Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

What's Changed

Learn about what changed in this release for MX Series routers.

General Routing

  • The connectivity fault management process (cfmd) runs only when the ethernet connectivity-fault-management protocol is configured.

  • Prior to this change the output of a show task replication | display xml validate command returned an error of the form ERROR: Duplicate data element <task-protocol-replication-name>. With this change the XML output is properly structured with no validation errors.

  • Label for the hours unit of time displayed in output—When there are zero minutes in the output for the show system uptime command, the label for the hours unit of time is displayed.

    [See show system uptime.]

  • In the past inet6flow.0 was not allowed to be a primary rib in a rib-group. Starting with Release 22.3 this is now allowed.

  • The active-user-count is defined as a numeric integer value in ODL request output—The output for the get-system-uptime-information ODL request contains information for the active-user-count. The active-user-count is now defined as a numeric integer value and avoids an invalid value type error.

    [See show system uptime.]

  • The packet rate and byte rate fields for LSP sensors on AFT (with the legacy path) have been renamed as jnx-packet-rate and jnx-byte-rate and is in parity with the UKERN behavior. Previously, these rate fields were named as packetRate and byteRate.

  • Multicast debug information added in EVPN options to request system information command (MX Series and QFX Series)—The output from CLI command request support information evpn-vxlan now includes additional information to help debug EVPN multicast issues.

    [See request support information.]

  • Increased maximum limit for TTP TLVs (MX Series)—The Junos Kernel now accommodates an increased number of TTP TLVs (TNP Tunneling Protocol: type, length, and value messages) to help avoid dropped packets.

    [See show system statistics.]

  • Two new alarms are added and can be seen with MPC11E when 400G-ZR optics are used. High Power Optics Too Warm: warning of the increase in chassis ambient temperature with no functional action taken on the optics Temperature too high for optics power on: New inserted optics when the chassis ambient temperature is elevated beyond the threshold will not be powered on and would need to be reinserted when the ambient temperature is within the acceptable range.

Junos XML API and Scripting

  • Ability to commit extension-service file configuration when application file is unavailable—When you set the optional option at the [edit system extension extension-service application file file-name] hierarchy level, the operating system can commit the configuration even if the file is not available at the <filepath>/var/db/scripts/jet</filepath> file path.

    [See file (JET).]

  • Ability to restart restart daemonized applications—Use the request extension-service restart-daemonize-app application-name command to restart a daemonized application running on a Junos device. Restarting the application can assist you with debugging and troubleshooting.

    [See request extension-service restart-daemonize-app.]

  • The xmlns:junos attribute includes the complete software version string (ACX Series, EX Series, MX Series, QFX Series, SRX Series, vMX, and vSRX)—The xmlns:junos namespace string in XML RPC replies includes the complete software version release number, which is identical to the version emitted by the show version command. In earlier releases, the xmlns:junos string includes only partial software version information.

Network Management and Monitoring

  • Changes to the show system yang package (get-system-yang-packages RPC) XML output (ACX Series, EX Series, MX Series, QFX Series, SRX Series, vMX, and vSRX)—The show system yang package command and <get-system-yang-packages> RPC include the following changes to the XML output:

    • The root element is yang-package-information instead of yang-pkgs-info.

    • A yang-package element encloses each set of package files.

    • The yang-pkg-id tag is renamed to package-id.

    • If the package does not contain translation scripts, the Translation Script(s) (trans-scripts) value is none.

  • NETCONF server's <rpc-error> response changed when <load-configuration> uses operation="delete" to delete a nonexistent configuration object (ACX Series, EX Series, MX Series, QFX Series, SRX Series, vMX, and vSRX)—In an earlier release, we changed the NETCONF server's <rpc-error> response for when an <edit-config> or <load-configuration> operation uses operation="delete" to delete a configuration element that is absent in the target configuration. We've reverted the changes to the <load-configuration> response.

  • Changes to the RPC response for <validate> operations in RFC-compliant NETCONF sessions (ACX Series, EX Series, MX Series, QFX Series, SRX Series, vMX, and vSRX)—When you configure the rfc-compliant statement at the [edit system services netconf] hierarchy level, the NETCONF server emits only an <ok/> or <rpc-error> element in response to <validate> operations. In earlier releases, the RPC reply also includes the <commit-results> element.

PKI

  • Deprecating options related to certificate enrollment (Junos)—Starting in Junos OS Release 23.2R1, we’re deprecating earlier CLI options related to Public Key Infrastructure (PKI) to enroll and reenroll local certificate through Simple Certificate Enrolment Protocol (SCEP). The table below shows the Junos CLI commands and configuration statements with the options being deprecated. You can find the same CLI options now available under scep option in these commands and statements.

    Table 1: Deprecated Junos CLI Options

    Junos CLI Commands and Statements

    Deprecated Options

    set security pki auto-re-enrollment

    certificate-id

    request security pki local-certificate enroll

    ca-profile

    certificate-id

    challenge-password

    digest

    domain-name

    email

    ip-address

    ipv6-address

    logical-system

    scep-digest-algorithm

    scep-encryption-algorithm

    subject

    request security pki node-local local-certificate enroll

    ca-profile

    certificate-id

    challenge-password

    digest

    domain-name

    email

    ip-address

    ipv6-address

    logical-system

    scep-digest-algorithm

    scep-encryption-algorithm

    subject

    [See auto-re-enrollment (Security), request security pki local-certificate enroll scep, and request security pki node-local local-certificate enroll.]

Software Installation and Upgrade

  • New options for the request system snapshot command (ACX Series, EX Series, MX Series, QFX Series, and SRX Series)—The request system snapshot command includes new options for non-recovery snapshots. You can include the name option to specify a user-defined name for the snapshot, and you can include the configuration or no-configuration option to include or exclude configuration files in the snapshot. By default, the snapshot saves the configuration files, which include the contents of the /config and /var directories and certain SSH files.

    [See request system snapshot (Junos OS with Upgraded FreeBSD).]