What’s Changed in Release 21.2R1

Starting with Junos OS Release 21.2, Junos OS displays class of service configuration in alphabetical order regardless of configuration order.

Support for displaying SVLBNH information—You can now view shared VXLAN load balancing next hop (SVLBNH) information when you display the VXLAN tunnel endpoint information for a specified ESI and routing instance by using show ethernet-switching vxlan-tunnel-end-point esi esi-identifier esi-identifier instance instance svlbnh command.

Configure internal IPsec authentication algorithm (EX Series)—You can configure the algorithm hmac-sha-256-128 at the edit security ipsec internal security-association manual direction bidirectional authentication algorithm hierarchy level for internal IP security (IPsec) authentication. In earlier releases, you could configure the algorithm hmac-sha-256-128 for MX Series devices only.

Blocking duplicate IP detection in the same routing instance (ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, and SRX Series)—Junos OS will no longer accept duplicate IPs between different logical interfaces in the same routing instance. Refer to the table mentioned in the topic inet (interfaces). When you try to configure same IP on two logical interfaces inside same routing instance, the commit will be blocked with the error displayed as shown below: edit user@host# set interfaces ge-0/0/1 unit 0 family inet address 2.2.2.2/24, edit user@host# commit commit complete, edit user@host# set interfaces ge-0/0/2 unit 0 family inet address 2.2.2.2/24 , edit user@host# commit, and edit interfaces ge-0/0/2 unit 0 family inet 'address 2.2.2.2/24' identical local address found on rt_inst default, intfs ge-0/0/2.0 and ge-0/0/1.0, family inet. error: configuration check-out failed

Changes to how command-line arguments are passed to Python op scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—When the device passes command-line arguments to a Python op script, it prefixes a hyphen (-) to single-character argument names, and it prefixes two hyphens (--) to multi-character argument names. The prefix enables you to use standard command-line parsing libraries to handle the arguments. In earlier releases, the device prefixes a single hyphen (-) to all argument names.

[See Declaring and Using Command-Line Arguments in Op Scripts.]

Refreshing scripts from an HTTPS server requires a certificate (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—When you refresh a local commit, event, op, SNMP, or Juniper Extension Toolkit (JET) script from an HTTPS server, you must specify the certificate (Root CA or self-signed) that the device uses to validate the server's certificate, thus ensuring that the server is authentic. In earlier releases, when you refresh scripts from an HTTPS server, the device does not perform certificate validation.

When you refresh a script using the request system scripts refresh-from operational mode command, include the cert-file option and specify the certificate path. Before you refresh a script using the set refresh or set refresh-from configuration mode command, first configure the cert-file statement under the hierarchy level where you configure the script. The certificate must be in Privacy-Enhanced Mail (PEM) format.

[See request system scripts refresh-from and cert-file (Scripts).]

Chef and Puppet support removed (EX Series except EX4400, MX Series, PTX Series, and QFX Series)—Starting in Junos OS Release 21.2R1, Junos OS products that were previously running on FreeBSD 11.x based Junos OS are migrated to FreeBSD 12.x based Junos OS. FreeBSD 12.x based Junos OS does not support installing existing Chef or Puppet packages.

Changes to how command-line arguments are passed to Python action scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—When a custom YANG RPC invokes a Python action script and passes command-line arguments to the script, the device prefixes a hyphen (-) to single-character argument names, and it prefixes two hyphens (--) to multi-character argument names. The prefix enables you to use standard command-line parsing libraries to handle the arguments. In earlier releases, the device passes the unmodified argument names to the script.

[See Creating Action Scripts for YANG RPCs on Devices Running Junos OS and Displaying Valid Command Option and Configuration Statement Values in the CLI for Custom YANG Modules.]

Changes to <commit> RPC responses in RFC-compliant NETCONF sessions (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—When you configure the rfc-compliant statement at the [edit system services netconf] hierarchy level, the NETCONF server's response for <commit> operations includes the following changes:

• If a successful <commit> operation returns a response with one or more warnings, the warnings are redirected to the system log file, in addition to being omitted from the response.

• The NETCONF server response emits the <source-daemon> element as a child of the <error-info> element instead of the <rpc-error> element.

• If you also configure the flatten-commit-results statement at the [edit system services netconf] hierarchy level, the NETCONF server suppresses any <commit-results> XML subtree in the response and only emits an <ok/> or <rpc-error> element.

[See Configuring RFC-Compliant NETCONF Sessions.]

Changes in contextEngineID for SNMPv3 INFORMS (PTX Series, QFX Series, ACX Series, EX Series, MX Series, and SRX Series--Now the contextEngineID of SNMPv3 INFORMS is set to the local engine-id of Junos devices. In earlier releases, the contextEngineID of SNMPv3 INFORMS was set to remote engine-id.

[See SNMP MIBs and Traps Supported by Junos OS.]