What's Changed

Previously, the Junos OS Evolved system default scheduler was named "default" (no brackets), while the Junos OS system default scheduler is named "default" (with brackets). Now, the Junos OS Evolved system default scheduler is also named "default" (with brackets).

EVPN system log messages for CCC interface up and down events—Devices will now log EVPN and EVPN-VPWS interface up and down event messages for interfaces configured with circuit cross-connect (CCC) encapsulation types. You can look for error messages with message types EVPN_INTF_CCC_DOWN and EVPN_INTF_CCC_UP in the device system log file /var/log/syslog).

Change to the commit process—In prior Junos OS and Junos OS Evolved releases, if you use the commit prepare command and modify the configuration before activating the configuration using the commit activate command, the prepared commit cache becomes invalid due to the interim configuration change. As a result, you cannot perform a regular commit operation using the commit command. The CLI shows an error message: 'error: Commit activation is pending, either activate or clear commit prepare'. If you now try running the commit activate command, the CLI shows an error message: 'error: Prepared commit cache invalid, failed to activate'. You then must clear the prepared configuration using the clear system commit prepared command before performing a regular commit operation. From this Junos and Junos OS Evolved release, when you modify a device configuration after 'commit prepare' and then issue a 'commit', the OS detects that the prepared cache is invalid and automatically clears the prepared cache before proceeding with regular 'commit' operation.

[See Commit Preparation and Activation Overview.]

Disabled CDN auto download (Junos OS Evolved)—The PKI process periodically, by default every 24 hours, polls the CDN server for the latest default trusted CA bundle and updates the list for any changes to the trusted CAs in the bundle. If there are any changes, PKI process loads them in the background. The auto download of CA certificates might generate core files. We've disabled the service of PKI query to CDN server periodically to download the latest trusted CA bundle.

On Junos OS Evolved, password authentication for SCP based configuration archival is supported.

DDoS protection protocols statistics update (PTX Series)—Starting in Junos OS Evolved Release 23.2R2, the show ddos-protection protocols statistics displays the Max arrival rate and Arrival rate output values as expected. Earlier to this release, the Max arrival rate and Arrival rate output values were displayed larger than expected.

[See show ddos-protection protocols parameters.]

In a firewall filter configured with a port-mirror-instance or port-mirror action, if l2-mirror action is also configured, then port-mirroring instance family should be any. In the absence of the l2-mirror action, port-mirroring instance family should be the firewall filter family.

Configuring export profile parameters for dial-out telemetry traffic, such as 'dscp', 'forwarding-class', and 'payload-size', will now result in an error. Previously, these parameters were ignored because the telemetry traffic adhered to global configuration settings for host-bound traffic. This ensures clarity and prevents misconfiguration, aligning export profiles strictly with supported parameters.

Control Board offline delay for system stability (PTX10008)—After initiating a node halt, you must wait 1 minute before doing Control Board (CB) offline. Attempting to offline the CB within this period will result in an error message. This delay helps maintain the stability and proper functioning of the system.

[See request chassis cb. ]

Corrected show ddos-protection protocols CLI command (PTX10003, PTX10008, and PTX10016)—When you clear the DDoS state and then execute the show ddos-protection protocols CLI command, the output accurately displays that the policer was never violated. Earlier to this release, the show ddos-protection protocols CLI command output displayed that the policer was no longer violated, which indicates that violation occurred and wasn't cleared correctly.

[See show ddos-protection protocols.]

The CVBC does not require any documentation. As described in the Assessment tab, there is a change to the warning message displayed on the CLI. We don't usually document warning messages displayed on the CLI.PR1856239

When you run the request vmhost zeroize command to zeroize a single Routing Engine on a dual Routing Engine device, the CLI incorrectly displays a message indicating that it will zeroize both Routing Engines.PR1869854

On the MPC7E-10G line card, when you configure the 10-Gigabit Ethernet ports to operate as 1-Gigabit Ethernet ports, use the speed statement at both the edit interfaces <interface name> gigether-options and edit interfaces <interface name> hierarchy levels.PR1879198

On the MPC7E-10G line card, when you configure the 10-Gigabit Ethernet ports to operate as 1-Gigabit Ethernet ports, use the speed statement at both the edit interfaces <interface name> gigether-options and edit interfaces <interface name> hierarchy levels.PR1879198

Update to IGMP snooping membership command options—The instance option is now visible when issuing the show igmp snooping membership ? command. Earlier, the instance option was available but not visible when ? was issued to view all possible completions for the show igmp snooping membership command.

[See show igmp snooping membership.]

MLD snooping proxy and l2-querier source-address (ACX7024, ACX7100-32C, PTX10001-36MR, QFX5120-32C, and QFX5130-32CD)—The source-address configured for proxy and l2-querier under the mld-snooping hierarchy should be an IPv6 link-local address in the range of fe80::/64. The CLI help text has been updated to "Source IPv6 link local address to use for proxy/L2 querier". In earlier releases, the CLI help text read, "Source IP address to use for proxy/L2 querier."

[See source-address.]

Extension of traceoptions support for VLANs in IGMP/MLD snooping The traceoptions option is supported under the edit routing-instance protocols igmp-snooping vlan and edit routing-instance protocols mld-snooping vlan hierarchy. traceoptions can be enabled for both specific and all vlans.

[See vlan (IGMP Snooping) .] PR1845242

Access privileges for request support information command (ACX Series, PTX Series, QFX Series)—The request support information command is designed to generate system information for troubleshooting and debugging purposes. Users with the specific access privileges maintenance, view, and view-configuration can execute request support information command.