Steel-Belted Radius® Carrier Release Notes -
Transcript of Steel-Belted Radius® Carrier Release Notes -
Steel-Belted Radius®Carrier Release
Notes
Release 7.6.0August 2013Revision 2
TheseReleaseNotessupportRelease7.6.0ofSteel-BeltedRadiusCarrier (SBRC).Before
you install or use your new software, read theseReleaseNotes in their entirety, especially
“Known Problems and Limitations” on page 9.
Contents Release Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Before You Start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Release Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Geo-Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Separate Session Database Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Transaction-Based Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
All VSAs in a Single Juniper Networks Client Dictionary . . . . . . . . . . . . . . . . . . 5
Additional RADIUS Status Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Challenge Timeout Field on the Advanced Server Settings Tab . . . . . . . . . . . . 6
Enhancement to the Reject Reason Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Virtualization Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Perl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
LDAP Plug-in . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Supported Browsers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
External Database Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Signalware and SS7 Interface Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Modified Open-Source Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Migrating from Earlier SBR Carrier Releases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Migrating from Earlier SBR Carrier Standalone Server Products . . . . . . . . . . . 8
Known Problems and Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
COA/DM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
LDAP Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
SBR Administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1Copyright © 2014, Juniper Networks, Inc.
SBRC Core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
SSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
SIM Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Proxy Spooling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Separate Session Database Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Documentation Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Session State Register Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Resolved Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Release 7.6.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Requests for Comments (RFCs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
WiMAX Technical Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Third-Party Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
General Statement of Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
SBR Carrier Documentation and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Opening a Case with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Revision History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Copyright © 2014, Juniper Networks, Inc.2
Steel-Belted Radius Carrier Release 7.6.0 Release Notes
Release Overview
These release notes cover Release 7.6.0 of the Juniper Networks Steel-Belted Radius
Carrier product.
Before You Start
Before you use your new software, read these Release Notes in their entirety, especially
the section Known Problems and Limitations.
Documentation
Table 1 on page 3 lists and describes the Steel-Belted Radius Carrier documentation
set:
Table 1: Steel-Belted Radius Carrier Documentation
DescriptionDocument
Describes how to install the Steel-Belted Radius Carrier software on the serverand the SBRC Administrator application on a client workstation.
Steel-Belted Radius Carrier Installation Guide
Describes how to configure and operate the Steel-Belted Radius Carrier and itsseparately licensedmodules.
Steel-Belted Radius Carrier Administrationand Configuration Guide
Describes the settings and valid values of the Steel-Belted Radius Carrierconfiguration files.
Steel-Belted Radius Carrier Reference Guide
Provides tips, use cases, and tools you need to:
• Improve SBRC performance through planning, analysis, and configuration
• Increase SBRC throughput and reliability
• Analyze specific use cases, in the lab or in the production environment, toidentify areas of potential performance enhancement and to limit the impactof resource constraints and failure scenarios
Steel-Belted Radius Carrier Performance,Planning, and Tuning Guide
Contains the latest information about features, changes, known problems, andresolved problems in Release 7.6.0.
Steel-Belted Radius Carrier Release Notes
NOTE: If the information in the Release Notes differs from the informationin any guide, follow the Release Notes.
You can find these release notes in AdobeAcrobat (PDF) format on the JuniperNetworks
Technical PublicationsWeb page, which is located at:
http://www.juniper.net/support/products/carrier/carrier/
Release Highlights
Highlights include the following product enhancements:
3Copyright © 2014, Juniper Networks, Inc.
Release Overview
Geo-Redundancy
TheSBRCarrier software supportsGeo-redundancy,whichallowsyou to replicate certain
fields of the Current Sessions Table (CST) across nodes of two remote Session State
Register (SSR) clusters located in different geographical locations. Geo-redundancy
provides a consolidated session store. That is, you can access data from all sessions in
geographically diverse systems from a single database at any time.
Geo-redundancyalsoprovides adisaster-recovery functionality that helps you to recover
data in case of a disaster or disruption in one of the geographical locations. With this
feature, you can restrict the amount of information replicated between the SSRs by
configuring only the selected fields of CST, thereby reducing the usage of disk space.
Information is replicated between nodes of two remote SSR clusters asynchronously so
that the performance of the SBR Carrier is minimally affected.
WithGeo-redundancy, you can increaseor decrease thebandwidthof data consumption
between clusters by replicating user-accounting information between clusters.
Geo-redundancy supports replication of session information frommultiple standalone
SBRs to a single SSR cluster. This feature also supports cross-endian cluster-to-cluster
replication so that data replication between Linux-based SSR and Solaris-based SSR is
possible.
You can configure the Geo-redundancy feature by using the parameters in the
georedSess.ses initialization file.
For more information about the Geo-redundancy feature, see the SBR Carrier
Administration and Configuration Guide and SBR Carrier Reference Guide.
Separate Session Database Process
In the standalone version of SBR, the CST is hosted as a separate executable process,
called the separate session database process, instead of being hosted as a shared library
within the SBR core RADIUS process. The separate session database process is
implemented as a 64-bit process, which enablesmanymore sessions to be hosted than
the 32-bit RADIUS process.
Hosting the CST as a separate session database process:
• Enhances the stability of the SBR core
• Prevents the SBRC server from crashing due to unexpected failures in the CST
• Increases the capability of handling several concurrent sessions in the CST
• Reduces the delay in SBR restart caused by the restoration of persistent sessions from
the radads.hst file
You can enable the separate session database process by using the new parameters
that are added to the sbrd.conf and radius.ini files. The separate session database andSBR core RADIUS processes can be further controlled by using the newly introduced
dbclusterRPC.genandcstserver.ini files.The inter-processcommunication(IPC)between
the RADIUS process and the separate session database process is performed using the
Apache Thrift software framework.
Copyright © 2014, Juniper Networks, Inc.4
Steel-Belted Radius Carrier Release 7.6.0 Release Notes
The separate session database process provides a high availability (HA) functionality
during idle and pending transactions. The separate session database process starts its
processing before starting theRADIUSprocess. If the separate session database process
is not starteddue toanerror, theRADIUSprocess starts its normalprocessingandpersists
the SSR in local mode when the FallbackLocal policy is applied.
NOTE: Hosting CST as a separate process in a standalone SBR is supportedonly on the 64-bit Linux platform.
For more information about the separate session database process, see the SBR Carrier
Administration and Configuration Guide and SBR Carrier Reference Guide.
Transaction-Based Licensing
To enable customers to transition smoothly to transaction-based licensing, Steel-Belted
Radius Carrier does not currently enforces rate limits. Steel-Belted Radius Carrier
generates SNMP traps and stores warning messages in the log file when the rate limit
of transactions per second (TPS) is exceeded in order to help customers become aware
of and comply with the licensing requirements. Rate limits may be enforced in future
releases as well as patches for Steel-Belted Radius Carrier 7.6.0 and earlier.
Formore informationabout transaction-based licensing, see theSBRCarrierAdministration
and Configuration Guide.
All VSAs in a Single Juniper Networks Client Dictionary
Steel-Belted Radius Carrier 7.6.0 delivers a single Juniper Networks client dictionary,
juniper.dct, insteadofproviding separatedictionaries for eachapplication. The juniper.dctfile lists all vendor-specific attributes (VSAs) that areused for fixedandmobile subscriber
management (ERX Series and MX Series router families, with enterprise ID 4874) and
router administration (enterprise ID 2636). The VSAs are updated based on attributes
in the unisphere.dct file of Junos OS 13.1.
For more information about the Juniper Networks client dictionary, see the SBR Carrier
Administration and Configuration Guide.
Additional RADIUS Status Information
The sbrd status command displays additional information about the RADIUS process
along with existing information such as the SBR package version, SBR process status,
and SBR process ID. The additional information that is displayed is:
• Plug-in status with version information
• License status
• IP pool and cache range
• Transaction rate
• Current session count
• Current rate
5Copyright © 2014, Juniper Networks, Inc.
Release Highlights
• Listening port and proxy address information
• SBR running time
This command also displays the separate session database process ID, if you have
enabled the separate session database process in your system.
Formore informationabout theRADIUSstatus information, see theSBRCarrier Installation
Guide.
