What's Changed in Release 22.3R1

CPU utilization greater than 100% (ACX Series) —On ACX Series routers running Junos OS Evolved, the show system processes command might report CPU utilization spikes greater than 100%. This kind of CPU utilization is normal behavior, and no user action is required. The CPU utilization spikes represent the sum of individual processor threads and not of the entire system CPU capacity.

[See show system processes.]

OpenConfig container names for Point-to-Multipoint per interface ingress and egress sensors are modified for consistency from "signalling" to "signaling."

Support for PKI daemon (ACX7024)— We've introduced support for public key infrastructure (PKI) daemon on ACX7024 routers. The PKI daemon provides support to create two kinds of digital certificates on the device: a local certificate and a CA certificate. Using the local certificate, any remote resource can verify the device's identity. Using the CA certificate, the device can verify the identity of a remote resource by verifying the remote resource's digital certificate. A secure channel between the device and the remote resource is created only after this mutual verification. You can use the PKI configuration and operation commands to perform PKI operations on ACX7024 routers.

[See Public Key Infrastructure (PKI).]

sFlow configuration— sFlow configuration is allowed only on et, xe, and ge interfaces in EVO-based platforms. All other interfaces are blocked for configuring sFlow on EVO platforms. A cli error will be thrown if sFlow is configured on any other interface other than et, xe or ge interface.

Enhanced SSH hostkey algorithm configuration—We've introduced the hostkey-algorithm-list statement at the [edit system services ssh] hierarchy level. This enhancement enables you to configure only the specified SSH hostkey algorithms. The system disables the remaining unspecified hostkey algorithms. In earlier releases, you need to disable the hostkey algorithms explicitly. All the hostkey algorithms at this hierarchy are enabled by default. The DSS algorithm is no longer available at this new hierarchy level.

In addition, we've deprecated the hostkey-algorithm statement at the [edit system services ssh] hierarchy level.

[See hostkey-algorithm.]

Instance type change is not permitted from default to L3VRF in open configuration (ACX Series and QFX Series)—DEFAULT_INSTANCE is the primary instance that runs when there is no specific instance type configured in the route set routing-options?. Any instance you explicitly configure is translated into set routing-instance r1 routing-options?. The issue appears in translation, when you change instance type DEFAULT_INSTANCE (any instance to DEFAULT_INSTANCE) to L3VRF or L3VRF to DEFAULT_INSTANCE. As a result, such changes are not permitted. Additionally, DEFAULT_INSTANCE can only be named DEFAULT, and DEFAULT is reserved for DEFAULT_INSTANCE, therefore allowing no such changes.

Prior to this change when route sharding is configured the output of CLI show route commands included information about sharding. After the change the use must add the rib-sharding all argument to CLI show route commands to display sharding information.

Support for configuring multi-chassis protection at the global level (ACX7509)—We've enabled the multi-chassis-protection statement at the edit multi-chassis global hierarchy level for ACX7509 devices. In earlier releases, multi-chassis-protection could only be enabled at the interface level.

The traffic rate could display incorrect values in the show services inline ip-reassembly statistics fpc x pfe-slot y output.

Python 3 is the default and only Python version for executing Juniper Extension Toolkit Python scripts (ACX Series, PTX Series, and QFX Series)—Junos OS Evolved supports only Python 3 for executing Juniper Extension Toolkit (JET) scripts written in Python. Python 2.7 is no longer supported for executing JET scripts, and we've deprecated the language python statement at the [edit system scripts] hierarchy level.

[See Understanding Python Automation Scripts for Junos Devices.]

Deprecated functions in the libpyvrf Python module (ACX Series, PTX Series, and QFX Series)—The libpyvrfPython module no longer supports the get_task_vrf() and set_task_vrf() functions.

[See How to Specify the Routing Instance in Python 3 Applications on Devices Running Junos OS Evolved.]

Python 3 is the default and only Python version for executing commit, event, op, and SNMP Python scripts (ACX Series, PTX Series, and QFX Series)—Junos OS Evolved supports only Python 3 for executing commit, event, op, and SNMP scripts written in Python. Python 2.7 is no longer supported for executing these types of scripts, and we've deprecated the language python statement at the [edit system scripts] hierarchy level.

[See Understanding Python Automation Scripts for Junos Devices.]

Starting with Junos OS and Junos Evolved release 21.4R3, a CSPF LSP uses a new instance ID when attempting to re-signal a down LSP.

Display flexible algorithm information for SRv6 locators in TED database—Use the show ted database extensive command to view the metric, flags, and flexible algorithm information associated with a SRv6 locator. Prior to this release, this information was not included in the TED database.

[See show ted database.]

Python 3 is the default and only Python version for executing YANG action and translation Python scripts (ACX Series, PTX Series, and QFX Series)—Junos OS Evolved supports only Python 3 for executing YANG action and translation scripts written in Python. Python 2.7 is no longer supported for executing YANG action and translation scripts, and we've deprecated the language python statement at the [edit system scripts] hierarchy level.

[See Understanding Python Automation Scripts for Junos Devices.]

Enhancement to the jnxRmonAlarmState (ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series)—You can now view the following additional values for the jnxRmonAlarmState when you use the show snmp mib walk jnxRmonAlarmTable: fallingThreshold (6) - If the value is less than or equal to falling-threshold risingThreshold (5) - If the value is greater than or equal to rising-threshold getFailure (7)- If the value is any value other than noError for the current internal 'get' request In earlier releases, you could view only the following status for the jnxRmonAlarmState: unknown (1), underCreation (2), or active (3).

Enhanced bandwidth and burst policer value—We've updated the default bandwidth value from 20000 to 100 pps and burst policer value from 20000 to 100 packets.

[See show ddos-protection protocols parameters.]

Starting Junos Evolved release 22.3R1, support is provided to limit Network Time Protocol (NTP) configuration to one address family (inet vs inet6). You can configure one source-address per inet and inet6 family for each routing-instance in NTP. For example, the following configuration is valid: set system ntp source-address 2620:149:1d06:100::1 set system ntp source-address 10.10.10.100.

Command to automate SSH key-based authentication (ACX Series, PTX Series, and QFX Series)—You can set up SSH-key based authentication between the network device and a remote host by issuing the request security ssh password-less-authentication operational mode command. When you execute the command with the appropriate options, the device generates SSH keys for the current user, provided the user does not already have existing keys, and transfers the user's public key to the authorized_keys file of the specified user on the remote host.

[See request security ssh password-less-authentication.]

Performance monitoring time interval with UTC on Junos OS Evolved platforms —The performance monitoring (PM) time interval for 1-day bins on Junos OS Evolved platforms begins at midnight in the UTC zone, aligning with the standard behaviour of Junos OS. This synchronization allows you to maintain consistent performance monitoring schedules across platforms, enhancing the accuracy and reliability of network performance data.

Support for temperature sensor (PTX10001-36MR)—We support the temperature sensor statement at the edit chassis cb hierarchy level. You can use the temperature sensor statement to increase the fan speed and customize the temperature threshold. We recommend certain values for ZR and ZR-M modules to work which helps the temperature to remain within the thresholds.

[See temperature-sensor.]

Persistent CLI timestamps—To have a persistent CLI timestamp for the user currently logged in, enable the set cli timestamp operational command. This ensures the timestamp shows persistently for each new line of each SSH session for the user or class until the configuration is removed. To enable timestamp for a particular class with permissions and format for different users, configure the following statements:

To enable timestamp for a particular user with default class permissions and format, configure the following statements: