junos os 13.3 release notes - juniper networks · · 2017-02-032014-03-20 · · support for bmp...
TRANSCRIPT
JUNOS OS 13.3RELEASE NOTES
®
· Layer 3 VPN egress protection with RSVP and LDP (M Series, MX Series, and T Series)
· Support for BMP version 3 (M Series, MX Series, and T Series)
· sFlow technology (EX9200)
· MLD snooping (EX9200)
· OpenFlow v1.0 (EX9200, MX80, MX240, MX480, and MX960)
· Nonstop active routing support for BGP addpath
· Software feature support (MX104)
· External BITS timing (MX2020)
· Virtual Chassis support for multichassis link aggregation (MX Series)
· Autoinstallation of satellite devices in a JNU group
· Support for active flow monitoring version 9 (PTX5000)
· Bidirectional PIM support (PTX5000)
· Unified ISSU support for the 100-Gbps DWDM OTN PIC (PTX5000)
· Support for strict-priority scheduling (PTX Series)
· Nonstop active routing support for logical systems (MX Series and PTX Series)
· Support for configuring interface alias names (PTX Series)
· Support for mixed-rate mode (T4000 and TX Matrix Plus with 3D SIBs)
NEW SOFTWARE FEATURES
INSIDE THIS RELEASESupported on EX Series, M Series, MX Series, PTX Series, and T Series
RECENTLY RELEASED DOCUMENTATION
· NCE—Configuring a Dual Stack That Uses DHCPv6 IA_NA and DHCPv6 Prefix Delegation over PPPoE
· NCE—Configuring a Dual Stack That Uses NDRA and DHCPv6 Prefix Delegation over PPPoE
· Getting Started Guide for Routing Devices
NEW DEVICES AND MODULES
· Enhanced 20-port Gigabit Ethernet MIC (MX Series)
· MIC Support on MX104 Router
· MIC Support on MPC3E
· 2-port 100-Gigabit DWDM OTN PIC (PTX3000)
http://juniper.net/documentation
Copyright © 2014, Juniper Networks, Inc.ii
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
Release Notes: Junos®OS Release 13.3R1
for the EX Series, M Series, MX Series,
PTX Series, and T Series
20March 2014
Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Junos OS Release Notes for EX Series Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
New and Changed Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
OpenFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Changes in Behavior and Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
User Interface and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Known Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
OpenFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Known Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Layer 3 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
OpenFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Software Installation and Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Spanning-Tree Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Documentation Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Migration, Upgrade, and Downgrade Instructions . . . . . . . . . . . . . . . . . . . . . . 10
Upgrade and Downgrade Support Policy for Junos OS Releases . . . . . . . 10
1Copyright © 2014, Juniper Networks, Inc.
Product Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Hardware Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Junos OS Release Notes for M Series Multiservice Edge Routers, MX Series 3D
Universal Edge Routers, and T Series Core Routers . . . . . . . . . . . . . . . . . . . . . 13
New and Changed Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Class of Service (CoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
General Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
High Availability (HA) and Resiliency . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Layer 2 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
MPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
OpenFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Routing Policy and Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Services Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Software Installation an and Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Subscriber Management and Services . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Changes in Behavior and Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Services Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Software Installation and Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Subscriber Management and Services . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
User Interface and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Known Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Subscriber Management and Services . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Known Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Forwarding and Sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
General Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
High Availability (HA) and Resiliency . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Internet Protocol Security (IPsec) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
J-Web . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Layer 2 Ethernet Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
MPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Platform and Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Services Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Subscriber Management and Services . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
User Interface and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Copyright © 2014, Juniper Networks, Inc.2
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Documentation Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Dynamic Firewall Feature Guide for Subscriber Services . . . . . . . . . . . . 48
Junos Address-Aware Carrier-Grade NAT and IPv6 Feature Guide . . . . . 49
Subscriber Access Configuration Guide . . . . . . . . . . . . . . . . . . . . . . . . . . 49
VPWS Feature Guide for Routing Devices . . . . . . . . . . . . . . . . . . . . . . . . 49
Migration, Upgrade, and Downgrade Instructions . . . . . . . . . . . . . . . . . . . . . . 49
Basic Procedure for Upgrading to Release 13.3 . . . . . . . . . . . . . . . . . . . . 50
Upgrade and Downgrade Support Policy for Junos OS Releases . . . . . . 52
Upgrading a Router with Redundant Routing Engines . . . . . . . . . . . . . . . 52
Upgrading Juniper Network Routers Running Draft-Rosen Multicast
VPN to Junos OS Release 10.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Upgrading the Software for a Routing Matrix . . . . . . . . . . . . . . . . . . . . . . 54
Upgrading Using ISSU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Upgrading from Junos OS Release 9.2 or Earlier on a Router Enabled
for Both PIM and NSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Downgrading from Release 13.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Changes Planned for Future Releases . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Product Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Hardware Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Junos OS Release Notes for PTX Series Packet Transport Routers . . . . . . . . . . . . 59
New and Changed Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Class of Service (CoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
General Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
High Availability (HA) and Resiliency . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Netwok Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Software Installation and Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Changes in Behavior and Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
User Interface and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Known Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
General Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
MPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
VLAN Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Documentation Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
VPWS Feature Guide for Routing Devices . . . . . . . . . . . . . . . . . . . . . . . . 67
Migration, Upgrade, and Downgrade Instructions . . . . . . . . . . . . . . . . . . . . . . 67
Upgrading Using ISSU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Upgrading a Router with Redundant Routing Engines . . . . . . . . . . . . . . 68
Basic Procedure for Upgrading to Release 13.3 . . . . . . . . . . . . . . . . . . . . 68
Product Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Hardware Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
3Copyright © 2014, Juniper Networks, Inc.
Third-Party Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Finding More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Opening a Case with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Revision History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Copyright © 2014, Juniper Networks, Inc.4
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
Introduction
Junos OS runs on the following Juniper Networks®hardware: ACX Series, EX Series, J
Series, M Series, MX Series, PTX Series, QFabric, QFX Series, SRX Series, and T Series.
These release notes accompany Junos OS Release 13.3R1 for the EX Series, M Series, MX
Series, PTX Series, and T Series. They describe new and changed features, limitations,
and known and resolved problems in the hardware and software.
Junos OS Release Notes for EX Series Switches
These releasenotes accompany JunosOSRelease 13.3R1 for theEXSeries. Theydescribe
newandchanged features, limitations, andknownand resolvedproblems in thehardware
and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation
webpage, located at http://www.juniper.net/techpubs/software/junos/.
• New and Changed Features on page 5
• Changes in Behavior and Syntax on page 7
• Known Behavior on page 8
• Known Issues on page 8
• Documentation Updates on page 10
• Migration, Upgrade, and Downgrade Instructions on page 10
• Product Compatibility on page 11
New and Changed Features
This section describes the new features and enhancements to existing features in Junos
OS Release 13.3R1 for the EX Series.
• Hardware
• Infrastructure
• Multicast
• NetworkManagement andMonitoring
• OpenFlow
5Copyright © 2014, Juniper Networks, Inc.
Introduction
Hardware
• Extended cablemanager for EX9214 switches—An extended cable manager is nowavailable for EX9214 switches. The extended cablemanager allows you to route cables
away from the front of the line cards and Switch Fabric modules and provides easier
access to the switch than the standard cable manager. To obtain the extended cable
manager, order the MX960 Enhanced Cable Manager, ECM-MX960. (Note that
installation of the extended cable manager must be done by a Juniper-authorized
technician and that the service cost is in addition to the component cost.) SeeMX960
Cable Manager Description .
Infrastructure
• Support for IPv6 forTACACS+authentication (EX9200)—StartingwithRelease 13.3,Junos OS supports IPv6 along with the existing IPv4 support for user authentication
using TACACS+ servers.
Multicast
• MLD snooping on EX9200 switches—EX9200 switches support MLD snooping.Multicast Listener Discovery (MLD) snooping constrains the flooding of IPv6multicast
traffic on VLANs on a switch. When MLD snooping is enabled on a VLAN, the switch
examinesMLDmessages between hosts andmulticast routers and learnswhich hosts
are interested in receiving traffic for a multicast group. Based on what it learns, the
switch then forwards multicast traffic only to those interfaces in the VLAN that are
connected to interested receivers instead of flooding the traffic to all interfaces. You
configure MLD snooping at either the [edit protocols] hierarchy level or the [edit
routing-instances routing-instance-name protocols] hierarchy level. See Understanding
MLD Snooping.
NetworkManagement andMonitoring
• sFlowtechnologyonEX9200switches—EX9200switchessupportsFlowtechnology,a monitoring technology for high-speed switched or routed networks. The sFlow
monitoring technology randomly samples network packets and sends the samples to
amonitoring station. You can configure sFlow technology on an EX9200 switch to
continuously monitor traffic at wire speed on all interfaces simultaneously. The sFlow
technology is configuredat the[editprotocolssflow]hierarchy level. SeeUnderstanding
How to Use sFlow Technology for Network Monitoring on an EX Series Switch.
OpenFlow
• Support for OpenFlow v1.0—Starting with Junos OS Release 13.3, EX9200 switchessupport OpenFlow v1.0. You use the OpenFlow remote controller to control traffic in
an existing network by adding, deleting, andmodifying flows on switches. You can
configure oneOpenFlow virtual switch and one activeOpenFlow controller at the [edit
protocols openflow] hierarchy level on each device running Junos OS that supports
OpenFlow. See Understanding Support for OpenFlow on Devices Running Junos OS.
Copyright © 2014, Juniper Networks, Inc.6
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
RelatedDocumentation
Changes in Behavior and Syntax on page 7•
• Known Behavior on page 8
• Known Issues on page 8
• Documentation Updates on page 10
• Migration, Upgrade, and Downgrade Instructions on page 10
• Product Compatibility on page 11
Changes in Behavior and Syntax
This section lists the changes in behavior of JunosOS features and changes in the syntax
of Junos OS statements and commands from Junos OS Release 13.3R1 for the EX Series.
• User Interface and Configuration on page 7
User Interface and Configuration
• Change in show version command output on EX9200 switches—Beginning in JunosOS Release 13.3, the show version command output includes the new Junos field that
displays the Junos OS version running on the device. This new field is in addition to the
list of installed sub-packages running on the device that also display the Junos OS
version number of those sub-packages. This field provides a consistent means of
identifying the Junos OS version, rather than extracting that information from the list
of installed sub-packages. In the future, the list of sub-packages might not be usable
for identifying the JunosOS version running on the device. This change in outputmight
impact existing scripts that parse information from the show version command.
In Junos OS Release 13.2 and earlier, the show version command does not have the
single Junos field in theoutput thatdisplays the JunosOSversion runningon thedevice.
The only way to determine the Junos OS version running on the device is to review the
list of installed sub-packages.
Junos OS Release 13.3 and Later ReleasesWith the JunosField
Junos OS Release 13.2 and Earlier ReleasesWithout theJunos Field
user@switch> show versionHostname: lab Model: ex9208 Junos: 13.3R1.4JUNOS Base OS boot [13.3R1.4] JUNOS Base OS Software Suite [13.3R1.4] JUNOS Kernel Software Suite [13.3R1.4]JUNOS Crypto Software Suite [13.3R1.4]...
user@switch> show versionHostname: lab Model: ex9208 JUNOS Base OS boot [12.3R2.5]JUNOS Base OS Software Suite [12.3R2.5]JUNOS Kernel Software Suite [12.3R2.5]JUNOS Crypto Software Suite [12.3R2.5]...
• User-defined identifiersusingthereservedprefix junos-nowcorrectlycauseacommiterror in theCLI—JunosOS reserves theprefix junos- for the identifiers of configurationsdefinedwithin the junos-defaults configuration group. User-defined identifiers cannot
startwith the string junos-. If you configureduser-defined identifiers using the reserved
prefix through a NETCONF or Junos XML protocol session, the commit would correctly
7Copyright © 2014, Juniper Networks, Inc.
Changes in Behavior and Syntax
fail. Prior to Junos OS Release 13.3, if you configured user-defined identifiers through
the CLI using the reserved prefix, the commit would incorrectly succeed. Junos OS
Release 13.3R1 and later releases now exhibit the correct behavior. Configurations that
currently contain the reserved prefix for user-defined identifiers other than
junos-defaults configuration group identifiers will now correctly result in a commit
error in the CLI.
RelatedDocumentation
New and Changed Features on page 5•
• Known Behavior on page 8
• Known Issues on page 8
• Documentation Updates on page 10
• Migration, Upgrade, and Downgrade Instructions on page 10
• Product Compatibility on page 11
Known Behavior
This section lists known behaviors, systemmaximums, and limitations in hardware and
software in Junos OS Release 13.3R1 for the EX Series.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
• OpenFlow
OpenFlow
• OnEX9200switches, configurationofa firewall filteronanOpenFlow-enabled interface
is not supported.
RelatedDocumentation
New and Changed Features on page 5•
• Changes in Behavior and Syntax on page 7
• Known Issues on page 8
• Documentation Updates on page 10
• Migration, Upgrade, and Downgrade Instructions on page 10
• Product Compatibility on page 11
Known Issues
This section lists the known issues in hardware and software in Junos OS Release 13.3R1
for the EX Series.
Copyright © 2014, Juniper Networks, Inc.8
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
• Interfaces and Chassis
• Layer 3 Features
• Multicast
• NetworkManagement andMonitoring
• OpenFlow
• Software Installation and Upgrade
• Spanning-Tree Protocols
Interfaces and Chassis
• On EX9200 switches, an LLDP neighbor might not be formed for Layer 3-tagged
interfaces even though peer switches are able to form the neighbor. PR848721
Layer 3 Features
• On EX9200 switches, BFD on IRB interfaces flaps if BFD is configured for subsecond
timers. PR844951
• If you rebootanEX9200switchwith the factorydefault settingand roll back the system
configuration, sometimes the IS-IS sync state in the show task replication command
output might be shown as Not Started. PR868623
Multicast
• If you configure a large number of PIM source-specific multicast (SSM) groups on an
EX9200switch, the switchmight experienceperiodic IPv6 traffic loss. Asaworkaround,
configure the pim-join-prune-timeout value on the last-hop router as 250 seconds.
PR853586
NetworkManagement andMonitoring
• OnEX9200switches, even if youconfigureanegress sampling rate for sFlowmonitoring
technology, the switch uses the ingress sampling rate instead. PR686002
OpenFlow
• OnEX9200switches, aBGPsessionmight flapwhenanOpenFlow interface is receiving
line-rate traffic and the traffic is notmatching any rule, and therefore thedefault action
of packet-in is applied. PR892310
• OnEX9200 switches,minormemory leaksmight occur if you add anddelete the same
multi-VLAN flow on the order of 100,000 such add and delete operations. PR905620
9Copyright © 2014, Juniper Networks, Inc.
Known Issues
Software Installation and Upgrade
• When you are upgrading the software on an EX9200 switch, the following warning
messagemight be displayed: Could not open requirements file for jroute-ex:
/etc/db/pkg/jroute-ex/+REQUIRE. PR924106
Spanning-Tree Protocols
• OnEX9200switches,BPDUblockingdoesnotworkon40-gigabit interfaces.PR861293
RelatedDocumentation
New and Changed Features on page 5•
• Changes in Behavior and Syntax on page 7
• Known Behavior on page 8
• Documentation Updates on page 10
• Migration, Upgrade, and Downgrade Instructions on page 10
• Product Compatibility on page 11
Documentation Updates
There are no errata or changes in Junos OS Release 13.3R1 for the EX Series switches
documentation.
RelatedDocumentation
New and Changed Features on page 5•
• Changes in Behavior and Syntax on page 7
• Known Behavior on page 8
• Known Issues on page 8
• Migration, Upgrade, and Downgrade Instructions on page 10
• Product Compatibility on page 11
Migration, Upgrade, and Downgrade Instructions
This section contains upgrade and downgrade policies for Junos OS for the EX Series.
Upgrading or downgrading Junos OS can take several hours, depending on the size and
configuration of the network.
• Upgrade and Downgrade Support Policy for Junos OS Releases on page 10
Upgrade and Downgrade Support Policy for Junos OS Releases
Support for upgrades and downgrades that spanmore than three Junos OS releases at
a time is not provided, except for releases that are designated as Extended End-of-Life
(EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can
upgrade directly from one EEOL release to the next EEOL release, even though EEOL
releases generally occur in increments beyond three releases.
Copyright © 2014, Juniper Networks, Inc.10
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
You can upgrade or downgrade to the EEOL release that occurs directly before or after
the currently installed EEOL release, or to twoEEOL releases before or after. For example,
JunosOSReleases 10.0, 10.4, and 11.4 are EEOL releases. You can upgrade from JunosOS
Release 10.0 toRelease 10.4 or even from JunosOSRelease 10.0 toRelease 11.4. However,
you cannot upgrade directly from a non-EEOL release that is more than three releases
ahead or behind. For example, you cannot directly upgrade from Junos OS Release 10.3
(a non-EEOL release) to Junos OS Release 11.4 or directly downgrade from Junos OS
Release 11.4 to Junos OS Release 10.3.
To upgrade or downgrade fromanon-EEOL release to a releasemore than three releases
before or after, first upgrade to the next EEOL release and then upgrade or downgrade
from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see
http://www.juniper.net/support/eol/junos.html .
For information on software installation and upgrade, see the Installation and Upgrade
Guide.
RelatedDocumentation
New and Changed Features on page 5•
• Changes in Behavior and Syntax on page 7
• Known Behavior on page 8
• Known Issues on page 8
• Documentation Updates on page 10
• Product Compatibility on page 11
Product Compatibility
• Hardware Compatibility on page 11
Hardware Compatibility
To obtain information about the components that are supported on the devices, and
special compatibility guidelineswith the release, see theHardwareGuide for theproduct.
Todetermine the features supportedonEXSeries switches in this release, use the Juniper
Networks Feature Explorer, a Web-based application that helps you to explore and
compare Junos OS feature information to find the right software release and hardware
platform for your network. Find Feature Explorer at:
http://pathfinder.juniper.net/feature-explorer/
RelatedDocumentation
New and Changed Features on page 5•
• Changes in Behavior and Syntax on page 7
• Known Behavior on page 8
• Known Issues on page 8
• Documentation Updates on page 10
11Copyright © 2014, Juniper Networks, Inc.
Product Compatibility
• Migration, Upgrade, and Downgrade Instructions on page 10
Copyright © 2014, Juniper Networks, Inc.12
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
JunosOSReleaseNotesforMSeriesMultiserviceEdgeRouters,MXSeries3DUniversalEdge Routers, and T Series Core Routers
These release notes accompany Junos OS Release 13.3R1 for the M Series, MX Series,
and T Series. They describe new and changed features, limitations, and known and
resolved problems in the hardware and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation
webpage, located at http://www.juniper.net/techpubs/software/junos/.
• New and Changed Features on page 13
• Changes in Behavior and Syntax on page 35
• Known Behavior on page 41
• Known Issues on page 42
• Documentation Updates on page 48
• Migration, Upgrade, and Downgrade Instructions on page 49
• Product Compatibility on page 57
New and Changed Features
This section describes the new features and enhancements to existing features in Junos
OS Release 13.3R1 for the M Series, MX Series, and T Series.
• Hardware on page 14
• Class of Service (CoS) on page 15
• General Routing on page 17
• High Availability (HA) and Resiliency on page 18
• Interfaces and Chassis on page 19
• Layer 2 Features on page 26
• Multicast on page 26
• MPLS on page 26
• Network Management and Monitoring on page 26
• OpenFlow on page 27
• Port Security on page 27
• Routing Policy and Firewall Filters on page 28
• Routing Protocols on page 28
• Services Applications on page 28
• Software Installation an and Upgrade on page 29
• Subscriber Management and Services on page 29
• VPNs on page 34
13Copyright © 2014, Juniper Networks, Inc.
Junos OS Release Notes for M Series Multiservice Edge Routers, MX Series 3D Universal Edge Routers, and T Series Core Routers
Hardware
• MIC support (MX104)—Junos OS Release 13.3 and later releases extend support tothe following MICs on the MX104:
• 10-Gigabit Ethernet MICs with XFP (Model No: MIC-3D-2XGE-XFP)
• ATMMICwith SFP (Model No: MIC-3D-8OC3-2OC12-ATM)
• SONET/SDHOC3/STM1 (Multi-rate) MICs with SFP (Model No:
MIC-3D-4OC3OC12-10C48)
• SONET/SDHOC3/STM1 (Multi-rate) MICs with SFP (Model No:
MIC-3D-8OC3OC12-4OC48)
• Tri-Rate MIC (MIC-3D-40GE-TX)
[SeeMICs Supported by MX Series Routers.]
• Support forMICs onMPC3E (MX240,MX480, andMX960)—The followingMICs arenow supported on the MPC3E (MX-MPC3E-3D):
• SONET/SDHOC3/STM1 (Multi-Rate) MICs with SFP (MIC-3D-8OC3OC12-4OC48)
• SONET/SDHOC3/STM1 (Multi-Rate) MICs with SFP (MIC-3D-4OC3OC12-1OC48)
• SONET/SDHOC192/STM64MIC with XFP (MIC-3D-1OC192-XFP)
• DS3/E3 MIC (MIC-3D-8DS3-E3)
The following encapsulations are supported on the aforementioned MICs on MPC3E:
• Cisco High-Level Data Link Control (cHDLC)
• Flexible Frame Relay
• Frame Relay
• Frame Relay for circuit cross-connect (CCC)
• Frame Relay for translational cross-connect (TCC)
• MPLS fast reroute
• MPLS CCC
• MPLS TCC
• Point-to-Point Protocol (PPP) (default)
• PPP for CCC
• PPP for TCC
• PPP over Frame Relay
[SeeMPC3E onMX Series Routers Overview.]
• CFP-GEN2-CGE-ER4 (MX Series, T1600, and T4000)—The CFP-GEN2-CGE-ER4transceiver (part number: 740-049763) provides a duplex LC connector and supports
the 100GBASE-ER4 optical interface specification andmonitoring. Starting in Junos
Copyright © 2014, Juniper Networks, Inc.14
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
OSRelease 13.3, the “GEN2”opticshavebeen redesignedwithnewer versionsof internal
components for reducedpower consumption.The following interfacemodules support
the CFP-GEN2-CGE-ER4 transceiver. For more information about interface modules,
see the Interface Module Reference for your router.
MX Series routers:
• 100-Gigabit Ethernet MIC with CFP (model number:
MIC3-3D-1X100GE-CFP)—Supported in Junos OS Release 12.1R1 and later
• 2x100GE + 8x10GEMPC4E (model number: MPC4E-3D-2CGE-8XGE)—Supported
in Junos OS Release 12.3R2 and later
T1600 and T4000 routers:
• 100-Gigabit Ethernet PIC with CFP (model numbers: PD-1CE-CFP-FPC4 and
PD-1CGE-CFP)—Supported in Junos OS Releases 12.3R5, 13.2R3, 13.3R1, and later
[See 100-Gigabit Ethernet 100GBASE-R Optical Interface Specifications.]
• SFP-GE80KCW1470-ET, SFP-GE80KCW1490-ET, SFP-GE80KCW1510-ET,SFP-GE80KCW1530-ET, SFP-GE80KCW1550-ET, SFP-GE80KCW1570-ET,SFP-GE80KCW1590-ET, and SFP-GE80KCW1610-ET (MX Series)—Beginning withJunos OS Release 13.3, these transceivers provide a duplex LC connector and support
operationandmonitoringwith linksup toadistanceof80km.Each transceiver is tuned
to a different transmit wavelength for use in CWDM applications. These transceivers
are supported on the following interfacemodule. Formore information about interface
modules, see the Interface Module Reference for your router.
• Gigabit Ethernet MIC with SFP (model number: MIC-3D-20GE-SFP) in all versions
of MX-MPC1, MX-MPC2, and MX-MPC3—Supported in Junos OS Release 12.3R5,
13.2R3, 13.3R1, and later.
[See Gigabit Ethernet SFP CWDMOptical Interface Specification]
• CFP-GEN2-100GBASE-LR4 (T1600 and T4000)—The CFP-GEN2-100GBASE-LR4transceiver (part number: 740-047682) provides a duplex LC connector and supports
the 100GBASE-LR4 optical interface specification andmonitoring. Starting in Junos
OSRelease 13.3, the “GEN2”opticshavebeen redesignedwithnewer versionsof internal
components for reducedpower consumption.The following interfacemodules support
the CFP-GEN2-100GBASE-LR4 transceiver. For more information about interface
modules, see the Interface Module Reference for your router.
• 100-Gigabit Ethernet PIC with CFP (model numbers: PD-1CE-CFP-FPC4 and
PD-1CGE-CFP)—Supported in Junos OS Releases 12.3R5, 13.2R3, 13.3R1, and later
[See 100-Gigabit Ethernet 100GBASE-R Optical Interface Specifications.]
Class of Service (CoS)
• CCCandTCCsupportonFRF.15,FRF.16,andMLPPP interfaces(MXSeries)—Startingwith Release 13.3, Junos OS supports Circuit Cross Connect (CCC) and Translational
Cross Connect (TCC) over Multilink Frame Relay (MLFR) UNI NNI (FRF.16) interface
and TCC over Multilink Frame Relay (MLFR) end-to-end (FRF.15) and Multilink
15Copyright © 2014, Juniper Networks, Inc.
New and Changed Features
Point-to-Point Protocol (MLPPP) interfaces. You can implement the cross-connect
over anMPLSnetworkor a local-switchednetwork.Whenyouconfigure cross-connect
over these interfaces, thepeer interfacecanbeofanyof the interface types that support
cross-connect.
To configure CCC over FRF.16/MFR interfaces, include the following statements under
the [edit interfaces interface-name unit number] hierarchy level:
family ccc {translate-discard-eligible;translate-fecn-and-becn;translate-plp-control-word-de;no-asynchronous-notification;
}
To configure TCC over FRF.15/MLFR, FRF.16/MFR, or MLPPP interfaces, include the
followingconfigurationunder the [edit interfaces interface-nameunitnumber]hierarchy
level:
family tcc {protocols [inet isompls];no-asynchronous-notification;
}
To complete CCC or TCC configurations over the multilink Frame Relay interfaces, you
must also specify the interface name under one of the following hierarchies:
• [edit protocols l2circuit neighbor ip-address] if the switching is done over a Layer 2
circuit.
• [edit protocols connections remote-interface-switch remote-if-sw] if the switching
is done over a remote interface switch.
• [edit protocols connections interface-switch local-if-switch] if the switching is done
using a local switch.
• Support for IPv6 traffic over IPsec tunnels onMS-MICs andMS-MPCs (MXSeries)—Starting with Release 13.3, Junos OS extends IPsec support on MS-MICs andMS-MPCs to IPv6 traffic. IPsec support on MS-MICs and MS-MPCs is limited to the
ESP protocol, and now enables you to configure IPv4 and IPv6 tunnels that can carry
IPv6 as well as IPv4 traffic. To enable IPv6 traffic over an IPsec tunnel, configure an
IPv6 address for the local-gateway statement under the [edit services service-set
service-set-name ipsec-vpn-options] hierarchy level.
• CoS show command enhancements (MX Series)—Starting in Release 13.3, Junos OSextendssupport forCoS showcommandswith theadditionof the showclass-of-service
scheduler-hierarchy interfaceand showclass-of-servicescheduler-hierarchy interface-set
commands. These commands display subscriber class-of-service interface and
interface-set information.
[See show class-of-service scheduler-hierarchy interface and show class-of-service
scheduler-hierarchy interface-set.]
• Traffic schedulingandshaping support forGRE tunnel interfaceoutputqueues (MXSeries)—Beginning with Junos OS Release 13.3, you canmanage output queuing oftraffic entering GRE tunnel interfaces hosted on MIC or MPC line cards in MX Series
Copyright © 2014, Juniper Networks, Inc.16
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
routers. Support for the output-traffic-control-profile configuration statement, which
applies an output traffic scheduling and shaping profile to the interface, is extended
to GRE tunnel physical and logical interfaces. Support for the
output-traffic-control-profile-remaining configuration statement, which applies an
output traffic scheduling and shaping profile for remaining traffic to the interface, is
extended to GRE tunnel physical interfaces.
NOTE: Interface sets (sets of interfaces used to configure hierarchical CoSschedulers on supported Ethernet interfaces) are not supported on GREtunnel interfaces.
[See Configuring Traffic Control Profiles for Shared Scheduling and Shaping.]
General Routing
• Nonstop active routing support for logical systems (MX Series)—Starting in Junos
OSRelease 13.3, this featureenablesnonstopactive routing support for logical systems
using the nonstop-routing option under the [edit logical-systems logical-system-name
routing-options] hierarchy. As a result of extending nonstop active routing support for
logical systems, the logical-systems argument has been appended in some show
operational commands to allow display of status, process, and event details.
• Nonstopactive routing formultipoint labeldistributionprotocol (MSeries,MXSeries,and T Series)—Starting in Junos OS Release 13.3, this feature enables nonstop active
routing for the multipoint label distribution protocol, using the nonstop-routing option
at the [edit routing-options] hierarchy level. Themultipoint label distribution protocol
state, event, and process details can be viewed using the p2mp-nsr-synchronization
flag under trace-options.
[See p2mp-ldp-next-hop.]
The showldpdatabasecommanddisplays theentries in theLabelDistributionProtocol
(LDP) database for master and standby Routing Engines.
[See show ldp database.]
Theshowldpp2mptunnelcommanddisplays theLDPpoint-to-multipoint tunnel table
information.
[See show ldp p2mp tunnel.]
17Copyright © 2014, Juniper Networks, Inc.
New and Changed Features
High Availability (HA) and Resiliency
• MXSeries Virtual Chassis support for multichassis link aggregation (MX Seriesrouters with MPCs)—Starting in Junos OS Release 13.3, an MX Series Virtual Chassissupports configuration of multichassis link aggregation (MC-LAG). MC-LAG enables
a device to form a logical link aggregation group interface with two or more other
devices. The MC-LAG devices use the Inter-Chassis Communication Protocol (ICCP)
to exchange control information between twoMC-LAG network devices.
When you configure MC-LAGwith an MX Series Virtual Chassis, the link aggregation
group spans links to two Virtual Chassis configurations. Each Virtual Chassis consists
of two MX Series member routers that form a logical systemmanaged as a single
network element. ICCP exchanges control information between the global master
router (VC-M) of the first Virtual Chassis and the VC-M of the second Virtual Chassis.
NOTE: Internet GroupManagement Protocol (IGMP) snooping is notsupported onMC-LAG interfaces in an MX Series Virtual Chassis.
[See Configuring Multichassis Link Aggregation.]
• Software feature support (MX104)—Junos OS Release 13.3 or later extends supportfor the following software features on the MX104 3D Universal Edge Routers:
• IP features—IPv6ProviderEdge(6PE),AccessNodeControlProtocol (ANCP),DHCP
snooping, DHCPOption-82, Multicast Listener Discovery (MLD), and Domain Name
System (DNS).
• MPLS features—MPLS Transport Profile (MPLS-TP), ATM Single Cell Relay over
MPLS (CRoMPLS) VCMode, Generalized MPLS (GMPLS), and VPNv6.
• Multicast features—Distance VectorMulticast Routing Protocol (DVMRP), Multicast
Listener Discovery (MLD), Multicast Listener Discovery (MLD) Snooping, draft
rosen-multicast VPNs, Multicast version 6, and DHCPv6.
• Layer 2 features—Virtual Chassis, 802.1ag threshold negotiation, 802.1X, and Media
Access Control Security (MACsec).
• Resiliency features—Lawful intercept, Inline J-Flow, dynamic ARP inspection (DAI),
reception of dying-gasp protocol data units (PDU), DHCP snooping for port security,
and nonstop active routing (NSR).
[See Protocols and Applications Supported by MX104 Routers.]
• TCPauto-merge support in nonstop active routing for short duration hold timers forprotocols (BGP, LDP) (kernel) (M Series, MX Series, and T Series)—Beginning withJunosOSRelease 13.3, TCPauto-merge support in nonstopactive routing for protocols
(BGP, LDP) (kernel) is enabledon theMSeries,MXSeries, andTSeries.Nonstopactive
routing automerge is one of the kernel components of the socket replication. On
switchover, this componentmerges the socket pairs automatically from the secondary
to the primary Routing Engine. Currently, nonstop active routing switchover from
secondary to primary happenswhen rpd issues amerge call for each secondary socket
pair tomerge them to a single socket, which could result in a delay. To avoid this delay,
Copyright © 2014, Juniper Networks, Inc.18
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
this feature introducesanautomergemodule in thekernel thatdecouples thesecondary
socket merge from rpd and automatically merges secondary sockets on switchover
so that the rpd high priority thread takes advantage of this and generates faster
keep-alive to sustain TCP connections on switchover.
• Nonstop active routing support for BGP addpath (M Series, MX Series, and TSeries)—Beginning in Junos OS Release 13.3, nonstop active routing support for BGPaddpath is available on the M Series, MX Series, and T Series. Nonstop active routing
support is enabled for the BGP addpath feature. After the nonstop active routing
switchover, addpath-enabled BGP sessions do not bounce. The secondary Routing
Engine maintains the addpath advertisement state before the nonstop active routing
switchover.
• Inter-chassis high availability provides stateful redundancy (MS-MPC andMS-MICinterface cards onMXSeries routers)—Startingwith Release 13.3, JunosOS supports
stateful high availability (HA) to replicate flow states on an activeMS-MPCorMS-MIC
service card to a standby MS-MPC or MS-MIC service card on a different chassis. This
enables the preservation of the state of the existing flows in case of a planned or
unplanned switchover.
Services to be synchronized statefully include:
• Stateful firewall
• NAT (NAPT44 and APP only)
Both IPv4 and IPv6 sessions are synchronized.
Synchronizationoccurs for long-lived flowsasdefinedbyaconfigurable synchronization
threshold.
[See Inter-Chassis High Availability for MS-MIC andMS-MPC.]
• Support for unified-in-service software upgrade onMX Series routers with MPC3andMPC4E (MX240, MX480, andMX960)—Supports unified-in-service softwareupgrade (unified ISSU) on MX Series routers with MPC3 and MPC4E. Unified ISSU is
a process to upgrade the system software with minimal disruption of transit traffic
andnodisruptionof the control plane. In this process, thenewsystemsoftware version
must be later than the version of the previous system software. When unified ISSU
completes, the new system software state is identical to that of the system software
when the system upgrade is performed through a cold boot.
Interfaces and Chassis
• Transmit ESMC SSMquality level from synchronous Ethernetmode (MXSeries)—Starting in Junos OS Release 13.3, when an MX Series Router is configured insynchronous Ethernet mode, the ESMC SSM quality level can be transmitted. The setchassis synchronizationmax-transmit-quality-level command sets a thresholdquality level for the entire system.
• Ethernet frame padding with VLAN (DPCs andMPCs running onMX Seriesrouters)—Starting in JunosOSRelease 13.3, DPCs andMPCs onMXSeries routers padthe Ethernet frame with 68 bytes if the packet is VLAN tagged and the frame length
is less than68bytesandgreater thanor equal to64bytesat theegressof the interface.
19Copyright © 2014, Juniper Networks, Inc.
New and Changed Features
• PTP redundancy support for line cards (MX Series andMSeries)—Beginning withJunos OS Release 13.3, line cards on MX Series and M Series routers support slave
redundancy. If multiple slave streams are configured across line cards and the active
slave line card crashes or all of the streams on that line card lose their timing packets,
another slave line card will take over if it has been primed to do so.
• Increased Layer 3 forwarding capabilities forMPCs andMultiservicesDPCs throughFIB localization(MXSeries)—Starting in JunosOSRelease 13.3, forwarding informationbase (FIB) localization characterizes the Packet Forwarding Engines in a router into
two types: FIB-Remote and FIB-Local. FIB-Local Packet Forwarding Engines install all
of the routes from the default route tables into Packet Forwarding Engine forwarding
hardware. FIB-Remote Packet Forwarding Engines create a default (0.0) route that
referencesanexthoporaunilist ofnexthops to indicate theFIB-Local that canperform
full IP table looks-ups for received packets. FIB-Remote Packet Forwarding Engines
forward received packets to the set of FIB-Local Packet Forwarding Engines.
The capacity of MPCs is much higher than that of Multiservices DPCs, so an MPC is
designatedas the localPacketForwardingEngine, andaMultiservicesDPC isdesignated
as the remote Packet Forwarding Engine. The remote Packet Forwarding Engine
forwards all network-bound traffic to the local Packet Forwarding Engine. If multiple
MPCs are designated as local Packet Forwarding Engines, then the Multiservices DPC
load balances the traffic using the unilist of next hops as the default route.
• Support for centralized clocking (MX2020)—Before Junos OS Release 13.3, theMX2020 supported SyncE (Synchronous Ethernet) in distributedmode, where the
clock module on a line card would lock to the SyncE source and distribute frequency
references to the entire chassis. Starting in Junos OS Release 13.3, the MX2020 uses
the centralized Stratum 3 clock module on the control board to lock onto SyncE and
distribute the frequency to the entire chassis. Supported features include:
• Clock monitoring, filtering, and holdover
• Hitless transition from a distributed to centralized clocking mode
• Distribution of the selected chassis clock source to downstream network elements
through supported line interfaces
You can view the centralized clock module information with the show chassis
synchronization clock-module command.
NOTE: PrecisionTimeProtocol/IEEE1588continuetooperate indistributedmode.
• Enhancements to commit check processing (M Series andMX Series)—Starting inJunos OS Release 13.3, the processing performance when you issue the commit check
command has been optimized for the following static and dynamic interface types:
• Logical demultiplexing (demux) interfaces (demux0)
• PPPoE logical interfaces (pp0)
• Inline services interfaces (si)
Copyright © 2014, Juniper Networks, Inc.20
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
The improved performance for commit check enables the overall commit operation to
complete fasterwhennewdemux0,pp0, or si interfacesareadded to theconfiguration.
• Support for ATM virtual connectionmultiplexing and LLC encapsulation (MXSeries)—Starting in Junos OS Release 13.3, ATM virtual connection (VC) multiplexing
and logical link control (LLC) encapsulation are supported on the Channelized
OC3/STM1 (Multi-Rate) Circuit Emulation MIC with SFP. ATM virtual connection
multiplexing and LLC are the twomethods for identifying the protocol carried in ATM
AdaptationLayer5 (AAL5) frames.Themethodsaredefined inRFC2684,Multiprotocol
Encapsulation over ATM Adaptation Layer 5.