Challenge Timeout Field on the Advanced Server Settings Tab
Steel-Belted Radius Carrier 7.6.0 allows you to configure the challenge timeout value
for TLS authentication, TLS EAP helper, and TTLS authentication methods through the
SBR Administrator. A Challenge Timeout field is newly added to the Advanced ServerSettings tab of the Edit TLS Authentication Method, Edit TLS EAP Helper Method, and
Edit TTLS Authentication Method dialog boxes. You can enter the timeout value (in
seconds) in this field for a particular challenge request.
Formore informationabout thechallenge timeout valueconfiguration, see theSBRCarrier
Administration and Configuration Guide.
Enhancement to the Reject Reason Code
In the [Attributes] section of the authReportReject.ini file, the purpose of theAUTH_ERR_044 reject reason code is extended to also indicate amismatch between
the username in the authentication request and the username configured in the regular
expression.
If the username in the authentication request does not match the configured username
in the regular expression, the SBRCarrier rejects the authentication request and displays
the AUTH_ERR_044 code in the authentication rejection report with the following
message: “Rejecting request username not matching regular exp.”
For more information about reject reason codes, see the SBR Carrier Reference Guide.
Virtualization Support
Steel-Belted Radius Carrier supports virtualization on a Red Hat virtual machine.
SystemRequirements
For complete details about the hardware and software requirements for running a
standalone Steel-Belted Radius Carrier server or the optional SBR Carrier Session State
Register (SSR), see “Meeting System Requirements” in the Steel-Belted Radius Carrier
Installation Guide.
Software
The Steel-Belted Radius Carrier server runs on both Oracle Solaris 10 and 11 and Red Hat
Enterprise Linux 6.1 on Intel (Xeon) platforms.
Copyright © 2014, Juniper Networks, Inc.6
Steel-Belted Radius Carrier Release 7.6.0 Release Notes
Perl
Steel-Belted Radius Carrier has been tested with Perl 5.8.4 and 5.8.8. Multiple Perl
installations in discrete directories are supported, but attempting to use other versions
of Perl with SBR Carrier may cause problems.
LDAP Plug-in
The LDAP plug-in requires SASL, which is not included with SBR. Youmust ensure that
you have the SASL package installed before starting SBR.
Supported Browsers
The SBR Administrator application can be launched from the browsers listed in
Table 2 on page 7.
Table 2: Supported Browsers
Operating SystemVersionsBrowser
Linux -3223Google Chrome
Windows XP SP38Internet Explorer
Windows 78.0.7602Internet Explorer
Solaris 10/115Mozilla Firefox
Linux X8610Mozilla Firefox
Windows 711Mozilla Firefox
Windows XP SP313Mozilla Firefox
Java Runtime Environment (JRE) 1.4.2 or later is required for all browsers, and is available
from http://www.oracle.com/technetwork/java/index.html.
NOTE: Using theSBRCAdministrator onWindowswithAeroeffects enabledmight removesomeUIelements.Youmustdisable theWindowsAeroeffects.
External Database Requirements
Steel-Belted Radius Carrier supports:
• Oracle database versions 10 and 11; version 11.2.0 is recommended.
• For Steel-Belted Radius Carrier to act as an Oracle native client (only on Solaris), the
Oracle 32–bit client must be set up before installing SBR Carrier because the Oracle
server location is used during installation.
• The JDBCplug-in hasbeen testedwithOracledatabase runningonSolaris andMySQL.
7Copyright © 2014, Juniper Networks, Inc.
System Requirements
Signalware and SS7 Interface Requirements
To support the optional SS7module, Ulticom’s Signalware 9 with Service Pack 6Vmust
be installed before installing SBR Carrier.
If you want the Steel-Belted Radius Carrier server to communicate with any SS7 legacy
equipment, install theUlticom’sSS7communicationboardandSignalware9withService
Pack 6V before you install the SBR Carrier software.
CAUTION: ServicePack6Vmustbe installed;otherwise,Steel-BeltedRadiusCarrier cannot use the Signalware communications stack.
The Signalware PH0301 and XH0303 boards are supported.
For more information, see the SBR Carrier Installation Guide.
Modified Open-Source Software
Embedded in Steel-Belted Radius Carrier 7.6.0 is an open-source software that Juniper
Networks has modified. Themodified software includes:
• HTTPClient from Innovation GmbH
• sunmd5.c from the OpenSolaris Project
• Spider Monkey 1.6 fromMozilla
• INIH parser from Google Project Hosting
You can obtain the source code for thesemodifications from Juniper Networks Technical
Support. See “Requesting Technical Support” on page 26.
Migrating from Earlier SBR Carrier Releases
SBR Carrier Release 7.6.0 can run as a standalone server or as part of a Session State
Register cluster.
Migrating from Earlier SBR Carrier Standalone Server Products
You can use the configuration script to move a number of files from selected previous
SBR Carrier releases to the Release 7.6.0 environment when installing Steel-Belted
Radius Carrier. The corresponding Release 7.6.0 files are also loaded on the system, but
are not activated. You are responsible for merging new settings from Release 7.6.0
configuration files into the working (preexisting) configuration files. To support new
features, SBRCarrier uses default values for any newsettings that have not beenmerged
into the working configuration files.
For complete details about migrating from the preceding releases, see the SBR Carrier
Installation Guide.
Copyright © 2014, Juniper Networks, Inc.8
Steel-Belted Radius Carrier Release 7.6.0 Release Notes
Known Problems and Limitations
These issues have been identified in Steel-Belted Radius Carrier 7.6.0. The identifier in
parentheses is the Problem Report number in our bug database.
COA/DM
• Enabling the “COA” action event using the SBR Administrator bymodifyingdeviceModels.xmlmay result in an error. If you customize COA or DM bymodifying
the deviceModels.xml file, it is recommended that you obtain assistance from JTAC
to verify your configuration. Errors in deviceModels.xml—for example, missing,
misplaced, or misconfigured XML elements or referencing RADIUS attributes that are
not defined in the dictionaries, or both—could lead to undefined behavior ranging from
preventing the server from starting to invalid errors while using the SBR Administrator
to invoke COA or DM actions. Be sure to restart the server as well as the SBR
Administratorwhenever deviceModels.xml or dictionary, or both files aremodified. (PR
420928)
• WhenusingJavaScript toperformDynamicAuthorization(COA/DM), thescriptmayfail with themessage "no NAS-IP-Address or NAS-IPv6-Address attribute found intransaction".Workaround is toadd theNAS-Identifier andAcct-Session-Idparameters
manually. (PR 905584)
Filters
• Changing a rule in the SBR Administrator with Filter>Edit Rule from Exclude or Addto Replace has no effect. Instead of changing the rule type, delete the attribute andthen add a new attribute with the correct Replace type. (PR 298086)
• A filter with an index that is configured to replace a parent attribute withmultipleinstances of a single subattribute does not work correctly. To avoid this, set up theconfiguration so that it uses multiple separate attributes that each contain the same
subattribute. (PR 298631)
LDAP Authentication
• Setting theMaxConcurrentsetting in the ldapauthconfiguration file tohighervaluescan cause Steel-Belted Radius Carrier to run out ofmemory and crash. As aworkaround, use smaller valuesofMaxConcurrent. The recommendedmaximumvalue
is 1000. (PR 249953)
• Enteringmore than 124 characters for a native user results in an erroneous rejection.This problemwas introduced in SBRCarrier 7.3.1 andwill be resolved in future releases.
(PR 771505)
• In previous versions of SBR Carrier in Solaris, LDAP used the Mozilla libraries for LDAP
communication. When LDAP is used, this requires the Cert7.db and Key3.db files as
the certificate store for trusted root certificates. Starting 7.4.0 Linux and 7.5.0 Solaris,
SBRCarrier uses theOpenLDAP libraries toprocess LDAP requests. ForSBR toprocess
LDAPrequests, youmustconfigureOpenLDAPtoaccept theserver certificate.Currently,
this is the only configuration supported and tested by SBR.
9Copyright © 2014, Juniper Networks, Inc.
Known Problems and Limitations
• When you have a large number of LDAP connections configured, SBRCmay takeseveral minutes to shut down, and the SBRD script displays a shutdown failuremessage in the terminal. (PR 847961)
• LDAP authentication hangs against the attribute directory when the attribute list isempty. (PR 842475)
SBR Administrator
• In SBRHA, theStatisticsGUI panel for System -Authentication andAccounting hassome inconsistencies with the documentation. The System - Authentication and
Accounting GUI mentions “Retries Sent” but it is documented as “Retries Received.”
