What’s Changed in Release 22.2R1

Instance type change is not permitted from default to L3VRF in open configuration (ACX Series and QFX Series)—DEFAULT_INSTANCE is the primary instance that runs when there is no specific instance type configured in the route set routing-options?. Any instance you explicitly configure is translated into set routing-instance r1 routing-options?. The issue appears in translation, when you change instance type DEFAULT_INSTANCE (any instance to DEFAULT_INSTANCE) to L3VRF or L3VRF to DEFAULT_INSTANCE. As a result, such changes are not permitted. Additionally, DEFAULT_INSTANCE can only be named DEFAULT, and DEFAULT is reserved for DEFAULT_INSTANCE, therefore allowing no such changes.

Stateful port configuration for PTP over Ethernet and default profile is supported only on boundary clock mode and not on ordinary clock mode.

Change in in unnumbered-address support for GRE tunnel—There is a behavioural change in unnumbered-address support for GRE tunnel with IPv6 family and display donor interface for both IPv4 and IPv6 families of GRE tunnel. You can view interface donor details under show interfaces hierarchy level.

[See show interfaces.]

Display the donor details of the IPv6 borrower interface— The output for the show interfaces command now displays the donor details of the IPv6 borrower interface.

[See show interfaces.]

Instance type change is not permitted from default to L3VRF in open configuration (ACX Series and QFX Series)—DEFAULT_INSTANCE is the primary instance that runs when there is no specific instance type configured in the route set routing-options ?. Any instance you explicitly configure is translated into set routing-instance r1 routing-options ?. The issue appears in translation, when you change instance type DEFAULT_INSTANCE (any instance to DEFAULT_INSTANCE) to L3VRF or L3VRF to DEFAULT_INSTANCE. As a result, such changes are not permitted. Additionally, DEFAULT_INSTANCE can only be named DEFAULT, and DEFAULT is reserved for DEFAULT_INSTANCE, therefore allowing no such changes.

OpenConfig container names for Point-to-Multipoint per interface ingress and egress sensors are modified for consistency from "signalling" to "signaling".

Changes to show mvpn c-multicast and show mvpn instance outputs— The FwdNh output field displays the multicast tunnel (mt) interface in the case of Protocol Independent Multicast (PIM) tunnels.

[See show mvpn c-multicast.]

When defining a constrained path LSP using more than one strict hop belonging to the egress node, the first strict hop must be set to match the IP address assigned to the egress node on the interface that receives the RSVP Path message. If the incoming RSVP Path message arrives on an interface with a different IP address the LSP is rejected.

Changes to the NETCONF <edit-config> RPC response (ACX Series, PTX Series, and QFX Series)—When the <edit-config> operation returns an error, the NETCONF server does not emit a <load-error-count> element in the RPC response. In earlier releases, the <edit-config> RPC response includes the <load-error-count> element when the operation fails.

Limits increased for the max-datasize statement (ACX Series, PTX Series, and QFX Series)— The max-datasize statement's minimum configurable value is increased from 23,068,672 bytes (22 MB) to 268,435,456 bytes (256 MB), and the maximum configurable value is increased from 1,073,741,824 (1 GB) to 2,147,483,648 (2 GB) for all script types. Furthermore, if you do not configure the max-datasize statement for a given script type, the default maximum memory allocated to the data segment portion of a script is increased to 1024 MB. Higher limits ensure that the device allocates a sufficient amount of memory to run the affected scripts.

[See max-datasize.]

Change in behavior of SNMP MIB object ifAlias— SNMP MIB object ifAlias now shows the configured interface alias. In earlier releases, ifAlias used to show configured interface description.

DES deprecation for SNMPv3—The Data Encryption Standard (DES) privacy protocol for SNMPv3 is deprecated due to weak security and vulnerability to cryptographic attacks. For enhanced security, configure the triple Data Encryption Standard (3DES) or the Advanced Encryption Standard (CFB128-AES-128 Privacy Protocol) as the encryption algorithm for SNMPv3 users.

