Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

What's Changed

Learn about what changed in this release for EX Series switches.

General Routing

  • Change in options and generated configuration for the EZ-LAG configuration IRB subnet-address statement--With the EZ-LAG subnet-address inet or subnet-address inet6 options at the [edit services evpn evpn-vxlan irb <varname>irb-instance</varname>] hierarchy, you can now specify multiple IRB subnet addresses in a single statement using the list syntax [ addr1 addr2 ... ]. Also, in the generated configuration for IRB interfaces, the commit script now includes default router-advertisement statements at the [edit protocols] hierarchy level for that IRB interface.

    [See subnet-address (Easy EVPN LAG Configuration).]

  • Change in use of RSA signatures with SHA-1 hash algorithm-Starting in Junos OS Release 24.2R1, there is a behavioural change by OpenSSH 8.8/8.8p1. OpenSSH 8.8/8.8p1 disables the use of RSA signatures with SHA-1 hash algorithm by default. You can use RSA signatures with SHA-256 or SHA-512 hash algorithm.

    [See show multicast route.]

  • Show active forwarding session for sender based MoFRR]-- The show multicast route extensive command will show the active forwarding session in the case of source-based MoFRR. The field Session Status: Up & Forwarding will indicate that the particular session is currently forwarding traffic.

  • When you run the run show lldp local-information interface <interface-name> | display xml command, the output is displayed under the lldp-local-info root tag and in the lldp-local-interface-info container tag. When you run the run show lldp local-information interface | display xml command, the lldp-tlv-filter and lldp-tlv-select information are displayed under the lldp-local-interface-info container tag in the output.

  • Starting in Junos OS Release 24.2R1, when you run the run show lldp local-information interface interface-name | display xml command, the output is displayed under the lldp-local-info root tag and in the lldp-local-interface-info container tag. When you run the run show lldp local-information interface | display xml command, the lldp-tlv-filter and lldp-tlv-select information are displayed under the lldp-local-interface-info container tag in the output.

  • Show active forwarding session for sender based MoFRR— The show multicast route extensive command will show the active forwarding session in the case of source-based MoFRR. The field Session Status: Up and Forwarding will indicate that the particular session is currently forwarding traffic.

    See show multicast route

EVPN

  • OISM SBD bit in EVPN Type 3 route multicast flags extended community—In EVPN Type 3 Inclusive Multicast Ethernet Tag (IMET) route advertisements for interfaces associated with the supplemental bridge domain (SBD) in an EVPN optimized intersubnet multicast (OISM) network, we now set the SBD bit in the multicast flags extended community. We set this bit for interoperability with other vendors, and to comply with the IETF draft standard for OISM, draft-ietf-bess-evpn-irb-mcast .

    See the description of the show route table bgp.evpn.0 ? extensive command in CLI Commands to Verify the OISM configuration.

  • Limit on number of IP address associations per MAC address per bridge domain in EVPN MAC-IP database—By default, devices can associate a maximum of 200 IP addresses with a single MAC address per bridge domain. We provide a new CLI statement to customize this limit, mac-ip-limit statement at the [edit protocols evpn] hierarchy level. In most use cases, you don?t need to change the default limit. If you want to change the default limit, we recommend that you don?t set this limit to more than 300 IP addresses per MAC address per bridge domain. Otherwise, you might see very high CPU usage on the device, which can degrade system performance.

    [See mac-ip-limit.]

  • Default behavior changes and new options for the easy EVPN LAG configuration (EZ-LAG) feature—The easy EVPN LAG configuration feature now uses some new default or derived values, as follows:

    • Peer PE device peer-id value can only be 1 or 2.

    • You are required to configure the loopback subnet addresses for each peer PE device using the new loopback peer1-subnet and loopback peer2-subnet options at the edit services evpn device-attribute hierarchy level. The commit script uses these values for each peer PE device's loopback subnet instead of deriving those values on each PE device. These replace the loopback-subnet option at the edit services evpn device-attribute hierarchy level, which has been deprecated.

    • If you configure the no-policy-and-routing-options-config option, you must configure a policy statement called EXPORT-LO0 that the default underlay configuration requires, or configure the new no-underlay-config option and include your own underlay configuration.

    • The commit script generates "notice" messages instead of "error" messages for configuration errors so you can better handle edit services evpn configuration issues.

    • The commit script includes the element names you configure (such as IRB instance names and server names) in description statements in the generated configuration.

    This feature also now includes a few new options so you have more flexibility to customize the generated configuration:

    • no-underlay-config at the edit services evpn hierarchy level—To provide your own underlay peering configuration.

    • mtu overlay-mtu and mtu underlay-mtu options at the edit services evpn global-parameters hierarchy level—To change the default assigned MTU size for underlay or overlay packets.

    See Easy EVPN LAG Configuration.

  • Group-based Policy (GBP) tag displayed with CLI command-On platforms that support VXLAN-GBP, the show bridge mac-table command now displays a GBP TAG output column that lists the GBP tag associated with the MAC address for a bridge domain or VLAN in a routing instance. Even if the device doesn?t support or isn?t using GBP itself, the output includes this information for GBP tags in packets received from remote EVPN-VXLAN peers.

    See Example: Micro and Macro Segmentation using Group Based Policy in a VXLAN

User Interface and Configuration

  • Configuration database maximum size increased (ACX Series, EX Series, MX Series, QFX Series, SRX Series, and vSRX)—We've enhanced the extend-size statement at the [edit system configuration-database] hierarchy level to increase the maximum database size. On devices with a default configuration database size of ~400 MB, extend-size increases the maximum database size to ~2 GB. On devices with a default configuration database size of ~660 MB, extend-size increases the maximum database size to ~2.2 GB.

    [See configuration-database.]

VPN

  • Increase in revert-delay timer range--The revert-delay timer range is increased to 600 seconds from 20 seconds.

    [See min-rate.]