What's Changed in Release 22.3R1

Enhanced SSH hostkey algorithm configuration—We've introduced the hostkey-algorithm-list statement at the [edit system services ssh] hierarchy level. This enhancement enables you to configure only the specified SSH hostkey algorithms. The system disables the remaining unspecified hostkey algorithms. In earlier releases, you need to disable the hostkey algorithms explicitly. All the hostkey algorithms at this hierarchy enabled by default. The DSS algorithm is no longer available at this new hierarchy.

In addition, we've deprecated the hostkey-algorithm statement at the [edit system services ssh] hierarchy level.

[See hostkey-algorithm.]

AR replicators with OISM install multicast states only on the OISM SBD (QFX5130-32CD and QFX5700)—In an EVPN-VXLAN ERB fabric with many VLANs, QFX5130-32CD and QFX5700 switches running as assisted replication (AR) replicators with optimized intersubnet multicast (OISM) might have scaling issues when they install multicast (*,G) states (with IGMPv2) or (S,G) states (with IGMPv3). As a result, these switches only install these multicast states on the OISM supplemental bridge domain (SBD) VLAN. They don't install these states on all OISM revenue bridge domain VLANs. On those devices, you see multicast group routes only on the SBD in show multicast snooping route command output.

[See OISM and AR Scaling with Many VLANs.]

Starting in Junos OS Evolved Releases 22.1R3, 22.2R2, and 22.3R1, QFX5130 switches don't copy the Type of Service (ToS) field when encapsulating a VXLAN packet by default. You can enable copying the ToS field upon VXLAN encapsulation using the vxlan-tos-copy-filter statement at the edit forwarding-options hierarchy. This statement copies both the DSCP and ECN values in the ToS field from the IP header of a packet to the outer IP header of the VXLAN packet.

Instance type change is not permitted from default to L3VRF in open configuration (ACX Series and QFX Series)—DEFAULT_INSTANCE is the primary instance that runs when there is no specific instance type configured in the route set routing-options?. Any instance you explicitly configure is translated into set routing-instance r1 routing-options?. The issue appears in translation, when you change instance type DEFAULT_INSTANCE (any instance to DEFAULT_INSTANCE) to L3VRF or L3VRF to DEFAULT_INSTANCE. As a result, such changes are not permitted. Additionally, DEFAULT_INSTANCE can only be named DEFAULT, and DEFAULT is reserved for DEFAULT_INSTANCE, therefore allowing no such changes.

Prior to this change when route sharding is configured the output of CLI show route commands included information about sharding. After the change the use must add the rib-sharding all argument to CLI show route commands to display sharding information.

sFlow configuration? sFlow configuration is allowed only on et, xe, and ge interfaces in EVO-based platforms. All other interfaces are blocked for configuring sFlow on EVO platforms. A cli error will be thrown if sFlow is configured on any other interface other than et, xe or ge interface.

The traffic rate could display incorrect values in the show services inline ip-reassembly statistics fpc x pfe-slot y output.

Python 3 is the default and only Python version for executing Juniper Extension Toolkit Python scripts (ACX Series, PTX Series, and QFX Series)—Junos OS Evolved supports only Python 3 for executing Juniper Extension Toolkit (JET) scripts written in Python. Python 2.7 is no longer supported for executing JET scripts, and we've deprecated the language python statement at the [edit system scripts] hierarchy level.

[See Understanding Python Automation Scripts for Junos Devices.]

Deprecated functions in the libpyvrf Python module (ACX Series, PTX Series, and QFX Series)—The libpyvrfPython module no longer supports the get_task_vrf() and set_task_vrf() functions.

[See How to Specify the Routing Instance in Python 3 Applications on Devices Running Junos OS Evolved.]

Python 3 is the default and only Python version for executing commit, event, op, and SNMP Python scripts (ACX Series, PTX Series, and QFX Series)—Junos OS Evolved supports only Python 3 for executing commit, event, op, and SNMP scripts written in Python. Python 2.7 is no longer supported for executing these types of scripts, and we've deprecated the language python statement at the [edit system scripts] hierarchy level.

[See Understanding Python Automation Scripts for Junos Devices.]

Starting with Junos OS and Junos Evolved release 21.4R3 a CSPF LSP uses a new instance ID when attempting to re-signal a down LSP.

Python 3 is the default and only Python version for executing YANG action and translation Python scripts (ACX Series, PTX Series, and QFX Series)—Junos OS Evolved supports only Python 3 for executing YANG action and translation scripts written in Python. Python 2.7 is no longer supported for executing YANG action and translation scripts, and we've deprecated the language python statement at the [edit system scripts] hierarchy level.

[See Understanding Python Automation Scripts for Junos Devices.]

OpenConfig container names for Point-to-Multipoint per interface ingress and egress sensors are modified for consistency from "signalling" to "signaling".

Enhanced bandwidth and burst policer value—We've updated the default bandwidth value from 20000 to 100 pps and burst policer value from 20000 to 100 packets. This enhancement avoids the CPU usage of eventd and snmpd reaching more than 100%. Earlier to this release, when the system receives a violated traffic for SNMP along with other protocols traffic, the CPU usage of eventd and snmpd was reaching more than 100% with an error.

[See show ddos-protection protocols parameters.]

Command to automate SSH key-based authentication (ACX Series, PTX Series, and QFX Series)—You can set up SSH-key based authentication between the network device and a remote host by issuing the request security ssh password-less-authentication operational mode command. When you execute the command with the appropriate options, the device generates SSH keys for the current user, provided the user does not already have existing keys, and transfers the user's public key to the authorized_keys file of the specified user on the remote host.

[See request security ssh password-less-authentication.]

Support for temperature sensor (PTX10001-36MR)—We support the temperature sensor statement at the edit chassis cb hierarchy level. You can use the temperature sensor statement to increase the fan speed and customize the temperature threshold. We recommend certain values for ZR and ZR-M modules to work which helps the temperature to remain within the thresholds.

[See temperature-sensor.]