In theATMvirtual connectionmultiplexingmethod, eachATMvirtual connectioncarries
protocol dataunits (PDUs)of exactly oneprotocol type.Whenmultipleprotocols need
to be transported, there is a separate virtual connection for each protocol.
TheLLCencapsulationmethodenablesmultiplexingofmultipleprotocolsoverasingle
ATM virtual connection. The protocol type of each PDU is identified by a prefixed IEEE
802.2 LLC header.
[See ATM Support on Circuit Emulation PICs Overview.]
• Support for MPLS-signaled LSPs to use GRE tunnels (MXSeries)—Starting in JunosOS Release 13.3, MPLS label-switched paths (LSPs) can use generic routing
encapsulation(GRE) tunnels to traverse routingareas, autonomoussystems,and ISPs.
Bridging MPLS LSPs over an intervening IP domain is possible without disrupting the
outlying MPLS domain. This feature is supported on the Channelized OC3/STM1
(Multi-Rate) Circuit Emulation MIC with SFP and is defined in the RFC 4023,
Encapsulating MPLS in IP or Generic Routing Encapsulation (GRE).
[See Configuring MPLS-Signaled LSPs to Use GRE Tunnels.]
• Support for SCBE2 (MX240, MX480, andMX960)—The EnhancedSCB—SCBE2—supports the following features:
• Increased fabric bandwidth per slot
• Improved external clock redundancy
• Dynamic multicast replication only
• GRES
The following scenarios are to be noted when you are using an MX Series router with
an SCBE2:
• Youmust configure the set chassis network-services (enhanced-ip |
enhanced-ethernet) configuration command and reboot the router to bring up the
FPCs on the router. However, after the router reboots, the MS DPC, the MX FPC, and
the ADPC are powered off.
• All the FPCs and DPCs in the router are powered off when you reboot the router
without configuring either the enhanced-ip option or the enhanced-ethernet option
at the [edit chassis network-services] hierarchy level.
• Youmust reboot the router when you configure or delete the enhanced-ip option or
the enhanced-ethernet option at the [edit chassis network-services] hierarchy level.
21Copyright © 2014, Juniper Networks, Inc.
New and Changed Features
[See Centralized Clocking Overview and Network Services Mode Overview.]
• Support for GPS external clock interface on the SCBE (MX240, MX480, andMX960)—Starting with Junos OS Release 13.3, you can configure the EnhancedSCB—SCBE—external clock interface to a GPS timing source, which enables you to
select a GPS external source as the chassis clock source. You can also configure the
external clock interface tooutput either the selectedchassis clock sourceor a recovered
line clock source with GPS timing signals of 1 MHz, 5 MHz, or 10 MHz with 1 pulse per
second (PPS).
[See Centralized Clocking Overview and Understanding Clock Synchronization onMX
Series Routers.]
• Support for mixed-ratemode (T4000 and TXMatrix Plus with 3D SIBs)—Startingwith Junos OS Release 13.3, dual-rate mode or mixed-rate mode for PF-24XGE-SFPP
allows you to configure a mix of port speeds of 1 Gigabit and 10 Gigabit. However, on
PF-12XGE-SFPP, note that youcanconfigureport speedsof either 1Gigabit or 10Gigabit
when the PIC is in line rate mode.
You can enable mixed-rate-mode and set port speeds with themixed-rate-mode
statement and the speed 1G |10G statement, respectively, at the [edit chassis fpc x pic
y] hierarchy level. You can disable themixed-ratemode by using the delete chassis fpc
x pic ymixed-rate-mode statement.
[See Configuring Mixed-Rate Mode Operation.]
• ExtendedMPC support for per-unit schedulers (MX Series)—Junos OS Release 13.3or later enables you toconfigureper-unit schedulerson thenon-queuing 16x10GEMPC,
MPC3E, andMPC4E,meaning you can include the per-unit-scheduler statement at the
[edit interfaces interface name] hierarchy level. When per-unit schedulers are enabled,
you can define dedicated schedulers for the logical interfaces.
Enablingper-unit schedulerson the 16x10GEMPC,MPC3E, andMPC4Eaddsadditional
output to the show interfaces interface name [detail | extensive] command. This
additional output lists themaximumresourcesavailableand thenumberof configured
resources for schedulers.
[See Scheduler Maps and Shaping Rate to DLCIs and VLANs.]
• Provider edge link protection for BGP labeled unicast paths (M Series, MX Series,and T Series)—Starting in Junos OS Release 13.3, a precomputed protection path canbe configured in a Layer 3 VPN such that if a BGP labeled-unicast path between an
edge router in oneASand an edge router in another AS goes down, the protection path
(also known as the backup path) between alternate edge routers in the two ASs can
be used. This is useful in carrier-of-carriers deployments, where a carrier can have
multiple labeled-unicast paths to another carrier. In this case, the protection path
avoids disruption of service if one of the labeled-unicast paths goes down.
[See Understanding Provider Edge Link Protection for BGP Labeled Unicast Paths.]
• Redundant logical tunnels (MXSeries)—Beginningwith JunosOSRelease 13.3, whenyouconnect twodevices through logical tunnels, you cancreateandconfiguremultiple
physical logical tunnels and add them to a virtual redundant logical tunnel to provide
redundancy.
Copyright © 2014, Juniper Networks, Inc.22
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
• License support to activate ports (MX104)—Junos OS Release 13.3 or later extendslicense support for activating the ports on MX104 3D Universal Edge Routers. MX104
routers have four built-in ports. By default, in the absence of any valid licenses, all four
built-in ports are deactivated. The upgrade license model with the feature IDs is
described in Table 1 on page 23.
Table 1: Port LicenseModel for theMX104
FunctionalityFeature NameFeature ID
Ability to activate the first two built-in ports (xe-2/0/0 andxe-2/0/1)
MX104 2X10G Port Activate (0 and 1)F1
Ability to activate the next two built-in ports (xe-2/0/2 andxe-2/0/3)
MX104 2X10G Port Activate (2 and 3)F2
Both features are also provided in a single license key for ease of use. MX104 routers
do not support the graceful license expiry policy.
• Enhanced load-balancing for MIC andMPC interfaces (MX Series)—Starting with
Junos OS Release 13.3, the following load-balancing solutions are supported on
aggregate Ethernet bundles to correct genuine traffic imbalance among themember
links:
• Adaptive—Uses real-time feedbackandcontrolmechanismtomonitor andmanage
traffic imbalances.
• Per-packet random spray — Randomly sprays the packets to the aggregate next
hops to ensure that the next hops are equally loaded, resulting in packet reordering.
TheaggregatedEthernet load-balancing solutionsaremutually exclusive. Toconfigure,
use the adaptive or per-packet statement at the [edit interfaces aex
aggregated-ether-options load-balance] hierarchy level.
[See Example: Configuring Aggregated Ethernet Load Balancing.]
• Support forconfiguring interfacealiasnames—Youcanconfigurea textual descriptionof a logical unit on a physical interface to be the alias of an interface name. Interface
aliasing is supported only at the unit level. If you configure an alias name, the alias
name is displayed instead of the interface name in the output of all show, show
interfaces, and other operational mode commands.Configuring an alias for a logical
unit of an interface has no effect on how the interface on the router or switch operates.
To specify an interface alias, you can use the alias statement at the [edit interfaces
interface-nameunit logical-unit-number], and [edit logical-systems logical-system-name
interfaces interface-name unit logical-unit-number] hierarchy levels.
[See Interface Alias Name Overview.]
• The request support informationcommand(MXSeries)—Starting in JunosOSRelease13.3, when you enter the request support information command with or without the
brief statement, the output includes the showsystemcommit commandoutput,which
displays the commit history and pending commits.
23Copyright © 2014, Juniper Networks, Inc.
New and Changed Features
• Pseudowire logical interfacedeviceMACaddressconfiguration(MXSeries)—Startingin Junos OS Release 13.3, you can configure a MAC address for a pseudowire logical
interface device that is used for subscriber interfaces over point-to-point MPLS
pseudowires. This feature enables you to specify the MAC address of your choice in
situations in which network constraints require the use of an explicit MAC address.
[See Configuring a Pseudowire Subscriber Logical Interface Device.]
• Support for enhanced 20-port Gigabit Ethernet MIC (MX5, MX10, MX40, MX80,MX240,MX480,andMX960)—Starting in JunosOSRelease 13.3, anenhanced20-portGigabit EthernetMIC(modelnumberMIC-3D-20GE-SFP-E) is supportedonMXSeries
routers. This enhancedMIC supports up to 20 SFP optical transceiver modules, which
include the following:
• Fiber-optic small form-factor pluggable (SFP) transceivers:
• 1000BASE-LH (model number: SFP-1GE-LH)
• 1000BASE-LX (model number: SFP-1GE-LX)
• 1000BASE-SX (model number: SFP-1GE-SX)
• Copper SFP transceiver:
• 1000BASE-T (model number: SFP-1GE-T)
• Bidirectional SFP transceivers:
• 1000BASE-BX (model number pairs: SFP-GE10KT13R14 with SFP-GE10KT14R13,
SFP-GE10KT13R15 with SFP-GE10KT15R13, SFP-GE40KT13R15 with
SFP-GE40KT15R13)
These optical transceiver modules can be hot-swapped. You can view the enhanced
20-portGigabitEthernetMIC informationbyusing theshowchassishardwarecommand.
• Support for synchronizing the CB of anMX2020 router with external BITS timingsources (MX2020)—This feature provides building-integrated timing supply (BITS)input and output support to the two external clock interfaces (ECI) on the Control
Board. You can configure the ECIs for both input and output BITS. In the absence of
any configuration, the ECI is inactive.
You can configure the BITS ECI by using the synchronization statement at the [edit
chassis] hierarchy level. You can view the BITS ECI information by using the show
chassis synchronization extensive command.
[See Understanding Clock Synchronization on MX Series Routers.]
• Distribution of Ethernet connectivity fault management sessions (MXSeries)—Starting with Junos OS Release 13.3, connectivity fault management (CFM)sessions operate in distributedmode and can be processed on the Flexible PIC
Concentrator (FPC) on aggregated Ethernet interfaces. As a result, graceful Routing
Engine switchover (GRES) is supported on aggregated Ethernet interfaces. In releases
before Junos OS Release 13.3, CFM sessions operate in centralizedmode and are
processed on the Routing Engine. However, CFM sessions are not supported on
aggregated Ethernet interfaces if the interfaces that form the aggregated Ethernet
bundle are in mixedmode.
Copyright © 2014, Juniper Networks, Inc.24
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
CFM sessions are distributed by default. To disable the distribution of CFM sessions
andtooperate incentralizedmode, include theppmno-delegate-processingstatement
at the [edit routing-options ppm] hierarchy level. However, all CFM sessions should
operate in either only distributed or only centralizedmode. Amixed operation of
distributed and centralizedmodes for CFM sessions is not supported.
[See IEEE 802.1ag OAM Connectivity Fault Management Overview.]
• Redundant logical tunnels (MXSeries)—Beginningwith JunosOSRelease 13.3, whenyouconnect twodevices through logical tunnels, you cancreateandconfiguremultiple
physical logical tunnels and add them to a virtual redundant logical tunnel to provide
redundancy.
[See Example: Configuring Redundant Logical Tunnels.]
25Copyright © 2014, Juniper Networks, Inc.
New and Changed Features
Layer 2 Features
• Computation of the Layer 2 overhead attribute in interface statistics (TSeries)—Starting in Junos OS Release 13.3, on T Series routers, you can configure anattribute at the PIC level to include the Layer 2 overhead (header and trailer bytes) in
the physical interface and logical interface statistics for both ingress and egress
directions. Both the transit and total statistical information includes the Layer 2
overhead in theoutputof theshowinterfaces interface-namecommandforeachphysical
or logical interface on that PIC.
The ifInOctets and ifOutOctets MIB objects display statistics that include Layer 2
overhead bytes.
Multicast
• IGMP and PIM snooping support (MPC3E andMPC4E onMX240, MX480, andMX960)—Starting with Junos OS Release 13.3, IGMP snooping and PIM snooping are
supportedon theMX240,MX480,andMX960withModularPortConcentrators (MPC)
MPC3E and MPC4E.
MPLS
• Multisegment pseudowire for FEC 129 (M Series, MX Series, and T Series)—JunosOS Release 13.3 and later releases provide support for establishing a dynamic
multisegmentpseudowire (MS-PW)withFEC129 inanMPLSpacket-switchednetwork
(PSN). The stitching provider edge (S-PE) devices in anMS-PWare automatically and
dynamically discovered by BGP, and the pseudowire is signaled by LDP using FEC 129.
This arrangement requires minimum provisioning on the S-PEs, thereby reducing the
configuration burden that is associatedwith statically configured Layer 2 circuits while
still using LDP as the underlying signaling protocol.
TheMS-PW feature also provides operation, administration, andmanagement (OAM)
capabilities, such as ping, traceroute, and Bidirectional Forwarding Detection (BFD),
from the terminating PE (T-PE) devices of an MS-PW.
[See Example: Configuring a Multisegment Pseudowire.]
NetworkManagement andMonitoring
• BFD session enhancements (MX Series routers with MPCs or MICs)—Starting inJunosOSRelease 13.3, the followingBFDsessionenhancementshavebeen introduced:
• enhanced-ip option—For BFD over aggregated Ethernet (ae) interfaces, configuringtheenhanced-ipoptionat the [editchassisnetwork-services]hierarchy level increases
the number of BFD sessions. When you activate or deactivate this option, the router
must be rebooted.
• Inlinemode—This enables the router to transmit and receive BFD packets from the
FPChardware. Currently, for BFDover aggregated Ethernet (ae) interfaces, the inline
mode is supported only on MX Series routers with MPCs/MICs that have configured
theenhanced-ipoption. ForBFDoverGigabit Ethernet interfacesandVLAN interfaces,
the inlinemode is supportedbydefault onall theMXSeries routerswithMPCs/MICs.
Copyright © 2014, Juniper Networks, Inc.26
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
• ISSUtimernegotiation—During unified ISSU, the timer for BFDsessions is increasedfrom the configured value to 60 seconds.
• Support for BFD over child links of AE or LAG bundle (cross-functional PacketForwarding Engine/kernel/rpd) (M Series, MX Series, and T Series)—Beginning inJunos OS Release 13.3, BFD over child links of an AE or LAG bundle is supported. This
feature provides a Layer 3 BFD liveness detection mechanism for child links of the
Ethernet LAG interface. You can enable BFD to run on individual member links of the
LAG tomonitor the Layer 3 or Layer 2 forwarding capabilities of individual member
links. Thesemicro BFD sessions are independent of each other despite having a single
client that manages the LAG interface. To enable failure detection for aggregated
Ethernet interfaces, include thebfd-liveness-detection statementat the [edit interfaces
aex aggregated-ether-options bfd-liveness-detection] hierarchy level.
[See Understanding Independent Micro BFD Sessions for LAG.]
OpenFlow
• Support for OpenFlow v1.0 (MX80, MX240, MX480, andMX960)—Starting withJunos OS Release 13.3, the MX80, MX240, MX480, and MX960 routers support
OpenFlow v1.0. OpenFlow enables you to control traffic in an existing network using
a remote controller by adding, deleting, andmodifying flows on a switch. You can
configure oneOpenFlow virtual switch and one activeOpenFlow controller at the [edit
protocols openflow] hierarchy level on each device running Junos OS that supports
OpenFlow. On MX Series routers that support OpenFlow, you can also direct traffic
fromOpenFlow networks over MPLS networks by using logical tunnel interfaces and
MPLS LSP tunnel cross-connects.
[SeeOpenFlow Feature Guide.]
Port Security
• Static ARPwithmulticast MAC address for an IRB interface—Starting in Junos OSRelease 13.3, you can configure a static ARP entry with a multicast MAC address for
an IRB interface that acts as the gateway to the network load balancing (NLB) servers.
Earlier, the NLB servers dropped packets with a unicast IP address and amulticast
MACaddress. JunosOS 13.3 supports the configurationof a staticARPwith amulticast
MAC address.
To configure a static ARP entry with a multicast MAC address for an IRB interface,
configure the ARP entry at the [edit interfaces irb unit logical-unit-number family inet
address address] hierarchy level.
irb {unit logical-unit-number{family inet {address address{arp addressmulticast-macmac-add;
}}
}}
27Copyright © 2014, Juniper Networks, Inc.
New and Changed Features
Routing Policy and Firewall Filters
• Using a firewall filter to prevent or allow datagram fragmentation (MXSeries)—Starting in Junos OS Release 13.3, you can define a firewall filter term to
prevent or allow datagram fragmentation by setting or clearing the Don’t Fragment
flag in the IPv4 header of packets that are matched by the filter. Specify the desired
action at the [edit firewall family inet filter filter-name term term-name then action]
hierarchy level.
• To prevent fragmentation of the IP datagram, include the dont-fragment set action
in a term to set the dont-fragment bit to one.
• To allow fragmentation of the IP datagram, include the dont-fragment clear action
in a term to clear the dont-fragment bit to zero.
[See Configuring a Firewall Filter to Prevent or Allow IPv4 Packet Fragmentation and
Firewall Filter Nonterminating Actions.]
Routing Protocols
• Support forBMPversion3—Starting in JunosOSRelease 13.3, BGPmonitoringprotocol(BMP)version3 is supported.BMPallowsa remotedevice (theBMPstation) tomonitor
BGP as it is running on a router or group of routers. BMP version 3 includes substantial
additional functionality versusversion 1. TheBMPversion3configuration is incompatible
with the old version. If you are running BMP version 1 on your Juniper Networks devices,
be sure to update your BMP configurationwhen you upgrade to JunosOSRelease 13.3.
[See Configuring BGPMonitoring Protocol Version 3.]
Services Applications
• EnablingLayer2ProtocolTunneling(L2PT)support forVLANSpanningTreeProtocol(VSTP) and per-VSTP (MX Series routers with MPC/MICs)—Starting in Junos OS
Release 13.3, this feature enables L2PT support for VSTP/PVSTP. [See layer2-control.]
You can also enable rewriting of the MAC address for an interface using the
enable-all-ifl option. [Seemac-rewrite.]
• Chained composite next hops (MX Series and T Series)
NOTE: Although present in the code, the chained composite next hopsfeature is not supported in Junos OS Release 13.3R1. Documentation forthis feature is included in the Junos OS Release 13.3 documentation set.
The support of chained composite next hops for directly connectedprovider edge (PE)
routers varies fromoneplatform to another. OnMXSeries routers containing bothDPC
andMPCFPCs, chainedcompositenexthopsaredisabledbydefault. Toenablechained
composite next hops on the MX240, MX480, and MX960, the chassis must be
configured touse the enhanced-ip option in network servicesmode.OnT4000 routers
containing MPC and FPCs, chained composite next hops are disabled by default. To
Copyright © 2014, Juniper Networks, Inc.28
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
enablechainedcompositenexthopsonaT4000router, thechassismustbeconfigured
to use the enhanced-mode option in network services mode.
