Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions discuss ongoing efforts to support digital transformation on campus.
Watch now
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Retail experts Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; Jack Stratten of Insider Trends; and Christian Gilby, Senior Director of Product Marketing at Juniper Networks, discuss customer experiences.
See the future

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Explore events
AINN AI Innovation Impact Virtual Event

AI-Native NOW: AI Innovation and Impact

Register NOW
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Explore Pathfinder Apps
CLI Explorer
Feature Explorer
Hardware Compatibility Tool
Port Checker
Browse All
Collapse

Pathfinder Apps

All

By Software

By Hardware

Learn More
Pathfinder HomeCLI ExplorerCompliance AdvisorFeature ExplorerHardware Compatibility ToolJunos XML API ExplorerJunos YANG Data Model ExplorerPort CheckerPower CalculatorSNMP MIB ExplorerSystem Log Explorer
CLI ExplorerFeature ExplorerJunos XML API ExplorerJunos YANG Data Model ExplorerSNMP MIB ExplorerSystem Log Explorer
Compliance AdvisorFeature ExplorerHardware Compatibility ToolPort CheckerPower Calculator
Home Documentation Junos OS Release Notes: Junos OS Release 22.2R1 Junos OS Release Notes for MX Series

Release Notes: Junos OS Release 22.2R1

Junos OS Junos OS Evolved
keyboard_arrow_up
close
keyboard_arrow_left
Release Notes: Junos OS Release 22.2R1
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
ON THIS PAGE
keyboard_arrow_right

What’s Changed

date_range 19-Mar-25
arrow_backward
arrow_forward

Learn about what changed in this release for MX Series.

Authentication and Access Control

  • SHA-1 password format deprecated (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX and vSRX)—We've removed the sha1 option at the [edit system login password format] hierarchy level because SHA-1 is no longer supported for plain-text password encryption.

General Routing

  • Modified show ancp subscriber details output fields (MX Series)—As the access loop encapsulation is transport independent it can be either passive optical network (PON) or DSL TLV. Hence, the show ancp subscriber details output field should not tag the details as a DSL TLV. Therefore, we've modified the existing DSL Line Data Link, DSL Line Encapsulation, and DSL Line Encapsulation Payload output fields to the following respectively:

    • Access Loop Encapsulation Data Link
    • Access Loop Encapsulation Encapsulation1
    • Access Loop Encapsulation Encapsulation2

    See [ show ancp subscriber.]

  • Router advertisement module status on backup Routing Engine (MX Series)—The router advertisement module does not function in the backup Routing Engine as the Routing Engine does not send an acknowledgment message after receiving the packets. Starting in this Junos OS Release, you can view the router advertisement module information using the show ipv6 router-advertisement operational command.

    See [show ipv6 router-advertisement.]

  • Support for DDoS protocol (MX10008)—We've enabled the DDoS protocol support at the edit system ddos-protection hierarchy level for MX10008 devices. In earlier releases, the MX10008 devices did not support these DDoS protocol statements.

    • Filter-action
    • Virtual-chassis
    • Ttl
    • Redirect
    • Re-services
    • Re-services-v6
    • Rejectv6
    • L2pt
    • Syslog
    • Vxlan

    See [ protocols (DDoS).]

  • No support for PKI operational mode commands on the Junos Limited version (MX Series routers, PTX Series routers, and SRX Series devices)—We do not support request, show, and clear PKI-related operational commands on the limited encryption Junos image ("Junos Limited"). If you try to execute PKI operational commands on a limited encryption Junos image, then an appropriate error message is displayed. The pkid process does not run on Junos Limited version image. Hence, the limited version does not support any PKI-related operation.

  • The <request-system-zeroize/> RPC response indicates when the device successfully initiates the requested operation (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—When the <request-system-zeroize/> RPC successfully initiates the zeroize operation, the device emits the <system-zeroize-status>zeroizing re0</system-zeroize-status> response tag to indicate that the process has started. If the device fails to initiate the zeroize operation, the device does not emit the <system-zeroize-status> response tag.

  • OpenConfig container names for Point-to-Multipoint per interface ingress and egress sensors are modified for consistency from "signalling" to "signaling".

  • For Access Gateway Function (AGF) statistics, consistency changes are implemented for specific leaf values in telemetry data to match field values in Junos CLI operational mode commands.

    AGF NG Application Protocol (NGAP) data streamed to a collector and viewable from the Junos CLI now displays "ngap-amf-stats-init-ctx-setup-failure" and Access and Mobility Function (AMF) overload state now displays "On, Off".

  • Instance type change is not permitted from default to L3VRF in open configuration (ACX Series, EX Series, MX Series, QFX Series, SRX Series, vMX, and vSRX)—DEFAULT_INSTANCE is the primary instance that runs when there is no specific instance type configured in the route set routing-options. Any instance you explicitly configure is translated into set routing-instance r1 routing-options. The issue appears in translation, when you change instance type DEFAULT_INSTANCE (any instance to DEFAULT_INSTANCE) to L3VRF or L3VRF to DEFAULT_INSTANCE. As a result, such changes are not permitted. Additionally, DEFAULT_INSTANCE can only be named DEFAULT, and DEFAULT is reserved for DEFAULT_INSTANCE, therefore allowing no such changes.

  • The request vmhost jdm login option visible to non-root users in in-chassis Junos node slicing (MX2010, MX2020, MX480, MX960, MX2008)—The login option under the request vmhost jdm CLI is visible to non-root users. This option was earlier visible only to users with the root privileges. Though this option is now visible to all users, only root users can log in to JDM. If a non-root user attempts to log in, the software displays the following warning message:

    warning: Login as ?root? to use this functionality

    [See request vmhost jdm login (In-Chassis Model).]

Interfaces and Chassis

  • Display the donor details of the IPv6 borrower interface? The output for the show interfaces command now displays the donor details of the IPv6 borrower interface.

    [See show interfaces.]

Layer 2 Ethernet Services

  • New output fields for subscriber management statistics (MX Series)—If you enable the enhanced subscriber management, the non-DHCPv4 bootstrap protocol (BOOTP) requests might not get processed even if you configure the DHCP relay or server with the overrides bootp-support statement at the edit forwarding-options dhcp-relay hierarchy level. To monitor the DHCP transmit and receive packet counters, we've introduced the following output fields for show system subscriber-management statistics dhcp extensive operational command.

    • BOOTP boot request packets received

      BOOTP boot reply packets received

    • BOOTP boot request packets transmitted

    • BOOTP boot reply packets transmitted

    [See show system subscriber-management statistics.]

MPLS

  • Starting with Junos OS 16.1 the MPLS EXP bits transmitted in self ping messages are set based on the DSCP/ToS setting of the corresponding IP packet.

  • When defining a constrained path LSP using more than one strict hop belonging to the egress node, the first strict hop must be set to match the IP address assigned to the egress node on the interface that receives the RSVP Path message. If the incoming RSVP Path message arrives on an interface with a different IP address the LSP is rejected.

  • Disable sending of RSVP hellos over a bypass LSP (MX Series)—Junos routers send RSVP hello packets over a bypass LSP (when one is present), instead of the IGP next hop. To return to the original behavior specify the no-node-hello-on-bypass option.

    [See no-node-hello-on-bypass.]

Network Management and Monitoring

  • DES deprecation for SNMPv3—The Data Encryption Standard (DES) privacy protocol for SNMPv3 is deprecated due to weak security and vulnerability to cryptographic attacks. For enhanced security, configure the triple Data Encryption Standard (3DES) or the Advanced Encryption Standard (CFB128-AES-128 Privacy Protocol) as the encryption algorithm for SNMPv3 users.

    [See privacy-3des and privacy-aes128.]

  • Changes when deactivating or deleting instances of the ephemeral configuration database (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—The following changes apply when you deactivate or delete ephemeral database instances in the static configuration database:

    • When you deactivate the entire [edit system configuration-database ephemeral] hierarchy level, the device deletes the files and corresponding configuration data for all user-defined ephemeral instances. In earlier releases, the files and configuration data are preserved; however, the configuration data is not merged with the static configuration database.

    • When you delete an ephemeral instance in the static configuration database, the instance's configuration files are also deleted. In earlier releases, the configuration files are preserved.

    • You can delete the files and corresponding configuration data for the default ephemeral database instance by configuring the delete-ephemeral-default statement in conjunction with the ignore-ephemeral-default statement at the [edit system configuration-database ephemeral hierarchy level.

      [See Enable and Configure Instances of the Ephemeral Configuration Database.]

  • Limits increased for the max-datasize statement (ACX Series, PTX Series, and QFX Series)—The max-datasize statement's minimum configurable value is increased from 23,068,672 bytes (22 MB) to 268,435,456 bytes (256Â MB), and the maximum configurable value is increased from 1,073,741,824 (1Â GB) to 2,147,483,648 (2Â GB) for all script types. Furthermore, if you do not configure the max-datasize statement for a given script type, the default maximum memory allocated to the data segment portion of a script is increased to 1024Â MB. Higher limits ensure that the device allocates a sufficient amount of memory to run the affected scripts.

