Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Network Management and Monitoring

  • Ephemeral configuration database support for load update operations (EX9200, MX5, MX10, MX80, MX204, MX240, MX480, MX960, MX2008, MX2010, MX2020, MX10003, MX10008, MX10016, and vMX)—Starting in Junos OS Release 21.1R1, NETCONF and Junos XML protocol client applications can configure the ephemeral configuration database using a load update operation. To perform a load update operation, set the <load-configuration> action attribute to update.

    [See <load-configuration>.]

  • Ephemeral configuration database support for synchronous commit synchronize operations on dual Routing Engine devices (MX240, MX480, MX960, MX2010, MX2020, MX10003, MX10008, and MX10016)—Starting in Junos OS Release 21.1R1, you can configure the ephemeral database to execute commit synchronize operations using a synchronous commit model on dual Routing Engine devices. The synchronous commit model enables you to reliably use the ephemeral database on devices that have graceful Routing Engine switchover (GRES) or non-stop routing (NSR) enabled. To use the synchronous commit model for the ephemeral database, configure the commit-synchronize-model synchronous statement at the [edit system configuration-database ephemeral] hierarchy level.

    [See Understanding the Ephemeral Configuration Database.]

  • Operational command RPCs support returning JSON and XML output in minified format in NETCONF sessions (ACX1000, ACX1100, ACX2100, ACX4000, ACX5048, ACX5096, ACX5448, EX2300, EX3400, EX4300, EX4400-24P, EX4400-24T, EX4400-48F, EX4400-48P, EX4400-48T, EX4600, EX4650, EX9200, MX104, MX204, MX240, MX480, MX960, MX2008, MX2010, MX2020, MX10003, MX10008, MX10016, PTX1000, PTX5000, PTX10001, PTX10002, PTX10008, PTX10016, QFX5100, QFX5110, QFX5120, QFX5200, QFX5210, QFX10002, QFX10002-60C, QFX10008, QFX10016, SRX550HM, SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, SRX5800, vMX, and vSRX)—Starting in Junos OS Release 21.1R1, operational command RPCs, including the <get-configuration> RPC, support the format="json-minified" and format="xml-minified" attributes in NETCONF sessions to return JSON or XML output in minified format. Minified format removes any characters that are not required for computer processing—for example, unnecessary spaces, tabs, and newlines. Minified format decreases the size of the data, and as a result, can reduce transport costs as well as data delivery and processing times.

    [See Specifying the Output Format for Operational Information Requests in a NETCONF Session.]

  • SNMP support for carrier-grade NAT PBA monitoring (MX Series)—Starting in Junos OS Release 21.1R1, you can get port block allocation (PBA) information about MS-MPC and unified services framework (USF)MX-SPC3 - related aspects using two new MIB objects and two new MIB tables:

    • New MIB object jnxNatSrcNumAddressMapped under the MIB table jnxSrcNatStatsTable, and a new MIB table jnxNatPbaStatsTable to get information about MS-MPC-PIC and MS-MIC

    and

    • New MIB object jnxJsNatSrcNumAddressMapped under the MIB table jnxJsSrcNatStatsTable,and a new MIB table jnxJsNatPbaStatsTable to get information about MX-SPC3.

    [See SNMP MIBs and Traps Supported by Junos.]

  • sFlow support for IP-IP traffic (PTX1000, PTX10008, and QFX10002)—Starting in Junos OS Release 21.1R1, you can use sFlow technology to sample IP over IP (IP-IP) traffic on a physical port. sFlow sampling is supported for IP-IP tunnels that have an IPv4 outer header that carry IPv4 or IPv6 traffic. You can use sFlow monitoring technology to randomly sample network packets from IP-IP tunnels and to send the samples to a destination collector for monitoring. Devices that act as an IP-IP tunnel entry point, transit device, or tunnel endpoint support sFlow sampling.

    [See Overview of sFlow Technology and Configuring IP Tunnel Interfaces.]

  • sFlow support for IP-IP traffic (MX240, MX480, and MX960)—Starting in Junos OS Release 21.1R1, you can use sFlow technology to sample egress sFlow for IP over IP (IP-IP) traffic at the tunnel entry point, transit device, and tunnel endpoint on a physical port. sFlow sampling is supported for IP-IP tunnels with an IPv4 outer header that carry IPv4 or IPv6 traffic. Tunnel header encapsulation is done by either dynamic tunnel or FTI (Flexible Tunnel Interface). You can use sFlow monitoring technology to randomly sample network packets from IP-IP tunnels and to send the samples to a destination collector for monitoring.

    [See Overview of sFlow Technology and Configuring IP Tunnel Interfaces.]

  • HMAC-SHA-2 authentication protocol support for users of SNMPv3 USM (MX Series and SRX Series)—Starting in Junos OS Release 21.1R1, you can configure HMAC-SHA-2 authentication protocols for users of the SNMPv3 user-based security model (USM) with the following new CLI configuration statements:

    • authentication-sha224
    • authentication-sha256
    • authentication-sha384
    • authentication-sha512

    We’ve introduced these statements for local-engine users at [edit snmp v3 usm local-engine user username] and for remote-engine users at [set snmp v3 usm remote-engine engine-id user user-name].

    [See authentication-sha224, authentication-sha256, authentication-sha348, and authentication-sha512.]

  • Log profiles and templates for customized logging (cSRX, SRX300, SRX320, SRX340, SRX345, SRX380, SRX550HM, SRX1500, SRX4100, SRX4200, SRX4600, SRX5800, and vSRX)—Starting in Junos OS Release 21.1R1, you can configure log profiles and log templates for a policy. Use the configuration statement profile to select a log profile for a policy at the [edit security log profile] hierarchy level, and use the configuration statement template to select a predefined log template for a policy at the [edit security log profile profile-name template] hierarchy level. From this release, you can track the application tracking logs using the set security application-tracking log-session-create, set security application tracking log-session-close, set security application-tracking session-update-interval, set security application-tracking no-volume-updates, and set services application-identification no-application statistics commands. Unified threat management (UTM) features also support the log profiles and templates for customized logging.

    [See profile (security), application-tracking, application-identification, and show security log profile.]

  • Remote port mirroring to IPv6 address (GRE encapsulation)( EX4650, EX4650-48Y-VC, QFX5120, QFX5120-32C, QFX511120-48T, QFX5120-48T-VC, QFX5120-48Y, and QFX5120-48YM)—Starting in Junos OS Release 21.1R1, you can use remote port mirroring to copy packets entering a port or VLAN and sends the copies to the IPv6 address of a device running an analyzer application on a remote network (sometimes referred to as “extended port mirroring”). When you use remote port mirroring the mirrored packets are GRE-encapsulated.

    Add the address you would like to have the copied packets sent to in the CLI hierarchy. For example, set forwarding-options analyzer ff output ipv6-address 2000::1.

    [See Understanding Port Mirroring and Analyzers.]