Software Installation an and Upgrade
• Support for autoinstallation of satellite devices in a JNU group—In a Junos NodeUnifier (JNU) topology that contains anMX Series router as a controller that manages
satellite devices, such as EX Series Ethernet Switches, QFX Series devices, and ACX
Series Universal Access Routers, the autoinstallation functionality is supported for the
satellite devices. Starting in Junos OS Release 13.3, JNU has an autoinstallation
mechanism that enables a satellite device to configure itself out-of-the-box with no
manual intervention, using the configuration available either on the network or locally
through a removable media, or using a combination of both. This autoinstallation
method is also called the zero-touch facility.
A JNU factory default file, jnu-factory.conf, is present in the /etc/config/ directory and
contains the configuration to perform autoinstallation on satellite devices. The
zero-touch configuration can be disabled by including the delete-after-commit
statement at the [edit system autoinstallation] hierarchy level and committing the
configuration.
[See Autoinstallation of Satellite Devices in a Junos Node Unifier Group and Configuring
Autoinstallation on JNU Satellite Devices.]
Subscriber Management and Services
NOTE: Although present in the code, the subscriber management featuresare not supported in JunosOSRelease 13.3R1. Documentation for subscribermanagement features is included in the JunosOSRelease 13.3documentationset.
• Pseudowire subscriber logical interfacesMPCsupport—Starting in JunosOSRelease13.3, pseudowire subscriber logical interfaces are supported on MPCs with Ethernet
MICs only.
• Service packet counting (MX Series)—Starting in Junos OS Release 13.3, you canconfigure the counters that subscriber management uses when capturing volume
statistics for subscribers on a per-service session basis.
• Inline countersare capturedwhen theeventoccurs, anddonot includeanyadditional
packet processing events that occur after the event.
• Deferred counters are not incremented until the packet is queued for transmission,
and therefore include theentirepacketprocessing.Deferredcountersprovideamore
accurate packet count than inline counters, and are more useful for subscriber
accounting and billing.
NOTE: Fast update filters do not support deferred counters.
29Copyright © 2014, Juniper Networks, Inc.
New and Changed Features
[See Configuring Service Packet Counting.]
• RADIUSLogical Line Identifier (MXSeries)—Starting in JunosOSRelease 13.3, serviceproviders can use a virtual port feature, known as the logical line ID (LLID), tomaintain
a reliable and up-to-date customer database for those subscribers whomove from
one physical line to another. The LLID, which is based on the subscriber's user name
and circuit ID, is mapped to the subscriber's physical line. When the subscriber moves
to a different physical line, the service provider database is updated to map the LLID
to the new physical line. Subscriber management supports the LLID feature for PPP
subscribers over PPPoE, PPPoA, and LAC.
[See RADIUS Logical Line Identifier (LLID) Overview.]
• Configurable timers for DHCPv6 address-assignment pools (MX Series)—Startingin Junos OS Release 13.3, subscriber management on MX Series routers supports
configurable timers for address-assignment pools that are used by a DHCPv6 local
server. In addition to the previously supportedmaximum-lease-time timer, you can
configure the valid-lifetime and preferred-lifetime timers to manage address leases
provided by address-assignment pools. You can also configure the renew (T1) and
rebind(T2) times thatsubscribermanagementuses toextendthe lifetimesofaddresses
obtained from an address-assignment pool.
[See DHCPv6 Lease Timers.]
• DHCP statements and options (MX Series)—Starting in Junos OS Release 13.3, youcan use the following statements and options for DHCP subscriber management
support:
• incoming-interface—Newoption thatprovides secondary identificationmatchcriteria
for the DHCP auto logout feature when there are duplicate clients.
• delay-authentication—New statement that conserves managed resources on the
router by delaying subscriber authentication until the DHCP request processing
phase.
• server-response-time—New statement that configures the timeframe during which
the router monitors DHCP server responsiveness. The router generates a system log
message when the DHCP server does not respond to relayed packets during the
specified time.
• option hex-string—New option that enables the use of the hex-string option type for
user-defined DHCP attribute options that are added to client packets.
• duplicate-clients-in-subnet—New statement that configures how the router
distinguishes between duplicate clients in the same subnet. This replaces the
duplicate-clients-on-interface statement, which is now obsolete.
[See client-discover-match, delay-authentication, server-response-time, option, and
duplicate-clients-in-subnet.]
• Support for agent circuit identifier filtering in PPPoE subscriber session lockout(M120,M320,andMXSeries)—JunosOSRelease 13.3and later releasesextendPPPoEsubscriber session lockout to support identification and filtering of PPPoE subscriber
sessions by either the agent circuit identifier (ACI) value or the unique MAC source
Copyright © 2014, Juniper Networks, Inc.30
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
address on static or dynamic VLAN and static or dynamic VLAN demux underlying
interfaces. In earlier Junos OS releases, PPPoE subscriber session lockout identified
and filtered subscriber sessions only by their unique MAC source address.
ACI-based or MAC-based PPPoE subscriber session lockout prevents a failed or
short-lived PPPoE subscriber session from reconnecting to the router for a default or
configurable time period. ACI-based PPPoE subscriber session lockout is useful for
configurations such as PPPoE interworking in which MAC source addresses are not
unique on the PPPoE underlying interface.
ToconfigureACI-basedPPPoEsubscriber session lockout, use theshort-cycle-protection
statement with the filter aci option. To clear an ACI-based lockout condition, issue the
clear pppoe lockout command with the aci option.
[See PPPoE Subscriber Session Lockout Overview.]
• Subscriber management and services feature parity (MX80)—Starting in Junos OSRelease 13.3, the MX80 supports all subscriber management and services features
that are supported by the MX240, MX480, and MX960 routers. Previously, the MX80
router matched feature support for these routers as of Junos OS Release 11.4.
[See Protocols and Applications Supported by MX5, MX10, MX40, andMX80 Routers.]
• Subscriber management and services feature and scaling parity (MX2010 andMX2020)—Starting in Junos OS Release 13.3, the MX2010 and the MX2020 supportall subscriber management and services features that are supported by the MX240,
MX480, and MX960 routers. In addition, the scaling and performance values for the
MX2010 and the MX2020match those of MX960 routers.
[See Protocols and Applications Supported by MX240, MX480, MX960, MX2010, and
MX2020MPCs,ProtocolsandApplicationsSupportedbyMX240,MX480,MX960,MX2010,
andMX2020 EnhancedMPCs (MPCEs), Protocols and Applications Supported by the
MX240, MX480, MX960, MX2010, andMX2020MPC3E, and Protocols and Applications
Supported by the MX240, MX480, MX960, MX2010, andMX2020MPC4Es.]
• Per-subscriber support for multiple instances of the same service with differentparameters (MX Series routers with MPCs or MICs)—Starting In Junos OS Release13.3, a subscriber can havemultiple instances of the same service, provided that each
service instance has a different set of parameters. In earlier Junos OS releases, each
subscriber was limited to only a single instance of each service.
You can configure a specific service instance for a particular subscriber by specifying
a service name and unique service parameters for that instance. Each service instance
is uniquely identified by the combination of its service name and service parameters.
Use the request network-access aaa subscriber delete command to deactivate all
instances of a subscriber service by specifying only the service name, or to deactivate
a specific instance of a service by specifying both the service nameand its parameters.
In earlier Junos OS releases, you deactivated a service by specifying only its service
name, but not its service parameters.
[See Subscriber Services with Multiple Instances Overview.]
• RADIUS accountingmessages for dual-stack subscribers (MX Series)—Starting inJunos OS Release 13.3, when an IPv6 address is assigned using DHCPv6, the RADIUS
31Copyright © 2014, Juniper Networks, Inc.
New and Changed Features
interimaccountingmessage includes theassigned IPv6address. If thedelegatedprefix
is provided to the client using DHCPv6-PD, the RADIUS interim accounting message
includes the delegated prefix (IA_PD, such as /56). The
address-change-immediate-updatestatement isnoweffective foranyaddressallocation
changeafteranAcct-Startmessage is issued(for IPv6NCPandDHCPv6).An immediate
Interim-Acctmessage is sentuponanysubsequentDHCPv6negotiationandallocation
whennewallocatedaddressesareadded.After IPv6NCPnegotiation,DHCPv6address
allocation and negotiation occurs.
[See RADIUS Accounting Messages for Dual-Stack Subscribers.]
• Support for IPv6 for TACACS+ authentication (MSeries, MX Series, and T Series)—StartingwithRelease 13.3, JunosOSsupports IPv6alongwith theexisting IPv4 support
for user authentication using TACACS+ servers.
• Configurable L2TP receive window size (MX Series)—The new rx-window-size
statement at the [edit services l2tp tunnel] hierarchy level enables you to specify the
size of the receive window in the range 4 through 128 on an L2TP LAC or LNS. The
default value is 4. The ReceiveWindow Size AVP (Attribute Type 10) is not sent in the
SCCRQmessage when the default value is configured on a LAC or in the SCCRP
message when configured on an LNS.
[See Setting the L2TP ReceiveWindow Size.]
• Clearing ANCP statistics (MX Series)—Starting in Junos OS Release 13.3, you canclear all ANCPstatisticswith the clearancpstatistics command.Youcanclear statistics
for a particular neighbor identified by the neighbor’s IP address with the clear ancp
statistics ip-address ip-address command. You can clear statistics for a particular
neighbor identified by the neighbor’s IP address with the clear ancp statistics
system-namemac-address command.
[See Clearing and Verifying ANCP Statistics.]
• ANCP agent support for nonzero partition IDs (MX Series)—Starting in Junos OSRelease 13.3, the ANCP agent on the router can form adjacencies with multiple logical
partitions on a neighbor when you enable the agent to learn partition IDs during
adjacency negotiation with the neighbor. If the agent receives a SYNmessage from
the neighbor within a configurable period, the agent learns the partition IDs and can
form adjacencies with the partitions. The agent can form an adjacency only with the
neighbor if the SYN is not receivedwithin the period, the partition ID is zero, or learning
is not enabled.
[See Configuring the ANCP Agent to Learn ANCP Partition IDs.]
• Dynamic protocol version detection for ANCP (MX Series)—Starting in Junos OSRelease 13.3, when an ANCP neighbor opens adjacency negotiations, it indicates the
highest version of ANCP that it supports. ANCP neighborsmust be able to identify the
supported versions because ANCP Version 1, defined in RFC 6320, Protocol for Access
Node Control Mechanism in Broadband Networks, is not interoperable with the earlier
version based on GSMPv3.
During negotiation, the receiving neighbor returns the value sent by the other neighbor
if it supports that version, or drops the message if it does not. You can still configure
Copyright © 2014, Juniper Networks, Inc.32
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
the router to operate in pre-ietf mode for interoperability with neighbors that support
only GMSPv2.
[See ANCP Topology Discovery and Traffic Reporting Overview.]
• Support forANCPgeneric responsemessagesandresultcodes(MXSeries)—Startingin Junos OS Release 13.3, the ANCP agent supports receipt of generic response
messages. Upon receipt, the router generates a system log, increments the generic
messagecounters,and increments the resultcodecounters.Generic responsemessages
(GRMs) are typically sent instead of specific responsemessageswhen no information
needs to be sent other than a result of success or failure. When themessage reports
a failure, it must include one of eight result codes to indicate the cause. A GRM can
also be sent independent of a request when the failure causes the adjacency to be
shut down.
[See ANCP Topology Discovery and Traffic Reporting Overview.]
• Support for sending and receiving the ANCP Status-Info TLV (MX Series)—Startingin Junos OS Release 13.3, the Status-Info TLV supplements the generic response
message result codes and provides information about a warning or error condition.
Although usually included in generic responsemessages, the TLV can also be included
inotherANCPmessage types.TheStatus-InfoTLVmustbe included ingeneric response
messages when the result code indicates a port is down, a port does not exist, a
mandatory TLV is missing, or a TLV is invalid.
[See ANCP Topology Discovery and Traffic Reporting Overview.]
• DNS address assignment in DHCPv6 IA_NA and IA_PD environments (MXSeries)—Starting in Junos OS Release 12.3R3 and Release 13.3 (but not in Releases13.1 and 13.2), the DHCPv6 local server returns the DNS server address (DHCPv6
attribute 23) as a global DHCPv6 option, rather than as an IA_NA or IA_PD suboption.
DHCPv6 returns theDNSserveraddress that is specified in the IA_PDor IA_NApools—if
both address pools are requested, DHCPv6 returns the address specified in the IA_PD
pool only, and ignores any DNS address in the IA_NA pool.
In releases earlier than 12.3R3, and in Releases 13.1 and 13.2, DHCPv6 returns the DNS
server address as a suboption inside the respective DHCPv6 IA_NA or IA_PD header.
You can use themulti-address-embedded-option-response statement at the [edit
systemservicesdhcp-local-serverdhcpv6overrides]hierarchy level to revert to theprior
behavior. However, returning the DNS server address as a suboption can create
interoperability issues for some CPE equipment that cannot recognize the suboption
information.
[See DHCPv6 Options in a DHCPv6Multiple Address Environment.]
• Support for filtering trace results by subscribers for AAA, L2TP, and PPP (MXSeries)—Starting in Junos OS Release 13.3, you can filter trace results for someprocesses by subscriber. The reduced set of results simplifies troubleshooting in a
scaled environment. Specify the useruser@domain option at the appropriate hierarchy
level:
• AAA (authd)—[edit system processes general-authentication-service traceoptions
filter]
33Copyright © 2014, Juniper Networks, Inc.
New and Changed Features
• L2TP (jl2tpd)—[edit services l2tp traceoptions filter]
• PPP (jpppd)—[edit protocols ppp-service traceoptions filter]
You can filter on the user, the domain, or both. You can use a wildcard (*) at the
beginningor endof each term, as in the following examples: [email protected], tom*,
*tom, *ample.com, tom@ex*, tom*@*example.com.
You cannot filter results using a wildcard in the middle of the user or domain, as in the
following examples: tom*[email protected], tom125@ex*.com.
Traces that have insufficient information to determine the subscriber username are
automatically excluded from the results.
• Overriding the preferred source address as the source address of NeighborSolicitation/Neighbor Advertisement (NS/NA) on unnumbered interfaces (MXSeries)—By default, if a preferred source address is configured on an unnumberedinterface, thatpreferredaddress is usedas the sourceaddressofNS/NA. If nopreferred
sourceaddress is configured, the routerusesasuitableaddressbasedon thedestination
address scope. Starting in Junos OS Release 13.3, you can configure the router to
override the default configuration of using the preferred source address for NS/NA.
The router ignores thepreferred sourceaddressandusesanappropriateaddressbased
on the destination address scope.
VPNs
• Enhancedmulticast VPNs traceoptions statement (M Series, MX Series, and TSeries)—Themulticast VPNs traceoptions statement has been enhanced starting inJunos OS Release 13.3. This statement can now be configured at the [edit protocols
mpvn] hierarchy level. In addition, the following traceoption flags have been added:
cmcast-join, inter-as-ad, intra-as-ad, leaf-ad,mdt-safi-ad, source-active, spmsi-ad,
tunnel, and umh.
[See Tracing MBGPMVPN Traffic and Operations.]
• Enhanced egress protection in Layer 3 VPNs (M Series, MX Series, and TSeries)—Starting in Junos OS Release 13.3, enhanced point-of-local-repair (PLR)functionality is available, in which the PLR reroutes service traffic during an egress
failure. As part of this enhancement, the PLR router no longer needs to be directly
connected to the protector router. Previously, if the PLR was not directly connected
to the protector router, the loop-free alternate route could not find the backup path
to the protector. A new configuration statement, advertise-mode, enables you to set
the method for the interior gateway protocol (IGP) to advertise egress protection
availability.
[See Example: Configuring Layer 3 VPN Egress Protection with RSVP and LDP.]
RelatedDocumentation
Changes in Behavior and Syntax on page 35•
• Known Behavior on page 41
• Known Issues on page 42
• Documentation Updates on page 48
Copyright © 2014, Juniper Networks, Inc.34
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
• Migration, Upgrade, and Downgrade Instructions on page 49
• Product Compatibility on page 57
Changes in Behavior and Syntax
This section lists the changes in behavior of JunosOS features and changes in the syntax
of Junos OS statements and commands from Junos OS Release 13.3R1 for the M Series,
MX Series, and T Series.
• IPv6 on page 35
• Interfaces and Chassis on page 35
• Management on page 35
• Multicast on page 36
• Routing Protocols on page 36
• Services Applications on page 37
• Software Installation and Upgrade on page 38
• Subscriber Management and Services on page 38
• User Interface and Configuration on page 40
IPv6
• Staring with Junos OS release 11.4R11, interim-logging is supported with NAT64 on
microkernel (MS-DPC) platforms. The configuration statement
pba-interim-logging-interval under the interfaces services-options hierarchy level
enables the feature for NAT64.
Interfaces and Chassis
• Validation of deactivated inline services MLPPP bundle interfaces—Starting withJunos OS Release 13.3, if you attempt to delete or deactivate a static inline service (si)
MLPPPbundle interface that is still referencedby amember link interface,which could
be PPPoE (pp0) or si logical interfaces, and commit the configuration, the commit
operation fails. Youmust reactivate such MLPPP bundle interface before committing
the settings. Alternatively, youmust ensure that member links do not refer a static
MLPPPbundlebefore youdeleteordeactivate thebundle. Thismethodofdeactivation
and reactivation of an MLPPP bundle is not applicable for interfaces other than si-
interfaces, such as link services IQ (lsq-) and virtual LSQ redundancy (rlsq-) interfaces.
[SeeUnderstandingMLPPPBundlesandLinkFragmentationand Interleaving (LFI)onSerial
Links.]
Management
• Restrictions forcryptoalgorithmsforFIPS inOpenSSH—Starting in JunosOSRelease13.3, the following options are not allowed on systems operating in FIPSmode:
[edit system services ssh]set macs <algorithm>
35Copyright © 2014, Juniper Networks, Inc.
Changes in Behavior and Syntax
Not allowed: hmac-md5, hmac-md5-96, [email protected],
[email protected], hmac-ripemd160,
[email protected], [email protected],
[email protected], [email protected], and
[edit system services ssh]set key-exchange <algorithm>
Not allowed: group-exchange-sha1, dh-group14-sha1, and dh-group1-sha1.
[edit system services]set hostkey-algorithm <algorithm | no-algorithm>
Not allowed: ssh-dss and ssh-rsa.
Prior to Junos OS Release 13.3, the options were available but should have been
disallowed.
Multicast
• PIM snooping support using relaymode (M Series andMX Series)—Starting withJunos OS Release 13.3, PIM snooping on PE routers is supported using relay mode
insteadofproxymode.This enablesCE routerswithPIMsnooping to sendHellopackets
without setting the tracking bit (T-bit) to the PE routers. In relay mode, you need not
configurevalues for the join-prune-timeoutstatementandsave theFiniteStateMachine.
To check the status of relay mode on the CLI, use the show pim snooping neighbors
command or the show pim snooping interfaces command.
• When configured in enhanced-ip mode, traffic arriving via IRB (Multicast source
connected over L3)will not be forwarded to remote PEs in VPLSwhen igmp-snooping
is configured along with use-p2mp-lsp knob.
Routing Protocols
• Hidden clear commands—Starting in Junos OS Release 13.3, the purge option of theclear ospf database and clear ospf3 database commands is hidden and unsupported.
• BGP attribute flag bits—In Junos OS Release 13.2 and earlier, unused attribute flagbits were propagated unchanged. Starting in JunosOSRelease 13.3, BGP attribute flag
bits are reset to zerobydefault andnotpropagated. This behavior is being standardized,
as specified in Internet draft draft-hares-idr-update-attrib-low-bits-fix-01, Update
Attribute Flag Low Bits Clarification.
