Key Features in Junos OS Release 21.3 | Junos OS

Control word on the MPC-10E line card (MX Series)—Starting in Junos OS Release 21.3R1, MPC-10E line cards support the insertion of a control word between the label stack and the Layer 2 payload for VPLS services. You can use the control word to prevent provider edge routers from incorrectly identifying a VPLS payload as an IPv4 or IPv6 payload. You also prevent out-of-order packet delivery in a VPLS network that is configured to load-balance VPLS traffic across multiple paths. To enable the control word, include the control-word statement at the [edit routing-instances routing-instance-name protocols vpls] hierarchy level.

[See Control Word for BGP VPLS Overview.]

Layer 3 VXLAN gateway support in EVPN-VXLAN fabrics using a RIOT loopback port (QFX5210)—Starting in Junos OS Release 21.3R1, you can configure a QFX5210 switch as a Layer 3 VXLAN gateway for unicast traffic in an EVPN-VXLAN edge-routed bridging overlay fabric. QFX5210 switches require a special intermediary port for routing in and out of VXLAN tunnels (RIOT). You configure the RIOT port as a loopback LAG bundle that enables inter-VLAN routing with VXLAN tunnel initiation or termination. The RIOT loopback LAG port must be a member of all VXLAN VLANs with IRB interfaces. This feature supports:

Only MAC-VRF routing instances with either VLAN-based or VLAN-aware bundle service types.
Enterprise-style interface configuration.
EVPN asymmetric Type 2 routes and EVPN Type 5 routes.

[See Using a RIOT Loopback Port to Route Traffic in an EVPN-VXLAN Network.]

Maximum reference bandwidth increased to 4 TB for IGP protocols (ACX710, ACX5448, MX960, MX2020, MX10003, PTX5000, and PTX1000)—Starting in Junos OS Release 21.3R1, we've increased the maximum reference bandwidth for IS-IS and OSPF IGP protocols from 1 Tbps to 4 Tbps. The default bandwidth is 100 Mbps. You can increase the reference bandwidth to adjust the path metrics, which you use to determine the preferred path in case of multiple equal-cost routes to a destination.

To configure the reference bandwidth, use the reference-bandwidth reference-bandwidth statement at the [edit protocols isis] hierarchy level or the [edit protocols (ospf | ospf3)] hierarchy level.

[ See reference-bandwidth (Protocols IS-IS) and reference-bandwidth (Protocols OSPF).]

Network Time Security (NTS) support for Network Time Protocol (NTP) (EX Series, MX Series, NFX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 21.3R1, NTS provides cryptographic security for network time synchronization and supports the client/server mode of NTP. NTS uses the Transport Layer Security (TLS) protocol and Authenticated Encryption with Associated Data (AEAD) to obtain network time in an authenticated manner.

NTS provides strong cryptographic protection against wide range of security attacks such as packet manipulation, spoofing, DDOS amplification attacks, and replay attacks. NTS also provides scalability as servers can serve several clients without the need for any manual client-specific preconfiguration.

[See Network Time Security (NTS) Support for NTP.]

PCEP session over IPv6 (MX480, MX960, and MX10003)—Starting in Junos OS Release 21.3R1, we've extended the Path Computation Element Protocol (PCEP) session management over IPv6. With this support, Path Computation Client (PCC) and Path Computation Element (PCE) can establish an IPv6 session with or without TCP MD5 hash.

Junos OS can set up an IPv6 PCEP session with NorthStar, Paragon Pathfinder, or a third-party controller if it is capable of establishing an IPv6 session. The IPv6 session supports functionalities such as PCE-provisioned LSPs, PCE-delegated LSPs, router-controlled LSPs, and LSP synchronization over an IPv6 PCEP session with or without MD5 security.

You cannot configure PCE with both IPv4 address and IPv6 address; only one address format is supported at a time.

[See destination-ipv6-address and local-ipv6-address.]

RSVP updates available bandwidth values without notifying IS-IS (MX960, MX2010, MX2020, PTX1000, PTX10001, PTX10008, and PTX10016)—When RSVP label-switched paths (LSPs) and segment routing LSPs coexist on a link, RSVP takes into account how much bandwidth the segment routing LSPs use. By default, RSVP updates the values for the local unreserved bandwidth and the maximum available bandwidth and passes the values on to IS-IS. Starting in Junos OS Release 21.3R1, you can configure RSVP to update available bandwidth values without notifying IS-IS if the bandwidth change is within a certain threshold configured at the [edit protocols rsvp interface interface-name update-threshold-max-reservable].

If you configure the local-bw-override-threshold statement at the [edit protocols rsvp interface interface-name non-rsvp-bandwdith] hierarchy level, RSVP always updates the available bandwidth values. However, it reports only the new values to IS-IS if the bandwidth change passes the threshold.

