Table of Contents
Advertisement
JUNOSe 11.1.x Service Availability Configuration Guide
Freezing the DoS protection state prevents any active control flows from interfering
with the system while the unified ISSU is in progress. However, no new control flows,
protocols, or priorities are monitored for suspicious activity, and no suspicious activity
can be detected until the upgrade is completed.
NOTE: Because of this limitation on DoS functionality, we recommend that you do
not initiate unified ISSU until all suspicious control flows, protocols, and priorities
have been resolved.
When the unified in-service software upgrade is completed, the DoS protection
application resumes attending to all dynamic state that was frozen at the beginning
of the unified ISSU process.
Some suspicious control flows might remain in a suspicious list based on your
configuration, if the upgrade software version has DoS protection classification
algorithms that are better or different than in the previous version. Because flows
are discovered and monitored at 1-second intervals, the new conditions might cause
these flows to be removed. You do not need to explicitly clear the flows when unified
ISSU is completed.
Related Topics
Unexpected Ethernet Behavior During Unified ISSU
The following aspects of Ethernet behavior during a unified in-service software
upgrade are different than during normal router operations.
ARP Packets Briefly Not Sent or Received
There is a brief period at the end of the upgrade phase when ARP packets are not
sent or received. This event can affect ARP entries on attached devices that were in
the process of being aged out.
Link Aggregation Interruption
During the unified in-service software upgrade, LACP PDUs are not generated or
received for about 15 seconds on Ethernet ports configured with LACP.
This interruption has no effect on the local side of the link because JUNOSe Software
generates LAC PDU packets every 30 seconds. The link is not declared down unless
packets are missed three times. LACP packet generation continues when the unified
ISSU operation is completed.
If a device on the other end of the link is configured with the short timeout, then the
device is likely to declare the link to be down and remove the link from the LAG
bundle.
82
Unexpected Ethernet Behavior During Unified ISSU
Application Support for Unified ISSU on page 71
Advertisement
Table of Contents
Need help?
Do you have a question about the SERVICE AVAILABILITY - CONFIGURATION GUIDE V 11.1.X and is the answer not in the manual?