Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

What's Changed

Learn about what changed in this release for MX Series routers.

Class of Service (CoS)

  • You cannot apply a classifier to a physical interface on MX Series routers. On MX Series routers, you must apply the classifier to a logical interface.

EVPN

  • EVPN-VXLAN tracing configuration— The set services trace evpn-vxlan configuration invokes a built-in commit script to generate tracing configurations for troubleshooting EVPN-VXLAN in multiple modules and hierarchies.

    [See trace (EVPN-VXLAN).]

  • Default behavior changes and new options for the easy EVPN LAG configuration (EZ-LAG) feature—The easy EVPN LAG configuration feature now uses some new default or derived values, as follows:

    • Peer PE device peer-id value can only be 1 or 2.

    • You are required to configure the loopback subnet addresses for each peer PE device using the new loopback peer1-subnet and loopback peer2-subnet options at the [edit services evpn device-attribute] hierarchy level. The commit script uses these values for each peer PE device's loopback subnet instead of deriving those values on each PE device. These replace the loopback-subnet option at the [edit services evpn device-attribute] hierarchy level, which has been deprecated.

    • If you configure the no-policy-and-routing-options-config option, you must configure a policy statement called EXPORT-LO0 that the default underlay configuration requires, or configure the new no-underlay-config option and include your own underlay configuration.

    • The commit script generates "notice" messages instead of "error" messages for configuration errors so you can better handle [edit services evpn] configuration issues.

    • The commit script includes the element names you configure (such as IRB instance names and server names) in description statements in the generated configuration.

    This feature also now includes a few new options so you have more flexibility to customize the generated configuration:

    • no-underlay-config at the [edit services evpn] hierarchy level—To provide your own underlay peering configuration.

    • mtu overlay-mtu and mtu underlay-mtu options at the [edit services evpn global-parameters] hierarchy level—To change the default assigned MTU size for underlay or overlay packets.

    [See Easy EVPN LAG Configuration.]

    .

  • Limit on number of IP address associations per MAC address per bridge domain in EVPN MAC-IP database—By default, devices can associate a maximum of 200 IP addresses with a single MAC address per bridge domain. We provide a new CLI statement to customize this limit, mac-ip-limit statement at the [edit protocols evpn] hierarchy level. In most use cases, you don?t need to change the default limit. If you want to change the default limit, we recommend that you don?t set this limit to more than 300 IP addresses per MAC address per bridge domain. Otherwise, you might see very high CPU usage on the device, which can degrade system performance.

    [See mac-ip-limit.]

General Routing

  • The max-db-size is an optional configuration command on routers having >=32 GB DRAM, for example, on MX960 platform. To enable subscriber-management, use the command set chassis network-services enhanced-ip and set system services subscriber-management enable. The router reboots and comes-up with subscriber-management enabled without max-db-size (optional) configuration and requires only 1 reboot.

  • In older Junos Releases, Data Definition Language (DDL) lists were ordered by the sequence in which the user configured the list items, for example a series of static routes. With this change, the list order is determined by the system with items displayed in numerical sequence rather than by the order in which the items were configured. There is no functional impact to this change.

  • While running request system snapshot recovery command on all VMHost based Routing Engines, disable or stop reporting any warning message.

  • Introduction of extensive option for IPsec security associations (MX Series, SRX Series and vSRX 3.0) We've introduced the extensive option for the show security ipsec security-associations command. Use this option to display IPsec security associations with all the tunnel events. Use the existing detail option to display upto ten events in reverse chronological order.

    [See show security ipsec security-associations.]

  • New commit check for MAC-VRF routing instances with the encapsulate-inner-vlan statement configured— We introduced a new commit check that prevents you from configuring an IRB interface and the encapsulate-inner-vlan statement together in a MAC-VRF routing instance. Please correct or remove these configurations prior to upgrading to Junos OS 23.2R2 or newer to avoid a configuration validation failure during the upgrade.

    [See encapsulate-inner-vlan.]

  • MTU and TCP MSS not available on service interfaces (MX Series routers)—You cannot configure the media MTU or TCP MSS on service interfaces (ms, vms, or ams).

    [See mtu (interfaces).]

  • Change in options and generated configuration for the EZ-LAG configuration IRB subnet-address statement—With the EZ-LAG subnet-address inet or subnet-address inet6 options at the [edit services evpn evpn-vxlan irb irb-instance] hierarchy, you can now specify multiple IRB subnet addresses in a single statement using the list syntax addr1 addr2 ... . Also, in the generated configuration for IRB interfaces, the commit script now includes default router-advertisement statements at the [edit protocols] hierarchy level for that IRB interface.

    [See subnet-address (Easy EVPN LAG Configuration).]

Junos XML API and Scripting

  • Ability to commit extension-service file configuration when application file is unavailable—When you set the optional option at the edit system extension extension-service application file file-name hierarchy level, the operating system can commit the configuration even if the file is not available at the /var/db/scripts/jet file path.

    [See file (JET).]

Network Management and Monitoring

  • NETCONF <copy-config> operations support a file:// URI for copy to file operations (ACX Series, EX Series, MX Series, QFX Series, SRX Series, vMX, and vSRX)—The NETCONF <copy-config> operation supports using a file:// URI when <url> is the target and specifies the absolute path of a local file.

    [See <copy-config>.]

Platform and Infrastructure

  • Previously, shaping of Layer 2 pseudowires did not work on logical tunnel interfaces. This has been fixed for all platforms except QX chip-based MICs and MPCs.

User Interface and Configuration

  • Viewing files with the file compare files command requires users to have maintenance permission—The file compare files command in Junos OS and Junos OS Evolved requires a user to have a login class with maintenance permission.

    [See Login Classes Overview..]