Similarly, the System - Accounting GUI mentions “Failed Authentication” instead of
“Failed Accounting.” The document lists “Invalid Client” and “Invalid Shared Secret,”
which are not available in the SBR Administrator. These inconsistencies must be
corrected inboth theSBRAdministrator aswell as in thedocumentation. (PR434065)
• In the SBR Administrator, when TLS Secondary Authorization option is disabled,the configuration parameters to use the RADIUS User-Name attribute andCalling-Station-id attribute continue to be available. (PR 728565)
• When you configure a profile in SBR Administrator, the value entered in a checklistcan exceed themaximum length for the value that is specified in the dictionary file.This may result in erroneous failed authentications. (PR 306944)
• The “Use different shared secret for accounting” check box remains selected.Configure a client through the SBR Administrator. Select the “Use different shared
secret for accounting” check box. Enter a different shared secret and click OK. Edit the
client and deselect the “Use different shared secret for accounting” check box and
click OK. Edit the client again and you notice that the “Use different shared secret for
accounting” check box remains selected, and the shared secrets for accounting and
authorization are different. Towork around this problem, delete the accounting shared
secret before deselecting the check box. (PR 581706)
• int4 attributes with a value greater than 2,147,483,648 are displayed as negativevalues in the SBR Administrator. This occurs when you create a profile with a replylist containing an int4 attribute whose value is greater than 2,147,483,648. Click Ok
andview the reply list. Theattributedisplaysanegative value.However, an int4attribute
is anunsigned integer and thisworksproperly through theLDAPconfiguration interface
(LCI). (PR 581771)
• When you edit attributes of the int1, int2, or int4 type in the SBR Administrator, youare unable to select values tomake sure that they are in a valid range. If you set avalue that is greater than themaximum range, the attribute is deletedwithout awarning. There is no workaround. (PR 582099)
• Signed integers are not supported. If you enter a value greater than 2,147,483,648(either through the SBR Administrator or through the LCI), it appears as a negative
number. (PR 582104)
• If you edit deviceModels.xml and create a duplicatemodel entry, the SBRAdministrator may hangwhen trying to display the Current Sessions tab. There is
Copyright © 2014, Juniper Networks, Inc.10
Steel-Belted Radius Carrier Release 7.6.0 Release Notes
no workaround other than correcting the error and restarting the Administrator. (PR
583037)
• After you rename a client, or delete and then add a clientwith a different name, youmust restart the SBR Administrator for the SCSmodule to recognize the client. Ifthe SBR Administrator is closed and restarted, then the form to enter the required
attributes works properly. (PR 583077)
• The value of Termination-Action for TLSandTTLSauthenticationmethods and theTLS helper cannot be set correctly through the SBR Administrator. The values must
be set manually by editing tlsauth.aut, ttlsauth.aut, or tlsauth.eap. (PR 583905)
• TheSBRAdministratordoesnotallowyoutoenteran IPv6address foranycheck-listor return-list attribute of the ipv6addr type—for example, Login-IPv6-Host. You canuse the LCI as a workaround. (PR 6673775)
• The SBR Administrator does not allow you to enter an IPv6 address for RADIUSClient Address or Proxy Target Address. You can use the LCI as a workaround. (PR610064)
• When youmake changes to the “Authentication Policies / Order of Methods” panelor the “Authentication Policies / Reject Messages” panel, the Audit Log does notprovide specific information about the actions performed but rather it reads themas “Add/Modify authentication realm 'default'” (PR 249434).
• SBR Administrator is unavailable after you enable SNMP. Sometimes, when you
enable SNMP, youmight notice problems with connections on the TCP port 1812.
Workaround is to disable Solaris sma and snmpdx. (PR 776705)
• When you view the IP address pools for a cluster with the SBR Administrator GUI,only the pool names appear and not the IP address range. The SBR Administrator
GUI lists only 0.0.0.0. Workaround is to use the provided scripts to view IP pool
configuration for a cluster. (PR 788982)
• SBR is not accessible when a significant amount of traffic results in approximately5million phantom sessions. (PR 810722)
• In the SBRAdministrator GUI, access to all details on the Statistics page, certificatedetails on the Authentication Policies page, and locked account details on theReports page are blocked. (PR 899270)
• SBR is reset automatically after importing a native userwith an oversized return listattribute from an XML file. PR (896673)
• InSolaris 11, theauthenticationofaUNIXuserwiththeSHA-256passwordencryptionis rejected. (PR 851507)
• Configuringahostnamewithaspecial character (suchasanunderscore)asaclusternode fails. (PR 780808)
• The statlog.ini file does not contain the proxy or dropped packet parameter. (PR749790)
• Users with read-only privileges set in admin.ini cannot run a query to find currentactive sessions. (513775)
11Copyright © 2014, Juniper Networks, Inc.
Known Problems and Limitations
SBRC Core
• Whenyouspecifyasubattributestringwitha lengthof244characters, theexpectedresponse is not returned. To avoid this situation, edit the string to reduce the number
of characters to fewer than 244. (PR 298055)
• If you enable user concurrency after user sessions have been established, thosesessions are not counted toward concurrency limits. (PR 431438)
• Ifyouusemultiround(challenge)authentication, theAddFunkClientGroupToRequestfeature adds the Funk-Radius-Client-Group attribute-value pair (AVP) to only thefirstaccess request.Subsequent challenge responsesdonothave this attributeadded,and, therefore, cannot use this attribute in checklist processing when EAP or other
challenge-based protocols are used. (PR 460109)
• The sbrd stop ssr command does not work on remote nodes. To ensure shutdownof ssr nodes, issue the command on each node. (PR 561992)
• Sessions are not handled correctly when the length of Acct-Session-Id is greaterthat 24 octets. Update /opt/JNPRhadm/CurrentSessions.sql and
/opt/JNPRhadm/UpdateSchema.pl to 48 or 64 and
SBR/dbcluster/common/scripts/UpdateSchema.pl to permit the argument of “7.2”
and “7.3”. Then in both cases, alter the table to update the length of the field. (PR
719218)
• When you are executing ./configure and ./sbrd, it is sometimes necessary for thesoftware to perform certain operations as the hadm user as opposed to the rootuser. When you switch between user accounts, the shell may emit messages suchas“Youhavenewmail.”Thesemessagesareannoyingbutharmless.Asaworkaround,
youmay create a zero-length file called .hushlogin in the hadm user’s home
directory—for example, execute as hadm: touch /opt/JNPRhadm/.hushlogin. The
.hushlogin file prevents the shell from emittingmessages when the hadm user logs in.
(PR 546477)
• When the Oracle server is restarted, the TCP connection in SBRmoves to theCLOSE_WAIT state and stays in the same state until the SBR process is restarted.This does not have any service impact, except that the number of stale connectionsincreases in proportion to the number of times the Oracle server is restarted. (PR813350)
• Profile name and response attributes are not returned by the SQLAUTH plug-in ifbinding order is not sequential. (PR 861700)
• The User Concurrency table does not display proxy realm names. (PR 857901)
• The Inbound-from-Proxy control point is called after the inbound filters are applied.(PR 889762)
• In the rfc4679.dct file, the names of the Agent-Circuit-Id and Agent-Remote-Idattributes are not defined asmentioned by the RFC 4679. Instead, the names arerespectivelymentioned as DSL-Agent-Circuit-Id and DSL-Agent-Remote-Id.
