What's Changed

Flow-label configuration status for EVPN ELAN services-The output for the show evpn instance extensive command now displays the flow-label and flow-label-static operational status for a device and not for the routing instances. A device with flow-label enabled supports flow-aware transport (FAT) flow labels and advertises its support to its neighbors. A device with flow-label-static enabled supports FAT flow labels but does not advertise its capabilities.

Updated output for show route table—The output for show route table bgp.evpn.0 now displays L2 service TLV type. Previously, the output displayed the L3 service TLV.

Enhanced bandwidth and burst policer value (MX Series and EX9200 Series)]--We've updated the default bandwidth value from 20000 to 100 pps and burst policer value from 20000 to 100 packets. This enhancement avoids the CPU usage of eventd and snmpd reaching more than 100%. Earlier to this release, when the system receives a violated traffic for SNMP along with other protocols traffic, the CPU usage of eventd and snmpd was reaching more than 100% with an error.

[See show ddos-protection protocols parameters.]

PTP configuration might not function correctly on an MX10008 Router with JNP10K-LC2101 Line card: - when Hypermode is enabled. Hypermode can be enabled by default when MX10008 Router has Switch Fabric Board 2 (SFB2), or by using the command set forwarding-options hyper mode. Hence, such PTP interfaces (slave, master, stateful) are unsupported. if an aggregated Ethernet (AE) interface is configured and either the primary or secondary links on the AE do not support PTP with Hypermode, then the whole AE is marked as unsupported.

Prior to this change when route sharding is configured the output of CLI show route commands included information about sharding. After the change the use must add the "rib-sharding all" argument to CLI show route commands to display sharding information.

The traffic rate could display incorrect values in the "show services inline ip-reassembly statistics fpc x pfe-slot y" output.

Qualification check for "ordered-by-user" -- Review to check and confirm if hierarchies qualify for "ordered-by-user" list type. Once show policy-options prefix-list is initiated by the user, the hierarchies appear in the order updated by the user. This enhancement organizes the hierarchies in ascending order.

In order to monitor vmhost storage usage: A new minor alarm, VMHost RE 0 Disk 1 inode usage breached threshold is introduced. The existing minor alarm, VMHost RE 0 Disk 1 Usage is above threshold is changed to VMHost RE 0 Disk 1 Size usage breached threshold.

Support for DDoS protocol (MX10008)-We've enabled the DDoS protocol support at the [edit system ddos-protection] hierarchy level for MX10008 devices. In earlier releases, the MX10008 devices did not support these DDoS protocol statements.

• Filter-action
• Virtual-chassis
• Ttl
• Redirect
• Re-services
• Re-services-v6
• Rejectv6
• L2pt
• Syslog
• Vxlan

[See protocols (DDoS).]

Instance type change is not permitted from default to L3VRF in open configuration (ACX Series, EX Series, MX Series, QFX Series, SRX Series, vMX, and vSRX)--DEFAULT_INSTANCE is the primary instance that runs when there is no specific instance type configured in the route set routing-options?. Any instance you explicitly configure is translated into set routing-instance r1 routing-options?. The issue appears in translation, when you change instance type DEFAULT_INSTANCE (any instance to DEFAULT_INSTANCE) to L3VRF or L3VRF to DEFAULT_INSTANCE. As a result, such changes are not permitted. Additionally, DEFAULT_INSTANCE can only be named DEFAULT, and DEFAULT is reserved for DEFAULT_INSTANCE, therefore allowing no such changes.

Instance type change is not permitted from default to L3VRF in open configuration (ACX Series, EX Series, MX Series, QFX Series, SRX Series, vMX, and vSRX)—DEFAULT_INSTANCE is the primary instance that runs when there is no specific instance type configured in the route set routing-options?. Any instance you explicitly configure is translated into set routing-instance r1 routing-options?. The issue appears in translation, when you change instance type DEFAULT_INSTANCE (any instance to DEFAULT_INSTANCE) to L3VRF or L3VRF to DEFAULT_INSTANCE. As a result, such changes are not permitted. Additionally, DEFAULT_INSTANCE can only be named DEFAULT, and DEFAULT is reserved for DEFAULT_INSTANCE, therefore allowing no such changes.

Router advertisement module status on backup Routing Engine (MX Series)—The router advertisement module does not function in the backup Routing Engine as the Routing Engine does not send an acknowledgment message after receiving the packets. Starting in this Junos OS Release, you can view the router advertisement module information using the show ipv6 router-advertisement operational command.

[See show ipv6 router-advertisement.]

