Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
  
[+] Expand All
[-] Collapse All

Changes in Behavior and Syntax

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 16.1R1 for MX Series.

General Routing

  • New option introduced under show | display xml | display—Starting in Junos OS 16.1R1, you can use the show | display xml | display | mark-changed statement to view the "mark-changed" status of the nodes. This is useful for debugging purpose.
  • Enhancement to request support information command—Starting in Junos OS Release 16.1R1, the request support information command is enhanced to capture the following additional details:
    • file list detail/var/rundb/—Displays the size of configuration databases.
    • show system configuration database usage—Displays the actual usage of configuration database.

      Note: This information will be displayed only if the show system configuration database usage command is supported in the release.

    • file list detail /config/—Contains the db_ext file and shows the size of it to indicate whether extend_size is enabled or disabled.
  • Modified output of the clear services sessions | display xml command (MX Series)—In Junos OS Release 16.1, the output of the clear services sessions | display xml command is modified to include the <sess-marked-for-deletion> tag instead of the <sess-removed> tag. In releases before Junos OS Release 14.1X55-D30, the output of this command includes the <sess-removed> tag. The replacement of the <sess-removed> tag with the <sess-marked-for-deletion> tag aims at establishing consistency with the output of the clear services sessions command that includes the field Sessions marked for deletion.

Interfaces and Chassis

  • Change in enforcement of vtmapping restriction for Channelized OC3/STM1 (Multi-Rate) Circuit Emulation MIC with SFP (H)—Starting with Junos OS Release 16.1, a commit error occurs when you include the vtmapping statement under the [edit interfaces interface-name sonet-options] hierarchy for cau4 interfaces on the Channelized OC3/STM1 (Multi-Rate) Circuit Emulation MIC with SFP (H). Prior to Junos OS Release 16.1R1, a commit error was not displayed when this restriction was violated.

Junos FIPS

  • Change in range of client alive messages for SSH—Starting with Junos OS Release 16.1R1, you can configure 0 through 255 as the range for configuring the number of client alive messages that can be sent without sshd receiving any messages back from the client. In releases before Junos OS Release 16.1R1, the range for configuring client alive messages is 1 through 255.

    [See client-alive-count-max. ]

  • Change in default configuration for root login through SSH—Starting with Junos OS Release 16.1R1, deny-password is the default option at the [edit system services ssh root-login] hierarchy level. That is, by default, users are allowed to log in to the router or switch as root through SSH when the authentication method does not require a password. In releases before Junos OS Release 16.1R1, the allow is the default option at the [edit system services ssh root-login] hierarchy level.

    [See root-login and Configuring SSH Service for Remote Access to the Router or Switch.]

Junos OS XML API and Scripting

  • Support for a configuration revision identifier to enable NMS determine synchronization status of devices (MX Series)—Starting in Junos OS Release 16.1, a configuration revision identifier string, the <commit-revision-information> tag, is supported within the <commit-results> tag. The configuration revision identifier is used to determine whether the configuration settings on devices being managed by a network management server (NMS) application is in synchronization (sync) with the CLI of devices running Junos OS. In a real- world network deployment, out-of-band configuration commits might occur on a device, such as during a maintenance window for support operations. In such cases, the NMS application queries Junos OS to retrieve the latest revision number and compares it against the revision number stored locally to validate whether it is out-of-sync or in-sync with the device to detect the out-of-band commits.

Layer 2 Features

  • Discrepancy in the reported BUM traffic—There is a discrepancy in the amount of BUM traffic reported on the aggregated Ethernet (AE) link between a designated forwarder (DF) and non-DF router. In an active-active configuration, the interface on the router in a DF role reports receiving twice as many packets as was sent from the interface of the router in a non-DF role.

  • Option to display the age of a single MAC entry—Beginning with Junos OS Release 16.1, a new option age is added to the command show vpls mac table to display the age of a single MAC address for a given VPLS instance. For GE interfaces, age displays the MAC address aging time for a given VPLS instance. For AE interfaces, the age is reported for a given VPLS instance, separately for all the line cards.

    [See show vpls mac-table.]

  • Option to display the age of a single MAC entry—Beginning with Junos OS Release 16.1, a new option age is added to the command show bridge mac table to display the age of a single MAC address for a given bridge. For GE interfaces, age displays the MAC address aging time for a given bridge instance. For AE interfaces, the age is reported for a given bridge instance, separately for all the line cards.

    [See show bridge mac-table.]

  • Option to display the age of a single MAC entry—Beginning with Junos OS Release 16.1, a new option age is added to the command show evpn mac table to display the age of a single MAC address for a given evpn instance.

    [See show evpn mac-table.]

  • Support for configuring MAC move parameters globally (MX Series)—Starting in Junos OS Release 16.1, you can configure parameters for media access control (MAC) address move reporting by including the global-mac-move statement and its substatements at the [edit protocols l2-learning] hierarchy level. When a MAC address appears on a different physical interface or within a different unit of the same physical interface and this behavior occurs frequently, it is considered a MAC move. You can configure the router to report a MAC address move based on the following parameters: the number of times a MAC address move occurs, a specified period of time over which the MAC address move occurs, and the specified number of times a MAC address move occurs in one second.

MPLS

  • LSPs displayed in lexicographic order (MX Series)—Starting with Junos OS Release 16.1, the LSPs are displayed in lexicographic order in the output of the show mpls lsp command. In earlier releases, this command displayed the LSPs in the order in which they were configured.
  • Inline BFD support on IRB interfaces (MX Series routers with MPCs or MICs)—Starting with Junos OS Release 16.1, the inline BFD sessions transmitted or received from FPC hardware are supported on integrated routing and bridging (IRB) interfaces. This enhancement is available only on MX Series routers with MPCs/MICs that have configured the enhanced-ip option.
  • Point-to-multipoint LSP ping echo reply ignored on Juniper side in Cisco-Juniper interoperability (MX Series)—Curently, in a Juniper-Cisco interoperation network scenario, a point-to-multipoint LSP ping echo reply message from a Cisco device in a different IGP area is dropped on the Juniper device when the source address of the reply message is an interface address other than the loopback address or router ID.

    Starting with Junos OS Release 14.2R6, 15.1R4, 16.1, and later releases, such point-to-multipoint LSP ping echo reply messages are accepted by the Juniper device and the messages get logged as uncorrelated responses.

  • Support for RESV message formats recommended in RFC 6510 (MX Series)—Starting with Junos OS 16.1, Junos RSVP adheres to the RESV message format recommended in RFC 6510 to indicate per LSP and per S2L operational status.

Network Management and Monitoring

  • Updated unified container set in enterprise-specific Chassis MIB (MX Series)—Starting with Junos OS Release 16.1, the Juniper Networks enterprise-specific Chassis MIB (jnxBoxAnatomy) provides a unified container set that represents all supported MX Series chassis types when MX Series Virtual Chassis mode is active.
  • New lease query and bulk lease query definitions for the DHCP MIB (MX Series)—Starting in Junos OS Release 16.1R1, the DHCP mib, jnx-jdhcp.mib, now includes the following definitions to collect statistics for DHCP lease query and bulk lease query messages for DHCP local server and DHCP relay:

    In jnxJdhcpLocalServerStatistics

    In jnxJdhcpRelayStatistics

    jnxJdhcpLocalServerLeaseQueryReceived

    jnxJdhcpRelayLeaseQuerySent

    jnxJdhcpLocalServerBulkLeaseQueryReceived

    jnxJdhcpRelayBulkLeaseQuerySent

    jnxJdhcpLocalServerLeaseActiveSent

    jnxJdhcpRelayLeaseActiveReceived

    jnxJdhcpLocalServerLeaseUnknownSent

    jnxJdhcpRelayLeaseUnknownReceived

    jnxJdhcpLocalServerLeaseUnAssignedSent

    jnxJdhcpRelayLeaseUnAssignedReceived

    jnxJdhcpLocalServerLeaseQueryDoneSent

    jnxJdhcpRelayLeaseQueryDoneReceived

  • SNMP proxy feature (MX Series)—Starting with Junos OS Release 16.1, you must configure interface <interface-name> statement at the [edit snmp] hierarchy level for the proxy SNMP agent. Earlier, configuring interface for the proxy SNMP agent was not mandatory.
  • Change in the output of snmp mib walk of the jnxVpnIfStatus MIB object (MX Series)—Starting with Junos OS Release 16.1R1, the show snmp mib walk jnxVpnIfStatus command provides information for all interfaces, except the Juniper Networks specific dynamic interfaces.

