What’s Changed in Release 21.4R1

Class of Service

• Junos OS Evolved now correctly displays the index for show class-of-service commands.

EVPN

• Output for the show Ethernet switching flood extensive command—The output for the show ethernet-switching flood extensive command now displays the correct next-hop type for Virtual Ethernet and WAN mesh group in an EVPN-VXLAN network as unilist. Previously, the output for the show ethernet-switching flood extensive command would misidentify the next-hop type as composite.

• Support for displaying SVLBNH information— You can now view shared VXLAN load balancing next hop (SVLBNH) information when you display the VXLAN tunnel endpoint information for a specified ESI and routing instance by using show ethernet-switching vxlan-tunnel-end-point esiesi-identifier esi-identifier instance instance svlbnh command.

• Support for Maximum Response Time in EVPN Type 8 Routes — Junos OS now supports the Maximum Response Time (MRT) attribute field in EVPN Type 8 Route messages. This attribute is defined in the IETF draft of IGMP and MLD Proxy for EVPN, version 13. MRT is used to synchronize the wait time before responding to IGMP messages. To maintain compatibility with devices running previous versions of Junos OS that do not support MRT, set protocols evpn leave-sync-route-oldstyle.

  See evpn.]

• Output for show Ethernet switching flood extensive— The output for show ethernet-switching flood extensive now displays the correct next-hop type for Virtual Ethernet and WAN mesh group in an EVPN-VXLAN network as unilist. Previously, the output for show ethernet-switching flood extensive would misidentify the next-hop type as composite.

• Changes to the show evpn instance command—The output for show evpn instance extensive has been modified. Information for bridge domains can now be view by using show evpn instance bridge-domain or the show mac-vrf routing instance bridge-domains commands.

• Ethernet tag ID set to 0 for EVPN Type 6 and EVPN Type 7 routes— For VLAN bundle and VLAN-based services, Junos OS now automatically sets the Ethernet tag ID (VLAN ID) to zero for EVPN Type 6 and EVPN Type 7 routes per RFC 7432. In earlier releases, Junos OS used the VXLAN Network Identifier (VNI) as the Ethernet tag ID.

  To interoperate with devices that uses the VNI as the Ethernet tag ID, set routing-instances routing-instance-name protocols evpn smet-etag-carry-vid.

• Minimum auto-recovery time reduced for duplicate MAC address detection— Junos OS has changed the minimum value allowed for auto-recovery time for duplicate MAC address detection from 5 minutes to 1 minute. The auto-recovery time is the length of time that the device suppresses a duplicate MAC address. Reducing the auto-recovery time allows customers to quickly recover from a MAC address duplication state. You configure the auto-recovery-time option under the duplicate-mac-detection statement at the edit routing-instances routing-instance-name protocols evpn or edit protocols evpn hierarchy.

  See Changing Duplicate MAC Address Detection Settings.]

General Routing

• In Junos OS Release 21.4R1 and later, ssh is enabled by default on all the routers with VM host support.

• Validation of TCA threshold values (PTX10008)—We've implemented immediate validation of threshold values configured in the tca-identifier (enable-tca | no-enable-tca) (threshold number | threshold-24hrs number) statement under the [edit interface <interface name> optics-optics tca] hierarchy level to ensure the threshold value entered is valid.

  [See optics-options..]

• Enhancement to the request system license add terminal command (PTX10001-36MR)—When you run the request system license add terminal command, you can now view following additional fields for information: JUNOS564022985: Ignoring unknown feature.

  [See Managing vMX Licenses.]

• A major alarm is raised (PTX10008)—A major alarm is raised when a fan tray controller is removed from the chassis.

• SNMP MIB support for field-replaceable unit (FRU) LEDs (PTX10008)—SNMP MIB object jnxLEDEntry now indicates multiple LED indexes and color values for FRUs.

Interfaces and Chassis

• When configuring multiple flexible tunnel interface (FTI) tunnels, the source and destination address pair needs to be unique only among the FTI tunnels of the same tunnel encapsulation type. Previously, the source and destination address pair had to be unique across all encapsulation type.

• Enhancement to snmp mib command behavior (PTX10008)—Starting in Junos OS Evolved, when you execute show snmp mib walk decimal command, the output parameter jnxRedundancySwitchoverReason is not working as expected, which always show the value 0 instead of expected values. Now, jnxRedundancySwitchoverReason output parameter is corrected to expected behavior with the following expected values. jnxRedundancySwitchoverReason OBJECT-TYPE SYNTAX INTEGER href=' other(1), — others neverSwitched(2), — never switched userSwitched(3), — user-initiated switchover autoSwitched(4) — automatic switchover ' format="html" scope="external">

  [See show snmp mib.]

• Enhancement to the show chassis pic command (Junos OS Evolved)— You can now view additional information about the optics when you run the show chassis pic command. The output now displays the following additional field: MSA Version: Multi-source Agreements (MSA) version that the specified optics is compliant to. Values supported are: SFP+/SFP28 — SFF-8472 (versions 9.3 - 12.3), QSFP+/QSFP28 — SFF 8363 (versions 1.3 - 2.10), and QSFP-DD — CMIS 3.0, 4.0, 5.0. Previously, the show chassis pic command did not display this additional field.

