What’s Changed in Release 21.4R1

EVPN

• Output for show Ethernet switching flood extensive command The output for show ethernet-switching flood extensive now displays the correct next-hop type for Virtual Ethernet and WAN mesh group in an EVPN-VXLAN network as unilist. Previously, the output for show ethernet-switching flood extensive would misidentify the next-hop type as composite.

General Routing

• No support for PKI operational mode commands on the Junos Limited version (MX Series routers, PTX Series routers, and SRX Series devices)— We do not support request , show , and clear PKI-related operational commands on the limited encryption Junos image ("Junos Limited"). If you try to execute PKI operational commands on a limited encryption Junos image, then an appropriate error message is displayed. The pkid process does not run on Junos Limited version image. Hence, the limited version does not support any PKI-related operation.

• On PTX1K and PTX10002-60C the show chassis hardware details command now displays information about USB devices. In addition, information about disk drives is only displayed when the extensive switch is used with the show vmhost hardware operational mode command.

• Juniper Agile Licensing (EX2300-VC, EX3400-VC, EX4300-VC, EX4400-24MP, EX4400-48MP, PTX10003, PTX10016, QFX5130-32CD, QFX5110-32Q, QFX5110-48S, QFX5120-48T, QFX5210-64C, QFX5200, and QFX5220)—Starting from this release onwards, the Juniper Agile License Manager is deprecated. You can use the Juniper Agile Licensing Portal to activate, install, manage, and monitor licenses on Juniper Networks devices.

  [See Juniper Agile Licensing Guide.]

• Renamed veriexec-check option—We have changed the veriexec-check option of the request system malware-scan command to integrity-check. This update does not include any functional changes. You can use the integrity-check option to check whether integrity mechanisms are enabled for the Juniper Malware Removal Tool.

  [See request system malware-scan.]

• New Commit check for Layer 2 Interfaces (PTX10003)— We've introduced a commit check to prevent you from misconfiguring ethernet encapsulation on Layer 2 interfaces. Ethernet encapsulation is not supported on Layer 2 interfaces.

  [See encapsulation (Logical Interface)

• Enhancement to the show chassis pic command (Junos|Evo)— You can now view additional information about the optics when you run the show chassis pic command. The output now displays the following additional field: MSA Version: Multi-source Agreements (MSA) version that the specified optics is compliant to. Values supported are: SFP+/SFP28 — SFF-8472 (versions 9.3 - 12.3), QSFP+/QSFP28 — SFF 8363 (versions 1.3 - 2.10), and QSFP-DD — CMIS 3.0, 4.0, 5.0. Previously, the show chassis pic command did not display this additional field.

  See [ show chassis pic.]

• Enhancement to the show interfaces (Aggregated Ethernet) command (ACX Series, PTX Series, and QFX Series)— When you run the show interfaces extensive command for Aggregated Ethernet interfaces. You can now view following additional fields for MAC statistics : Receive, Transmit, Broadcast and Multicast packets.

  See [ show chassis pic.]

• The sensor /junos/system/linecard/optics/ configured on a device now includes lane number in the data streamed to a collector. The prefix is changed to include the lane number. For example, it was: /interfaces/interfacename='et-2/0/0:0'/optics/lanediags/ It now is: /interfaces/interfacename='et-2/0/0'/optics/lanediags/lanelane_number='0' The keys for leaves under /optics/lanediags have also been changed. For example, it was: lanelane_number='0'/lane_laser_temperature It now is: lane_laser_temperature

• Validation of TCA threshold values (PTX10008)— We've implemented immediate validation of threshold values configured in the tca-identifier (enable-tca | no-enable-tca) (threshold number | threshold-24hrs number) statement under the edit interface <interface name> optics-optics tca hierarchy level to ensure the threshold value entered is valid.

  See [ optics-options .]

• Enhancement to the request system license add terminal command (PTX10001-36MR and vMX)— When you run the request system license add terminal command. You can now view following additional fields for information: JUNOS564022985: Ignoring unknown feature .

  See [ Managing vMX Licenses.]

Interface and Chassis

• When configuring multiple flexible tunnel interface (FTI) tunnels, the source and destination address pair needs to be unique only among the FTI tunnels of the same tunnel encapsulation type. Prior to this PR, the source and destination address pair had to be unique among all the FTI tunnels regardless of the tunnel encapsulation type.

Network Management and Monitoring

• Changes to how command-line arguments are passed to Python action scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—When a custom YANG RPC invokes a Python action script and passes command-line arguments to the script, the device prefixes a hyphen (-) to single-character argument names, and it prefixes two hyphens (—) to multi-character argument names. The prefix enables you to use standard command-line parsing libraries to handle the arguments. In earlier releases, the device passes the unmodified argument names to the script.

  See [ Creating Action Scripts for YANG RPCs on Devices Running Junos OS and .]

• Limits increased for the max-datasize statement (ACX Series, PTX Series, and QFX Series)—The max-datasize statement's minimum configurable value is increased from 23,068,672 bytes (22 MB) to 268,435,456 bytes (256 MB), and the maximum configurable value is increased from 1,073,741,824 (1 GB) to 2,147,483,648 (2 GB) for all script types. Furthermore, if you do not configure the max-datasize statement for a given script type, the default maximum memory allocated to the data segment portion of a script is increased to 1024 MB. Higher limits ensure that the device allocates a sufficient amount of memory to run the affected scripts.

  [See max-datasize.]

• The configuration accepts only defined identity values for nodes of type identityref in YANG data models (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—If you configure a statement that has type identityref in the corresponding YANG data model, the device accepts only defined identity values (as defined by an identity statement) as valid input. In earlier releases, the device also accepts values that are not defined identity values.

Routing Protocols

• The RPD_OSPF_LDP_SYNC message not logged?On all Junos OS and Junos OS Evolved devices, when an LDP session goes down there is a loss of synchronization between LDP and OSPF. After the loss of synchronization, when an interface has been in the holddown state for more than three minutes, the system log message with a warning level is sent. This message appears in both the messages file and the trace file. However, the system log message does not get logged if you explicitly configure the hold-time for ldp-synchronization at the edit protocols ospf area area id interface interface name hierarchy level less than three minutes. The message is printed after three minutes.

• To achieve consistency among resource paths, the resource path /mpls/signalling-protocols/segment-routing/aggregate-sid-counters/aggregate-sid-counterip-addr='address'/state/countersname='name'/out-pkts/ is changed to /mpls/signaling-protocols/segment-routing/aggregate-sid-counters/aggregate-sid-counterip-addr='address'/state/countersname='name'/. The leaf "out-pkts" is removed from the end of the path, and "signalling" is changed to "signaling" (with one "l").