[See update-threshold-max-reservable and local-bw-override-threshold.]

Seamless EVPN-VXLAN stitching with MAC-VRF routing instances (QFX10002, QFX10008, and QFX10016)—Starting in Junos OS Release 21.3R1, we support seamless stitching of unicast routes across EVPN-VXLAN data centers through a WAN using MAC VRF routing instances. You can use this feature between data centers (data center interconnect [DCI]) or between points of delivery (PODs) within a data center. The EVPN control plane stitches the EVPN routes from the PODs or data centers and the WAN into a single customer-specific MAC forwarding table.

On each interconnection device, configure:

A customer-specific EVPN instance (EVI) of type mac-vrf.
Elements in the [edit routing-instances name protocols evpn interconnect] hierarchy in the EVI to enable the interconnection.

[See interconnect and MAC-VRF Routing Instance Type Overview.]

Support for passive optical network (PON) controller integration with 10G OLT SFP+ transceiver (ACX5448, ACX5448-M, and ACX5448-D routers)—Starting in Junos OS Release 21.3R1, the ACX5400 line of routers support the integration of the PON controller with Juniper Networks' 10GbE optical line terminal (OLT) SFP+ transceiver. This transceiver plugs into the 10GbE ports and instantaneously enables 10GbE symmetrical PON access on the router. Because the ACX5400 line of routers function as the OLT, the use of this transceiver eliminates the need for additional hardware. The following softwares are supported for Juniper's Unified PON in Junos OS Release 21.3R1:

PON Controller version R2.0.4
MicroClimate Management System PON Manager version R2.1.2
MicroClimate Management System NETCONF Server version R2.1.1

[See Juniper's Unified PON - Integrated PON Controller on ACX5400 Line of Routers and Hardware Compatibility Tool.]

SRv6 support for static SR-TE policy (MX204, MX960, MX10003, and MX10008)—Starting in Junos OS Release 21.3R1, you can configure static segment routing–traffic engineering (SR-TE) tunnels over an SRv6 data plane.

Use the following configuration commands to enable SRv6 support:

For an SR-TE policy: set protocols source-packet-routing srv6
For an SR-TE tunnel: set protocols source-packet-routing source-routing-path lsp name srv6
For an SR-TE segment list: set protocols source-packet-routing source-routing-path segment-list srv6

[See Understanding SR-TE Policy for SRv6 Tunnel.]

Support for SRv6 in BGP-LS and Traffic Engineering Database (MX204, MX960, MX10003 and MX10008) —Starting in Junos OS Release 21.3R1, we support SRv6 in BGP-LS and Traffic Engineering Database (TED). BGP-LS extensions export the SRv6 topology information to the SDN controllers. Controllers receive the topology information by being part of an IGP domain or through BGP-LS.

You can filter NLRIs based on IPv6 prefix (SRv6 Locator) and SRv6 SID NLRIs.

To filter NLRIs based on IPv6 prefix, use ipv6-prefix at the [edit policy-options policy-statement name from traffic-engineering] hierarchy level.

To filter NLRIs based on SRv6 SID, use srv6-sid at the [edit policy-options policy-statement name from traffic-engineering] hierarchy level.

[ See Link-State Distribution using SRv6, ipv6-prefix and srv6-sid.]

Support for PowerMode (SRX4100, SRX4200, SRX4600, SRX5400 SPC3, SRX5600 SPC3, SRX5800 SPC3, and vSRX)—Starting in Junos OS Release 21.3R1, we introduce PowerMode to improve UDP and TCP firewall throughput performance. PowerMode is enabled by default. To disable the feature, use the power-mode-disable statement at the [edit security flow] hierarchy level.

[See PowerMode, and power-mode-disable.]

Support for syslog over TLS (SRX Series and vSRX)—Starting in Junos OS Release 21.3R1, you can transport syslog (control plane) over Transport Layer Security (TLS) protocol. Encapsulating syslog in TLS allows you to:

Validate the remote destination (syslog server) before transmitting any sensitive syslog information. (Authentication)
Encrypt the syslog during the transport. (Encryption)
Verify that the data has not been modified or tampered with (Integrity)

Before you enable this feature, ensure you:

Configure public key infrastructure (PKI) in Junos OS
Configure and load the digital certificates
Configure the remote destination (syslog server) that supports syslog over TLS

To enable transport of syslog (control plane) over TLS, use the tls statement at the [edit system syslog host host-name transport] hierarchy level.

[See tlsdetails and transport]

sFlow support for EVPN-VXLAN (QFX10002-60C, QFX10002, QFX10008, and QFX10016) —Starting in Junos OS Release 21.3R1, QFX1000 line of switches set up for EVPN-VXLAN with an IPv4 underlay support sFlow monitoring technology.

[See EVPN-VXLAN Support for VXLAN Underlay and Overview of sFlow Technology.]