What's Changed in 23.4R2

EVPN

Change in options and generated configuration for the EZ-LAG configuration IRB subnet-address statement—With the EZ-LAG subnet-address inet or subnet-address inet6 or
at the [edit services evpn evpn-vxlan irb irb-instance hierarchy, you can now specify multiple IRB subnet addresses in a single statement using the list syntax addr1 addr2 ?. Also, in the generated configuration for IRB interfaces, the commit script now includes default router-advertisement statements at the edit protocols hierarchy level for that IRB interface.
[See subnet-address (Easy EVPN LAG Configuration).]
Updates to syslog EVPN_DUPLICATE_MAC messages—EVPN_DUPLICATE_MAC messages in the System log (syslog) now contain additional information to help identify the location of a duplicate MAC address in an EVPN network. These messages will include the following in addition to the duplicate MAC address:
- The peer device, if the duplicate MAC address is from a remote VXLAN tunnel endpoint (VTEP).
- The VLAN or virtual network identifier (VNI) value.
- The source interface name for the corresponding local interface or multihoming Ethernet segment identifier (ESI).
For example: Feb 27 22:55:13 DEVICE_VTEP1_RE rpd 39839: EVPN_DUPLICATE_MAC: MAC address move detected for 00:01:02:03:04:03 within instance=evpn-vxlan on VNI=100 from 10.255.1.4 to ge-0/0/1.0.
For more on supported syslog messages, see System Log Explorer.
Limit on number of IP address associations per MAC address per bridge domain in EVPN MAC-IP database—By default, devices can associate a maximum of 200 IP addresses with a single MAC address per bridge domain. We provide a new CLI statement to customize this limit, mac-ip-limit statement at the edit protocols evpn hierarchy level. In most use cases, you don?t need to change the default limit. If you want to change the default limit, we recommend that you don?t set this limit to more than 300 IP addresses per MAC address per bridge domain. Otherwise, you might see very high CPU usage on the device, which can degrade system performance.

[See mac-ip-limit.]

Infrastructure

Option to disable path MTU discovery—Path MTU discovery is enabled by default. To disable it for IPv4 traffic, you can configure the no-path-mtu-discovery statement at the edit system internet-options hierarchy level. To reenable it, use the path-mtu-discovery statement.

[See Path MTU Discovery.]

Junos OS API and Scripting

<get-trace> RPC support removed (ACX Series, PTX Series, and QFX Series)—The show trace application app-name operational command and equivalent <get-trace> RPC both emit raw trace data. Because the <get-trace> RPC does not emit XML data, we've removed support for the <get-trace> RPC for XML clients.
XML output tags changed for request-commit-server-pause and request-commit-server-start (QFX Series)—We've changed the XML output for the request system commit server pause command (request-commit-server-pause RPC) and the request system commit server start command (request-commit-server-start RPC). The root element is <commit-server-operation> instead of <commit-server-information>, and the <output> tag is renamed to <message>.

Network Management and Monitoring

NETCONF <copy-config> operations support a file:// URI for copy to file operations (QFX Series)—The NETCONF <copy-config> operation supports using a file:// URI when <url> is the target and specifies the absolute path of a local file.

[See <copy-config>.]
Device family identifier changed for native YANG modules (QFX Series)—Starting in Junos OS Evolved Release 23.4R2, native YANG modules for QFX Series devices by default use the junos device family identifier instead of the junos-qfx identifier in the module's name, namespace, and filename. With this change, all devices running Junos OS Evolved use the junos device family identifier. To emit device-specific modules that use the junos-qfx device family identifier, configure the device-specific and emit-family-ns-and-module-name statements at the [edit system services netconf yang-modules] hierarchy level.

[See Understanding Junos YANG Modules.]

Routing Protocols

Optimized mesh group routes (QFX5110, QFX5120, QFX5130, QFX5700 and ACX Series)— show route snooping for inet.1/inet6.1 table and show route snooping table inet.1/inet6.1 displays only CE mesh group routes for platforms that support EVPN-MPLS or EVPN-VxLAN multicast. In earlier releases, other mesh groups like the VE mesh group were also displayed.

System Management

Additional Upgrade fields for the show system applications detail command (ACX Series, PTX Series, and QFX Series)—The show system applications detail command and corresponding RPC include additional Upgrade output fields. The fields provide information about notifications and actions related to various upgrade activities.

[See show system applications (Junos OS Evolved).]

Software Installation and Upgrade

configuration and no-configuration options for the request system snapshot command (QFX Series)—When you omit or include the configuration option, the request system snapshot command copies the /config directory and the configuration stored for each installed software version to the alternate solid-state drive (SSD) as part of the snapshot. You can use the no-configuration option to exclude the /config directory and the configuration stored for each installed software version from the snapshot.

VPNs

Increase in revert-delay timer range— The revert-delay timer range is increased to 600 seconds from 20 seconds.

[See min-rate.]
Configure min-rate for IPMSI traffic explicitly— In a source-based MoFRR scenario, you can set a min-rate threshold for IPMSI traffic explicitly by configuring ipmsi-min-rate under set routing-instances protocols mvpn hot-root-standby min-rate. If not configured, the existing min-rate will be applicable to both IPMSI and SPMSI traffic.

[See min-rate.]

ON THIS PAGE

EVPN

Infrastructure

Junos OS API and Scripting

Network Management and Monitoring

Routing Protocols

System Management

Software Installation and Upgrade

VPNs