flags list (in the Edit Global Settings window, on the Trace Options

tab) even though the flags are not configured. As aworkaround, use theMozilla Firefox

Web browser. PR603669

• On the J-Web interface, the next hop column inMonitor > Routing > Route Information

displays only the interface address, and the corresponding IP address is missing. The

title of the first columndisplays "static routeaddress" insteadof "DestinationAddress."

PR684552

• On the J-Web interface, Configure > Routing> OSPF> Add> Interface Tab is showing

only the following three interfaces by default: - pfh-0/0/0.16383 - lo0.0 - lo0.16385

To overcome this issue and to configure the desired interfaces to associated ospf

area-range, perform the following operation on the CLI: - set protocols ospf area


Known Issues











10.1.2.5 area-range 12.25.0.0/16 - set protocols ospf area 10.1.2.5 interface fe-0/3/1PR814171

• OnHTTPS service, J-Web is not launching the chassis viewer page at Internet Explorer

7. PR819717

VPNs

• When youmodify the frame-relay-tcc statement at the [edit interfaces interface-name

unit logical-unit-number]hierarchy level of aLayer 2VPN, theconnection for the second

logical interface might not come up. As a workaround, restart the chassis process

(chassisd) or reboot the router. PR32763









This section lists the errata and changes in Junos OS Release 13.3R1 documentation for

the M Series, MX Series, and T Series.

• Dynamic Firewall Feature Guide for Subscriber Services on page 48

• Junos Address-Aware Carrier-Grade NAT and IPv6 Feature Guide on page 49

• Subscriber Access Configuration Guide on page 49

• VPWS Feature Guide for Routing Devices on page 49

Dynamic Firewall Feature Guide for Subscriber Services

• Theenhanced-policer topic fails to includea reference to theEnhancedPolicer Statistics

Overview topic. The overview topic explains how the enhanced policer enables you to

analyze traffic statistics for debugging purposes.

The enhanced policer statistics are as follows:

• Offered packet statistics for traffic subjected to policing.

• OOSpacket statistics for packets that aremarkedout-of-specificationby thepolicer.

Changes to all packets that have out-of-specification actions, such as discard, color

marking, or forwarding-class, are included in this counter.

• Transmitted packet statistics for traffic that is not discarded by the policer. When

the policer action is discard, the statistics are the same as the in-spec statistics;

when thepoliceraction isnon-discard(loss-priorityor forwarding-class), thestatistics

are included in this counter.






To enable collection of enhanced statistics, include the enhanced-policer statement

at the [edit chassis] hierarchy level. To view these statistics, include the detail option

when you issue the show firewall, show firewall filter filter-name, or show policer

command.

Junos Address-Aware Carrier-Grade NAT and IPv6 Feature Guide

• The following note applies to the topic Configuring Address Pools for Network Address

Port Translation (NAPT) Overview:

NOTE: When 99 percent of the total available ports in a pool for napt-44are used, no new flows are allowed on that NAT pool.

Subscriber Access Configuration Guide

• The Junos OS Release 13.3 Subscriber Access Configuration Guide fails to include the

new user@domain option for filtering AAA, L2TP, and PPP traces by subscriber. See

the feature description in these Release Notes titled Support for filtering trace results

by subscribers for AAA, L2TP, and PPP for information about using this option.

VPWS Feature Guide for Routing Devices

• In JunosOSRelease 13.3, the Layer 2Circuits FeatureGuide for RoutingDeviceshasbeen

renamed VPWS Feature Guide for Routing Devices. VPWS content has been added to

this guide, and has been removed from the VPLS Feature Guide for Routing Devices.









This sectioncontains theprocedure toupgrade JunosOS,and theupgradeanddowngrade

policies for JunosOS for theMSeries,MXSeries, andTSeries. Upgrading or downgrading

JunosOScan take several hours, depending on the size and configuration of the network.

• Basic Procedure for Upgrading to Release 13.3 on page 50

• Upgrade and Downgrade Support Policy for Junos OS Releases on page 52

• Upgrading a Router with Redundant Routing Engines on page 52

• Upgrading Juniper Network Routers Running Draft-Rosen Multicast VPN to Junos OS

Release 10.1 on page 53



• Upgrading the Software for a Routing Matrix on page 54

• Upgrading Using ISSU on page 55

• Upgrading from Junos OS Release 9.2 or Earlier on a Router Enabled for Both PIM and

NSR on page 56

• Downgrading from Release 13.3 on page 57

• Changes Planned for Future Releases on page 57

Basic Procedure for Upgrading to Release 13.3

In order to upgrade to Junos OS 10.0 or later, youmust be running Junos OS 9.0S2, 9.1S1,

9.2R4, 9.3R3, 9.4R3, 9.5R1, or later minor versions, or youmust specify the no-validate

option on the request system software install command.

When upgrading or downgrading Junos OS, always use the jinstall package. Use other

packages (such as the jbundle package) only when so instructed by a Juniper Networks

support representative. For information about the contents of the jinstall package and

details of the installation process, see the Installation and Upgrade Guide.

NOTE: With JunosOSRelease 9.0 and later, the compact flash diskmemoryrequirement for Junos OS is 1 GB. For M7i andM10i routers with only 256MBmemory, see the Customer Support Center JTAC Technical BulletinPSN-2007-10-001 athttps://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2007-10-001

&actionBtn=Search

NOTE: Before upgrading, back up the file system and the currently activeJunos OS configuration so that you can recover to a known, stableenvironment in case the upgrade is unsuccessful. Issue the followingcommand:

user@host> request system snapshot

The installation process rebuilds the file system and completely reinstallsJunos OS. Configuration information from the previous software installationis retained, but the contents of log files might be erased. Stored files on therouting platform, such as configuration templates and shell scripts (the onlyexceptions are the juniper.conf and ssh files) might be removed. To preserve

the stored files, copy them to another system before upgrading ordowngrading the routing platform. For more information, see the Junos OS

Administration Library for Routing Devices.




http://www.juniper.net/techpubs/en_US/junos13.3/information-products/pathway-pages/system-basics/


Thedownloadand installationprocess for JunosOSRelease 13.3 isdifferent fromprevious

Junos OS releases.

