Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Changes in Behavior and Syntax

 

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 15.1F7 for the MX Series..

Authentication, Authorization and Accounting (AAA) (RADIUS)

  • Statement introduced to enforce strict authorization—Starting in Junos OS Release 15.1F2, customers can use the set system tacplus-options strict-authorization statement to enforce strict authorization to the users. When a user is logging in, Junos OS issues two TACACS+ requests—first is the authentication request and then the authorization request. By default, when the authorization request is rejected by the TACACS+ server, Junos OS disregards this rejection and provides full access to the user. When the set system tacplus-options strict-authorization statement is set, Junos OS denies access to the user on failure of the authorization request.

Flow-based and Packet-based Processing

  • Correction for Inline Jflow reporting (MX Series)—Starting in Junos OS Release 15.1F2, when a destination is reachable through multiple paths, Inline Jflow reports OIF, GW, DST_MASK, and DST_AS data incorrectly in flow records. The new configuration statement set services flow-monitoring <version-ipfix | version9> template <template_name> nexthop-learning enable corrects OIF, GW, DST_MASK, and DST_AS data reporting.

General Routing

  • Modified output of the clear services sessions | display xml command (MX Series)—In Junos OS Release 14.1X55-D30, the output of the clear services sessions | display xml command is modified to include the <sess-marked-for-deletion> tag instead of the <sess-removed> tag. In releases before Junos OS Release 14.1X55-D30, the output of this command includes the <sess-removed> tag. The replacement of the <sess-removed> tag with the <sess-marked-for-deletion> tag aims at establishing consistency with the output of the clear services sessions command that includes the field Sessions marked for deletion.

High Availability (HA) and Resiliency

  • New ISSU warning message for VCCV-BFD NSR not being supported—Starting in Junos OS Release 15.1R2, 15.1F2, and later releases, the Junos OS CLI displays a warning message (when you perform a unified in-service software upgrade (ISSU)) about NSR not being supported for Bidirectional Forwarding Detection (BFD) support for virtual circuity connectivity verification (VCCV). You must enter a [yes] or [no] input to confirm whether you want to proceed with the unified ISSU operation or not.

Interfaces and Chassis

  • Support for automatic enabling of flow control for MACsec (MX Series)—Starting in Junos OS Release 15.1F6, when Media Access Control Security (MACsec) is enabled on an interface, the interface flow control capability is enabled by default, regardless of the configuration that you set using the (flow-control | no-flow-control) statement at the [edit interfaces interface- name gigether-options] hierarchy level. When MACsec is disabled, interface flow control is restored to the configuration that you set using the flow-control statement at the [edit interfaces] hierarchy level. When MACsec is enabled, additional header bytes are added to the packet by the MACsec PHY. With line rate traffic, when MACsec is enabled and flow control is disabled, the pause frames sent by the MACsec PHY are terminated by the MIC’s MAC (enhanced 20-port Gigabit Ethernet MICs on MX Series routers) and not transferred to the Packet Forwarding Engine, causing framing errors. Therefore, when MACsec is enabled on an interface, flow control is also automatically enabled on such an interface.

IPv6

  • IPv6 addresses with padded zeros in MIC or MS-MPC system log messages (MX Series)—Starting with Junos OS Release 15.1F5, all system log messages originating from MIC or MS-MPC line cards display padded zeros in IPv6 addresses to make them compatible with MS-DPC line cards. Earlier, the system log messages from MIC or MS-MPC line cards displayed IPv6 addresses with ’::’ instead of padded zeros.

MPLS

  • Inline BFD support on IRB interfaces (MX Series routers with MPCs or MICs)—Starting with Junos OS Release 15.1F4, the inline BFD sessions transmitted or received from FPC hardware are supported on integrated routing and bridging (IRB) interfaces. This enhancement is available only on MX Series routers with MPCs/MICs that have configured the enhanced-ip option.

Network Management and Monitoring

  • New 64-bit counter of octets for interfaces (MX Series)—Starting with Release 15.1F4, Junos OS supports two new Juniper Networks enterprise-specific Interface MIB Extension objects—ifHCIn1SecOctets and ifHCOut1SecOctets—that act as 64-bit counters of octets passing through an interface.

  • Enhancement for SONET interval counter (MX Series)—Starting with Junos OS Release 15.1F5, only the Current Day Interval Total output field in the show interfaces interval command for SONET interfaces is reset after 24 hours. In addition, the Previous Day Interval Total output field displays the last updated time in hh:mm.