Copyright © 2014, Juniper Networks, Inc.12
Steel-Belted Radius Carrier Release 7.6.0 Release Notes
SSR
• The CreateDB.sh script fails during cluster initialization.While you run the
./CreateDB.sh script if you observe an error as shown in the following example, ensure
that the cluster is fully started, kill the mysqld andmysqld_safe processes manually,
and restart themusing “./sbrd start ssr” beforeattempting toexecute the ./CreateDB.sh
script again. (PR 755547)
hadm@sbr-blr-vm1:~> ./CreateDB.shCreating database "SteelBeltedRadius" (using ENGINE ndbcluster).Creatingmisc tables.Can't create database "SteelBeltedRadius" (or its tables).MySQL Error Message: ERROR 157 (HY000) at line 3: Could not connect to storageengineCleaning up (destroying fragments of database "SteelBeltedRadius").
hadm@sbr-blr-vm1:~> ps -ef|grepmysqldhadm 11603 ... /bin/sh /opt/JNPRmysql/install/bin/mysqld_safehadm11720 ... /opt/JNPRmysql/install/bin/mysqld --basedir=/opt/JNPRmysql/install--datadir=/opt/JNPRmysqld/data--log-error=/opt/JNPRmysqld/mysqld_safe.err--pid-file=/opt/JNPRmysqld/mysqld.pid --socket=/opt/JNPRhadm/.mysql.sock--port=3001
hadm@sbr-blr-vm1:~> kill 11603 11720
hadm@sbr-blr-vm1:~> ./sbrd start ssrStarting ssr auxiliary processes
hadm@sbr-blr-vm1:~> ./CreateDB.sh
• When several IP pools are configured, the SBR service cannot be stopped using the./sbrdstop radiuscommand.Theworkaround is to kill theSBRservicebyusing “force”,“pkill”, or “kill <pid of SBR>” and then execute the MySQL commandmysql -D
SteelBeltedRadius -e 'update Sbr_IpAddrs set cache = 0where cache = <node ID> limit
10000'. (PR 792164)
• The stability of SBR is not guaranteed during amultinode failure of the cluster. Usethe watchdog process (radiusd) to mitigate such events. (PR 744690).
SIM Authentication
• The authGateway processmust be restarted whenever SBR restarts. This isapplicable only on a Linux platform.
Logging
• Binaryattributesmaybe interpretedasnull stringsandcausesubsequentattributesto be dropped. (PR 741942)
• Accounting records are too cryptic in the accounting log. Because Class attributesare presented in hexadecimal format and can be quite long, they are not logged by
13Copyright © 2014, Juniper Networks, Inc.
Known Problems and Limitations
default. If desired, they can be added to the log by removing the comment “;” from
“Class=” in the account.ini file. (PR 291646)
• SBRC truncates a line in the accounting log when a nonprintable character isencountered. (PR 898866)
• SBRC logsageneric errorwhen theauthGatewayapplicationdoesnot respondwithtriplets or quintets. (PR 868119)
Installation
• WhenyouupgradeSBR7.2.4orearlier to7.6.0, youneedanewexecutionofconfigure3onallMnodes(prior toSBR7.2.4, allMnodesneededaconfigure3onanupgrade);otherwise, mysqld fails to start. The workaround for this problem is to edit the
/opt/JNPRhadm/my.cnf file to add to the [mysqld_safe] section:
log-error = /opt/JNPRmysqld/mysqld_safe.errpid-file = /opt/JNPRmysqld/mysqld.pid
(PR 695553)
Proxy Spooling
• Proxy spool filesmay be created even after a proxy realm is disabled and a HUPsignal is issued. (PR 901533)
Separate Session Database Process
• When you upgrade the SBR Carrier software from previous releases to the 7.6 .0release, youmust convert session store file (radads.hst) to a new format that iscompatible with the 7.6.0 release. This conversion delays the SBR startup for thefirst time after the upgrade. The approximate time taken for converting the 1-GBpersistent session store file (radads.hst) to a new format (radadscst.hst) is 8–10minutes.
• If the size of the persistent session store file is greater than 2 GB, SBR Carrier failswhile loading the .hst file during the SBR startup. SBRCarrier fails regardless of thesettingofSTANDALONEMODE(local or cstserver). If the size of the .hst file exceeds2GB(which ispossiblewhentheSTANDALONEMODEparameter is set tocstserver),youmust delete the file before you restart the SBR Carrier. This problemwill beaddressed in the next release.
Documentation Updates
Information in this section updates the published Steel-Belted Radius Carrier 7.6.0
documentation set. The identifier in parentheses is the Problem Report number in our
bug database.
Installation
• SBR Carrier documentation requires update to SDK information. (PR 725585)
Copyright © 2014, Juniper Networks, Inc.14
Steel-Belted Radius Carrier Release 7.6.0 Release Notes
• The SBR SDK API call SbrWriteToLog() provides printf() functionality to customerplug-ins with certain vulnerabilities. When using SbrWriteToLog() function, youmust use a format string as the third parameter when logging variable data.
void SBRAPI sbrWriteToLog( HMODULE_CONTEXT hModuleContext, uint32 nLogLevel, const char * pszMsg, ... )
(PR 822544)
Session State Register Module
• If you start amanagement (Mor SM) nodewithout running the “configure 2 (createanewclusterdefinition)”option,asyouwould in thecaseofa rolling restartupgradefromRelease 7.2.x to Release 7.6.0, you will seemultiple warnings such as thefollowing:
WARNING: 2010-11-30 15:25:23 [MgmtSrvr]WARNING -- at line 68: [api]Id is deprecated, use NodeId instead
These warnings can be safely ignored.
To avoid these warnings, make the following change in the /opt/JNPRhadm/config.ini
file:
Change lines that read Id=<number> to NodeId=<number> on eachmanagement
node.
Resolved Issues
Release 7.6.0
• The new parameter SendAckOnProxyFailure is added to the RealmName.pro file tocheck whether the SBRC server sends an accounting acknowledgment to the NAD
when a proxy accounting request is not acknowledged. (PR 872748)
• Handling of response attributes by plug-ins is improved. (PR 886340)
• While running SBRC in Linux, an incorrect warning message is displayed as “sm nodes
require at least 2 GB physical memory” even if your server has enoughmemory. This
issue has been resolved. (PR 886886)
• The CST failure on exceeding user concurrency login limits when
AuthResponseOnCstFailure=Accept has been resolved. (PR 884402)
• IP addresses are reused unexpectedly within fewminutes for several IP pools. This
issue has been resolved. (PR 883576)
• The kinetoUMAAttrHandler.so file fails to load with the error condition “undefinedsymbol: _ZN11AttrFlatten12AttributeDefINS_17ResponseAttrTraitEEC1ERKSs”whenever
SBR restarts. This issue has been resolved. (PR 882792)
15Copyright © 2014, Juniper Networks, Inc.
Resolved Issues
• SBRC displays a ProxySpooler error in the debug log when SBRC processes the first
accounting-request after rebooting. This issue has been resolved. (PR 891794)
• The total authentication transaction counts 2, if you send a single authentication
transaction to SBRwith a clean statlog. This issue has been resolved. (874072).
• The Backup or Restore option on the File menu is enabled or disabled based on the
status of the primary flag instead of replica flag. (PR 873288)
• Transaction ID for the rejections of tunneled authentication is written in the SBR log.
This issue has been resolved. (PR 871142)
• When SBRC is configured to use a proxy as an authentication method, SBRC proxies
the requestbut reloadsafter receiving theproxy response.This issuehasbeen resolved.
(PR 868853)
• The NAS-IP-Address is reversed after the first interim update. This issue has been
resolved. (PR 864878)
• When Proxy-State (attr 33) is received in the control-point plug-in, the data type is
reported as SBR_TYPE_BINARY even if the Proxy-State value is defined as a string in
the radius.dct dictionary file. This issue has been resolved. (PR 863225)
• SBRC is reset while parsing subattributes of an incorrect WiMAX attribute. This issue
has been resolved. (PR 854744)
• SBRC is reloadedwhen the ASNGW-PostSession-Filter parameter in thewimax.ini file
is enabled. This issue has been resolved. (PR 851765)
• The data type in the dictionary file is changed to not add invalid characters at the end
of the SBR accounting log. (PR 851551)
• Amemory leak issue has been resolved. (PR 831101)
• SBRC discarded accounting requests because the session record is not received from
an SSR cluster. This issue has been resolved. (PR 785398)
• The OracleFailoverRetry configuration in radsql.aut, radsql.acc, and radsql.gen files
must be set to a value greater than 0. Setting this value to 0makes the retry attempts
continue indefinitely and prevents SBR from shutting down gracefully, when the target
Oracle servers are down. This issue has been resolved. (PR 805357)
• A JavaScript that logs data containing formatting characters (for example, "%s") or
other hexadecimal data may cause SBR to reset. This issue has been resolved. (PR
833713)
• When the Proxy Fast-Fail mechanism is enabled, the strobe requests are not sentwith
the existing default settings. This issue has been resolved. (PR 834978)
• WhenmanyLDAPconnectionsare configuredandMaxConcurrent is set toahigh value
in ldapauth configuration, SBR can run out of memory and experience delay during
shutdown. This issue has been resolved. (PR 839864)
• If more than 25 Called-Station-IDs are added to a tunnel configuration through SBR
Administrator, all Called-Station-IDsare not shown in theSBRAdministrator. However,
LCI and XML exports show all added Called-Station-IDs. This issue has been resolved.