Before upgrading to 64-bit Junos OS, read the instruction on the following pages:

• To check Routing Engine compatibility, see Supported Routing Engines by Router.

• To read the upgrade instructions, see Upgrading to 64-bit Junos OS.

1. Using aWeb browser, navigate to the All Junos Platforms software download URL on

the Juniper Networks webpage:

http://www.juniper.net/support/downloads/

2. Select the name of the Junos platform for the software that you want to download.

3. Select the release number (the number of the software version that you want to

download) from the Release drop-down list to the right of the Download Software

page.

4. Select the Software tab.

5. In the Install Package section of the Software tab, select the software package for the

release.

6. Log in to the Juniper Networks authentication system using the username (generally

your e-mail address) and password supplied by Juniper Networks representatives.

7. Review and accept the End User License Agreement.

8. Download the software to a local host.

9. Copy the software to the routing platform or to your internal software distribution

site.

10. Install the new jinstall package on the routing platform.

NOTE: We recommend that you upgrade all software packages out ofband using the console because in-band connections are lost during theupgrade process.

Customers in the United States and Canada, use the following command:

user@host> request system software add validate rebootsource/jinstall-13.3R11-domestic-signed.tgz

All other customers, use the following command:

user@host> request system software add validate rebootsource/jinstall-13.3R11-export-signed.tgz

Replace sourcewith one of the following values:

• /pathname—For a software package that is installed from a local directory on the

router.

• For software packages that are downloaded and installed from a remote location:

• ftp://hostname/pathname



http://www.juniper.net/techpubs/en_US/release-independent/junos/topics/reference/general/routing-engine-m-mx-t-series-support-by-chassis.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/task/configuration/64-bit-junos-upgrading.html


• http://hostname/pathname

• scp://hostname/pathname (available only for Canada and U.S. version)

The validate option validates the software package against the current configuration

as a prerequisite to adding the software package to ensure that the router reboots

successfully. This is the default behavior when the software package being added is

a different release.

Adding the reboot command reboots the router after the upgrade is validated and

installed. When the reboot is complete, the router displays the login prompt. The

loading process can take 5 to 10minutes.

Rebooting occurs only if the upgrade is successful.

NOTE: After you install a Junos OS Release 13.3 jinstall package, you cannot

issue the requestsystemsoftwarerollbackcommandto return to thepreviously

installed software. Instead youmust issue the request system software add

validate command and specify the jinstall package that corresponds to the

previously installed software.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that spanmore than three Junos OS releases at

a time is not provided, except for releases that are designated as Extended End-of-Life

(EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can

upgrade directly from one EEOL release to the next EEOL release even though EEOL

releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after

the currently installed EEOL release, or to twoEEOL releases before or after. For example,

Junos OS Releases 10.0, 10.4, and 11.4 are EEOL releases. You can upgrade from Junos

OS Release 10.0 to Release 10.4 or even from Junos OS Release 10.0 to Release 11.4.

However, you cannot upgrade directly from a non-EEOL release that is more than three

releases ahead or behind. For example, you cannot directly upgrade from Junos OS

Release 10.3 (a non-EEOL release) to Junos OS Release 11.4 or directly downgrade from

Junos OS Release 11.4 to Junos OS Release 10.3.

To upgrade or downgrade fromanon-EEOL release to a releasemore than three releases

before or after, first upgrade to the next EEOL release and then upgrade or downgrade

from that EEOL release to your target release.

For more information on EEOL releases and to review a list of EEOL releases, see


Upgrading a Router with Redundant Routing Engines

If the router has two Routing Engines, perform a Junos OS installation on each Routing

Engine separately to avoid disrupting network operation as follows:




1. Disable graceful Routing Engine switchover (GRES) on themaster Routing Engine

and save the configuration change to both Routing Engines.

2. Install the new Junos OS release on the backup Routing Engine while keeping the

currently running software version on themaster Routing Engine.

3. After making sure that the new software version is running correctly on the backup

RoutingEngine, switchover to thebackupRoutingEngine toactivate thenewsoftware.

4. Install the new software on the original master Routing Engine that is now active as

the backup Routing Engine.

For the detailed procedure, see the Installation and Upgrade Guide.

Upgrading JuniperNetworkRoutersRunningDraft-RosenMulticastVPN to JunosOS Release 10.1

In releases prior to Junos OS Release 10.1, the draft-rosenmulticast VPN feature

implements the unicast lo0.x address configured within that instance as the source

address used to establish PIM neighbors and create the multicast tunnel. In this mode,

the multicast VPN loopback address is used for reverse path forwarding (RPF) route

resolution to create the reverse path tree (RPT), or multicast tunnel. Themulticast VPN

loopback address is also used as the source address in outgoing PIM control messages.

In Junos OS Release 10.1 and later, you can use the router’s main instance loopback

(lo0.0) address (rather than themulticast VPN loopback address) to establish the PIM

state for the multicast VPN. We strongly recommend that you perform the following

procedure when upgrading to Junos OS Release 10.1 if your draft-rosenmulticast VPN

network includes both Juniper Network routers and other vendors’ routers functioning

as provider edge (PE) routers. Doing so preservesmulticast VPNconnectivity throughout

the upgrade process.

Because JunosOSRelease 10.1 supportsusing the router’smain instance loopback (lo0.0)

address, it is no longer necessary for the multicast VPN loopback address to match the

main instance loopback adddress lo0.0 to maintain interoperability.

NOTE: Youmight want tomaintain amulticast VPN instance lo0.x address

to use for protocol peering (such as IBGP sessions), or as a stable routeridentifier, or to support the PIM bootstrap server function within the VPNinstance.

Complete the following steps when upgrading routers in your draft-rosenmulticast VPN

network to Junos OS Release 10.1 if you want to configure the routers’s main instance

loopback address for draft-rosenmulticast VPN:

1. Upgrade all M7i and M10i routers to Junos OS Release 10.1 before you configure the

loopback address for draft-rosen Multicast VPN.

NOTE: Do not configure the new feature until all theM7i andM10i routersin the network have been upgraded to Junos OS Release 10.1.




2. After you have upgraded all routers, configure each router’s main instance loopback

address as the source address formulticast interfaces. Include thedefault-vpn-source

interface-name loopback-interface-name] statement at the [edit protocols pim]

hierarchy level.

3. After you have configured the router’s main loopback address on each PE router,

delete the multicast VPN loopback address (lo0.x) from all routers.

We also recommend that you remove themulticast VPN loopback address from all

PE routers from other vendors. In Junos OS releases prior to 10.1, to ensure

interoperability with other vendors’ routers in a draft-rosenmulticast VPN network,

you had to perform additional configuration. Remove that configuration from both

the JuniperNetworks routers and the other vendors’ routers. This configuration should

beon JuniperNetworks routers andon theother vendors’ routerswhere youconfigured

the lo0.mvpnaddress ineachVRF instanceas thesameaddressas themain loopback

(lo0.0) address.

This configuration is not requiredwhen you upgrade to Junos OS Release 10.1 and use

themain loopback address as the source address for multicast interfaces.

NOTE: Tomaintain a loopback address for a specific instance, configurea loopback address value that does notmatch themain instance address(lo0.0).

For more information about configuring the draft-rosen Multicast VPN feature, see the

Multicast Protocols Feature Guide for Routing Devices.

Upgrading the Software for a RoutingMatrix

A routing matrix can be either a TXMatrix router as the switch-card chassis (SCC) or a

TXMatrix Plus router as the switch-fabric chassis (SFC). By default, when you upgrade

software for a TXMatrix router or a TXMatrix Plus router, the new image is loaded onto

the TXMatrix or TX Matrix Plus router (specified in the Junos OS CLI by using the scc or

sfc option) and distributed to all line-card chassis (LCCs) in the routingmatrix (specified

in the Junos OS CLI by using the lcc option). To avoid network disruption during the

upgrade, ensure the following conditions before beginning the upgrade process:

• Aminimumof freedisk spaceandDRAMoneachRoutingEngine.Thesoftwareupgrade

will fail on any Routing Engine without the required amount of free disk space and

DRAM.Todetermine theamountofdisk spacecurrentlyavailableonallRoutingEngines

of the routing matrix, use the CLI show system storage command. To determine the

amount of DRAM currently available on all the Routing Engines in the routing matrix,

use the CLI show chassis routing-engine command.

• Themaster Routing Engines of the TXMatrix or TX Matrix Plus router (SCC or SFC)

and all LCCs connected to the SCC or SFC are all re0 or are all re1.

• The backup Routing Engines of the TXMatrix or TX Matrix Plus router (SCC or SFC)

and all LCCs connected to the SCC or SFC are all re1 or are all re0.



http://www.juniper.net/techpubs/en_US/junos13.3/information-products/pathway-pages/config-guide-multicast/config-guide-multicast.html

• All master Routing Engines in all routers run the same version of software. This is

necessary for the routing matrix to operate.

• All master and backup Routing Engines run the same version of software before

beginning the upgrade procedure. Different versions of the Junos OS can have

incompatible message formats especially if you turn on GRES. Because the steps in

the process include changing mastership, running the same version of software is

recommended.

• For a routing matrix with a TXMatrix router, the same Routing Engine model is used

within a TXMatrix router (SCC) and within a T640 router (LCC) of a routing matrix.

For example, a routing matrix with an SCC using two RE-A-2000s and an LCC using

two RE-1600s is supported. However, an SCC or an LCC with two different Routing

Engine models is not supported. We suggest that all Routing Engines be the same

model throughout all routers in the routing matrix. To determine the Routing Engine

type, use the CLI show chassis hardware | match routing command.

• For a routing matrix with a TXMatrix Plus router, the SFC contains twomodel

RE-DUO-C2600-16G Routing Engines, and each LCC contains twomodel

RE-DUO-C1800-8G or RE-DUO-C1800-16G Routing Engines.

BEST PRACTICE: Make sure that all master Routing Engines are re0 and allbackup Routing Engines are re1 (or vice versa). For the purposes of thisdocument, themaster Routing Engine is re0 and the backup Routing Engineis re1.

To upgrade the software for a routing matrix, perform the following steps:


(re0) and save the configuration change to both Routing Engines.

2. Install the new Junos OS release on the backup Routing Engine (re1) while keeping

the currently running software version on themaster Routing Engine (re0).

3. Load the new JunosOSon the backupRouting Engine. Aftermaking sure that the new

software version is running correctly on the backup Routing Engine (re1), switch

mastership back to the original master Routing Engine (re0) to activate the new

software.

4. Install the new software on the new backup Routing Engine (re0).

For the detailed procedure, see the Routing Matrix with a TXMatrix Router Deployment

Guide or the Routing Matrix with a TXMatrix Plus Router Deployment Guide.

Upgrading Using ISSU

Unified in-service softwareupgrade (ISSU)enables you toupgradebetween twodifferent

Junos OS releases with no disruption on the control plane and with minimal disruption

of traffic. Unified in-service software upgrade is only supported by dual Routing Engine

platforms. In addition, graceful Routing Engine switchover (GRES) and nonstop active

routing (NSR)must be enabled. For additional information about using unified in-service

software upgrade, see the High Availability Feature Guide for Routing Devices.



http://www.juniper.net/techpubs/en_US/junos/information-products/pathway-pages/solutions/routing-matrix/routing-matrix.pdf

http://www.juniper.net/techpubs/en_US/junos/information-products/pathway-pages/solutions/routing-matrix/routing-matrix.pdf

http://www.juniper.net/techpubs/en_US/junos/information-products/pathway-pages/solutions/routing-matrix-tx-matrix-plus/index.pdf

http://www.juniper.net/techpubs/en_US/junos13.3/information-products/pathway-pages/config-guide-high-availability/high-availability.html

Upgrading from JunosOSRelease 9.2 or Earlier on aRouter Enabled for BothPIMand NSR

Junos OS Release 9.3 introduced NSR support for PIM for IPv4 traffic. However, the

following PIM features are not currently supportedwith NSR. The commit operation fails

if the configuration includes both NSR and one or more of these features:

• Anycast RP

• Draft-Rosenmulticast VPNs (MVPNs)

• Local RP

• Next-generation MVPNs with PIM provider tunnels

• PIM join load balancing

Junos OS Release 9.3 introduced a new configuration statement that disables NSR for

PIM only, so that you can activate incompatible PIM features and continue to use NSR

for the other protocols on the router: the nonstop-routing disable statement at the [edit

protocolspim]hierarchy level. (Note that this statementdisablesNSR for all PIM features,

not only incompatible features.)

