What’s Changed in Release 21.4R1

Output for show Ethernet switching flood extensive command The output for show ethernet-switching flood extensive now displays the correct next-hop type for Virtual Ethernet and WAN mesh group in an EVPN-VXLAN network as unilist. Previously, the output for show ethernet-switching flood extensive would misidentify the next-hop type as composite.

No support for PKI operational mode commands on the Junos Limited version (MX Series routers, PTX Series routers, and SRX Series devices)— We do not support request , show , and clear PKI-related operational commands on the limited encryption Junos image ("Junos Limited"). If you try to execute PKI operational commands on a limited encryption Junos image, then an appropriate error message is displayed. The pkid process does not run on Junos Limited version image. Hence, the limited version does not support any PKI-related operation.

On PTX1K and PTX10002-60C the show chassis hardware details command now displays information about USB devices. In addition, information about disk drives is only displayed when the extensive switch is used with the show vmhost hardware operational mode command.

Juniper Agile Licensing (EX2300-VC, EX3400-VC, EX4300-VC, EX4400-24MP, EX4400-48MP, PTX10003, PTX10016, QFX5130-32CD, QFX5110-32Q, QFX5110-48S, QFX5120-48T, QFX5210-64C, QFX5200, and QFX5220)—Starting from this release onwards, the Juniper Agile License Manager is deprecated. You can use the Juniper Agile Licensing Portal to activate, install, manage, and monitor licenses on Juniper Networks devices.

[See Juniper Agile Licensing Guide.]

Renamed veriexec-check option—We have changed the veriexec-check option of the request system malware-scan command to integrity-check. This update does not include any functional changes. You can use the integrity-check option to check whether integrity mechanisms are enabled for the Juniper Malware Removal Tool.

[See request system malware-scan.]

New Commit check for Layer 2 Interfaces (PTX10003)— We've introduced a commit check to prevent you from misconfiguring ethernet encapsulation on Layer 2 interfaces. Ethernet encapsulation is not supported on Layer 2 interfaces.

[See encapsulation (Logical Interface)

When configuring multiple flexible tunnel interface (FTI) tunnels, the source and destination address pair needs to be unique only among the FTI tunnels of the same tunnel encapsulation type. Prior to this PR, the source and destination address pair had to be unique among all the FTI tunnels regardless of the tunnel encapsulation type.

Limits increased for the max-datasize statement (ACX Series, PTX Series, and QFX Series)—The max-datasize statement's minimum configurable value is increased from 23,068,672 bytes (22 MB) to 268,435,456 bytes (256 MB), and the maximum configurable value is increased from 1,073,741,824 (1 GB) to 2,147,483,648 (2 GB) for all script types. Furthermore, if you do not configure the max-datasize statement for a given script type, the default maximum memory allocated to the data segment portion of a script is increased to 1024 MB. Higher limits ensure that the device allocates a sufficient amount of memory to run the affected scripts.

[See max-datasize.]

The configuration accepts only defined identity values for nodes of type identityref in YANG data models (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—If you configure a statement that has type identityref in the corresponding YANG data model, the device accepts only defined identity values (as defined by an identity statement) as valid input. In earlier releases, the device also accepts values that are not defined identity values.