What's Changed

Disabled CDN auto download (Junos OS Evolved)— The PKI process periodically, by default every 24 hours, polls the CDN server for the latest default trusted CA bundle and updates the list for any changes to the trusted CAs in the bundle. If there are any changes, PKI process loads them in the background. The auto download of CA certificates might generate core files. We've disabled the service of PKI query to CDN server periodically to download the latest trusted CA bundle.

On Junos OS Evolved, password authentication for SCP based configuration archival is supported.

On QFX5000 Series switches running Junos OS Evolved, egress buffer thresholds are not applicable for lossless traffic. Only ingress priority group thresholds are used for admission control. We use ingress alpha (dynamic-threshold) for ECN threshold calculation on lossless queues. In DCQCN deployment, this means that most of time during congestion, ECN marking occurs before PFC generation, as desired. This fix also results in relatively more ECN-marked packets on lossless queues due to a more accurate threshold calculation.

EVPN system log messages for CCC interface up and down events—Devices will now log EVPN and EVPN-VPWS interface up and down event messages for interfaces configured with circuit cross-connect (CCC) encapsulation types. You can look for error messages with message types EVPN_INTF_CCC_DOWN and EVPN_INTF_CCC_UP in the device system log file (/var/log/syslog).

Change to the commit process—In prior Junos OS Evolved releases, if you use the commit prepare command and modify the configuration before activating the configuration using the commit activate command, the prepared commit cache becomes invalid due to the interim configuration change. As a result, you cannot perform a regular commit operation using the commit command. The CLI shows an error message: 'error: Commit activation is pending, either activate or clear commit prepare'. If you now try running the commit activate command, the CLI shows an error message: 'error: Prepared commit cache invalid, failed to activate'. You then must clear the prepared configuration using the clear system commit prepared command before performing a regular commit operation. From this Junos and Junos OS Evolved release, when you modify a device configuration after 'commit prepare' and then issue a 'commit', the OS detects that the prepared cache is invalid and automatically clears the prepared cache before proceeding with regular 'commit' operation.

[See Commit Preparation and Activation Overview.]

Maximum Configurable MTU Size (QFX5130-32CD, QFX5130E-32CD, QFX5220-32CD, QFX5220-128C, QFX5700, QFX5230-64CD, QFX5240-64OD, QFX5240-64QD)— You can configure a maximum MTU size of 9408 using the set interfaces command. For QFX5130-48C and QFX5130-48CM, maximum configurable MTU size is 9368.

The show agent sensors command output for gRPC sensors is truncated on the Junos OS Evolved platform to align with the output format of the Junos OS platform.

Commit script input to identify software upgrades during boot time (ACX Series, PTX Series, and QFX Series)—The junos-context node-set includes the sw-upgrade-in-progress tag. Commit scripts can test the sw-upgrade-in-progress tag value to determine if the commit is taking place during boot time and a software upgrade is in progress. The tag value is yes if the commit takes place during the first reboot after a software upgrade, software downgrade, or rollback. The tag value is no if the device is booting normally.

[See Global Parameters and Variables in Junos OS Automation Scripts.]

In a firewall filter configured with a port-mirror-instance or port-mirror action, if l2-mirror action is also configured, then port-mirroring instance family should be any. In the absence of the l2-mirror action, port-mirroring instance family should be the firewall filter family.

Python 2 interpreter option deprecated for Juniper Extension Toolkit (JET) applications (ACX7024, ACX7024X, ACX7100-32C, ACX7100-48L, ACX7332, ACX7348, ACX7509, PTX10001-36MR, PTX10002-36QDD, PTX10003, PTX10004, PTX10008, PTX10016, PTX10K-LC1202-36MR (line cards for PTX10016, PTX10008 and PTX10004), QFX5130-32CD, QFX5130-48C, QFX5130-48CM, QFX5130E-32CD, QFX5220-32CD, QFX5220-128C, QFX5230-64CD, QFX5240-64OD, QFX5240-QD, QFX5700, and QFX5700E)—Python 2.7 is already not supported on Junos OS Evolved devices as of an earlier release. The python statement at the edit system extensions extension-service application file <filename> hierarchy level was used to interpret JET applications written in Python 2. This statement is now deprecated. To run daemonized on-device JET applications written in Python 3, use the python3 statement.

[See file (JET).]

Update to IGMP snooping membership command options— The instance option is now visible when issuing the show igmp snooping membership ? command. Earlier, the instance option was available but not visible when ? was issued to view all possible completions for the show igmp snooping membership command.

[See show igmp snooping membership.]

MLD snooping proxy and l2-querier source-address (ACX7024, ACX7100-32C, PTX10001-36MR, QFX5120-32C, and QFX5130-32CD)— The source-address configured for proxy and l2-querier under the mld-snooping hierarchy should be an IPv6 link-local address in the range of fe80::/64. The CLI help text has been updated to "Source IPv6 link local address to use for proxy/L2 querier". In earlier releases, the CLI help text read, "Source IP address to use for proxy/L2 querier."

[See source-address.]

Compact format deprecated for JSON-formatted state data (ACX Series, PTX Series, and QFX Series)—We've removed the compact option at the [edit system export-format state-data json] hierarchy level because Junos devices no longer support emitting JSON-formatted state data in compact format.