SDX 7.1.0 Release Notes > Release 7.1.0 > Known Behavior

Known Behavior

This section describes certain SDX software behaviors and related issues to emphasize how the system works.

ACP and NIC Installation

• If you use the network information collector (NIC) or Admission Control Plug-In (ACP) in your SDX configuration and you install these components on a system that is running a name server, we recommend that you install the COS Naming Service (UMCnaming.pkg) as the name server. The COS Naming Service persistently stores names in the directory.

If either or both of these SDX components reside on the same system as another name server and that system becomes inaccessible, a redundant NIC or ACP is also inaccessible because clients cannot use the name server to resolve addresses and hostnames of the redundant NIC or ACP.

Reference: None

Aggregate Services

• If you use aggregate services and specify a primary username for a subscriber reference expression, note that the configuration scenarios provided with the NIC do not provide a mapping from a primary username to the managing SAE. Consider using the login name instead. If you want to use the primary username as the subscriber reference expression for a fragment service, contact Juniper Networks Professional Services for assistance with setting up the NIC configuration to resolve the primary username to locate the managing SAE.

Reference: None

Configuration Updates

• When you use the load merge, load override, or load replace command at any hierarchy level, the command loads all the configuration in the specified file.

If you want to load the configuration for a specified hierarchy level:

• Ensure that the file contains the sdx:current=true text to identify the level at which the configuration is to be loaded.
• Run a load command with the relative option at the level at which you want to update the configuration.

If a file contains configuration statements other than those at and below the level identified by sdx:current=true, the command disregards the other statements.

If you enter a load command with the relative option and the file does not contain the text sdx:current=true, you receive a message indicating that the configuration cannot be loaded.

Reference: None

• Loading a saved configuration containing invalid data displays syntax error messages.

When you use the save command to save a configuration file, the file can include invalid data. This situation occurs because attributes that are not used in a configuration might be saved with no value in the configuration file. Attributes with no value are equivalent to undefined attributes and result in invalid data errors when you load the saved configuration.

When you use the load merge command to load a saved configuration that contains invalid data, you will see syntax error messages following a caret (^) which indicates the error location. These messages are followed by the Load Merge Complete message. All properly defined attributes are loaded, and the syntax error messages can safely be ignored.

For example, you might see the following error messages when you load a configuration that does not specify required values for options:

                                                         ^

syntax error, expecting <data>.

                                                        ^

syntax error, expecting <data>.

                                                       ^

syntax error, expecting <data>.

                                                                        ^

syntax error, expecting <data>.

                                                                          ^

syntax error, expecting <data>.

                                                                        ^

syntax error, expecting <data>.

                                                                          ^

syntax error, expecting <data>.

                                                          ^

syntax error, expecting <data>.

Load Merge Complete

Reference: TIC 13650

Juniper Networks Database

• Recommendations for use of multiple primary Juniper Networks databases.

We recommend that you configure two to four Juniper Networks databases as primary databases in a community. If you plan to use more than two Juniper Networks databases in a primary role and expect to have frequent updates to the Juniper Networks database, we recommend that you test your application scenario with a projected traffic load. For assistance testing your application scenario, contact Juniper Networks Professional Services or JTAC.

Reference: None

• Juniper Networks databases in community mode require hostname configuration.

If you run Juniper Networks databases in community mode, the Juniper Networks database configured to be part of a community require hostname configuration.

You can either configure Domain Name System (DNS) and enter the hostnames into DNS or configure the names as static hostnames.

Reference: TIC 13364

• Changing the mode of Juniper Networks databases.

When you change the mode of two Juniper Networks databases from standalone to community, and assign one a primary role and the other a secondary role, review the error log in the /var/UMC/jdb/log directory on the primary Juniper Networks database for the following message:

[22/Mar/2007:11:27:15 -0400] agmt="cn=champ2golem.kanlab.jnpr.net" 
(golem:389) - Can't locate CSN 46029ccc000000010000 in the changelog (DB 
rc=-30990). The consumer may need to be reinitialized.

Workaround: If you see a similar message, change the mode of the secondary Juniper Networks database from community to standalone, then back to community.

For information about configuring Juniper Networks databases, see the SRC-PE Getting Started Guide.

Reference: TIC 13371

• Changing the role of a Juniper Networks database.

If you change the role of a Juniper Networks database from primary to secondary, restart the Juniper Networks database after you set the role to secondary. If you do not restart the database, you receive a message similar to the following one at the CLI:

javax.naming.NamingException: [LDAP: error code 1 - Mapping tree node for 
o=umc is set to return a referral, but no referral is configured for it]; 
remaining name 'retailerName=default,o=users,o=UMC'

commit completed with the above exception(s). 

Reference: TIC 13372

• Deleting statements on platforms running a secondary Juniper Networks database.

When you delete statements from the CLI for a Juniper Networks database assigned a secondary role, you can receive a message for ContextNotEmptyException such as:

[edit]

root@golem# commit 

javax.naming.ContextNotEmptyException: 
ou=local,retailerName=ldapcommret1,o=users,o=UMC cannot be deleted

commit completed with the above exception(s).

commit complete.

