Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Routing Protocols

  • Support for OSPFv2 HMAC SHA-2 keychain authentication and weighted ECMP (EX2300, EX2300-MP, EX2300-C, EX2300-VC, EX3400, EX3400-VC, EX4100-48MP, EX4100-H-12P, EX4100-H-12P-DC, EX4100-H-24P, EX4100-H-24P-DC, EX4100-H-24F, EX4100-H-24F-DC, EX4100-24MP, EX4100-48P, EX4100-48T, EX4100-24P, EX4100-24T, EX4100-F-48P, EX4100-F-24P, EX4100-F-48T, EX4100-F-24T, EX4100-F-12P, EX4100-F-12T, EX4300-MP, EX4300VC, EX4400-24MP, EX4400-24P, EX4400-24T, EX4400-24X, EX4400-48F, EX4400-48MP, EX4400-48P, EX4400-48T, EX4600-VC, EX4650, EX4650-48Y-VC, EX9204, EX9208, EX9214, MX204, MX240, MX304, MX150, MX480, MX960, MX10003, MX10004, MX10008, MX10016, MX2008, MX2010, MX2020, and VMX)—Starting in Junos OS Release 24.2R1, you can enable OSPFv2 keychain module with HMAC-SHA2 authentication to authenticate packets reaching or originating from an OSPF interface. HMAC SHA2 algorithms include HMAC-SHA2-256, HMAC-SHA2-384 and HMAC-SHA2-512 as defined in RFC 5709, OSPFv2 HMAC-SHA Cryptographic Authentication. We also support the HMAC-SHA2-224 algorithm. This feature ensures smooth transition from one key to another for OSPFv2 with enhanced security. We also support HMAC-SHA1 and HMAC-SHA2 authentication for virtual and sham links.

    You can enable weighted ECMP for directly connected routers. In earlier releases , Junos OS ECMP algorithm does not take the underlying bandwidth into consideration. The algorithm assumes that the links are of equal capacity and the traffic is distributed equally based on this assumption.

    To enable OSPFv2 HMAC-SHA2 authentication, configure the keychain keychain-name configuration statement [edit protocols ospf area area-id interface interface-name authentication] at the hierarchy level and algorithm (hmac-sha2-224 | hmac-sha2-256 | hmac-sha2-384 | hmac-sha2-512) option at the [edit security authentication-key-chains key-chain key-chain-name] hierarchy level.

    To enable keychains authentication support for OSPFv2 virtual links, configure the keychain keychain-name configuration statement [edit protocols ospf area area-id virtual-link neighbor-id router-id transit-area area-idauthentication] at the hierarchy level.

    To enable keychains authentication support for OSPFv2 sham links, configure the keychain keychain-name configuration statement [edit protocols ospf area area-id virtual-link neighbor-id router-id transit-area area-idauthentication] at the hierarchy level.

    To enable weighted ECMP traffic distribution on directly connected OSPFv2 neighbors, configure weighted one-hop statement at the [edit protocols ospf spf-options multipath] hierarchy level.

    [See Understanding OSPFv2 Authentication and Understanding Weighted ECMP Traffic Distribution on One-Hop OSPF Neighbors .]

  • Support for SRLG link constraint in FAD and delay normalization (MX Series)—Starting in Junos OS Release 24.2R1, we support delay normalization and Flexible Algorithm Definition (FAD) defined constraints related to admin-groups and shared risk link group (SRLG) as defined in RFC 9350, IGP Flexible Algorithm. We also support delay normalization on the listed platforms.

    During flexible algorithm computation, when the measured latency values are not equal and the difference is insignificant, IS-IS advertises this slightly higher latency value as a metric. IS-IS uses this normalized latency delay value instead of the measured delay value.

    To configure flexible algorithm application specific SRLG values, include the application-specific statement at the [edit protocols isis interface interface-name level level] hierarchy level.

    To exclude SRLG constraint in an FAD, include the exclude-srlg statement at the [edit routing-options flex-algorithm name definition] hierarchy level.

