What’s Changed in Release 22.2R1
General Routing
-
Instance type change is not permitted from default to L3VRF in open configuration (ACX Series and QFX Series)—DEFAULT_INSTANCE is the primary instance that runs when there is no specific instance type configured in the route
set routing-options?
. Any instance you explicitly configure is translated intoset routing-instance r1 routing-options?
. The issue appears in translation, when you change instance type DEFAULT_INSTANCE (any instance to DEFAULT_INSTANCE) to L3VRF or L3VRF to DEFAULT_INSTANCE. As a result, such changes are not permitted. Additionally, DEFAULT_INSTANCE can only be named DEFAULT, and DEFAULT is reserved for DEFAULT_INSTANCE, therefore allowing no such changes. -
Stateful port configuration for PTP over Ethernet and default profile is supported only on boundary clock mode and not on ordinary clock mode.
-
Change in in unnumbered-address support for GRE tunnel—There is a behavioural change in unnumbered-address support for GRE tunnel with IPv6 family and display donor interface for both IPv4 and IPv6 families of GRE tunnel. You can view interface donor details under show interfaces hierarchy level.
[See show interfaces.]
Interfaces and Chassis
-
Display the donor details of the IPv6 borrower interface— The output for the show interfaces command now displays the donor details of the IPv6 borrower interface.
[See show interfaces.]
Layer 3 VPN
-
Instance type change is not permitted from default to L3VRF in open configuration (ACX Series and QFX Series)—DEFAULT_INSTANCE is the primary instance that runs when there is no specific instance type configured in the route
set routing-options ?
. Any instance you explicitly configure is translated intoset routing-instance r1 routing-options ?
. The issue appears in translation, when you change instance type DEFAULT_INSTANCE (any instance to DEFAULT_INSTANCE) to L3VRF or L3VRF to DEFAULT_INSTANCE. As a result, such changes are not permitted. Additionally, DEFAULT_INSTANCE can only be named DEFAULT, and DEFAULT is reserved for DEFAULT_INSTANCE, therefore allowing no such changes.
OpenConfig
-
OpenConfig container names for Point-to-Multipoint per interface ingress and egress sensors are modified for consistency from "signalling" to "signaling".
Multicast
Changes to
show mvpn c-multicast
andshow mvpn instance
outputs— The FwdNh output field displays the multicast tunnel (mt) interface in the case of Protocol Independent Multicast (PIM) tunnels.[See show mvpn c-multicast.]
.]
MPLS
-
When defining a constrained path LSP using more than one strict hop belonging to the egress node, the first strict hop must be set to match the IP address assigned to the egress node on the interface that receives the RSVP Path message. If the incoming RSVP Path message arrives on an interface with a different IP address the LSP is rejected.
Network Management and Monitoring
-
Changes to the NETCONF
<edit-config>
RPC response (ACX Series, PTX Series, and QFX Series)—When the<edit-config>
operation returns an error, the NETCONF server does not emit a<load-error-count>
element in the RPC response. In earlier releases, the<edit-config>
RPC response includes the<load-error-count>
element when the operation fails. -
Limits increased for the
max-datasize
statement (ACX Series, PTX Series, and QFX Series)— Themax-datasize
statement's minimum configurable value is increased from 23,068,672 bytes (22 MB) to 268,435,456 bytes (256 MB), and the maximum configurable value is increased from 1,073,741,824 (1 GB) to 2,147,483,648 (2 GB) for all script types. Furthermore, if you do not configure themax-datasize
statement for a given script type, the default maximum memory allocated to the data segment portion of a script is increased to 1024 MB. Higher limits ensure that the device allocates a sufficient amount of memory to run the affected scripts.[See max-datasize.]
-
Change in behavior of SNMP MIB object ifAlias— SNMP MIB object ifAlias now shows the configured interface alias. In earlier releases, ifAlias used to show configured interface description.
-
DES deprecation for SNMPv3—The Data Encryption Standard (DES) privacy protocol for SNMPv3 is deprecated due to weak security and vulnerability to cryptographic attacks. For enhanced security, configure the triple Data Encryption Standard (3DES) or the Advanced Encryption Standard (CFB128-AES-128 Privacy Protocol) as the encryption algorithm for SNMPv3 users.
See privacy-3des and privacy-aes128
Public Key Infrastructure
-
Support for PKI daemon (ACX7024)— We've introduced support for PKI (public key infrastructure) daemon on ACX7024 routers. PKI daemon provides support to create two kinds of digital certificates on the device, local certificate and CA certificate. Using local certificate, any remote resource can verify the device's identity. Using CA certificate, the device can verify the identity of remote resource by verifying the remote resource's digital certificate. A secure channel between the device and the remote resource is created only after this mutual verification. You can use the PKI configuration and operation commands to perform PKI operations on ACX7024 routers.