Routing Policy and Firewall Filters

  • New policy actions to set and modify AIGP attribute (MX Series)—Beginning with Junos OS 16.1, a new policy action metric-aigp is added to configure the accumulated interior gateway protocol (AIGP) metric value as the IGP metric and aigp-adjust is introduced to modify this configured accumulated interior gateway protocol (AIGP) attribute at the [edit policy-options policy statement policy-name term term-name then] and [edit policy-options policy-statement policy-name then] hierarchy levels. You can make minor adjustments on the AIGP from another AS or for scaling from one IGP domain to another.

    [See aigp-adjust.]

Routing Protocols

  • New option to configure the bandwidth-based metric (MX Series)—Beginning with Junos OS Release 16.1, you can configure the delay time that the IS-IS takes before replacing the metric with a new metric value when the bundle changes from a worse metric to a better metric. The new configuration option interface-group-holddown-delay is available at the [edit protocols isis interface interface-name] hierarchy level.

    A new show command show isis interface-group displays the status information for the specified interface group.

    [See show isis interface-group.]

  • New option to configure IPv6 router advertisement preference (MX Series)—Beginning with Junos OS Release 16.1, you can configure preference for routers, which is communicated to IPv6 hosts through router advertisements. A new configuration statement preference is introduced at the [edit protocols router-advertisement interface interface-name] hierarchy level.

    [See preference.]

  • Change in command output for system statistics for IP and IP6—Beginning with Junos OS Release 16.1, the output of show system statistics ip and show system statistics ip6 operations commands is modified. The output now displays the field fragment sessions dropped (queue overflow) for IP instead of fragments dropped (queue overflow), and fragment sessions dropped (queue overflow) for IP6, instead of fragments that exceeded limit.
  • New option to delay BGP route advertisements (MX Series)—Beginning with Junos OS Release 15.1F6, you can delay BGP route updates to its peers until the forwarding table is synchronized. This is to avoid premature route advertisements that might result in traffic loss. A new configuration statement delay-route-advertisements is available at the [edit routing-instances routing-instance-name protocols bgp group group-name family inet unicast] hierarchy level. You can configure both minimum and maximum delay periods to suit your network requirements.

    [See delay-route-advertisements.]

Security

  • Changes to DDoS protection protocol group and packet type support (MX Series)—Starting in Junos OS Release 16.1, the following changes have been made to the protocols statement at the [edit system ddos-protection] hierarchy level and to the output of the show ddos-protection protocols command:
    • Removed the firewall-host protocol group.
    • Removed the unclassified packet type from the mcast-snoop protocol group.
    • Added the unclassified packet type to the tcp-flags protocol group.

Services Applications

  • Class pcp-logs and alg-logs are not configured for ms-interface (MX Series)—Starting with Junos OS Release 16.1R1, for multiservices (ms-) interfaces, you cannot configure system logging for PCP and ALGs by including the pcp-logs and alg-logs statements at the [edit services service-set service-set-name syslog host hostname class] hierarchy level. An error message is displayed if you attempt to commit a configuration that contains the pcp-logs and alg-logs options to define system logging for PCP and ALGs for ms- interfaces.
  • Support for configuring maximum number of measured video flows—Starting in Junos OS Release 16.1, you can configure the maximum number of video flows that can be measured at a time. To configure the maximum number of flows measured, include the flow-table-size max-flows statement at the [edit chassis fpc slot inline-video-monitoring] hierarchy level.

    [See Configuring Inline Video Monitoring.]