If neitherNSRnorPIM is enabledon the router tobeupgradedor if oneof theunsupported

PIM features is enabled but NSR is not enabled, no additional steps are necessary and

you can use the standard upgrade procedure described in other sections of these

instructions. If NSR is enabled and no NSR-incompatible PIM features are enabled, use

the standard reboot or ISSU procedures described in the other sections of these

instructions.

Because the nonstop-routing disable statement was not available in Junos OS Release

9.2 and earlier, if both NSR and an incompatible PIM feature are enabled on a router to

be upgraded from Junos OS Release 9.2 or earlier to a later release, youmust disable

PIM before the upgrade and reenable it after the router is running the upgraded Junos

OS and you have entered the nonstop-routing disable statement. If your router is running

Junos OS Release 9.3 or later, you can upgrade to a later release without disabling NSR

orPIM–simplyuse thestandard rebootor ISSUproceduresdescribed in theother sections

of these instructions.

To disable and reenable PIM:

1. On the router running Junos OS Release 9.2 or earlier, enter configuration mode and

disable PIM:

[edit]

user@host# deactivate protocols pimuser@host# commit

2. Upgrade to Junos OS Release 9.3 or later software using the instructions appropriate

for the router type. You caneither use the standardprocedurewith reboot or use ISSU.

3. After the router reboots and is running the upgraded Junos OS, enter configuration

mode, disablePIMNSRwith thenonstop-routingdisable statement, and then reenable

PIM:



[edit]

user@host# set protocols pim nonstop-routing disableuser@host# activate protocols pimuser@host# commit

Downgrading fromRelease 13.3

To downgrade from Release 13.3 to another supported release, follow the procedure for

upgrading, but replace the 13.3 jinstall package with one that corresponds to the

appropriate release.

NOTE: Youcannot downgrademore than three releases. For example, if yourrouting platform is running Junos OS Release 11.4, you can downgrade thesoftware to Release 10.4 directly, but not to Release 10.3 or earlier; as aworkaround, you can first downgrade to Release 10.4 and then downgradeto Release 10.3.

For more information, see the Installation and Upgrade Guide.

Changes Planned for Future Releases

The following are changes planned for future releases.

Routing Protocols

• Change in Junos OS support for the BGPMonitoring Protocol (BMP)—In Junos OSRelease 13.3and later, thecurrently supportedversionofBMP,BMPversion 1, asdefined

in Internet draft draft-ietf-grow-bmp-01, is planned to be replaced with BMP version

3, as defined in Internet draft draft-ietf-grow-bmp-07.txt. Junos OS can support only

one of these versions of BMP in a release. Therefore, Junos OS Release 13.2 and earlier

releases will continue to support BMP version 1, as defined in Internet draft

draft-ietf-grow-bmp-01. Junos OS Release 13.3 and later support only the updated

BMP version 3 defined in Internet draft draft-ietf-grow-bmp-07.txt. This also means

thatbeginning in JunosOSRelease 13.3,BMPversion3configurationsarenotbackwards

compatible with BMP version 1 configurations from earlier Junos OS releases.















special compatibility guidelineswith the release, see theHardwareGuideand the Interface

Module Reference for the product.

To determine the features supported onM Series, MX Series, and T Series devices in this

release, use the Juniper Networks Feature Explorer, a Web-based application that helps

you to explore and compare Junos OS feature information to find the right software

release and hardware platform for your network. Find Feature Explorer at:












Junos OS Release Notes for PTX Series Packet Transport Routers

These releasenotesaccompany JunosOSRelease 13.3R1 for thePTXSeries.Theydescribe

newandchanged features, limitations, andknownand resolvedproblems in thehardware

and software.











OS Release 13.3R1 for the PTX Series.

• Hardware on page 59

• Class of Service (CoS) on page 61

• General Routing on page 61

• High Availability (HA) and Resiliency on page 61


• Netwok Management and Monitoring on page 63


• Software Installation and Upgrade on page 63

Hardware

• PTX3000PacketTransportRouter—TheJuniperNetworksPTX3000PacketTransportRouter provides 10-Gigabit Ethernet, 40-Gigabit Ethernet, and 100-Gigabit Ethernet

interfaces for large networks and network applications, such as those supported by

ISPs. The router accommodates up to eight Flexible PIC Concentrators (FPCs), each

of which supports one PIC. The compact design of the PTX3000 router allows up to

four chassis to be installed back-to-back in a single four-post rack. The PTX3000

router can be configured with single-phase AC or DC power supply modules.

[See the PTX3000 Packet Transport Router Hardware Guide.]

• CFP-GEN2-CGE-ER4 and CFP-GEN2-100GBASE-LR4 (PTX5000)—TheCFP-GEN2-CGE-ER4 transceiver (part number: 740-049763) provides a duplex LC

connector and supports the 100GBASE-ER4 optical interface specification and

monitoring. The CFP-GEN2-100GBASE-LR4 transceiver (part number: 740-047682)

provides a duplex LC connector and supports the 100GBASE-LR4 optical interface


Junos OS Release Notes for PTX Series Packet Transport Routers


http://www.juniper.net/techpubs/en_US/release-independent/junos/information-products/pathway-pages/ptx-series/ptx3000/index.html

specificationandmonitoring. Starting in JunosOSRelease 13.3, the “GEN2”optics have

been redesigned with newer versions of internal components for reduced power

consumption. The following interface module supports the CFP-GEN2-CGE-ER4 and

CFP-GEN2-100GBASE-LR4transceivers. Formore informationabout interfacemodules,

see the Interface Module Reference for your router.

• 100-Gigabit Ethernet PIC with CFP (model number:

P1-PTX-2-100GE-CFP)—Supported in Junos OS Release 12.3R5, 13.2R3, 13.3R1, and

later





Class of Service (CoS)

• Support for strict-priority scheduling (PTX Series)—Beginning with Junos OS Release

13.3, interfaces on PTX Series routers support strict-priority scheduling. Configured

queues are processed in strict-priority order. Within the guaranteed region, multiple

CoS queues that compete in the same hardware-based priority level are selected

based on the packet round-robin algorithm, while within the excess region, selection

is based on theWRR algorithm. The queues receive equal share when they send the

same packet size. Otherwise, the queues receive shares proportional to the respective

packet sizes sent. To enable configuration of strict-priority scheduling for a physical

interface on a PTX Series router, include the strict-priority-scheduler statement in the

traffic control profile associated with the interface.

[See Understanding Scheduling on PTX Series Routers.]

General Routing

• Nonstop active routing support for logical systems (PTX Series)—Starting in Junos

OSRelease 13.3, this featureenablesnonstopactive routing support for logical systems

using the nonstop-routing option under the [edit logical-systems logical-system-name

routing-options] hierarchy. As a result of extending nonstop active routing support for

logical systems, the logical-systems argument has been appended in some show

operational commands to allow display of status, process, and event details.


• Nonstop active routing support for BGP addpath (PTX Series)—Beginning in JunosOS Release 13.3, nonstop active routing support for BGP addpath is available on the

PTX Series. Nonstop active routing support is enabled for the BGP addpath feature.

After the nonstop active routing switchover, addpath-enabled BGP sessions do not

bounce. The secondary Routing Engine maintains the addpath advertisement state

before the nonstop active routing switchover.


• FPC self-healing (PTX Series)—Starting in Junos OS Release 13.3, PTX Series routersallow you to configure Packet Forwarding Engine-related error levels (fatal, major, or

minor) and the actions to perform (alarm, disable-pfe, or log) when a specified

threshold is reached.Previously, Packet ForwardingEngine-relatederrorswoulddisable

the FPC. Using this commandPacket Forwarding Engine errors can be isolated thereby

reducing the need for a field replacement. This command is available at the [edit

chassis fpc slot-number] and [edit chassis] hierarchy levels.

• 2-port 100-Gigabit DWDMOTNPIC (PTX3000)—Beginning with Junos OS Release13.3, the 2-port 100-Gigabit dense wavelength division multiplexing (DWDM) optical

transport network (OTN) PIC is supported by Type 5 FPCs on PTX3000 routers. The

100-Gigabit DWDMOTN PIC supports the following features:

• Transparent transport of two 100-Gigabit Ethernet signals with OTU4 framing

• ITU-standard OTN performancemonitoring and alarmmanagement



http://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/cos-strict-scheduling-ptx.html

• Dual polarization quadrature phase shift keying (DP-QPSK)modulation and

soft-decision forwarderror correction (SD-FEC) for longhaul andmetroapplications

You can use SNMP tomanage the PIC based on RFC 3591,Managed Objects for the

Optical Interface Type.

[See 100-Gigabit Ethernet OTNOptions Configuration Overview.]

• Pre-FEC BER fast reroute (PTX3000)—The 100-Gbps DWDMOTN PIC

(P1-PTX-2-100G-WDM) supports pre-forward error correction (pre-FEC) bit error rate

(BER) monitoring as a condition for MPLS fast reroute (FRR). Pre-FEC BER FRR uses

pre-FEC BER as an indication of the condition of an optical transport network (OTN)

link. When the pre-FEC BER degrade threshold is reached, the PIC stops forwarding

packets to the remote interfaceand raises an interfacealarm. Ingresspackets continue

to be processed. When Pre-FEC BER FRR is used with MPLS FRR or another link

protection method, traffic is then rerouted to a different interface. You can optionally

enable backward FRR to inject local pre-FEC status into the transmitted OTN frames,

notifying the remote interface. The remote interface then reroutes traffic to a different

interface. When you use pre-FEC BER FRR and backward FRR, notification of signal

degradation and rerouting of traffic can occur in less time than through a Layer 3

protocol.

[See 100-Gigabit Ethernet OTNOptions Configuration Overview.]

• Support for configuring interface alias names (PTX Series)—Beginning in Junos OSRelease 13.3, you can configure a textual description of a physical interface or the

logical unit of an interface to be the alias of an interface name. If you configure an

interface alias, this alias name is displayed in the output of the show interfaces

commands instead of the interface name. Also, in the output of all of the show and

operational mode commands that display the interface names, the alias name is

displayed instead of the interface name if you configure the alias name. It has no effect

on theoperationof the interfaceon the router or switch.Youcanuse thealias statement

at the [edit interfaces interface-name], [edit interfaces interface-name unit

logical-unit-number], and [edit logical-systems logical-system-name interfaces

interface-name unit logical-unit-number] hierarchy levels to specify an interface alias.

[See Interface Alias NameOverview]

• Support for active flowmonitoring version 9 (PTX5000 routers withCSE2000)—Starting with Junos OS Release 13.3, Carrier-Grade Service Engine(CSE2000) supports active flowmonitoring version 9 on PTX5000 routers.

TheCSE2000 is tethered toaPTX5000router toenableactive flowmonitoringversion

9.Active flowmonitoring version9 supports IPV4,MPLS, and IPV6 templates to collect

a set of sampled flows and send the records to a specified host.



http://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/interfaces-100-gigabit-ethernet-otn-options-configuration-overview.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/interfaces-100-gigabit-ethernet-otn-options-configuration-overview.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/interfaces-alias-name-overview.html

NetwokManagement andMonitoring

• Support for BFD over child links of AE or LAG bundle (cross-functional PacketForwarding Engine/kernel/rpd) (PTX Series)—Beginning in Junos OS Release 13.3,BFDover child links of anAEor LAGbundle is supportedon thePTXSeries. This feature

provides a Layer 3 BFD liveness detection mechanism for child links of the Ethernet

LAG interface. You can enable BFD to run on individual member links of the LAG to

monitor theLayer 3or Layer 2 forwardingcapabilitiesof individualmember links. These

micro BFD sessions are independent of each other despite having a single client that

manages the LAG interface. To enable failure detection for aggregated Ethernet

interfaces, include the bfd-liveness-detection statement at the [edit interfaces aex

aggregated-ether-options bfd-liveness-detection] hierarchy level.

