What's Changed

Flow-label configuration status for EVPN ELAN services The output for the show evpn instance extensive command now displays the flow-label and flow-label-static operational status for a device and not for the routing instances. A device with flow-label enabled supports flow-aware transport (FAT) flow labels and advertises its support to its neighbors. A device with flow-label-static enabled supports FAT flow labels but does not advertise its capabilities.

Updated output for show route table—The output for show route table bgp.evpn.0 now displays L2 service TLV type. Previously, the output displayed the L3 service TLV.

New enhancement "udp source port" for overlay ping and traceroute— In Junos OS releases prior to 22.4R1, you could not configure the udp source port in a ping overlay or traceroute overlay operation. You may now configure this value in an EVPN-VXLAN environment using hash. The configuration option hashwill override any other hash-* options that may be used to determine the source port value.

New options for the request system snapshot command (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The request system snapshot command includes new options for non-recovery snapshots. You can include the name option to specify a user-defined name for the snapshot, and you can include the configuration or no-configuration option to include or exclude configuration files in the snapshot. By default, the snapshot saves the configuration files, which include the contents of the /config and /var directories and certain SSH files.

[See request system snapshot (Junos OS with FreeBSD).]

When subscribing to the resource path /junos/system/linecard/environment, the prefix for the streamed path at the collector side was displaying as /junos/linecard/environment. This issue is resolved in Junos OS 23.1R1 and Junos OS Evolved 23.1R1 and the subscription path and the streamed path match to display /junos/system/linecard/environment.

The Ethernet link fault management process (lfmd) runs only when the link-fault-management protocol is configured.

XML tag in the get-system-yang-packages RPC reply changed (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—The get-system-yang-packages RPC reply replaces the xmlproxy-yang-modules tag with the proxy-xml-yang-modules tag in the XML output.

Changes to Aggregate Level Policer at FPC (EX9208)—The summation of newly added sub-policers HELLO and UNCLS for DDOS protocols OSPF, OSPFv3, and RSVP result in the correct reporting of counters at the FPC level, for example, packet drops. Earlier, you could configure the OSPF, OSPFv3, and RSVP aggregate policer at the FPC level directly. You can use the following CLI statements to configure the burst and bandwidth values for OSPF, OSPFv3, and RSVP.

set system ddos-protection protocols ospf ospf-hello burst size bandwidth packets-per-second

set system ddos-protection protocols ospf ospf-uncls burst 10000 bandwidth 10000

set system ddos-protection protocols ospfv3v6 ospfv3v6-hello burst 10000 bandwidth 10000

set system ddos-protection protocols ospfv3v6 ospfv3v6-uncls burst 10000 bandwidth 10000

set system ddos-protection protocols rsvp rsvp-hello burst 10000 bandwidth 10000

set system ddos-protection protocols rsvp rsvp-uncls burst 10000 bandwidth 10000

[See Protocols (DDOS).]

operator login class is restricted from viewing NETCONF trace files that are no-world-readable (ACX Series, EX Series, MX Series, QFX Series, SRX Series, vMX, and vSRX)—When you configure NETCONF tracing options at the [edit system services netconf traceoptions] hierarchy level and you restrict file access to the file owner by setting or omitting the no-world-readable statement (the default), users assigned to the operator login class do not have permissions to view the trace file.

Support for the junos:cli-feature YANG extension (ACX Series, EX Series, MX Series, QFX Series, SRX Series, vMX, and vSRX)—The cli-feature YANG extension identifies certain CLI properties associated with some command options and configuration statements. The Junos YANG modules that define the configuration or RPCs include the cli-feature extension statement, where appropriate, in schemas emitted with extensions. This extension is beneficial when a client consumes YANG data models, but for certain workflows, the client needs to generate CLI-based tools.

[See Understanding the Junos DDL Extensions YANG Module.]

XML tag in the get-system-yang-packages RPC reply changed (ACX Series, EX Series, MX Series, QFX Series, SRX Series, vMX, and vSRX)—The get-system-yang-packages RPC reply replaces the xmlproxy-yang-modules tag with the proxy-xml-yang-modules tag in the XML output.

Changes to the NETCONF server's <rpc-error> element when the operation="delete" operation deletes a nonexistent configuration object (ACX Series, EX Series, MX Series, QFX Series, SRX Series, vMX, and vSRX)—We've changed the <rpc-error> response that the NETCONF server returns when the <edit-config> or <load-configuration> operation uses operation="delete" to delete a configuration element that is absent in the target configuration. The error severity is error instead of warning, and the <rpc-error> element includes the <error-tag>data-missing</error-tag> and <error-type>application</error-type> elements.

The ping host | display xml validate command validates XML without error (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, and vMX)—In Junos OS and Junos OS Evolved releases prior to 22.4R2, the ping host | display xml validate command results in CRITICAL ERROR: Root tag name mismatch. Expected 'ping-results', got 'run-command'. The command now validates the XML successfully without error.

[See ping.]

Prior to this change, devices by default responded only to ARP requests originating from the same subnet. Configure the new CLI option, respond-out-of-subnet at the [edit system arp] hierarchy level to allow ARP reply to a request that originates from a different subnet.