What's Changed

OISM SBD bit in EVPN Type 3 route multicast flags extended community—In EVPN Type 3 Inclusive Multicast Ethernet Tag (IMET) route advertisements for interfaces associated with the supplemental bridge domain (SBD) in an EVPN optimized intersubnet multicast (OISM) network, we now set the SBD bit in the multicast flags extended community. We set this bit for interoperability with other vendors, and to comply with the IETF draft standard for OISM, draft-ietf-bess-evpn-irb-mcast .

[See the description of the show route table bgp.evpn.0 ? extensive command in CLI Commands to Verify the OISM configuration.]

[See Easy EVPN LAG Configuration.]

.

Limit on number of IP address associations per MAC address per bridge domain in EVPN MAC-IP database—By default, devices can associate a maximum of 200 IP addresses with a single MAC address per bridge domain. We provide a new CLI statement to customize this limit, mac-ip-limit statement at the edit protocols evpn hierarchy level. In most use cases, you don?t need to change the default limit. If you want to change the default limit, we recommend that you don?t set this limit to more than 300 IP addresses per MAC address per bridge domain. Otherwise, you might see very high CPU usage on the device, which can degrade system performance.

[See mac-ip-limit.]

The subscription path for the flow sensor is changed from /junos/security/spu/flow/usage to /junos/security/spu/flow/statistics. This change maintains a uniform path in request and response data.

New commit check for MAC-VRF routing instances with the encapsulate-inner-vlan statement configured—We introduced a new commit check that prevents you from configuring an IRB interface and the encapsulate-inner-vlan statement together in a MAC-VRF routing instance. Please correct or remove these configurations prior to upgrading to 23.2R2 or newer to avoid a configuration validation failure during the upgrade.

[See encapsulate-inner-vlan.]

Starting in Junos OS Release 24.2R1, when you run the run show lldp local-information interface <interface-name> | display xml command, the output is displayed under the lldp-local-info root tag and in the lldp-local-interface-info container tag. When you run the run show lldp local-information interface | display xml command, the lldp-tlv-filter and lldp-tlv-select information are displayed under the lldp-local-interface-info container tag in the output.

Non-revertive switchover for sender based MoFRR— In earlier Junos releases, source-based MoFRR ensured that the traffic reverted to the primary path from the backup path, when the primary path or session was restored. This reversion could result in traffic loss. Starting in Junos OS 22.4R3-S1, source-based MoFRR will not revert to the primary path, i.e. traffic will continue to flow through the backup path as long as the traffic flow rate on the backup path does not go below the configured threshold set under the protocols mvpn hot-root-standby min-rate command.

Show active forwarding session for sender based MoFRR— The show multicast route extensive command will show the active forwarding session in the case of source-based MoFRR. The field Session Status: Up & Forwarding will indicate that the particular session is currently forwarding traffic.

Change in options and generated configuration for the EZ-LAG configuration IRB subnet-address statement—With the EZ-LAG subnet-address inet or subnet-address inet6 options at the edit services evpn evpn-vxlan irb irb-instance hierarchy, you can now specify multiple IRB subnet addresses in a single statement using the list syntax addr1 addr2 ... . Also, in the generated configuration for IRB interfaces, the commit script now includes default router-advertisement statements at the edit protocols hierarchy level for that IRB interface.

[See subnet-address (Easy EVPN LAG Configuration).]

Three new VSA's have been added to code repository for 802.1x authentication on RADIUS server under Vendor ID: 2636: - 53: Event-Type - 54: Sub-Event-Type - 55: Juniper-Generic-Message

[See Radius Attributes and VSA list supported by 802.1X.]

Change to the commit process—In prior Junos OS and Junos OS Evolved releases, if you use the commit prepare command and modify the configuration before activating the configuration using the commit activate command, the prepared commit cache becomes invalid due to the interim configuration change. As a result, you cannot perform a regular commit operation using the commit command. The CLI shows an error message: 'error: Commit activation is pending, either activate or clear commit prepare'. If you now try running the commit activate command, the CLI shows an error message: 'error: Prepared commit cache invalid, failed to activate'. You then must clear the prepared configuration using the clear system commit prepared command before performing a regular commit operation. From this Junos and Junos OS Evolved release, when you modify a device configuration after 'commit prepare' and then issue a 'commit', the OS detects that the prepared cache is invalid and automatically clears the prepared cache before proceeding with regular 'commit' operation.

[See Commit Preparation and Activation Overview.]

Option to disable path MTU discovery—Path MTU discovery is enabled by default. To disable it for IPv4 traffic, you can configure the no-path-mtu-discovery statement at the edit system internet-options hierarchy level. To reenable it, use the path-mtu-discovery statement.

[See Path MTU Discovery.]

Increase in revert-delay timer range— The revert-delay timer range is increased to 600 seconds from 20 seconds.

[See min-rate.]

Configure min-rate for IPMSI traffic explicitly— In a source-based MoFRR scenario, you can set a min-rate threshold for IPMSI traffic explicitly by configuring ipmsi-min-rate under set routing-instances protocols mvpn hot-root-standby min-rate. If not configured, the existing min-rate will be applicable to both IPMSI and SPMSI traffic.

[See min-rate.]