Release Highlights
Highlights include the following features.
SRC CLI
The CLI lets you configure and monitor the SRC software. However, the CLI does not let you perform system-level tasks on Solaris servers. For example, you cannot configure interfaces, Network Time Protocol (NTP), or Intelligent Platform Management Interface (IPMI). You also cannot install or restore installed software.
The CLI lets you perform the following tasks for the SRC software:
- Configure policies, services, subscribers, and subscriptions.
- Discover all manageable network elements on a subnet.
- Manage CLI settings.
- Manage configurations.
- Navigate in the CLI.
- Work with files.
- Configure user access.
C-Web Interface
The C-Web interface lets you configure the SRC software, manage SRC components, and diagnose NIC resolution problems. Use items in the Configure, Diagnose, and Manage menus to complete tasks.
The position of configuration and management items in the C-Web interface parallels the structure of the SRC CLI to promote ease-of-use between the two interfaces. The SRC-PE C-Web Interface Configuration Guide contains SRC configuration information.
The C-Web interface enables you to monitor the SRC software. Use items in the Monitor menu to complete tasks.
The SRC-PE Monitoring and Troubleshooting Guide contains monitoring information for core SRC components. Monitoring information for the SRC-ACP is located in the SRC-PE Network Guide. Monitoring information for solutions such as JPS is located in the SRC-PE Solutions Guide.
Before you can use the C-Web interface, configure access to the C-Web interface and then enable it with the SRC CLI. To enable the C-Web interface with the SRC CLI, in operational mode enter the following command:
user@host> enable component webadm
For general information about the C-Web interface, see Accessing and Starting the C-Web Interface in the SRC-PE Getting Started Guide.
ACP
ACP now allocates bandwidth at authorization time and subtracts the requested bandwidth from the congestion point counters. The requested bandwidth remains available unless the service is not started or until the service stops. This change improves bandwidth allocation in instances when several service activation requests occur simultaneously.
Configuration Tools
The SDX Configuration Editor has been removed from the product. You can use the new configuration features in the C-Web interface and the CLI to configure the SRC software.
Data Integration Suite
The data integration suite is no longer included in the SRC software. In previous releases, you could develop data integrators that read your data from a storage medium, and write the data to a directory for use with the SRC software.
File Monitor Command
You can now display online updates of a file from the CLI. The new CLI command is:
To stop the display, press Ctrl+C.
Juniper Networks Database
The Juniper Networks database now runs on Solaris platforms to support SRC installations on those platforms. You no longer need to integrate a third-party directory with the SRC software on a Solaris platform to hold SRC configuration data.
The Juniper Networks database can store SRC data, SRC sample data, SRC configuration information, and a number of subscriber profiles. You store subscriber data in another database.
You configure the database from the SRC software. In testing environments, you can configure the database to run in standalone mode. In a production environment, you configure the database to run in community mode to distribute data changes among a set of specified databases.
NIC
The SRC CLI supports the same NIC functionality except for SAE plug-in agent redundancy, OnePopAssignedIp configuration scenario, and router access agents. The SRC CLI does not support configuration for NIC host redundancy; use NIC replication.
PacketCable Multimedia (PCMM)
The SRC CLI supports the same PCMM functionality, including the Juniper Policy Server (JPS), but not including securing of the management connection between PCMM components through IPSec.
In addition, the JPS now has MIB support.
Policies, Subscribers, and Subscriptions
To enable the configuration of these components with the SRC CLI, in operational mode enter the following command:
user@host> enable component editor
If you use the SRC CLI on more than one system, we recommend that you enable the policy, service, and subscriber editor on only one system on your network. If you enable the editor on multiple systems, there is a risk that configuration changes will conflict. In this case, the second edit that is committed is lost.
You can also continue to use Policy Editor and SDX Admin. However, you cannot use these tools concurrently.
Services
The SRC CLI supports four types of services—normal policy-based services, aggregate services, infrastructure services, and script services. It also supports service schedules.
The SRC CLI does not support outsourced services, access services, or RADIUS services that are provided in the SDX software.
Subscribers and Subscriptions
In the SRC CLI, managers replace operators that are supported in other SDX software applications.
The SRC CLI does not support subscriptions to outsourced, RADIUS, or access services, but does support subscriptions to accesses.
Policies
The SRC policy software supports all the functionality available through other SDX applications.
The SRC policy software supports policies on JUNOSe routers that are running IPv4 or IPv6. For JUNOSe routers, there are two types of policies:
- IPv4—Supports policies on JUNOSe routers that are running IPv4. Any existing policies configured for JUNOSe routers will be saved as IPv4 policies when you first open them for this release.
- IPv6—Supports policies on JUNOSe routers that are running IPv6.
For IPv6 policies, the SRC software supports the following actions:
When configuring classify-traffic conditions for IPv6 policies, the SRC software supports all the IPv4 conditions except the following:
- IP flags such as IP flags, IP flags mask, and fragmentation offset
- Whether packets are matched with the protocol that is either equal or not equal to the specified protocol for port-related protocols
- Whether packets are matched with an IP address that is equal or not equal to the specified address and mask for source or destination networks; enter the IPv6 address with an IP mask in prefix length format
- IGMP conditions
RADIUS Support
The SRC product no longer includes Merit RADIUS. We provide the Juniper Networks Steel-Belted Radius/Service Provider Edition (SPE) software for use as the RADIUS server. If you do not have a valid license string, you can install the Steel-Belted Radius/SPE software as a 30-day evaluation package.
You must have the JNPRsbrsp.pkg and UMCsbrspa.pkg to install and integrate the Steel-Belted Radius/SPE software. You install the Steel-Belted Radius/SPE software on a Solaris system; it does not run on a C-series Controller.
SAE
JUNOSe routers maintain state information, which allows an active, managing SAE to reconnect to a router without performing a data resynchronization in the following instances:
- The network connection between the SAE and the JUNOSe router is disrupted, and the router reconnects to the SAE.
- For JUNOSe routers with high availability configured, when the secondary SRP takes control from a failed SRP it can reconnect to the SAE.
You can specify that LDAPS be used for a connection between an SAE and a router by specifying the directory context in a router initialization script. The router initialization script continues to supply LDAPS in the directory context if the SAE uses LDAPS to connect to a directory that contains service or subscriber data.
You can now configure one SAE to act as a standby, or redundant SAE, for an active SAE. The standby SAE receives replicated state and session data. If an active SAE, or connection between an SAE and a router fails, the standby SAE becomes the active SAE. Typically, failover to a standby SAE is faster than failover to a passive SAE.
Sample Data Loading
The request system ldap load command has new options:
-
merge—Load sample data for new entries (including deleted entries) from the specified file. -
replace—Load sample data for all entries from the specified file. This option will overwrite all existing entries.
If you do not specify an option, the default value is merge.
Script Service
The SAE can use change-of-authorization (CoA) messages to manage services for a specific subscriber session. The CoA script service allows the SAE to exchange CoA messages with third-party devices that are not supported natively by the SAE to activate or deactivate services for specific subscriber sessions.
SNMP
The SRC CLI for the SNMP agent supports all the SNMP functionality provided in the SDX software.
In addition, the MIBs have been updated, including modifications to a number of index values. Verify the index information for the MIBs that you are monitoring to ensure that your SNMP monitoring system can access the MIBs.