Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


What’s Changed in Release 21.4R1

Class of Service

  • Junos OS Evolved now correctly displays the index for show class-of-service commands.


  • Output for the show Ethernet switching flood extensive command—The output for the show ethernet-switching flood extensive command now displays the correct next-hop type for Virtual Ethernet and WAN mesh group in an EVPN-VXLAN network as unilist. Previously, the output for the show ethernet-switching flood extensive command would misidentify the next-hop type as composite.

General Routing

  • In Junos OS Release 21.4R1 and later, ssh is enabled by default on all the routers with VM host support.

  • Validation of TCA threshold values (PTX10008)—We've implemented immediate validation of threshold values configured in the tca-identifier (enable-tca | no-enable-tca) (threshold number | threshold-24hrs number) statement under the [edit interface <interface name> optics-optics tca] hierarchy level to ensure the threshold value entered is valid.

    [See optics-options..]

  • Enhancement to the request system license add terminal command (PTX10001-36MR)—When you run the request system license add terminal command, you can now view following additional fields for information: JUNOS564022985: Ignoring unknown feature.

    [See Managing vMX Licenses.]

  • A major alarm is raised (PTX10008)—A major alarm is raised when a fan tray controller is removed from the chassis.

  • SNMP MIB support for field-replaceable unit (FRU) LEDs (PTX10008)—SNMP MIB object jnxLEDEntry now indicates multiple LED indexes and color values for FRUs.

Interfaces and Chassis

  • When configuring multiple flexible tunnel interface (FTI) tunnels, the source and destination address pair needs to be unique only among the FTI tunnels of the same tunnel encapsulation type. Previously, the source and destination address pair had to be unique across all encapsulation type.

  • Enhancement to snmp mib command behavior (PTX10008)—Starting in Junos OS Evolved, when you execute show snmp mib walk decimal command, the output parameter jnxRedundancySwitchoverReason is not working as expected, which always show the value 0 instead of expected values. Now, jnxRedundancySwitchoverReason output parameter is corrected to expected behavior with the following expected values. jnxRedundancySwitchoverReason OBJECT-TYPE SYNTAX INTEGER href=' other(1), — others neverSwitched(2), — never switched userSwitched(3), — user-initiated switchover autoSwitched(4) — automatic switchover ' format="html" scope="external">

    [See show snmp mib.]

Junos OS API and Scripting

  • Limits increased for the max-datasize statement (ACX Series, PTX Series, and QFX Series)—The max-datasize statement's minimum configurable value is increased from 23,068,672 bytes (22 MB) to 268,435,456 bytes (256 MB), and the maximum configurable value is increased from 1,073,741,824 (1 GB) to 2,147,483,648 (2 GB) for all script types. Furthermore, if you do not configure the max-datasize statement for a given script type, the default maximum memory allocated to the data segment portion of a script is increased to 1024 MB. Higher limits ensure that the device allocates a sufficient amount of memory to run the affected scripts.

    [See max-datasize.]

Layer 2 Features

Network Management and Monitoring

  • SNMP support for MIB—Operational command show snmp mib walk systemnow shows the latest software version and does not show the build date.

    [See show snmp mib.]

  • Support for disconnecting unresponsive NETCONF-over-SSH clients (ACX Series, PTX Series, and QFX Series)—You can enable devices to automatically disconnect unresponsive NETCONF-over-SSH clients by configuring the client-alive-interval and client-alive-count-max statements at the [edit system services netconf ssh] hierarchy level. The client-alive-interval statement specifies the timeout interval in seconds, after which, if no data has been received from the client, the device requests a response. The client-alive-count-max statement specifies the threshold of missed client-alive responses that triggers the device to disconnect the client, thereby terminating the NETCONF session.

    [ See ssh (NETCONF).]

  • The configuration accepts only defined identity values for nodes of type identityref in YANG data models (ACX Series, PTX Series, and QFX Series)—If you configure a statement that has type identityref in the corresponding YANG data model, the device accepts only defined identity values (as defined by an identity statement) as valid input. In earlier releases, the device also accepts values that are not defined identity values.

Routing Protocols

  • The RPD_OSPF_LDP_SYNC message not logged?On all Junos OS and Junos OS Evolved devices, when an LDP session goes down there is a loss of synchronization between LDP and OSPF. After the loss of synchronization, when an interface has been in the holddown state for more than three minutes, the system log message with a warning level is sent. This message appears in both the messages file and the trace file. However, the system log message does not get logged if you explicitly configure the hold-time for ldp-synchronization at the edit protocols ospf area area id interface interface name hierarchy level less than three minutes. The message is printed after three minutes.

  • To achieve consistency among resource paths, the resource path//mpls/signalling-protocols/segment-routing/aggregate-sid-counters/aggregate-sid-counter ip-addr='address'/state/countersname='name'/out-pkts/ is changed to /mpls/signaling-protocols/segment-routing/aggregate-sid-counters/aggregate-sid-counterip-addr='address'/state/counters name='name'/. The leaf "out-pkts" is removed from the end of the path, and "signalling" is changed to "signaling" (with one "l").


Renamed veriexec-check option—We have changed the veriexec-check option of the request system malware-scan command to integrity-check. This update does not include any functional changes. You can use the integrity-check option to check whether integrity mechanisms are enabled for the Juniper Malware Removal Tool.

Software Licensing

  • Juniper Agile Licensing (PTX10003, PTX10016, QFX5130-32CD, and QFX5220)—Starting from this release onwards, the Juniper Agile License Manager is deprecated. You can use the Juniper Agile Licensing Portal to activate, install, manage, and monitor licenses on Juniper Networks devices.

    [See Juniper Agile Licensing Guide.]