[See Understanding Independent Micro BFD Sessions for LAG .]

Routing Protocols

• Bidirectional PIM support (PTX5000)—Beginning with Junos OS Release 13.3,bidirectional PIM is supported on the PTX5000. The following caveats are applicable

for the bidrectional PIM configuration on the PTX 5000:

• The PTX5000 can be configured both as a bidirectional PIM rendezvous point and

the source node.

• For the PTX5000, you can configure the auto-rp statement at the [edit protocols

pimrp]or the [edit routing-instances routing-instance-nameprotocolspimrp]hierarchy

level with themapping option, but not the announce option.

• The PTX5000 does not support nonstop active routing in Junos OS Release 13.3.

• ThePTX5000does not support unified in-service software upgrade (ISSU) in Junos

OS Release 13.3.


• Unified ISSU support for the 100-Gbps DWDMOTNPIC (PTX5000)—Starting inJunosOSRelease 13.3, the 100-GbpsDWDMOTNPIC(P1-PTX-2-100G-WDM)supports

unified in-service software upgrade (ISSU) onPTX5000 routers. Unified ISSUenables

you to upgrade between two different Junos OS releases with no disruption on the

control plane and with minimal disruption of traffic.

[See Unified ISSU System Requirements.]









http://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/bfd-for-lag-overview.html

http://www.juniper.net/techpubs/en_US/junos13.3/topics/reference/requirements/issu-system-requirements.html



of JunosOSstatementsandcommands fromJunosOSRelease 13.3R1 for thePTXSeries.



Routing Protocols

• Starting in Junos OS 14.1, Junos OSwill modify the default BGP extended community

value used for MVPN IPv4 VRF route import (RT-import) to the IANA-standardized

value. Thus, the default behavior will change such that the behavior of the

mvpn-iana-rt-import statement will become the default. Themvpn-iana-rt-import

statement will be depricated and should be removed from configurations.


• User-defined identifiersusingthereservedprefix junos-nowcorrectlycauseacommiterror in the CLI (PTXSeries)—Junos OS reserves the prefix junos- for the identifiers ofconfigurations defined within the junos-defaults configuration group. User-defined

identifiers cannot start with the string junos-. If you configured user-defined identifiers

using the reserved prefix through a NETCONF or Junos XML protocol session, the

commit would correctly fail. Prior to Junos OS Release 13.3, if you configured

user-defined identifiers through the CLI using the reserved prefix, the commit would

incorrectly succeed. Junos OS Release 13.3 and later releases exhibit the correct

behavior. Configurations that currently contain the reserved prefix for user-defined

identifiers other than junos-defaults configuration group identifiers will now correctly

result in a commit error in the CLI.

• Change in show version command output (PTX Series)—Beginning in Junos OSRelease 13.3, the show version command output includes the new Junos field that

displays the Junos OS version running on the device. This new field is in addition to the

list of installed sub-packages running on the device that also display the Junos OS

version number of those sub-packages. This field provides a consistent means of

identifying the Junos OS version, rather than extracting that information from the list

of installed sub-packages. In the future, the list of sub-packages might not be usable

for identifying the JunosOS version running on the device. This change in outputmight

impact existing scripts that parse information from the show version command.









user@host> show versionHostname: lab Model: ptx5000 Junos: 13.3R1.4JUNOS Base OS boot [13.3R1.4] JUNOS Base OS Software Suite [13.3R1.4] JUNOS 64-bit Kernel Software Suite [13.3R1.4]JUNOS Crypto Software Suite [13.3R1.4]...

user@host> show versionHostname: lab Model: ptx5000 JUNOS Base OS boot [12.3R2.5]JUNOS Base OS Software Suite [12.3R2.5]JUNOS 64–bit Kernel Software Suite [12.3R2.5]JUNOS Crypto Software Suite [12.3R2.5]...

[See show version.]

• In all supported Junos OS releases, regular expressions can no longer be configured if

they require more than 64MB of memory or more than 256 recursions for parsing.

This change in the behavior of Junos OS is in line with the Free BSD limit. The change

wasmade in response to a known consumption vulnerability that allows an attacker

to cause a denial of service (resource exhaustion) attack by using regular expressions

containing adjacent repetition operators or adjacent bounded repetitions. Junos OS

uses regular expressions in several placeswithin theCLI. Exploitationof this vulnerability

can cause the Routing Engine to crash, leading to a partial denial of service. Repeated

exploitation can result in an extendedpartial outageof services providedby the routing

process (rpd).







Known Issues

This section lists the known issues in hardware and software in Junos OS Release 13.3R1.

The identifier following the description is the tracking number in the Juniper Networks

Problem Report (PR) tracking system.

• Hardware

• General Routing


• IPv6

• MPLS


Known Issues

http://www.juniper.net/techpubs/en_US/junos13.3/topics/reference/command-summary/show-version.html

• Routing Protocols

• VLAN Infrastructure

Hardware

• CCG configuration change does not reprogram hardware automatically. PR896226

General Routing

• "rnh_get_forwarding_nh: RNH type 1 unexpected" kernel error messages observed.

PR866282


• Having IGMPenabledon the fxp0 interfacecancauseadiscardnext hop tobe installed

for 224/4 routes. To solve this issue, disableprotocols on fxp0anddeactivateprotocols

(for example: IGMP, LDP). After that, activate the protocols again. PR601619

• When the FlexiblePICConcentrator (FPC) restartedafter performingamaster Routing

Engine switchover, theaggregate interface flagwasset todown.Any traffic that entered

this FPC and traversed the equal-cost multipath (ECMP) to the aggregate interface

was dropped. PR809383

IPv6

• PTX Series drops packets containing same source and destination IP due to LAND

attack check. 934364

MPLS

• In rare scenarios, the routing protocol process can fail to read themesh-group

information from the kernel, which might result in the VPLS connections for that

routing-instance to stay in MI (Mesh-Group ID not available) state. The workaround is

to deactivate/activate the routing-instance. PR892593

Routing Protocols

• Distributedprotocol adjacencies (LFM/BFD/etc)might experienceadelay in keepalives

transmission and/or processing due to prolonged CPU usage on the FPCmicrokernel

on the PTX5000. The delay in keepalive transmission/processing can result in a

mis-diagnosis of a link fault by the peer devices. The issue is seen several seconds after

the Routing Engine mastership switch with nonstop active routing enabled. The fault

condition will clear after a couple of minutes. PR849148

• ForbidirectionalPIM, the showmulticaststatistics commanddoesnotdisplay the input

counters. This is because a bidirectional route associates with multiple incoming

interfaces (iif's). The statistics are collectedpermroute, and thepacket for bidirectional

groups might come in from any of the iif's. There is no way to impose the incoming

traffic of the route to one of the iif's. PIM-SM, on the other hand, has only one iif per

mroute, and hence the incoming counters are displayed for all PIM-SM routes.