    [See show interfaces interval.]

  • SNMP proxy feature ( MX Series)—Starting with Junos OS Release 15.1F2, you must configure interface <interface-name> statement at the [edit snmp] hierarchy level for the proxy SNMP agent. Earlier, configuring interface for the proxy SNMP agent was not mandatory.

Routing Policy and Firewall Filters

  • Support for logical queue-depth in the Packet Forwarding Engine for IP options packets for a given protocol (MX Series)— Starting with Junos OS Release 15.1F6, you can configure logical queue-depth in the Packet Forwarding Engine for IP options packets for a given protocol. The queue-depth indicates the number of IP options packets which can be enqueued in the Packet Forwarding Engine logical queue, beyond which it would start dropping the packets.

Routing Protocols

  • Support for RFC 5492, Capabilities Advertisement with BGP-4—Beginning with Junos OS Release 15.1F5, BGP sessions can be established with legacy peers that do not support optional parameters, such as capabilities. In earlier Junos OS releases from 15.1R1 through 15.1R3 and 15.1F1 through 15.1F4, BGP sessions with legacy routers without BGP capabilities were not supported. Starting with Junos OS Release 15.1F5, support for BGP sessions with legacy routers without BGP capabilities is restored.

  • Timers of delay-route-advertisements are modified—Beginning with Junos OS Release 15.1F7, the range of the timer values of delay-route-advertisements has been increased to 36000 from 3600. The default value of route age, that is the maximum delay after route aggregates have been created has also been modified to 0. In earlier Junos releases, the default route age was 1200. The timer values of delay-route-advertisements are configured to avoid premature route advertisements that might result in traffic loss in a BGP session.

    [See delay-route-advertisements.]

  • Change in default behavior of router capability (MX Series)—In Junos OS Releases 15.1F7, 16.1R4,16.1X65, and 17.1R1 and later releases, router capability TLV distribution flag (S-bit), that controls IS-IS advertisements, will be reset, so that the segment routing capable sub-TLV is propagated throughout the IS-IS level and not advertised across IS-IS level boundaries.

  • New option to delay BGP route advertisements (MX Series)—Beginning with Junos OS Release 15.1F6, you can delay BGP route updates to its peers until the forwarding table is synchronized. This is to avoid premature route advertisements that might result in traffic loss. A new configuration statement delay-route-advertisements is available at the [edit routing-instances routing-instance-name protocols bgp group group-name family inet unicast] hierarchy level. You can configure both minimum and maximum delay periods to suit your network requirements.

    [See delay-route-advertisements.]

Services Applications

  • Anycast address 0/0 must not be accepted in the from-clause of Detnat rule (MX Series)—Starting with Junos OS release 15.1F5, for multiservices (ms-) interfaces, anycast configuration is not allowed as the source-address when translation type is deterministic NAT.

  • Change to show services nat pool command output—Starting in Junos OS Release 15.1F5, the show services nat pool command output includes this new field: AP-P port limit allocation errors. When AP-P is configured, this field indicates the number of out-of-port errors that are due to a configured limit for the number of allocated ports in the limit-ports-per-address statement at the [edit services nat pool nat-pool-name] hierarchy level.

  • Disabling NAT-traversal for IPsec-protected packets (MX Series)—Starting in Junos OS release 15.1F6, you can include the disable-natt statement at the [edit services ipsec-vpn] hierarchy level to disable NAT-traversal (NAT-T) on MX Series routers. When you disable NAT-T, the NAT-T functionality is globally switched off. Also, even when a NAT device is present between the two IPsec gateways, only Encapsulating Security Payload (ESP) is used when you disable NAT-T. When NAT-T is configured, IPsec traffic is encapsulated using the UDP header and port information provided for the NAT devices. By default, Junos OS detects whether either one of the IPsec tunnels is behind a NAT device and automatically switches to using NAT-T for the protected traffic. However, in certain cases, NAT-T support on MX Series routers might not work as desired. Also, you might require NAT-traversal to be disabled if you are aware that the network uses IPsec-aware NAT. In such cases, you can disable NAT-T.

  • Forwarding class and DSCP configuration for sampled packets (MX Series)—Starting with Junos Release OS 15.1F6, you can configure the forwarding class and the Differentiated Services Code Point (DSCP) mapping that is applied to exported packets for inline active flow monitoring. Configure forwarding-class class-name and dscp dscp-value at the [edit forwarding-options sampling instance instance-name family (inet | inet6) output flow-server hostname] hierarchy level.

