What's Changed

Disabled CDN auto download (Junos OS Evolved)— The PKI process periodically, by default every 24 hours, polls the CDN server for the latest default trusted CA bundle and updates the list for any changes to the trusted CAs in the bundle. If there are any changes, PKI process loads them in the background. The auto download of CA certificates might generate core files. We've disabled the service of PKI query to CDN server periodically to download the latest trusted CA bundle.

On Junos OS Evolved, password authentication for SCP based configuration archival is supported.

Previously, the Junos OS Evolved system default scheduler was named "default" (no brackets), while the Junos OS system default scheduler is named "<default>" (with brackets). Now, the Junos OS Evolved system default scheduler is also named "<default>" (with brackets).

EVPN system log messages for CCC interface up and down events—Devices will now log EVPN and EVPN-VPWS interface up and down event messages for interfaces configured with circuit cross-connect (CCC) encapsulation types. You can look for error messages with message types EVPN_INTF_CCC_DOWN and EVPN_INTF_CCC_UP in the device system log file (/var/log/syslog).

The system now checks the port number value (z) in the 'set interfaces et-x/y/z:n' configuration for a valid port range on PTX10002-36QDD. Previously, configurations with invalid port numbers were committed successfully. With this update, the system displays a UI error message and prevents committing configurations with invalid port numbers, ensuring configuration accuracy and preventing potential issues.

Change to the commit process—In prior Junos OS Evolved releases, if you use the commit prepare command and modify the configuration before activating the configuration using the commit activate command, the prepared commit cache becomes invalid due to the interim configuration change. As a result, you cannot perform a regular commit operation using the commit command. The CLI shows an error message: 'error: Commit activation is pending, either activate or clear commit prepare'. If you now try running the commit activate command, the CLI shows an error message: 'error: Prepared commit cache invalid, failed to activate'. You then must clear the prepared configuration using the clear system commit prepared command before performing a regular commit operation. From this Junos and Junos OS Evolved release, when you modify a device configuration after 'commit prepare' and then issue a 'commit', the OS detects that the prepared cache is invalid and automatically clears the prepared cache before proceeding with regular 'commit' operation.

[See Commit Preparation and Activation Overview.]

Disable power redundancy alarms for JNP10K-PWR-DC2 PSM (PTX10008 and PTX10016)- The JNP10K-PWR-DC2 PSM supports power redundancy across two DIP switches. When all input feeds are not connected to power supplies, it triggers a chassis alarm such as PSM 5 Input B0 and B1 Failed. Starting in Junos OS Evolved Release 24.2R1, you can disable this chassis alarm by using the set chassis alarm psm psm number input input number ignore command.

[See JNP10K-PWR-DC2 Power Supply.]

DDoS protection protocols statistics update (PTX Series)—Starting in Junos OS Evolved Release 23.2R2, the show ddos-protection protocols statistics displays the Max arrival rate and Arrival rate output values as expected. Earlier to this release, the Max arrival rate and Arrival rate output values were displayed larger than expected.

[See show ddos-protection protocols parameters.]

The show agent sensors command output for gRPC sensors is truncated on the Junos OS Evolved platform to align with the output format of the Junos OS platform.

Commit script input to identify software upgrades during boot time (ACX Series, PTX Series, and QFX Series)—The junos-context node-set includes the sw-upgrade-in-progress tag. Commit scripts can test the sw-upgrade-in-progress tag value to determine if the commit is taking place during boot time and a software upgrade is in progress. The tag value is yes if the commit takes place during the first reboot after a software upgrade, software downgrade, or rollback. The tag value is no if the device is booting normally.

[See Global Parameters and Variables in Junos OS Automation Scripts.]

Non-revertive switchover for sender based MoFRR— In earlier Junos releases, source-based MoFRR ensured that the traffic reverted to the primary path from the backup path, when the primary path or session was restored. This reversion could result in traffic loss. Starting in Junos OS 22.4R3-S1, source-based MoFRR will not revert to the primary path, i.e. traffic will continue to flow through the backup path as long as the traffic flow rate on the backup path does not go below the configured threshold set under protocols mvpn hot-root-standby min-rate.

[See min-rate.]

In a firewall filter configured with a port-mirror-instance or port-mirror action, if l2-mirror action is also configured, then port-mirroring instance family should be any. In the absence of the l2-mirror action, port-mirroring instance family should be the firewall filter family.

Python 2 interpreter option deprecated for Juniper Extension Toolkit (JET) applications (ACX7024, ACX7024X, ACX7100-32C, ACX7100-48L, ACX7332, ACX7348, ACX7509, PTX10001-36MR, PTX10002-36QDD, PTX10003, PTX10004, PTX10008, PTX10016, PTX10K-LC1202-36MR (line cards for PTX10016, PTX10008 and PTX10004), QFX5130-32CD, QFX5130-48C, QFX5130-48CM, QFX5130E-32CD, QFX5220-32CD, QFX5220-128C, QFX5230-64CD, QFX5240-64OD, QFX5240-QD, QFX5700, and QFX5700E)—Python 2.7 is already not supported on Junos OS Evolved devices as of an earlier release. The python statement at the edit system extensions extension-service application file <filename> hierarchy level was used to interpret JET applications written in Python 2. This statement is now deprecated. To run daemonized on-device JET applications written in Python 3, use the python3 statement.

[See file (JET).]

Maximum limit of PTP local masters (PTX10008)— You can configure up to 512 PTP masters at the edit protocols ptp master interface interface-name multicast-mode hierarchy level on PTX10008 series routers. Earlier the system was rejecting the commit while trying to configure more than 128 PTP masters.

Support added for source and destination port optimization for port ranges for ipv6 input firewall filters.

MLD snooping proxy and l2-querier source-address (ACX7024, ACX7100-32C, PTX10001-36MR, QFX5120-32C, and QFX5130-32CD)— The source-address configured for proxy and l2-querier under the mld-snooping hierarchy should be an IPv6 link-local address in the range of fe80::/64. The CLI help text has been updated to "Source IPv6 link local address to use for proxy/L2 querier". In earlier releases, the CLI help text read, "Source IP address to use for proxy/L2 querier."

[See source-address.]

Compact format deprecated for JSON-formatted state data (ACX Series, PTX Series, and QFX Series)—We've removed the compact option at the [edit system export-format state-data json] hierarchy level because Junos devices no longer support emitting JSON-formatted state data in compact format.