PR865694











VLAN Infrastructure

• Commits less than 3minutes apart with per-vlan-queuing configuration should be

avoided, as this might lead to interrupts or undesirable side effects. PR897601








This section lists the errata and changes in Junos OS Release 13.3R1 documentation for

the PTX Series.

• VPWS Feature Guide for Routing Devices on page 67

VPWS Feature Guide for Routing Devices

• In JunosOSRelease 13.3, the Layer 2Circuits FeatureGuide for RoutingDeviceshasbeen

renamed VPWS Feature Guide for Routing Devices. VPWS content has been added to

this guide, and has been removed from the VPLS Feature Guide for Routing Devices.








This sectioncontains theprocedure toupgrade JunosOS,and theupgradeanddowngrade

policies for Junos OS for the PTX Series. Upgrading or downgrading Junos OS can take

several hours, depending on the size and configuration of the network.

• Upgrading Using ISSU on page 67

• Upgrading a Router with Redundant Routing Engines on page 68

• Basic Procedure for Upgrading to Release 13.3 on page 68

Upgrading Using ISSU

Unified in-service softwareupgrade (ISSU)enables you toupgradebetween twodifferent

Junos OS releases with no disruption on the control plane and with minimal disruption

of traffic. Unified in-service software upgrade is only supported by dual Routing Engine




platforms. In addition, graceful Routing Engine switchover (GRES) and nonstop active

routing (NSR)must be enabled. For additional information about using unified in-service

software upgrade, see the High Availability Feature Guide for Routing Devices.

Upgrading a Router with Redundant Routing Engines

If the router has two Routing Engines, perform a Junos OS installation on each Routing

Engine separately to avoid disrupting network operation as follows:


and save the configuration change to both Routing Engines.

2. Install the new Junos OS release on the backup Routing Engine while keeping the

currently running software version on themaster Routing Engine.

3. After making sure that the new software version is running correctly on the backup

RoutingEngine, switchover to thebackupRoutingEngine toactivate thenewsoftware.

4. Install the new software on the original master Routing Engine that is now active as

the backup Routing Engine.

For the detailed procedure, see the Installation and Upgrade Guide.

Basic Procedure for Upgrading to Release 13.3

When upgrading or downgrading Junos OS, use the jinstall package. For information

about the contents of the jinstall package and details of the installation process, see the

Installation and Upgrade Guide. Use other packages, such as the jbundle package, only

when so instructed by a Juniper Networks support representative.

NOTE: Backupthe file systemandthecurrentlyactive JunosOSconfigurationbefore upgrading Junos OS. This allows you to recover to a known, stableenvironment if the upgrade is unsuccessful. Issue the following command:

user@host> request system snapshot

NOTE: The installation process rebuilds the file system and completelyreinstalls Junos OS. Configuration information from the previous softwareinstallation is retained, but the contents of log files might be erased. Storedfiles on the router, suchas configuration templatesandshell scripts (theonlyexceptions are the juniper.conf and ssh files),might be removed. To preservethe stored files, copy them to another system before upgrading ordowngrading the routing platform. For more information, see the Junos OS

Administration Library for Routing Devices.



http://www.juniper.net/techpubs/en_US/junos13.3/information-products/pathway-pages/config-guide-high-availability/high-availability.html





NOTE: We recommend that you upgrade all software packages out of bandusing the console because in-band connections are lost during the upgradeprocess.

Thedownloadand installationprocess for JunosOSRelease 13.3 isdifferent fromprevious

Junos OS releases.

1. Using aWeb browser, navigate to the All Junos Platforms software download URLon the Juniper Networks webpage:


2. Select thenameof the JunosOSplatformfor thesoftware that youwant todownload.

3. Select the release number (the number of the software version that you want to

download) from the Release drop-down list to the right of the Download Softwarepage.

4. Select the Software tab.

5. In the Install Package section of the Software tab, select the software package forthe release.

6. Log in to the Juniper Networks authentication system using the username (generally

your e-mail address) and password supplied by Juniper Networks representatives.

7. Review and accept the End User License Agreement.

8. Download the software to a local host.

9. Copy the software to the routing platform or to your internal software distribution

site.

10. Install the new jinstall package on the router.

NOTE: After you install a Junos OS Release 13.3 jinstall package, youcannot issue the request system software rollback command to return tothe previously installed software. Instead youmust issue the requestsystem software add validate command and specify the jinstall packagethat corresponds to the previously installed software.




a different release. Adding the reboot command reboots the router after the upgrade

is validated and installed. When the reboot is complete, the router displays the login

prompt. The loading process can take 5 to 10minutes. Rebooting occurs only if the

upgrade is successful.

Customers in the United States and Canada, use the following command:

user@host> request system software add validate rebootsource/jinstall-13.3R11-domestic-signed.tgz




All other customers, use the following command:

user@host> request system software add validate rebootsource/jinstall-13.3R11-export-signed.tgz

Replace the sourcewith one of the following values:

• /pathname—For a software package that is installed from a local directory on the

router.

• For software packages that are downloaded and installed from a remote location:

• ftp://hostname/pathname

• http://hostname/pathname

• scp://hostname/pathname (available only for Canada and U.S. version)




a different release.

Adding the reboot command reboots the router after the upgrade is validated and

installed. When the reboot is complete, the router displays the login prompt. The

loading process can take 5 to 10minutes.