    The dscp-value range is 0 through 63 (the default is 0). When the same flow-server is configured under both the inet and inet6 families in a sampling instance, use the same dscp value for both flow-server appearances.

    The dscp-value is overwritten by the CoS DSCP value if you configure dscp at the [edit class-of-service] hierarchy level.

  • Change in flow table size configuration—Starting in Junos OS Release 15.1F2, the default value for the ipv4-flow-table-size is 1024, and changing the value for the ipv4-flow-table-size or ipv6-flow-table-size statement does not initiate an automatic reboot of the FPC.

  • Deprecated security idp statements (MX Series)—The [edit security idp] configuration statements are deprecated for the MX Series for Junos OS Release 15.1F7.

Subscriber Management and Services (MX Series)

  • Local DNS configurations available when authentication order is set to none (MX Series)—Starting in Junos OS Release 15.1F2, subscribers get the DNS server addresses when both of the following are true:

    • The authentication order is set to none at the [edit access profile profile-name authentication-order] hierarchy level.

    • A DNS server address is configured locally in the access profile with the domain-name-server, domain-name-server-inet, or domain-name-server-inet6 statement at the [edit access profile profile-name] hierarchy level.

    In earlier releases, subscribers get an IP address in this situation, but not the DNS server addresses.

  • Support for longer CHAP challenge local names (MX Series)—Starting in Junos OS Release 15.1F4, the supported length of the CHAP local name is increased to 32 characters. In earlier releases, only eight characters are supported even though the CLI allows you to enter a longer name. You can configure the name with the local-name statement at the [edit dynamic-profiles profile-name interfaces pp0 unit “$junos-interface-unit” ppp-options] or [edit dynamic-profiles profile-name interfaces "$junos-interface-ifd-name" unit “$junos-interface-unit” ppp-options] hierarchy levels. The maximum length of the local name for PAP authentication remains unchanged at eight characters.

  • Increased maximum limits for accounting and authentication retries and timeouts (MX Series)—Starting in Junos OS Release 15.1F5, you can configure a maximum of 100 retry attempts for RADIUS accounting (accounting-retry statement) or authentication (retry statement). In earlier releases, the maximum value is 30 retries. You can also configure a maximum timeout of 1000 seconds for RADIUS accounting (accounting-timeout statement) or authentication (timeout statement). In earlier releases, the maximum timeout is 90 seconds.

    Note

    The maximum retry duration (the number of retries times the length of the timeout) cannot exceed 2700 seconds. An error message is displayed if you configure a longer duration.

  • Extended range for RADIUS request rate (MX Series)—Starting in Junos OS Release 15.1F6, the range for the request-rate statement at the [edit access radius-options] hierarchy level has been extended to 100 through 4000 requests per second. In earlier releases, the range is 500 through 4000 requests per second. The default value is unchanged at 500 requests per second.

  • Change in PPP keepalive interval for inline services subscribers (MX Series)—Starting in Junos OS Release 15.1F7, you can configure the PPP keepalive interval for subscriber services in the range 1 second through 600 seconds. Subscriber PPP keepalives are handled by the Packet Forwarding Engine. If you configure a value greater than 600 seconds, the number is accepted by the CLI, but the Packet Forwarding Engine limits the interval to 600 seconds. The interval is configured in a PPP dynamic profile with the interval statement at the [edit dynamic-profiles profile-name interfaces pp0 unit $junos-interface-unit keepalives] hierarchy level.

    In earlier Junos OS releases the range is from 1 second through 60 seconds. The Packet Forwarding Engine limits any higher configured value to an interval of 60 seconds.

    PPP keepalives for non-subscriber services are handled by the Routing Engine with an interval range from 1 second through 32,767 seconds.

System Logging

  • New JSERVICES system log messages (MX Series)—In Junos OS Release 15.1F6, you can configure MX Series routers with MS-MPCs to log the following messages:

    Table 1: JSERVICES System Logs

    Name

    System Log Message

    Description

    Severity

    JSERVICES_ALG_FTP_ACTIVE_ACCEPT

    softwire-string src-ip:src-port [xlated-src-ip:xlated-src-port]->[xlated-dst-ip: xlated-dst-port]dst-ip:dst-port (protocol-name)

    An FTP data connection from client to server is established. The matching packet contains the indicated information about its protocol name, application, source (logical interface name, IP address, and port number), and destination (IP address and port number). If the flow requires NAT services, NAT information appears in the message.

