JUNOSe 10.2.2 Release Notes
24
Known Behavior
During a warm restart after a system failover, the SRP module can take several
minutes to resume the normal exchange of UDP/IP packets to applications.
During this restart time, the E Series router does not send or receive dead peer
detection (DPD) keepalives, which are used to verify connectivity between the
router and its peers. The length of the restart time depends on the number of
interfaces—if the restart time is too long, remote peers might determine that
the connection from them to the E Series router is broken and then shut down
an IPSec tunnel that has DPD enabled. In the worst case, all IPSec tunnels
might be shut down. [Defect ID 65132]
IS-IS
When IS-IS is configured on a static PPP interface, the IS-IS neighbor does not
come up if you remove the IP address from the interface and then add the IP
address back to the interface.
Work-around:
When you remove and add back the IP address, you must also
remove the IS-IS configuration from the interface and then add the
configuration back to the interface by issuing the
no router isis
and
router isis
commands.
When you run IS-IS on back-to-back virtual routers (VRs) in an
IS-IS-over-bridged-Ethernet configuration and do not configure different IS-IS
priority levels on each VR, a situation can occur in which both VRs elect
themselves as the designated intermediate system (DIS) for the same network
segment.
This situation occurs because the router uses the same MAC address on all
bridged Ethernet interfaces by default. When both VRs have the same (that is,
the default) IS-IS priority level, the router must use the MAC address assigned to
each interface to determine which router becomes the DIS. Because each
interface in an IS-IS-over-bridged-Ethernet configuration uses the same MAC
address, however, the router cannot properly designate the DIS for the network
segment. As a result, both VRs elect themselves as the DIS for the same
network segment, and the configuration fails. [Defect ID 72367]
Work-around:
To ensure proper election of the DIS when you configure IS-IS
over bridged Ethernet for back-to-back VRs, we recommend that you use the
isis network point-to-point
command in Interface Configuration mode to
configure IS-IS to operate using point-to-point (P2P) connections on a broadcast
circuit when only two routers (or, in this case, two VRs) are on the circuit.
Issuing this command tears down the current existing IS-IS adjacency in that
link and reestablishes a new adjacency.
L2TP
NAT dynamic translation generation affects the LNS session creation time.
When NAT dynamic translations and LNS sessions are created simultaneously,
NAT dominates the CPU cycles of the tunnel-service module, resulting in a delay
in the LNS session creation rate. The LNS session creation rate returns to its
normal rate when NAT dynamic translations are no longer being generated.
[Defect ID 53191]
Work-around:
When signaling performance must be optimal, avoid the
simultaneous configuration of NAT and LNS.