See privacy-3des and privacy-aes128

Support for PKI daemon (ACX7024)— We've introduced support for PKI (public key infrastructure) daemon on ACX7024 routers. PKI daemon provides support to create two kinds of digital certificates on the device, local certificate and CA certificate. Using local certificate, any remote resource can verify the device's identity. Using CA certificate, the device can verify the identity of remote resource by verifying the remote resource's digital certificate. A secure channel between the device and the remote resource is created only after this mutual verification. You can use the PKI configuration and operation commands to perform PKI operations on ACX7024 routers.

[See Public Key Infrastructure (PKI), PKI Overview, and PKI in Junos OS.]

SSH TCP forwarding disabled by default—We've disabled the SSH TCP forwarding feature by default to enhance security. To enable the SSH TCP forwarding feature, you can configure the allow-tcp-forwarding statement at the [edit system services ssh] hierarchy level.

In addition, we've deprecated the tcp-forwarding and no-tcp-forwarding statements at the [edit system services ssh] hierarchy level.

[See services (System Services).]

The RPD_OSPF_LDP_SYNC message not logged?On all Junos OS and Junos OS Evolved devices, when an LDP session goes down there is a loss of synchronization between LDP and OSPF. After the loss of synchronization, when an interface has been in the holddown state for more than three minutes, the system log message with a warning level is sent. This message appears in both the messages file and the trace file. However, the system log message does not get logged if you explicitly configure the hold-time for ldp-synchronization at the edit protocols ospf area area id interface interface name hierarchy level less than three minutes. The message is printed after three minutes.

To achieve consistency among resource paths, the resource path//mpls/signalling-protocols/segment-routing/aggregate-sid-counters/aggregate-sid-counter ip-addr='address'/state/countersname='name'/out-pkts/ is changed to /mpls/signaling-protocols/segment-routing/aggregate-sid-counters/aggregate-sid-counterip-addr='address'/state/counters name='name'/. The leaf "out-pkts" is removed from the end of the path, and "signalling" is changed to "signaling" (with one "l").

When the krt-nexthop-ack statement is configured, the RPD will wait for the next hop to get acknowledged by PFE before using it for a route. Currently, only BGP-labeled routes and RSVP routes support this statement. All other routes will ignore this statement.

Performance monitoring time interval with UTC on Junos OS Evolved platforms —The performance monitoring (PM) time interval for 1-day bins on Junos OS Evolved platforms begins at midnight in the UTC zone, aligning with the standard behaviour of Junos OS. This synchronization allows you to maintain consistent performance monitoring schedules across platforms, enhancing the accuracy and reliability of network performance data.

When you configure max-cli-sessions at the edit system hierarchy level, it restricts the maximum number of cli sessions that can coexist at any time. Once the max-cli-sessions number is reached, new CLI access is denied. The users who are configured to get the CLI upon login, are also denied new login.

Load JSON configuration data with unordered list entries (ACX Series, PTX Series, and QFX Series)—The Junos schema requires that list keys precede any other siblings within a list entry and appear in the order specified by the schema. Junos devices provide two options to load JSON configuration data that contains unordered list entries:

• Use the request system convert-json-configuration operational mode command to produce JSON configuration data with ordered list entries before loading the data on the device.

• Configure the reorder-list-keys statement at the [edit system configuration input format json] hierarchy level. After you configure the statement, you can load JSON configuration data with unordered list entries, and the device reorders the list keys as required by the Junos schema during the load operation.

When you configure the reorder-list-keys statement, the load operation can take significantly longer to parse the configuration, depending on the size of the configuration and number of lists. Therefore, for large configurations or configurations with many lists, we recommend using the request system convert-json-configuration command instead of the reorder-list-keys statement.

[See json and request system convert-json-configuration.]

A new field rollback pending is added to the output of show system commit that identifies whether commit confirmed is issued. It is removed once commit or commit check is issued or commit confirmed is rolled back after rollback timeout.

Persistent CLI timestamps—To have a persistent CLI timestamp for the user currently logged in, enable the set cli timestamp operational command. This ensures the timestamp shows persistently for each new line of each SSH session for the user or class until the configuration is removed. To enable timestamp for a particular class with permissions and format for different users, configure the following statements:

To enable timestamp for a particular user with default class permissions and format, configure the following statements: