What's Changed
Learn about what changed in this release for PTX Series routers.
EVPN
-
OISM SBD bit in EVPN Type 3 route multicast flags extended community—In EVPN Type 3 Inclusive Multicast Ethernet Tag (IMET) route advertisements for interfaces associated with the supplemental bridge domain (SBD) in an EVPN optimized intersubnet multicast (OISM) network, we now set the SBD bit in the multicast flags extended community. We set this bit for interoperability with other vendors, and to comply with the IETF draft standard for OISM, draft-ietf-bess-evpn-irb-mcast. You can see this setting in the output from the
show route table bgp.evpn.0 ? extensivecommand. -
Group-based Policy (GBP) tag displayed with
show bridge mac-tablecommand—On platforms that support VXLAN-GBP, theshow bridge mac-tablecommand now displays a GBP TAG output column that lists the GBP tag associated with the MAC address for a bridge domain or VLAN in a routing instance. Even if the device does not support or not using GBP itself, the output includes this information for GBP tags in packets received from remote EVPN-VXLAN peers.[See Example: Micro and Macro Segmentation using Group Based Policy in a VXLAN.]
-
Updates to syslog EVPN_DUPLICATE_MAC messages—EVPN_DUPLICATE_MAC messages in the System log (syslog) now contain additional information to help identify the location of a duplicate MAC address in an EVPN network. These messages will include the following in addition to the duplicate MAC address:
-
The peer device, if the duplicate MAC address is from a remote VXLAN tunnel endpoint (VTEP).
-
The VLAN or virtual network identifier (VNI) value.
-
The source interface name for the corresponding local interface or multihoming Ethernet segment identifier (ESI).
For example:
Feb 27 22:55:13 DEVICE_VTEP1_RE rpd39839: EVPN_DUPLICATE_MAC: MAC address move detected for 00:01:02:03:04:03 within instance=evpn-vxlan on VNI=100 from 10.255.1.4 to ge-0/0/1.0.For more on supported syslog messages, see System Log Explorer.]
-
-
New commit check for MAC-VRF routing instances with the
encapsulate-inner-vlanstatement configured— We introduced a new commit check that prevents you from configuring an IRB interface and theencapsulate-inner-vlanstatement together in a MAC-VRF routing instance. Please correct or remove these configurations prior to upgrading to 23.2R2 or newer to avoid a configuration validation failure during the upgrade.[See encapsulate-inner-vlan.]
General Routing
-
Enhanced DDoS status operational command (PTX Series)—We've enhanced the aggregate DDoS status output field to display the aggregate count of all sub packet types.
Earlier to this release, the aggregate DDoS status output displayed only the packet type level output information.
-
The
show chassis fabric topologycommand displays interleaved source and destinations tags in In-Links and Out-Links output fields for PTX series devices in Junos Evolved release versions 21.4R1 and later. -
On PTX10004, PTX10008, and PTX10016 routers, after executing the
request node offlinecommand, you must wait at least 180 seconds to execute therequest chassis cb offlinecommand. -
Enhanced DDoS statistics operational command (PTX Series)—We've enhanced the aggregate DDoS statistics output field to display the aggregate statistics for BFD and DHCP protocols. The enhanced DHCP statistics output displays the collective DHCPv4 and DHCPv6 statistics for DDoS.
Earlier to this release, the aggregate DDoS statistics output displayed 0 for aggregate BFD and the aggregate DHCPv4v6.
Infrastructure
-
Option to disable path MTU discovery—Path MTU discovery is enabled by default. To disable it for IPv4 traffic, you can configure the
no-path-mtu-discoverystatement at the [edit system internet-options] hierarchy level. To reenable it, use thepath-mtu-discoverystatement.[See Path MTU Discovery.]
Interfaces and Chassis
-
Disable power redundancy alarms for JNP10K-PWR-DC2 PSM (PTX10008 and PTX10016)— The JNP10K-PWR-DC2 PSM supports power redundancy across two DIP switches. When all input feeds are not connected to power supplies, it triggers a chassis alarm such as
PSM 5 Input B0 and B1 Failed. Starting in Junos OS Evolved Release 24.2R1, you can disable this chassis alarm by using theset chassis alarm psm psm number input input number ignorecommand.[See JNP10K-PWR-DC2 Power Supply.]
Junos Node Slicing
-
Change in the XML tags displayed for the
show virtual-network-functionscommand in JDM (Junos node slicing)—To align the XML tags displayed for theshow virtual-network-functions gnf-name | display xmlwith the new XML validation logic, we have replaced the underscores (_) in the output with hyphens (-) as shown below:Old output:
user@jdm> show virtual-network-functions mgb-gnf-d | display xml <rpc-reply xmlns:junos=http://xml.juniper.net/junos/23.4I0/junos> <vnf-information xmlns=http://xml.juniper.net/junos/23.4I0/junos-jdmd junos:style="detail"> <vnf-instance> <id>1</id> <name>mgb-gnf-d</name> <state>Running</state> <liveliness>down</liveliness> <ip_addr>192.168.2.1</ip_addr> <<< The tag includes _. <vcpus>2</vcpus> <max_mem>16GiB</max_mem> <<< The tag includes _. <resource_template>2core-16g</resource_template> <<< The tag includes _. <qemu_process_id>614702</qemu_process_id> <<< The tag includes _. <smbios_version>v2</smbios_version> <<< The tag includes _. <vnf-blk-dev-list> </vnf-blk-dev-list> </vnf-instance> </vnf-information> <cli> <banner></banner> </cli> </rpc-reply>New output:
user@jdm> show virtual-network-functions mgb-gnf-d | display xml <rpc-reply xmlns:junos=http://xml.juniper.net/junos/23.4I0/junos> <vnf-information xmlns=http://xml.juniper.net/junos/23.4I0/junos-jdmd junos:style="detail"> <vnf-instance> <id>1</id> <name>mgb-gnf-d</name> <state>Running</state> <liveliness>down</liveliness> <ip-addr>192.168.2.1</ip-addr> <<< The tag changes to ip-addr. <vcpus>2</vcpus> <max-mem>16GiB</max-mem> <<< The tag changes to max-mem. <resource-template>2core-16g</resource-template> <<< The tag changes to resource-template. <qemu-process-id>614702</qemu-process-id> <<< The tag changes to qemu-process-id. <smbios-version>v2</smbios-version> <<< The tag changes to smbios-version. <vnf-blk-dev-list> </vnf-blk-dev-list> </vnf-instance> </vnf-information> <cli> <banner></banner> </cli> </rpc-reply>This change is applicable to any RPC that previously had underscores in the XML tag name.
Junos OS API and Scripting
-
<get-trace>RPC support removed (ACX Series and PTX Series)—Theshow trace application app-nameoperational command and equivalent<get-trace>RPC both emit raw trace data. Because the<get-trace>RPC does not emit XML data, we've removed support for the<get-trace>RPC for XML clients.
Multicast
-
Non-revertive switchover for sender based MoFRR— In earlier Junos releases, source-based MoFRR ensured that the traffic reverted to the primary path from the backup path, when the primary path or session was restored. This reversion could result in traffic loss. Starting in Junos OS Evolved 22.4R3-S1, source-based MoFRR will not revert to the primary path, i.e. traffic will continue to flow through the backup path as long as the traffic flow rate on the backup path does not go below the configured threshold set under
protocols mvpn hot-root-standby min-rate.[See min-rate.]
Network Management and Monitoring
-
Change in use of RSA signatures with SHA-1 hash algorithm—Starting in Junos OS Release 24.2R1, there is a behavioural change by OpenSSH 8.8/8.8p1. OpenSSH 8.8/8.8p1 disables the use of RSA signatures with SHA-1 hash algorithm by default. You can use RSA signatures with SHA-256 or SHA-512 hash algorithm.
Platform and Infrastructure
-
Starting Junos Evolved Release 24.2R1, support for Network Time Protocol (NTP) over TLS (RFC 8915 compliant) for the ACX-series and PTX-series includes:
-
Support to configure local-certificate for server and certificate verification option for client.
-
Verification of x.509 certificates to establish a TLS channel between client and server. - TLS NTS-KE protocol support.
-
Support for NTS secured client-server NTP communication at server and client.
-
Support for new NTS options in commands
system ntp nts,system ntp server <server_name> nts remote-identity, andshow ntp associations no-resolvecommands.
-
System Management
-
Additional
Upgradefields for theshow system applications detailcommand (ACX Series and PTX Series)—Theshow system applications detailcommand and corresponding RPC include additionalUpgradeoutput fields. The fields provide information about notifications and actions related to various upgrade activities.
User Access and Authentication
-
Starting in Junos OS Release 24.2R1 and Junos OS Evolved Release 24.2R1, when you run the run
show lldp local-information interface <interface-name> | display xmlcommand, the output is displayed under the lldp-local-info root tag and in the lldp-local-interface-info container tag. When you run the runshow lldp local-information interface | display xmlcommand, the lldp-tlv-filter and lldp-tlv-select information are displayed under the lldp-local-interface-info container tag in the output. -
Viewing files with the
file compare filescommand requires users to havemaintenancepermission—Thefile compare filescommand in Junos OS Evolved requires a user to have a login class withmaintenancepermission.[See Login Classes Overview.]
User Interface and Configuration
-
Viewing files with the
file compare filescommand requires users to havemaintenancepermission—Thefile compare filescommand in Junos OS and Junos OS Evolved requires a user to have a login class withmaintenancepermission.[See Login class overview.]
VPNs
-
Increase in revert-delay timer range— The
revert-delaytimer range is increased to 600 seconds from 20 seconds.[See min-rate.]
-
Configure min-rate for IPMSI traffic explicitly— In a source-based MoFRR scenario, you can set a min-rate threshold for IPMSI traffic explicitly by configuring
ipmsi-min-rateunderset routing-instances protocols mvpn hot-root-standby min-rate. If not configured, the existingmin-ratewill be applicable to both IPMSI and SPMSI traffic.[See min-rate.]