    [See delay-measurementlevel, and definition.]

  • BGP link bandwidth community (cRPD, EX4100-48MP, EX4300-MP, EX4400-48MP, EX4650, EX9204, EX9208, MX240, MX480, MX960, MX10003, MX10004, MX10008, MX10016, MX2008, MX2010, and MX2020, cSRX, QFX5110, QFX5120-32C, QFX5120-48T, QFX5120-48Y, QFX5120-48YM, QFX5200, and QFX5210)—Starting in Junos OS Release 24.2R1,BGP can communicate link speeds to remote peers, enabling better optimization of traffic distribution for load balancing. A BGP group can send the link-bandwidth non-transitive extended community over an EBGP session for originated or received and readvertised link-bandwidth extended communities.

    To configure the non-transitive link bandwidth extended community, include the bandwidth-non-transitive:value in the export policy at the [edit policy-options community name members community-ids] hierarchy level.

    To enable the device to automatically detect and attach the link-bandwidth community on a route at import, include theauto-sense auto-sense statement at the [edit protocols bgp group link-bandwidth ] hierarchy level. This feature facilitates the integration of devices with different transmission speeds within the network, enabling efficient traffic distribution based on link speed.

    [See and group (Protocols BGP).]

  • BMP Improvements (MX10016)—Starting in Junos OS Release 24.2R1, we have enhanced the robustness and debuggability of BMP to detect root cause problems in BGP connectivity.

    To enable collection of time-series data, include in-memory-profiling statement at the [edit routing-options bmp] hierarchy level.

    To save advertisement state information, include the keep-advertisement-state statement at the [edit routing-options bmp] hierarchy level.

    [See bmp]

  • Consistent load balancing on flex-algo routes (MX240, MX480, MX960, MX10003, MX10004, MX10008, and MX10016)—Starting in Junos OS Release 24.2R1, we support consistent hashing on flex-algo routes in a BGP network. You can prevent reordering of flex-algo routes to active paths in an ECMP group when one or more paths fail. BGP overrides the default behaviour of disrupting all existing including active, TCP connections when an active path fails and redirects only inactive flows.

  • Enable RFC 7606 based Error Handling in BGP (MX10016) —Starting in Junos OS Evolved Release 24.2R1, we support RFC 7606, Revised Error Handling for BGP UPDATE Messages that revises the BGP error handling and recommends attributes discard and treat-as-withdraw where the errors can be tolerated instead of a session reset. However, where the errors are too severe, a session reset is triggered. This minimizes the impact of a malformed update message on routing by retaining the established sessions and valid routes.

    The bgp-error-tolerance statement at the [edit protocols bgp] hierarchy level is enabled by default. You can still configure sub-options such as, malformed-route-limit, malformed-update-log-interval, and no-malformed-route-limit under this configuration statement. Note that If you delete the bgp-error-tolerance statement, the feature will still remain enabled and the sub-options are reset to their default values.

    [See bgp-error-tolerance (Protocols BGP).]

  • FLT on BGP FlowSpec Filters (MX204, MX240, MX480, MX960, MX10003, MX10004, MX10008, MX10016, MX2008, MX2010, and MX2020—Starting in Junos OS Release 24.2R1, you can enable Fast Lookup Table Filter (FLT) to significantly improve packet throughput with BGP FlowSpec. To enable FLT, include the fast-lookup-filter statement at the [routing-options flow] hierarchy level.

    [See fast-lookup-filter (Protocols BGP)].