Workaround: Enter the commands to delete the same statements from a Juniper Networks database assigned a primary role. Whenever you delete statements for a Juniper Networks database, do so from a Juniper Networks database assigned a primary role.

Reference: TIC 13376

JPS

• During startup, the JPS sometimes logs the following stack trace to stderr. This message is harmless and can safely be ignored.

2006-04-24 15:38:48| java.io.InterruptedIOException

2006-04-24 15:38:48|    at java.io.FileOutputStream.writeBytes

(Native Method)

2006-04-24 15:38:48|    at java.io.FileOutputStream.write

(FileOutputStream.java:260)

2006-04-24 15:38:48|    at org.mortbay.util.RolloverFileOutputStream.write

(RolloverFileOutputStream.java:220)

2006-04-24 15:38:48|    at org.mortbay.util.ByteArrayISO8859Writer.writeTo

(ByteArrayISO8859Writer.java:95)

2006-04-24 15:38:48|    at org.mortbay.util.OutputStreamLogSink.log

(OutputStreamLogSink.java:459)

2006-04-24 15:38:48|    at org.mortbay.util.OutputStreamLogSink.log

(OutputStreamLogSink.java:437)

2006-04-24 15:38:48|    at org.mortbay.util.Log.message(Log.java:304)

2006-04-24 15:38:48|    at org.mortbay.util.Log.message(Log.java:234)

2006-04-24 15:38:48|    at org.mortbay.util.Log.event(Log.java:250)

2006-04-24 15:38:48|    at org.mortbay.util.ThreadedServer$Acceptor.run

(ThreadedServer.java:612)

Reference: TIC 11909

Policy Editor

• If you access Policy Editor from an X Windows session through Hummingbird Exceed Version 8.0, you may encounter a problem with text entry in the Parameters pane. When you create a new parameter and type text for the first field in the pane, the text does not appear in the entry field.

Workaround: To access the first entry field:

1. Click the second input field.

The text that you typed appears in the second input field, and the first input field now allows text entry.

2. Enter text in the first input field.

Reference: TIC 10610

SAE

• SAE shared properties in the directory cannot be re-created once they have been deleted.

If you delete the SAE shared properties group in the directory—that is, /SAE/POP-ID—this group cannot be re-created.

Reference: TIC12488

• SAE shared properties cannot be created until local SAE properties are edited for POP-ID.

If you want to use the configuration group POP-ID for the SAE, edit the SAE shared properties at the [edit slot 0 sae] hierarchy level, then the group properties.

Workaround: Configure a group for POP-ID within the SAE. To do so:

1. At the [edit slot 0 sae] hierarchy level, specify POP-ID.

[edit slot 0 sae]

user@host# set shared /SAE/POP-ID

user@host# commit

commit complete.

2. Review the local properties.

user@host# show 

real-portal-address 10.10.4.24;

shared /SAE/POP-ID;

initial { 

  directory-connection { 

    url ldap://127.0.0.1:389/;

    principal cn=ssp,ou=Components,o=Operators,<base>;

    credentials ********;

    blacklist;

  }

  directory-eventing { 

    eventing;

    polling-interval 30;

  }

}

radius { 

  local-address 10.10.4.24;

  local-nas-id SAE.myCseries;

}

3. Change properties as needed (you must change at least one value to create the POP-ID group) and commit the configuration.
4. Configure the group within a shared SAE configuration.

[edit]

user@host# edit shared sae group POP-ID

Reference: TIC12487

• Output for show sae slot 0 statistics process command.

If you run the show sae slot 0 statistics process command shortly after you start the SAE, the CLI may become inoperative.

Workaround: Wait for several minutes after you start the SAE before you run the show sae slot 0 statistics process command. If the CLI becomes inoperative, press Ctrl+c, wait a few seconds, and enter the command again.

Reference: TIC13387

• When system is running under load, the log files might contain the following AssertionError as a result of processing interim accounting updates and a delete request state (DRQ) message for the same interface simultaneously.

2006-06-01 10:05:22| Exception in thread "SessionJobManager-70" 
java.lang.AssertionError: This should not happen, increase deactivation 
counter for never activated service DHCPInternet for user session 
:1149169820651:47349 with PAP LCI=LCI {id=0xAC00E0E3@32779, 
userIp=10.230.114.124, serviceBundle=, primaryUserName=, radiusClass=, 
macAddress=c4:18:00:ce:9d:72, userType=ADDRESS}, SAP=JunosESap { routerName 
= default@cyclops, interfaceName = ip10.230.114.124}

2006-06-01 10:05:22|    at net.juniper.smgt.sae.service.m.a

(ServiceManager.java:374)

2006-06-01 10:05:22|    at net.juniper.smgt.sae.session.ServiceSession.a

(ServiceSession.java:737)

