What's Changed

EVPN system log messages for CCC interface up and down events—Devices will now log EVPN and EVPN-VPWS interface up and down event messages for interfaces configured with circuit cross-connect (CCC) encapsulation types. You can look for error messages with message types EVPN_INTF_CCC_DOWN and EVPN_INTF_CCC_UP in the device system log file (/var/log/syslog).

Support added for interface-group match condition for MPLS firewall filter family.

Starting from Junos 21.4R1 platforms with the following Routing Engines which have Intel CPUs with microcode version 0x35 observe the error warning, "000: Firmware Bug: TSC_DEADLINE disabled due to Errata; please update microcode to version: 0x3a (or later)" on the console. RE-S-X6-64G RE-S-X6-128G REMX2K-X8-64G RE-PTX-X8-64G RE-MX2008-X8-64G RE-MX2008-X8-128G.

Non-revertive switchover for sender based MoFRR— In earlier Junos releases, source-based MoFRR ensured that the traffic reverted to the primary path from the backup path, when the primary path or session was restored. This reversion could result in traffic loss. Starting in Junos OS 22.4R3-S1, source-based MoFRR will not revert to the primary path, that is, the traffic will continue to flow through the backup path as long as the traffic flow rate on the backup path does not go below the configured threshold set under cli protocols mvpn hot-root-standby min-rate cli.

For MPC5E line card with flexible-queuing-mode enabled, queue resources are shared between scheduler block 0 & 1. Resource monitor CLI output displays an equal distribution of the total available and used queues between scheduler blocks. This correctly represents the queue availability to the routing engine.

[See show system resource-monitor and show system resource-monitor ifd-cos-queue-mapping fpc.]

New CLIs introduced to collect Layer 2 bridging and Layer 2 protocols for smart debugging. PR1803119

Field name update in the CLI output (Junos)—Starting in this release, the show system license command output field name changed from invalid to license not installed.PR1812126

Feature name updates in CLI output (Junos) —Starting in this release, the show system license command output displays the feature name.PR1815591

SSH key options for user account credentials. You can configure key-options <key-options> option at the set system login user user authentication ssh-rsa|ssh-ecdsa|ssh-ed25519 <ssh key> hierarchy level.

[See login.]

Process generates a live core when its related process generates a core (ACX Series, PTX Series, and QFX Series)—For related processes, when one process stops responding and generates a core file, by default, the system also generates a live core for the related process. By generating a live core for the related process, the system provides more complete diagnostic data at the time of the failure, which enables you to perform a more thorough root cause analysis and resolve issues faster. You can disable this feature for an individual process or for all processes by configuring the no-livecore-dump-on-crash statement at the edit system processes process-name or edit system processes all-processes hierarchy level, respectively. The process pairs that support this feature are:

• bfdd and bfddagent

• cfmd and cfmd-agent

• dot1xd and dot1xd-agent

• l2ald and l2ald-agent

• l2cpd and l2cpd-agent

• mcsnoopd and mcsnoopd-agent

• ppmd and ppmdagent

• routing and rpdagent

[See processes.]

Change to the commit process—In prior Junos OS and Junos OS Evolved releases, if you use the commit prepare command and modify the configuration before activating the configuration using the commit activate command, the prepared commit cache becomes invalid due to the interim configuration change. As a result, you cannot perform a regular commit operation using the commit command. The CLI shows an error message: 'error: Commit activation is pending, either activate or clear commit prepare'. If you now try running the commit activate command, the CLI shows an error message: 'error: Prepared commit cache invalid, failed to activate'. You then must clear the prepared configuration using the clear system commit prepared command before performing a regular commit operation. From this Junos and Junos OS Evolved release, when you modify a device configuration after 'commit prepare' and then issue a 'commit', the OS detects that the prepared cache is invalid and automatically clears the prepared cache before proceeding with regular 'commit' operation.

See [ Commit Preparation and Activation Overview.]