(PR 840964)
Copyright © 2014, Juniper Networks, Inc.16
Steel-Belted Radius Carrier Release 7.6.0 Release Notes
• Theminimum value for Interval-Seconds parameter in the statlog.ini file is 10 seconds
but the outputmay become garbled under extreme loadwhen the interval is less than
60 seconds. This issue has been resolved. (PR 843496)
• When the Final-Response control point plug-in is enabled, the Proxy-State attribute
does not appear in the summary of the authentication response even if the
authentication response packet contains the attribute. This issue has been resolved.
(PR 894314)
• TheSNMPagentdoesnotwrite log fileswhen it is stopped.This issuehasbeen resolved.
See the “Logging Behavior of the SNMP Agent” section in the SBR Carrier Reference
Guide for more information. (PR 469774)
• SBR crashes while receiving an accounting request with an incorrect shared secret.
This issue has been resolved. (PR 902373)
• The Reject Log field in the failed authentication requests report contains garbled
characters during tunnel authentication. This issue has been resolved. (PR 892014)
• The SBR admin GUI can be started fromMozilla Firefox and Google Chrome browsers
even after upgrading the Java version to Java 7 update 21 (JRE version 1.7.0_21-b11). (PR
891236)
• MySQL Cluster 7.2.5 TAR for Solaris 10 SPARC (64 bit) patch is added to protect the
management daemon from crashing while executing certain ndb_mgm commands.
(PR 886951)
• An invalid script code is returned when script execution fails. This issue has been
resolved. (PR 872735)
• Debug and trace logs generated by the authGateway process contain date and
timestamp. (PR 868122)
• Amemory leak issue in SBR Carrier is fixed. (PR 858379)
• An incorrect threadvalue is observed in statlogafter youchange themaximumnumber
of threads in the radius.ini file. This issue has been resolved. (PR 847304)
• The authentication log recorded the Proxy-State attribute in the User-Name field if
the Proxy-State attributewas present in the request. This issue has been resolved. (PR
832407)
• The standalone edition of SBR Carrier 7.31 had crashed during load testing. This issue
has been resolved. (PR 791425)
• The JDBC accounting plug-in inserts IP addresses with the octets reversed. This issue
has been resolved. (PR 791122)
Related Documentation
Requests for Comments (RFCs)
The Internet Engineering Task Force (IETF) maintains an online repository of Request
for Comments (RFC)s online at http://www.ietf.org/rfc.html. Table 3 on page 18 lists the
RFCs that apply to Steel-Belted Radius Carrier.
17Copyright © 2014, Juniper Networks, Inc.
Related Documentation
Table 3: RFCs Related to the Steel-Belted Radius Carrier
TitleRFC Number
Domain Names - Implementation and Specification. P. Mockapetris. November 1987.RFC 1035
Structure and Identification of Management Information for TCP/IP-based Internets.M. Rose, K.McCloghrie, May 1990.
RFC 1155
Management Information Base for Network Management of TCP/IP-based internets: MIB-II. K.McCloghrie, M. Rose, March 1991.
RFC 1213
The Definitions of Managed Objects for IP Mobility Support using SMIv2. D. Cong and others.October 1996.
RFC 2006
The TLS Protocol. T. Dierks, C. Allen. January 1999.RFC 2246
An Architecture for Describing SNMPManagement Frameworks. D. Harrington, R. Presuhn, B.Wijnen, January 1998.
RFC 2271
PPP Extensible Authentication Protocol (EAP). L. Blunk, J. Volbrecht, March 1998.RFC 2284
Microsoft PPP CHAP Extensions. G. Zorn, S. Cobb, October 1998.RFC 2433
Microsoft Vendor-specific RADIUS Attributes. G. Zorn. March 1999.RFC 2548
Proxy Chaining and Policy Implementation in Roaming. B. Aboba, J. Vollbrecht, June 1999.RFC 2607
RADIUS Authentication Client MIB. B. Aboba, G. Zorn. June 1999.RFC 2618
RADIUS Authentication Server MIB. G. Zorn, B. Aboba. June 1999RFC 2619
RADIUS Accounting Client MIB. B. Aboba, G. Zorn. June 1999.RFC 2620
RADIUS Accounting Server MIB. G. Zorn, B. Aboba. June 1999.RFC 2621
PPP EAP TLS Authentication Protocol. B. Aboba, D. Simon, October 1999.RFC 2622
Implementation of L2TP Compulsory Tunneling via RADIUS. B. Aboba, G. Zorn. April 2000.RFC 2809
RemoteAuthenticationDial InUserService (RADIUS).C.Rigney,S.Willens,A.Rubens,W.Simpson.June 2000.
RFC 2865
RADIUS Accounting. C. Rigney. June 2000.RFC 2866
RADIUS Accounting Modifications for Tunnel Protocol Support.G. Zorn, B. Aboba, D. Mitton. June2000.
RFC 2867
RADIUSAttributes for Tunnel Protocol Support.G.Zorn,D. Leifer, A. Rubens, J. Shriver,M.Holdrege,I. Goyret. June 2000.
RFC 2868
RADIUS Extensions. C. Rigney, W.Willats, P. Calhoun. June 2000.RFC 2869
Copyright © 2014, Juniper Networks, Inc.18
Steel-Belted Radius Carrier Release 7.6.0 Release Notes
Table 3: RFCs Related to the Steel-Belted Radius Carrier (continued)
TitleRFC Number
Network Access Servers Requirements: Extended RADIUS Practices. D. Mitton. July 2000.RFC 2882
DHCP Relay Agent Information Option.M. Patrick. January 2001.RFC 3046
Authentication for DHCPMessages. R.Droms and others. June 2001.RFC 3118
RADIUS and IPv6. B. Aboba, G. Zorn, D. Mitton. August 2001.RFC 3162
IP Mobility Support for IPv4. C. Perkins. August 2002.RFC 3344
Authentication, Authorization, and Accounting (AAA) Transport Profile. B. Aboba, J. Wood. June2003.
RFC 3539
IANA Considerations for RADIUS (Remote Authentication Dial-In User Service). B. Aboba, July2003.
RFC 3575
RFC3576 - Dynamic Authorization Extensions to Remote to Remote Authentication Dial In UserService. NetworkWorking Group, 2003
RFC 3576
RADIUS (Remote Authentication Dial In User Service) Support For Extensible AuthenticationProtocol (EAP). B. Aboba, P. Calhoun, September 2003.
RFC 3579
IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines. P. Congdon,B. Aboba, A. Smith, G. Zorn, J. Roese, September 2003.
RFC 3580
Extensible Authentication Protocol. B. Aboba, L. Blunk, J. Vollbrecht, J. Carlson, H. Levkowetz.June 2004.
RFC 3748
Authentication, Authorization, and Accounting (AAA) Registration Keys for Mobile IPv4. C. Perkinsand P. Calhoun. March 2005.
RFC 3957
Extensible Authentication Protocol (EAP) Method Requirements for Wireless LANs. D. Stanleyand others. March 2005.
RFC 4017
Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM)Subscriber Identity Modules (EAP-SIM). H. Haverinen, J. Salowey. January 2006.
RFC 4186
Extensible Authentication Protocol Method for Global System for 3rd Generation Authenticationand Key Agreement (EAP-AKA). J. Arkko, H. Haverinen. January 2006.
RFC 4187
The Network Access Identifier. B. Aboba and others. December 2005.RFC 4282
Identity Selection Hints for the Extensible Authentication Protocol (EAP). F. Adrangi, V. Lortz, F.Bari, P. Eronen. January 2006.
RFC 4284
Chargeable User Identity. F. Adrangi and others. January 2006.RFC 4372
Lightweight Directory Access Protocol (LDAP) Technical Specification Road Map. K. Zeilenga,June 2006.