  • Anycast address 0/0 must not be accepted in the from-clause of Detnat rule (MX Series)—Starting with Junos OS Release 16.1R1, for multiservices (ms-) interfaces, anycast configuration is not allowed as the source-address when translation type is deterministic NAT.
  • Disabling NAT-traversal for IPsec-protected packets (MX Series)—Starting in Junos OS release 16.1R1, you can include the disable-natt statement at the [edit services ipsec-vpn] hierarchy level to disable NAT-traversal (NAT-T) on MX Series routers. When you disable NAT-T, the NAT-T functionality is globally switched off. Also, even when a NAT device is present between the two IPsec gateways, only Encapsulating Security Payload (ESP) is used when you disable NAT-T. When NAT-T is configured, IPsec traffic is encapsulated using the UDP header, and port information is provided for the NAT devices. By default, Junos OS detects whether either one of the IPsec tunnels is behind a NAT device and automatically switches to using NAT-T for the protected traffic. However, in certain cases, NAT-T support on MX Series routers might not work as desired. Also, you might require NAT-traversal to be disabled if you are aware that the network uses IPsec-aware NAT. In such cases, you can disable NAT-T.
  • Exclude interfaces support in flowspec (rpd-infra) (MX Series)—Starting release 16.1, Junos OS excludes applying the flowspec filter to traffic received on specific interfaces. A new term is added at the beginning of the flowspec filter that accepts any packet received on these specific interfaces. The new term is a variable that creates an exclusion list of terms attached to the forwarding table filter as a part of the flow specification filter.

    To exclude the flowspec filter from being applied to traffic received on specific interfaces, you must first configure a group-id on such interfaces by including the family inet filter group group-id statement at the [edit interfaces] hierarchy level, and then attach the flowspec filter with the interface group by including the flow interface-group group-id exclude statement at the [edit routing-options] hierarchy level. You can configure only one group-id per routing instance with the set routing-options flow interface-group group-id statement.

Software Installation and Upgrade

  • Asia/Kolkata option replaces Asia/Calcutta option in time-zone statement—Beginning with Junos OS Release 16.1, the time-zone statement has replaced the Asia/Calcutta option with Asia/Kolkata.

  • request system software add command options updated (MX Series)—As of Junos OS Release 16.1, the upgrade-with-config-format option in the request system software add command is removed. The upgrade-with-config option applies to the file indicated. Specify .text or .xml. The upgrade-with-config option does not accept files with the extension .txt.

Subscriber Management and Services

Note: Although present in the code, the subscriber management features are not supported in Junos OS Release 16.1R1. Documentation for subscriber management features is included in the Junos OS Release 16.1 documentation set.

  • Including termination reason for user logout events (MX Series)—Starting in Junos OS Release 16.1, when the you enable the user-access flag at the [edit system processes general-authentication-service traceoptions] hierarchy level, the system log messages generated for authd include a termination reason for user logout events. In earlier releases, the log does not report any termination reasons.

    Sample output before the behavior change:

    Aug  2 15:10:28.181293 UserAccess:zf@example.com session-id:19 state:log-out ge-1/1/0.100:100-1

    Sample output after the behavior change:

    Aug  6 21:15:55.106031 UserAccess:zf@example.com session-id:3 state:log-out ge-1/2/0.1:1 reason: ppp lcp-peer-terminate-term-req
    Aug  6 21:16:42.654181 UserAccess:user234@example.com session-id:4 state:log-out ge-1/2/0.1:1 reason: ppp lower-interface-down
    Aug  6 21:17:43.991585 UserAccess:duser9five@example.com session-id:5 state:log-out ge-1/2/0.1:1 reason: aaa shutdown-session-timeout
    
  • Change in support for L2TP statistics-related commands (MX Series)—Starting in Junos OS Release 16.1, statistics-related show services l2tp commands cannot be issued in parallel with clear services l2tp commands from separate terminals. In earlier releases, you can issue these show and clear commands in parallel. Now, when any of these clear commands is running, you must press Ctrl+c to make the clear command run in the background before issuing any of these show commands.

    Note: You cannot run multiple clear services l2tp commands from separate terminals. This behavior is unchanged.

    [See clear services l2tp destination, clear services l2tp session, and clear services l2tp tunnel.]

  • Support for longer CHAP challenge local names (MX Series)—Starting in Junos OS Release 16.1, the supported length of the CHAP local name is increased to 32 characters. In earlier releases, only 8 characters are supported even though the CLI allows you to enter a longer name. You can configure the name with the local-name statement at the [edit dynamic-profiles profile-name interfaces pp0 unit “$junos-interface-unit” ppp-options] or [edit dynamic-profiles profile-name interfaces "$junos-interface-ifd-name" unit “$junos-interface-unit” ppp-options] hierarchy level. The maximum length of the local name for PAP authentication remains unchanged at 8 characters.