For Access Gateway Function (AGF) statistics, consistency changes are implemented for specific leaf values in telemetry data to match field values in Junos CLI operational mode commands. AGF NG Application Protocol (NGAP) data streamed to a collector and viewable from the Junos CLI now displays "ngap-amf-stats-init-ctx-setup-failure" and Access and Mobility Function (AMF) overload state now displays "On, Off".

Multicast debug information added in EVPN options to request system information command (MX Series, QFX Series)—The output from CLI command request support information evpn-vxlan now includes additional information to help debug EVPN multicast issues.

[See request support information.]

Modified show ancp subscriber details output fields (MX Series)--As the access loop encapsulation is transport independent it can be either passive optical network (PON) or DSL TLV. Hence, the show ancp subscriber details output field should not tag the details as a DSL TLV. Therefore, we've modified the existing DSL Line Data Link, DSL Line Encapsulation, and DSL Line Encapsulation Payload output fields to the following respectively:

• Access Loop Encapsulation Data Link
• Access Loop Encapsulation Encapsulation1
• Access Loop Encapsulation Encapsulation2

[See show ancp subscriber.]

Ability to commit extension-service file configuration when application file is unavailable—When you set the optional option at the edit system extension extension-service application file file-name hierarchy level, the operating system can commit the configuration even if the file is not available at the /var/db/scripts/jet file path.

[See file (JET).]

Change in display of affinity constraints to hexadecimal values (MX10004, ACX7100-32C, ACX7100-48L, ACX7509, ACX7024, PTX10001-36MR, PTX10004, PTX10008, and PTX10016)-Starting in Junos OS release 22.4R1 and Junos Evolved Release 22.4R1, in the output of the <codeph>show ted spring-te-policy extensive</codeph> operational command, the affinity constraints will be displayed in hexadecimal format instead of decimal.

[See show ted spring-te-policy extensive.]

Display flexible algorithm information for SRv6 locators in TED database]--Use the show ted database extensive command to view the metric, flags, and flexible algorithm information associated with a SRv6 locator. Prior to this release, this information was not included in the TED database.

[See show ted database.]

Junos YANG modules for RPCs include the junos:command extension statement (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)--The Junos YANG modules that define RPCs for operational mode commands include the <codeph>junos:command</codeph> extension statement in schemas emitted with extensions. The statement defines the CLI command for the corresponding RPC. The Juniper YANG GitHub repository stores the RPC schemas with extensions in the rpc-with-extensions directory for the given release and device family. Additionally, when you configure the emit-extensions statement at the [edit system services netconf yang-modules] hierarchy level and generate the YANG schemas on the local device, the YANG modules for RPCs include the junos:command extension statement.

Enhancement to the jnxRmonAlarmState (ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series)—You can now view the following additional values for the jnxRmonAlarmState when you use the show snmp mib walk jnxRmonAlarmTable: fallingThreshold (6) - If the value is less than or equal to falling-threshold risingThreshold (5) - If the value is greater than or equal to rising-threshold getFailure (7)- If the value is any value other than noError for the current internal 'get' request In earlier releases, you could view only the following status for the jnxRmonAlarmState: unknown (1), underCreation (2), or active (3).

operator login class is restricted from viewing NETCONF trace files that are no-world-readable (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—When you configure NETCONF tracing options at the [edit system services netconf traceoptions] hierarchy level and you restrict file access to the file owner by setting or omitting the no-world-readable statement (the default), users assigned to the operator login class do not have permissions to view the trace file.

New options for the request system snapshot command (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The request system snapshot command includes new options for non-recovery snapshots. You can include the name option to specify a user-defined name for the snapshot, and you can include the configuration or no-configuration option to include or exclude configuration files in the snapshot. By default, the snapshot saves the configuration files, which include the contents of the /config and /var directories and certain SSH files.

[See request system snapshot (Junos OS with Upgraded FreeBSD).]

Persistent CLI timestamps-To have a persistent CLI timestamp for the user currently logged in, enable the set cli timestamp operational command. This ensures the timestamp shows persistently for each new line of each SSH session for the user or class until the configuration is removed. To enable timestamp for a particular class with permissions and format for different users, configure the following statements: set system login class <variable>class name</variable> permissions <variable>permissions</variable> set system login class <variable>class name</variable> cli timestamp set system login user username class <variable>class name</variable> authentication plain-text-password Note: The default timestamp format is %b %d %T. You can modify the format per your requirements. For example, you can configure the following statement:set system login class <variable>class name</variable> cli timestamp format "%T %b %d To enable timestamp for a particular user with default class permissions and format, configure the following statements: set system login user username class <variable>class name</variable> authentication plain-text-passwordset system login user <variable>username</variable> cli timestamp