  See show chassis pic

• Enhancement to the show interfaces (Aggregated Ethernet) command (ACX Series, PTX Series, and QFX Series)— When you run the show interfaces extensive command for Aggregated Ethernet interfaces. You can now view following additional fields for MAC statistics : Receive, Transmit, Broadcast and Multicast packets.

  See show chassis pic.

Junos OS API and Scripting

• Limits increased for the max-datasize statement (ACX Series, PTX Series, and QFX Series)—The max-datasize statement's minimum configurable value is increased from 23,068,672 bytes (22 MB) to 268,435,456 bytes (256 MB), and the maximum configurable value is increased from 1,073,741,824 (1 GB) to 2,147,483,648 (2 GB) for all script types. Furthermore, if you do not configure the max-datasize statement for a given script type, the default maximum memory allocated to the data segment portion of a script is increased to 1024 MB. Higher limits ensure that the device allocates a sufficient amount of memory to run the affected scripts.

  [See max-datasize.]

• Changes to how command-line arguments are passed to Python op scripts (ACX Series, PTX Series, and QFX Series)—When the device passes command-line arguments to a Python op script, it prefixes a hyphen (-) to single-character argument names, and it prefixes two hyphens (—) to multi-character argument names. The prefix enables you to use standard command-line parsing libraries to handle the arguments. In earlier releases, the device prefixes a single hyphen (-) to all argument names.

  [See Declaring and Using Command-Line Arguments in Op Scripts..]

Layer 2 Features

• New Commit check for Layer 2 Interfaces (PTX10003)—We've introduced a commit check to prevent you from misconfiguring ethernet encapsulation on Layer 2 interfaces. Ethernet encapsulation is not supported on Layer 2 interfaces.

  [See encapsulation (Logical Interface) and Layer 2 Address Learning and Forwarding Overview.]

Network Management and Monitoring

• Change in behavior of SNMP MIB object ifAlias—SNMP MIB object ifAlias now shows the configured interface alias. In earlier releases, ifAlias used to show configured interface description.

• SNMP support for MIB—Operational command show snmp mib walk systemnow shows the latest software version and does not show the build date.

  [See show snmp mib.]

• Support for disconnecting unresponsive NETCONF-over-SSH clients (ACX Series, PTX Series, and QFX Series)—You can enable devices to automatically disconnect unresponsive NETCONF-over-SSH clients by configuring the client-alive-interval and client-alive-count-max statements at the [edit system services netconf ssh] hierarchy level. The client-alive-interval statement specifies the timeout interval in seconds, after which, if no data has been received from the client, the device requests a response. The client-alive-count-max statement specifies the threshold of missed client-alive responses that triggers the device to disconnect the client, thereby terminating the NETCONF session.

  [ See ssh (NETCONF).]

• The configuration accepts only defined identity values for nodes of type identityref in YANG data models (ACX Series, PTX Series, and QFX Series)—If you configure a statement that has type identityref in the corresponding YANG data model, the device accepts only defined identity values (as defined by an identity statement) as valid input. In earlier releases, the device also accepts values that are not defined identity values.

• Changes in contextEngineID for SNMPv3 INFORMS (ACX Series and PTX SeriesEX Series)— Now the contextEngineID of SNMPv3 INFORMS is set to the local engine-id of Junos devices. In earlier releases, the contextEngineID of SNMPv3 INFORMS was set to remote engine-id.

  [See SNMP MIBs and Traps Supported by Junos OS..]

Routing Protocols

• The RPD_OSPF_LDP_SYNC message not logged?On all Junos OS and Junos OS Evolved devices, when an LDP session goes down there is a loss of synchronization between LDP and OSPF. After the loss of synchronization, when an interface has been in the holddown state for more than three minutes, the system log message with a warning level is sent. This message appears in both the messages file and the trace file. However, the system log message does not get logged if you explicitly configure the hold-time for ldp-synchronization at the edit protocols ospf area area id interface interface name hierarchy level less than three minutes. The message is printed after three minutes.

• To achieve consistency among resource paths, the resource path//mpls/signalling-protocols/segment-routing/aggregate-sid-counters/aggregate-sid-counter ip-addr='address'/state/countersname='name'/out-pkts/ is changed to /mpls/signaling-protocols/segment-routing/aggregate-sid-counters/aggregate-sid-counterip-addr='address'/state/counters name='name'/. The leaf "out-pkts" is removed from the end of the path, and "signalling" is changed to "signaling" (with one "l").

Security

Renamed veriexec-check option—We have changed the veriexec-check option of the request system malware-scan command to integrity-check. This update does not include any functional changes. You can use the integrity-check option to check whether integrity mechanisms are enabled for the Juniper Malware Removal Tool.

Software Licensing

• Juniper Agile Licensing (PTX10003, PTX10016, QFX5130-32CD, and QFX5220)—Starting from this release onwards, the Juniper Agile License Manager is deprecated. You can use the Juniper Agile Licensing Portal to activate, install, manage, and monitor licenses on Juniper Networks devices.

  [See Juniper Agile Licensing Guide.]