Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Routing Protocols

  • TCP authentication option (TCP-AO) for resource public key infrastructure (RPKI) validation sessions (ACX7100-32C, PTX10001-36MR, PTX10003, PTX10004, PTX10008, PTX10016, QFX5130-32CD, and QFX5220)—Starting in Junos OS Evolved Release 22.2R1, you can use the TCP authentication option to authenticate RPKI validation sessions for securing the Internet's routing infrastructure, such as the BGP. Using RPKI, legitimate holders of Internet number resources can control the operation of Internet routing protocols to prevent route hijacking and other attacks.

    To enable a TCP authentication option chain to authenticate an RPKI validation session, use the configured authentication-algorithm ao and authentication-key-chain keychain at the [edit routing-options validation group group_name session address] and [edit routing-options validation group group_name] hierarchy level.

    [See TCP Authentication Option (TCP-AO)]

  • BGP extended route retention (PTX10001-36MR, PTX10003, PTX10008, PTX10016, QFX5130-32CD, and QFX5220)—Starting in Junos OS Evolved Release 22.2R1, we have enhanced the long-lived graceful restart (LLGR) capabilities for BGP Helper and introduced the new configuration statement extended-route-retention at [edit protocols bgp group neighbor graceful-restart long-lived] hierarchy level. When you enable this feature, extended-route-retention supports LLGR helper mode regardless of the BGP peer LLGR capabilities. We have also updated the output of the following existing operational commands:

    • show bgp neighbor
    • show route extensive

    [See graceful-restart-long-lived-edit-protocols-bgp.]

  • RPD Object Reference count Anomaly checker (PTX10001-36MR, PTX10003, PTX10004, PTX10008, PTX10016, QFX5130-32CD, and QFX5220)— Starting in Junos OS Evolved Release 22.2R1, we introduce a generic reference count infrastructure that all the modules in the routing protocol process (rpd) can use. The module maintains lock and unlock statistics corresponding to each object type in use. Any application can call the refcount increment or decrement API when an object is referred or deferenced. The module also provides a mechanism to detect anomalies such as a leak or overflow in an object’s refcount.