What’s Changed in Release 21.4R1

Support for displaying SVLBNH information—You can now view shared VXLAN load balancing next hop (SVLBNH) information when you display the VXLAN tunnel endpoint information for a specified ESI and routing instance by using show ethernet-switching vxlan-tunnel-end-point esi esi-identifier esi-identifier instance instance svlbnh command.

Support for Maximum Response Time in EVPN Type 8 Routes—Junos OS now supports the Maximum Response Time (MRT) attribute field in EVPN Type 8 Route messages. This attribute is defined in the IETF draft of IGMP and MLD Proxy for EVPN, version 13. MRT is used to synchronize the wait time before responding to IGMP messages. To maintain compatibility with devices running previous versions of Junos OS that do not support MRT, set protocols evpn leave-sync-route-oldstyle .

See [evpn.]

Output for show Ethernet switching flood extensive—The output for show ethernet-switching flood extensive now displays the correct next-hop type for Virtual Ethernet and WAN mesh group in an EVPN-VXLAN network as unilist. Previously, the output for show ethernet-switching flood extensive would misidentify the next-hop type as composite.

Ethernet tag ID set to 0 for EVPN Type 6 and EVPN Type 7 routes—For VLAN bundle and VLAN-based services, Junos OS now automatically sets the Ethernet tag ID (VLAN ID) to zero for EVPN Type 6 and EVPN Type 7 routes per RFC 7432. In earlier releases, Junos OS used the VXLAN Network Identifier (VNI) as the Ethernet tag ID.

To interoperate with devices that uses the VNI as the Ethernet tag ID, set routing-instances routing-instance-name protocols evpn smet-etag-carry-vid.

Juniper Agile Licensing (EX2300-VC, EX3400-VC, EX4300-VC, EX4400-24MP, EX4400-48MP, PTX10003, PTX10016, QFX5130-32CD, QFX5110-32Q, QFX5110-48S, QFX5120-48T, QFX5210-64C, QFX5200, and QFX5220)—Starting from this release onwards, the Juniper Agile License Manager is deprecated. You can use the Juniper Agile Licensing Portal to activate, install, manage, and monitor licenses on Juniper Networks devices.

[See Juniper Agile Licensing Guide.]

Enhancement to the show chassis pic command (Junos|Evo)— You can now view additional information about the optics when you run the show chassis pic command. The output now displays the following additional field: MSA Version: Multi-source Agreements (MSA) version that the specified optics is compliant to. Values supported are: SFP+/SFP28 — SFF-8472 (versions 9.3 - 12.3), QSFP+/QSFP28 — SFF 8363 (versions 1.3 - 2.10), and QSFP-DD — CMIS 3.0, 4.0, 5.0. Previously, the show chassis pic command did not display this additional field.

See [ show chassis pic.]

Renamed veriexec-check option—We have changed the veriexec-check option of the request system malware-scan command to integrity-check. This update does not include any functional changes. You can use the integrity-check option to check whether integrity mechanisms are enabled for the Juniper Malware Removal Tool.

See [ request system malware-scan.]

Juniper Agile Licensing (EX2300-VC, EX3400-VC, EX4300-VC, EX4400-24MP, EX4400-48MP, PTX10003, PTX10016, QFX5130-32CD, QFX5110-32Q, QFX5110-48S, QFX5120-48T, QFX5210-64C, QFX5200, and QFX5220)—Starting from this release onwards, the Juniper Agile License Manager is deprecated. You can use the Juniper Agile Licensing Portal to activate, install, manage, and monitor licenses on Juniper Networks devices.

[See Juniper Agile Licensing Guide.]

When configuring multiple flexible tunnel interface (FTI) tunnels, the source and destination address pair needs to be unique only among the FTI tunnels of the same tunnel encapsulation type. Prior to this PR, the source and destination address pair had to be unique among all the FTI tunnels regardless of the tunnel encapsulation type.

Changes to how command-line arguments are passed to Python action scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)— When a custom YANG RPC invokes a Python action script and passes command-line arguments to the script, the device prefixes a hyphen (-) to single-character argument names, and it prefixes two hyphens — to multi-character argument names. The prefix enables you to use standard command-line parsing libraries to handle the arguments. In earlier releases, the device passes the unmodified argument names to the script. See [Creating Action Scripts for YANG RPCs on Devices Running Junos OS and .]

Link selection support for DHCP—We have introduced the link-selection statement at the edit forwarding-options dhcp-relay relay-option-82 hierarchy level, which allows DHCP relay to add suboption 5 to option 82. Suboption 5 allows DHCP proxy clients and relay agents to request an IP address for a specific subnet from a specific IP address range and scope. Prior to this release, the DHCP relay dropped packets during the renewal DHCP process and the DHCP server used the leaf's address as a destination to acknowledge the DHCP renewal message.

See [ relay-option-82.]

The configuration accepts only defined identity values for nodes of type identityref in YANG data models (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—If you configure a statement that has type identityref in the corresponding YANG data model, the device accepts only defined identity values (as defined by an identity statement) as valid input. In earlier releases, the device also accepts values that are not defined identity values.

Enhancement to the snmp mib walk command (PTX Series, QFX Series, EX Series, MX Series, SRX Series)— The ipv6IfOperStatus field displays the current operational state of the interface. The noIfIdentifier(3) state indicates that no valid Interface Identifier is assigned to the interface. This state usually indicates that the link-local interface address failed Duplicate Address Detection. When you specify the 'Duplicate Address Detected' error flag on the interface, the new value (noIfIdentifier(3)) is displayed. Previously, the snmp mib walk command did not display the new value (noIfIdIdentifier(3)).

Changes in contextEngineID for SNMPv3 INFORMS (PTX Series, QFX Series, ACX Series, EX Series, MX Series, and SRX Series— Now the contextEngineID of SNMPv3 INFORMS is set to the local engine-id of Junos devices. In earlier releases, the contextEngineID of SNMPv3 INFORMS was set to remote engine-id.

See [ SNMP MIBs and Traps Supported by Junos OS.]

The configuration accepts only defined identity values for nodes of type identityref in YANG data models (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—If you configure a statement that has type identityref in the corresponding YANG data model, the device accepts only defined identity values (as defined by an identity statement) as valid input. In earlier releases, the device also accepts values that are not defined identity values.

The RPD_OSPF_LDP_SYNC message not logged? On all Junos OS and Junos OS Evolved devices, when an LDP session goes down there is a loss of synchronization between LDP and OSPF. After the loss of synchronization, when an interface has been in the holddown state for more than three minutes, the system log message with a warning level is sent. This message appears in both the messages file and the trace file. However, the system log message does not get logged if you explicitly configure the hold-time for ldp-synchronization at the edit protocols ospf area area id interface interface name hierarchy level less than three minutes. The message is printed after three minutes.

To achieve consistency among resource paths, the resource path /mpls/signalling-protocols/segment-routing/aggregate-sid-counters/aggregate-sid-counterip-addr='address'/state/countersname='name'/out-pkts/ is changed to /mpls/signaling-protocols/segment-routing/aggregate-sid-counters/aggregate-sid-counterip-addr='address'/state/countersname='name'/. The leaf "out-pkts" is removed from the end of the path, and "signalling" is changed to "signaling" (with one "l").