    LOG_NOTICE

    JSERVICES_ALG_FTP_PASSIVE_ACCEPT

    softwire-string src-ip:src-port [xlated-src-ip:xlated-src-port]->[xlated-dst-ip: xlated-dst-port]dst-ip:dst-port (protocol-name)

    An FTP data connection from server to client is established. The matching packet contains the indicated information about its protocol name, application, source (logical interface name, IP address, and port number), and destination (IP address and port number). If the flow requires NAT services, NAT information appears in the message.

    LOG_NOTICE

    JSERVICES_DROP_FLOW_DELETE

    softwire-string src-ip:src-port [xlated-src-ip:xlated-src-port]->[xlated-dst-ip: xlated-dst-port]dst-ip:dst-port (protocol-name)

    The session with the indicated characteristics is removed and it had drop flow. The NAT data is available in the message if the session requires NAT.

    LOG_NOTICE

    JSERVICES_ICMP_ERROR_DROP

    proto protocol-id (protocol-name), source-interface-name:source-address:source-port -> destination-address:destination-port, event-description

    The ICMP error packet was dropped because it did not belong to an existing flow.

    LOG_NOTICE

    JSERVICES_ICMP_HEADER_LEN_ERROR

    proto protocol-id (protocol-name), source-interface-name:source-address:source-port -> destination-address:destination-port, event-description

    The ICMP packet was discarded because the length field in the packet header was shorter than the minimum 8 bytes required for an ICMP packet.

    LOG_NOTICE

    JSERVICES_ICMP_PACKET_ERROR_LENGTH

    proto protocol-id (protocol-name), source-interface-name:source-address:source-port -> destination-address:destination-port, event-description

    The ICMP packet was discarded because the packet contained fewer than 48 bytes or more than 576 bytes of data.

    LOG_NOTICE

    JSERVICES_IP_FRAG_ASSEMBLY_TIMEOUT

    proto protocol-id (protocol-name), source-interface-name:source-address:source-port -> destination-address:destination-port, event-description

    The packet and all related IP fragments previously received were discarded because all fragments did not arrive within the reassembly timeout period of 4 seconds.

    LOG_NOTICE

    JSERVICES_IP_FRAG_OVERLAP

    proto protocol-id (protocol-name), source-interface-name:source-address:source-port -> destination-address:destination-port, event-description

    The packet was discarded because the contents of two fragments overlapped.

    LOG_NOTICE

    JSERVICES_IP_PACKET_CHECKSUM_ERROR

    proto protocol-id (protocol-name), source-interface-name:source-address:source-port -> destination-address:destination-port, event-description

    The packet was discarded because checksum was incorrect.

    LOG_NOTICE

    JSERVICES_IP_PACKET_DST_BAD

    proto protocol-id (protocol-name), source-interface-name:source-address:source-port -> destination-address:destination-port, event-description

    The packet was discarded because its destination address was either a multicast address or was in the range reserved for experimental use (248.0.0.0 through 255.255.255.254).

    LOG_NOTICE

    JSERVICES_IP_PACKET_FRAG_LEN_INV

    proto protocol-id (protocol-name), source-interface-name:source-address:source-port -> destination-address:destination-port, event-description

    The packet was discarded because the length of a fragment was invalid.

    LOG_NOTICE

    JSERVICES_IP_PACKET_INCORRECT_LEN

    proto protocol-id (protocol-name), source-interface-name:source-address:source-port -> destination-address:destination-port, event-description

    The IP packet is discarded because packet length was invalid.

    LOG_NOTICE

    JSERVICES_IP_PACKET_LAND_ATTACK

    proto protocol-id (protocol-name), source-interface-name:source-address:source-port -> destination-address:destination-port, event-description

    The packet was discarded because its source and destination address for the packet were the same (referred as land attack).

    LOG_NOTICE

    JSERVICES_IP_PACKET_LAND_PORT_ATTACK

    proto protocol-id (protocol-name), source-interface-name:source-address:source-port -> destination-address:destination-port, event-description

    The packet was discarded because its source and destination address for the packet were the same and also its source and destination ports were same (referred as land port attack).

    LOG_NOTICE

    JSERVICES_IP_PACKET_NOT_VERSION_4

    proto protocol-id (protocol-name), source-interface-name:source-address:source-port -> destination-address:destination-port, event-description

    The packet version was not IPv4.

    LOG_NOTICE

    JSERVICES_IP_PACKET_NOT_VERSION_6

    proto protocol-id (protocol-name), source-interface-name:source-address:source-port -> destination-address:destination-port, event-description

    The packet version was not IPv6.