• Change inconfiguringkeepnoneandkeepallstatements—Starting in JunosOSRelease13.3, configuring keep none or keep all no longer causes all BGP sessions to restart. For
peers that do not support route refresh, when you configure keep none or keep all, the
associated BGP sessions are restarted (flapped). For peers that do support route
refresh, the local speaker sends a route refresh and performs an import evaluation. For
these peers, the sessions do not restart when you configure keep none or keep all. To
determine if a peer supports refresh, check for Peer supports Refresh capability in the
Copyright © 2014, Juniper Networks, Inc.36
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
output of the showbgpneighbor command. In previous releases, configuring keepnone
or keep all caused all BGP sessions to restart.
• Starting in Junos OS 14.1, Junos OSwill modify the default BGP extended community
value used for MVPN IPv4 VRF route import (RT-import) to the IANA-standardized
value. Thus, the default behavior will change such that the behavior of the
mvpn-iana-rt-import statement will become the default. Themvpn-iana-rt-import
statement will be depricated and should be removed from configurations.
Services Applications
• Restriction forRPMprobetestdata-size—In JunosOSRelease 13.2andearlier releases,the data-size statement at the [edit services rpmprobeowner test test-name] hierarchy
level did not enforce any additional restrictions when the hardware-timestampwas
included. Starting in Junos OS Release 13.3, the data-size value must be at least 100
bytes smaller than the default MTU of the interface of the RPM client interface when
the hardware-timestamp statement is used.
[edit services rpm probe owner test test-name]hardware-time-stamp;data-size size;
• New ranges for TWAMP server connections—In Junos OS Release 13.2 and earlierreleases, themaximum-connections statement at the [edit services rpmtwampserver]
hierarchy level had a range of 1 through 2048. Starting in Junos OS Release 13.3, the
maximum-connections statement has a range of 1 through 1000. In Junos OS Release
13.2 and earlier releases, themaximum-connections-per-client statement at the [edit
services rpm twamp server] hierarchy level had a range of 1 through 1024. Starting in
Junos OS Release 13.3, the maximum-connections-per-client statement has a range
of 1 through 500.
• New range for data-size statement—In Junos OS Release 13.2 and earlier releases,the data-size statement at the [edit services rpmprobeowner test test-name] hierarchy
level had a range of 0 through65507. Starting in JunosOSRelease 13.3R1, thedata-size
statement has a range of 0 through 65400.
• Restriction for NAT ruleswith translation type stateful-nat-64—In JunosOSRelease13.2 and earlier releases, the following restriction was not enforced by the CLI: if the
translation-type statement in the then statement of a NAT rule was set to
stateful-nat-64, the range specified by the destination-address-range or thedestination-prefix-list in the from statement needed to be within the range specified
by thedestination-prefix statement in the then statement. Starting in JunosOSRelease
13.3, this restriction is enforced.
[edit services nat]rule rule-name {term term-name {from {destination-address-range lowminimum-value highmaximum-value <except>;destination-prefix-list list-name <except>;
}then {destination-prefix destination-prefix;
}
37Copyright © 2014, Juniper Networks, Inc.
Changes in Behavior and Syntax
}}
Software Installation and Upgrade
• Upgrading Junos OS in one step (MX Series)—Starting in Junos OS Release 13.3, youcan specifymultiple configuration files in one stepwhen youupgrade JunosOSon your
device.Whenyouenter the requestsystemsoftwareaddor the requestsystemsoftware
validate command, you can use the upgrade-with-config option. You can also use the
upgrade-with-config-format option when the configuration file is in the text format.
Subscriber Management and Services
• Subscriber loginwhen lawful intercept fails—Starting in JunosOSRelease 13.3, whenlawful intercept activation fails during a subscriber login, the subscriber login will not
be denied. An SNMPmessagewill still be generated that indicates the lawful intercept
activation failed. In Junos OS releases prior to 13.2R2, the subscriber login was denied
if lawful intercept activation failed.
• Change to test aaa ppp user and test aaa dhcp user commands—Starting in Junos OSRelease 13.3, the test aaapppuser and test aaadhcp user commands no longer display
serviceactivation statusbecause serviceactivation is not required in these commands.
Inearlier releases, thecommandsdisplayedserviceactivationstatus to indicatewhether
service activation failed or succeeded. Service-related RADIUS attribute values are
still displayed.
• Configuring domainmaps to use the default routing instance (MXSeries)—Startingin Junos OS Release 13.3, on MX Series routers you can explicitly configure a domain
map to use the default (master) routing instance for the AAA or subscriber contexts.
This enhancement enables you to configure a domain map to use the default routing
instance in cases where a nondefault routing instance is currently referenced, or in
other scenarios in which you need to explicitly reference the default routing instance.
• Configuration support to prevent the LACPMC-LAG system ID from reverting to thedefault LACP system ID on ICCP failure—Beginning in Junos OS Release 13.3, you canconfigure the prefer-status-control-active statement with the status-control
standbyconfiguration at the [edit interfaces aeX aggregated-ether-optionsmc-ae]
hierarchy level to prevent the LACPMC-LAG system ID from reverting to the default
LACP system ID on ICCP failure. Use this configuration only if you can ensure that ICCP
does not go down unless the router is down. Youmust also configure the hold-time
down value (at the [edit interfaces interface-name] hierarchy level) for the interchassis
link with the status-control standby configuration to be higher than the ICCP BFD
timeout. This configuration prevents traffic loss by ensuring that when the router with
the status-control active configuration goes down, the router with the status-control
standby configuration does not go into standbymode.
• Support for rejecting IPv6CP negotiation in the absence of an authorized address(MX Series)—Starting in Junos OS Release 13.3, you can control the behavior of therouter in a situationwhere IPv6CP negotiation is initiated for subscriber sessionswhen
no authorized addresses are available. By default, IPv6CP negotiation is enabled to
proceed for an IPv6-only session when AAA has not provided an appropriate IPv6
address or prefix. In the absence of the address, the negotiation cannot successfully
Copyright © 2014, Juniper Networks, Inc.38
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
complete. To prevent endless client negotiation of IPv6CP, include the
reject-unauthorized-ipv6cp statement at the [edit protocols ppp-service] hierarchy
level, which enables the jpppd process to reject the negotiation attempt.
• Support for ignoring DSL ForumVSAs from directly connected devices (MXSeries)—WhenCPEdevicesaredirectly connected toaBNG, youmightwant the router
to ignore any DSL Forum VSAs that it receives in PPPoE control packets because the
VSAs can be spoofed bymalicious subscribers. Spoofing is particularly serious when
the targeted VSAs are used to authenticate the subscriber, such as Agent-Circuit-Id
[26-1] and Agent-Remote-ID [26-2].
To ignore the DSL Forum VSAs, starting in Junos OS Release 13.3, include the
direct-connect statement for PPPoE interfaces or PPPoE underlying interfaces at the
following hierarchy levels:
• [editdynamic-profilesprofile-name interfacesdemux0unit logical-unit-number family
pppoe]
• [editdynamic-profilesprofile-name interfaces interface-nameunit logical-unit-number
family pppoe]
• [editdynamic-profilesprofile-name interfaces interface-nameunit logical-unit-number
pppoe-underlying-options]
• [edit interfaces interface-name unit logical-unit-number family pppoe]
• [edit interfaces interface-name unit logical-unit-number pppoe-underlying-options]
• [edit logical-systems logical-system-name interfaces interface-name unit
logical-unit-number family pppoe]
• [edit logical-systems logical-system-name interfaces interface-name unit
logical-unit-number pppoe-underlying-options]
You can determine whether direct-connect is configured for particular interfaces by
issuing the show interfaces or show pppoe underlying-interfaces command.
• ANCP agent behavior for invalid generic responsemessages (MX Series)—Startingin Junos OS Release 13.3, when the ANCP agent receives an incorrect or unexpected
generic responsemessage from an ANCP neighbor, it immediately drops the packet,
generates a system log notice message, and takes no further action.
• Changes toANCPshowcommandoutput (MXSeries)—Starting in JunosOSRelease13.3, the show ancp neighbor command displays information for all configured ANCP
neighbors regardless of operational state. In earlier releases, it displayed information
only for neighbors in the Established state. The Time field, which displays the elapsed
time since the neighbor entered its current state, has replaced the Up TIme field. An
asterisk (*) prefixed to the neighbor entry indicates that the adjacency information
might be stale.
In Junos OS Release 13.3 and later, the show ancp subscriber command displays
information for all subscribers regardless of operational state. In earlier releases, it
displayed information only for active subscribers in the Established state. An asterisk
(*) prefixed to the subscriber entry indicates that the information might be stale. Two
39Copyright © 2014, Juniper Networks, Inc.
Changes in Behavior and Syntax
asterisks (**) indicate that the neighbor associated with the subscriber has lost its
adjacency.
• Enhancedaccountingstatistics (MSeries,MXSeries,andTSeries)—Starting in JunosOSRelease 13.3, the shownetwork-accessaaastatisticsaccounting command includes
the optional detail keyword, which provides additional information about the RADIUS
accounting statistics. You can use the enhanced details for troubleshooting
investigations.
[See Verifying andManaging Subscriber AAA Information.]
User Interface and Configuration
• User-defined identifiersusingthereservedprefix junos-nowcorrectlycauseacommiterror in the CLI (M Series, MX Series, and T Series)—Junos OS reserves the prefixjunos- for the identifiersofconfigurationsdefinedwithin the junos-defaultsconfiguration
group. User-defined identifiers cannot start with the string junos-. If you configured
user-defined identifiers using the reserved prefix through a NETCONF or Junos XML
protocol session, the commit would correctly fail. Prior to Junos OS Release 13.3, if you
configureduser-defined identifiers through theCLI using the reservedprefix, thecommit
would incorrectly succeed. Junos OS Release 13.3 and later releases exhibit the correct
behavior. Configurations that currently contain the reserved prefix for user-defined
identifiers other than junos-defaults configuration group identifiers will now correctly
result in a commit error in the CLI.
• Change in show version command output (M Series, MX Series, and TSeries)—Beginning in JunosOSRelease 13.3, theshowversioncommandoutput includesthe new Junos field that displays the Junos OS version running on the device. This new
field is in addition to the list of installed sub-packages running on the device that also
display the Junos OS version number of those sub-packages. This field provides a
consistent means of identifying the Junos OS version, rather than extracting that
information from the list of installed sub-packages. In the future, the list of
sub-packagesmight not be usable for identifying the Junos OS version running on the
device. This change inoutputmight impact existing scripts thatparse information from
the show version command.
In Junos OS Release 13.2 and earlier, the show version command does not have the
single Junos field in theoutput thatdisplays the JunosOSversion runningon thedevice.
The only way to determine the Junos OS version running on the device is to review the
list of installed sub-packages.
Junos OS Release 13.3 and Later ReleasesWith the JunosField
Junos OS Release 13.2 and Earlier ReleasesWithout theJunos Field
user@host> show versionHostname: lab Model: mx960 Junos: 13.3R1.4JUNOS Base OS boot [13.3R1.4] JUNOS Base OS Software Suite [13.3R1.4] JUNOS Kernel Software Suite [13.3R1.4]JUNOS Crypto Software Suite [13.3R1.4]...
user@host> show versionHostname: lab Model: mx960 JUNOS Base OS boot [12.2R2.4]JUNOS Base OS Software Suite [12.2R2.4]JUNOS Kernel Software Suite [12.2R2.4]JUNOS Crypto Software Suite [12.2R2.4]...
Copyright © 2014, Juniper Networks, Inc.40
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
[See show version.]
• In all supported Junos OS releases, regular expressions can no longer be configured if
they require more than 64MB of memory or more than 256 recursions for parsing.
This change in the behavior of Junos OS is in line with the Free BSD limit. The change
wasmade in response to a known consumption vulnerability that allows an attacker
to cause a denial of service (resource exhaustion) attack by using regular expressions
containing adjacent repetition operators or adjacent bounded repetitions. Junos OS
uses regular expressions in several placeswithin theCLI. Exploitationof this vulnerability
can cause the Routing Engine to crash, leading to a partial denial of service. Repeated
exploitation can result in an extendedpartial outageof services providedby the routing
process (rpd).
RelatedDocumentation
New and Changed Features on page 13•
• Known Behavior on page 41
• Known Issues on page 42
• Documentation Updates on page 48
• Migration, Upgrade, and Downgrade Instructions on page 49
• Product Compatibility on page 57
Known Behavior
This sectioncontains theknownbehavior, systemmaximums, and limitations inhardware
and software in Junos OS Release 13.3R1 for the M Series, MX Series, and T Series.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
• Subscriber Management and Services on page 41
Subscriber Management and Services
• The clear pppoe sessions command does not have an all option and consequently
clears all current PPPoE subscriber sessions when you enter the command. The CLI
does not prompt you to confirm that you want to clear all sessions. When you want to
gracefully terminateasubscriber session, always include the interfacenameassociated
with the session. For some network configurations, if your subscribers have unique
usernames, youcanalternatively issue theclearnetwork-accessaaasubscriberusername
command.
• On the MX Series, subscriber management uses firewall filters to capture and report
the volume-based service accounting counters that are used for subscriber billing. You
must always consider the relationship between firewall filters and service accounting
counters, especially when clearing firewall statistics. When you use the clear firewall
command (to clear the statistics displayed by the show firewall command), the
commandalso clears the service accounting counters that are reported to theRADIUS
accounting server. For this reason, youmust be cautious in specifying which firewall
41Copyright © 2014, Juniper Networks, Inc.
Known Behavior
statistics you want to clear. When you reset firewall statistics to zero, you also zero
the counters reported to RADIUS.
• On the MX Series, subscriber management provides a route suppression feature that
enables you to override the DHCP default behavior that adds access-internal and
destination routes for DHCPv4 sessions, and to access-internal and access routes for
DHCPv6 sessions. However, you cannot suppress access-internal routes when the
subscriber is configuredwithboth IA_NAand IA_PDaddressesover IPdemux interfaces,
because the IA_PD route relies on the IA_NA route for next-hop connectivity.
• The Configuring Tunnel Interfaces on MX Series Routers topic in the Services Interfaces
Configuration Guide fails to state that Ingress queueing and tunnel services cannot be
configured on the sameMPC as it causes PFE forwarding to stop. Each feature can,
however, be configured and used separately.
RelatedDocumentation
New and Changed Features on page 13•
• Changes in Behavior and Syntax on page 35
• Known Issues on page 42
• Documentation Updates on page 48
• Migration, Upgrade, and Downgrade Instructions on page 49
• Product Compatibility on page 57
Known Issues
This section lists the known issues in hardware and software in Junos OS Release 13.3R1
for the M Series, MX Series, and T Series.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
• Forwarding and Sampling
• General Routing
• High Availability (HA) and Resiliency
• Interfaces and Chassis
• Internet Protocol Security (IPsec)
• J-Web
• Layer 2 Ethernet Services
• MPLS
• Multicast
• Platform and Infrastructure
• Routing Protocols
• Services Applications
• Subscriber Management and Services
Copyright © 2014, Juniper Networks, Inc.42
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
• User Interface and Configuration
• VPNs
Forwarding and Sampling
• When both SCU and DCU are configured, the traffic with a nonzero 802.1p value is not
accounted for. PR926169
General Routing
• MPLS-IPv4 performance is 10 percent less than the expected 2.5mpps. PR855865
• When transit packets with TTL expired are received, FPC is responsible for sending an
ICMPTTLExpiredmessageback to thesender.There isa500ppsperPacketForwarding
Engine rate limit so that FPC is not overwhelmedwhen a large volume of transit traffic
with TTL expired is received. Prior to Release 13.2R4, the rate limit was applied too
aggressively so that only about 40pps can be sent by the Packet Forwarding Engine
under stress,while itwas raisedback to 500ppsper Packet Forwarding Engine starting
at Release 13.2R4. PR893598
• Minor memory leaks might occur if you add and delete the samemulti-VLAN flow on
the order of 100,000 such add and delete operations. PR905620
• On theMX80,MS-MIC-16Gcould reboot andproducemspmand corewithwhile doing
add/deleteof6kNHservice-setsatmspman_fdb_msg_handler (conn=<valueoptimized
out>, ipc_msg=0x1006ae018, cookie=<value optimized out>). PR915784
• MX80 routers now support CLI command "show system resource-monitor summary".
PR925794
• Added AI-Scripts workaround for Junos OS bug sw-ui-misc/920478 (FIPS crash).
PR932644
• When configuring a logical system for a given interface, a warning may appear: ##
invalid path element 'encapsulation'. The intended commit will not fail however, and
themessage can be safely ignored.
Thewarningalsoappearswith the followingcommand:user@host>showconfiguration
logical-systems | display detail. PR945427
• PIC level "account-layer2-overhead" knob with ethernet-bridge doesn't add
"Adjustment Bytes". As a workaround, configure it under the interface level. PR946131
• CLI command "show interfaces queue" does not account for interface queue drops
due to Head-drops. This resulted in the "Queued" packets/bytes counter to be less
than what was actually received and dropped on that interface queue. This PR fixes
this issue. Head-drops, being a type of RED-drop, is now accounted under the
"RED-dropped" section of the CLI command "show interfaces queue". PR951235
43Copyright © 2014, Juniper Networks, Inc.
Known Issues
High Availability (HA) and Resiliency
• Whenperformingaunified in-service softwareupgrade (ISSU)validateagainst a router
equippedwith ISSU unsupported hardware, the unsupported hardware is being taken
offline, as if anactual ISSUwasbeingperformed. Inaddition, theunsupportedhardware
is still offline after the ISSU validate is completed. The workaround is rebooting or
executing CLI commands to bring the offline hardware back online. PR949882
Interfaces and Chassis
• For Automatic Protection Switching (APS) on SONET/SDH interfaces, there are no
operational mode commands that display the presence of APSmodemismatches.
AnAPSmodemismatch occurswhen one side is configured to use bidirectionalmode,
and the other side is configured to use unidirectional mode. PR65800
• CHASSISD_SNMP_TRAP is not raised if someCLI commands are issued before PEM#1
is removed. PR709293
• To troubleshoot a particular subscriber, one can use 'monitor traffic interface <ifd>
write-file xy.pcap'. Using this command on aggregated or demux interfaces can lead
to corrupted ingress packets in the PCAP file. Customer traffic is not affected though.
PR771447
• When collecting subscriber management control traffic via 'monitor traffic interface
demux0 write-file xy.pcap', the logical unit number is incorrect whenmultiple demux
IFL's are present. This problem is fixed and the correct interface logical unit number is
reported in the juniper header of the captured PCAP file. PR771453
• Packet Forwarding Engine continues to forward traffic to DHCP client on a demux
interface when ae0 interface is down. In this scenario the AE interface bundle has five
members and is configured with aminimum link value of 4. When twomembers are
down, the ae0 interface also goes down, but the Packet Forwarding Engine continues
to forward traffic on other members for the demux interface. PR836846
• MPC 3D 16x 10GE has different"asynchronous-notification" behavior from other cards
in specific vlan-ccc environment.PR929010
• When a port mirroring destination interface is a next-hop group and anymember
interface of the next-hop-group goes up or down, the information update about this
change in datapath is not atomic, meaning that during the small windowwhen the
next-hop update occurs, there is a transient mirror traffic drop including the next-hop
groupmember interfaces that have not gone down. PR937865
Copyright © 2014, Juniper Networks, Inc.44
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
Internet Protocol Security (IPsec)
• When both Routing Engines in a dual-Routing Engine system reboot too quickly with
GRES enabled, 'ipsec-key-management' process would require a manual restart.
