Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

What’s Changed in Release 21.2R1

Authentication and Access Control

  • Command to automate SSH key-based authentication (ACX Series, PTX Series, and QFX Series)—You can set up SSH-key based authentication between the network device and a remote host by issuing the request security ssh password-less-authentication operational mode command. When you execute the command with the appropriate options, the device generates SSH keys for the current user, provided the user does not already have existing keys, and transfers the user's public key to the authorized_keys file of the specified user on the remote host.

    [See request security ssh password-less-authentication.]

General Routing

  • SSH session connection limit and rate limit per connection (PTX Series and QFX Series)—We have introduced SSH connection-limit and rate-limit options at the edit system services ssh hierarchy levels to enable SSH connection limit and rate limit per connection. The default connection limit value is 75 connections and there is no default value associated with rate limit.

  • Unresolved hosts identified in MAC-IP address entries (QFX5130-32CD, QFX5220)—When you use the show ethernet-switching mac-ip-table command to display the MAC-IP entries in the ethernet switching table, unresolved hosts are identified with a Ur flag.

  • Enhancement to the default remnant-holdtime (Junos OS Evolved platforms: ACX7100-48L, PTX10001-36MR, PTX10003, PTX10004, PTX10008, QFX5130-32CD, and QFX5220)— Starting this release, the default remnant-holdtime has been increased from 180 seconds to 300 seconds. This provides sufficient time for protocols to start and sync routes from neighbors in a scaled environment, during rpd restart. You can configure remnant-holdtime at the edit routing-options forwarding-table hierarchy level.

    [See forwarding-table.]

  • Default FEC Settings (QFX5130-32CD, QFX5220-32CD, and QFX5220-128C)—The default FEC mode for 4x25 optics is changed to FEC91 instead of FEC74. For 4x25G Direct Attach Copper Breakout Cables (DACBO), the default FEC mode remains as FEC74.

    [ See show interfaces extensive.]

  • Enhancement to the show chassis pic command (Junos OS Evolved)—You can now view additional information about the optics when you run the show chassis pic command. The output now displays the following additional field: MSA Version: Multi-source Agreements (MSA) version that the specified optics is compliant to. Values supported are: SFP+/SFP28 — SFF-8472 (versions 9.3 - 12.3), QSFP+/QSFP28 — SFF 8363 (versions 1.3 - 2.10), and QSFP-DD — CMIS 3.0, 4.0, 5.0. Previously, the show chassis pic command did not display this additional field.

    [See show chassis pic.]

  • Enhancement to the show interfaces (Aggregated Ethernet) command (PTX Series and QFX Series)—When you run the show interfaces extensive command for aggregated Ethernet interfaces, you can now view following additional fields for MAC statistics : Receive, Transmit, Broadcast and Multicast packets.

    [See show chassis pic.]

  • Mozilla certification authority (CA) certificates removed (ACX Series, PTX Series, and QFX Series)—To minimize security risks, Junos OS Evolved no longer includes Mozilla's set of root certificates from various CA operators by default. To use Docker container images from a registry that requires TLS authentication, you must first save the image as a tar archive on a remote device and then import the contents of the archive on the device running Junos OS Evolved.

    [See Running Third-Party Applications in Containers..]

Junos XML API and Scripting

  • Changes to how command-line arguments are passed to Python op scripts (ACX Series, PTX Series, and QFX Series)—When the device passes command-line arguments to a Python op script, it prefixes a hyphen (-) to single-character argument names, and it prefixes two hyphens (--) to multi-character argument names. The prefix enables you to use standard command-line parsing libraries to handle the arguments. In earlier releases, the device prefixes a single hyphen (-) to all argument names.

    [See Declaring and Using Command-Line Arguments in Op Scripts.]

  • The language python statement is enabled by default (ACX Series, PTX Series, and QFX Series)—The language python statement is configured by default in the junos-defaults configuration group on devices running Junos OS Evolved. Thus, you can execute unsigned Python scripts using the default Python version without explicitly configuring the statement on the device.

    [See Requirements for Executing Python Automation Scripts on Devices Running Junos OS.]

Layer 2 Features

  • Link selection support for DHCP (QFX Series)—We've introduced link-selection statement at the edit forwarding-options dhcp-relay relay-option-82 hierarchy level, which allows DHCP relay to add suboption 5 to option 82. Suboption 5 allows DHCP proxy clients and relay agents to request an IP address for a specific subnet from a specific IP address range and scope. Earlier to this release, the DHCP relay drops packets during the renewal DHCP process as the DHCP Server uses the leaf's address as a destination to acknowledge DHCP renewal message.

    [See relay-option-82..]

Network Management and Monitoring

  • Changes to <commit> RPC responses in RFC-compliant NETCONF sessions (ACX Series, PTX Series, and QFX Series)—When you configure the rfc-compliant statement at the [edit system services netconf] hierarchy level, the NETCONF server's response for <commit> operations includes the following changes:

    • If a successful <commit> operation returns a response with one or more warnings, the warnings are redirected to the system log file, in addition to being omitted from the response.
    • The NETCONF server response emits the <source-daemon> element as a child of the <error-info> element instead of the <rpc-error> element.
    • If you also configure the flatten-commit-results statement at the [edit system services netconf] hierarchy level, the NETCONF server suppresses any <commit-results> XML subtree in the response and only emits an <ok/> or <rpc-error> element.

    [See Configuring RFC-Compliant NETCONF Sessions.]

  • Changes to how command-line arguments are passed to Python action scripts (ACX Series, PTX Series, and QFX Series)—When a custom YANG RPC invokes a Python action script and passes command-line arguments to the script, the device prefixes a hyphen (-) to single-character argument names, and it prefixes two hyphens (--) to multi-character argument names. The prefix enables you to use standard command-line parsing libraries to handle the arguments. In earlier releases, the device passes the unmodified argument names to the script.

    [See Creating Action Scripts for YANG RPCs on Devices Running Junos OS and Displaying Valid Command Option and Configuration Statement Values in the CLI for Custom YANG Modules.]

  • Changes in contextEngineID for SNMPv3 INFORMS (ACX Series, PTX Series, and QFX Series)—Now the contextEngineID of SNMPv3 INFORMS is set to the local engine-id of Junos devices. In earlier releases, the contextEngineID of SNMPv3 INFORMS was set to remote engine-id.

    [See SNMP MIBs and Traps Supported by Junos OS.]

Platform and Infrastructure

  • The jcs:invoke() function supports suppression of root login and logout events in system log files for SLAX event scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The jcs:invoke() extension function supports the no-login-logout parameter in SLAX event scripts. If you include the parameter, the function does not generate and log UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages when the script logs in as root to execute the specified remote procedure call (RPC). If you omit the parameter, the function behaves as in earlier releases in which the root UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages are included in system log files.

    [See invoke() Function (SLAX and XSLT).]