    LOG_NOTICE

    JSERVICES_IP_PACKET_PROTOCOL_ERROR

    proto protocol-id (protocol-name), source-interface-name:source-address:source-port -> destination-address:destination-port, event-description

    The packet was discarded because it used invalid IP protocol.

    LOG_NOTICE

    JSERVICES_IP_PACKET_SRC_BAD

    proto protocol-id (protocol-name), source-interface-name:source-address:source-port -> destination-address:destination-port, event-description

    The packet was discarded because its source address was one of the following: (1) a multicast address (2) a broadcast address (3) in the range 248.0.0.0 through 255.255.255.254, which is reserved for experimental use.

    LOG_NOTICE

    JSERVICES_IP_PACKET_TTL_ERROR

    proto protocol-id (protocol-name), source-interface-name:source-address:source-port -> destination-address:destination-port, event-description

    The packet with the indicated characteristics is discarded because the packet had a time-to-live (TTL) value of zero.

    LOG_NOTICE

    JSERVICES_IP_PACKET_TOO_LONG

    proto protocol-id (protocol-name), source-interface-name:source-address:source-port -> destination-address:destination-port, event-description

    The packet was discarded because the packet contained more than 64 kilobytes (KB) of data (referred to as a ping-of-death attack).

    LOG_NOTICE

    JSERVICES_IP_PACKET_TOO_SHORT

    proto protocol-id (protocol-name), source-interface-name:source-address:source-port -> destination-address:destination-port, event-description

    The packet did not contain the minimum amount of data required.

    LOG_NOTICE

    JSERVICES_NO_IP_PACKET

    proto protocol-id (protocol-name), source-interface-name:source-address:source-port -> destination-address:destination-port, event-description

    Packet received was not an IPv4 or IPv6 packet.

    LOG_NOTICE

    JSERVICES_SYN_DEFENSE

    proto protocol-id (protocol-name), source-interface-name:source-address:source-port -> destination-address:destination-port, event-description

    The packet with the indicated characteristics was discarded because the TCP handshake that is used to establish a session did not complete within the set time limit. The time limit is set by the 'open-timeout' statement at the [edit interfaces <services-interface> services-options] hierarchy level. If the time limit is not set, the session uses the default timeout value.

    LOG_NOTICE

    JSERVICES_SFW_NO_POLICY

    source-ip:destination-ip No policy

    The stateful firewall received packets with the indicated source and destination addresses. There was no matching policy for the traffic.

    LOG_NOTICE

    JSERVICES_SFW_NO_RULE_DROP

    proto protocol-id (protocol-name), source-interface-name:source-address:source-port -> destination-address:destination-port, event-description

    The stateful firewall discarded the packet with the indicated characteristics, because the packet did not match any stateful firewall rules. In this case, the default action is to discard the packet. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).

    LOG_NOTICE

    JSERVICES_TCP_FLAGS_ERROR

    proto protocol-id (protocol-name), source-interface-name:source-address:source-port -> destination-address:destination-port, event-description

    The packet was discarded because the flags in the packet were set in one of the following combinations: (1) FIN and RST (2) SYN and one or more of FIN, RST, and URG.

    LOG_NOTICE

    JSERVICES_TCP_HEADER_LEN_ERROR

    proto protocol-id (protocol-name), source-interface-name:source-address:source-port -> destination-address:destination-port, event-description

    The packet was discarded because the length field in the packet header was shorter than the minimum 20 bytes required for a TCP packet.

    LOG_NOTICE

    JSERVICES_TCP_NON_SYN_FIRST_PACKET

    proto protocol-id (protocol-name), source-interface-name:source-address:source-port -> destination-address:destination-port, event-description

    The TCP packet was discarded because it was the first packet in the TCP session but the SYN flag was not set.

    LOG_NOTICE

    JSERVICES_TCP_PORT_ZERO

    proto protocol-id (protocol-name), source-interface-name:source-address:source-port -> destination-address:destination-port, event-description

    The packet was discarded because the source or destination port specified in the packet was zero.

    LOG_NOTICE

    JSERVICES_TCP_SEQNUM_AND_FLAGS_ZERO

    proto protocol-id (protocol-name), source-interface-name:source-address:source-port -> destination-address:destination-port, event-description

    The packet was discarded because the packet's sequence number was zero and no flags were set.

