What’s Changed in Release 21.1R3
EVPN
-
Output for show Ethernet switching flood extensive—The output for the
show ethernet-switching flood extensive
command now displays the correct next-hop type for Virtual Ethernet and WAN mesh group in an EVPN-VXLAN network as unilist. Previously, the output for theshow ethernet-switching flood extensive
command would misidentify the next-hop type as composite.
General Routing
-
No support for PKI operational mode commands on the Junos Limited version (MX Series routers, PTX Series routers, and SRX Series devices—We do not support
request
,show
, andclear
PKI-related operational commands on the limited encryption Junos image ("Junos Limited"). If you try to execute PKI operational commands on a limited encryption Junos image, then an appropriate error message is displayed. Thepkid
process does not run on Junos Limited version image. Hence, the limited version does not support any PKI-related operation.
Interfaces and Chassis
-
When configuring multiple flexible tunnel interface (FTI) tunnels, the source and destination address pair needs to be unique only among the FTI tunnels of the same tunnel encapsulation type. Prior to this PR, the source and destination address pair had to be unique among all the FTI tunnels regardless of the tunnel encapsulation type.
Junos XML API and Scripting
-
Refreshing scripts from an HTTPS server requires a certificate (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—When you refresh a local commit, event, op, SNMP, or Juniper Extension Toolkit (JET) script from an HTTPS server, you must specify the certificate (Root CA or self-signed) that the device uses to validate the server's certificate, thus ensuring that the server is authentic. In earlier releases, when you refresh scripts from an HTTPS server, the device does not perform certificate validation.
When you refresh a script using the
request system scripts refresh-from
operational mode command, include thecert-file
option and specify the certificate path. Before you refresh a script using theset refresh
orset refresh-from
configuration mode command, first configure thecert-file
statement under the hierarchy level where you configure the script. The certificate must be in Privacy-Enhanced Mail (PEM) format.[See request system scripts refresh-from and cert-file (Scripts).]