RFC 4510
19Copyright © 2014, Juniper Networks, Inc.
Related Documentation
Table 3: RFCs Related to the Steel-Belted Radius Carrier (continued)
TitleRFC Number
Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated ProtocolVersion 0 (EAP-TTLSv0) P. Funk, S. Blake-Wilson. August 2008.
RFC 5281
UseofStatus-Server Packets in theRemoteAuthenticationDial InUser Service (RADIUS)ProtocolA. DeKok. August 2010.
RFC 5997
WiMAX Technical Specifications
TheWiMAX Forum Networking Group (NWG)maintains a repository of technical
documents and specifications online at http://www.wimaxforum.org. You can also view
theWiMAX IEEE standards, 802.16e-2005 formobileWiMAX and 802.16-2004 for fixed
WiMAX, online at http://www.ieee.org.
Third-Party Products
For information about configuring your Ulticom software and hardware, or your access
servers and firewalls, consult the manufacturer’s documentation.
General Statement of Compliance
Table 4 on page 20 lists Steel-Belted Radius Carrier Release 7.6.0 compliance with
applicable RFCs.
Table 4: Compliance of Steel-Belted Radius Carrier Release 7.6.0 with Applicable RFCs
NotesNameRFC Number
—Structure and Identification of Management Informationfor TCP/IP-based Internets
1155
—Management Information Base for Network Managementof TCP/IP-based internets: MIB-II
1213
Obsoleted by RFC 2138Remote Authentication Dial In User Service2058
Obsoleted by RFC 2139RADIUS Accounting2059
—Ascend Tunnel Management Protocol2107
Obsoleted by RFC 2865Remote Authentication Dial In User Service2138
Obsoleted by RFC 2866RADIUS Accounting2139
Obsoleted by RFC 2571An Architecture for Describing SNMPManagementFrameworks
2271
Updated by RFC 2484PPP Extensible Authentication Protocol (EAP)2284
Copyright © 2014, Juniper Networks, Inc.20
Steel-Belted Radius Carrier Release 7.6.0 Release Notes
Table 4: Compliance of Steel-Belted Radius Carrier Release 7.6.0 with ApplicableRFCs (continued)
NotesNameRFC Number
—Microsoft PPP CHAP Extensions2433
—Microsoft Vendor-specific RADIUS Attributes2548
—Proxy Chaining and Policy Implementation in Roaming2607
Obsoleted by RFC 4668RADIUS Authentication Client MIB2618
Obsoleted by RFC 4669RADIUS Authentication Server MIB2619
Obsoleted by RFC 4670RADIUS Accounting Client MIB2620
Obsoleted by RFC 4671RADIUS Accounting Server MIB2621
Obsoleted by RFC 5216PPP EAP TLS Authentication Protocol2716
—ImplementationofL2TPCompulsoryTunnelingviaRADIUS2809
—Remote Authentication Dial In User Service (RADIUS).2865
—RADIUS Accounting2866
—RADIUS Accounting Modifications for Tunnel ProtocolSupport
2867
—RADIUS Attributes for Tunnel Protocol Support2868
—RADIUS Extensions2869
—Network Access Servers Requirements: Extended RADIUSPractices
2882
—Generic AAA Architecture2903
—AAA Authorization Framework2904
—AAA Authorization Requirements2905
—AAA Authorization Requirements2906
—Mobile IP Authentication, Authorization, and AccountingRequirements
2977
—Criteria for Evaluating AAA Protocols for Network Access2989
—Mobile IPv4 Challenge/Response Extensions3012
21Copyright © 2014, Juniper Networks, Inc.
General Statement of Compliance
Table 4: Compliance of Steel-Belted Radius Carrier Release 7.6.0 with ApplicableRFCs (continued)
NotesNameRFC Number
—RADIUS and IPv63162
—IANA Considerations for RADIUS (Remote AuthenticationDial In User Service)
3575
—RADIUS (Remote Authentication Dial In User Service)Support For Extensible Authentication Protocol (EAP)
3579
—IEEE 802.1X Remote Authentication Dial In User Service(RADIUS) Usage Guidelines
3580
—Extensible Authentication Protocol (EAP)3748
—Certificate Extensions and Attributes SupportingAuthentication in Point-to-Point Protocol (PPP) andWireless Local Area Networks
3770
—Remote Authentication Dial-In User Service (RADIUS)Attributes Suboption for the Dynamic Host ConfigurationProtocol (DHCP) Relay Agent Information Option
4014
—Extensible Authentication Protocol (EAP) MethodRequirements for Wireless LANs
4017
Not supportedDiameter Extensible Authentication Protocol (EAP)Application
4072
—State Machines for Extensible Authentication Protocol(EAP) Peer and Authenticator
4137
—Extensible Authentication Protocol Method for GlobalSystem for Mobile Communications (GSM) SubscriberIdentity Modules (EAP-SIM)
4186
—Extensible Authentication Protocol Method for 3rdGenerationAuthenticationandKeyAgreement (EAP-AKA)
4187
—Identity Selection Hints for the Extensible AuthenticationProtocol (EAP)
4284
—Certificate Extensions and Attributes SupportingAuthentication in Point-to-Point Protocol (PPP) andWireless Local Area Networks (WLAN)
4334
—Chargeable User Identity4372
Obsoleted by RFC 5090RADIUS Extension for Digest Authentication4590
—Additional Values for the NAS-Port-Type Attribute4603
Copyright © 2014, Juniper Networks, Inc.22
Steel-Belted Radius Carrier Release 7.6.0 Release Notes
Table 4: Compliance of Steel-Belted Radius Carrier Release 7.6.0 with ApplicableRFCs (continued)
NotesNameRFC Number
Previousversion (RFC2618)supportedRADIUS Authentication Client MIB for IPv64668
Previousversion (RFC2619) supportedRADIUS Authentication Server MIB for IPv64669
Previousversion(RFC2220)supportedRADIUS Accounting Client MIB for IPv64670
Previousversion (RFC2221) supportedRADIUS Accounting Server MIB for IPv64671
Not supportedRADIUS Dynamic Authorization Client MIB4672
Not supportedRADIUS Dynamic Authorization Server MIB4673
Not supportedRADIUS Attributes for Virtual LAN and Priority Support4675
—DSL Forum Vendor-Specific RADIUS Attributes4679
Not supportedExtensible Authentication Protocol (EAP) PasswordAuthenticated Exchange
4746
Not supportedExtensible Authentication Protocol Method forShared-secret Authentication and Key Establishment(EAP-SAKE)
4763
Not supportedThe EAP-PSK Protocol: A Pre-Shared Key ExtensibleAuthentication Protocol (EAP) Method.
4764
—RADIUS Delegated-IPv6-Prefix Attribute.4818
—RADIUS Filter Rule Attribute4849
Not supportedMobile IPv6 Operation with IKEv2 and the Revised IPsecArchitecture.
4877
—Guidance forAuthentication,Authorization, andAccounting(AAA) Key Management
4962
—Mobile IPv4 RADIUS Requirements5030
—Common Remote Authentication Dial In User Service(RADIUS) Implementation Issues and Suggested Fixes
5080
—The Extensible Authentication Protocol-Internet KeyExchange Protocol version 2 (EAP-IKEv2) Method
5106
—Handover Key Management and Re-AuthenticationProblem Statement
5169
23Copyright © 2014, Juniper Networks, Inc.
General Statement of Compliance
Table 4: Compliance of Steel-Belted Radius Carrier Release 7.6.0 with ApplicableRFCs (continued)
NotesNameRFC Number
—Dynamic Authorization Extensions to RemoteAuthentication Dial In User Service (RADIUS)
5176
Previousversion(RFC2716)supportedThe EAP-TLS Authentication Protocol5216
MIPv6 not supported3GPP2 X.S0011-D, Version: 1.0, Version Date: February,2006
—
—Extensible Authentication Protocol Tunneled TransportLayer Security Authenticated Protocol Version 0(EAP-TTLSv0) P. Funk, S. Blake-Wilson. August 2008.
5281
—UseofStatus-ServerPackets in theRemoteAuthenticationDial In User Service (RADIUS) Protocol. A. DeKok. August2010.