    LOG_NOTICE

    JSERVICES_TCP_SEQNUM_ZERO_FLAGS_SET

    proto protocol-id (protocol-name), source-interface-name:source-address:source-port -> destination-address:destination-port, event-description

    The packet was discarded because the packet's sequence number was zero and one or more of the FIN, PSH, and URG flags were set.

    LOG_NOTICE

    JSERVICES_UDP_HEADER_LEN_ERROR

    proto protocol-id (protocol-name), source-interface-name:source-address:source-port -> destination-address:destination-port, event-description

    The UDP packet was discarded because the length field in the packet header was shorter than the minimum 8 bytes required for an UDP packet.

    LOG_NOTICE

    JSERVICES_UDP_PORT_ZERO

    proto protocol-id (protocol-name), source-interface-name:source-address:source-port -> destination-address:destination-port, event-description

    The UDP packet was discarded as the source or destination port specified in the packet was zero.

    LOG_NOTICE

System Management

  • Change to process health monitor process (MX Series)—Starting in Junos OS Release 15.1F5, the process health monitor process (pmond) is enabled by default on the Routing Engines of MX Series routers, even if no service interfaces are configured. To disable the pmond process, include the disable statement at the [edit system processes process-monitor] hierarchy level.

Platform and Infrastructure

  • Egress Multicast Replication—Starting with Junos OS Release 16.1, you can enable egress multicast replication to optimize multicast traffic in a Junos Fusion. In egress multicast replication, multicast traffic is replicated on satellite devices, rather than on the aggregation device. If you have a large number of multicast receivers or high multicast bandwidth traffic, enabling egress multicast replication reduces the traffic on cascade port interfaces and reduces the load on the aggregation device. This can reduce the latency and jitter in packet delivery, decrease the number of problems associated with oversubscription, and prevent a traffic storm caused by flooding of unknown unicast packets to all interfaces.

    This feature is disabled by default. To enable egress multicast replication, use the local-replication statement in the the [edit forwarding-options satellite] hierarchy level. When you enable this feature, local replication is enabled on all satellite devices that are connected to the aggregation device. You cannot enable local replication for just a few selected satellite devices, specific bridge domains, or specific route prefixes.

    Egress multicast replication does not take effect with the following features (Junos Fusion replicates multicast traffic on the aggregation device and other multicast traffic will continue to be replicated on satellite devices):

    • Multicast support on pure layer 3 extended ports

    • MLD snooping on an IPv6 network

    Egress multicast replication is incompatible with the following features (the feature will not work together with egress multicast replication and you must choose either to enable egress multicast replication or to use the feature):

    • VLAN tag manipulations, such as VLAN tag translations, VLAN tag stacking, and VLAN per port policies. This can result in dropped packets caused by unexpected VLAN tags.

    • Multicast support for the extended ports on the edge side of Pseudowire connections in VPLS networks.

    • Multicast support for the extended ports on the edge side of EVPNs.

    • Multicast VPN deployments.

    • MPLS/BGP VPN deployments.

    • Features that perform egress actions on individual extended ports, such as egress local-port mirroring.

    Use the following new operational commands to display information related to this feature:

    • show bridge flood next-hops satellite

    • show bridge flood next-hops satellite nexthop-id nexthop-identifier

    • show bridge flood satellite

    • show bridge flood satellite bridge-domain-name domain-name

    • show bridge satellite device

    • show multicast ecid-mapping satellite

    • show multicast next-hops satellite

    • show multicast snooping next-hops satellite nexthop-id nexthop-identifier

    • show multicast snooping route satellite

    • show multicast snooping route satellite bridge-domain-name domain-name

    • show multicast snooping route satellite group group-id

    • show multicast statistics satellite

    • show multicast summary satellite

  • The length of TACACS messages allowed on JUNOS devices has been increased from 8150 to 65535 bytes. PR1147015

Virtual Chassis

  • SNMP MIB walk on MX Series Virtual Chassis —Starting with Junos OS Release 15.1F5, snmp mib walk operations no longer return invalid PCMCIA card information for Routing Engines on MX Series Virtual Chassis.

VPNs

  • Clear all Internet key exchange (IKE), traffic encryption key (TEK), key encryption key (KEK), and security associations (SAs) for group VPN (MX Series)—The clear security group-vpn member group CLI command has been introduced in the Release 15.1F3 of Junos OS for MX Series routers to clear all Internet key exchange (IKE), traffic encryption key (TEK), key encryption, and key (KEK) security associations (SAs) for a group VPN.

    user@host> clear security group-vpn member group