PR854794
J-Web
• In the J-Web interface, you cannot configure OSPFv3 by using the point and click
function (Configure > Point&Click > Protocols > Configure >Ospf3). As aworkaround,
configure OSPFv3 options by using the CLI. You can then view and edit the OSPFv3
parameters by using the point and click function in the J-Web interface. PR857540
• Onconfigure->clitools->point and click->system->advanced->deletion of saved core
context on "No" option is not happening at J-Web. PR888714
Layer 2 Ethernet Services
• JDHCPD-DHCP local server sends incorrectoption-54used inACKduring lease renewal.
PR915936
• Service accounting interim updates not being sent. PR940179
MPLS
• For point-to-multipoint LSPs configured for VPLS, the "ping mpls" command reports
100 percent packet loss even though the VPLS connection is active. PR287990
• In a certain circumstance, the Junos OS RPD route flash job and LDP connection job
are always running starving other work such as stale route deletion. These jobs are
running as LDP is continuously sending label map and label withdrawmessages for
someof the prefixes under ldp egress policy. This is due to LDPprocessing a BGP route
from inet.3 for which it has a ingress tunnel (the same prefix is also learned via IGP)
creating a circular dependency as BGP routes can themselves be resolved over a LDP
route. PR945234
• In a highly scaled configuration the reroute of transit RSVP LSPs can result in BGP flap
due to lack of keepalive messages being generated by the Routing Engine. PR946030
45Copyright © 2014, Juniper Networks, Inc.
Known Issues
Multicast
• Router directly connected to multicast source fails to send all the source traffic sent
at line rate towards downstream interface whenmore than 60MLDmembers are
connected and MLD sessions flap. PR944001
Platform and Infrastructure
• In scaled scenario, with large number of probes (around 500 or so), some intermittent
spikes around 500 to 1500usec ( the normal range should be 100-300usec) in Round
Trip Time (RTT) are being seen. The overall average RTTmeasurement isn't deviated
by much as these are not seen regularly. There is no workaround. PR892973
• On a router which does a MPLS label POP operation (penultimate hop router for
example), if the resulting packet (IPv4 or IPv6) is corrupted, then it will be dropped.
PR943382
• Bridge domain flooding over vcp interface(s)will fail if the vcp interface(s) are on fpc's
>=8, and the BD has interfaces configured on both fpc's <= 7 and >= 8 on ingress
MX-VC node. PR945316
• PPPoEsubscribers churnonanMXSeriesbox runningaBRASandCGNATconfiguration
can cause a heapmemory leak on an MS-DPC card. PR948031
Routing Protocols
• When you configure damping globally and use the import policy to prevent damping
for specific routes, and a peer sends a new route that has the local interface address
as the next hop, the route is added to the routing table with default damping
parameters, even though the importpolicyhasanondefault setting.Asa result, damping
settings do not change appropriately when the route attributes change. PR51975
• Continuous soft core-dumpmay be observed due to bgp-path-selection code. RPD
forks a child and the child asserts to produce a core-dump. The problem is with
route-ordering. And it is auto-corrected after collecting this soft-assert-coredump,
without any impact to traffic/service. PR815146
• On the first hop router if the traffic is received from a remote source and the
accept-remote-source knob is configured, the RPF information for the remote source
is not created. PR932405
Services Applications
• When you specify a standard application at the [edit security idp idp-policy
<policy-name> rulebase-ips rule <rule-name>match application] hierarchy level, IDP
does not detect the attack on the nonstandard port (for example, junos:ftp on port
85). Whether it is a custom or predefined application, the application name does not
matter. IDP simply looks at the protocol and port from the application definition. Only
when traffic matches the protocol and port does IDP try to match or detect against
the associated attack. PR477748
Copyright © 2014, Juniper Networks, Inc.46
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
• Whenpeers ina security association (SA)becameunsynchronized, packetswith invalid
security parameter index (SPI) values can be sent out, and the receiving peer drops
those packets. The only way to recover is to manually clear the SAs or wait for them
to time out. PR874456
Subscriber Management and Services
• LNS-Service accounting updates are not sent. PR944807
• The show ppp interface interface-name extensive and show interfaces pp0 commands
display different values for the LCP state of a tunneled subscriber on the LAC. The
show ppp interface interface-name extensive command displays STOPPEDwhereas
the show interfaces pp0 command displays OPENED (which reflects the LCP state
before tunneling).Asaworkaround, use the showppp interface interface-nameextensive
command to determine the correct LCP state for the subscriber. PR888478
User Interface and Configuration
• The logical router administrator canmodify and delete master administrator-only
configurations by performing local operations such as issuing the “load override”, “load
replace”, and “load update” commands. PR238991
• Selecting the Monitor port for any port in the Chassis Viewer page takes the user to
the common Port Monitoring page instead of the corresponding Monitoring page of
the selected port. PR446890
• User needs to wait until the page is completely loaded before navigating away from
the current page. PR567756
• The J-Web interface allows the creation of duplicate term names in the Configure >
Security > Filters > IPV4 Firewall Filters page, but the duplicate entry is not shown in
the grid. There is no functionality impact on the J-Web interface. PR574525
• Using the Internet Explorer 7browser,while deletingauser fromtheConfigure>System
Properties >UserManagement >Users page on the J-Web interface, the system is not
showingawarningmessage,whereas in theFirefoxbrowser errormessagesare shown.
PR595932
• If you access the J-Web interface using the Microsoft InternetWeb browser version 7,
on the BGP Configuration page (Configure > Routing > BGP), all flagsmight be shown
in the Configured Flags list (in the Edit Global Settings window, on the Trace Options
tab) even though the flags are not configured. As aworkaround, use theMozilla Firefox
Web browser. PR603669
• On the J-Web interface, the next hop column inMonitor > Routing > Route Information
displays only the interface address, and the corresponding IP address is missing. The
title of the first columndisplays "static routeaddress" insteadof "DestinationAddress."
PR684552
• On the J-Web interface, Configure > Routing> OSPF> Add> Interface Tab is showing
only the following three interfaces by default: - pfh-0/0/0.16383 - lo0.0 - lo0.16385
To overcome this issue and to configure the desired interfaces to associated ospf
area-range, perform the following operation on the CLI: - set protocols ospf area
47Copyright © 2014, Juniper Networks, Inc.
Known Issues
10.1.2.5 area-range 12.25.0.0/16 - set protocols ospf area 10.1.2.5 interface fe-0/3/1PR814171
• OnHTTPS service, J-Web is not launching the chassis viewer page at Internet Explorer
7. PR819717
VPNs
• When youmodify the frame-relay-tcc statement at the [edit interfaces interface-name
unit logical-unit-number]hierarchy level of aLayer 2VPN, theconnection for the second
logical interface might not come up. As a workaround, restart the chassis process
(chassisd) or reboot the router. PR32763
RelatedDocumentation
New and Changed Features on page 13•
• Changes in Behavior and Syntax on page 35
• Known Behavior on page 41
• Documentation Updates on page 48
• Migration, Upgrade, and Downgrade Instructions on page 49
• Product Compatibility on page 57
Documentation Updates
This section lists the errata and changes in Junos OS Release 13.3R1 documentation for
the M Series, MX Series, and T Series.
• Dynamic Firewall Feature Guide for Subscriber Services on page 48
• Junos Address-Aware Carrier-Grade NAT and IPv6 Feature Guide on page 49
• Subscriber Access Configuration Guide on page 49
• VPWS Feature Guide for Routing Devices on page 49
Dynamic Firewall Feature Guide for Subscriber Services
• Theenhanced-policer topic fails to includea reference to theEnhancedPolicer Statistics
Overview topic. The overview topic explains how the enhanced policer enables you to
analyze traffic statistics for debugging purposes.
The enhanced policer statistics are as follows:
• Offered packet statistics for traffic subjected to policing.
• OOSpacket statistics for packets that aremarkedout-of-specificationby thepolicer.
Changes to all packets that have out-of-specification actions, such as discard, color
marking, or forwarding-class, are included in this counter.
• Transmitted packet statistics for traffic that is not discarded by the policer. When
the policer action is discard, the statistics are the same as the in-spec statistics;
when thepoliceraction isnon-discard(loss-priorityor forwarding-class), thestatistics
are included in this counter.
Copyright © 2014, Juniper Networks, Inc.48
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
To enable collection of enhanced statistics, include the enhanced-policer statement
at the [edit chassis] hierarchy level. To view these statistics, include the detail option
when you issue the show firewall, show firewall filter filter-name, or show policer
command.
Junos Address-Aware Carrier-Grade NAT and IPv6 Feature Guide
• The following note applies to the topic Configuring Address Pools for Network Address
Port Translation (NAPT) Overview:
NOTE: When 99 percent of the total available ports in a pool for napt-44are used, no new flows are allowed on that NAT pool.
Subscriber Access Configuration Guide
• The Junos OS Release 13.3 Subscriber Access Configuration Guide fails to include the
new user@domain option for filtering AAA, L2TP, and PPP traces by subscriber. See
the feature description in these Release Notes titled Support for filtering trace results
by subscribers for AAA, L2TP, and PPP for information about using this option.
VPWS Feature Guide for Routing Devices
• In JunosOSRelease 13.3, the Layer 2Circuits FeatureGuide for RoutingDeviceshasbeen
renamed VPWS Feature Guide for Routing Devices. VPWS content has been added to
this guide, and has been removed from the VPLS Feature Guide for Routing Devices.
RelatedDocumentation
New and Changed Features on page 13•
• Changes in Behavior and Syntax on page 35
• Known Behavior on page 41
• Known Issues on page 42
• Migration, Upgrade, and Downgrade Instructions on page 49
• Product Compatibility on page 57
Migration, Upgrade, and Downgrade Instructions
This sectioncontains theprocedure toupgrade JunosOS,and theupgradeanddowngrade
policies for JunosOS for theMSeries,MXSeries, andTSeries. Upgrading or downgrading
JunosOScan take several hours, depending on the size and configuration of the network.
• Basic Procedure for Upgrading to Release 13.3 on page 50
• Upgrade and Downgrade Support Policy for Junos OS Releases on page 52
• Upgrading a Router with Redundant Routing Engines on page 52
• Upgrading Juniper Network Routers Running Draft-Rosen Multicast VPN to Junos OS
Release 10.1 on page 53
49Copyright © 2014, Juniper Networks, Inc.
Migration, Upgrade, and Downgrade Instructions
• Upgrading the Software for a Routing Matrix on page 54
• Upgrading Using ISSU on page 55
• Upgrading from Junos OS Release 9.2 or Earlier on a Router Enabled for Both PIM and
NSR on page 56
• Downgrading from Release 13.3 on page 57
• Changes Planned for Future Releases on page 57
Basic Procedure for Upgrading to Release 13.3
In order to upgrade to Junos OS 10.0 or later, youmust be running Junos OS 9.0S2, 9.1S1,
9.2R4, 9.3R3, 9.4R3, 9.5R1, or later minor versions, or youmust specify the no-validate
option on the request system software install command.
When upgrading or downgrading Junos OS, always use the jinstall package. Use other
packages (such as the jbundle package) only when so instructed by a Juniper Networks
support representative. For information about the contents of the jinstall package and
details of the installation process, see the Installation and Upgrade Guide.
NOTE: With JunosOSRelease 9.0 and later, the compact flash diskmemoryrequirement for Junos OS is 1 GB. For M7i andM10i routers with only 256MBmemory, see the Customer Support Center JTAC Technical BulletinPSN-2007-10-001 athttps://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2007-10-001
&actionBtn=Search
NOTE: Before upgrading, back up the file system and the currently activeJunos OS configuration so that you can recover to a known, stableenvironment in case the upgrade is unsuccessful. Issue the followingcommand:
user@host> request system snapshot
The installation process rebuilds the file system and completely reinstallsJunos OS. Configuration information from the previous software installationis retained, but the contents of log files might be erased. Stored files on therouting platform, such as configuration templates and shell scripts (the onlyexceptions are the juniper.conf and ssh files) might be removed. To preserve
the stored files, copy them to another system before upgrading ordowngrading the routing platform. For more information, see the Junos OS
Administration Library for Routing Devices.
Copyright © 2014, Juniper Networks, Inc.50
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
Thedownloadand installationprocess for JunosOSRelease 13.3 isdifferent fromprevious
Junos OS releases.
Before upgrading to 64-bit Junos OS, read the instruction on the following pages:
• To check Routing Engine compatibility, see Supported Routing Engines by Router.
• To read the upgrade instructions, see Upgrading to 64-bit Junos OS.
1. Using aWeb browser, navigate to the All Junos Platforms software download URL on
the Juniper Networks webpage:
http://www.juniper.net/support/downloads/
2. Select the name of the Junos platform for the software that you want to download.
3. Select the release number (the number of the software version that you want to
download) from the Release drop-down list to the right of the Download Software
page.
4. Select the Software tab.
5. In the Install Package section of the Software tab, select the software package for the
release.
6. Log in to the Juniper Networks authentication system using the username (generally
your e-mail address) and password supplied by Juniper Networks representatives.
7. Review and accept the End User License Agreement.
8. Download the software to a local host.
9. Copy the software to the routing platform or to your internal software distribution
site.
10. Install the new jinstall package on the routing platform.
NOTE: We recommend that you upgrade all software packages out ofband using the console because in-band connections are lost during theupgrade process.
Customers in the United States and Canada, use the following command:
user@host> request system software add validate rebootsource/jinstall-13.3R11-domestic-signed.tgz
All other customers, use the following command:
user@host> request system software add validate rebootsource/jinstall-13.3R11-export-signed.tgz
Replace sourcewith one of the following values:
• /pathname—For a software package that is installed from a local directory on the
router.
• For software packages that are downloaded and installed from a remote location:
• ftp://hostname/pathname
51Copyright © 2014, Juniper Networks, Inc.
Migration, Upgrade, and Downgrade Instructions
• http://hostname/pathname
• scp://hostname/pathname (available only for Canada and U.S. version)
The validate option validates the software package against the current configuration
as a prerequisite to adding the software package to ensure that the router reboots
successfully. This is the default behavior when the software package being added is
a different release.
Adding the reboot command reboots the router after the upgrade is validated and
installed. When the reboot is complete, the router displays the login prompt. The
loading process can take 5 to 10minutes.
Rebooting occurs only if the upgrade is successful.
NOTE: After you install a Junos OS Release 13.3 jinstall package, you cannot
issue the requestsystemsoftwarerollbackcommandto return to thepreviously
installed software. Instead youmust issue the request system software add
validate command and specify the jinstall package that corresponds to the
previously installed software.
Upgrade and Downgrade Support Policy for Junos OS Releases
Support for upgrades and downgrades that spanmore than three Junos OS releases at
a time is not provided, except for releases that are designated as Extended End-of-Life
(EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can
upgrade directly from one EEOL release to the next EEOL release even though EEOL
releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after
the currently installed EEOL release, or to twoEEOL releases before or after. For example,
Junos OS Releases 10.0, 10.4, and 11.4 are EEOL releases. You can upgrade from Junos
OS Release 10.0 to Release 10.4 or even from Junos OS Release 10.0 to Release 11.4.
However, you cannot upgrade directly from a non-EEOL release that is more than three
releases ahead or behind. For example, you cannot directly upgrade from Junos OS
Release 10.3 (a non-EEOL release) to Junos OS Release 11.4 or directly downgrade from
Junos OS Release 11.4 to Junos OS Release 10.3.
To upgrade or downgrade fromanon-EEOL release to a releasemore than three releases
before or after, first upgrade to the next EEOL release and then upgrade or downgrade
from that EEOL release to your target release.
For more information on EEOL releases and to review a list of EEOL releases, see
http://www.juniper.net/support/eol/junos.html
Upgrading a Router with Redundant Routing Engines
If the router has two Routing Engines, perform a Junos OS installation on each Routing
Engine separately to avoid disrupting network operation as follows:
Copyright © 2014, Juniper Networks, Inc.52
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
1. Disable graceful Routing Engine switchover (GRES) on themaster Routing Engine
and save the configuration change to both Routing Engines.
2. Install the new Junos OS release on the backup Routing Engine while keeping the
currently running software version on themaster Routing Engine.
3. After making sure that the new software version is running correctly on the backup
RoutingEngine, switchover to thebackupRoutingEngine toactivate thenewsoftware.
4. Install the new software on the original master Routing Engine that is now active as
the backup Routing Engine.
For the detailed procedure, see the Installation and Upgrade Guide.
Upgrading JuniperNetworkRoutersRunningDraft-RosenMulticastVPN to JunosOS Release 10.1
In releases prior to Junos OS Release 10.1, the draft-rosenmulticast VPN feature
implements the unicast lo0.x address configured within that instance as the source
address used to establish PIM neighbors and create the multicast tunnel. In this mode,
the multicast VPN loopback address is used for reverse path forwarding (RPF) route
resolution to create the reverse path tree (RPT), or multicast tunnel. Themulticast VPN
loopback address is also used as the source address in outgoing PIM control messages.
In Junos OS Release 10.1 and later, you can use the router’s main instance loopback
(lo0.0) address (rather than themulticast VPN loopback address) to establish the PIM
state for the multicast VPN. We strongly recommend that you perform the following
procedure when upgrading to Junos OS Release 10.1 if your draft-rosenmulticast VPN
network includes both Juniper Network routers and other vendors’ routers functioning
as provider edge (PE) routers. Doing so preservesmulticast VPNconnectivity throughout
the upgrade process.
Because JunosOSRelease 10.1 supportsusing the router’smain instance loopback (lo0.0)
address, it is no longer necessary for the multicast VPN loopback address to match the
main instance loopback adddress lo0.0 to maintain interoperability.
NOTE: Youmight want tomaintain amulticast VPN instance lo0.x address
to use for protocol peering (such as IBGP sessions), or as a stable routeridentifier, or to support the PIM bootstrap server function within the VPNinstance.
Complete the following steps when upgrading routers in your draft-rosenmulticast VPN
network to Junos OS Release 10.1 if you want to configure the routers’s main instance
loopback address for draft-rosenmulticast VPN:
1. Upgrade all M7i and M10i routers to Junos OS Release 10.1 before you configure the
loopback address for draft-rosen Multicast VPN.
NOTE: Do not configure the new feature until all theM7i andM10i routersin the network have been upgraded to Junos OS Release 10.1.
53Copyright © 2014, Juniper Networks, Inc.
Migration, Upgrade, and Downgrade Instructions
2. After you have upgraded all routers, configure each router’s main instance loopback
address as the source address formulticast interfaces. Include thedefault-vpn-source
interface-name loopback-interface-name] statement at the [edit protocols pim]
hierarchy level.
3. After you have configured the router’s main loopback address on each PE router,
delete the multicast VPN loopback address (lo0.x) from all routers.