Rebooting occurs only if the upgrade is successful.

NOTE: After you install a Junos OS Release 13.3 jinstall package, you cannot

issue the requestsystemsoftwarerollbackcommandto return to thepreviously

installed software. Instead youmust issue the request system software add

validate command and specify the jinstall package that corresponds to the

previously installed software.











special compatibility guidelineswith the release, see theHardwareGuideand the Interface

Module Reference for the product.



Todetermine the features supportedonPTXSeriesdevices in this release, use the Juniper

Networks Feature Explorer, a Web-based application that helps you to explore and

compare Junos OS feature information to find the right software release and hardware

platform for your network. Find Feature Explorer at:











Third-Party Components

This product includes third-party components. To obtain a complete list of third-party

components, see Copyright and Trademark Information.

For a list of open source attributes for this Junos OS release, seeOpen Source: Source

Files and Attributions.

FindingMore Information

For the latest, most complete information about known and resolved issues with Junos

OS, see the Juniper Networks Problem Report Search application at:

http://prsearch.juniper.net .

Juniper Networks Feature Explorer is aWeb-based application that helps you to explore

and compare Junos OS feature information to find the correct software release and

hardware platform for your network. Find Feature Explorer at:

http://pathfinder.juniper.net/feature-explorer/.

Juniper Networks Content Explorer is aWeb-based application that helps you explore

Juniper Networks technical documentation by product, task, and software release, and

download documentation in PDF format. Find Content Explorer at:

http://www.juniper.net/techpubs/content-applications/content-explorer/.

Documentation Feedback

We encourage you to provide feedback, comments, and suggestions so that we can

improve the documentation. You can send your comments to

[email protected], or fill out the documentation feedback form at

https://www.juniper.net/cgi-bin/docbugreport/ . If you are using e-mail, be sure to include

the following information with your comments:

• Document or topic name

• URL or page number

• Software release version (if applicable)

Requesting Technical Support

Technical product support is available through the JuniperNetworksTechnicalAssistance

Center (JTAC). If you are a customer with an active J-Care or JNASC support contract,

or are covered under warranty, and need postsales technical support, you can access

our tools and resources online or open a case with JTAC.

• JTAC policies—For a complete understanding of our JTAC procedures and policies,

review the JTAC User Guide located at

http://www.juniper.net/customers/support/downloads/710059.pdf .



http://www.juniper.net/techpubs/en_US/junos/information-products/pathway-pages/system-basics/system-management-initial-configuration.pdf

http://www.juniper.net/support/downloads/opensource/junos/os.html

http://www.juniper.net/support/downloads/opensource/junos/os.html



http://www.juniper.net/techpubs/content-applications/content-explorer/

mailto:[email protected]

https://www.juniper.net/cgi-bin/docbugreport/

http://www.juniper.net/customers/support/downloads/710059.pdf

• Product warranties—For product warranty information, visit

http://www.juniper.net/support/warranty/.

• JTAC Hours of Operation —The JTAC centers have resources available 24 hours a day,

7 days a week, 365 days a year.

Self-Help Online Tools and Resources

For quick and easy problem resolution, Juniper Networks has designed an online

self-service portal called the Customer Support Center (CSC) that provides youwith the

following features:

• Find CSC offerings: http://www.juniper.net/customers/support/

• Search for known bugs: http://www2.juniper.net/kb/

• Find product documentation: http://www.juniper.net/techpubs/

• Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/

• Download the latest versions of software and review release notes:

http://www.juniper.net/customers/csc/software/

• Search technical bulletins for relevant hardware and software notifications:

http://kb.juniper.net/InfoCenter/

• Join and participate in the Juniper Networks Community Forum:

http://www.juniper.net/company/communities/

• Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/

Toverify serviceentitlementbyproduct serial number, useourSerialNumberEntitlement

(SNE) Tool located at https://tools.juniper.net/SerialNumberEntitlementSearch/.

Opening a Casewith JTAC

You can open a case with JTAC on theWeb or by telephone.

• Use the Case Management tool in the CSC at http://www.juniper.net/cm/ .

• Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).

For international or direct-dial options in countries without toll-free numbers, visit us at

http://www.juniper.net/support/requesting-support.html .

If you are reporting a hardware or software problem, issue the following command from

the CLI before contacting support:

user@host> request support information | save filename

To provide a core file to Juniper Networks for analysis, compress the file with the gzip

utility, rename the file to include your company name, and copy it to

ftp.juniper.net/pub/incoming. Then send the filename, along with software version

information (the output of the show version command) and the configuration, to

[email protected]. For documentation issues, fill out the bug report form located at

https://www.juniper.net/cgi-bin/docbugreport/.


Requesting Technical Support

http://www.juniper.net/support/warranty/

http://www.juniper.net/customers/support/

http://www2.juniper.net/kb/

http://www.juniper.net/techpubs/

http://kb.juniper.net/

http://www.juniper.net/customers/csc/software/

http://kb.juniper.net/InfoCenter/

http://www.juniper.net/company/communities/

http://www.juniper.net/cm/

https://tools.juniper.net/SerialNumberEntitlementSearch/

http://www.juniper.net/cm/

http://www.juniper.net/support/requesting-support.html

http://www.juniper.net/support/requesting-support.html

mailto:[email protected]

https://www.juniper.net/cgi-bin/docbugreport/

Revision History

20March 2014—Revision 5, Junos OS Release 13.3R1– EX Series, M Series, MX Series,

PTX Series, and T Series.

27 February 2014—Revision 4, Junos OS Release 13.3R1– EX Series, M Series, MX Series,


6 February 2014—Revision 3, Junos OS Release 13.3R1– EX Series, M Series, MX Series,


30 January 2014—Revision 2, Junos OS Release 13.3R1– EX Series, M Series, MX Series,


23 January 2014—Revision 1, Junos OS Release 13.3R1– EX Series, M Series, MX Series,


Copyright © 2014, Juniper Networks, Inc. All rights reserved.

Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the UnitedStates and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All othertrademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,transfer, or otherwise revise this publication without notice.



junos os 13.3 release notes - juniper networks · · 2017-02-032014-03-20 · · support for bmp...

Documents