Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

What's Changed

Learn about what changed in this release for QFX Series Switches.

EVPN

  • EVPN-VXLAN tracing configuration— The set services trace evpn-vxlan configuration invokes a built-in commit script to generate tracing configurations for troubleshooting EVPN-VXLAN in multiple modules and hierarchies.

    See [ trace (EVPN-VXLAN).]

  • Default behavior changes and new options for the easy EVPN LAG configuration (EZ-LAG) feature—The easy EVPN LAG configuration feature now uses some new default or derived values, as follows:

    • Peer PE device peer-id value can only be 1 or 2.

    • You are required to configure the loopback subnet addresses for each peer PE device using the new loopback-subnet peer1-subnet and loopback peer2-subnet options at the edit services evpn device-attribute hierarchy level. The commit script uses these values for each peer PE device's loopback subnet instead of deriving those values on each PE device. The loopback-subnet option at the edit services evpn device-attribute hierarchy level has been deprecated.

    • If you configure the no-policy-and-routing-options-config option, you must configure a policy statement called EXPORT-LO0 that the default underlay configuration requires, or configure the new no-underlay-config option and include your own underlay configuration.

    • The commit script generates notice messages instead of error messages for configuration errors so you can better handle edit services evpn configuration issues.

    • The commit script includes the element names you configure (such as IRB instance names and server names) in description statements in the generated configuration.

    This feature also now includes a few new options so you have more flexibility to customize the generated configuration:

    • no-underlay-config at the edit services evpn hierarchy level—To provide your own underlay peering configuration.

    • mtu overlay-mtu and mtu underlay-mtu options at the edit services evpn global-parameters hierarchy level—To change the default assigned MTU size for underlay or overlay packets.

    [See Easy EVPN LAG Configuration.]

  • Limit on number of IP address associations per MAC address per bridge domain in EVPN MAC-IP database—By default, devices can associate a maximum of 200 IP addresses with a single MAC address per bridge domain. We provide a new CLI statement to customize this limit, mac-ip-limit statement at the edit protocols evpn hierarchy level. In most use cases, you don?t need to change the default limit. If you want to change the default limit, we recommend that you don?t set this limit to more than 300 IP addresses per MAC address per bridge domain. Otherwise, you might see very high CPU usage on the device, which can degrade system performance.

    See [ mac-ip-limit.]

General Routing

  • Before this change most list were ordered by the sequence in which the user configured the list items, for example a series of static routes. After this change the list order is determined by the system with items displayed in numerical sequence rather than by the order in which the items were configured. There is no functional impact to this change.

  • While running request system snapshot recovery command on all VMHost based Routing Engines, disable or stop reporting any warning message.

  • Autonegotiation status in show interfaces extensive output (QFX5120-48Y): The show interfaces extensive output shows the autonegotiation information for SFP-T transceivers.

  • Media type in show interface extensive command (QFX5210-64C)— The media type shows ?Fiber? in the show interface et-x/y/z command output for optics transceivers.

    See [ show interfaces extensive.]

  • New commit check for MAC-VRF routing instances with the encapsulate-inner-vlan statement configured— We introduced a new commit check that prevents you from configuring an IRB interface and the encapsulate-inner-vlan statement together in a MAC-VRF routing instance. Please correct or remove these configurations prior to upgrading to 23.2R2 or newer to avoid a configuration validation failure during the upgrade.

    See [ encapsulate-inner-vlan.]

  • NOTE: In the CLI using the command request chassis feb slot slot-number offline if you make the primary FEB offline, a traffic loss warning message is displayed and the FEB offline request is rejected. If offline/restart is still intended for primary FEB, use force option in addition to the command. WARNING message displayed in the CLI: "warning: RCB and FEB work in the paired slot mode. FEB %s offline/restart will result in traffic loss and does not cause a switchover. Please re-try after initiating a mastership switchover using 'request chassis routing-engine master switch' CLI. If offline/restart is still intended, use 'force' option in addition to this CLI."

  • Change in options and generated configuration for the EZ-LAG configuration IRB subnet-address statement—With the EZ-LAG subnet-address inet or subnet-address inet6 options at the edit services evpn evpn-vxlan irb irb-instance hierarchy, you can now specify multiple IRB subnet addresses in a single statement using the list syntax addr1 addr2 ?. Also, in the generated configuration for IRB interfaces, the commit script now includes default router-advertisement statements at the edit protocols hierarchy level for that IRB interface.

