Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Junos OS Features Supported on cRPD

Features Supported on cRPD

cRPD inherits most of the routing features with the following considerations shown in Table 1.

Table 1: Supported Features on cRPD



BGP FlowSpec

Starting in Junos OS Release 20.3R1, BGP flow specification method is supported to prevent denial -of-service attacks on the cRPD environment.

[See Understanding BGP Flow Routes for Traffic Filtering.]


Starting in Junos OS Release 20.3R1, EVPN-VPWS is supported to provide VPWS with EVPN signaling mechanisms on cRPD.

[See Overview of VPWS with EVPN Signaling Mechanisms.]


Starting in Junos OS Release 20.3R1, EVPN Type 5 is supported for EVPN/MPLS.

[See EVPN Type-5 Route with MPLS encapsulation for EVPN-MPLS.]

Segment routing

Starting in Junos OS Release 20.3R1, Segment routing support for OSPF and IS-IS protocols to provide basic functionality with Source Packet Routing in Networking (SPRING).

[See Understanding Source Packet Routing in Networking (SPRING).]

Layer 2 VPN

Starting in Junos OS Release 20.3R1, support for Layer 2 circuit to provide Layer 2 VPN and VPWS with LDP signaling.

[See Configuring Ethernet over MPLS (Layer 2 Circuit).]


Starting in Junos OS Release 20.3R1, support for MPLS to provide LDP signaling protocol configuration with the control plane functionality.

[See Understanding the LDP Signaling Protocol.]


Starting in Junos OS Release 20.4R1, we support only external event policies. You can enable these policies in cRPD. In cRPD, eventd and rsyslogd run as independent processes. The eventd process provides eventinterface to processes such as rpd, auditd, and mgd and supports automated event policy execution.

Use the set event-options policy policy name events [events] then command to enable an event policy and restart event-processing to restart event processing.

By default, Python 3.x support is enabled with existing on-box Python or SLAX functions in the cRPD environment.

Use the [edit system scripts language python3] hierarchy level to enable and to support Python event automation.

[See event-options and event-policy.]

Authentication, authorization, and accounting

Starting in cRPD Release 21.1R1, you can configure local and remote authorizations on RADIUS and TACPLUS servers at the [edit system services ssh] hierarchy level.

We support the following features:

  • Local authentication and local authorization

  • TACACS+ authentication, authorization and accounting

  • User template support

  • Support for operational commands and regular expressions

  • Local authentication and remote authorization

[See password-options, tacplus, and radius (System).]

SRv6 network programming in IS-IS

Starting in cRPD Release 21.1R1, you can configure to enable basic segment routing functionalities in a core IPv6 network for both route reflector role and host routing roles.

You can enable SRv6 network programming in an IPv6 network at the [edit source-packet-routing] hierarchy level.

A Segment Identifier consists of the following parts:

  • Locator— Locator is the first part of a SID that consists of the most significant bits representing the address of a particular SRv6 node. The locator is very similar to a network address that provides a route to its parent node. The IS-IS protocol installs the locator route in the inet6.0 routing table. IS-IS routes the segment to its parent node, which subsequently performs a function defined in the other part of the SRv6 SID. You can also specify the algorithm associated with this locator.

  • Function—The other part of the SID defines a function that is performed locally on the node that is specified by the locator. There are several functions that have already been defined in the Internet draft draft-ietf-spring-srv6-network-programming-07draft, SRv6 Network Programming. However, we have implemented the following functions that are signalled in IS-IS. IS-IS installs these function SIDs in the inet6.0 routing table.

    • End— An endpoint function for SRv6 instantiation of a Prefix SID. It does not allow for decapsulation of an outer header for the removal of an SRH. Therefore, an End SID cannot be the last SID of a SID list and cannot be the Destination Address (DA) of a packet without an SRH.

    • End.X— An endpoint X function is an SRv6 instantiation of an adjacent SID. It is a variant of the endpoint function with Layer 3 cross-connect to an array of Layer 3 adjacencies.


    The support for flavor (specifies end sid behavior) and flexible algorithm options is not available for configuring end sids.

[See source-packet-routing].

Increase ECMP next-hop limit

Starting in cRPD Release 21.1R1, you can specify the multipath next-hop limit at the [edit routing-options maximum-ecmp] hierarchy level. This helps to load-balance the traffic over multiple paths. The default ECMP next-hop limit is 16.

[See routing-options-max-ecmp and Hash Field Selection for ECMP Load Balancing on Linux].

EVPN Type 5 with VXLAN

Starting in cRPD Release 21.1R1, we support EVPN Type 5 Route over VXLAN for both IPv4 and IPv6 prefix advertisements.

[See EVPN Type-5 Route with VXLAN encapsulation for EVPN-VXLAN].