Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

What's Changed

Learn about what changed in this release for MX Series routers.

Network Management and Monitoring

  • operator login class is restricted from viewing NETCONF trace files that are no-world-readable (ACX Series, EX Series, MX Series, QFX Series, SRX Series, vMX, and vSRX)—When you configure NETCONF tracing options at the [edit system services netconf traceoptions] hierarchy level and you restrict file access to the file owner by setting or omitting the no-world-readable statement (the default), users assigned to the operator login class do not have permissions to view the trace file.

  • Support for the junos:cli-feature YANG extension (ACX Series, EX Series, MX Series, QFX Series, SRX Series, vMX, and vSRX)—The cli-feature YANG extension identifies certain CLI properties associated with some command options and configuration statements. The Junos YANG modules that define the configuration or RPCs include the cli-feature extension statement, where appropriate, in schemas emitted with extensions. This extension is beneficial when a client consumes YANG data models, but for certain workflows, the client needs to generate CLI-based tools.

    [See Understanding the Junos DDL Extensions YANG Module.]

  • XML tag in the get-system-yang-packages RPC reply changed (ACX Series, EX Series, MX Series, QFX Series, SRX Series, vMX, and vSRX)—The get-system-yang-packages RPC reply replaces the xmlproxy-yang-modules tag with the proxy-xml-yang-modules tag in the XML output.

  • Changes to the NETCONF server's <rpc-error> element when the operation="delete" operation deletes a nonexistent configuration object (ACX Series, EX Series, MX Series, QFX Series, SRX Series, vMX, and vSRX)—We've changed the <rpc-error> response that the NETCONF server returns when the <edit-config> or <load-configuration> operation uses operation="delete" to delete a configuration element that is absent in the target configuration. The error severity is error instead of warning, and the <rpc-error> element includes the <error-tag>data-missing</error-tag> and <error-type>application</error-type> elements.

PKI

  • Deprecating options related to certificate enrollment (Junos)—Starting in Junos OS Release 23.2R1, we’re deprecating earlier CLI options related to Public Key Infrastructure (PKI) to enroll and reenroll local certificate through Simple Certificate Enrolment Protocol (SCEP). The table below shows the Junos CLI commands and configuration statements with the options being deprecated. You can find the same CLI options now available under scep option in these commands and statements.

    Table 1: Deprecated Junos CLI Options

    Junos CLI Commands and Statements

    Deprecated Options

    set security pki auto-re-enrollment

    certificate-id

    request security pki local-certificate enroll

    ca-profile

    certificate-id

    challenge-password

    digest

    domain-name

    email

    ip-address

    ipv6-address

    logical-system

    scep-digest-algorithm

    scep-encryption-algorithm

    subject

    request security pki node-local local-certificate enroll

    ca-profile

    certificate-id

    challenge-password

    digest

    domain-name

    email

    ip-address

    ipv6-address

    logical-system

    scep-digest-algorithm

    scep-encryption-algorithm

    subject

    [See auto-re-enrollment (Security), request security pki local-certificate enroll scep, and request security pki node-local local-certificate enroll.]