  • HMAC authentication with hash functions for IS-IS (EX2300, EX2300-MP, EX2300-C, EX2300-VC, EX3400, EX3400-VC, EX4100-48MP, EX4100-H-12P, EX4100-H-12P-DC, EX4100-H-24P, EX4100-H-24P-DC, EX4100-H-24F, EX4100-H-24F-DC, EX4100-24MP, EX4100-48P, EX4100-48T, EX4100-24P, EX4100-24T, EX4100-F-48P, EX4100-F-24P, EX4100-F-48T, EX4100-F-24T, EX4100-F-12P, EX4100-F-12T, EX4300-MP, EX4300VC, EX4400-24MP, EX4400-24P, EX4400-24T, EX4400-24X, EX4400-48F, EX4400-48MP, EX4400-48P, EX4400-48T, EX4600-VC, EX4650, EX4650-48Y VC, EX9204, EX9208, EX9214, MX204, MX240, MX304, MX150, MX480, MX960, MX10003, MX10004, MX10008, MX10016, MX2008, MX2010, and MX2020)—Starting in Junos OS Release 24.2R1, we extend support to the IS-IS keychain with the following hash functions:

    • HMAC-SHA2-224,

    • HMAC-SHA2-256,

    • HMAC-SHA2-384,

    • HMAC-SHA2-512

    Currently, IS-IS supports inline authentication using simple password, keyed MD5 and HMAC-SHA1 algorithms with common keychain. Note that it’s important to have the system time synchronized on all nodes when a keychain is active on an IS-IS session.

    [See Understanding Hitless Authentication Key Rollover for IS-IS.].]

  • Support for BGP VPN to Global RIB Import (cRPD and MX480)—Starting in Junos OS Release 24.2R1, we support leaking of BGP VPN routes to global RIBs to provide service providers the flexibility to allow internet access to VPN customers. To configure this feature, include the vpn-global-import policy statement at the [edit routing-options inet.0] hierarchy level.

    To use the auto router discovery feature with router-id without allocating an IP-address include the route-distinguisher-id-use-router-id statement at the [edit routing-options] hierarchy level.

    [See route-distinguisher-id-use-router-id, and vpn-global-import.]

  • Support for configuring multiple independent IGP instances of OSPFv2 (MX204, MX240, MX304, MX480, MX960, MX10003, MX10004, MX10008, MX10016, MX2008, MX2010, and MX2020)—Starting in Junos OS Release 24.2R1, you can configure and run multiple independent IGP instances of OSPFv2 simultaneously on a router as defined in RFC 6549, OSPFv2 Multi-Instance Extensions.

    With this feature:

    • You can use multiple IGP instances of OSPFv2 to redistribute routes among independent OSPFv2 domains on a single router.

    • You can construct flexible OSPFv2 hierarchies across independent IGP domains.

    • You can achieve a more scalabale OSPFv2 deployment.

    To enable multiple IGP instances of OSPFv2 routing on the routing device, configure ospf-instanceigp-instance-name at the [edit protocols ospf]

    Note:

    Junos OS does not support configuring the same logical interface in multiple IGP instances of OSPFv2.

    [See Multiple Independent IGP Instances of OSPFv2 Overview.]

  • Enhanced IRB Scalability for ARP and ND Unicast Next Hops (MX Series)—The enhanced IRB scalability feature now supports up to 1.5 million ARP (Address Resolution Protocol) and ND (Neighbor Discovery) unicast next hops per chassis, significantly improving network scalability. To enable this feature, configure the enhanced-scale statement at the [edit interfaces irb unit logical-unit-number] hierarchy level and the irb-enhanced-scale statement at the [edit bridge-domains bridge-domain-name] hierarchy level. This configuration allows the Kernel to allocate next hop identifiers from an extended space, ensuring stable and efficient operation. This feature is supported for plain IRB interfaces and does not support advanced functionalities like EVPN-MPLS or VXLAN.

    [See enhanced-Scale (IRB Interface) and irb-enhanced-scale (Bridge Domain).]

  • Enhanced MVPN Functionality with Inactive Route Support (MX204, MX240, MX304, MX150, MX480, MX960, MX10003, MX10004, MX10008, MX10016, MX2008, MX2010, MX2020, and VMX)—Enhanced MVPN functionality now supports querying inactive routes from shards. This enables MVPN to access and utilize inactive route data for required features. MVPN processes involving inactive routes are now handled asynchronously, ensuring smoother and more efficient operations.