[See Public Key Infrastructure (PKI), PKI Overview, and PKI in Junos OS.]
Routing Protocols
-
SSH TCP forwarding disabled by default—We've disabled the SSH TCP forwarding feature by default to enhance security. To enable the SSH TCP forwarding feature, you can configure the
allow-tcp-forwarding
statement at the[edit system services ssh]
hierarchy level.In addition, we've deprecated the
tcp-forwarding
andno-tcp-forwarding
statements at the[edit system services ssh]
hierarchy level.[See services (System Services).]
-
The RPD_OSPF_LDP_SYNC message not logged?On all Junos OS and Junos OS Evolved devices, when an LDP session goes down there is a loss of synchronization between LDP and OSPF. After the loss of synchronization, when an interface has been in the holddown state for more than three minutes, the system log message with a warning level is sent. This message appears in both the messages file and the trace file. However, the system log message does not get logged if you explicitly configure the
hold-time
forldp-synchronization
at theedit protocols ospf area area id interface interface name
hierarchy level less than three minutes. The message is printed after three minutes. -
To achieve consistency among resource paths, the resource path//mpls/signalling-protocols/segment-routing/aggregate-sid-counters/aggregate-sid-counter ip-addr='address'/state/countersname='name'/out-pkts/ is changed to /mpls/signaling-protocols/segment-routing/aggregate-sid-counters/aggregate-sid-counterip-addr='address'/state/counters name='name'/. The leaf "out-pkts" is removed from the end of the path, and "signalling" is changed to "signaling" (with one "l").
-
When the krt-nexthop-ack statement is configured, the RPD will wait for the next hop to get acknowledged by PFE before using it for a route. Currently, only BGP-labeled routes and RSVP routes support this statement. All other routes will ignore this statement.
Timing and Synchronization
-
Performance monitoring time interval with UTC on Junos OS Evolved platforms —The performance monitoring (PM) time interval for 1-day bins on Junos OS Evolved platforms begins at midnight in the UTC zone, aligning with the standard behaviour of Junos OS. This synchronization allows you to maintain consistent performance monitoring schedules across platforms, enhancing the accuracy and reliability of network performance data.
User Interface and Configuration
-
When you configure
max-cli-sessions
at theedit system
hierarchy level, it restricts the maximum number of cli sessions that can coexist at any time. Once themax-cli-sessions
number is reached, new CLI access is denied. The users who are configured to get the CLI upon login, are also denied new login. -
Load JSON configuration data with unordered list entries (ACX Series, PTX Series, and QFX Series)—The Junos schema requires that list keys precede any other siblings within a list entry and appear in the order specified by the schema. Junos devices provide two options to load JSON configuration data that contains unordered list entries:
-
Use the
request system convert-json-configuration
operational mode command to produce JSON configuration data with ordered list entries before loading the data on the device. -
Configure the
reorder-list-keys
statement at the[edit system configuration input format json]
hierarchy level. After you configure the statement, you can load JSON configuration data with unordered list entries, and the device reorders the list keys as required by the Junos schema during the load operation.
When you configure the
reorder-list-keys
statement, the load operation can take significantly longer to parse the configuration, depending on the size of the configuration and number of lists. Therefore, for large configurations or configurations with many lists, we recommend using therequest system convert-json-configuration
command instead of thereorder-list-keys
statement.[See json and request system convert-json-configuration.]
-
-
A new field
rollback pending
is added to the output ofshow system commit
that identifies whethercommit confirmed
is issued. It is removed oncecommit
orcommit check
is issued orcommit confirmed
is rolled back after rollback timeout. -
Persistent CLI timestamps—To have a persistent CLI timestamp for the user currently logged in, enable the
set cli timestamp
operational command. This ensures the timestamp shows persistently for each new line of each SSH session for the user or class until the configuration is removed. To enable timestamp for a particular class with permissions and format for different users, configure the following statements:set system login class class name permissions permissions set system login class class name cli timestamp set system login user username class class name authentication plain-text-password
Note: The default timestamp format is %b %d %T. You can modify the format per your requirements. For example, you can configure the following statement:set system login class class name cli timestamp format "%T %b %d
To enable timestamp for a particular user with default class permissions and format, configure the following statements:
set system login user username class class name authentication plain-text-password set system login user username cli timestamp