What's Changed in 22.4R3

You cannot apply a classifier to a physical interface on MX Series routers. On MX Series routers, you must apply the classifier to a logical interface.

Introduction of extensive option for IPsec security associations (MX Series, SRX Series and vSRX 3.0)-We've introduced the extensive option for the show security ipsec security-associations command. Use this option to display IPsec security associations with all the tunnel events. Use the existing detail option to display upto ten events in reverse chronological order.

[See show security ipsec security-associations.]

In older Junos Releases, Data Definition Language (DDL) lists were ordered by the sequence in which the user configured the list items, for example a series of static routes. With this change, the list order is determined by the system with items displayed in numerical sequence rather than by the order in which the items were configured. There is no functional impact to this change.

The max-db-size is an optional configuration command on routers having >=32 GB DRAM, for example, on MX960 platform. To enable subscriber-management, use the command set chassis network-services enhanced-ip and set system services subscriber-management enable. The router reboots and comes-up with subscriber-management enabled without max-db-size (optional) configuration and requires only 1 reboot.

Multicast debug information added in EVPN options to request system information command (MX Series, QFX Series)—The output from CLI command request support information evpn-vxlan now includes additional information to help debug EVPN multicast issues.

[See request support information.]

Increased maximum limit for TTP TLVs (MX Series)—The Junos Kernel now accommodates an increased number of TTP TLVs (TNP Tunneling Protocol: type, length, and value messages) to help avoid dropped packets.

[See show system statistics]

Two new alarms are added and can be seen with MPC11E when 400G-ZR optics are used—High Power Optics Too Warm: warning of the increase in chassis ambient temperature with no functional action taken on the optics Temperature too high for optics power on: New inserted optics when the chassis ambient temperature is elevated beyond the threshold will not be powered on and would need to be reinserted when the ambient temperature is within the acceptable range.

The packet rate and byte rate fields for LSP sensors on AFT (with the legacy path) have been renamed as jnx-packet-rate and jnx-byte-rate and is in parity with the UKERN behavior. Previously, these rate fields were named as packetRate and byteRate.

Ability to commit extension-service file configuration when application file is unavailable—When you set the optional option at the edit system extension extension-service application file file-name hierarchy level, the operating system can commit the configuration even if the file is not available at the /var/db/scripts/jet file path.

[See file (JET).]

Ability to restart restart daemonized applications--Use the request extension-service restart-daemonize-app <varname>application-name</varname> command to restart a daemonized application running on a Junos device. Restarting the application can assist you with debugging and troubleshooting.

[See request extension-service restart-daemonize-app.]

Changes to the NETCONF server's <rpc-error> element when the operation="delete" operation deletes a nonexistent configuration object (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX )—We've changed the <rpc-error> response that the NETCONF server returns when the <edit-config> operation uses operation="delete" to delete a configuration element that is absent in the target configuration. The error severity is error instead of warning, and the <rpc-error> element includes the <error-tag>data-missing</error-tag> and <error-type>application</error-type> elements.

Changes to the RPC response for <validate> operations in RFC-compliant NETCONF sessions (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX )—When you configure the rfc-compliant statement at the [edit system services netconf] hierarchy level, the NETCONF server emits only an <ok/> or <rpc-error> element in response to <validate> operations. In earlier releases, the RPC reply also includes the <commit-results> element.

DDoS syslog messages enhancement (MX Series devices with MPC10, MPC11, LC4800, or LC9600? line cards)--We've enhanced the severity of the DDoS module syslog messages ddos_get_vbf_ifl_from_flow_id and ddos_get_vbf_ifl_name in a subscriber management environment. In earlier releases, these syslog messages displayed incorrect messages in a subscriber management environment when you enable SCFD (suspicious control flow detection).

[See Control Plane DDoS Protection Flow Detection Overview.]

Previously, shaping of Layer 2 pseudowires did not work on logical tunnel interfaces. This has been fixed for all platforms except QX chip-based MICs and MPCs.

Prior to this change the output of the "show isis spring flex-algorithm | display xml" command was invalidly formatted when multiple flex algorithm instances were configured. With the change, the XML output is properly structured showing flex algorithm information for each instance. A new XML tag "isis-spring-flex-algorithm" is added to bundle information for each instance.

Viewing files with the file compare files command requires users to have maintenance permission] -- The file compare files command in Junos OS and Junos OS Evolved requires a user to have a login class with maintenance permission.

[See Login Classes Overview.]