2006-06-01 10:05:22|    at net.juniper.smgt.sae.session.ServiceSession.

deactivate(ServiceSession.java:555)

2006-06-01 10:05:22|    at net.juniper.smgt.sae.session.ServiceSession.

interimUpdate(ServiceSession.java:847)

2006-06-01 10:05:22|    at net.juniper.smgt.sae.session.at.runJob

(InterimServiceJob.java:69)

2006-06-01 10:05:22|    at net.juniper.smgt.lib.scheduler.Job.run

(Job.java:38)

2006-06-01 10:05:22|    at edu.oswego.cs.dl.util.concurrent.Pooled

Executor$Worker.run(PooledExecutor.java:748)

2006-06-01 10:05:22|    at java.lang.Thread.run(Unknown Source)

You can ignore messages similar to the one above.

Reference: TIC 12059

• During synchronization in COPS-PR mode, the JUNOSe router can send delete request state (DRQ) messages for interfaces for which a request (REQ) message has not been received. In this case, the SAE logs an error message similar to the following:

11:30:33.140 EDT 26.08.2005 [CopsHandler-15/0xAC001FCE]

[UnsolicitedMessage] [50] Unable to handle message for 

unknown context: {Message type: 3, 

ClientType: 24754, Handle: Handle(C-Num=1,C-Type=1,handle=0xAC001FCE)

You can ignore messages similar to the one above.

Reference: TIC 10927

• The SAE sometimes prints a stack trace when a Blocks Extensible Exchange Protocol (BEEP) session is being taken down during an administrative change of address of the interface that the JUNOS routing platform uses to connect to the SAE. No data is lost in this procedure. You can safely ignore this exception.

Reference: TIC 9612

• During shutdown the SAE sometimes logs the following stack trace to stderr. This message is harmless and can safely be ignored.

2004-12-24 11:35:25| java.io.InterruptedIOException

2004-12-24 11:35:29|    at java.io.FileOutputStream.write(Native Method)

2004-12-24 11:35:29|    at java.io.FilterOutputStream.write

(FilterOutputStream.java:60)

2004-12-24 11:35:29|    at java.io.FilterOutputStream.write

(FilterOutputStream.java:108)

2004-12-24 11:35:29|    at org.mortbay.util.ByteArrayISO8859Writer.writeTo

(ByteArrayISO8859Writer.java:95)

2004-12-24 11:35:29|    at org.mortbay.util.OutputStreamLogSink.log

(OutputStreamLogSink.java:467)

2004-12-24 11:35:29|    at org.mortbay.util.OutputStreamLogSink.log

(OutputStreamLogSink.java:445)

2004-12-24 11:35:29|    at org.mortbay.util.Log.message(Log.java:297)

2004-12-24 11:35:29|    at org.mortbay.util.Log.message(Log.java:232)

2004-12-24 11:35:29|    at org.mortbay.util.Log.event(Log.java:248)

2004-12-24 11:35:29|    at org.mortbay.util.ThreadedServer$Acceptor.run

(ThreadedServer.java:543)

Reference: TIC 9506

SDX Installation Program

• When you select an item in the list of components, a description for the component appears in the box below the list. If you scroll to another item and select it, a description for an item other than the one selected may appear.

Reference: TIC 10706

Updated Documentation for the NIC

• The SRC-PE Network Guide, Chapter 10, Configuring NIC with the SRC CLI does not show the following new statement:

slot number nic initial {

    scenario-name scenario-name;

}

• Use this statement to specify the name of the NIC scenario that you want to configure, such as OnePop. You no longer specify a static DN in the configuration. The SRC-PE Network Guide, Chapter 10, Configuring NIC with the SRC CLI states that you start the NIC before you configure NIC operating properties. You do not need to start the NIC first. Configure the NIC operating properties for slot 0, and then start the NIC component.

Updated Documentation for the Juniper Networks Database

• The documentation for the request system ldap initialize neighbor command states that the command copies data from a specified neighbor; however, the command copies data to a specified neighbor. The following information is correct:

You can initialize a Juniper Networks database with data from a neighbor. This process takes the following actions on the database to be initialized:

• Removes any existing data
• Copies data from the system on which the request system ldap initialize neighbor command is run

To replace data on a neighbor database (for example, neighbor1):

• On the system that contains the source database to be replicated:

user@host> request system ldap community initialize neighbor1

Reference: TIC 14230

Updated Documentation for CoA Script Service

• In the SRC-PE Solutions Guide, Chapter 15, Managing Services on Third-Party Devices in the SRC Network, the example parameter substitution for the dynconfig parameter in Table 8, Parameter Substitutions for CoA Services, is incorrect. In the example, the svcstart action should be replaced by start and the svcstop action should be replaced by stop.

The following example is correct:

"start-stop.Acct-Session-Id=ifSessionId\nstart.vendor-specific.9.
252.string='\\\\x0bBOD1M'\nstop.vendor-specific.9.252.string=
'\\\\x0cBOD1M'\n"

Reference: TIC 14294