A new counter Sessions hit due to high rate is added to show services service-sets screen-session-limit-counters command for all subscriber traffic. This counter tracks the sessions that come up on the screen irrespective of the alarm-without-drop configuration. When "alarm-without-drop" option is disabled, all the counters display updated statistics. When alarm-without-drop is enabled, then: - The screen-drop counters on show services service-sets statistic screen-drop command do not increase. - The "sessions hit due to high rate" value is displayed. PR1849594

[See alarm-without-drop (IDS Screen Next Gen Services), show services service-sets statistic screen-drops (Next Gen Services), and show services service-sets statistic screen-session-limit-counters (Next Gen Services)

In a firewall filter configured with a port-mirror-instance or port-mirror action, if l2-mirror action is also configured, then port-mirroring instance family should be any. In the absence of the l2-mirror action, port-mirroring instance family should be the firewall filter family.

Option allow-transients is set by default for the EZ-LAG commit script—The EZ-LAG feature simplifies setting up EVPN multihoming configurations using a set of configuration statements and a commit script. The commit script applies transient configuration changes, which requires the allow-transients system commit scripts option to be set. Now the default system configuration sets the allow-transients option at the EZ-LAG commit script file level, removing the need to set this option manually. In earlier releases where this option isn?t set by default, you must still configure the option explicitly either globally or only for the EZ-LAG commit script.

[See Easy EVPN LAG Configuration Overview.]

Commit script input to identify software upgrades during boot time (ACX Series, EX Series, MX Series, QFX Series, SRX Series, and vSRX)—The junos-context node-set includes the sw-upgrade-in-progress tag. Commit scripts can test the sw-upgrade-in-progress tag value to determine if the commit is taking place during boot time and a software upgrade is in progress. The tag value is yes if the commit takes place during the first reboot after a software upgrade, software downgrade, or rollback. The tag value is no if the device is booting normally.

[See Global Parameters and Variables in Junos OS Automation Scripts.]

Update to IGMP snooping membership command options— The instance option is now visible when issuing the show igmp snooping membership ? command. Earlier, the instance option was available but not visible when ? was issued to view all possible completions for the show igmp snooping membership command.

[See show igmp snooping membership.]

MLD snooping proxy and l2-querier source-address (ACX7024, ACX7100-32C, EX4400-24MP, PTX10001-36MR, QFX5120-32C, and QFX5130-32CD)— The source-address configured for proxy and l2-querier under the mld-snooping hierarchy should be an IPv6 link-local address in the range of fe80::/64. The CLI help text has been updated to "Source IPv6 link local address to use for proxy/L2 querier". In earlier releases, the CLI help text read, "Source IP address to use for proxy/L2 querier."

[See source-address.]

Extension of traceoptions support for VLANs in IGMP/MLD snooping —The traceoptions option is supported under the edit routing-instance protocols igmp-snooping vlan and edit routing-instance protocols mld-snooping vlan hierarchy. traceoptions can be enabled for both specific and all vlans.

[See vlan (IGMP Snooping) and .]PR1845242

Changes to the show system information and show version command output (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, and vSRX)—The show system information command output lists the Hostname field first instead of last. The show version command output includes the Family field. The Family field identifies the device family under which the device is categorized, for example, junos, junos-es, junos-ex, or junos-qfx.

[See show system information and .]PR1818814

Compact format deprecated for JSON-formatted state data (ACX Series, EX Series, MX Series, QFX Series, SRX Series, and vSRX)—We've removed the compact option at the [edit system export-format state-data json] hierarchy level because Junos devices no longer support emitting JSON-formatted state data in compact format.

Changes to the show system information and show version command output (ACX Series, EX Series, MX Series, QFX Series, SRX Series, and vSRX)—The show system information command output lists the Hostname field first instead of last. The show version command output includes the Family field. The Family field identifies the device family under which the device is categorized, for example, junos, junos-es, junos-ex, or junos-qfx.

[See show system information and show version.]

Access privileges for request support information command (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series Firewalls, and vSRX Virtual Firewall)— The request support information command is designed to generate system information for troubleshooting and debugging purposes. Users with the specific access privileges maintenance, view, and view-configuration can execute request support information command. PR1835092