Table of Contents
Advertisement
JunosE 11.3.0 Release Notes
IPSec
26
Known Behavior
When you want to use a configuration script to configure IP shared interfaces that
reference a physical interface, you must issue the service show configuration format
2 command before you generate the script. If the default show configuration format
(format 1) is enabled instead, the generated script cannot properly configure the IP
shared interfaces because they are created before the physical interfaces. To
properly configure the shared interfaces in this event, run the generated format 1
script twice.
IP interface statistics become inconsistent when a slot is reset, because some traffic
(such as control traffic) might be destined for the SRP module and is therefore
counted elsewhere.
When you issue the show ip forwarding-table command for a particular slot, it is
normal and appropriate behavior when the Status field indicates Valid while the
Load Errors field is increasing daily for that VR. The Load Errors field records any
failed routing table distribution attempt as an error. Attempts can fail for many
reasons during normal operation; a failed attempt does not necessarily indicate a
problem. It is normal to see many load errors per day. If the Status field indicates
Invalid, then the routing table distribution has failed constantly for that VR and a real
problem exists. You might occasionally see a status of Updating. However, if the
Status field always indicates Updating, then again the routing table distribution has
failed constantly for that VR, and a real problem exists.
The enhancement to the CLI to support unnumbered reference to any kind of
interface rather than just loopback interfaces has consequences such as the
following: [Defect ID 47743]
If the references to shared interfaces appear in the show configuration output
before the configuration for the interfaces they refer to, trying to restore such a
configuration with a script generated from show configuration generates errors
like the following:
% Error, line 3929:
host1(config-if)#ip share-interface FastEthernet 3/0.2
% No such interface
Unnumbered interfaces that refer to nonloopback interfaces (for example,
ip unnumbered fastEthernet 3/0.2) and that appear in the show configuration
output before the interface referred to might generate similar no such interface
errors.
Work-around: Run the script twice.
When you shut down the only outgoing IP interface to the IP destinations of IPSec
tunnels, the tunnels remain in the up state rather than transitioning to down. As a
consequence, all IP routes that use these tunnels as next hops also remain in the
routing table. You can use dead keepalive detection (DPD) to avoid this situation.
DPD must be active, which requires both IPSec tunnel endpoints to support DPD.
When the LAC–to–LNS data path runs over an MPLS tunnel and the MPLS tunnel
originates or terminates at the LAC on an ES2 10G LM or an ES2 10G Uplink LM, the
L2TP data traffic that originated or terminated at the LAC is discarded.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