5997
Table 5 on page 24 lists the protocols supported in Steel-Belted Radius Carrier Release
7.65.0.
Table 5: Protocols Supported in SBR Carrier Release 7.6.0
NotesProtocol
—UDP
—IPv4
RADIUS onlyIPv6
—DHCP v2
—DHCP v3
—LDAP v2
Not LCILDAP v3
—JDBC
—Oracle (SQL)
ConfigurationXML
AdminHTTP v1.1
Except CRs 801, 823, OMA/DMWiMAX NWG 1.2.2
Copyright © 2014, Juniper Networks, Inc.24
Steel-Belted Radius Carrier Release 7.6.0 Release Notes
Table 5: Protocols Supported in SBR Carrier Release 7.6.0 (continued)
NotesProtocol
—3GPP2
—3GPP2 X.S0011-D
RADIUS only3GPP
WLAN UE23.234 (RADIUS)
Gi and Pk reference points29.061 (RADIUS)
RADIUS only Interface E5TISPAN
—ES282.001
—ES282.004
—ES283.034
—ES283.035
SBR Carrier Documentation and Release Notes
For a list of related SBR Carrier documentation, see
http://www.juniper.net/support/products/carrier/carrier/.
If the information in the latest release notes differs from the information in the
documentation, follow the Steel-Belted Radius Carrier Release Notes.
To obtain themost current version of all Juniper Networks technical documentation, see
the products documentation page on the Juniper Networks website at
http://www.juniper.net/techpubs/.
Documentation Feedback
We encourage you to provide feedback, comments, and suggestions so that we can
improve the documentation to better meet your needs. Send your comments to
[email protected], or fill out the documentation feedback form at
https://www.juniper.net/cgi-bin/docbugreport. If you are using e-mail, be sure to include
the following information with your comments:
• Document name
• Document part number
• Page number
• Software release version
25Copyright © 2014, Juniper Networks, Inc.
SBR Carrier Documentation and Release Notes
Requesting Technical Support
Technical product support is available through the JuniperNetworksTechnicalAssistance
Center (JTAC). If you are a customer with an active J-Care or JNASC support contract,
or are covered under warranty, and need post-sales technical support, you can access
our tools and resources online or open a case with JTAC.
• JTAC Policies—For a complete understanding of our JTAC procedures and policies,
review the JTAC User Guide located at
http://www.juniper.net/customers/support/downloads/710059.pdf
• ProductWarranties—For product warranty information, visit
http://www.juniper.net/support/warranty/
• JTAC Hours of Operation—The JTAC centers have resources available 24 hours a day,
7 days a week, 365 days a year.
Self-Help Online Tools and Resources
For quick and easy problem resolution, Juniper Networks has designed an online
self-service portal called the Customer Support Center (CSC) that provides youwith the
following features:
• Find CSC offerings:
http://www.juniper.net/customers/support/
• Search for known bugs:
http://www2.juniper.net/kb
• Find product documentation:
http://www.juniper.net/techpubs/
• Find solutions and answer questions using our Knowledge Base:
http://kb.juniper.net/
• Download the latest versions of software and review release notes:
http://www.juniper.net/customers/csc/software/
• Search technical bulletins for relevant hardware and software notifications:
https://www.juniper.net/alerts/
• Join and participate in the Juniper Networks Community Forum:
http://www.juniper.net/company/communities/
• Open a case online in the CSC Case Manager:
http://www.juniper.net/cm/
Toverify serviceentitlementbyproduct serial number, useourSerialNumberEntitlement
(SNE) Tool located at https://tools.juniper.net/SerialNumberEntitlementSearch/
Copyright © 2014, Juniper Networks, Inc.26
Steel-Belted Radius Carrier Release 7.6.0 Release Notes
Opening a Casewith JTAC
You can open a case with JTAC on theWeb or by telephone.
• Use the Case Manager tool in the CSC at http://www.juniper.net/cm/
• Call 1-888-314-JTAC (1-888-314-5822 – toll free in the USA, Canada, and Mexico)
For international or direct-dial options in countries without toll-free numbers, visit
http://www.juniper.net/support/requesting-support.html
When you are running SBRC Administrator, you can chooseWeb > Steel-Belted Radius
Carrier Home Page to access a special home page for Steel-Belted Radius Carrier users.
When you contact technical support, be ready to provide:
• Your Steel-Belted Radius Carrier release number (for example, Steel-Belted Radius
Carrier Release 7.6.0).
• Information about the server configuration and operating system, including any OS
patches that have been applied.
• For licensedproducts under a currentmaintenance agreement, your license or support
contract number.
• A detailed description of the problem.
• Any documentation that may help in resolving the problem, such as error messages,
core files, compiler listings, and error or RADIUS log files.
Revision History
August 2013—SBR Carrier Release 7.6.0
Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the UnitedStates and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All othertrademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,transfer, or otherwise revise this publication without notice.
Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that areowned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312,6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.
Ulticom, Signalware, Programmable Network, Ultimate Call Control, and Nexworx are registered trademarks of Ulticom, Inc. Kineto andthe Kineto Logo are registered trademarks of KinetoWireless, Inc. Software Advancing Communications and SignalCare are trademarksandservicemarksofUlticom, Inc.CORBA(CommonObjectRequestBrokerArchitecture) is a registered trademarkof theObjectManagementGroup (OMG).Raima,RaimaDatabaseManager andRaimaObjectManager are trademarksofBirdstepTechnology. Sun, SunMicrosystems,the Sun logo, Java, Solaris, and all trademarks and logos that contain Sun, Solaris, or Java are trademarks or registered trademarks of SunMicrosystems, Inc. in the United States and other countries. MySQL and the MySQL logo are registered trademarks of MySQL AB in theUnited States, the European Union, and other countries. All other trademarks, service marks, registered trademarks, or registered servicemarks are the property of their respective owners. All specifications are subject to change without notice.
Contains software copyright 2000–2010 by MySQL AB, distributed under license.
Portions of this software copyright 2003-2009 LevWalkin <[email protected]> All rights reserved.
27Copyright © 2014, Juniper Networks, Inc.
Requesting Technical Support
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions aremet:
1. Redistributions of source codemust retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary formmust reproduce the above copyright notice, this list of conditions and the following disclaimer in thedocumentation and/or other materials provided with the distribution.
THISSOFTWAREISPROVIDEDBYTHEAUTHORANDCONTRIBUTORS``ASIS''ANDANYEXPRESSORIMPLIEDWARRANTIES, INCLUDING,BUTNOTLIMITEDTO,THE IMPLIEDWARRANTIESOFMERCHANTABILITYANDFITNESSFORAPARTICULARPURPOSEAREDISCLAIMED.IN NO EVENT SHALL THE AUTHOROR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, ORCONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODSOR SERVICES; LOSS OFUSE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED ANDON ANY THEORY OF LIABILITY, WHETHER INCONTRACT,STRICTOROTHERWISE)ARISING INANYWAYOUTOFTHEUSEOFTHISSOFTWARE,EVEN IFADVISEDOFTHEPOSSIBILITYOF SUCH DAMAGE.
Portions of this software copyright 1989, 1991, 1992 by Carnegie Mellon UniversityDerivativeWork–1996, 1998–2009 Copyright 1996, 1998–2009. The Regents of the University of California All Rights Reserved. Permissionto use, copy, modify and distribute this software and its documentation for any purpose and without fee is hereby granted, provided thatthe above copyright notice appears in all copies and that both that copyright notice and this permission notice appear in supportingdocumentation, and that the name of CMU and The Regents of the University of California not be used in advertising or publicity pertainingto distribution of the software without specific written permission.
CMU AND THE REGENTS OF THE UNIVERSITY OF CALIFORNIA DISCLAIM ALLWARRANTIESWITH REGARD TO THIS SOFTWARE,INCLUDING ALL IMPLIEDWARRANTIES OFMERCHANTABILITY AND FITNESS. IN NO EVENT SHALL CMUOR THE REGENTS OF THEUNIVERSITYOFCALIFORNIABELIABLEFORANYSPECIAL, INDIRECTORCONSEQUENTIALDAMAGESORANYDAMAGESWHATSOEVERRESULTING FROMTHE LOSSOF USE, DATAOR PROFITS,WHETHER IN AN ACTIONOF CONTRACT, NEGLIGENCE OROTHER TORTIOUSACTION, ARISING OUT OF OR IN CONNECTIONWITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Portions of this software copyright © 2001–2009, Networks Associates Technology, Inc. All rights reserved. Redistribution and use in sourceand binary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source codemust retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary formmust reproduce the above copyright notice, this list of conditions and the following disclaimer in thedocumentation and/or other materials provided with the distribution.