    [See subnet-address (Easy EVPN LAG Configuration).]

  • Media Access Control Security (MACsec) session remains stable when changing exclude-protocol configuration—When you change the protocols excluded from MACsec using the exclude-protocol protocol-name option at the edit security macsec connectivity-association connectivity-association-name, the MACsec session remains stable.

    [See exclude-protocol.]

  • ChaCha20-Poly1305 algorithm deprecation for SSH cipher option — The ChaCha20-Poly1305 authenticated encryption algorithm is deprecated for SSH cipher option. Configure aes-128-gcm and aes-256-gcm as the encryption algorithm for SSH Cipher option.

    ssh (System Services)

Interfaces and Chassis

  • Starting in Junos OS release 23.2R1 and Junos OS Evolved release 23.2R1-EVO, the output of show chassis power command displays the state of the power supply in PTX10003 and QFX10003 platforms.

    See [ show chassis power.]

  • When all the members of the AE have the same speed (x) and no mixed speed configured. If you change the speed value of any member of the AE to a value other than x, the commit succeeded in earlier releases. From this release, the commit fails. When there are et interfaces with different speeds and you want them to be part of an AE interface. If you change the speed of all the members of the interfaces to be the same speed (x), configure the AE interface, and commit, the commit failed in earlier releases. From this release, such commits succeed.

Junos XML API and Scripting

  • Ability to commit extension-service file configuration when application file is unavailable—When you set the optional option at the edit system extension extension-service application file file-name hierarchy level, the operating system can commit the configuration even if the file is not available at the /var/db/scripts/jet file path.

    [See file (JET).]

Network Management and Monitoring

  • NETCONF <copy-config> operations support a file:// URI for copy to file operations (ACX Series, EX Series, MX Series, QFX Series, SRX Series, vMX, and vSRX)—The NETCONF <copy-config> operation supports using a file:// URI when <url> is the target and specifies the absolute path of a local file.

    [See <copy-config>.]

  • ephemeral-db-support statement required to configure MSTP, RSTP, and VSTP in the ephemeral configuration database (ACX Series, EX Series, and QFX Series)—To configure Multiple Spanning Tree Protocol (MSTP), Rapid Spanning Tree Protocol (RSTP), or VLAN Spanning Tree Protocol (VSTP) in the ephemeral configuration database, you must first configure the ephemeral-db-support statement at the [edit protocols layer2-control] hierarchy level in the static configuration database.

    [See Enable and Configure Instances of the Ephemeral Configuration Database.]

Platform and Infrastructure

  • Previously, shaping of Layer 2 pseudowires did not work on logical tunnel interfaces. This has been fixed for all platforms except QX chip-based MICs and MPCs.

Routing Protocols

  • In Junos OS Evolved platforms, show route snooping and show route forwarding-table does not show /56 routes in the VPLS address family table.

  • Optimized mesh group routes (QFX5110, QFX5120, QFX5130, QFX5700 and ACX Series)show route snooping for inet.1/inet6.1 table and show route snooping table inet.1/inet6.1 will display only CE mesh group routes for platforms that support EVPN-MPLS or EVPN-VxLAN multicast. In earlier releases, other mesh groups like the VE mesh group were also displayed.

  • Starting in Junos OS Evolved 23.4R1, we have enabled the process-non-null-as-null-register configuration statement under edit protocols pim rp local by default. For earlier releases, you must configure this statement explicitly.

User Interface and Configuration

  • Viewing files with the file compare files command requires users to have maintenance permission — The file compare files command in Junos OS and Junos OS Evolved requires a user to have a login class with maintenance permission.

    [See Login Classes Overview.]

VPNs

  • Increase in revert-delay timer range— The revert-delay timer range is increased to 600 seconds from 20 seconds.

    See [ min-rate.]

  • Configure min-rate for IPMSI traffic explicitly— In a source-based MoFRR scenario, you can set a min-rate threshold for IPMSI traffic explicitly by configuring ipmsi-min-rate under set routing-instances protocols mvpn hot-root-standby min-rate. If not configured, the existing min-rate will be applicable to both IPMSI and SPMSI traffic.

    See [ min-rate.]