We also recommend that you remove themulticast VPN loopback address from all
PE routers from other vendors. In Junos OS releases prior to 10.1, to ensure
interoperability with other vendors’ routers in a draft-rosenmulticast VPN network,
you had to perform additional configuration. Remove that configuration from both
the JuniperNetworks routers and the other vendors’ routers. This configuration should
beon JuniperNetworks routers andon theother vendors’ routerswhere youconfigured
the lo0.mvpnaddress ineachVRF instanceas thesameaddressas themain loopback
(lo0.0) address.
This configuration is not requiredwhen you upgrade to Junos OS Release 10.1 and use
themain loopback address as the source address for multicast interfaces.
NOTE: Tomaintain a loopback address for a specific instance, configurea loopback address value that does notmatch themain instance address(lo0.0).
For more information about configuring the draft-rosen Multicast VPN feature, see the
Multicast Protocols Feature Guide for Routing Devices.
Upgrading the Software for a RoutingMatrix
A routing matrix can be either a TXMatrix router as the switch-card chassis (SCC) or a
TXMatrix Plus router as the switch-fabric chassis (SFC). By default, when you upgrade
software for a TXMatrix router or a TXMatrix Plus router, the new image is loaded onto
the TXMatrix or TX Matrix Plus router (specified in the Junos OS CLI by using the scc or
sfc option) and distributed to all line-card chassis (LCCs) in the routingmatrix (specified
in the Junos OS CLI by using the lcc option). To avoid network disruption during the
upgrade, ensure the following conditions before beginning the upgrade process:
• Aminimumof freedisk spaceandDRAMoneachRoutingEngine.Thesoftwareupgrade
will fail on any Routing Engine without the required amount of free disk space and
DRAM.Todetermine theamountofdisk spacecurrentlyavailableonallRoutingEngines
of the routing matrix, use the CLI show system storage command. To determine the
amount of DRAM currently available on all the Routing Engines in the routing matrix,
use the CLI show chassis routing-engine command.
• Themaster Routing Engines of the TXMatrix or TX Matrix Plus router (SCC or SFC)
and all LCCs connected to the SCC or SFC are all re0 or are all re1.
• The backup Routing Engines of the TXMatrix or TX Matrix Plus router (SCC or SFC)
and all LCCs connected to the SCC or SFC are all re1 or are all re0.
Copyright © 2014, Juniper Networks, Inc.54
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
• All master Routing Engines in all routers run the same version of software. This is
necessary for the routing matrix to operate.
• All master and backup Routing Engines run the same version of software before
beginning the upgrade procedure. Different versions of the Junos OS can have
incompatible message formats especially if you turn on GRES. Because the steps in
the process include changing mastership, running the same version of software is
recommended.
• For a routing matrix with a TXMatrix router, the same Routing Engine model is used
within a TXMatrix router (SCC) and within a T640 router (LCC) of a routing matrix.
For example, a routing matrix with an SCC using two RE-A-2000s and an LCC using
two RE-1600s is supported. However, an SCC or an LCC with two different Routing
Engine models is not supported. We suggest that all Routing Engines be the same
model throughout all routers in the routing matrix. To determine the Routing Engine
type, use the CLI show chassis hardware | match routing command.
• For a routing matrix with a TXMatrix Plus router, the SFC contains twomodel
RE-DUO-C2600-16G Routing Engines, and each LCC contains twomodel
RE-DUO-C1800-8G or RE-DUO-C1800-16G Routing Engines.
BEST PRACTICE: Make sure that all master Routing Engines are re0 and allbackup Routing Engines are re1 (or vice versa). For the purposes of thisdocument, themaster Routing Engine is re0 and the backup Routing Engineis re1.
To upgrade the software for a routing matrix, perform the following steps:
1. Disable graceful Routing Engine switchover (GRES) on themaster Routing Engine
(re0) and save the configuration change to both Routing Engines.
2. Install the new Junos OS release on the backup Routing Engine (re1) while keeping
the currently running software version on themaster Routing Engine (re0).
3. Load the new JunosOSon the backupRouting Engine. Aftermaking sure that the new
software version is running correctly on the backup Routing Engine (re1), switch
mastership back to the original master Routing Engine (re0) to activate the new
software.
4. Install the new software on the new backup Routing Engine (re0).
For the detailed procedure, see the Routing Matrix with a TXMatrix Router Deployment
Guide or the Routing Matrix with a TXMatrix Plus Router Deployment Guide.
Upgrading Using ISSU
Unified in-service softwareupgrade (ISSU)enables you toupgradebetween twodifferent
Junos OS releases with no disruption on the control plane and with minimal disruption
of traffic. Unified in-service software upgrade is only supported by dual Routing Engine
platforms. In addition, graceful Routing Engine switchover (GRES) and nonstop active
routing (NSR)must be enabled. For additional information about using unified in-service
software upgrade, see the High Availability Feature Guide for Routing Devices.
55Copyright © 2014, Juniper Networks, Inc.
Migration, Upgrade, and Downgrade Instructions
Upgrading from JunosOSRelease 9.2 or Earlier on aRouter Enabled for BothPIMand NSR
Junos OS Release 9.3 introduced NSR support for PIM for IPv4 traffic. However, the
following PIM features are not currently supportedwith NSR. The commit operation fails
if the configuration includes both NSR and one or more of these features:
• Anycast RP
• Draft-Rosenmulticast VPNs (MVPNs)
• Local RP
• Next-generation MVPNs with PIM provider tunnels
• PIM join load balancing
Junos OS Release 9.3 introduced a new configuration statement that disables NSR for
PIM only, so that you can activate incompatible PIM features and continue to use NSR
for the other protocols on the router: the nonstop-routing disable statement at the [edit
protocolspim]hierarchy level. (Note that this statementdisablesNSR for all PIM features,
not only incompatible features.)
If neitherNSRnorPIM is enabledon the router tobeupgradedor if oneof theunsupported
PIM features is enabled but NSR is not enabled, no additional steps are necessary and
you can use the standard upgrade procedure described in other sections of these
instructions. If NSR is enabled and no NSR-incompatible PIM features are enabled, use
the standard reboot or ISSU procedures described in the other sections of these
instructions.
Because the nonstop-routing disable statement was not available in Junos OS Release
9.2 and earlier, if both NSR and an incompatible PIM feature are enabled on a router to
be upgraded from Junos OS Release 9.2 or earlier to a later release, youmust disable
PIM before the upgrade and reenable it after the router is running the upgraded Junos
OS and you have entered the nonstop-routing disable statement. If your router is running
Junos OS Release 9.3 or later, you can upgrade to a later release without disabling NSR
orPIM–simplyuse thestandard rebootor ISSUproceduresdescribed in theother sections
of these instructions.
To disable and reenable PIM:
1. On the router running Junos OS Release 9.2 or earlier, enter configuration mode and
disable PIM:
[edit]
user@host# deactivate protocols pimuser@host# commit
2. Upgrade to Junos OS Release 9.3 or later software using the instructions appropriate
for the router type. You caneither use the standardprocedurewith reboot or use ISSU.
3. After the router reboots and is running the upgraded Junos OS, enter configuration
mode, disablePIMNSRwith thenonstop-routingdisable statement, and then reenable
PIM:
Copyright © 2014, Juniper Networks, Inc.56
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
[edit]
user@host# set protocols pim nonstop-routing disableuser@host# activate protocols pimuser@host# commit
Downgrading fromRelease 13.3
To downgrade from Release 13.3 to another supported release, follow the procedure for
upgrading, but replace the 13.3 jinstall package with one that corresponds to the
appropriate release.
NOTE: Youcannot downgrademore than three releases. For example, if yourrouting platform is running Junos OS Release 11.4, you can downgrade thesoftware to Release 10.4 directly, but not to Release 10.3 or earlier; as aworkaround, you can first downgrade to Release 10.4 and then downgradeto Release 10.3.
For more information, see the Installation and Upgrade Guide.
Changes Planned for Future Releases
The following are changes planned for future releases.
Routing Protocols
• Change in Junos OS support for the BGPMonitoring Protocol (BMP)—In Junos OSRelease 13.3and later, thecurrently supportedversionofBMP,BMPversion 1, asdefined
in Internet draft draft-ietf-grow-bmp-01, is planned to be replaced with BMP version
3, as defined in Internet draft draft-ietf-grow-bmp-07.txt. Junos OS can support only
one of these versions of BMP in a release. Therefore, Junos OS Release 13.2 and earlier
releases will continue to support BMP version 1, as defined in Internet draft
draft-ietf-grow-bmp-01. Junos OS Release 13.3 and later support only the updated
BMP version 3 defined in Internet draft draft-ietf-grow-bmp-07.txt. This also means
thatbeginning in JunosOSRelease 13.3,BMPversion3configurationsarenotbackwards
compatible with BMP version 1 configurations from earlier Junos OS releases.
RelatedDocumentation
New and Changed Features on page 13•
• Changes in Behavior and Syntax on page 35
• Known Behavior on page 41
• Known Issues on page 42
• Documentation Updates on page 48
• Product Compatibility on page 57
Product Compatibility
• Hardware Compatibility on page 58
57Copyright © 2014, Juniper Networks, Inc.
Product Compatibility
Hardware Compatibility
To obtain information about the components that are supported on the devices, and
special compatibility guidelineswith the release, see theHardwareGuideand the Interface
Module Reference for the product.
To determine the features supported onM Series, MX Series, and T Series devices in this
release, use the Juniper Networks Feature Explorer, a Web-based application that helps
you to explore and compare Junos OS feature information to find the right software
release and hardware platform for your network. Find Feature Explorer at:
http://pathfinder.juniper.net/feature-explorer/
RelatedDocumentation
New and Changed Features on page 13•
• Changes in Behavior and Syntax on page 35
• Known Issues on page 42
• Known Behavior on page 41
• Documentation Updates on page 48
• Migration, Upgrade, and Downgrade Instructions on page 49
Copyright © 2014, Juniper Networks, Inc.58
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
Junos OS Release Notes for PTX Series Packet Transport Routers
These releasenotesaccompany JunosOSRelease 13.3R1 for thePTXSeries.Theydescribe
newandchanged features, limitations, andknownand resolvedproblems in thehardware
and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation
webpage, located at http://www.juniper.net/techpubs/software/junos/.
• New and Changed Features on page 59
• Changes in Behavior and Syntax on page 64
• Known Issues on page 65
• Documentation Updates on page 67
• Migration, Upgrade, and Downgrade Instructions on page 67
• Product Compatibility on page 70
New and Changed Features
This section describes the new features and enhancements to existing features in Junos
OS Release 13.3R1 for the PTX Series.
• Hardware on page 59
• Class of Service (CoS) on page 61
• General Routing on page 61
• High Availability (HA) and Resiliency on page 61
• Interfaces and Chassis on page 61
• Netwok Management and Monitoring on page 63
• Routing Protocols on page 63
• Software Installation and Upgrade on page 63
Hardware
• PTX3000PacketTransportRouter—TheJuniperNetworksPTX3000PacketTransportRouter provides 10-Gigabit Ethernet, 40-Gigabit Ethernet, and 100-Gigabit Ethernet
interfaces for large networks and network applications, such as those supported by
ISPs. The router accommodates up to eight Flexible PIC Concentrators (FPCs), each
of which supports one PIC. The compact design of the PTX3000 router allows up to
four chassis to be installed back-to-back in a single four-post rack. The PTX3000
router can be configured with single-phase AC or DC power supply modules.
[See the PTX3000 Packet Transport Router Hardware Guide.]
• CFP-GEN2-CGE-ER4 and CFP-GEN2-100GBASE-LR4 (PTX5000)—TheCFP-GEN2-CGE-ER4 transceiver (part number: 740-049763) provides a duplex LC
connector and supports the 100GBASE-ER4 optical interface specification and
monitoring. The CFP-GEN2-100GBASE-LR4 transceiver (part number: 740-047682)
provides a duplex LC connector and supports the 100GBASE-LR4 optical interface
59Copyright © 2014, Juniper Networks, Inc.
Junos OS Release Notes for PTX Series Packet Transport Routers
specificationandmonitoring. Starting in JunosOSRelease 13.3, the “GEN2”optics have
been redesigned with newer versions of internal components for reduced power
consumption. The following interface module supports the CFP-GEN2-CGE-ER4 and
CFP-GEN2-100GBASE-LR4transceivers. Formore informationabout interfacemodules,
see the Interface Module Reference for your router.
• 100-Gigabit Ethernet PIC with CFP (model number:
P1-PTX-2-100GE-CFP)—Supported in Junos OS Release 12.3R5, 13.2R3, 13.3R1, and
later
[See 100-Gigabit Ethernet 100GBASE-R Optical Interface Specifications.]
Copyright © 2014, Juniper Networks, Inc.60
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
Class of Service (CoS)
• Support for strict-priority scheduling (PTX Series)—Beginning with Junos OS Release
13.3, interfaces on PTX Series routers support strict-priority scheduling. Configured
queues are processed in strict-priority order. Within the guaranteed region, multiple
CoS queues that compete in the same hardware-based priority level are selected
based on the packet round-robin algorithm, while within the excess region, selection
is based on theWRR algorithm. The queues receive equal share when they send the
same packet size. Otherwise, the queues receive shares proportional to the respective
packet sizes sent. To enable configuration of strict-priority scheduling for a physical
interface on a PTX Series router, include the strict-priority-scheduler statement in the
traffic control profile associated with the interface.
[See Understanding Scheduling on PTX Series Routers.]
General Routing
• Nonstop active routing support for logical systems (PTX Series)—Starting in Junos
OSRelease 13.3, this featureenablesnonstopactive routing support for logical systems
using the nonstop-routing option under the [edit logical-systems logical-system-name
routing-options] hierarchy. As a result of extending nonstop active routing support for
logical systems, the logical-systems argument has been appended in some show
operational commands to allow display of status, process, and event details.
High Availability (HA) and Resiliency
• Nonstop active routing support for BGP addpath (PTX Series)—Beginning in JunosOS Release 13.3, nonstop active routing support for BGP addpath is available on the
PTX Series. Nonstop active routing support is enabled for the BGP addpath feature.
After the nonstop active routing switchover, addpath-enabled BGP sessions do not
bounce. The secondary Routing Engine maintains the addpath advertisement state
before the nonstop active routing switchover.
Interfaces and Chassis
• FPC self-healing (PTX Series)—Starting in Junos OS Release 13.3, PTX Series routersallow you to configure Packet Forwarding Engine-related error levels (fatal, major, or
minor) and the actions to perform (alarm, disable-pfe, or log) when a specified
threshold is reached.Previously, Packet ForwardingEngine-relatederrorswoulddisable
the FPC. Using this commandPacket Forwarding Engine errors can be isolated thereby
reducing the need for a field replacement. This command is available at the [edit
chassis fpc slot-number] and [edit chassis] hierarchy levels.
• 2-port 100-Gigabit DWDMOTNPIC (PTX3000)—Beginning with Junos OS Release13.3, the 2-port 100-Gigabit dense wavelength division multiplexing (DWDM) optical
transport network (OTN) PIC is supported by Type 5 FPCs on PTX3000 routers. The
100-Gigabit DWDMOTN PIC supports the following features:
• Transparent transport of two 100-Gigabit Ethernet signals with OTU4 framing
• ITU-standard OTN performancemonitoring and alarmmanagement
61Copyright © 2014, Juniper Networks, Inc.
New and Changed Features
• Dual polarization quadrature phase shift keying (DP-QPSK)modulation and
soft-decision forwarderror correction (SD-FEC) for longhaul andmetroapplications
You can use SNMP tomanage the PIC based on RFC 3591,Managed Objects for the
Optical Interface Type.
[See 100-Gigabit Ethernet OTNOptions Configuration Overview.]
• Pre-FEC BER fast reroute (PTX3000)—The 100-Gbps DWDMOTN PIC
(P1-PTX-2-100G-WDM) supports pre-forward error correction (pre-FEC) bit error rate
(BER) monitoring as a condition for MPLS fast reroute (FRR). Pre-FEC BER FRR uses
pre-FEC BER as an indication of the condition of an optical transport network (OTN)
link. When the pre-FEC BER degrade threshold is reached, the PIC stops forwarding
packets to the remote interfaceand raises an interfacealarm. Ingresspackets continue
to be processed. When Pre-FEC BER FRR is used with MPLS FRR or another link
protection method, traffic is then rerouted to a different interface. You can optionally
enable backward FRR to inject local pre-FEC status into the transmitted OTN frames,
notifying the remote interface. The remote interface then reroutes traffic to a different
interface. When you use pre-FEC BER FRR and backward FRR, notification of signal
degradation and rerouting of traffic can occur in less time than through a Layer 3
protocol.
[See 100-Gigabit Ethernet OTNOptions Configuration Overview.]
• Support for configuring interface alias names (PTX Series)—Beginning in Junos OSRelease 13.3, you can configure a textual description of a physical interface or the
logical unit of an interface to be the alias of an interface name. If you configure an
interface alias, this alias name is displayed in the output of the show interfaces
commands instead of the interface name. Also, in the output of all of the show and
operational mode commands that display the interface names, the alias name is
displayed instead of the interface name if you configure the alias name. It has no effect
on theoperationof the interfaceon the router or switch.Youcanuse thealias statement
at the [edit interfaces interface-name], [edit interfaces interface-name unit
logical-unit-number], and [edit logical-systems logical-system-name interfaces
interface-name unit logical-unit-number] hierarchy levels to specify an interface alias.
[See Interface Alias NameOverview]
• Support for active flowmonitoring version 9 (PTX5000 routers withCSE2000)—Starting with Junos OS Release 13.3, Carrier-Grade Service Engine(CSE2000) supports active flowmonitoring version 9 on PTX5000 routers.
TheCSE2000 is tethered toaPTX5000router toenableactive flowmonitoringversion
9.Active flowmonitoring version9 supports IPV4,MPLS, and IPV6 templates to collect
a set of sampled flows and send the records to a specified host.
Copyright © 2014, Juniper Networks, Inc.62
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
NetwokManagement andMonitoring
• Support for BFD over child links of AE or LAG bundle (cross-functional PacketForwarding Engine/kernel/rpd) (PTX Series)—Beginning in Junos OS Release 13.3,BFDover child links of anAEor LAGbundle is supportedon thePTXSeries. This feature
provides a Layer 3 BFD liveness detection mechanism for child links of the Ethernet
LAG interface. You can enable BFD to run on individual member links of the LAG to
monitor theLayer 3or Layer 2 forwardingcapabilitiesof individualmember links. These
micro BFD sessions are independent of each other despite having a single client that
manages the LAG interface. To enable failure detection for aggregated Ethernet
interfaces, include the bfd-liveness-detection statement at the [edit interfaces aex
aggregated-ether-options bfd-liveness-detection] hierarchy level.
[See Understanding Independent Micro BFD Sessions for LAG .]
Routing Protocols
• Bidirectional PIM support (PTX5000)—Beginning with Junos OS Release 13.3,bidirectional PIM is supported on the PTX5000. The following caveats are applicable
for the bidrectional PIM configuration on the PTX 5000:
• The PTX5000 can be configured both as a bidirectional PIM rendezvous point and
the source node.
• For the PTX5000, you can configure the auto-rp statement at the [edit protocols
pimrp]or the [edit routing-instances routing-instance-nameprotocolspimrp]hierarchy
level with themapping option, but not the announce option.
• The PTX5000 does not support nonstop active routing in Junos OS Release 13.3.