3. Neither the name of the Networks Associates Technology, Inc nor the names of its contributors may be used to endorse or promoteproducts derived from this software without specific prior written permission.
THISSOFTWAREISPROVIDEDBYTHECOPYRIGHTHOLDERSANDCONTRIBUTORS“AS IS”ANDANYEXPRESSORIMPLIEDWARRANTIES,INCLUDING, BUT NOT LIMITED TO, THE IMPLIEDWARRANTIES OFMERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSEARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,INCIDENTAL,SPECIAL,EXEMPLARY,ORCONSEQUENTIALDAMAGES(INCLUDING,BUTNOTLIMITEDTO,PROCUREMENTOFSUBSTITUTEGOODSOR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED ANDON ANY THEORYOF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OROTHERWISE) ARISING IN ANYWAYOUTOF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Portions of this software are copyright © 2001–2009, Cambridge Broadband Ltd. All rights reserved. Redistribution and use in source andbinary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source codemust retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary formmust reproduce the above copyright notice, this list of conditions and the following disclaimer in thedocumentation and/or other materials provided with the distribution.
3. The name of Cambridge Broadband Ltd. may not be used to endorse or promote products derived from this software without specificprior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER “AS IS” AND ANY EXPRESS OR IMPLIEDWARRANTIES, INCLUDING, BUTNOT LIMITED TO, THE IMPLIEDWARRANTIES OFMERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
Copyright © 2014, Juniper Networks, Inc.28
Steel-Belted Radius Carrier Release 7.6.0 Release Notes
IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, ORCONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODSOR SERVICES; LOSS OFUSE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED ANDON ANY THEORY OF LIABILITY, WHETHER INCONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OROTHERWISE) ARISING IN ANYWAYOUTOF THE USE OF THISSOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Portions of this software copyright © 1995–2009 Jean-loup Gailly and Mark Adler This software is provided 'as-is', without any express orimplied warranty. In no event will the authors be held liable for any damages arising from the use of this software. Permission is granted toanyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to thefollowing restrictions:
1. The origin of this software must not bemisrepresented; youmust not claim that you wrote the original software. If you use this softwarein a product, an acknowledgment in the product documentation would be appreciated but is not required.
2. Altered source versions must be plainly marked as such, andmust not bemisrepresented as being the original software.
3. This notice may not be removed or altered from any source distribution.
HTTPClient package Copyright © 1996–2009 Ronald Tschalär ([email protected])
This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as publishedby the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful, but WITHOUT ANYWARRANTY; without even the implied warranty ofMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. For a copyof the GNU Lesser General Public License, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307,USA.
Copyright (c) 2000–2009 The Legion Of The Bouncy Castle (http://www.bouncycastle.org)
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the"Software"), to deal in theSoftwarewithout restriction, includingwithout limitation the rights to use, copy,modify,merge, publish, distribute,sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the followingconditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUTWARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TOTHEWARRANTIES OFMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEAUTHORSORCOPYRIGHTHOLDERSBELIABLEFORANYCLAIM,DAMAGESOROTHERLIABILITY,WHETHERINANACTIONOFCONTRACT,TORT OROTHERWISE, ARISING FROM, OUT OF OR IN CONNECTIONWITH THE SOFTWARE OR THE USE OROTHER DEALINGS IN THESOFTWARE.
Contains software copyright 2000–2013 by Oracle America, Inc., distributed under license.
Steel-BeltedRadiususesThrift, licensedunder theApacheLicense,Version2.0 (the “License”); youmaynotuse this file except in compliancewith the License.
Youmay obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0
Unless requiredbyapplicable lawor agreed to inwriting, softwaredistributedunder the License is distributedonan “AS IS”BASIS,WITHOUTWARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and limitations under the License.
Steel-Belted Radius uses Cyrus SASL under the following license:
Copyright © 1994-2012 Carnegie Mellon University. All rights reserved.
29Copyright © 2014, Juniper Networks, Inc.
Requesting Technical Support
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions aremet:
1. Redistributions of source codemust retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary formmust reproduce the above copyright notice, this list of conditions and the following disclaimer in thedocumentation and/or other materials provided with the distribution.
3. The name "CarnegieMellonUniversity"must not be used to endorse or promote products derived from this softwarewithout priorwrittenpermission. For permission or any legal details, please contact
Office of Technology TransferCarnegie Mellon University5000 Forbes AvenuePittsburgh, PA 15213-3890(412) 268-4387, fax: (412) [email protected]
4. Redistributions of any formwhatsoever must retain the following acknowledgment:
"This product includes software developed by Computing Services at Carnegie Mellon University (http://www.cmu.edu/computing/)."
CARNEGIEMELLONUNIVERSITYDISCLAIMSALLWARRANTIESWITHREGARDTOTHISSOFTWARE, INCLUDINGALL IMPLIEDWARRANTIESOFMERCHANTABILITY AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR ANY SPECIAL, INDIRECTOR CONSEQUENTIAL DAMAGES OR ANY DAMAGESWHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER INAN ACTION OF CONTRACT, NEGLIGENCE OROTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTIONWITH THE USE ORPERFORMANCE OF THIS SOFTWARE.
Steel-Belted Radius uses OpenSSL versions 0.9.8h and 1.0.0-25, which have the following terms:
Copyright ©1998-2011 The OpenSSL Project. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions aremet:
1. Redistributions of source codemust retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary formmust reproduce the above copyright notice, this list of conditions and the following disclaimer in thedocumentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the following acknowledgment:
"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this softwarewithout prior written permission. For written permission, please contact [email protected].
5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior writtenpermission of the OpenSSL Project.
6. Redistributions of any formwhatsoever must retain the following acknowledgment:
"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)"
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ''AS IS'' AND ANY EXPRESSED OR IMPLIEDWARRANTIES, INCLUDING, BUTNOT LIMITED TO, THE IMPLIEDWARRANTIES OFMERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,EXEMPLARY,ORCONSEQUENTIALDAMAGES(INCLUDING,BUTNOTLIMITEDTO,PROCUREMENTOFSUBSTITUTEGOODSORSERVICES;LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED ANDON ANY THEORY OF LIABILITY, WHETHERIN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDINGNEGLIGENCEOROTHERWISE) ARISING IN ANYWAYOUTOF THEUSEOF THISSOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Copyright © 2014, Juniper Networks, Inc.30
Steel-Belted Radius Carrier Release 7.6.0 Release Notes
The "inih" library is distributed under the New BSD license:
Copyright © 2009, Brush Technology. All rights reserved.
1. Redistributions of source codemust retain the above copyright notice, this list of conditions and the following disclaimer.
2.Redistributions in binary formmust reproduce the above copyright notice, this list of conditions and the following disclaimer in thedocumentation and/or other materials provided with the distribution.
3. Neither the name of Brush Technology nor the names of its contributors may be used to endorse or promote products derived from thissoftware without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY BRUSH TECHNOLOGY ''AS IS'' AND ANY EXPRESS OR IMPLIEDWARRANTIES, INCLUDING, BUT NOTLIMITED TO, THE IMPLIEDWARRANTIES OFMERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NOEVENT SHALL BRUSH TECHNOLOGY BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIALDAMAGES(INCLUDING,BUTNOTLIMITEDTO,PROCUREMENTOFSUBSTITUTEGOODSORSERVICES;LOSSOFUSE,DATA,ORPROFITS;OR BUSINESS INTERRUPTION) HOWEVER CAUSED ANDON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,OR TORT (INCLUDING NEGLIGENCE OROTHERWISE) ARISING IN ANYWAYOUTOF THE USE OF THIS SOFTWARE, EVEN IF ADVISEDOF THE POSSIBILITY OF SUCH DAMAGE.
31Copyright © 2014, Juniper Networks, Inc.
Requesting Technical Support