    [See max-datasize.]

  • Changes to the NETCONF <edit-config> RPC response (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—When the <edit-config> operation returns an error, the NETCONF server does not emit a <load-error-count> element in the RPC response. In earlier releases, the <edit-config> RPC response includes the <load-error-count> element when the operation fails.

  • Change in unnumbered-address support for GRE tunnel—Starting in Junos OS Release 24.4R1, there is a behavioural change in unnumbered-address support for GRE tunnel with IPV6 family and display donor interface for both IPV4 and IPV6 families of GRE tunnel. You can view interface donor details under show interfaces hierarchy level.

    [See show interfaces.]

Routing Protocols

  • The RPD_OSPF_LDP_SYNC message not logged—On all Junos OS and Junos OS Evolved devices, when an LDP session goes down there is a loss of synchronization between LDP and OSPF. After the loss of synchronization, when an interface has been in the holddown state for more than three minutes, the system log message with a warning level is sent. This message appears in both the messages file and the trace file.

    However, the system log message does not get logged if you explicitly configure the hold-time for ldp-synchronization at the [edit protocols ospf area area id interface interface name] hierarchy level less than three minutes. The message is printed after three minutes.

  • To achieve consistency among resource paths, the resource path /mpls/signalling-protocols/segment-routing/aggregate-sid-counters/aggregate-sid-counter[ip-addr='address']/state/counters[name='name']/out-pkts/ is changed to /mpls/signaling-protocols/segment-routing/aggregate-sid-counters/aggregate-sid-counter[ip-addr='address']/state/counters[name='name']/. The leaf "out-pkts" is removed from the end of the path, and "signalling" is changed to "signaling" (with one "l").

  • When the krt-nexthop-ack statement is configured, the RPD will wait for the next hop to get acknowledged by PFE before using it for a route. Currently, only BGP-labeled routes and RSVP routes support this statement. All other routes will ignore this statement.

  • SSH TCP forwarding disabled by default—We've disabled the SSH TCP forwarding feature by default to enhance security. To enable the SSH TCP forwarding feature, you can configure the allow-tcp-forwarding statement at the [edit system services ssh] hierarchy level.

    In addition, we have deprecated the tcp-forwarding and no-tcp-forwarding statements at the [edit system services ssh] hierarchy level.

    [See services (System Services).]

User Interface and Configuration

  • Load JSON configuration data with unordered list entries (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—The Junos schema requires that list keys precede any other siblings within a list entry and appear in the order specified by the schema. Junos devices provide two options to load JSON configuration data that contains unordered list entries:

    • Use the request system convert-json-configuration operational mode command to produce JSON configuration data with ordered list entries before loading the data on the device.

    • Configure the reorder-list-keys statement at the [edit system configuration input format json] hierarchy level. After you configure the statement, you can load JSON configuration data with unordered list entries, and the device reorders the list keys as required by the Junos schema during the load operation.

    • When you configure the reorder-list-keys statement, the load operation can take significantly longer to parse the configuration, depending on the size of the configuration and number of lists. Therefore, for large configurations or configurations with many lists, we recommend using the request system convert-json-configuration command instead of the reorder-list-keys statement.

      [See json and request system convert-json-configuration]

  • Junos XML protocol Perl modules deprecated (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—We no longer provide the Junos XML protocol Perl client for download. To use Perl to manage Junos devices, use the NETCONF Perl library instead.

    [See Understanding the NETCONF Perl Client and Sample Scripts..]

  • Persistent CLI timestamps—To have a persistent CLI timestamp for the user currently logged in, enable the <codeph>set cli timestamp</codeph> operational command. This ensures the timestamp shows persistently for each new line of each SSH session for the user or class until the configuration is removed. To enable timestamp for a particular class with permissions and format for different users, configure the following statements:

    set system login class <variable>class name</variable> permissions <variable>permissions</variable> set system login class <variable>class name</variable> cli timestamp set system login user username class <variable>class name</variable> authentication plain-text-password
    Note: The default timestamp format is %b %d %T. You can modify the format per your requirements. For example, you can configure the following statement:

    To enable timestamp for a particular user with default class permissions and format, configure the following statements:set system login user username class <variable>class name</variable> authentication plain-text-password set system login user <variable>username</variable> cli timestamp

VPNs

  • Changes to show mvpn c-multicast and show mvpn instance outputs—The FwdNh output field displays the multicast tunnel (mt) interface in the case of Protocol Independent Multicast (PIM) tunnels.

    [See show mvpn c-multicast.]

arrow_backward PREVIOUS Additional Features
NEXT arrow_forward Known Limitations
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top