What’s Changed in Release 21.1R1
General Routing
-
Updates to ON-CHANGE and periodic dynamic subscriber interface metadata sensors (MX Series routers and EX9200 line of switches)—We've made the following updates to the
/junos/system/subscriber-management/dynamic-interfaces/interfaces/meta-data/interface<user-typing>sid='<variable>sid-value</variable>'</user-typing>/
sensor:-
Notifications are sent when subscribers log in on either IP demux or VLAN demux interfaces. In earlier releases, login notifications are sent only for IP demux logins.
-
The interface-set end path has been added to the logical interface metadata. The interface-set field appears in both ON-CHANGE and periodic notifications. In earlier releases, this field is not included in the sensor metadata or notifications.
-
-
New commit check for MC-LAG (MX Series)—We've introduced a new commit check to check the values assigned to the redundancy group identification number on the MC-AE interface
(redundancy-group-id)
and ICCP peer(redundancy-group-id-list)
when you configure multichassis link aggregation groups (MC-LAGs). If the values are different, the system reports a commit check error. In previous releases, if the configured values were different, the l2ald process would crash.[See iccp.]
-
Support for unicast ARP request on table entry expiration—You can configure the device to send a unicast ARP request instead of the default broadcast request when an ARP table entry is about to expire. The retry requests are unicast at intervals of 5 seconds. Without this option, the retry requests are broadcast at intervals of 800 milliseconds. This behavior reduces ARP overall broadcast traffic. It also supports the use case where access nodes are configured not to forward broadcast ARP requests toward customer CPEs for security reasons and instead translate ARP broadcasts to unicast requests. To confirm whether the device is configured, you can issue the following command:
show configuration system arp | grep unicast-mode-on-expire
[See arp.]
-
Update to the show chassis errors active output (MX2010 and MX2020 routers with MPC11E)—We have updated the
show chassis errors active
output for the MPC11E line card (MX2K-MPC11E) to display the correct error information. Previously, this CLI command displayed duplicate or incorrect output when the MPC11E line card is not installed in slot 0 of the MX2010 or MX2020 routers.[See show chassis errors active.]
-
CLI commit error resolved—CLI commit error for configuration statement
no-filter-check
forfamily any
port mirroring is now resolved.[See no-filter-check.]
Interfaces and Chassis
-
Hardware-assisted timestamping—By default, hardware assistance is used for timestamping Ethernet frame delay frames on AFT-based MX Series line cards, even if
hardware-assisted-timestamping
is not configured. -
Change in
<range>
XML tag (MX480)—We've changed the<range> string </range>
XML tag to<transport-range> <transport-range-info> string </transport-range-info> <transport-range-suspect-flag> string </transport-range-suspect-flag> <transport-range-reason> string </transport-range-reason> </transport-range>
under the [show interfaces transport pm optics current <interface> | display
] hierarchy in the XML output. Hence, the new XML tags that associate the values to the range-info, range-suspect-flag, and range-reason tags map the information to the givenshow interfaces transport pm optics current interface | display
entry.
Junos XML API and Scripting
-
The
jcs:invoke()
function supports suppression of root login and logout events in system log files for SLAX commit scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Thejcs:invoke()
extension function supports theno-login-logout
parameter in SLAX commit scripts. If you include the parameter, the function does not generate and logUI_LOGIN_EVENT
andUI_LOGOUT_EVENT
messages when the script logs in as root to execute the specified remote procedure call (RPC). If you omit the parameter, the function behaves as in earlier releases in which the rootUI_LOGIN_EVENT
andUI_LOGOUT_EVENT
messages are included in system log files. -
The
jcs:invoke()
function supports suppression of root login and logout events in system log files for SLAX event scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Thejcs:invoke()
extension function supports theno-login-logout
parameter in SLAX event scripts. If you include the parameter, the function does not generate and logUI_LOGIN_EVENT
andUI_LOGOUT_EVENT
messages when the script logs in as root to execute the specified remote procedure call (RPC). If you omit the parameter, the function behaves as in earlier releases in which the rootUI_LOGIN_EVENT
andUI_LOGOUT_EVENT
messages are included in system log files. -
Python 2.7 deprecation (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—Starting in Junos OS Release 21.1R1, devices running Junos OS no longer support Python 2.7. We've deprecated the corresponding
language python
statement at the[edit system scripts]
hierarchy level. To execute Python scripts, configure thelanguage python3
statement at the[edit system scripts]
hierarchy level to execute the scripts using Python 3.[See Understanding Python Automation Scripts for Devices Running Junos OS.]
Layer 2 Ethernet Services
Active leasequery-based bulk leasequery (MX Series)—The overrides
always-write-option-82
and relay-option-82 circuit-id
configuration at the [edit forwarding-options dhcp-relay
] hierarchy
level is not mandatory for active leasequery-based bulk leasequery. In releases
before Junos OS Release 21.1R1, the overrides
always-write-option-82
and circuit-id
configurations
are mandatory for active leasequery-based bulk leasequery. For regular bulk
leasequery between relay and server without any active leasequery, the
overrides always-write-option-82
and relay-option-82
circuit-id
configurations are mandatory.
Network Management and Monitoring
-
Support for specifying the YANG modules to advertise in the NETCONF capabilities and supported schema list (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—You can configure devices to emit third-party, standard, and Junos OS native YANG modules in the capabilities exchange of a NETCONF session by configuring the appropriate statements at the
[edit system services netconf hello-message yang-module-capabilities]
hierarchy level. In addition, you can specify the YANG schemas that the NETCONF server should include in its list of supported schemas by configuring the appropriate statements at the[edit system services netconf netconf-monitoring netconf-state-schemas]
hierarchy level.[See hello-message and netconf-monitoring.]
-
Support for disconnecting unresponsive NETCONF-over-SSH clients (ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—You can enable devices to automatically disconnect unresponsive NETCONF-over-SSH clients by configuring the
client-alive-interval
andclient-alive-count-max
statements at the[edit system services netconf ssh]
hierarchy level. Theclient-alive-interval
statement specifies the timeout interval in seconds, after which, if no data has been received from the client, the device requests a response. Theclient-alive-count-max
statement specifies the threshold of missed client-alive responses that triggers the device to disconnect the client, thereby terminating the NETCONF session.[See ssh (NETCONF).]
User Interface and Configuration
Verbose format option to export JSON configuration data (ACX Series, EX Series, MX
Series, PTX Series, QFX Series, and SRX Series)—The Junos OS CLI exposes the
verbose
statement at the [edit system export-format
json]
hierarchy level. We changed the default format to export
configuration data in JavaScript Object Notation (JSON) from
verbose
to ietf
starting in Junos OS Release
16.1R1. You can explicitly specify the default export format for JSON configuration
data by configuring the appropriate statement at the [edit system
export-format json]
hierarchy level. Although the
verbose
statement is exposed in the Junos OS CLI as of the
current release, you can configure this statement starting in Junos OS Release
16.1R1.
[See export-format.]
VPNs
View the traffic selector type for an IPsec tunnel (SRX Series and MX
Series)—You can run the show security ipsec security-associations
detail
command to display the traffic selector type for a VPN. The
command displays proxy-id
or traffic-selector
as a
value for the TS Type
output field based on your configuration.