    [See Configuring the PPP Challenge Handshake Authentication Protocol.]

  • Local DNS configurations available when authentication order is set to none (MX Series)—Starting in Junos OS Release 16.1, subscribers get the DNS server addresses when both of the following are true:
    • The authentication order is set to none at the [edit access profile profile-name authentication-order] hierarchy level.
    • A DNS server address is configured locally in the access profile with the domain-name-server, domain-name-server-inet, or domain-name-server-inet6 statement at the [edit access profile profile-name] hierarchy level.

    In earlier releases, subscribers get an IP address in this situation, but not the DNS server addresses.

  • Increased maximum limits for accounting and authentication retries and timeouts (MX Series)—Starting in Junos OS Release 16.1, you can configure a maximum of 100 retry attempts for RADIUS accounting (accounting-retry statement) or authentication (retry statement). In earlier releases, the maximum value is 30 retries. You can also configure a maximum timeout of 1000 seconds for RADIUS accounting (accounting-timeout statement) or authentication (timeout statement). In earlier releases the maximum timeout is 90 seconds.

    Note: The maximum retry duration (the number of retries times the length of the timeout) cannot exceed 2700 seconds. An error message is displayed if you configure a longer duration.

    [See Configuring Router or Switch Interaction with RADIUS Servers.]

  • Change in Routing Engine-based CPCD (MX Series)—Starting in Junos OS Release 16.1, you must specify a URL with the redirect statement. You must also specify destination-address address with the rewrite statement. In earlier releases, you can successfully commit the configuration without these options.
  • Change in displayed value of LCP State field for tunneled subscriber sessions (MX Series)—Starting in Junos OS Release 16.1, when a subscriber session has been tunneled from the LAC to the LNS, the LCP State field displayed by the show interfaces pp0.unit command has a value of Stopped, which correctly reflects the actual state of the LCP negotiation (because at this stage LCP is terminated at the LNS).

    In earlier releases, this field incorrectly shows a value of Opened, reflecting the state of LCP negotiation before tunneling started. In earlier releases, you must issue the show ppp interface.unit command to display the correct LCP state.

  • Improved result code reporting in stopCCN and CDN messages (MX Series)—Starting in Junos OS Release 16.1, the LAC provides more accurate result codes and always includes error messages in the Result-Error Code AVP (1) included in the stopCCN and CDN messages that it sends to the LNS. Packet captures display the relevant information in the Result code, Error code, and Error Message fields of the AVP.

    In earlier releases, the result code is does not provide sufficient information about the cause of the event, and the error message is omitted for some result codes.

  • Syntax change for the show ancp neighbor command (MX Series)—Starting in Junos OS 16.1, to specify a neighbor for display, the show ancp neighbor command allows you to enter either an IP address or a MAC address for the neighbor:
    show ancp neighbor <brief | detail> <ip-address ip-address | system-name mac-address>

    In earlier releases, the CLI permitted you to use enter both an IP address and a MAC address to specify a neighbor.

  • Changes to show ancp subscriber and clear ancp subscriber commands (MX Series)—Starting in Junos OS Release 16.1, multiple simultaneous filtering options are no longer allowed for the show ancp neighbor, show ancp subscriber, and clear ancp subscriber commands. In earlier releases, you can issue commands with both the identifier and neighbor options or both the ip-address and system-name options on the same line. Now you can enter only one of these options at a time.

    To improve consistency, the neighbor option has been replaced with ip-address for the show ancp subscriber command, to match the show ancp neighbor, clear ancp neighbor, and clear ancp subscriber commands. For example, to display information about subscribers connected to a specific access node identified by its address, use the show ancp subscriber ip-address ip-address command; in earlier releases you use the show ancp subscriber neighbor ip-address command.

    The system-name mac-address option is now available for the show ancp subscriber and clear ancp subscriber commands.