• ThePTX5000does not support unified in-service software upgrade (ISSU) in Junos
OS Release 13.3.
Software Installation and Upgrade
• Unified ISSU support for the 100-Gbps DWDMOTNPIC (PTX5000)—Starting inJunosOSRelease 13.3, the 100-GbpsDWDMOTNPIC(P1-PTX-2-100G-WDM)supports
unified in-service software upgrade (ISSU) onPTX5000 routers. Unified ISSUenables
you to upgrade between two different Junos OS releases with no disruption on the
control plane and with minimal disruption of traffic.
[See Unified ISSU System Requirements.]
RelatedDocumentation
Changes in Behavior and Syntax on page 64•
• Known Issues on page 65
• Documentation Updates on page 67
• Migration, Upgrade, and Downgrade Instructions on page 67
• Product Compatibility on page 70
63Copyright © 2014, Juniper Networks, Inc.
New and Changed Features
Changes in Behavior and Syntax
This section lists the changes in behavior of JunosOS features and changes in the syntax
of JunosOSstatementsandcommands fromJunosOSRelease 13.3R1 for thePTXSeries.
• Routing Protocols on page 64
• User Interface and Configuration on page 64
Routing Protocols
• Starting in Junos OS 14.1, Junos OSwill modify the default BGP extended community
value used for MVPN IPv4 VRF route import (RT-import) to the IANA-standardized
value. Thus, the default behavior will change such that the behavior of the
mvpn-iana-rt-import statement will become the default. Themvpn-iana-rt-import
statement will be depricated and should be removed from configurations.
User Interface and Configuration
• User-defined identifiersusingthereservedprefix junos-nowcorrectlycauseacommiterror in the CLI (PTXSeries)—Junos OS reserves the prefix junos- for the identifiers ofconfigurations defined within the junos-defaults configuration group. User-defined
identifiers cannot start with the string junos-. If you configured user-defined identifiers
using the reserved prefix through a NETCONF or Junos XML protocol session, the
commit would correctly fail. Prior to Junos OS Release 13.3, if you configured
user-defined identifiers through the CLI using the reserved prefix, the commit would
incorrectly succeed. Junos OS Release 13.3 and later releases exhibit the correct
behavior. Configurations that currently contain the reserved prefix for user-defined
identifiers other than junos-defaults configuration group identifiers will now correctly
result in a commit error in the CLI.
• Change in show version command output (PTX Series)—Beginning in Junos OSRelease 13.3, the show version command output includes the new Junos field that
displays the Junos OS version running on the device. This new field is in addition to the
list of installed sub-packages running on the device that also display the Junos OS
version number of those sub-packages. This field provides a consistent means of
identifying the Junos OS version, rather than extracting that information from the list
of installed sub-packages. In the future, the list of sub-packages might not be usable
for identifying the JunosOS version running on the device. This change in outputmight
impact existing scripts that parse information from the show version command.
In Junos OS Release 13.2 and earlier, the show version command does not have the
single Junos field in theoutput thatdisplays the JunosOSversion runningon thedevice.
Copyright © 2014, Juniper Networks, Inc.64
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
The only way to determine the Junos OS version running on the device is to review the
list of installed sub-packages.
Junos OS Release 13.3 and Later ReleasesWith the JunosField
Junos OS Release 13.2 and Earlier ReleasesWithout theJunos Field
user@host> show versionHostname: lab Model: ptx5000 Junos: 13.3R1.4JUNOS Base OS boot [13.3R1.4] JUNOS Base OS Software Suite [13.3R1.4] JUNOS 64-bit Kernel Software Suite [13.3R1.4]JUNOS Crypto Software Suite [13.3R1.4]...
user@host> show versionHostname: lab Model: ptx5000 JUNOS Base OS boot [12.3R2.5]JUNOS Base OS Software Suite [12.3R2.5]JUNOS 64–bit Kernel Software Suite [12.3R2.5]JUNOS Crypto Software Suite [12.3R2.5]...
[See show version.]
• In all supported Junos OS releases, regular expressions can no longer be configured if
they require more than 64MB of memory or more than 256 recursions for parsing.
This change in the behavior of Junos OS is in line with the Free BSD limit. The change
wasmade in response to a known consumption vulnerability that allows an attacker
to cause a denial of service (resource exhaustion) attack by using regular expressions
containing adjacent repetition operators or adjacent bounded repetitions. Junos OS
uses regular expressions in several placeswithin theCLI. Exploitationof this vulnerability
can cause the Routing Engine to crash, leading to a partial denial of service. Repeated
exploitation can result in an extendedpartial outageof services providedby the routing
process (rpd).
RelatedDocumentation
New and Changed Features on page 59•
• Known Issues on page 65
• Documentation Updates on page 67
• Migration, Upgrade, and Downgrade Instructions on page 67
• Product Compatibility on page 70
Known Issues
This section lists the known issues in hardware and software in Junos OS Release 13.3R1.
The identifier following the description is the tracking number in the Juniper Networks
Problem Report (PR) tracking system.
• Hardware
• General Routing
• Interfaces and Chassis
• IPv6
• MPLS
65Copyright © 2014, Juniper Networks, Inc.
Known Issues
• Routing Protocols
• VLAN Infrastructure
Hardware
• CCG configuration change does not reprogram hardware automatically. PR896226
General Routing
• "rnh_get_forwarding_nh: RNH type 1 unexpected" kernel error messages observed.
PR866282
Interfaces and Chassis
• Having IGMPenabledon the fxp0 interfacecancauseadiscardnext hop tobe installed
for 224/4 routes. To solve this issue, disableprotocols on fxp0anddeactivateprotocols
(for example: IGMP, LDP). After that, activate the protocols again. PR601619
• When the FlexiblePICConcentrator (FPC) restartedafter performingamaster Routing
Engine switchover, theaggregate interface flagwasset todown.Any traffic that entered
this FPC and traversed the equal-cost multipath (ECMP) to the aggregate interface
was dropped. PR809383
IPv6
• PTX Series drops packets containing same source and destination IP due to LAND
attack check. 934364
MPLS
• In rare scenarios, the routing protocol process can fail to read themesh-group
information from the kernel, which might result in the VPLS connections for that
routing-instance to stay in MI (Mesh-Group ID not available) state. The workaround is
to deactivate/activate the routing-instance. PR892593
Routing Protocols
• Distributedprotocol adjacencies (LFM/BFD/etc)might experienceadelay in keepalives
transmission and/or processing due to prolonged CPU usage on the FPCmicrokernel
on the PTX5000. The delay in keepalive transmission/processing can result in a
mis-diagnosis of a link fault by the peer devices. The issue is seen several seconds after
the Routing Engine mastership switch with nonstop active routing enabled. The fault
condition will clear after a couple of minutes. PR849148
• ForbidirectionalPIM, the showmulticaststatistics commanddoesnotdisplay the input
counters. This is because a bidirectional route associates with multiple incoming
interfaces (iif's). The statistics are collectedpermroute, and thepacket for bidirectional
groups might come in from any of the iif's. There is no way to impose the incoming
traffic of the route to one of the iif's. PIM-SM, on the other hand, has only one iif per
mroute, and hence the incoming counters are displayed for all PIM-SM routes.
PR865694
Copyright © 2014, Juniper Networks, Inc.66
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
VLAN Infrastructure
• Commits less than 3minutes apart with per-vlan-queuing configuration should be
avoided, as this might lead to interrupts or undesirable side effects. PR897601
RelatedDocumentation
New and Changed Features on page 59•
• Changes in Behavior and Syntax on page 64
• Documentation Updates on page 67
• Migration, Upgrade, and Downgrade Instructions on page 67
• Product Compatibility on page 70
Documentation Updates
This section lists the errata and changes in Junos OS Release 13.3R1 documentation for
the PTX Series.
• VPWS Feature Guide for Routing Devices on page 67
VPWS Feature Guide for Routing Devices
• In JunosOSRelease 13.3, the Layer 2Circuits FeatureGuide for RoutingDeviceshasbeen
renamed VPWS Feature Guide for Routing Devices. VPWS content has been added to
this guide, and has been removed from the VPLS Feature Guide for Routing Devices.
RelatedDocumentation
New and Changed Features on page 59•
• Changes in Behavior and Syntax on page 64
• Known Issues on page 65
• Migration, Upgrade, and Downgrade Instructions on page 67
• Product Compatibility on page 70
Migration, Upgrade, and Downgrade Instructions
This sectioncontains theprocedure toupgrade JunosOS,and theupgradeanddowngrade
policies for Junos OS for the PTX Series. Upgrading or downgrading Junos OS can take
several hours, depending on the size and configuration of the network.
• Upgrading Using ISSU on page 67
• Upgrading a Router with Redundant Routing Engines on page 68
• Basic Procedure for Upgrading to Release 13.3 on page 68
Upgrading Using ISSU
Unified in-service softwareupgrade (ISSU)enables you toupgradebetween twodifferent
Junos OS releases with no disruption on the control plane and with minimal disruption
of traffic. Unified in-service software upgrade is only supported by dual Routing Engine
67Copyright © 2014, Juniper Networks, Inc.
Documentation Updates
platforms. In addition, graceful Routing Engine switchover (GRES) and nonstop active
routing (NSR)must be enabled. For additional information about using unified in-service
software upgrade, see the High Availability Feature Guide for Routing Devices.
Upgrading a Router with Redundant Routing Engines
If the router has two Routing Engines, perform a Junos OS installation on each Routing
Engine separately to avoid disrupting network operation as follows:
1. Disable graceful Routing Engine switchover (GRES) on themaster Routing Engine
and save the configuration change to both Routing Engines.
2. Install the new Junos OS release on the backup Routing Engine while keeping the
currently running software version on themaster Routing Engine.
3. After making sure that the new software version is running correctly on the backup
RoutingEngine, switchover to thebackupRoutingEngine toactivate thenewsoftware.
4. Install the new software on the original master Routing Engine that is now active as
the backup Routing Engine.
For the detailed procedure, see the Installation and Upgrade Guide.
Basic Procedure for Upgrading to Release 13.3
When upgrading or downgrading Junos OS, use the jinstall package. For information
about the contents of the jinstall package and details of the installation process, see the
Installation and Upgrade Guide. Use other packages, such as the jbundle package, only
when so instructed by a Juniper Networks support representative.
NOTE: Backupthe file systemandthecurrentlyactive JunosOSconfigurationbefore upgrading Junos OS. This allows you to recover to a known, stableenvironment if the upgrade is unsuccessful. Issue the following command:
user@host> request system snapshot
NOTE: The installation process rebuilds the file system and completelyreinstalls Junos OS. Configuration information from the previous softwareinstallation is retained, but the contents of log files might be erased. Storedfiles on the router, suchas configuration templatesandshell scripts (theonlyexceptions are the juniper.conf and ssh files),might be removed. To preservethe stored files, copy them to another system before upgrading ordowngrading the routing platform. For more information, see the Junos OS
Administration Library for Routing Devices.
Copyright © 2014, Juniper Networks, Inc.68
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
NOTE: We recommend that you upgrade all software packages out of bandusing the console because in-band connections are lost during the upgradeprocess.
Thedownloadand installationprocess for JunosOSRelease 13.3 isdifferent fromprevious
Junos OS releases.
1. Using aWeb browser, navigate to the All Junos Platforms software download URLon the Juniper Networks webpage:
http://www.juniper.net/support/downloads/
2. Select thenameof the JunosOSplatformfor thesoftware that youwant todownload.
3. Select the release number (the number of the software version that you want to
download) from the Release drop-down list to the right of the Download Softwarepage.
4. Select the Software tab.
5. In the Install Package section of the Software tab, select the software package forthe release.
6. Log in to the Juniper Networks authentication system using the username (generally
your e-mail address) and password supplied by Juniper Networks representatives.
7. Review and accept the End User License Agreement.
8. Download the software to a local host.
9. Copy the software to the routing platform or to your internal software distribution
site.
10. Install the new jinstall package on the router.
NOTE: After you install a Junos OS Release 13.3 jinstall package, youcannot issue the request system software rollback command to return tothe previously installed software. Instead youmust issue the requestsystem software add validate command and specify the jinstall packagethat corresponds to the previously installed software.
The validate option validates the software package against the current configuration
as a prerequisite to adding the software package to ensure that the router reboots
successfully. This is the default behavior when the software package being added is
a different release. Adding the reboot command reboots the router after the upgrade
is validated and installed. When the reboot is complete, the router displays the login
prompt. The loading process can take 5 to 10minutes. Rebooting occurs only if the
upgrade is successful.
Customers in the United States and Canada, use the following command:
user@host> request system software add validate rebootsource/jinstall-13.3R11-domestic-signed.tgz
69Copyright © 2014, Juniper Networks, Inc.
Migration, Upgrade, and Downgrade Instructions
All other customers, use the following command:
user@host> request system software add validate rebootsource/jinstall-13.3R11-export-signed.tgz
Replace the sourcewith one of the following values:
• /pathname—For a software package that is installed from a local directory on the
router.
• For software packages that are downloaded and installed from a remote location:
• ftp://hostname/pathname
• http://hostname/pathname
• scp://hostname/pathname (available only for Canada and U.S. version)
The validate option validates the software package against the current configuration
as a prerequisite to adding the software package to ensure that the router reboots
successfully. This is the default behavior when the software package being added is
a different release.
Adding the reboot command reboots the router after the upgrade is validated and
installed. When the reboot is complete, the router displays the login prompt. The
loading process can take 5 to 10minutes.
Rebooting occurs only if the upgrade is successful.
NOTE: After you install a Junos OS Release 13.3 jinstall package, you cannot
issue the requestsystemsoftwarerollbackcommandto return to thepreviously
installed software. Instead youmust issue the request system software add
validate command and specify the jinstall package that corresponds to the
previously installed software.
RelatedDocumentation
New and Changed Features on page 59•
• Changes in Behavior and Syntax on page 64
• Known Issues on page 65
• Documentation Updates on page 67
• Product Compatibility on page 70
Product Compatibility
• Hardware Compatibility on page 70
Hardware Compatibility
To obtain information about the components that are supported on the devices, and
special compatibility guidelineswith the release, see theHardwareGuideand the Interface
Module Reference for the product.
Copyright © 2014, Juniper Networks, Inc.70
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
Todetermine the features supportedonPTXSeriesdevices in this release, use the Juniper
Networks Feature Explorer, a Web-based application that helps you to explore and
compare Junos OS feature information to find the right software release and hardware
platform for your network. Find Feature Explorer at:
http://pathfinder.juniper.net/feature-explorer/
RelatedDocumentation
New and Changed Features on page 59•
• Changes in Behavior and Syntax on page 64
• Known Issues on page 65
• Documentation Updates on page 67
• Migration, Upgrade, and Downgrade Instructions on page 67
71Copyright © 2014, Juniper Networks, Inc.
Product Compatibility
Third-Party Components
This product includes third-party components. To obtain a complete list of third-party
components, see Copyright and Trademark Information.
For a list of open source attributes for this Junos OS release, seeOpen Source: Source
Files and Attributions.
FindingMore Information
For the latest, most complete information about known and resolved issues with Junos
OS, see the Juniper Networks Problem Report Search application at:
http://prsearch.juniper.net .
Juniper Networks Feature Explorer is aWeb-based application that helps you to explore
and compare Junos OS feature information to find the correct software release and
hardware platform for your network. Find Feature Explorer at:
http://pathfinder.juniper.net/feature-explorer/.
Juniper Networks Content Explorer is aWeb-based application that helps you explore
Juniper Networks technical documentation by product, task, and software release, and
download documentation in PDF format. Find Content Explorer at:
http://www.juniper.net/techpubs/content-applications/content-explorer/.
Documentation Feedback
We encourage you to provide feedback, comments, and suggestions so that we can
improve the documentation. You can send your comments to
[email protected], or fill out the documentation feedback form at
https://www.juniper.net/cgi-bin/docbugreport/ . If you are using e-mail, be sure to include
the following information with your comments:
• Document or topic name
• URL or page number
• Software release version (if applicable)
Requesting Technical Support
Technical product support is available through the JuniperNetworksTechnicalAssistance
Center (JTAC). If you are a customer with an active J-Care or JNASC support contract,
or are covered under warranty, and need postsales technical support, you can access
our tools and resources online or open a case with JTAC.
• JTAC policies—For a complete understanding of our JTAC procedures and policies,
review the JTAC User Guide located at
http://www.juniper.net/customers/support/downloads/710059.pdf .
Copyright © 2014, Juniper Networks, Inc.72
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series
• Product warranties—For product warranty information, visit
http://www.juniper.net/support/warranty/.
• JTAC Hours of Operation —The JTAC centers have resources available 24 hours a day,
7 days a week, 365 days a year.
Self-Help Online Tools and Resources
For quick and easy problem resolution, Juniper Networks has designed an online
self-service portal called the Customer Support Center (CSC) that provides youwith the
following features:
• Find CSC offerings: http://www.juniper.net/customers/support/
• Search for known bugs: http://www2.juniper.net/kb/
• Find product documentation: http://www.juniper.net/techpubs/
• Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/
• Download the latest versions of software and review release notes:
http://www.juniper.net/customers/csc/software/
• Search technical bulletins for relevant hardware and software notifications:
http://kb.juniper.net/InfoCenter/
• Join and participate in the Juniper Networks Community Forum:
http://www.juniper.net/company/communities/
• Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/
Toverify serviceentitlementbyproduct serial number, useourSerialNumberEntitlement
(SNE) Tool located at https://tools.juniper.net/SerialNumberEntitlementSearch/.
Opening a Casewith JTAC
You can open a case with JTAC on theWeb or by telephone.
• Use the Case Management tool in the CSC at http://www.juniper.net/cm/ .
• Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).
For international or direct-dial options in countries without toll-free numbers, visit us at
http://www.juniper.net/support/requesting-support.html .
If you are reporting a hardware or software problem, issue the following command from
the CLI before contacting support:
user@host> request support information | save filename
To provide a core file to Juniper Networks for analysis, compress the file with the gzip
utility, rename the file to include your company name, and copy it to
ftp.juniper.net/pub/incoming. Then send the filename, along with software version
information (the output of the show version command) and the configuration, to
[email protected]. For documentation issues, fill out the bug report form located at
https://www.juniper.net/cgi-bin/docbugreport/.
73Copyright © 2014, Juniper Networks, Inc.
Requesting Technical Support
Revision History
20March 2014—Revision 5, Junos OS Release 13.3R1– EX Series, M Series, MX Series,
PTX Series, and T Series.
27 February 2014—Revision 4, Junos OS Release 13.3R1– EX Series, M Series, MX Series,
PTX Series, and T Series.
6 February 2014—Revision 3, Junos OS Release 13.3R1– EX Series, M Series, MX Series,
PTX Series, and T Series.
30 January 2014—Revision 2, Junos OS Release 13.3R1– EX Series, M Series, MX Series,
PTX Series, and T Series.
23 January 2014—Revision 1, Junos OS Release 13.3R1– EX Series, M Series, MX Series,
PTX Series, and T Series.
Copyright © 2014, Juniper Networks, Inc. All rights reserved.
Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the UnitedStates and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All othertrademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,transfer, or otherwise revise this publication without notice.
Copyright © 2014, Juniper Networks, Inc.74
Release Notes: Junos OS Release 13.3R1 for the EX Series, M Series, MX Series, PTX Series, and T Series