  • Enhancements to test aaa statements for VLAN-OOB subscribers (MX Series)—Starting in Junos OS Release 16.1, you can use the no-address-request option with the test aaa dhcp user and test aaa ppp user statements for testing subscribers in a Layer 2 scenario where no address allocation request is required.

    The output of these two statements now displays two additional user attributes. Dynamic Profile is the name of the profile received in the Client-Profile-Name VSA (26-174). Routing Instance is the name of the routing instance conveyed by the Virtual-Router VSA (26-1). The existing Virtual Router Name attribute is the locally configured name of the logical system.

    [See Testing a Subscriber AAA Configuration.]

  • Subscriber secure policies and service change of authorization requests (MX Series)—Starting in Junos OS Release 16.1, a subscriber secure policy cannot be instantiated by a CoA that includes any other subscriber service activation or deactivation. Use a separate CoA to apply a subscriber secure policy.
  • Change to the show network-access aaa commands (MX Series)—Starting in Junos OS Release 16.1, the outputs from the show network-access aaa statistics authentication detail command and the show network-access aaa radius-servers detail command have changed as follows:
    • The Accounting request timeouts field displayed by the show network-access aaa statistics authentication detail command has been renamed to Timed out requests.
    • The Round Trip Time field of the show network-access aaa radius-servers detail command has been renamed to Last Round Trip Time.
  • Change to using the UID as part of a variable expression (MX Series)—Starting in Junos OS Release 16.1, you cannot use the UID (the unique identifier of variables defined in dynamic profiles) as part of a variable expression, because the hierarchy of evaluation is as follows:
    • The user variable expressions are first evaluated for the UIDs to be resolved.
    • If the expression contains UIDs, it might result in unpredictable results.

    Using a variable expression with a UID now results in a commit check failure.

  • Subscriber management support for rpd in 64-bit mode (MX Series)—Starting in Junos OS Release 16.1, subscriber management is now supported when the routing protocol daemon (rpd) is running in 64-bit mode. In earlier releases, subscriber management support required rpd to run in 32-bit mode.

System Logging

  • Support for system log message: UI_SKIP_SYNC_OTHER_RE (MX Series)—Starting with Junos OS Release 16.1R1, configuration synchronization with a remote Routing Engine is skipped when the configuration is already in sync with another Routing Engine with database revision.

    Note: This system log message is generated when the graceful Routing Engine switchover feature is enabled.

    This system log message reports an event, not an error, and has notice as Severity and LOG_AUTH as Facility.

    [See Understanding Graceful Routing Engine Switchover in the Junos OS.]

System Management

  • Change to process health monitor process (MX Series)—Starting in Junos OS Release 15.1R2, the process health monitor process (pmond) is enabled by default on the Routing Engines of MX Series routers, even if no service interfaces are configured. To disable the pmond process, include the disable statement at the [edit system processes process-monitor] hierarchy level.

    [See process-monitor.]

  • New option to suppress ARP response from kernel to non-subscribers—Beginning with Junos OS Release 13.3R9, you can suppress the ARP response from the kernel when there is an ARP request for a loopback interface from non-subscribers. To drop ARP requests from non-subscribers, include the non-subscriber-no-response statement at the [edit system arp] hierarchy level.

    [See non-subscriber-no-response.]

User Interface and Configuration

  • New default implementation for serialization for JSON configuration data (MX Series)—Starting with Junos OS Release 16.1, the default implementation for serialization for configuration data emitted in JavaScript Object Notation (JSON) has changed. The new default is as defined in Internet drafts draft-ietf-netmod-yang-json-09, JSON Encoding of Data Modeled with YANG, and draft-ietf-netmod-yang-metadata-06, Defining and Using Metadata with YANG.

    [See Mapping Junos OS Configuration Statements to JSON.]

  • output-file-name option for show system schema command is deprecated (MX Series)—Starting with Junos OS Release 16.1, the output-file-name option for the show system schema operational command is deprecated. To direct the output to a file, use the output-directory option and specify the directory. By default, the filename for the output file uses the module name as the filename base and the format as the filename extension. If you also include the module-name option in the command, the specified module name is used for both the name of the generated module and for the filename base for the output file.

    [See show system schema.]

Related Documentation

Modified: 2017-07-24